Age | Commit message (Collapse) | Author | Files | Lines |
|
position zero being the primary group sid. Authenicating
via winbindd call returned a non-sorted sid list. This
fixes is for both a winbindd call and a pac list from
an info3 struct. Without this we mess up the
primary group associated with created files. Found by
Herb.
Jeremy.
(This used to be commit cb925dec85cfc4cfc194c3ff76dbeba2bd2178d7)
|
|
instead.
Jeremy
(This used to be commit 7f7dd5e8883e23d7fe3f9cb804905c5b23a5a41c)
|
|
create_builtin_administrators
The Debug messages in create_builtin_users and create_builtin_users have now
been encapsulated in add_sid_to_builtin.
(This used to be commit ca153139b1dced07c196aac93dbc9d9428d98124)
|
|
Previously this was done at token creation time if the Administrators and Users
builtins hadn't been created yet. A major drawback to this approach is that if
a customer is joined to a domain and decides they want to join a different
domain, the domain groups from this new domain will not be added to the
builtins.
It would be ideal if these groups could be added exclusively at domain join
time, but we can't rely solely on that because there are cases where winbindd
must be running to allocate new gids for the builtins. In the future if there
is a way to allocate gids for builtins without running winbindd, this code
can be removed from create_local_nt_token.
- Made create_builtin_users and create_builtin_administrators non-static so
they can be called from libnet
- Added a new function to libnet_join that will make a best effort to add
domain administrators and domain users to BUILTIN\Administrators and
BUILTIN\Users, respectively. If the builtins don't exist yet, winbindd must be
running to allocate new gids, but if the builtins already exist, the domain
groups will be added even if winbindd is not running. In the case of a
failure the error will be logged, but the join will not be failed.
- Plumbed libnet_join_add_dom_rids_to_builtins into the join post processing.
(This used to be commit e92faf5996cadac480deb60a4f6232eea90b00f6)
|
|
the new helper functions.
- Modified create_builtin_administrators and add_builtin_administrators to take
in the domain sid to reduce the number of times it needs to be looked up.
- Changed create_builtin_administrators to call the new helper functions.
- Changed create_local_nt_token to call the new version of
create_builtin_administrators and handle the new error that can be returned.
- Made it more explicit that add_builtin_administrators is only called when
winbindd can't be pinged.
(This used to be commit f6411ccb4a1530034e481e1c63b6114a93317b29)
|
|
helper functions.
- Modified create_builtin_users to take in the domain sid to reduce the number
of times it needs to be looked up.
- Changed create_builtin_users to call the new helper functions.
- Changed create_local_nt_token to call the new version of create_builtin_users
and handle the new error that can be returned.
(This used to be commit 8d75d40b9f6d22bae7430211f8a1fe99051b756c)
|
|
domain join time
Added two new helper functions which wrap the raw pdb alias functions so they
can be more conveniently called while adding domain groups to builtin groups.
(This used to be commit 668ef314559df40f1b8aa0991539adcd8d35ffe3)
|
|
This fixes various build warnings on our platform. I'm sure I haven't
caught them all, but it's a start.
(This used to be commit 6b73f259cb67d9dda9127907d706f9244a871fa3)
|
|
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS
(This used to be commit 1fcfca007f33a2c4e979abf30c2ea0db65bac718)
|
|
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS
(This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779)
|
|
Jeremy.
(This used to be commit 9e2ab30d3cf6950fc79152b2169e7aeae8d6a366)
|
|
(This used to be commit d621867bb8767e1c4236d28dd9294a61db6cbb10)
|
|
Jeremy.
(This used to be commit a07fe72538e8e724b9736d5a85cc590864c5cab2)
|
|
account logon.
Jeremy.
(This used to be commit 10da498a2349bf5944183adf5a9284eafa2b8b74)
|
|
No functional change, this is a preparation for more current_user ref removal
(This used to be commit dcaedf345e62ab74ea87f0a3fa1e3199c75c5445)
|
|
This has brown paper bag quality and is definitely needed for 3.2.0.
Thanks to Orion Poplawski for reporting this!
