IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jun 21 19:57:06 CEST 2013 on sn-devel-104
This will allow us to detect from the smb.conf if this is a Samba4 AD
DC which will allow smarter handling of (for example) accidentially
starting smbd rather than samba.
To cope with upgrades from existing Samba4 installs, 'domain
controller' is a synonym of 'active directory domain controller' and
new parameters 'classic primary domain controller' and 'classic backup
domain controller' are added.
Andrew Bartlett
This was used in only 2 places, db-glue.c and the lsa server.
In db-glue.c it is awkward though, as it forces to use an unconvenient lsa
structure and conversions from time_t to nt_time only to have nt_times
converted back to time_t for actual use. This is silly.
Also the kdc-policy file was a single funciton library, that's just ridiculous.
The loadparm helper is all we need to keep the values consistent, and if we
ever end up doing something with group policies we will care about it when it's
the time. the code would have to change quite a lot anyway.
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Fri Apr 20 01:53:37 CEST 2012 on sn-devel-104
Found by a eagle-eyed user.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Jan 26 08:39:47 CET 2012 on sn-devel-104
the calculation of add_incoming and add_outgoing was not correct when
a trust was already in place
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
In my rework of this function in 2006 with
459a2301a5 I ignored the incoming
handle, instead feching the LSA state again (dispite the commit
message indicating otherwise).
This means that data->access_mask is uninitialised, which doesn't
matter right now, but will once we start checking that.
Andrew Bartlett
This call can be substituted by "ldb_msg_add_string". We only need to be
careful on local objects or talloc'ed ones which live shorter than the message.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This changes auth_serversupplied_info into the IDL-defined struct
auth_user_info_dc. This then in turn contains a struct
auth_user_info, which is the only part of the structure that is
mainted into the struct session_info.
The idea here is to avoid keeping the incomplete results of the
authentication (such as session keys, lists of SID memberships etc) in
a namespace where it may be confused for the finalised results.
Andrew Barltett
We now no longer print tickets with a potentially infinite life, and
we report the same life over LSA as we use in the KDC. We should get
this from group policy, but for now it's parametric smb.conf options.
Andrew Bartlett
- Added 'out of memory' checks
- Added checks regarding return values
- Switch to "ldb_msg_add_string" where possible
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Dec 3 21:41:39 CET 2010 on sn-devel-104
Tridge pointed out that it is to dangerous to allow them to be created
with SYSTEM permissions. The solution using the "untrusted" flag should
be much more viable.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Nov 25 13:05:56 CET 2010 on sn-devel-104
This fits better than the RELAX one.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Nov 24 18:23:01 CET 2010 on sn-devel-104
This reverts commit 8a2ce5c47c.
Jelmer pointed out that these are also in use by other LDB databases - not only
SAMDB ones.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
They're only in use by SAMDB code.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
The issue here is that we have not yet first cast to int32_t explicitly,
before we cast to an signed int to printf() into the %d or cast to a
int64_t before we then cast to a long long to printf into a %lld.
There are *no* unsigned integers in Active Directory LDAP, even the RID
allocations and ms-DS-Secondary-KrbTgt-Number are *signed* quantities.
(See the schema, and the syntax definitions in schema_syntax.c).
The failure has been detected by Matthieu Patou on the buildfarm host "tridge"
due to a malformed "groupType" attribute.
The solution is to use the "%d" specifier. Either to use it directly - or better
(when possible) use the call "samdb_msg_add_uint" (which encapsulates it).
This patch changes such problematic situations.
This can be substituted by "ldb_msg_add_value".
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Oct 15 00:21:53 UTC 2010 on sn-devel-104
We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this
reduces only code redundancies.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
The merged I plan in this area require spliting security.h into
two header files, a common header and a session.h for the
remaining source4-specific code.
Andrew Bartlett
A new event context is constructed by LDB when required for secrets.ldb
This will be essentially unused, as LDB on TDB will only trigger 'fake'
events, and blocks on transactions and lock operations anyway.
Andrew Bartlett
These are related, but slightly different concepts. The biggest difference
is that rights are not enumerated as a system-wide list.
This moves the rights to security.idl due to dependencies.
Andrew Bartlett
Now that privileges are no longer given luid values sequentially,
we need another way to look them up for enumeration.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
