Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
|
|
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of
transitive AD trusts. The workaround is to add a [capaths] directive to
/etc/krb5.conf, which we don't automatically put into the krb5.conf winbind
creates.
The alternative would have been something like a "krb5 conf include", but I
think if someone has to mess with /etc/krb5.conf at this level, it should be
easy to add the site-local KDCs as well.
Next alternative is to correctly figure out the [capaths] parameter for all
trusted domains, but for that I don't have the time right now. Sorry :-)
|
|
Igor Mammedov pointed out that reverse resolving an IP address to get
the hostname portion of a principal could open a possible attack
vector. If an attacker were to gain control of DNS, then he could
redirect the mount to a server of his choosing, and fix the reverse
resolution to point to a hostname of his choosing (one where he has
the key for the corresponding cifs/ or host/ principal).
That said, we often trust DNS for other reasons and it can be useful
to do so. Make the code that allows trusting DNS to be enabled by
adding --trust-dns to the cifs.upcall invocation.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
...to allow long option names.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
The previous patches to the provision system cut down on the number of
reconnects, and disabled the partition handling for part of the
process. This means we lost the setting of @OPTIONS as a replicated
attribute into the partitions.
Andrew Bartlett
|
|
This allows us to turn a python LdbMessage back into a string.
Andrew Bartlett
|
|
Also add tests to prove that we got this correct, and correct the
existing tests which used the wrong constants.
Andrew Bartlett
|
|
This changes dsdb_write_prefixes_from_schema_to_ldb() to use an
internal talloc hirarchy, so we can safely give it a NULL context from
the python.
It also fixes manual construction of the ldb_message - we now use the
right helper functions.
Andrew Bartlett
|
|
This allows us to test out the code that will do the modify of the
prefixMap, and to provide the bindings that may assist a future
upgrade script.
Andrew Bartlett
|
|
This will ensure that the GUID can be filled in correctly, and assist
us to validate DN targets in the future.
Andrew Bartlett
|
|
|
|
The aim is to create a function that is more easily wrapped for
python, so that we can write the updated prefixMap in an upgrade
script.
Andrew Bartlett
|
|
This revises tridge's commit 61ca4c491e1c13eb7d97847f743b0f540f1117c4
to use ldb_request_add_control() instead of a manual construction.
Andrew Bartlett
|
|
opcodes.
Guenther
|
|
Tim, I am reverting this as this eliminates "_netr_LogonSamLogonEx" from the
debug messages completely. Followup fix to come immediately.
This reverts commit add9b4afb14d3426d1f3bf5b8e7c86926f462578.
|
|
Guenther
|
|
(in preparation of credential merge).
Guenther
|
|
_netr_ServerAuthenticate3.
Guenther
|
|
Fix set_namearray to allow for strings that don't end in a slash. Also
remove unnecessary strdup()s.
Signed-off-by: Tim Prouty <tprouty@samba.org>
|
|
|
|
|
|
#6099 for details).
Guenther
|
|
The objectclass module checks that the target parent exists, and
refuses renames if it doesn't exist. For this to work for deleted
objects we have to do the search in the objectclass module with the
"show deleted" control enabled.
|
|
|
|
We were failing because CN=Deleted Objects, which is marked as
'deleted' itself, could not be re-added in a reprovision.
Andrew Bartlett
|
|
Instead, use the fact that the ldb_parse_tree structure is public to
construct the 'and not deleted' clause as a structure, and apply each
filter tree to that template.
Andrew Bartlett
|
|
Should help track if we get invoked with an invalid fd from
the signal handler.
Jeremy.
|
|
Office 2003.
Confirmation from reporter that this fixes the issue in master on ext3/ext4.
Back-ports to follow.
Jeremy.
|
|
this test.
Jeremy.
|
|
Jeremy.
|
|
This bit is set by the Win7 client while joining.
Guenther
|
|
sucessfully.
Guenther
|
|
ext4 may be able to store ns timestamps, but the only API to *set* timestamps
takes usec, not nsec. Round to usec on set requests.
Jeremy.
|
|
Jeremy.
|
|
pid_t correctly
|
|
Guenther
|
|
Guenther
|
|
The OIDs are not NULL terminated by the python caller, in line with
the LDB API, but we need them to be here, as we were casting them to a
string.
Andrew Bartlett
|
|
|
|
|
|
|
|
The problem is that samdb_result_string() and
ldb_msg_find_attr_as_string() both simply cast the string, rather than
ensuring the return value is NULL terminated. This may be best
regarded as a flaw in LDB, but fixing it there is going to be more
difficult.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This makes the lib/replace m4 work in lib/talloc as a standalone build
|
|
This allows the getpass.m4 code to work in standalone talloc builds
|