IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- This changes the attribute "forceLogoff" to its' default
values according to Windows Server 2003 R2
- Also this corrects the "subRefs" attribute of the base-DN which only refers
to direct child partitions (and therefore not to the complete transitive closure)
A dcerpc request may have a reference from a still completing async
callback, but we now consider the request to be complete. We want to
lose the main parent, leaving just the reference, if any.
This reworks the notes file to be less stream-of-consciousness and more
task for porting, with a very particular focus on a potential port of
Samba4 to use MIT Kerberos.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail
list user principal name) in an AS-REQ. Evidence from the wild
(Win2k8 reportadely) indicates that this is instead valid for all
types of requests.
While this is now handled in heimdal/kdc/misc.c, a flag is now defined
in Heimdal's hdb so that we can take over this handling in future (once we start
using a system Heimdal, and if we find out there is more to be done
here).
Andrew Bartlett
The function LDB_lookup_principal() has been eliminated, and it's
contents spread back to it's callers. Removing the abstraction makes
the code clearer.
Also ensure we never pass unescaped user input to a LDB search
function.
Andrew Bartlett
This test talks to a DC as a joined workstation member - in the same way
winbindd does, in particular the calls used in this test's query pattern
will all request for SEC_FLAG_MAXIMUM_ALLOWED access_mask
(which pretty much all of samba's client code does as well).
In fact this test verifies that winbind can correctly talk to a samba dc using
samr dcerpc calls.
Guenther
On calls where both NT_STATUS and WERROR results are returned and consulted
we have to make sure to form function results considering both.
This errors have been found through a run against SAMBA 4.
ntvfs_map_fsinfo, ntvfs_map_qpathinfo, ntvfs_map_qfileinfo used an
old synchronous mapping technique, acceptable on the grounds that
they were only used by the simple vfs which was synchronous.
Other vfs may/do use these functions, and by upgrading them to use the
ntvfs_map_async_setup/ntvfs_map_async_finish framework, they can now be
used asynchronously.
Signed-off-by: Sam Liddicott <sam@liddicott.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
It seems that the samba4 part of the merged build does not pick up the
DEVELOPER flag from the s3 configure.
Jelmer, can you fix that properly?
Thanks,
Volker
This makes it clear to our users that this particular implementation
isn't final (all parties are agreed that an EXTERNAL bind is the right
way to do this, but it has not been implemented yet).
Andrew Bartlett
- LDB handles now all 32-bit integer attributes correctly (also with overflows)
according to the schema
- LDAP backends handle the attributes "groupType", "userAccountControl" and
"sAMAccountType" correctly. This handling doesn't yet use the schema but
the conversion file "simple_ldap.map.c" which contains them hardcoded.
Did also a refactoring of the conversion function there.
- Bug #6136 should be gone
We have made a lot of useful changes to LDB since the last realese,
that Samba4 now relies on. This ensures that a build against a system
LDB will only succeed against the right version.
Andrew Bartlett
We need to pass down flags to the DCE/RPC layer to allow fallback to
anonymous connections, as we can't log in with an expired password.
The anonymous connection can then change the password with SAMR.
Andrew Bartlett
This requires a rework on Heimdal's windc plugin layer, as we want
full control over what tickets Heimdal will issue. (In particular, in
case our requirements become more complex in future).
The original problem was that Heimdal's check would permit the ticket,
but Samba would then deny it, not knowing it was for kadmin/changepw
Also (in hdb-samba4) be a bit more careful on what entries we will
make the 'change_pw' service mark that this depends on.
Andrew Bartlett
While tdb has not changed ABI in a way that requires this, we don't
want Samba4 somehow built against the old version with
performance problems on large, growing databases.
Andrew Bartlett
- Insert a check after the "tsocket" library call to make sure that the call
terminated correctly
- Add a comment to explain why on further calls of "cldap_socket_init" the
destination address hasn't to be specified
This corrects the issues reaised in bug #6129, and some others that were not
originally identified. It also accounts for some code that was in the original
bug report but appears to have since been made common between S3 and S4.
Thanks to Erik Hovland <erik@hovland.org> for the original bug report.
Patch for bug #4939
This refactors the NETLOGON code related to this bug:
- Introduces a new "SYNCSTATE" enum required by the "DatabaseSync2" call (acc.
to WSPP)
- Make "DatabaseSync" dependant from "DatabaseSync2" (acc. to WSPP)
- Let "DatabaseSync2" return NT_STATUS_NOT_IMPLEMENTED (I'm not sure if this is
also true when a domain is running in mixed mode)
- Make "LogonControl" and "LogonControl2" dependant form "LogonControl2Ex"
(acc. to WSPP)
- Let "LogonControl2Ex" return WERR_NOT_SUPPORTED for now
