Age | Commit message (Collapse) | Author | Files | Lines |
|
passdb backend = ldapsam.
Along with reproducing the functionality of the secrets.tdb
code, I have prepared the handling of the previous trust password
(in case we are contacting a dc which does not yet know of a recent
password change). This information has still to be propagated
to the outside, but this requires a change of the api and also
a change of the secrets.tdb code.
Michael
(This used to be commit 6c3c20e6c4a2b04de8111f2c79b431f0775c2a0f)
|
|
(for passdb backen = ldapsam). At a first step, add the hooks,
calling the secrets_ functions.
Michael
(This used to be commit 9c03cdf3a449149c50451a44deb420341e65af34)
|
|
These red bars in vi really hurt my eyes... :-o
Michael
(This used to be commit 2e99e141c3254fe072756697b8db3cbd4e4f1db4)
|
|
Further reformat get_trust_pw to conform to coding rules.
Michael
(This used to be commit b9e76a479e933084b1ee081ef5d8bd6bdbd7fadf)
|
|
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
"N" is not a valid format entry for ber_printf, should be "n"
Jeremy.
(This used to be commit f3bb102c24018f0a91f8b51de6fe646c091da6be)
|
|
only query transitive forest trusts.
Guenther
(This used to be commit e744efa1ee33fb150132f0b7f46ee1711681afc6)
|
|
failed expression in SMB_ASSERT.
(This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713)
|
|
> Here's the problem I hit:
>
> getgrnam("foo") -> nscd -> NSS -> winbindd ->
> winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() ->
> getgrnam("foo") -> nscd -> ....
>
> This is in the SAMBA_3_0 specifically but in theory could happen
> SAMBA_3_0_25 (or 26) for an unknown group.
>
> The attached patch passes down enough state for the
> name_to_sid() call to be able to determine the originating
> winbindd cmd that came into the parent. So we can avoid
> making more NSS calls if the original call came in trough NSS
> so we don't deadlock ? But you should still service
> lookupname() calls which are needed for example when
> doing the token access checks for a "valid groups" from
> smb.conf.
>
> I've got this in testing now. The problem has shown up with the
> DsProvider on OS X and with nscd on SOlaris and Linux.
(This used to be commit bcc8a3290aaa0d2620e9d391ffbbf65541f6d742)
|
|
* strptime() failure check
* make legcacy sid/uid/gid calls static
(This used to be commit 3c9fb1c6f3263c0ce6edbf2a8824c153317a84a3)
|
|
Unix name after discussion with Simo.
(This used to be commit 6af4c1a73cdb523e5a81c15128c706a16f76c84d)
|
|
(This used to be commit 2d636ad2a33d0ca61bf6022feceed47dd68ef855)
|
|
Nothing of major interest. Will fix a few problems with one way trusts.
(This used to be commit 3d48a7e72d9268fd495e0ca4b6e73bed5bb57214)
|
|
we have to take care to preserve the "special" values
for Windows of 0x80000000 and 0x7FFFFFFF when casting
between time_t and uint32. Add conversion functions
(and use them).
Jeremy.
(This used to be commit 4e1a0b2549f7c11326deed2801de19564af0f16a)
|
|
would flood at log level 2. We know when we're using the legacy
mapping code anyways since it will log an informative msg.
(This used to be commit 51aac0fcb4528df790aa3ae078f9ef639cc01363)
|
|
replace all data_blob(NULL, 0) calls.
(This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
|
|
return values of some alias-releated pdb functions from BOOL to NTSTATUS
Thanks :-)
(This used to be commit 590d2164b3a33250410338771e160f6ebd1aa89d)
|
|
(This used to be commit 2c5b951eba509e826a29775db992aca474476484)
|
|
r22412 | obnox | 2007-04-20 14:23:36 +0200 (Fr, 20 Apr 2007) | 5 lines
Add a "deletelocalgroup" subcommand to net sam.
Thanks to Karolin Seeger <ks@sernet.de>.
(This used to be commit fb6ac8a5b247a961963a9b6a95cd6608c5b53d09)
|
|
sid_check_is_in_our_domain getting out of sync.
(This used to be commit bbc102172abcb5f7c5c9e777536d7c17afe8b355)
|
|
(This used to be commit d4c5d5ffb30fe50abb828067b047d5eb61038ddf)
|
|
Jeremy.
(This used to be commit 8968808c3b5b0208cbad9ac92eaf948f2c546dd9)
|
|
(This used to be commit 1c0ceb5fe217bd7210072869a1313c7ac67ff118)
|
|
messages.c. Refactor to use become_root() instead and
make it local to messages.c
Jeremy.
