Age | Commit message (Collapse) | Author | Files | Lines |
|
These changes add a krb5_data parameter named e_data to the windc_plugin to
allow the samba KDC to return extended error information in addition to the
standard KRB5KDC_ERR_* codes. Windows uses the extended information to provide
detailed information in user dialogs (e.g. account disabled, logon hours
restriction, must change password, etc.).
This particular commit modifies only heimdal code. Hopefully this can be
submitted and accepted into the upstream heimdal codebase.
(This used to be commit f542362be25e7182a0836de7a0163f6b9fce9408)
|
|
or in AD.
Andrew Bartlett
(This used to be commit a3e1f2830679a56366f0080115de504cdb0144f7)
|
|
Andrew Bartlett
(This used to be commit 9bfc4757887ceabb4c621d62c140515794679250)
|
|
Andrew Bartlett
(This used to be commit def46f6852075e1efe2bb7c5a7cffa5defdbb4ee)
|
|
Andrew Bartlett
(This used to be commit 7e85f318b571d1a909dffad0ecd661468ed497ca)
|
|
Fixing this simple typo allows more of the ldap.js test to pass.
Andrew Bartlett
(This used to be commit 7c80cd18d5cd9cbf32dac15a4734f5a3c67cd0e7)
|
|
This change removes a dependency on objectclass=domainDNS, and avoids
a subtree search when we really know exactly where this record is.
Andrew Bartlett
(This used to be commit 52947fc0c019e57438a21e54953601b6cc08eb49)
|
|
This reworks quite a few parts of our provision system to use
CN=NETBIOSNAME as the domain for member servers.
This makes it clear that these domains are not in the DNS structure,
while complying with our own schema (found by OpenLDAP's schema
validation).
Andrew Bartlett
(This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402)
|
|
If the objectClass found does not include a defaultSecurityDescriptor,
then we should not segfault in the SDDL parser.
Andrew Bartlett
(This used to be commit 5a92771fb55149fcf24f21f30e4c6a622bef44f8)
|
|
(This used to be commit e9567e39106efb7443ed2c5df3492208b1c1d766)
|
|
This should allow us to provision onto an OpenLDAP backend again.
Also ensure we always have a sysvol and netlogon share in the selftest
environment.
Andrew Bartlett
(This used to be commit b2d9b03ba3434e76d4d476233a198728523d17f9)
|
|
This error caused us to put a 0x80 byte at the end of GUID, which was
only detected by OpenLDAP's schema checking.
Andrew Bartlett
(This used to be commit fd99b7719bcb503e2695b2cbad0230fa23a094ca)
|
|
This required a large rework of the provision code, so as to move much
of the 'guess' logic into subprocedures, rather than just inline in
the provision code.
Andrew Bartlett
(This used to be commit a0754c2a857217ca831c2295b17255d8f38dfbc2)
|
|
In case a unix application as an oplock or share mode on
a file we need to retry periodicly as there's no way
to get a notification from the kernel when the oplock
is released.
metze
(This used to be commit 4d40f3a02643b4cdacee31f0b7bc9fc77cc9869a)
|
|
metze
(This used to be commit eeb0b8c349552517b521f1b8d7d9341e0ef630f2)
|
|
metze
(This used to be commit e473068bddfaa9028ab8ee49291035313b35fed3)
|
|
metze
(This used to be commit 3f165d3114519c317b9e7c871bb61d4fcbb8fb09)
|
|
metze
(This used to be commit b399f0c872f32bb791da196102a5872c20e62100)
|
|
metze
(This used to be commit 80f5f9362100b971fa12ffee33705b745131770e)
|
|
This prepares kernel oplock support.
metze
(This used to be commit 9db9b6d85d80a8aaa8bd432afaef9bb634d7364d)
|
|
metze
(This used to be commit b43f1a53dd185cc51a3fb8a18e311abb77c2a7c9)
|
|
metze
(This used to be commit 40563583f7ef3d8d1a3426c6c12eaecd18af215c)
|
|
metze
(This used to be commit cd1b8efc5d8dc1eec03fe1bf1eb58dbded9584eb)
|
|
metze
(This used to be commit 3f7fef8b8c567379649611637d69c89d77d11d6c)
|
|
metze
(This used to be commit eb68a8ed4fa214ad2e858a7fbdf9b5376cda6e04)
|
|
Jeremy.
