IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
in a lookup_sidX reply isn't optional - like the
lookup_sidX query it needs to be defined in the
struct.
All this will go away with PIDL (thank goodness....).
Jerry - I think this is a showstopper to be merged
for 3.0.25b.
I'll be watching the build farm to see if anything broke.
Jeremy.
(This used to be commit 9300b92f7a51eb80fdc039d8dad23ea9ce82aa8f)
netr_GetDcAnyName all the time (which is the correct thing to do).
Fix the naming and opcode mixup in all branches.
Guenther
(This used to be commit def6464c872a5939f0028837254f2c019d2d71c8)
netr_DsRGetDCNameEx2) and add new ds request and reply flags, also add some
more WERROR codes.
Guenther
(This used to be commit 37ae7f419702c563bcd0d9c27c02bde7efd34dd7)
use the credential chain and only works over netlogon, but it would
allow multiple outstanding auth requests for a single workstation
account.
(This used to be commit 123290d0947191abca4a3b3d81718c823c1bc4a0)
talloc context for use with the actual rpc query and response.
So the the parent context does not get flooded by the posslibly
large amount of response data (when looking up a lot of sids).
Note: It not possible, to simply use the names and domains arrays
as talloc contexts for the talloc_strdup calls, because from
rpccli_lsa_lookup_sids_all, this is called with names + offset
and domains + offset where names and domains are talloced
arraye for the complete response.
(This used to be commit 8e60900c5c5fccbe1718b805b6b1628d32b920d0)
looked up at one time. This limit is at 20480 for w2k3.
Our rpccli_lsa_lookup_sids function ignores this limit, so when
we give the server too long a list of SIDs, then we will get
nothing back. Since typically rpccli_lsa_lookup_sids is given
one SID (or a small number of SIDS), this did not do harm
up to now. But since I want to use lsa_lookup_sids in a subsequent
modification to winbindd_ads.c:lookup_groupmem to get rid of
a vast number of dn_lookup calls to the server, I had to make
sure we do it correctly.
I have added a function rpccli_lsa_lookup_sids_all function
that has the same prototype but internally splits the list
of SIDs up into hunks of a (conservative, hard coded) 1000
SIDs each for a first go.
If this approach is agreed upon, the new function could replace
the original rpccli_lsa_lookup_sids function.
Michael
(This used to be commit 66ff0bc6c39f86a9830dc508cd891e33638b475d)
not specific for NTLMSSP
- it's possible that the server sends a mechOID and authdata
if negResult != SPNEGO_NEG_RESULT_INCOMPLETE, but we still
force the mechOID to be present if negResult == SPNEGO_NEG_RESULT_INCOMPLETE
metze
(This used to be commit e9f2aa22f90208a5e530ef3b68664151960a0a22)
which matches what samba4 has.
also fix all the callers to prevent compiler warnings
metze
(This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
Jeremy, I'm afraid you removed the "domain->initialized" from the
set_dc_types_and_flags() call when the connect to PI_LSARPC_DS failed
(with rev. 19148).
This causes now that init_dc_connection_network is called again and
again which in turn rescans the DC each time (which of course fails each
time with NT_STATUS_BUFFER_TOO_SMALL). Just continue with the
non-PI_LSARPC_DS scan so that the domain is initialized properly.
Guenther
(This used to be commit c6f63a08f55a4121cbe5aac537d2ef983dc25a97)
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".
Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).
Guenther
(This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
gives just any DC), also make sure to set timeouts in rpcclient
accordingly so that we actually get the DC's reply.
Guenther
(This used to be commit 6091c8152a3998d2503cb0911a217ee904509633)
items in cac_winreg.c
* Get 'net rpc registry enumerate' to list values again
* Fix winreg.idl QueryInfoKey(). The max_subkeysize is the
max_classlen (we previously had this correct in Samba3")
* fix valgrind error about uninitialized memory and use-before-set
on size value inmemset() call
* Fix key enumeration in 'net rpc registry enumerate'
* regenerate gen_dir files based on local pidl patches
Please note that the generated ndr files are from my local
copy of pidl. If you need to regenerate, please apply the
patch that I posted to the samba-technical list earlier today.
(This used to be commit 5d843612a1b9d92022f76626f1c7473faebec4ba)
in,out ref pointer
* Clarify variable names in EnumValue IDL
* Fix server code for _winreg_EnumValue() and _winreg_QueryInfoKe()
(This used to be commit f520a9d0fba4cc3cfbda40dd68cb63c4c3c4ed30)
There some broken functionality here that I'm still working on.
* remove unneeded parsing routines
(This used to be commit cbfe1a4b498593a48fc34f584754ed4a9ef72cc5)
This has had some basic testing. I'll do more during the next couple of days and hopefully also
make RPC-SRVSVC from Samba4 pass against it.
(This used to be commit ef10672399c4b82700dc431b4d93431ffdd42d98)
buffers.
Make security access masks simply a uint32 rather than a structure
with a uint32 in it.
(This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366)
* Remove the old wkssvc server, client, & parsing code.
* Update srv_wkssvc_nt.c with stubs for the remaining
stubs
(This used to be commit 0cb79ee13fd78b515a48b2c72d91596ed21e41a8)
* rpccli_reg_abort_shutdown()
* rpccli_reg_flush_key()
Remove the cmd_reg.c from rpcclient since the entire file
was unused
(This used to be commit c4788f0c1398feb098f131aa5c4d0398d7489527)
* rename PI_SHUTDOWN from include/smb.h to PI_INITSHUTDOWN
for compatibility with pidl libndr output
(This used to be commit 23a882861311d9d6ca45af1bfcc90d05846ba3a9)
make rpccli_lsa_close() a real one line wrapper for
rpccli_lsa_Close().
I'm still keeping the wrapper for now because I'm not sure
what we will do about a usable client API. I don't think
calling the autogenerated client code directly is a good idea
as the IDL is still evolving.
(This used to be commit 47f0c71218ade18cb94b48661f064e8956e06096)
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
