Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
In samba_kdc_trust_message2entry() on error, hdb_free_entry()
may end up trying to access uninitialized memory or double
free the hdb_entry.
|
|
"nt_response" structures
In some cases those structures are not initialised and the whole authentication
system crashes with a SIGSEGV. Bug discovered by Matthieu Patou in bug #6755.
|
|
Previously the "no_pass" and "no_pass2" variables weren't handled correctly.
Since at the initialisation of the "CredentialsOptions" we don't have any
password at all. Only afterwards we could get one through "set_password".
If a password is specified, use it. If no password is specified, consider the
use fo an input mask on STDOUT. But if the loadparm context contains one prefer
it over the input.
|
|
metze
|
|
This fixes the build with automatic dependecies.
metze
|
|
|
|
Looking at the winbind interface, we should only be using the bulk conversion calls.
|
|
It's not fully clear what this ":dn" part means for us. What we know is that
older AD implementations (Windows Server 2000, 2003) need it to have extended
matches working in the expected way.
To be able to interoperate with s3's winbind and other tools I and gd decided
to transform this into a warning until we know what to do.
This should fix bug #6511.
|
|
this makes it easier to modify the script to set us at R2 level in
provision. We should make this a parameter.
|
|
emacs creates symlinks to .py files while you are editing them. This
could cause build failures.
|
|
we need the DS_DOMAIN_* levels imported
|
|
This allows it to work against our local ldb
|
|
We need to eventually get rid of ldb_msg_find_attr_as_string() (or add
a mem_ctx to it), but meanwhile we have too many places that break if
we don't add a nul to the end of ldb msg strings from python.
|
|
We should use the system/*.h headers for system includes. We also try
to avoid C++ comments.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Use short name (shortcut for wellknown SID/RID) for assignee in each entry of ACL (when possible)
of sysvol files (GPO objects and netlogon folders).
This avoid error prone substitution of DOMAINSID in ACL and make ACL clearer by using shortname
for assignee accordingly with SDDL synthax rules. Translation to real SID is handled internaly by the
from_sddl function.
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
This allow to be able to run net acl set xxx yyy on DC, but also on domain
member.
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
running as a non root user
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
If the dns update file doesn't need updating we need to delete the tmp
file
|
|
This task watches for changes in the list of DCs, and creates a bind9
formatted file that grants update permission to all DCs, plus to the
administration, and machines update for their own names.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
The named.conf.update file will be filled in at runtime by Samba to
contain the list of bind9 grant rules for granting DNS dynamic update
permissions on the domain.
|
|
This allows the permissions to be correctly set for bind to write to
a journal file. It also sets the right group ownership and permissions
on the files that bind needs to access.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Our testers put up with a lot of odd things when testing out Samba4.
Andrew Bartlett
|
|
(cherry picked from commit 95a5bee2c30a67a35604b0456ab7836f6dc67702)
|
|
This changes the meaning of the ->prev pointer in our doubly linked
lists to point at the end of the list from the front of the list. That
allows us to implement DLIST_ADD_END() and related functions in O(1)
time, which can be a huge saving in many places in Samba.
This also means that the 'type' argument to various DLIST_*() macros
is no longer needed, but I have left it in for now to keep the
patchset small, which will make it easier to revert if any problems
are found. In the future we should remove the 'type' arguments.
(jra. Move the one use of DLIST_TAIL over to the new macros).
|
|
(cherry picked from commit 6ede911654566a7e21ded70dacac68df3b6a1bca)
|
|
|
|
uses of (list)->prev are moved over to DLIST_PREV. This will be replaced
when the final (new) version of the dlinklist.h header is added.
Jeremy.
|
|
For some reason, JHT keeps on creating an empty smb.conf file,
expecting it to be the same as a non-existant one. It is easier to
just realise what he meant.
Andrew Bartlett
|
|
Guenther
|
|
This was needed only by Python 2.3 which we no longer support.
|
|
Allow UNC lists like this:
192.168.2.1
192.168.2.2
192.168.2.3
the share name will be taken from the command line
|
|
Guenther
|
|
I changed the format string into "(objectClass=*)" which should be an
equivalent expression for choosing all available objects.
Consider bug 7115 for the issue.
|
|
Andrew using cp like in commit ca12e7bc8ff4a91f2044c0a60550fec902e97a78
is wrong as that removes #include "config.h" and breaks the build on AIX.
metze
|
|
metze
|
|
|
|
the registry tests were broken on big-endian systems
|
|
after recent fixes we need to raise the version to 1.2.1 so that
we can require also the right patched version.
|
|
subunitrun seemed to be calling a test from its own source, instead of
the samba test. Fix this by calling the test directly.
|
|
The includes of the UID wrapper headers werent't really efficient according
to metze's post on the technical mailing list (http://lists.samba.org/archive/samba-technical/2010-February/069165.html).
To achieve this move the "uid_wrapper.h" includes into "lib/util/unix_privs.c",
"lib/util/util.c", "ntvfs/posix/pvfs_acl.c" and "ntvfs/unixuid/vfs_unixuid.c".
|
|
Disable the use of it in the heimdal code.
Notice: This doesn't need to be ported upstream since it only affects the
build in conjunction with s4.
|