Age | Commit message (Collapse) | Author | Files | Lines |
|
This makes AD client tools happier, as they know they are talking to
an AD server.
per Bug 6229 by Matthieu Patou <mat@matws.net>
Andrew Bartlett
|
|
904d0124b46eed7a8ad6e5b73e892ff34b6865ba)
Also including the supporting changes required to pass make test
A number of heimdal functions and constants have changed since we last
imported a tree (for the better, but inconvenient for us).
Andrew Bartlett
|
|
|
|
extending the subunit protocol.
|
|
formatting.
|
|
|
|
|
|
This script walks the schema, configuration and domain partitions of the locally
installed Ldb and a remote hosts and compares the descriptors disregarding the
difference in domain SID. The goal is to make sure a freshly provisioned Samba
has the correct descriptors so ACLs work correctly. It outputs the descriptors
in short SDDL, where the correct SIDs are to be replaced during provisioning.
Optionally it can be output as an LDIF file with the current local domain and
domain SIDs.
|
|
this copes with a rename of SECRETS to LSA-SECRETS in an earlier patch
by gd
|
|
|
|
Compiled with Andrew over a series of phone calls and gobby sessions,
with the aim of documenting Kerberos requirements for Samba to us an
alternate (ie, MIT) Kerberos library.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Compiled with Andrew over a series of phone calls and gobby sessions
with Andrew, with the aim of documenting Kerberos requirements for
Samba to us an alternate (ie, MIT) Kerberos library.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
when sorting a record that does not have the requested sort attribute
then put those records last in the sort result
|
|
The sort module uses ldb_comparison_fold() as the comparison function
for case-insensitive attributes. In other places the function is being
used to produce a boolean, but for sorting we care about ordering.
The n1 - n2 return was sorting by length, not value
|
|
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
|
|
TODO: check why the INVALID1 tests fails with --signing=required.
metze
|
|
compounded chain
metze
|
|
[Metze; "make test" on git master outputs exactly the same test summary
with our without this patch (apart from the "using seed" lines)]
If the transport socket is writable, then push the queue along
rather than wait until the caller returns back to the tevent loop.
This strategy keeps the sockets piping hot, and is particularly good
for cases where reading requests from one socket causes lots of
writes on another socket, or where lots of writes are made in a batch.
It doesn't matter if the socket is not writeable yet, packet_queue_run
will return quite cheaply in such a case.
Signed-off-by: Sam Liddicott <sam@liddicott.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
compounded requests
metze
|
|
metze
|
|
metze
|
|
Guenther
|
|
Guenther
|
|
|
|
objects.
Guenther
|
|
Guenther
|
|
|
|
Patch from Timur I. Bakeyev sent to samba-technical:
Heimdal requires openpty() presence. FreeBSD has in in standard libc, so
autodetection works, but compilation fails, as declaration of this function is
missing.
This patch adds proper header detection and inclusion for openpty().
|
|
RPC-SPOOLSS.
Guenther
|
|
Guenther
|
|
This patch is for Samba4. It adds configure tunable for modulesdir -
location, where modules should be installed. In the case, when no
FHS compliance is used and libdir is redefined, modulesdir still
points to $PREFIX/modules. In some installations it may be not desired.
I'd rather set it myself :)
So, here is the patch.
With regards,
Timur Bakeyev.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This patch is relevant for Samba4 source mostly. The way, how readline
compiled under FreeBSD makes it require stdio.h to get all the necessary
declarations. Without this addition rl_event_hook is not properly detected.
With regards,
Timur Bakeyev.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Guenther
|
|
already for s4.
Guenther
|
|
This patch creates ldap_priv/ as a subdirectory under the private dir with the
appropriate permissions to only allow the same access as the privileged winbind
socket allows. Connecting to ldap_priv/ldapi gives SYSTEM access to the ldap
database.
|
|
|
|
When the notify buffer overruns and there are no pending notify
requests, the notify buffer doesn't actually get destroyed, it just
gets put in a state where new notifies are discarded and the next
notify change request will return 0 changes.
|
|
Andrew, I think you wanted to print this instead.
Guenther
|
|
|
|
This removes the validation of the estimated number of accounts,
because MS-SAMR 3.1.5.5.1.1 makes clear the number returned cannot be
relied apon.
I've also converted a bit more of the test to use torture_assert(),
and where that is impractical, to print error messages when things
fail.
Andrew Bartlett
|
|
|
|
Logs showed that every SAM authentication was causing a non-indexed
ldb search for member=XXX. This was previously indexed in Samba4, but
since we switched to using the indexes from the full AD schema it now
isn't.
The fix is to use the extended DN operations to allow us to ask the
server for the memberOf attribute instead, with with the SIDs attached
to the result. This also means one less search on every
authentication.
The patch is made more complex by the fact that some common routines
use the result of these user searches, so we had to update all
searches that uses user_attrs and those common routines to make sure
they all returned a ldb_message with a memberOf filled in and the SIDs
attached.
|