Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit e0105974c06e210e7565555d4b673c484de32907)
|
|
after further testing in 2.2 branch.
(This used to be commit d5cdbc7e4ff48273bd7616694eef98c61e6f1f33)
|
|
(This used to be commit a61abaec063d00afe13ce0baa356245fb6e21bc0)
|
|
(This used to be commit 8d106dc1f4a51112516d72ae68747ca6b5b904b7)
|
|
Also set the default value of all the allocated strings to "" to avoid changing
the interface (becouse pdb_get...() would point to a null string, rather than a
null pointer and parts of samba rely on that).
Andrew Bartlett
(This used to be commit 5b4079f748e25f21162e21b439063249baf8dca6)
|
|
These strings are allocated using talloc(), either using its own memory context
stored on the SAM_ACCOUNT or one supplied by the caller.
The pdb_init_sam() and pdb_free_sam() function have been modifed so that a call
to pdb_free_sam() will either clean up (remove hashes from memory) and destroy
the TALLOC_CTX or just clean up depending on who supplied it.
The pdb_init_sam and pdb_free_sam functions now also return an NTSTATUS, and I
have modified the 3 places that actually checked these returns.
The only nasty thing about this patch is the small measure needed to maintin
interface compatability - strings set to NULL are actually set to "".
This is becouse there are too many places in Samba that do strlen() on these
strings without checking if they are NULL pointers.
A supp patch will follow to set all strings to "" in pdb_default_sam().
Andrew Bartlett
(This used to be commit 144345b41d39a6f68d01f62b7aee64ca0d328085)
|
|
(This used to be commit d6bd9f1005496753333c3d8dec5e1a8069f1ce7b)
|
|
screen-full of kerberos warnings.
This is almost as good, and I can actually see the Samba warnings.
Andrew Bartlett
(This used to be commit 35a6275e186cbd7b1f2190265b47112f1d082c06)
|
|
memory.
The winbind connection caching code isn't exactly a plesent beast, and there is
more work that needs to be done to nail this properly.
Andrew Bartlett
(This used to be commit dd40ce54b7f170854d63e08ac737f1b4306bd95b)
|
|
This occured when the attempt to contact the PDC failed. The connection code
has already shut down the connection, and 'free'ed the cli or has never
initialised it in the first place.
Andrew Bartlett
(This used to be commit 37ce7630434c1afae5164c64438f428dd8e1b731)
|
|
of the connections db on smbd startup. This should fix the Solaris large
load bug.... (fingers crossed).
Jeremy.
(This used to be commit 5b2b9c25af28543e67762805d1387524cbb6c39d)
|
|
otherwise all the memory will be seen as still reachable.
(This used to be commit 682e7cd394c1e1cc9a83f7e8e5e3694e083946c4)
|
|
(This used to be commit 312c6d906e64d231ff3c2f37e61d752cc948ee7b)
|
|
If you define this, pstring and fstring become distinguished types, so
that it's harder to accidentally overflow them by for example passing
an fstring on the lhs of pstrcpy.
The types are defined as one-element union arrays so that with
"fstring f" the name "f" will be a pointer and with a big hammer you
can cast it to (char *). So code that tries to just use it directly
will get a loud warning, but hopefully nothing worse.
To pass them to non-pstring-aware functions, use PSTR and check that
the function takes a const. They should almost never be modified
except by special calls. In those unusual cases, use PSTR_MUTABLE.
This is off by default so as not to produce too many warnings. As the
code is vetted it can become the default.
(This used to be commit ca233bc8b30d7d0626039b2769c4e1ae92dafd50)
|
|
functions.
(This used to be commit e69a22290e5c923f31223906461df4874e3b2aac)
|
|
(This used to be commit 7417d6f9310188d2ad3d8f41d3dcbe55862c72ac)
|
|
contents...
Andrew Bartlett
(This used to be commit e20d69d51862ea3fd5a7317a9592bd4dc6e68bfd)
|
|
(This used to be commit d09616da6823b69a03a8a008987c4eb02ca0061b)
|
|
to move this from being a static to matching its mate in lib/util_sock.c.
In any case, this should discorage anybody from using the 'wrong' version of
this function. (ie the one from TNG, which needs a bit more error checking
depending on use).
Andrew Bartlett
(This used to be commit e6a3a01f795a85d908180ff19469ce09a2803512)
|
|
This work was sponsored by Optifacio Software Services, Inc.
Andrew Bartlett
(various e-mails announcements merged into some form of commit message below:)
This patch which adds basics of universal groups support
into Samba 3. Currently, only Winbind with RPC calls supports this, ADS
support requires additional (possibly huge) work on KRB5 PAC. However,
basic infrastructure is here.
This patch adds:
1. Storing of universal groups for particular user logged into Samba
software (smbd/ two winbind-pam methods) into netlogon_unigrp.tdb as array
of uint32 supplemental group rids keyed as DOMAIN_SID/USER_RID in tdb.
2. Fetching of unversal groups for given user rid and domain sid from
netlogon_unigrp.tdb.
Since this is used in both smbd and winbindd, main code is in
source/lib/netlogon_uingrp.c. Dependencies are added to AUTH_OBJ as
UNIGRP_OBJ and WINBINDD_OBJ as UNIGRP_OBJ.
This patch has had a few versions, the final version in particular:
Many thanks to Andrew Bartlett for critics and comments, and partly
rewritten code.
