Age | Commit message (Collapse) | Author | Files | Lines |
|
This is an early, messy version of the code, but it illustrates what can
be done. It currently only prints the Owner SID, Group SID, and Perms and
SID from each ACE.
Once more work is done, it could actually walk the SEC DESCs and ACEs and
change the SIDS ...
(This used to be commit 322151509c255aa288627ae239661154ab0c83d5)
|
|
set 'algorithmic rid base' correctly after a 'net rpc vampire'.
Volker
(This used to be commit 5c0869be321852919dba1566c6bcab02e4657541)
|
|
Currently this calls back to mapping.c, but we have the framework
to get the information into LDAP and the passdb.tdb (should we? I
think so..).
This has received moderate testing with net rpc vampire and
usrmgr. I found the add_groupmem segfault in add_aliasmem as
well, but that will be another checkin.
Volker
(This used to be commit f30095852fea19421ac8e25dfe9c5cd4b2206f84)
|
|
at me :-)
Volker
(This used to be commit c4452ef22cf63c73bfb3574a55a4810af511ff20)
|
|
(This used to be commit 2e328928aa9bfafbfa00596f261dbc68bcd51e6b)
|
|
(This used to be commit 07ac86323f71d6228a222a1680d1c7def0eb7109)
|
|
that app-head does.
Jeremy.
(This used to be commit b521abd86b10573ca8f9116907c81e6deb55f049)
|
|
somebody with a large domain do a net rpc samdump to verify this?
Without this change, I don't get everything from a NT4 SP1 and SP6
PDC.
Volker
(This used to be commit f6a9180a5ff62932de0d4f890092b0d8281e9d6e)
|
|
The actual design change is relitivly small however:
It all goes back to jerry's 'BOOL store', added to many of the elements in a
SAM_ACCOUNT. This ensured that smb.conf defaults did not get 'fixed' into
ldap. This was a great win for admins, and this patch follows in the same way.
This patch extends the concept - we don't store values back into LDAP unless
they have been changed. So if we read a value, but don't update it, or we
read a value, find it's not there and use a default, we will not update
ldap with that value. This reduced clutter in our LDAP DB, and makes it
easier to change defaults later on.
Metze's particular problem was that when we 'write back' an unchanged value,
we would clear any muliple values in that feild. Now he can still have his
mulitivalued 'uid' feild, without Samba changing it for *every* other
operation.
This also applies to many other attributes, and helps to eliminate a nasty
race condition. (Time between get and set)
This patch is big, and needs more testing, but metze has tested usrmgr, and
I've fixed some pdbedit bugs, and tested domain joins, so it isn't compleatly
flawed ;-).
The same system will be introduced into the SAM code shortly, but this fixes
bugs that people were coming across in production uses of Samba 3.0/HEAD, hence
it's inclusion here.
Andrew Bartlett
(This used to be commit 7f237bde212eb188df84a5d8adb598a93fba8155)
|
|
* s/driverlocation/comment
* detect native mode domain and enumerate local groups
Also
* Added sendfile stats from SAMBA_2_2
(This used to be commit 764b58e2c0b3179cffe157c0ab58761b156b8423)
|
|
also try to uniform names to a clean scheme.
first part.
(This used to be commit a123e05877caf90c28980be2d84b1d0b46e4fd21)
|
|
(This used to be commit de9ea4ee6b3a939044d84f43ce14f10dd16341ce)
|
|
the ones for debuglevel and configuration file in pdbedit
(This used to be commit cb0d03a393d9009c3e16b9d05d88c171de9a9414)
|
|
from APP_HEAD
(This used to be commit 38c9e4299845fd77cc8629945ce2d259489f7437)
|
|
(This used to be commit b9942092cf3d0a9fbf94b51b576836a86059551b)
|
|
Volker
(This used to be commit f68825e93371e3d3403167f608d1da0d7ada1a04)
|
|
Add const to some more functions, and reintroduce 'net rpc join oldstyle' as
*only* trying an old-style join.
This means that we can rely on it not prompting for a password on the build
farm.
Andrew Bartlett
(This used to be commit 31bdbeef0ea6f30247cd3b30cfea57b34102abe6)
|
|
(This used to be commit 42c7ecd3d5dc5eb8ff690635946a403a82ebb270)
|
|
(This used to be commit a6ec9af7e38b1b937eba7003f130d662d5bde035)
|
|
a rid.
Volker
(This used to be commit 11ec785f3f43b277ae3f28b38865f4de972495bc)
|
|
only the interface has been fully moved to NTSTATUS
not all the plugins make full use of it, but have been all converted.
My testings passed completely, however a bit of more testing is welcome
Simo.
(This used to be commit 102a26e06591928a03b49cd312a65811ed46314f)
|
|
getsid, then join as a BDC, and then watch net rpc vampire suck out
the good stuff out of a PDC :-). It's not perfect, but it does quite a
bit for me. Watch out for more.
