Age | Commit message (Collapse) | Author | Files | Lines |
|
Jeremy.
|
|
"authsam_expand_nested_groups"
Better use the "res_sids_ctx" as base context for the "tmp_ctx" and not the
long-living "sam_ctx"/"ldb" context to prevent memory leaks.
|
|
It tests also some other constructed attributes in a basic way.
|
|
|
|
need them for more constructed attributes
With this patch we delete the helper attributes at the end where all constructed
attributes have already been computed.
|
|
No need to have signed counters here.
|
|
It contains the transitive SID closure (expand member/memberOf attributes) of a
certain SAM object. The "tokenGroups" attribute never contains the SID of the
object itself.
References: http://msdn.microsoft.com/en-us/library/ms680275(VS.85).aspx,
http://support.microsoft.com/kb/301916,
MS-ADTS 3.1.1.4.5.19.
|
|
This is needed by the "tokenGroups" work in the operational LDB module.
|
|
|
|
Should also be unsigned - no need for a signed "i" and "num_sids" here.
|
|
"construct_primary_group_token"
Use the "msg" as temporary context and not "ldb" which lives much longer.
|
|
This reverts commit 22d316926b9589608d332143c1fa134229b75b3c.
Please see bug #7209 for details.
|
|
Made each type into a separate class to be easily run individually,
removed code duplication
|
|
On some broken systems like RHEL5, we need to be able
to disable --as-needed.
metze
|
|
host IPv4 address
Inform the user when there are more possibilities (so he can check for the
right address and otherwise he is able to do an immediate reprovision) and no
possibility at all (then we fall back to the loopback address "127.0.0.1" - this
is thought for testing purposes).
I think this should be enough for closing bug #5484.
|
|
I changed "uint32_t" to "unsigned int" since the LDB specification prescrives
"unsigned (int)" for counter variables (number of attributes,
number of values...).
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
Use an unsigned argument for the numbers of groups and the counter "i" since
the function is called only by "auth_generate_session_info" with an unsigned
number of groups argument.
|
|
Previous commit was incomplete. The "service" parameter in the "tcon" structure
should point to "scfg->name". I'm not sure if "share" is right but the first
was used before commit f390daef475126b4ff5a3d0ffd2babbd87d4c22b.
|
|
This should be the right fix (set the service name in the tcon union to the
share name/path). That should be the solution for bug #6784.
|
|
"QueryDomainInfo" returns only global groups, "QueryDisplayInfo" also universal
ones. Consider MS-SAMR 3.1.5.5.1.1 and 3.1.5.3.1.
|
|
universal groups
Find the "Enterprise Admins" group which does exist on s4 and Windows
directories and is always per default universal. Test this only when the target
is set to s4 (s3 deployments don't contain this group). If the number of
returned objects is "0" (count) then we are likely testing the builtin domain of
an AD deployment.Then we ignore the inexistent "Enterprise Admins" group.
I didn't enhance the test for "QueryDomainInfo" since this does itself a
comparison of all returned objects with the "EnumDomainGroups" call. Therefore
if the latter passes, and the "QueryDomainInfo" test passes also the
"QueryDomainInfo" call is okay regarding groups.
|
|
|
|
We need to look for both global and universal group types when querying them.
Found by ekacnet (http://lists.samba.org/archive/samba-technical/2010-March/069777.html).
|
|
|
|
Guenther
|
|
Otherwise we can lose debug output when a timeout happens
|
|
When a user has SEC_PRIV_TAKE_OWNERSHIP or SEC_PRIV_RESTORE they have
permission to change the ownership of a file.
This should fix bug 6987
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This permits to set the security descriptor of a registry
key from the unix command line.
Michael
|
|
Michael
|
|
Michael
|
|
sddl format
Michael
|
|
New net_registry_getsd_internal does the work(),
net_registry_getsd() just prints the result.
This in preparation to add support for other output formats
than the currently used display_sec_desc().
Michael
|
|
|
|
|
|
|
|
Michael
|
|
Actually ildb_context pointer is not supposed to be
valid after calling ildb_request_done().
This is due to the fact that when calling ildb_request_done()
caller will (most probably) free any locally built
ldap_request objects - thus rendering ildb_context invalid.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
The "net share" command was no longer possible because it enters
the net_share function with argc == 0.
|