New:
- updated fetching code to changed byte order macros
- moved functions to proper namespace
- optimized memory usage by reusing caller's memory context
- enhanced code to more follow Samba coding rules
Todo:
- proper universal group expiration after timeout
(This used to be commit 80c2aefbe7c1aa363dd286a47d50c5d8b4595f43)
|
|
(This used to be commit 398b4ff0d40d89b3e96d481807f85f15b7a7966a)
|
|
wire... so.
Jeremy.
(This used to be commit b63b76297835ab8227b98925fa8120ffce1a37d9)
|
|
This should make things a little happier...
Andrew Bartlett
(This used to be commit 6ce467a65fdaabbcfac258a1b899c833602b6d92)
|
|
This brings passdb.c down to a much more manageable ~1100 lines and makes it a
little easier to comprehend whats going on here.
Andrew Bartlett
(This used to be commit 28d5ab269cfba5e8410163edb3e0c222ed7f0be1)
|
|
Jeremy.
(This used to be commit 4f1f5f28b514dda86f6f49465bd5887357e37bc6)
|
|
Jeremy.
(This used to be commit 2603ab3c6870f3697751b887e940910713f08985)
|
|
Jeremy.
(This used to be commit 24ee18c77e1b61004d8ed817118a481f3d43e34c)
|
|
Jeremy.
(This used to be commit 01ff6ce4963e1daff019f2b936cef218e1c93f67)
|
|
(This used to be commit 0b0b937b58f4bf4e005fb622f0db19175fc46a47)
|
|
when we free curr_ace_outer we need to not try to use it again :)
(This used to be commit 1c5e19a418136c0ae524e62a4907501212ebac3d)
|
|
with the local machine time changing
(This used to be commit 116c0a0e3baa6a100a816f1ff2722782941ac3dc)
|
|
when switching from rpc to ADS this now should make sense
(This used to be commit ec73d26c7f9a2bbd4b91e9c22850e032b91666e2)
|
|
(This used to be commit 73a59170e6fab3b0f91938a74302750915a04a7a)
|
|
(This used to be commit 4f4f898348c5719b745ff358463fd7d59e3da495)
|
|
(This used to be commit 490d3aaf20f04d04c91c4748896d7a021581a229)
|
|
Andrew Bartlett
(This used to be commit d7fca1806a304cb6eeecfe34d6c5c012c745114f)
|
|
the list received at startup or we get an out of date list. I thought
there might be some sequence number that is incremented when a trusted
domain is added or removed - perhaps there is but I just haven't found it
yet.
- Renamed get_domain_info() to init_domain_list()
- Made an accessor function to return the list of trusted domains rather
than using a global so we don't have to remember to put a magic init
function
- The getent state can not keep a pointer to a winbind_domain structure as
it may be freed if init_domain_list() is called again so we keep the
domain name instead
(This used to be commit 37216c649a394b449eaaaa6644709eafb3bf37ff)
|
|
Replace this with some flags that *we* define. We can do a mapping later
if we actually get some more reliable info about what passwords are actually
valid.
Andrew Bartlett
(This used to be commit 7f7a42c3e4d5798ac87ea16a42e4976c3778a76b)
|
|
(This used to be commit 78814664ef7d41c2f6637b508711ab45647a64f9)
|
|
This fixes up a problem where a machine would join (or downgrade by trust
password change) to NT4 membership and not be able to regain full ADS
membership until a 'net ads leave'.
Andrew Bartlett
(This used to be commit ab8ff85f03b25a0dfe4ab63886a10da81207393c)
|
|
(This used to be commit da4db0373b65d975d5129715d6b1fa725b188766)
|
|
manpage.
(This used to be commit a10cdbfbed4e04609f511cbbf976df4b4d391729)
|
|
this is actually a workaround for old broken nmbd daemons, especially
from Samba 2.0
(This used to be commit 12021a8de6a1dc2e43cc62f094a57c57283dfaf4)
|
|
swedish" test to client calls. This is putting a length field at the
start of a request so we can disconnect clients talking with an out of date
libnss_winbind.so rather than deadlock them.
Misc cleanups:
- made some int values uint32
- moved WINBIND_INTERFACE_VERSION to start of cmd list
(This used to be commit a4af65b9b93671f13f277d49279a85042a8fd1d5)
|
|
(This used to be commit c5e14d73dffee86ef2dabcf7031eea0da9e32f3d)
|
|
of a define you need to grep for the old name and change ALL places.
(This used to be commit 09e3276fb7207dff73f181072851bd542fb64263)
|
|
(This used to be commit 88b0e670426c216d754716dc6095b673b9645f1a)
|
|
smb.conf to get it right.
While wb_client needs its lp_load() for samba dependency reasons, it now uses
the new method both to example and test the new code.
Also add an interface version function, and return the winbind's samba version
string.
In preperation for default domains, its now up to winbindd to reject plaintext
auths that don't have a seperator, but NTLM (CRAP) auths now have two feilds,
hence need parsing.
Andrew Bartlett
(This used to be commit 2bd2a092ee3d49a74d896385688d7c7256aa297e)
|
|
It adds a 'ping' request, just to check winbind is in fact alive
It also changes winbindd_pam_auth_crap to take usernames and domain seperatly.
(backward incompatible change, needs merge to 2.2, but this is not yet released
code, so no workarounds)
Finally, it adds some debugs and fixes a few memory leaks (uses talloc to do
it).
Andrew Bartlett
(This used to be commit 6df29bfe335144a968f5367f624ef2b4cf9e69b0)
|
|
(This used to be commit 63ea2bb0adf5ae742658f479613de90b1eec3db5)
|