sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Code
66,413 Commits 60 Branches 1,144 Tags 452 MiB
7e9e35db41
Commit Graph

66413 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matthias Dieter Wallnöfer
7e9e35db41 s4:util_samr.c - also here we've now the default primaryGroupID detection working 2010-09-12 21:19:27 +02:00
Matthias Dieter Wallnöfer
4a2941535d s4:ldap.py - tests the primary group detection by the "userAccountControl" 2010-09-12 19:23:06 +02:00
Matthias Dieter Wallnöfer
4fd8ce42ce s4:setup/provision_self_join.ldif - now the samldb LDB module detects automatically that this is a DC account 2010-09-12 19:23:06 +02:00
Matthias Dieter Wallnöfer
7f424155e6 s4:samldb LDB module - "samldb_check_primaryGroupID" - support RID derivation from "userAccountControl" 
Specified in MS-SAMR 3.1.1.8.1 and probably fixes also bug #7441.
 2010-09-12 19:23:06 +02:00
Matthias Dieter Wallnöfer
1e52e72e40 libds:flag_mapping.c - introduce a call which maps the "userAccountControl" to the default primary group RID 2010-09-12 19:23:06 +02:00
Matthias Dieter Wallnöfer
2fb111f731 libds:flag_mapping.c - fix counter variable types 2010-09-12 19:23:06 +02:00
Matthias Dieter Wallnöfer
22d42432ac s4:samldb LDB module - free the "ac" context after the delete checks 2010-09-12 19:23:05 +02:00
Matthias Dieter Wallnöfer
1d94bb3ad4 s4:samldb LDB module - simplify the message handling on add and modify operations 
We perform always only one shallow copy operation of the message on the "req"
context. This allows to free the "ac" context when we've prepared all our
changes.
 2010-09-12 19:23:05 +02:00
Matthias Dieter Wallnöfer
79f22e5d70 s4:samldb LDB module - move "samldb_prim_group_users_check" more down to see that it is only in use by the delete operation 
add and modify helpers will stay on the top of the add and modify operation
since they will likely be shared as much as possible.
 2010-09-12 19:23:05 +02:00
Matthias Dieter Wallnöfer
bb1da645ed s4:samldb LDB module - add a comment to mark the beginning of the extended operation handler 2010-09-12 19:23:05 +02:00
Matthias Dieter Wallnöfer
dad7cdad22 s4:samldb LDB module - refactor "samldb_find_for_defaultObjectCategory" to be again synchronous 
Also to make it easier to comprehend
 2010-09-12 19:23:05 +02:00
Matthias Dieter Wallnöfer
6aca09b0b7 s4:samldb LDB module - refactor the "primaryGroupID" check on user creation 
This looks more straight-forward now.
 2010-09-12 19:23:05 +02:00
Matthias Dieter Wallnöfer
e1de425cb8 s4:samldb LDB module - get rid of the SID context variable 
Since we get more and more rid of async stuff we don't need this in the context
anymore.
 2010-09-12 19:23:05 +02:00
Matthias Dieter Wallnöfer
79a98b893a s4:samldb LDB module - use also here the real attribute denomination "sAMAccountName" 
Purely cosmetic - but nicer to read
 2010-09-12 19:23:05 +02:00
Matthias Dieter Wallnöfer
0eb281d8f2 s4:samldb LDB module - rename "check_SamAccountType" into "check_sAMAccountType" 
And a small cosmetic change.
I like to have the real attribute names in the function denominations
 2010-09-12 19:23:04 +02:00
Matthias Dieter Wallnöfer
4ef9760db1 s4:samldb LDB module - make "samldb_check_sAMAccountName" synchronous again 
To make it more understandable
 2010-09-12 19:23:04 +02:00
Matthias Dieter Wallnöfer
64af772b38 s4:fsmo.py - fix an obvious typo 2010-09-12 19:23:04 +02:00
Volker Lendecke
adfa071c5a s3: Remove a nesting level in winbindd_dual_pam_chauthtok 2010-09-12 18:30:38 +02:00
Matthieu Patou
6bd6fdcd72 s4:unittest: Test wbinfo --group-info and --gid-info 
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
 2010-09-11 19:13:46 +02:00
Matthias Dieter Wallnöfer
8a0db43ad8 test_wbinfo.c - count more possible failures 2010-09-11 19:13:13 +02:00
Matthias Dieter Wallnöfer
1ddd63bddb ldb:tools/cmdline.c - reorganise imports 2010-09-11 18:07:47 +02:00
Matthias Dieter Wallnöfer
b5d872704c s4:param/secrets.c - reorganise imports 2010-09-11 18:04:50 +02:00
Matthias Dieter Wallnöfer
7e710c4de9 s4:rpc_server/common/common.h - introduce two forward declarations to suppress parameter declaration warnings 
Always Tru64 in file "param/loadparm.c" and possibly others.
 2010-09-11 18:04:48 +02:00
Matthias Dieter Wallnöfer
5f98d31fc0 ldb:tools/cmdline.c - make a counter unsigned where appropriate 2010-09-11 17:43:44 +02:00
Matthias Dieter Wallnöfer
c0a863b6f3 s4:ldb_register_samba_handlers - fix up and convert result codes to LDB/LDAP results 2010-09-11 17:41:38 +02:00
Matthias Dieter Wallnöfer
ea3f21dff6 lib/replace/wscript:Tru64 build - Better use version 600 for _XOPEN_SOURCE 
This means we request the "Single UNIX Specification, Version 3" with C99
compatibility as the Python 2.5 release on the system. This prevents
redefinitions with different values.

