| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Using ldb unique indexes for samAccountName doesn't work with DRS as
the other DC may send us a deleted record (tombstone record), which
has the same samAccountName as an existing record. That would then
create two records in the same partition with the same samAccountName.
So we needed to put back the logic in samldb.c which explicitly
checked whether a samAccountName already exists on add
|
|
We found this as an object came across from w2k3 with zero values,
which caused a segv when we tried to decrypt the first value
|
|
This is needed to prevent samba3 and samba4 from using an ABI
incompatible system version of talloc
See ongoing discussion on the samba-technical mailing list
|
|
The LDB_ERR_NO_SUCH_OBJECT varient is not a defined variable. This
should improve error handling in our python code on some
systems. Unfortunately it still doesn't work on mine. I need to trap
Jelmer somewhere where he can't escape some day and force him to
divulge the deep druid secrets of python exception handling ....
|
|
The previous code incorrectly assumed that attributes such as
subClassOf come over the wire as strings. In fact they come over as 32
bit integers which refer to goversIDs. We have to post-process these
as it sometimes happens that a governsID comes over the wire before
the record that defines what it means.
|
|
|
|
|
|
- This changes the attribute "forceLogoff" to its' default
values according to Windows Server 2003 R2
- Also this corrects the "subRefs" attribute of the base-DN which only refers
to direct child partitions (and therefore not to the complete transitive closure)
|
|
|
|
this works around some terrible use of talloc in the libnet code
|
|
|
|
|
|
A dcerpc request may have a reference from a still completing async
callback, but we now consider the request to be complete. We want to
lose the main parent, leaving just the reference, if any.
|
|
|
|
This is one of the few cases where we want the object to be owned by
both the python object and C code
|
|
|
|
|
|
|
|
|
|
The previous use of talloc_steal could cause a steal of a pointer that
had references. This ensures that doesn't happen
|
|
The upcoming talloc_free/talloc_reference changes change talloc_free
to be a macro. These two bits of code relied on it being a function
pointer
|
|
Set the values like Windows Server 2003 R2.
|
|
DC object
Found after some comparisons against Windows Server 2003 R2.
|
|
the display specifiers
The object version showed up in the Windows 2003 Server R2 AD.
The "systemFlags" attribute has been set to the right value.
|
|
Guenther
|
|
Guenther
|
|
This reworks the notes file to be less stream-of-consciousness and more
task for porting, with a very particular focus on a potential port of
Samba4 to use MIT Kerberos.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
It seems quite reasonable to allow modules to re-initialise the set of
cached DNs on the ldb context.
Andrew Bartlett
|
|
This job is not complete (the partition module remains a unfinished
task), but now we do use the private ldb headers much less.
Andrew Bartlett
|
|
The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail
list user principal name) in an AS-REQ. Evidence from the wild
(Win2k8 reportadely) indicates that this is instead valid for all
types of requests.
While this is now handled in heimdal/kdc/misc.c, a flag is now defined
in Heimdal's hdb so that we can take over this handling in future (once we start
using a system Heimdal, and if we find out there is more to be done
here).
Andrew Bartlett
|
|
|
|
The function LDB_lookup_principal() has been eliminated, and it's
contents spread back to it's callers. Removing the abstraction makes
the code clearer.
Also ensure we never pass unescaped user input to a LDB search
function.
Andrew Bartlett
|
|
|
|
Guenther
|
|
Guenther
|
|
This test talks to a DC as a joined workstation member - in the same way
winbindd does, in particular the calls used in this test's query pattern
will all request for SEC_FLAG_MAXIMUM_ALLOWED access_mask
(which pretty much all of samba's client code does as well).
In fact this test verifies that winbind can correctly talk to a samba dc using
samr dcerpc calls.
Guenther
|
|
Unlike torture_suite_add_machine_bdc_rpc_iface_tcase() which joins as a BDC
(ACB_SRVTRUST) this joins as a member workstation (ACB_WSTRUST).
Guenther
|
|
Specifies the impersonation level according to the reporter commit in bug #6283
|
|
|
|
|
|
Enhance the simple ldap map to support also the "systemFlags" attribute in the
correct way.
|
|
When copying an attribute list, ensure the list itself is not NULL before
attempting to access elements of the list.
|
|
|
|
|
|
On calls where both NT_STATUS and WERROR results are returned and consulted
we have to make sure to form function results considering both.
This errors have been found through a run against SAMBA 4.
|
|
Prevents a crash of the SAMBA 4 daemon on the torture SPOOLSS test due to not
initialised structures.
|
|
ntvfs_map_fsinfo, ntvfs_map_qpathinfo, ntvfs_map_qfileinfo used an
old synchronous mapping technique, acceptable on the grounds that
they were only used by the simple vfs which was synchronous.
Other vfs may/do use these functions, and by upgrading them to use the
ntvfs_map_async_setup/ntvfs_map_async_finish framework, they can now be
used asynchronously.
Signed-off-by: Sam Liddicott <sam@liddicott.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Thanks to gd for the catch.
|
|
|
|
|
