Age | Commit message (Collapse) | Author | Files | Lines |
|
the calculation of add_incoming and add_outgoing was not correct when
a trust was already in place
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
In my rework of this function in 2006 with
459a2301a5d63f5a1a6b27996c8a0358b20f2ab2 I ignored the incoming
handle, instead feching the LSA state again (dispite the commit
message indicating otherwise).
This means that data->access_mask is uninitialised, which doesn't
matter right now, but will once we start checking that.
Andrew Bartlett
|
|
unencrypted auth info.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Jul 15 19:57:48 CEST 2011 on sn-devel-104
|
|
lsa_TrustDomainInfoAuthInfoInternal.
Guenther
|
|
Guenther
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Jun 24 16:19:36 CEST 2011 on sn-devel-104
|
|
Signed-off-by: Metze
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This call can be substituted by "ldb_msg_add_string". We only need to be
careful on local objects or talloc'ed ones which live shorter than the message.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This changes auth_serversupplied_info into the IDL-defined struct
auth_user_info_dc. This then in turn contains a struct
auth_user_info, which is the only part of the structure that is
mainted into the struct session_info.
The idea here is to avoid keeping the incomplete results of the
authentication (such as session keys, lists of SID memberships etc) in
a namespace where it may be confused for the finalised results.
Andrew Barltett
|
|
These local TDB operations can quite safely be handled in a new/nested
event context, rather than using the main event context.
Andrew Bartlett
|
|
We now no longer print tickets with a potentially infinite life, and
we report the same life over LSA as we use in the KDC. We should get
this from group policy, but for now it's parametric smb.conf options.
Andrew Bartlett
|
|
|
|
called "reserved"
MS-LSAD 3.1.1.1 - http://msdn.microsoft.com/en-us/library/cc234319(v=PROT.13).aspx
|
|
This should help to fix bug #7769
|
|
- Added 'out of memory' checks
- Added checks regarding return values
- Switch to "ldb_msg_add_string" where possible
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Dec 3 21:41:39 CET 2010 on sn-devel-104
|
|
domain objects
Tridge pointed out that it is to dangerous to allow them to be created
with SYSTEM permissions. The solution using the "untrusted" flag should
be much more viable.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Nov 25 13:05:56 CET 2010 on sn-devel-104
|
|
is specified
This fits better than the RELAX one.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Nov 24 18:23:01 CET 2010 on sn-devel-104
|
|
in "dsdb/common/util.c""
This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0.
Jelmer pointed out that these are also in use by other LDB databases - not only
SAMDB ones.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
|
|
"dsdb/common/util.c"
They're only in use by SAMDB code.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
|
|
The issue here is that we have not yet first cast to int32_t explicitly,
before we cast to an signed int to printf() into the %d or cast to a
int64_t before we then cast to a long long to printf into a %lld.
There are *no* unsigned integers in Active Directory LDAP, even the RID
allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities.
(See the schema, and the syntax definitions in schema_syntax.c).
The failure has been detected by Matthieu Patou on the buildfarm host "tridge"
due to a malformed "groupType" attribute.
The solution is to use the "%d" specifier. Either to use it directly - or better
(when possible) use the call "samdb_msg_add_uint" (which encapsulates it).
This patch changes such problematic situations.
|
|
|
|
This can be substituted by "ldb_msg_add_value".
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Oct 15 00:21:53 UTC 2010 on sn-devel-104
|
|
"samdb_result_uint64" and "samdb_result_string"
We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this
reduces only code redundancies.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
The merged I plan in this area require spliting security.h into
two header files, a common header and a session.h for the
remaining source4-specific code.
Andrew Bartlett
|
|
A new event context is constructed by LDB when required for secrets.ldb
This will be essentially unused, as LDB on TDB will only trigger 'fake'
events, and blocks on transactions and lock operations anyway.
Andrew Bartlett
|
|
|
|
It doesn't change much but it's nicer to have it consistent.
|
|
We were returning the index, not the LUID value
Andrew Bartlett
|
|
These are related, but slightly different concepts. The biggest difference
is that rights are not enumerated as a system-wide list.
This moves the rights to security.idl due to dependencies.
Andrew Bartlett
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
failure
This is clearer and more consistent than using a magic -1 return
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Now that privileges are no longer given luid values sequentially,
we need another way to look them up for enumeration.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Also remove bogus trustCurrentPasswords struct which we just had because our IDL
was incorrect.
Guenther
|
|
struct dom_sid
This makes the structure much more like NT_USER_TOKEN in the source3/
code. (The remaining changes are that privilages still need to be merged)
Andrew Bartlett
|
|
This makes the structure more like Samba3's NT_USER_TOKEN
|
|
The flags field of message elements is part of a set of flags. We had
LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely
being used (only 1 call used it correctly). This adds
LDB_FLAG_MOD_MASK() to make it more obvious what is going on.
This will allow us to use some of the other flags bits for internal
markers on elements
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This fixes the build with --nonshared-binary=smbtorture,
as use by the source3/ make test.
metze
|
|
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
- Return always "NT_STATUS_OK" on success
- Remove "talloc_free"s on handles since the frees are automatically performed by
the DCE/RPC server code
|
|
|
|
To suppress warnings on Solaris 10
|
|
|
|
|
|
This is used for allowing operations by RODCs, and denying them
operations that should only be allowed for a full DC
This required a new domain_sid argument to
security_session_user_level()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
|