Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
(This used to be commit 546710d58c07acdaa175caa48cec4d3f2bc657ad)
|
|
reserved word check when we selecte --enable-developer
(This used to be commit ece5fe3e78da460fb1c0eca3185da7f80c5cfdc4)
|
|
int16 and int32 definitions in internal and system headers
(This used to be commit 094443ed6c0fdd06f459211dbca50feed58463ef)
|
|
defined in <stdint.h>, ensure that it is present. (Not all
implementations pull it in when <sys/types.h> is used).
Paul
(This used to be commit dafe36ec4cff4e5f94e35841966007e3e4758582)
|
|
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.
The points of interest are
* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
using the machine account after the join
Thanks to Guenther and Simo for the review.
Still to do:
* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
'kinit -k' (although we might be able to just use the sAMAccountName
instead)
* Re-add support for pre-creating the machine account in
a specific OU
(This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
|
|
locating AD DC's with out own DNS SRV queries.
Testing on Linux and Solaris.
(This used to be commit cf71f88a3cdcabf99c0798ef4cf8c978397a57eb)
|
|
globals. This catches mismatched start/end calls and removes
the need for special nested profiling calls.
(This used to be commit ee750498812190edd3ec52ca3c750258f3b8a97a)
|
|
kerberized pam_winbind and workstation restrictions are in effect.
The krb5 AS-REQ needs to add the host netbios-name in the address-list.
We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from
the edata of the KRB_ERROR but the login at least fails when the local
machine is not in the workstation list on the DC.
Guenther
(This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
|
|
Jeremy.
(This used to be commit bea87e2df45c67cc75d91bd3ed1acc4c64a1c8ea)
|
|
clients and aservers. Strange compiler-fu on 64-bit
SLES9 says sizeof(time_t) == 4 but the memory alignment
is on 8 bytes. Change time_t to uint32 to fix alignment.
Remove 'char **gr_mem' from struct winbindd_gr since
it was not being used.
(This used to be commit b68e66d5c4f7348e674b8a009656ebfbbc06e288)
|
|
winbindd server
(This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
|
|
primarily intended for ia64 systems where libunwind knows more about
the different ways of walking the stack that just about anything else.
(This used to be commit 256a19d722f360dac3c8e83f5bfac453fa70db96)
|
|
Jeremy.
(This used to be commit 13c3abf03187f84874b5754b54de5d3fe2dea188)
|
|
is produced when a process exits abnormally.
First, we coalesce the core dumping code so that we greatly improve our
odds of being able to produce a core file, even in the case of a memory
fault. I've removed duplicates of dump_core() and split it in two to
reduce the amount of work needed to actually do the dump.
Second, we refactor the exit_server code path to always log an explanation
and a stack trace. My goal is to always produce enough log information
for us to be able to explain any server exit, though there is a risk
that this could produce too much log information on a flaky network.
Finally, smbcontrol has gained a smbd fault injection operation to test
the changes above. This is only enabled for developer builds.
(This used to be commit 56bc02d64498eb3faf89f0c5452b9299daea8e95)
|
|
return.
Jeremy.
(This used to be commit 9c5e26a56aaaf1143b43e61d208ddaeb96f2ffcb)
|
|
smb_panic can't return.
Jeremy.
(This used to be commit ba9c98983efbf4871e1ec07df37590d97ec52fba)
|
|
the POSIX interface. Note that this removes support for inherited
capabilities. This wasn't used, and probably should not be.
(This used to be commit 763f4c01488a96aec000c18bca313da37ed1df1b)
|
|
KRB5KRB_ERR_RESPONSE_TOO_BIG when the krb5 library does not know about
this.
Guenther
(This used to be commit 4a1a3c4808307e09fa8ff85da9a963a4a6f0e9ae)
|
|
(This used to be commit 7c098ca0ae4c7e11c7100fb09b42ce716beffb56)
|
|
(This used to be commit d6c6363517513cc66a8933a6e4f95c5ce5cf1cb4)
|
|
c++ reserved names.
Guenther
(This used to be commit e0b50d008728cfc66f6b1eefdadf8a708f4d9500)
|
|
for older krb5 implementations.
Patch slightly modified from the version provided by Björn Jacke <bjoern
at j3e dot de> at the samba-technical list after discussion on the list
and by IRC. Thanks Björn!
(This used to be commit 49e6431c06c70088907c31e2da1ec83a09377015)
|
|
Patch from Bjoern Jacke <bjacke-at-sernet-dot-de>.
