Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
The problem is that samdb_result_string() and
ldb_msg_find_attr_as_string() both simply cast the string, rather than
ensuring the return value is NULL terminated. This may be best
regarded as a flaw in LDB, but fixing it there is going to be more
difficult.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This makes the lib/replace m4 work in lib/talloc as a standalone build
|
|
This allows the getpass.m4 code to work in standalone talloc builds
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
We also use the major and minor versions in the TALLOC_MAGIC,
so that we can detect if two conflicting versions of talloc
are loaded in one process. In this case we use talloc_log() to
output a very useful debug message before we call
talloc_abort().
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
So that the application can setup a log function to get ERROR
and WARNING messages.
metze
|
|
We have to many callers, which rely on that talloc_steal() never fails.
metze
|
|
metze
|
|
metze
|
|
metze
|
|
not exit
This will be useful in the testsuite,
where we could check if an abort would happen.
metze
|
|
metze
|
|
null_context
metze
|
|
Thanks to Steven Danneman for watching me closely :-)
|
|
It happens to be what we also share out via NETLOGON/SAMR, but winbind has
direct access to it via the passdb domain methods
|
|
|
|
|
|
|
|
We need to return state->userinfo beyond the end of wb_queryuser_recv, so the
unmarshalled strings are children of that, not the state that is lost sooner.
Metze, this scheme works fine as long as we only have a single malloc'ed
entity that is returned. I think we need a different scheme in the future
when we might have more than one independent object to be returned.
|
|
Jeremy.
|
|
share.
Jeremy.
|
|
On filesystems that can't store less than one second timestamps,
round the incoming timestamp set requests so the client can't discover
that a time set request has been truncated by the filesystem.
Needs backporting to 3.4, 3.3, 3.2 and (even) 3.0.
Jeremy
|
|
of getpwuid(0) if DEVELOPER is defined. I'm hoping the
build farm defines DEVELOPER...
Jeremy.
|
|
The change to protocol version 1 was not intentional, and broke the
protocol established with the ntp.org project.
Andrew Bartlett
|
|
Jeremy.
|
|
Based on a patch submitted by Petr Vandrovec <petr@vandrovec.name>.
Multiple pending signals with siginfo_t's weren't being handled correctly
leading to smbd abort with kernel oplock signals.
Jeremy
|
|
Authentication of domain users on the member server fails when winbindd
is not running. This is because the is_trusted_domain() check behaves
differently when winbindd is running and when it isn't:
Since wb_is_trusted_domain() calls wbcDomainInfo(), and this will also
give a result for our own domain, this succeeds for the member
server's own domain when winbindd is running. When winbindd is not
running, is_trusted_domain() checks (and possibly updates) the trustdom
cache, and this does the lsa_EnumTrustDom() rpc call to the DC which
does not return its own domain.
In case of winbindd not running, before 3.4, the domain part was _silently_
mapped to the workgroup in auth_util.c:make_user_info_map(),
which effectively did nothing in the member case.
But then the parameter "map untrusted to domain" was introduced
and the mapping was made to the workstation name instead of
the workgroup name by default unless "map untrusted to domain = yes".
(Commits
d8c54fddda2dba3cbc5fc13e93431b152813892e,
5cd4b7b7c03df6e896186d985b6858a06aa40b3f, and
fbca26923915a70031f561b198cfe2cc0d9c3aa6)
This was ok as long as winbindd was running, but with winbindd not running,
these changes actually uncovered the above logic bug in the check.
So the correct check is to treat the workgroup as trusted / or known
in the member case. This is most easily achieved by not comparing the
domain name against get_global_sam_name() which is the host name unless
for a DC but against my_sam_name() which is the workgroup for a DC and for
a member, too. (These names are not very intuitive...)
I admit that this is a very long commit message for a one-liner, but this has
needed some tracking down, and I think the change deserves some justification.
Michael
|
|
Put was assuming that the remote name was always absolute, and not relative to
the current remote directory.
Signed-off-by: Sam Liddicott <sam@liddicott.com>
|
|
|
|
|
|
This should ensure the debug messages do not have random characters at
their ends.
Andrew Bartlett
|
|
This is a small start on (ie, the only trivial part of) the work shown in:
http://k5wiki.kerberos.org/wiki/Projects/Samba4_Port#Samba.27s_use_of_Heimdal_symbols.2C_with_MIT_differences
(a table of all Kerberos symbols used in Samba4, and notes on where
they differ from those provided with MIT Kerberos)
Andrew Bartlett
|
|
Add good error message for share modification denial.
Jeremy.
|