Volker
(This used to be commit f0d7ac9feb5844c93789344285b1d66f480209ba)
|
|
(This used to be commit b53547bf663ed1714326f9b0e74215e012e728af)
|
|
(This used to be commit 08c3e2b824cd2c93ca548fa18ea16a18f5b197e5)
|
|
When creating a group you have to take care of the fact that the
underlying unix might not like the group name. This change gets around
that problem by giving the add group script the chance to invent a
group name. It then must only return the newly created numerical gid.
Volker
(This used to be commit b959419ed38e66a12b63cad3e5fbfa849f952acc)
|
|
(This used to be commit 42774a7753eb8be1ec04bcb5dda089910a1b6d0b)
|
|
Volker
(This used to be commit f6ed429838cc0140c0d033875012c7a999891549)
|
|
Volker
(This used to be commit 8c41b5cd1b8b0c2639def9552bd20b8aca39785c)
|
|
positive name for this. It creates users and global groups. More to come.
Volker
(This used to be commit 0c1fadd9e024ef886542d362a7f119968552852d)
|
|
(This used to be commit a8dc1464ea2d05eb2a26afdd433cdb6b69002259)
|
|
the DC being out of sync with the local machine.
(This used to be commit 0d28d769472ea3b98ae4c8757093dfd4499f6dd1)
|
|
(This used to be commit 05a202c287f5daeb1ccbaf9479aa93e7928e93db)
|
|
(This used to be commit 6f0561acadd139e37f86e30a2bbf10f428178eaf)
|
|
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
It includes a conversion of make_user_info*() to NTSTATUS and some minor
changes to other files.
It also picks up on a nasty segfault that can occour in some security=domain
cases.
Andrew Bartlett
(This used to be commit d1e1fc3e4bf72717b3593685f0ea5750d676952a)
|
|
to extend the ADS_STATUS system to include NTSTATUS, and to provide a better
general infrustructure for his sam_ads work.
I've also added some extra failure mode DEBUG()s to parts of the code.
NOTE: The ADS_ERR_OK() macro is rather sensitive to braketing issues - without
the final set of brakets, the test is essentially inverted - causing some
intersting 'error = success' messages...
Andrew Bartlett
(This used to be commit 5b9a7ab901bc311f3ad08462a8a68d133c34a8b4)
|
|
(This used to be commit 26bee60a419593a5afe4e48614f7f3fc414596a5)
|
|
changed cli_nt_setup_creds() to call cli_net_auth_2 or cli_net_auth_3 based on a switch.
pass also the negociation flags all the way.
all the places calling cli_nt_setup_creds() are still using cli_net_aut2(), it's just for future use and for rpcclient.
in the future we will be able to call auth_2 or auth_3 as we want.
J.F.
(This used to be commit 4d38caca40f98d0584fefb9d66424a3db5b5789e)
|
|
we now do this:
- look for suported SASL mechanisms on the LDAP server
- choose GSS-SPNEGO if possible
- within GSS-SPNEGO choose KRB5 if we can do a kinit
- otherwise use NTLMSSP
This change also means that we no longer rely on having a gssapi
library to do ADS.
todo:
- add TLS/SSL support over LDAP
- change to using LDAP/SSL for password change in ADS
(This used to be commit b04e91f660d3b26d23044075d4a7e707eb41462d)
|
|
I get all the groups at least.
Volker
(This used to be commit 23a4f6991e93797afad0043689737a1b20c67f60)
|
|
(This used to be commit c1e00f5f160985323f5a9ade42f2ebb2a798b17c)
|
|
Volker
(This used to be commit f76a5431f0448efbc879aee965c643e2e362632a)
|
|
might be ugly, etc - please don't blame me for anything but instead try to fix
the code :-). Compiling of the new sam system can be enabled with the
configure option --with-sam
Removing passdb/passgrp.c as it's unused
fix typo in utils/testparm.c
(This used to be commit 4b7de5ee236c043e6169f137992baf09a95c6f2c)
|
|
bound to a given driver
(This used to be commit e913d508d4f894eb3f0e59b9c28b0fc5b56962ec)
|
|
(This used to be commit 228fc518da0404fe770175d5277fe5f5b08f9c67)
|
|
samsync operations (as a BDC)
(This used to be commit e4cb106d2e3e6a41529369545a7a6ce5fe6d8986)
|
|
options.
Andrew Bartlett
(This used to be commit 4cd822d9e4e5f35a47b0837bfa73c8a457e6cc85)
|
|
(This used to be commit addf29e6765393b25c35bd833d29e29e4581c233)
|
|
user SIDs correctly.
Volker
(This used to be commit 287b7bda11100c42f2cdea36a20a81f6ea397f43)
|
|
(This used to be commit 2df34c9bfc76ee832e5005a2ad0ff0b6abb98034)
|
|
Print domain SID on 'net rpc info'
Volker
(This used to be commit 12fd889a3f0e3eeeb27a51cdd7f648a59083f2ba)
|