Guenther
(This used to be commit 69fb189a6b9947069afebb15d6ee6f2f20d15171)
|
|
(This used to be commit 13766b03e806528cdd34c9452f42ae4e71869671)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
always linearize into little-endian. Should fix all
Solaris issues with this, plus provide a cleaner base
moving forward for cluster-aware Samba where smbd's
can communicate across different compilers/architectures
(eventually these message will have to go cross-machine).
Jeremy.
(This used to be commit d01824b78576a034428e1cef73868d1169057991)
|
|
automatic inclusion of aio support on AIX
(This used to be commit f19f7961eef9d9fe345279c5ab35d18dff14e5ea)
|
|
Thanks to "The Written Word" -- whoever that is :-)
Volker
(This used to be commit 7d0956f0bd28728fbb8b4c24c4ed3cdcc04e2daf)
|
|
use it as though it were an in-memory db and dump out to
a flat file every 2 mins, but that can now change.
Jeremy.
(This used to be commit a342681792724c1ae8561ba8d352c4ee6e2a5332)
|
|
against the Sun LDAP client libs. But not for AD support; just ldap support
(This used to be commit a33e78acedb37df47905d326411e017794721250)
|
|
Guenther
(This used to be commit 908ac0c9eccd1ba368a6305fee9673770fc74a53)
|
|
Volker
(This used to be commit cb816e65a95802d5172c410d1acda2da070b871d)
|
|
(This used to be commit 85e61ff69c92143f54860dfce02f95a1e6070bc3)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
(This used to be commit 5396944fc3799a9746d00167a6f0e8465df4dcea)
|
|
UNIX vendor
not understanding abstract data types :-(.
Jeremy.
(This used to be commit be5b4e2fa3ed30b0ff01b47d2354e5f782a12e25)
|
|
Several incarnations of gcc bork with
Compiling dynconfig.c
/tmp/ccXd94O5.s: Assembler messages:
/tmp/ccXd94O5.s:1202: Error: suffix or operands invalid for `mov'
/tmp/ccXd94O5.s:1289: Error: suffix or operands invalid for `mov'`
Thanks to Bent Vangli for the the leg work and suggestions.
(This used to be commit 318fe7ba0093c4a94e9f4f5c8ce7a2f5d1078e26)
|
|
Jeremy.
(This used to be commit 095c5dbc188ca4b093c774c8f04d79f7d342a8a6)
|
|
Jeremy.
(This used to be commit 22a796fe012e212f7744f0d63a8512e6942a5324)
|
|
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
|
|
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
|
|
a file
that is only included if _SAMBA_BUILD_ is defined...
Let's see how far this gets us.
Volker
(This used to be commit 563275b35f76107e3d2a8b0b6e14394b20ecd81b)
|
|
Volker
(This used to be commit f3836831da317660a3a1bb356d238f50320e1512)
|
|
--enable-socket-wrapper to configure
(This used to be commit 9c6cdd23ead427a4cb20177dad1c87da9594a4fe)
|
|
(This used to be commit ce38ead0fccf434f90671201d3c50cd79b3f3ed4)
|
|
Jeremy.
(This used to be commit 695d45bcadbcc1528900255534be47f135160529)
|
|
1. using smbc_getxattr() et al, one may now request all access control
entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
provided by smbc_getxattr() et al, when requesting all attributes,
all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
compiler flags are in use. removed -Wcast-qual flag from list, as that
is specifically to force warnings in the case of casting away qualifiers.
Note: In the process of eliminating compiler warnings, a few nasties were
discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces
are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
kerberos interfaces are being used. Someone who knows kerberos
should look at these and determine if there is an alternate method
of accomplishing the task.
(This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)
|
|
I was going to use this for tracking dfs mounts in smbclient
but found another way. Still the cleanup is valid so commiting it.
should be minimally disruptive since it is not widely used.
(This used to be commit 00738dca3b07083c91545910486a1f30f2b17281)
|
|
(based on Simo's code in trunk). Rewritten with the
following changes:
* privilege set is based on a 32-bit mask instead of strings
(plans are to extend this to a 64 or 128-bit mask before
the next 3.0.11preX release).
* Remove the privilege code from the passdb API
(replication to come later)
* Only support the minimum amount of privileges that make
sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
instead of the 'is a member of "Domain Admins"?' check that started
all this.
Still todo:
* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
Samba DC to another.
* Come up with some management tool for manipultaing privileges
instead of user manager since it is buggy when run on a 2k client
(haven't tried xp). Works ok on NT4.
(This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
|
|
(This used to be commit f00ae4ab0c36a623257861fb65373b39cf075921)
|