Age | Commit message (Collapse) | Author | Files | Lines |
|
Avoid overriding default ccache for ads operations.
Nowadays various samba components may need to use GSSAPI and a default cred
cache to perform their tasks.
This code was completely overriding the whole process default ccache name, thus
altering the current credentials and sometimes hijacking them (or getting
preemptively hijaked).
By using gss_krb5_import_cred we can instead use a private ccache (necessary
sometimes to use a different set of credentials fromt he default
cifs/fqdn@realm one, for example when contacting foreign DCs using trust
credentials) that does not affect the rest of the process.
For the kerberos versions which don't have gss_krb5_import_cred
we fallback to temp override of KRB5CCNAME and gss_acquire_cred.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Sep 12 21:18:09 CEST 2012 on sn-devel-104
|
|
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Sep 12 18:30:48 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
We still have to run BIND, the change is if BIND is run to support our own
zone, or if we forward to as well as to windows.
This also adapts to the new defaults.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
forwarder'
This simplifies a very common configuration.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
metze
|
|
metze
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
This avoids re-opening the DB as the correct user, but applies all the right ACLs
and resulting owner.
This needs a bit more testing...
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Kai Blin <kai@samba.org>
|
|
server
metze
|
|
metze
|
|
metze
|
|
server
metze
|
|
|
|
|
|
|
|
|
|
|
|
metze
|
|
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Sep 12 16:50:50 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Sep 12 14:05:42 CEST 2012 on sn-devel-104
|
|
|
|
|
|
|
|
Karolin
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Wed Sep 12 12:21:00 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Sep 12 10:33:37 CEST 2012 on sn-devel-104
|
|
|
|
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Sep 12 08:48:16 CEST 2012 on sn-devel-104
|
|
metze
|
|
metze
|
|
This will allow us to hash this, rather than the NT ACL it maps to.
This will in turn allow us to know if the NT ACL is valid even if we
have to change the mapping code.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 12 07:06:01 CEST 2012 on sn-devel-104
|
|
Instead, this is just handled with realloc in sys_acl_create_entry()
This allows us to remove the size element from the SMB_ACL_T.
Andrew Bartlett
|
|
This is a clearer, long-term-stable structure we can hash without
risking it changing.
Andrew Bartlett
|
|
Ensure we know after the destructor fires we're never going to
look at this again.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 12 03:00:21 CEST 2012 on sn-devel-104
|
|
The function _pam_winbind_change_pwd crashes due to a null value passed
to the function strcasecmp and denies to login via graphical login
manager. Check for a null value before doing a strcasecmp.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1003296
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9013
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Sep 12 00:07:28 CEST 2012 on sn-devel-104
|
|
(Error was set to an unused variable)
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Sep 11 22:09:18 CEST 2012 on sn-devel-104
|
|
(Error was set to an unused variable)
|
|
(Error was set to an unused variable)
|
|
|
|
|
|
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 11 20:08:37 CEST 2012 on sn-devel-104
|
|
This should help us understand why sometimes an ACL set won't stick.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep 11 18:19:53 CEST 2012 on sn-devel-104
|
|
This will allow us to run make test on all platforms again, as we emululate the posix ACLs using the fake_acls
module. By then testing smbd.have_posix_acls() we gain a more specific error message.
Andrew Bartlett
|
|
|
|
(we currently do not grant durable on reconnect when delete-on-close is set)
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Sep 11 16:22:20 CEST 2012 on sn-devel-104
|
|
This test verifies that the delete on close flag is kept during
a disconnect and is still active on the reconnected handle.
When the reconnected handle is closed, the file is deleted.
|
|
|