Age | Commit message (Collapse) | Author | Files | Lines |
|
more scalable:
The most efficient way is to use the "tokenGroups" attribute which gives
the nested group membership. As this attribute can not always be
retrieved when binding with the machine account (the only garanteed way
to get the tokenGroups I could find is when the machine account is a
member of the "Pre Win2k Access" builtin group).
Our current fallback when "tokenGroups" failed is looking for all groups
where the userdn was in the "member" attribute. This behaves not very
well in very large AD domains.
The patch first tries the "memberOf" attribute on the user's dn in that
case and directly retrieves the group's sids by using the LDAP Extended
DN control from the user's object.
The way to pass down the control to the ldap search call is rather
painfull and probably will be rearranged later on.
Successfully tested on win2k sp0, win2k sp4, wink3 sp1 and win2k3 r2.
Guenther
(This used to be commit 7d766b5505e4099ef7dd4e88bb000ebe38d71bd0)
|
|
Expand the "winbind nss info" to also take "rfc2307" to support the
plain posix attributes LDAP schema from win2k3-r2.
This work is based on patches from Howard Wilkinson and Bob Gautier
(and closes bug #3345).
Guenther
(This used to be commit 52423e01dc209ba5abde808a446287714ed11567)
|
|
Guenther
(This used to be commit ec26c355b3ef1d3d809c4fbe911ce6fcef5db955)
|
|
- samba3 pass the limited version of RAW-LOCK
(the lock cancel and error checking tests are skipped)
metze
(This used to be commit b79ceece9550c0fe9f59ae59bad6709351e93906)
|
|
- RAW-READ now passes samba3
- skip the rest for now
metze
(This used to be commit fc343051afe560b1ddb8715dbc574e2ae645571e)
|
|
metze
(This used to be commit cd2fa1da6cdcaaa8a4d92a38163d54ecc0f9d756)
|
|
(This used to be commit d77768cb237461b06119ee19f822b120623d77dd)
|
|
the machine creds (just like WinXP)
(This used to be commit ae2bf464c47eb52ff24400d1cc362e74e77fbac5)
|
|
(This used to be commit 126ab8ccec69240e8e526190f4712bd274237985)
|
|
Spotted by "John E. Malmberg" <wb8tyw@qsl.net>.
Jeremy.
(This used to be commit ff3fe39b837e0d0de2edaa284c2dd7d1c8161c46)
|
|
if it returned -1 (treat as undefined). Ensure we obey
this.
Jeremy.
(This used to be commit 256ae3a16bcafe70cc1a00496681c709380e4fc3)
|
|
to make connections to ports 445 or 139 on the DC it's trying
to contact. It calls sys_select() on the non-blocking sockets,
not sys_select_intr(). This is a mistake (I believe) as it allows
a signal to early terminate the connection attempts - whereas
sys_select_intr() will ignore signals until we get back to
the main processing loop where they'll be handled correctly.
This change means winbindd_cm will not early terminate if it
gets a message whilst trying to connect to DC's.
Gunther, Volker and Jerry please review (but I think this
is correct).
Jeremy.
(This used to be commit 24aaa486771f797d35ea6b0711c12cd3e663dd8c)
|
|
We were forgetting to increment after copying
the primary group gid.
Jeremy
(This used to be commit 31d16c434e1ee94691f013ed0b31d9f26baeb2cb)
|
|
fsp pointers. Ensure we cope with this to pass Samba4
DENY tests (we used to pass these, there must have been
a regression with newer code). We now pass them.
Jeremy
(This used to be commit fd6fa1d4eaf61783df74ee2da50d331477f06998)
|
|
close fd=-1 fnum=4321 (numopen=1)
close_file: Could not get share mode lock for file $Extend/$Quota:$Q:$INDEX_ALLOCATION
unix_error_packet: error string = Das Argument ist ungültig
error packet at smbd/reply.c(3325) cmd=4 (SMBclose) NT_STATUS_INVALID_HANDLE
so a fake file needs special close handling I think. Jeremy, can you check
this?
Thanks,
Volker
(This used to be commit f66b9701b5c6bb6302fa11889adab6902cbaf2e3)
|
|
(This used to be commit a85dfb9eff222142eb1f9d89beb3d156661dd047)
|
|
(This used to be commit 3446ee5c00e114fd6697b2d70888d55ad79e63f9)
|
|
source code.
(This used to be commit 9559886a92b1fdd33d380bf0100dcddb12477ff2)
|
|
Windows). Fixes bug #1914.
Guenther
(This used to be commit b5a5d0b24ea5320cb2f28dbefe81ddf5c58baf77)
|
|
(This used to be commit 51df47c772f8bdd5a2c3a1e9814e625406e79b5f)
|
|
defined in <stdint.h>, ensure that it is present. (Not all
implementations pull it in when <sys/types.h> is used).
