Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
|
|
sid_to_string still expects a fstring
(This used to be commit 1f352cdd1976ad36484e146165df585b88ec5527)
|
|
No more temptations to use static length strings.
Jeremy.
(This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de)
|
|
Jeremy.
(This used to be commit 6959c5c7e3e95604c66788b86d5789757e18cc36)
|
|
The point is doing the following associations:
- non discardable state data (all TDB files that may need to be backed
up) go to statedir
- shared data (codepage stuff) go to codepagedir
The patch *does not change* the default location for these
directories. So, there is no behaviour change when applying it.
The main change is for samba developers who have to think when dealing
with files that previously pertained to libdir whether they:
- go in statedir
- go in codepagedir
- stay in libdir
(This used to be commit d6cdbfd875bb2653e831d314726c3240beb0a96b)
|
|
(found by "make valgrindtest" and my "start winbindd on make test" patch)
metze
(cherry picked from commit fe21e48489852720a05b305b251e4f5cbb200f7a)
(cherry picked from commit 26d8a1ad20c10da495970c584983fbd261b4946e)
(This used to be commit a128a8805e172738334ec6854548f138c335058b)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
(This used to be commit 45fa393358926117e0209970414678547d8504a6)
|
|
(This used to be commit 11894a62e3a41f3387fac1a578258321333085ac)
|
|
thread:
http://lists.samba.org/archive/samba-technical/2007-June/053747.html
(This used to be commit c5adb92c020e38644baf1afc8fc570a518cd6307)
|
|
The callers of get_domain_group_from_sid() with some justification
expected map->gid to be initialized when get_domain_group_from_sid
returned True.
(This used to be commit bc8b74dbfec965ede7bf45118d1a863b28d000fd)
|
|
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
failed expression in SMB_ASSERT.
(This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713)
|
|
(This used to be commit 15345bbc73b28d07c069fde33d3d4c1f21f107d3)
|
|
(This used to be commit 7c9a5c2a3f012a06e9550dc0de7df460c2fd943b)
|
|
sam unmapunixgroup"
(This used to be commit 55e2f35fad8bda3ff2c2ace5323ddeaee87d783e)
|
|
return values of some alias-releated pdb functions from BOOL to NTSTATUS
Thanks :-)
(This used to be commit 590d2164b3a33250410338771e160f6ebd1aa89d)
|
|
Volker
(This used to be commit 1f15a8f371f7c56d1a6e67e52f0f184bbd270c84)
|
|
on talloc()'d memory when adding/removing members
from Local Groups.
(This used to be commit bade93ef9d810824e0fe332e85f21e50b03e403d)
|
|
and fix all compiler warnings in the users
metze
(This used to be commit 3a28443079c141a6ce8182c65b56ca210e34f37f)
|
|
to avoid creating the TDB_DATA struct from strings "by hand"
metze
(This used to be commit 2f2e9a7083b176412cd897119a49520a55a897a7)
|
|
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
(This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
|
|
(This used to be commit 820a64af25799c19f1731a08b8e4651aea8a516b)
|
|
the DN must be rid,domain and not domain,rid
Also use member and not memberOf for group members
following conventions.
(This used to be commit 7c0ea791d21d914e882b56a849766d966ce8ed1a)
|
|
(This used to be commit d234f39c79e0e50f784826d0920ebd21cc9a283d)
|
|
relies on appending to this list. Unfortunately this can't be tested
using 'net groupmap'
(This used to be commit a8d398edf0ce08b2a53342e80c2017f1805908d5)
|
|
This also fixes comments in group mappings, as the code accidentially
put in "ntName" in the comment field :-)
(This used to be commit 7f1f5d6056da8ac55a41db54b68bf25967f81aaf)
|
|
(This used to be commit 6d5d7bf4bbcfee77853776af59e00d006fd86dc9)
|
|
ldap
- use ldb_global_init() instead of the backend specific
ldb_tdb_init().
(This used to be commit a6c53e58616d7731a1df9af33f78ccf0c774296e)
|
|
rename to group_mapping.tdb.upgraded rather than an unlink when
upgrading. So if we absolutely have to go back to the tdb, we can
change mapping_ldb.o to mapping_tdb.o in Makefile.in and recover
peoples group mappings.
We could go one step futher and make the backend configurable. Any
opinions on that?
(This used to be commit 203fc0b03c7397f7339a917456cb1701ed592f32)
|
|
See the discussion of this on the samba-technical list
(This used to be commit 4ad1436ceae0128e187222fce0fc79adb3049d3f)
|
|
We usually do not get the results from user/group script modifications
immediately. A lot of users do add nscd restart/refresh commands into
their scripts to workaround that while we could flush the nscd caches
directly using libnscd.
