IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
think. This broke 'make test' because the newly created user was set to be
kicked off Mi, 22 Jan 1975 23:55:33 CET (unix time 159663333) with the
setuserinfo21 call.
I'm not 100% sure that 0x7ff... means max time as I do it here, I vaguely
remember it to mean "don't touch".
Does anybody know that for sure?
Jeremy, please check this.
Thanks,
Volker
(This used to be commit 872d1299ebffb7b7d696013fc676820f1fa1777c)
the this should be necessary. If there is still a bug,
I believe that setting thr group RID from the passdb is
masking it. Not fixing it. It is very likely that
the change was necessary before but is no longer
with the recent changes. But I'm not taking the chance
of merging it to 3.0.23c. :-)
(This used to be commit 1a5b90f3c1aa5dcaa29a9d62288d9e4dbc596f96)
The would have been primaryly used when adding a user to
an smbpasswd file, but could have been introduce to other
backends by using pdbedit -i -e.
The symptom was
[2006/08/09 13:07:43, 0] rpc_parse/parse_samr.c:init_sam_user_info21A(6276)
init_sam_user_info_21A: User nobody has Primary Group SID S-1-22-2-99,
which conflicts with the domain sid S-1-5-21-1825997848-4107600307-1754506280.
Failing operation.
(This used to be commit 0a3aa8b43ace8c635423c2df10827e81d145b58f)
Samba4) for machines that have 64-bit integers. Leave
the (double) code for machines that don't. Needs
testing.... :-).
Jeremy.
(This used to be commit 9e65c175b0794bea3082785b5da6f5b281887ce7)
on the wire. This allows us to go to nsec resolution
for systems that support it. It should also now be
easy to add a correct "create time" (birth time)
for systems that support it (*BSD). I'll be watching
the build farm closely after this one for breakage :-).
Jeremy.
(This used to be commit 425280a1d23f97ef0b0be77462386d619f47b21d)
the LGPL. Original code by Krishna Ganugapati <krishnag@centeris.com>.
Additional work by me.
It's still got some warts, but non-secure updates do
currently work. There are at least four things left to
really clean up.
1. Change the memory management to use talloc() rather than
malloc() and cleanup the leaks.
2. Fix the error code reporting (see initial changes to
dnserr.h)
3. Fix the secure updates
4. Define a public interface in addns.h
5. Move the code in libads/dns.c into the libaddns/ directory
(and under the LGPL).
A few notes:
* Enable the new code by compiling with --with-dnsupdate
* Also adds the command 'net ads dns register'
* Requires -luuid (included in the e2fsprogs-devel package).
* Has only been tested on Linux platforms so there may be portability
issues.
(This used to be commit 36f04674aeefd93c5a0408b8967dcd48b86fdbc1)
error. Fix our DNS SRV lookup code to deal with multi-homed hosts.
We were noly remembering one IP address per host from the Additional
records section in the SRV response which could have been an unreachable
address.
(This used to be commit 899179d2b9fba13cc6f4dab6efc3c22e44e062bc)
* Merge patches from SLES10 to make sure we talk to the correct
winbindd process when performing pam_auth (and pull the password policy info).
(This used to be commit 43bd8c00abb38eb23a1497a255d194fb1bbffffb)
Comments from the patch:
/* Add the "Unix Group" SID for each gid to catch mapped groups
and their Unix equivalent. This is to solve the backwards
compatibility problem of 'valid users = +ntadmin' where
ntadmin has been paired with "Domain Admins" in the group
mapping table. Otherwise smb.conf would need to be changed
to 'valid user = "Domain Admins"'. --jerry */
(This used to be commit 3848199287c5829aef66d0dee38a79056fe1ff5c)
value into an auto on the stack that gets removed when
we return from the frame :-).
Jeremy.
(This used to be commit 85bf8a16116e5eb9d4400e809531737d45890abb)
Jeremy.
----------
several replacement snprintf() fixes.
1) when running the testsuite, actually test against the system
sprintf(), not against ourselves (doh!)
2) fix the buffer termination to terminate buf2 as well
3) fix handling of %llu, and add a simple test
This fixes a bug with password expiry on solaris
----------
(This used to be commit 64fd96666f391101c41b7a564fd20ab2e93e3923)
we want to walk more printing code in the build farm I think doing that with a
customized printing backend is much easier than with a set of shell scripts.
Jerry, comments?
Volker
(This used to be commit 949cd6b992364d2bc60fd59051b6ac1c4cc4288c)
the nt hash directly in the winbindd cache, store a
salted version (MD5 of salt + nt_hash). This is what
we do in the LDAP password history code. We store
this salted cache entry under the same name as an old
entry (CRED/<sid>) but detect it on read by checking
if there are 17 bytes of data after the first stored
hash (1 byte len, 16 bytes hash). GD PLEASE CHECK.
Jeremy.
(This used to be commit 89d0163a97edaa46049406ea3e2152bee4e0d1b2)
stored - only store the password if we're going to
be doing a krb5 refresh. GD please review this change !
Now to add code to reference count the cached creds
(to allow multiple pam_logon/pam_logoffs to keep the
creds around), ensure that the cred cache is called
on all successful pam_logons (if we have winbindd cache
pam credentials = true, set this by default) and finally
ensure the creds cache is changed on successful password
change. GD - you *really* need to review this :-).
Jeremy.
(This used to be commit 017e7e14958d29246a1b221e33755bb91e96b08f)
a copy of the plaintext password, only the NT and LM
hashes (all it needs). Fix smbencrypt to expose hash
verions of plaintext function. Andrew Bartlett, you
might want to look at this for gensec.
This should make it easier for winbindd to store
cached credentials without having to store plaintext
passwords in an NTLM-only environment (non krb5).
Jeremy.
(This used to be commit 629faa530f0422755823644f1c23bea74830912f)
ntlm_auth module to allow it to use winbindd cached
credentials.The credentials are currently only stored
in a krb5 MIT environment - we need to add an option to
winbindd to allow passwords to be stored even in an NTLM-only
environment.
Patch from Robert O'Callahan, modified with some fixes
by me.
Jeremy.
(This used to be commit ae7cc298a113d8984557684bd6ad216cbb27cff3)