> [ 451/1918] Compiling scripting/python/pyglue.c
> cc: Warning: /usr/local/include/python2.5/pyconfig.h, line 951: The redefinition of the macro "_XOPEN_SOURCE" conflicts with a current definition because the replacement lists differ.  The redefinition is now in effect. (macroredef)
> #define _XOPEN_SOURCE 600
> ----------------------^
> cc: Warning: default/source4/include/config.h, line 54: The redefinition of the macro "_XOPEN_SOURCE" conflicts with a current definition because the replacement lists differ.  The redefinition is now in effect. (macroredef)
> #define _XOPEN_SOURCE 500
> ----------------------^
 2010-09-11 17:23:55 +02:00
Matthias Dieter Wallnöfer
83cd3f7630 s4:dcesrv_samr_GetGroupsForUser - also universal group memberships are returned here 
Tested using User Manager for Domains against Windows Server 2008.
MS-SAMR 3.1.5.9.1 is wrong in this case therefore I've informed the dochelp team.
 2010-09-11 14:34:37 +02:00
Andrew Bartlett
e84ab1b35f s4-privs Fix enum privileges in LSARPC server 
We were returning the index, not the LUID value

Andrew Bartlett
 2010-09-11 22:32:43 +10:00
Andrew Bartlett
07cf3ba5c4 s3-auth Fix typo in comment 2010-09-11 22:32:43 +10:00
Andrew Tridgell
6d6158617c nss-waf: use the right winbind pipe path 
s4 uses a different location for the winbind pipe to s3
 2010-09-11 22:32:43 +10:00
Andrew Tridgell
a82fe6f472 winbind-waf: the installed name is libnss_winbind.so.2 
the .2 is what libc adds to the name for this version of the nss API
 2010-09-11 22:32:43 +10:00
Andrew Bartlett
e13ed6fc78 s4:gensec Put the "NTLM" string for NTLMSSP's SASL name in a header 2010-09-11 22:32:43 +10:00
Andrew Tridgell
2921a888dc s4-param: removed the lp_ varients of the functions 
these made debugging much harder. We should replace these with
generated macros
 2010-09-11 22:32:43 +10:00
Andrew Tridgell
2a93814592 s4-param: move back to auto-generation of loadparm prototypes 2010-09-11 22:32:43 +10:00
Andrew Tridgell
837230f85e s4-credentials: get all attributes in cli_credentials_set_secrets() 
This ensures we get whenChanged, which is needed by the s3 winbind
code to ensure we don't repeatedly try to change the password
 2010-09-11 22:32:43 +10:00
Andrew Bartlett
bc6a3a2e3f security.idl Clarify that this is not a network structure 2010-09-11 22:32:42 +10:00
Matthias Dieter Wallnöfer
b9b93b845c libcli/auth/schannel_state_tdb.c - fix includes 
Otherwise we get a "declared inside parameter list" warning.
 2010-09-11 12:53:21 +02:00
Matthias Dieter Wallnöfer
2442d25636 lib/replace:wscript - additional attempt to fix the build on Tru64 
Obviously we really need both definitions ("socklen_t" has been found by
"_XOPEN_SOURCE"=500). But now FIONREAD wasn't accessible.
 2010-09-11 12:18:33 +02:00
Andrew Bartlett
a02a2c3557 libcli/security Use talloc_zero when making a struct security_token 2010-09-11 18:46:14 +10:00
Andrew Bartlett
fdcadb5c3c libcli/privileges Fix comment 2010-09-11 18:46:13 +10:00
Andrew Bartlett
0eea8ecfe2 s4-privs Seperate rights and privileges 
These are related, but slightly different concepts.  The biggest difference
is that rights are not enumerated as a system-wide list.

This moves the rights to security.idl due to dependencies.

Andrew Bartlett
 2010-09-11 18:46:13 +10:00
Andrew Bartlett
3b4db34011 s3-krb5 Fix Kerberos on FreeBSD with Samba4 DCs 
The idea of this patch is: Don't support a mix of different kerberos
features.

Either we should prepare a GSSAPI (8003) checksum and mark the request as
such, or we should use the old behaviour (a normal kerberos checksum of 0 data).

Sending the GSSAPI checksum data, but without marking it as GSSAPI broke
Samba4, and seems well outside the expected behaviour, even if Windows accepts it.

Andrew Bartlett
 2010-09-11 18:46:13 +10:00
Andrew Bartlett
ee943fb2bf libcli/security Remove unused SE_NONE define 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:13 +10:00
Andrew Bartlett
eb6a0cc326 libcli/security Move 'private' privileges functions to another header 
These functions work on the bitmap, and are only exposed because
the source3/ privileges storage uses the bitmap in account_policy.tdb

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:13 +10:00
Andrew Bartlett
b733d9dee0 s3-samr Explian better the use of two privileges in this call 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:13 +10:00
Andrew Bartlett
6d2b1ef71d libcli/security Remove 'always true' return from se_priv_put_all_privileges 
Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:13 +10:00
Andrew Bartlett
aefe60da8c s3-util_sid Tidy up global struct security_token 
This no longer needs to be global, and should be const.  We now also
init it with the C99 style initialisers.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:12 +10:00
Andrew Bartlett
da9bca6282 s4-rpc_server Put all 'logon failure' messages at the same debug level 4 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:12 +10:00
Andrew Bartlett
eb84c7ac90 libcli/auth Failure to find the cached session key for SCHANNEL isn't level 0 
This happens all the time, particularly now that we don't keep the
db around after a reboot.  Don't scare the admins with the level 0.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:12 +10:00
Andrew Bartlett
e3edd7ca3a s3-privs Add const 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:12 +10:00