Guenther
(This used to be commit 7db6ce295afbedfada7b207ad56566d2195a0d21)
|
|
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
|
|
when using smbpasswd
(This used to be commit dde552336c732ddd6076a6a32575a37cb51aa94c)
|
|
(This used to be commit 761cbd52f0cff6b864c506ec03c94039b6101ef9)
|
|
pointing them
out.
Volker
(This used to be commit 6bf5e7080a51c416d1d1466b1ca84c8f23a6bf2c)
|
|
afraid it's
more than 1000 lines of patch, but doing it in smaller pieces is hardly
possible.
Anybody interested please look over this. The patch is not really interesting,
just look at the new groupdb/mapping.c file.
Jerry, one entry for the 3.0.24 release notes: smbd will refuse to start if we
have overlapping mappings in group_mapping.tdb. With the old db a unix gid can
be mapped to two different SIDs. This will be refused with the new code.
Volker
(This used to be commit f0f0e893ca41d35b58b35929de78dcb911b3c7dc)
|
|
independently: Change
internal mapping.c functions to return NTSTATUS instead of BOOL.
Volker
(This used to be commit 4ebfc30a28a6f48613098176c5acdfdafbd2941a)
|
|
seemed a
bit pointless to me.
Volker
(This used to be commit 244b25ae49d3c635fc54498dbee29f5b649ea1fa)
|
|
Remove some unused code: pdb_find_alias is not used anymore, and nobody I
think has ever used the pdb_nop operations for group mapping. smbpasswd and
tdb use the default ones and ldap has its own.
Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right
now really makes use of it, but it feels wrong to throw away information so
early.
Volker
(This used to be commit f9856f6490fe44fdba97ea86062237d8c74d4bdc)
|
|
argument.
Volker
(This used to be commit 873a5a1211d185fd50e7167d88cbc869f70dfd3f)
|
|
does not
have the timeout argument in Samba4. Add a new routine
tdb_lock_bystring_with_timeout.
Volker
(This used to be commit b9c6e3f55602fa505859a4b2cd137b74105d685f)
|
|
* Finally fix parsing idmap uid/gid ranges not to break with spaces
surrounding the '-'
* Allow local groups to renamed by adding info level 2 to
_samr_set_aliasinfo()
* Fix parsing bug in _samr_del_dom_alias() reply
* Prevent root from being deleted via Samba
* Prevent builting groups from being renamed or deleted
* Fix bug in pdb_tdb that broke renaming user accounts
* Make sure winbindd is running when trying to create the Administrators
and Users BUILTIN groups automatically from smbd (and not just check the
winbind nexted groups parameter value).
* Have the top level rid allocator verify that the RID it is about to
grant is not already assigned in our own SAM (retries up to 250 times).
This fixes passdb with existing SIDs assigned to users from the RID algorithm
but not monotonically allocating the RIDs from passdb.
(This used to be commit db1162241f79c2af8afb7d8c26e8ed1c4a4b476f)
|
|
Now that I know what all the requirements for this group are
I can generalize the code some more and make it cleaner.
But at least this is working with lusrmgr.msc on XP and 2k now.
(This used to be commit d2c1842978cd50485849bfc4fb6d94767d96cab0)
|
|
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'
* Add a SID domain to the group mapping enumeration passdb call
to fix the checks for local and builtin groups. The SID can be
NULL if you want the old semantics for internal maintenance.
I only updated the tdb group mapping code.
* remove any group mapping from the tdb that have a
gid of -1 for better consistency with pdb_ldap.c.
The fixes the problem with calling add_group_map() in
the tdb code for unmapped groups which might have had
a record present.
* Ensure that we distinguish between groups in the
BUILTIN and local machine domains via getgrnam()
Other wise BUILTIN\Administrators & SERVER\Administrators
would resolve to the same gid.
* Doesn't strip the global_sam_name() from groups in the
local machine's domain (this is required to work with
'winbind default domain' code)
Still todo.
* Fix fallback Administrators membership for root and domain Admins
if nested groups = no or winbindd is not running
* issues with "su - user -c 'groups'" command
* There are a few outstanding issues with BUILTIN\Users that
Windows apparently tends to assume. I worked around this
presently with a manual group mapping but I do not think
this is a good solution. So I'll probably add some similar
as I did for Administrators.
(This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
|
|
Not a bug in the strictest sense, more a clarification. This whole routine
assumes new_gid != NULL anyway, so there's no point in checking.
Volker
(This used to be commit dfbf09c772b9588271e2d8e053c7494bb087c544)
|
|
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
(This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
|
|
macro which sets the freed pointer to NULL.
(This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
|
|
Volker
(This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
|