IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
we need to use tdb_wrap_open in both these backends to allow for
multiple opens. This is done for notify.tdb. Otherwise we die when a
2nd share with notify is setup
(This used to be commit 40dcccfcf91737ba658fd9e733a431001649d255)
as we can't replace this function in libreplace and we do
the some stuff for other function in the same way.
metze
(This used to be commit 5e9b84326b4c65799e6fa6550de870d9a7ebba85)
to False makes winbind use RPC and not LDAP methods to connect to the DCs,
even when it figured out they are AD.
(This used to be commit 1c1f710e3e2e222c9d91a5650844c1db5ebd5a3a)
The clear text presentaion of the sid in the ldap expression
does work with w2k3 but not with w2k....
Thanks to Guenther for advising me of this issue.
Michael
(This used to be commit 7e6b0c19f816b52cca257c2837680e70f1af8594)
with talloc randomly failing.
Hey, shouldn't TALLOC_ARRAY _not_ return NULL when
requested to allocate an array with zero entries? :-)
Michael
(This used to be commit 7170d2e9f5381b405e0ea902d2b2463e5ca804e6)
And clean up unused stuff at the end.
Daringly, I use talloc_steal at some point, where it
appears natural to me.
Michael
(This used to be commit f2a29643bdb08bf026eaf974424f4eadfc920ca0)
started in r23070, r23072, r23073, r23078, r23081 and r23082:
After retrieving the list of sids with the extended dn
ldap query, instead of passing all sids to the lsa_lookup_sids
call, now while extracting the sids from the extended dn member
entries, we first try to lookup the sid from cache and only pass
the sids that were not in cache to the lsa_lookup_sids call.
Michael
(This used to be commit 5520c7d8557fe48957c2a85eaba8c3a0e9d8b9e2)
> Here's the problem I hit:
>
> getgrnam("foo") -> nscd -> NSS -> winbindd ->
> winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() ->
> getgrnam("foo") -> nscd -> ....
>
> This is in the SAMBA_3_0 specifically but in theory could happen
> SAMBA_3_0_25 (or 26) for an unknown group.
>
> The attached patch passes down enough state for the
> name_to_sid() call to be able to determine the originating
> winbindd cmd that came into the parent. So we can avoid
> making more NSS calls if the original call came in trough NSS
> so we don't deadlock ? But you should still service
> lookupname() calls which are needed for example when
> doing the token access checks for a "valid groups" from
> smb.conf.
>
> I've got this in testing now. The problem has shown up with the
> DsProvider on OS X and with nscd on SOlaris and Linux.
(This used to be commit bcc8a3290aaa0d2620e9d391ffbbf65541f6d742)
gpfs share modes in special situations. This might be split up in
several modules later.
(This used to be commit 553fe9245165ce4a14902daa722935c94ff32d61)
winbind. With this and W2k3 DCs around it is possible to use
more than one winbind on the same machine account, because
NetSamLogonEx does not use the credentials chain.
I added the flag domain->can_do_samlogon_ex because this
only works against W2k3 and with schannel. The theory is to
try if we're AD and have schannel, and fall back to
NetSamLogon if this fails. can_do_samlogon_ex is thus a
protection against multiple failures.
Only checking into 3_0, this needs more review before going
into a production release.
Feel free to comment :-)
(This used to be commit f5d525399b0b03a3d0b223fe72ef0a8a631fc599)
netr_GetDcAnyName all the time (which is the correct thing to do).
Fix the naming and opcode mixup in all branches.
Guenther
(This used to be commit def6464c872a5939f0028837254f2c019d2d71c8)
branch, please check if it fulfils your needs.
Two changes: The validation is not done inside the brlock.c traverse_fn,
it's done as a separate routine.
Secondly, this patch does not call the checker routines in smbcontrol
directly but depends on a running smbd.
(This used to be commit 7e39d77c1f90d9025cab08918385d140e20ca25b)
