IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28)
Comments from the patch:
/* Add the "Unix Group" SID for each gid to catch mapped groups
and their Unix equivalent. This is to solve the backwards
compatibility problem of 'valid users = +ntadmin' where
ntadmin has been paired with "Domain Admins" in the group
mapping table. Otherwise smb.conf would need to be changed
to 'valid user = "Domain Admins"'. --jerry */
(This used to be commit 3848199287)
up names from smb.conf. If the name is unqualified it
causes the lookup to be done in WORKGROUP\name, then
"Unix [users|groups]"\name rather than searching the
domain. Should fix the problems with "force user"
selecting a domain user by preference.
Jeremy.
(This used to be commit 1e1fcb5eb2)
netlogon code uses pdb_get_group_sid() which could
return a S-1-1-22 unix sid. Who knew.... :-(.
I'm going to test Volker's fix instead. Once
3.0.23b is out we *have* to rip out the pdb_set_group_sid()
code....
Jeremy.
(This used to be commit 65003e1b25)
users (username map) and failure to connect to a
share. Essentially, even on a standalone system
we were going into the create_token_from_username()
code (I think by mistake) if the username was mapped.
Fixes bug #3991.
Volker & Jerry - please go over this with a very careful eye
and let me know if this isn't correct (I think it is,
but this isn't my code and it's a dangerous area for
me to be playing in :-).
Jeremy
(This used to be commit 0b5b2b53ec)
If no winbind is around, the best we can do to get the user's token correct is
to ask unix via create_token_from_username. More investigation is needed if
this also fixes the +groupname for unmapped groups problems more cleanly.
Volker
(This used to be commit f6e3ee147f)
what svn is for.
The idea is that we fall back to a pure unix user with S-1-22 SIDs in the
token in case anything weird is going on with the 'force user'.
Volker
(This used to be commit 9ec5ccfe85)
Add missing automatic add of the Administrators SID in the absence
of winbindd and precense of Domain Admins SID in the user's token.
(This used to be commit ce7846d6f1)
Make 2 important changes. pdb_get_methods()
returning NULL is a *fatal* error. Don't try
and cope with it just call smb_panic. This
removes a *lot* of pointless "if (!pdb)" handling
code. Secondly, ensure that if samu_init()
fails we *always* back out of a function. That
way we are never in a situation where the pdb_XXX()
functions need to start with a "if (sampass)"
test - this was just bad design, not defensive
programming.
Jeremy.
(This used to be commit a0d368197d)
changing the token generation. I *hate* this code!
Jerry, you have been looking at this as well, can you double-check that I did
not screw it up?
Thanks,
Volker
(This used to be commit 2765c4ff8d)
packet processing code. Only do these when needed (ie. in the
idle timeout code). We drop an unneccessary global here too.
Jeremy.
(This used to be commit 8272a5ab06)
* Finally fix parsing idmap uid/gid ranges not to break with spaces
surrounding the '-'
* Allow local groups to renamed by adding info level 2 to
_samr_set_aliasinfo()
* Fix parsing bug in _samr_del_dom_alias() reply
* Prevent root from being deleted via Samba
* Prevent builting groups from being renamed or deleted
* Fix bug in pdb_tdb that broke renaming user accounts
* Make sure winbindd is running when trying to create the Administrators
and Users BUILTIN groups automatically from smbd (and not just check the
winbind nexted groups parameter value).
* Have the top level rid allocator verify that the RID it is about to
grant is not already assigned in our own SAM (retries up to 250 times).
This fixes passdb with existing SIDs assigned to users from the RID algorithm
but not monotonically allocating the RIDs from passdb.
(This used to be commit db1162241f)