Paul
(This used to be commit dafe36ec4cff4e5f94e35841966007e3e4758582)
|
|
(This used to be commit 53f7104b4fbb4f59c18458f589e25e7b536642cb)
|
|
swapped to disc using mlock(). (patch was reviewed by Jeremy).
Guenther
(This used to be commit 206cdbb8e9a4a0900060d56510e58b85a2b8aec5)
|
|
Guenther
(This used to be commit 1b5a712467ab8f35211b59bb703a42bdc5e0dfc0)
|
|
Guenther
(This used to be commit 181fa02497e353a36e311f94f5bec2e9cfd1b56e)
|
|
disable automatic core file dumping. Core files are enabled by default.
(This used to be commit b59189280057849b67ac65f31cec23b859e21c91)
|
|
(This used to be commit ae56154fc7694042496a55d4dade8ef1a7ba361c)
|
|
samba3's make test
we can use this in samba4's smbtorture to disable tests sections which doesn't pass
against samba3
metze
(This used to be commit fab4de70b65ab5b9d3a93db46f13c7bab0e70464)
|
|
(This used to be commit 71fd0d3de4a02b9a7b67914f6412f18ec0bb5e7a)
|
|
Jeremy.
(This used to be commit b108ab7b122cc607f31772614b221379403b211b)
|
|
(This used to be commit 696e210bf6688e8b2f408559768173b4bdbda979)
|
|
Volker
(This used to be commit ea7cced6bcb3cb7d817e4cb072774692e4afedb0)
|
|
Volker
(This used to be commit 6071dd5db0dbb79a80b248ab93942911bf08fd2b)
|
|
flags on the setuserinfo(), not the createuser info call
(This used to be commit d933ac273db5977fb41954175bdc228b688bfd6e)
|
|
is broken
right now. r14112 broke it, in 3.0.22 register_vuid for security=share returns
UID_FIELD_INVALID which in current 3_0 is turned into an error condition. This
makes sure that we only call register_vuid if sec!=share and meanwhile also
fixes a little memleak.
Then I also found a crash in smbclient with sec=share and hostmsdfs=yes.
There's another crash with sec=share when coming from w2k3, but I need sleep
now.
Someone (jerry,jra?) please review the sesssetup.c change.
Thanks,
Volker
(This used to be commit 8059d0ae395604503cad3d9f197928305923e3f5)
|
|
(This used to be commit 7945c935bf197afb61286ddeb0e579078362a1fc)
|
|
(This used to be commit 2cf503d7da08319f318217f6fe8f85c18bf0dffb)
|
|
this one.
Volker
(This used to be commit c6bf2c8922e612278349fe53ca11f6be6c819009)
|
|
correct error
code here?
Thanks,
Volker
(This used to be commit 5787bd0ee90b081ae12a4a976893cb297fa7bed4)
|
|
NULL if
talloc fails.
Volker
(This used to be commit 0ece5b32f97f162be0af2ea3354a597c56ed4373)
|
|
(This used to be commit 3762effca5e1e2bbb2d1d9dd8504c502485eca7d)
|
|
(This used to be commit 00c795e3660a65419e707706abf48916dcd7f850)
|
|
Re-add the capability to specify an OU in which to create
the machine account. Done via LDAP prior to the RPC join.
(This used to be commit b69ac0e30441faea7a7d677b6bb551aa8ffbf55d)
|
|
* replace printf to stderr with DEBUG statements as they get printed in
daemons
* "net ads lookup" return code
Guenther
(This used to be commit 8dd925c5fbfcbe711c596d08e8eadc19607d5492)
|
|
unavailable; use "ldap timeout" handling.
Jerry, please check.
Guenther
(This used to be commit 821bbb4566c4b3f9798054ed3bf772db0c9ae3f2)
|
|
<drl@vuse.vanderbilt.edu>.
Jeremy.
(This used to be commit 502f3e911a2e9e3e0e4a4eae34885329e0624dd5)
|
|
when there's no kernel or FAM change notify. If set to zero
this will turn off change notify for the share except when
we ourselves change something (renames / deletes etc. ).
Designed to help on large directory shares where a new
changenotify is issued between each delete. This will
be fixed correctly when we move to internal change notify
(eg. back-port Samba4 changenotify).
Jeremy.
(This used to be commit 5a17bffbcd5082fde79c241468a0ff2b5903d540)
|
|
Guenther
(This used to be commit a80f3660573872e7a1c9e4d37262c830d68415e1)
|
|
Guenther
(This used to be commit ff93fc7c1e22c035f6f1405d263702bbb9d61575)
|
|
pull it in
(This used to be commit 4f3a1c2c58a4087f3a2f72f471cbaf2bad5addfe)
|