IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
and remove the old rpccli_lsa_lookup_sids() function. The old function would
fail due to server limits when requesting to resolve too many sids at once
(20480 for W2k3). The new version passes the list of sids in hunks to the
server. It has up to now been used (and tested) in the winbindd_ads
lookup_groupmem() function, and I think the time has come to replace the actual
function with this correct version.
Michael
rpccli_lsa_lookupsids_noalloc() returns an error for one hunk
of SIDs: free all allocated arrays and return the error code
returned by the hunk lookup.
Michael
in a lookup_sidX reply isn't optional - like the
lookup_sidX query it needs to be defined in the
struct.
All this will go away with PIDL (thank goodness....).
Jerry - I think this is a showstopper to be merged
for 3.0.25b.
I'll be watching the build farm to see if anything broke.
Jeremy.
talloc context for use with the actual rpc query and response.
So the the parent context does not get flooded by the posslibly
large amount of response data (when looking up a lot of sids).
Note: It not possible, to simply use the names and domains arrays
as talloc contexts for the talloc_strdup calls, because from
rpccli_lsa_lookup_sids_all, this is called with names + offset
and domains + offset where names and domains are talloced
arraye for the complete response.
looked up at one time. This limit is at 20480 for w2k3.
Our rpccli_lsa_lookup_sids function ignores this limit, so when
we give the server too long a list of SIDs, then we will get
nothing back. Since typically rpccli_lsa_lookup_sids is given
one SID (or a small number of SIDS), this did not do harm
up to now. But since I want to use lsa_lookup_sids in a subsequent
modification to winbindd_ads.c:lookup_groupmem to get rid of
a vast number of dn_lookup calls to the server, I had to make
sure we do it correctly.
I have added a function rpccli_lsa_lookup_sids_all function
that has the same prototype but internally splits the list
of SIDs up into hunks of a (conservative, hard coded) 1000
SIDs each for a first go.
If this approach is agreed upon, the new function could replace
the original rpccli_lsa_lookup_sids function.
Michael
make rpccli_lsa_close() a real one line wrapper for
rpccli_lsa_Close().
I'm still keeping the wrapper for now because I'm not sure
what we will do about a usable client API. I don't think
calling the autogenerated client code directly is a good idea
as the IDL is still evolving.
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
servers. Also add a new "net rpc audit" tool. The lsa query infolevels
were taken from samb4 IDL, the lsa policy flags and categories are
partly documented on msdn. I need to cleanup the double
lsa_query_info_policy{2}{_new} calls next.
Guenther
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
rpcclient-tester for some info-levels.
Jerry, I tried to adopt to prs_pointer() where possible and to not
interfere with your work for usrmgr.
- Add "net rpc trustdom vampire"-tool.
This allows to retrieve Interdomain Trust(ed)-Relationships from
NT4-Servers including cleartext-passwords (still stored in the local
secrets.tdb).
The net-hook was done in cooperation with Lars Mueller
<lmuelle@suse.de>.
To vampire trusted domains simply call:
net rpc trustdom vampire -S nt4dc -Uadmin%pass
Guenther
* add some backwards compatibility to 'net rpc rights list'
* verify privilege name in 'net rpc rights privileges <name>' in order
to give back better error messages.
* define some const SE_PRIV structure for use when
you need a SE_PRIV* to a privilege
* fix an annoying compiler warngin in smbfilter.c
* translate SIDs to names in 'net rpc rights list accounts'
* fix a seg fault in cli_lsa_enum_account_rights caused by
me forgetting the precedence of * vs. []
