IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
defined in <stdint.h>, ensure that it is present. (Not all
implementations pull it in when <sys/types.h> is used).
Paul
(This used to be commit dafe36ec4cff4e5f94e35841966007e3e4758582)
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.
The points of interest are
* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
using the machine account after the join
Thanks to Guenther and Simo for the review.
Still to do:
* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
'kinit -k' (although we might be able to just use the sAMAccountName
instead)
* Re-add support for pre-creating the machine account in
a specific OU
(This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
globals. This catches mismatched start/end calls and removes
the need for special nested profiling calls.
(This used to be commit ee750498812190edd3ec52ca3c750258f3b8a97a)
kerberized pam_winbind and workstation restrictions are in effect.
The krb5 AS-REQ needs to add the host netbios-name in the address-list.
We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from
the edata of the KRB_ERROR but the login at least fails when the local
machine is not in the workstation list on the DC.
Guenther
(This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
clients and aservers. Strange compiler-fu on 64-bit
SLES9 says sizeof(time_t) == 4 but the memory alignment
is on 8 bytes. Change time_t to uint32 to fix alignment.
Remove 'char **gr_mem' from struct winbindd_gr since
it was not being used.
(This used to be commit b68e66d5c4f7348e674b8a009656ebfbbc06e288)
primarily intended for ia64 systems where libunwind knows more about
the different ways of walking the stack that just about anything else.
(This used to be commit 256a19d722f360dac3c8e83f5bfac453fa70db96)
is produced when a process exits abnormally.
First, we coalesce the core dumping code so that we greatly improve our
odds of being able to produce a core file, even in the case of a memory
fault. I've removed duplicates of dump_core() and split it in two to
reduce the amount of work needed to actually do the dump.
Second, we refactor the exit_server code path to always log an explanation
and a stack trace. My goal is to always produce enough log information
for us to be able to explain any server exit, though there is a risk
that this could produce too much log information on a flaky network.
Finally, smbcontrol has gained a smbd fault injection operation to test
the changes above. This is only enabled for developer builds.
(This used to be commit 56bc02d64498eb3faf89f0c5452b9299daea8e95)
the POSIX interface. Note that this removes support for inherited
capabilities. This wasn't used, and probably should not be.
(This used to be commit 763f4c01488a96aec000c18bca313da37ed1df1b)
KRB5KRB_ERR_RESPONSE_TOO_BIG when the krb5 library does not know about
this.
Guenther
(This used to be commit 4a1a3c4808307e09fa8ff85da9a963a4a6f0e9ae)
for older krb5 implementations.
Patch slightly modified from the version provided by Björn Jacke <bjoern
at j3e dot de> at the samba-technical list after discussion on the list
and by IRC. Thanks Björn!
(This used to be commit 49e6431c06c70088907c31e2da1ec83a09377015)
always linearize into little-endian. Should fix all
Solaris issues with this, plus provide a cleaner base
moving forward for cluster-aware Samba where smbd's
can communicate across different compilers/architectures
(eventually these message will have to go cross-machine).
Jeremy.
(This used to be commit d01824b78576a034428e1cef73868d1169057991)
use it as though it were an in-memory db and dump out to
a flat file every 2 mins, but that can now change.
Jeremy.
(This used to be commit a342681792724c1ae8561ba8d352c4ee6e2a5332)
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
Several incarnations of gcc bork with
Compiling dynconfig.c
/tmp/ccXd94O5.s: Assembler messages:
/tmp/ccXd94O5.s:1202: Error: suffix or operands invalid for `mov'
/tmp/ccXd94O5.s:1289: Error: suffix or operands invalid for `mov'`
Thanks to Bent Vangli for the the leg work and suggestions.
(This used to be commit 318fe7ba0093c4a94e9f4f5c8ce7a2f5d1078e26)
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
that is only included if _SAMBA_BUILD_ is defined...
Let's see how far this gets us.
Volker
(This used to be commit 563275b35f76107e3d2a8b0b6e14394b20ecd81b)
1. using smbc_getxattr() et al, one may now request all access control
entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
provided by smbc_getxattr() et al, when requesting all attributes,
all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
compiler flags are in use. removed -Wcast-qual flag from list, as that
is specifically to force warnings in the case of casting away qualifiers.
Note: In the process of eliminating compiler warnings, a few nasties were
discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces
are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
kerberos interfaces are being used. Someone who knows kerberos
should look at these and determine if there is an alternate method
of accomplishing the task.
(This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)
I was going to use this for tracking dfs mounts in smbclient
but found another way. Still the cleanup is valid so commiting it.
should be minimally disruptive since it is not widely used.
(This used to be commit 00738dca3b07083c91545910486a1f30f2b17281)
(based on Simo's code in trunk). Rewritten with the
following changes:
* privilege set is based on a 32-bit mask instead of strings
(plans are to extend this to a 64 or 128-bit mask before
the next 3.0.11preX release).
* Remove the privilege code from the passdb API
(replication to come later)
* Only support the minimum amount of privileges that make
sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
instead of the 'is a member of "Domain Admins"?' check that started
all this.
Still todo:
* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
Samba DC to another.
* Come up with some management tool for manipultaing privileges
instead of user manager since it is buggy when run on a 2k client
(haven't tried xp). Works ok on NT4.
(This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