(This used to be commit f3ffb3f98472b69b476b702dfe5c0575b32da018)
|
|
domain to a uid.gid using the idmap_passdb backend.
(This used to be commit fc1aeee52d8cb6c8d5d306dbbec18127bd2674bc)
|
|
and fix all compiler warnings in the users
metze
(This used to be commit 3a28443079c141a6ce8182c65b56ca210e34f37f)
|
|
which matches what samba4 has.
also fix all the callers to prevent compiler warnings
metze
(This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
|
|
to avoid creating the TDB_DATA struct from strings "by hand"
metze
(This used to be commit 5a5579d8429e6f76805a093133ba29c7f8321512)
|
|
to avoid creating the TDB_DATA struct from strings "by hand"
metze
(This used to be commit 9ebaa4c573ea5784a8c9cd9d29561b760d62bb18)
|
|
metze
(This used to be commit 2d2f8099684c4516ed685e5bb2a21541d53645ac)
|
|
command. Jerry, Simo, please check.
Jeremy.
(This used to be commit 8ff76a9cb860b7fd451829f6d814ea1c6804f5af)
|
|
handle a
particular SID. Make sure that the passdb backend will accept the same set
range of local SIDs that the idmap system sends it.
Simo, Jerry - this is a 3_0_25 candidate. Can you please review?
(This used to be commit 86a70adb6a2d277f235857451bbee7d530d15310)
|
|
(This used to be commit d0d16cc55ab830dcfd4f8c6c7bf64d2b9b6dd55b)
|
|
Volker
(This used to be commit fd0ee6722ddfcb64b5cc9c699375524ae3d8709b)
|
|
Not used
yet, the next step will be a secrets_fetch_machine_account() function that
also pulls the account name to be used in the appropriate places.
Volker
(This used to be commit f94e5af72e282f70ca5454cdf3aed510b747eb93)
|
|
transaction. Succeed all or store nothing.
Volker
(This used to be commit 4efc7b45985e807532214959c1872cd6e7865ab8)
|
|
(This used to be commit f88eab91c43570e4da7a4a6cd117e7b7ebf53331)
|
|
winbind
who did not run the idle events to drop ldap connections.
Volker
(This used to be commit af3308ce5a21220ff4c510de356dbaa6cf9ff997)
|
|
(This used to be commit a2dc1f62fdf7683cfb2ca71499dbe7efddc4aa9b)
|
|
(This used to be commit 7246b316960e5307d988ad3296230767e57f455b)
|
|
Patch from Zack Kirsch <zack.kirsch@isilon.com>.
Jeremy.
(This used to be commit df07a662e32367a52c1e8473475423db2ff5bc51)
|
|
Coverity finds them :-)
Jeremy.
(This used to be commit cbe725f1b09f3d0edbdf823e0862edf21e16d336)
|
|
Fix escaping of DN components and filters around the code
Add some notes to commandline help messages about how to pass DNs
revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was
incorrect.
The 2 functions use DNs in different ways.
- lookup_usergroups_member() uses the DN in a search filter,
and must use the filter escaping function to escape it
Escaping filters that include escaped DNs ("\," becomes "\5c,") is the
correct way to do it (tested against W2k3).
- lookup_usergroups_memberof() instead uses the DN ultimately as a base dn.
Both functions do NOT need any DN escaping function as DNs can't be reliably
escaped when in a string form, intead each single RDN value must be escaped
separately.
DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as
they come already escaped on the wire and passed as is by the ldap libraries
DN filtering has been tested.
For example now it is possible to do something like:
'net ads add user joe#5' as now the '#' character is correctly escaped when
building the DN, previously such a call failed with Invalid DN Syntax.
Simo.
(This used to be commit 5b4838f62ab1a92bfe02626ef40d7f94c2598322)
|
|
The two culprits were
* pdb_get_account_policy()
* pdb_get_group_sid()
(This used to be commit 6a69caf6907fad01b13aa4358ce5c62506f98495)
|
|
(This used to be commit a5a1c8c785939e7cf6108adb573ac277726f584b)
|
|
'pdbedit -L -w'
(This used to be commit 2a7311db272b5a504e2db672d92adbb3cf2bea15)
|
|
Volker
(This used to be commit b48ea4d7775dfc3216771fd328640c2c100a014d)
|
|
so that
in the next step we can store them in LDAP to be replicated across DCs.
Thanks to Michael Adam <ma@sernet.de>
Volker
(This used to be commit 3c879745cfc39be6128b63a88ecdbfa3d9ce6c2d)
|