Volker
(This used to be commit 3b31f8cce3703645a57778bc752bc9b9e853df5d)
|
|
(This used to be commit 88423a17b966652eba4085e88f7ddb5c86b463dd)
|
|
This will be used for 'security=share' and 'force user'
(This used to be commit 88e43097cafcd2849d9f1200a377357fde4cce99)
|
|
(This used to be commit e4a9492967f3d2b64f27943f99414608e0c03d21)
|
|
(This used to be commit a3651ced9e0859578df8cc44da64e7a8066bde76)
|
|
"nss_token" from my point of view much better reflects what this flag actually
represents
(This used to be commit b121a5acb2ef0bb3067d953b028696175432f10d)
|
|
(This used to be commit 420de035237bb08bc470c9eb820f3da2edaa6805)
|
|
(This used to be commit 964bd02220c04030d8cb0f97ca9b409400d1238c)
|
|
(This used to be commit a33e8d2ffa4daea1deba13b3571cb0b36d521476)
|
|
Raise the debug msgs from Lvl 0 in the create_builtin_XX() functions
to prevent unnecessary panic from people reading the logs.
(This used to be commit 2983b9dc790e0f90ec1e6add131438c6bfd361b4)
|
|
Michael
(This used to be commit 6bb107b17d557c27d035ca518ab61296814a3cea)
|
|
Karolin
(This used to be commit 6cee34703503fbf3629057345fe221b866560648)
|
|
Guenther
(This used to be commit 65b4cb20ea3fb806cfd50281e08f32bea70fafce)
|
|
In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8
netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate
flags everywhere (not only when running in security=ads). Only for NT4 we need
to do a downgrade to the returned negotiate flags.
Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6.
Guenther
(This used to be commit 0970369ca0cb9ae465cff40e5c75739824daf1d0)
|
|
Guenther
(This used to be commit 0ad00a452f03d8af6e6b6fabd4a05ca26a9910d0)
|
|
talloc_steal and talloc_free on the sam account already.
Guenther
(This used to be commit dbc7237a8a566f3e86bd6e4b48593b93c5bfb94e)
|
|
Thanks to oster@cs.usask.ca
(This used to be commit f18a80575921a241c7243c5af5a0101a2956ff17)
|
|
Another preparation to convert secrets.c to dbwrap: The dbwrap API does not
provide a sane tdb_lock_with_timeout abstraction. In the clustered case the DC
mutex is needed per-node anyway, so it is perfectly fine to use a local mutex
only.
(This used to be commit f94a63cd8f94490780ad9331da229c0bcb2ca5d6)
|
|
NTLMSSP and Kerberos session setup
Guenther
(This used to be commit 18b8c2c19e50aee8fc900c7507244cb95014a4fa)
|
|
Guenther
(This used to be commit 92fca97951bf7adf8caaeabdaff21682b18dd91f)
|
|
Guenther
(This used to be commit 5866c11b288c217f0c38240c44f8bfeff185890d)
|
|
Jeremy.
(This used to be commit b7628f3a47166791db4cd6451d52ea3881a45bed)
|
|
smbd doesn't need $(WBCOMMON_OBJ) anymore,
it works with any libwbclient.so now
and may talk to an older winbindd.
metze
(This used to be commit e3435930a307cff3066fe2047ed8c5c48911f001)
|
|
Karolin
(This used to be commit 906e19bad40ba0c0a473ec2601e9eb0fff169f83)
|
|
(This used to be commit e2c9fc4cf5f0ff725330fa44f53782db65fca37e)
|
|
(This used to be commit 22e49ef2c0c9b641068ac5419b9c82fb97d3e8e6)
|
|
Interop fixes for AD specific flags. Original patch from Todd Stetcher.
(This used to be commit 5aadfcdaacd6f136eab9e107a88b8544e6d2105f)
|
|
Jeremy.
(This used to be commit d61831164b482d02e0eef3c28aeed93d3e44433f)
|
|
Michael
(This used to be commit 6b2b9a60ef857ec31da5fea631535205fbdede4a)
|
|
Jeremy.
(This used to be commit e289a0c8592f9e5c58100ddcde2577b452725b88)
|
|
get_root_nt_token asks for "struct nt_user_token". talloc_get_type is not smart
enough to see that this is the same as NT_USER_TOKEN... :-)
(This used to be commit 22a98bf7b81fb89dce1f32ef65cfe6caaba985b3)
|
|
(This used to be commit fada689893314bed2fc78588b3fd9b144f4c808a)
|
|
(This used to be commit dbcc213710a9af31b6094d4741a6f68f573dcdad)
|
|
(This used to be commit 22ac34a329c9be9cf7d1e6749ebcfb50215378e4)
|
|
Implements a wrapper layer in winbind_util.c which are just stubs
if compiled --without-winbind. When building with winbindd, it
is now required to build the libwbclient DSO first (in the Makefile)
and then either set LD_LIBRARY_PATH or /etc/ld.so.conf to pick up the
library PATH.
(This used to be commit 42787bccff4fcffafc7aae6a678e792604ecaaa5)
|