(This used to be commit 4556fafede8691c6a12670695ff108e9e59aff98)
|
|
metze
(This used to be commit ca5b37747107bd2941f7415fe609c8293a6b5f7c)
|
|
exemptions.
Jeremy.
(This used to be commit a70719d579a7eefbfd973267b95a87aaa6b649b0)
|
|
Jeremy.
(This used to be commit b2007956aa4534f22ad7fd85b0aee0be769548ae)
|
|
metze
(This used to be commit 6dc280731d071681b635a2f091be2b153a902080)
|
|
metze
(This used to be commit 80711c03e0e8fba6f80261facd939ef00e06c7fd)
|
|
metze
(This used to be commit 4b071236867ca5c2c0451ad3acc8a9debb0549e4)
|
|
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit bfe773a620640fa46efe008f38144f5452350825)
|
|
ignore share modes and oplock breaks :-(.
Jeremy.
(This used to be commit a8a5339cf2ca218668f888eced5ffe7ce059553c)
|
|
Andrew Bartlett
(This used to be commit b4da374a998caac18c288a0a6e3fcd2c50cbffa7)
|
|
Andrew Bartlett
(This used to be commit edb7af0685983543c321e3d8b90f6ae07af2e4e3)
|
|
This change ensures we give an immidiate error if the DN won't parse.
Also clean up strcmp use to be more standard.
Andrew Bartlett
(This used to be commit 1b15f374a89b99f3c43d9c2ce06dde9c67383e66)
|
|
That means we only have to parse the record once
and as the tdb record is locked the in memory copy
is always the same as the one in the tdb.
metze
(This used to be commit 0641a43cd6fd081cac0275f5bde2ad70fa6a71bb)
|
|
Otherwise this variable would never change its value...
metze
(This used to be commit 5b13a564b8459c3134a43e1d4b4a791e33108b1b)
|
|
metze
(This used to be commit 4afd4058e30e0754a56100e691486139f149e3a3)
|
|
metze
(This used to be commit 5fdca988c687f58fe2fddd3c8eff5f461207065b)
|
|
Now there's only odb_can_open() which handles the
share_access rules.
And odb_open_file() only adds the new opendb_entry into the
database and calculates the granted oplock level.
metze
(This used to be commit db0853ae4fead34ef382bbfcfe2f46453ab8b73b)
|
|
odb_open_file() will later change to not redo the logic of
odb_can_open().
metze
(This used to be commit b09a1461ac595be1b6530221b7df5211084884cc)
|
|
odb_oplock_break_send()
metze
(This used to be commit c993b07f7d5caf290ccb9ca81961aa35a3ed1f02)
|
|
metze
(This used to be commit a63910e8e5c075aff45b8eb0d246d2823f09bb9c)
|
|
(This used to be commit e384aac5c8156c7f056c70b1caab0778f8fc52b6)
|
|
Michael
(This used to be commit d92597d29caf76e1c8d0858f066d7a30143392e9)
|
|
Michael
(This used to be commit 3a9514def21c448d344648d4a28f658fbcfc07eb)
|
|
(This used to be commit d28f2cb678b334086f601505c88e56b9c1ee559d)
|
|
The enhanced mappings allow the Windows client to determine whether a user's
password needs to be changed (and allows them to change it), or if they cannot
logon at all.
Changes still need to be made to allow additional data to be returned. Windows
uses that additional data to display more detailed dialogs to the user. The
additional information is returned in an e-data struct of type PA-PW-SALT that
contains the more-detailed NTSTATUS error code.
(This used to be commit 6a98e5a7aa0cdbb61358901df50162b5b914ee5c)
|