Age | Commit message (Collapse) | Author | Files | Lines |
|
The SPN attribute could derive from an untrusted source (client).
Reviewed-by: Jelmer
|
|
It is defined as LDAP syntax 2.5.5.9 so no need at all to treat it as
64-bit integer.
Reviewed by: Kamenim and Metze
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Mar 1 12:46:15 CET 2011 on sn-devel-104
|
|
This call can be substituted by "ldb_msg_add_string". We only need to be
careful on local objects or talloc'ed ones which live shorter than the message.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Feb 24 02:42:37 CET 2011 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This code is now useful in common, as the elements of the
auth_session_info structure have now been defined in common IDL.
Andrew Bartlett
|
|
this avoids a conflict with the new s3 server_id.idl
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this prevents conflicts with the s3 auth modules. The auth modules in
samba3 may appear in production smb.conf files, so it is preferable to
rename the s4 modules for minimal disruption.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
aliases and groups
That means when calling "QueryDisplayInfo" on the BUILTIN handle we
still get all related domain objects - for example all domain (global
+ universal) groups. This is contrary to the "EnumDomain..." calls which
do really only return the objects in the specified domain policy handle.
This has been observed against Windows Server 2008 and confirmed by
dochelp.
In the same occasion I've converted from a "gendb*"-oriented search call to "dsdb_search".
Patch-reviewed-by: Andrew Tridgell <tridge@samba.org>
|
|
than once
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Feb 15 09:46:55 CET 2011 on sn-devel-104
|
|
- fixed some warnings
- change the debug levels to something more reasonable
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This changes auth_serversupplied_info into the IDL-defined struct
auth_user_info_dc. This then in turn contains a struct
auth_user_info, which is the only part of the structure that is
mainted into the struct session_info.
The idea here is to avoid keeping the incomplete results of the
authentication (such as session keys, lists of SID memberships etc) in
a namespace where it may be confused for the finalised results.
Andrew Barltett
|
|
We need to check for invalid parameters before we check for
access denied.
metze
|
|
INVALID_PARAMETER/INFO_CLASS
metze
|
|
netr_Validation levels
metze
|
|
To prevent platform-dependant problems.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Jan 15 14:54:14 CET 2011 on sn-devel-104
|
|
These local TDB operations can quite safely be handled in a new/nested
event context, rather than using the main event context.
Andrew Bartlett
|
|
|
|
Guenther
|
|
We now no longer print tickets with a potentially infinite life, and
we report the same life over LSA as we use in the KDC. We should get
this from group policy, but for now it's parametric smb.conf options.
Andrew Bartlett
|
|
this is only set when rpath is used on install. It ensures that
applications that link against Samba libraries get the rpath right
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Dec 8 12:46:00 CET 2010 on sn-devel-104
|
|
|
|
Windows Server 2008 does this
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Dec 4 12:11:47 CET 2010 on sn-devel-104
|
|
called "reserved"
MS-LSAD 3.1.1.1 - http://msdn.microsoft.com/en-us/library/cc234319(v=PROT.13).aspx
|
|
This should help to fix bug #7769
|
|
- Added 'out of memory' checks
- Added checks regarding return values
- Switch to "ldb_msg_add_string" where possible
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Dec 3 21:41:39 CET 2010 on sn-devel-104
|
|
|
|
|
|
Reworked version of commit 7e710c4de92c310897817acc06d229cce763d2d7
|
|
to suppress parameter declaration warnings"
This reverts commit 7e710c4de92c310897817acc06d229cce763d2d7.
This causes more noise than it's useful.
|
|
|
|
domain objects
Tridge pointed out that it is to dangerous to allow them to be created
with SYSTEM permissions. The solution using the "untrusted" flag should
be much more viable.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Nov 25 13:05:56 CET 2010 on sn-devel-104
|
|
is specified
This fits better than the RELAX one.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Nov 24 18:23:01 CET 2010 on sn-devel-104
|
|
- Performs the short computer name check against the sam account name.
- Enhances the LogonGetDomainInfo testsuite which checks the NULL
"dns_hostname" behaviour
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Nov 19 12:50:33 CET 2010 on sn-devel-104
|
|
|
|
|
|
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Nov 15 03:04:41 UTC 2010 on sn-devel-104
|
|
We previously allocated sockets as direct children of the event
context. That led to crashes if a service called
task_server_terminate(), as it left the socket open and handling
events for a dead protocol.
Making them a child of the task allows the task to terminate and take
all its sockets with it.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
sam_ctx_system may be NULL for non-privileged users
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sat Nov 13 08:52:53 UTC 2010 on sn-devel-104
|
|
don't use it
metze
|
|
metze
|
|
DSDB_SECRET_ATTRIBUTES
We should replicate all secret attributes back to other DCs.
metze
|
|
|
|
this allows accounts (and in particular RODCs) to make SPN updates on
their own account if they take the form SERVICE/hostname
we may be able to remove this in the future after some changes in our
ACL checking for userPrincipalName
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 8 08:45:16 UTC 2010 on sn-devel-104
|
|
|