summaryrefslogtreecommitdiff
path: root/source3/lib/system_smbd.c
AgeCommit message (Collapse)AuthorFilesLines
2012-06-28Replace all uses of setXX[ug]id() and setgroups with samba_setXX[ug]id() calls.Jeremy Allison1-1/+2
Will allow thread-specific credentials to be added by modifying the central definitions. Deliberately left the setXX[ug]id() call in popt as this is not used in Samba.
2011-03-30s3-includes: only include system/passwd.h when needed.Günther Deschner1-0/+1
Guenther
2011-03-19s3: use getgrset() when it is availableChristian Ambach1-2/+57
When getgrouplist() is not defined, use getgrset() if it is defined instead of using the initgroups() + getgroups() combo Major contributions from Yannick Bergeron <yaberger@ca.ibm.com> Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sat Mar 19 10:09:38 CET 2011 on sn-devel-104
2011-02-22s3:auth: change num_groups to from size_t to uint32_tStefan Metzmacher1-2/+2
This will help with the change from UNIX_USER_TOKEN to security_unix_token metze
2010-08-26s3-build: only include nsswitch header where needed.Günther Deschner1-0/+1
Guenther
2010-02-14s3: Fix initgroups return checkPeter Watkins1-1/+1
A return code of 1 from initgroups() is OK since apparently it means the gid has already been set. The man page doesn't mention this.
2009-07-31Increase the max_grp value to 128 (AIX NGROUPS_MAX value) instead of 32 to ↵Yannick Bergeron1-1/+1
allow AIX to call sys_getgrouplist only once
2008-02-13nsswitch: convert winbind_env_set(), winbind_on() and winbind_off() into macrosStefan Metzmacher1-2/+2
metze (This used to be commit 5f623f54a919cc687d0ff16c16038c05a501008d)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-2/+2
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23528: Two changes to make the valgrind massif (heap profiler) output readable:Volker Lendecke1-1/+1
Remove the allocated inbuf/output. In async I/O we copy the buffers explicitly now, so NewInBuffer is called exactly once. This does not reduce memory footprint, but removes one of the larger chunks that clobber the rest of the massif output In getgroups_unix_user on Linux 2.6 we allocated 64k groups x 4 bytes per group x 2 (once in the routine itself and once in libc) = 512k just to throw it away directly again. This reduces it do a more typical limit of 32 groups per user. We certainly cope with overflow fine if 32 is not enough. Not 100% sure about this one, a DEVELOPER only thing? (This used to be commit 009af0909944e0f303c5d496b56fb65ca40a41d5)
2007-10-10r23510: Tidy calls to smb_panic by removing trailing newlines. Print theJames Peach1-3/+1
failed expression in SMB_ASSERT. (This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713)
2007-10-10r23393: Support BSD group semantics by making sure that the effective GID is ↵James Peach1-1/+1
always passed as the first GID when calling setgroups(2). (This used to be commit 6ebaf856c1d27f2fbfa0444a5c6c17c4331d2780)
2007-10-10r20090: Fix a class of bugs found by James Peach. EnsureJeremy Allison1-4/+11
we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2007-10-10r19419: BUG 4109: Patch from Timur Bakeyev. Fix bug causing smbd to turn offGerald Carter1-10/+5
winbindd and fail to disable the _NO_WINBIND environment. (This used to be commit a6366b40b3967853c20ca5399021108f09ffd505)
2007-10-10r14868: I will not write code when changing to Daylight Savings Time.Gerald Carter1-10/+6
I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. ... Fix my brain dead inverted logic for turning winbindd on and off when run on a DC or when calling pdb functions from within winbindd. (This used to be commit 021b3dc2db9fb422ede4657a1f27ef7ef2d22cee)
2007-10-10r14855: Various fixes:Gerald Carter1-2/+8
* depreacte 'acl group control' after discussion with Jeremy and implement functionality as part of 'dos filemode' * fix winbindd on a non-member server to expand local groups * prevent code previously only used by smbd from blindly turning _NO_WINBINDD back on (This used to be commit 4ab372f4cab22225716b5c9a9a08f0c1dbc9928d)
2007-10-10r13915: Fixed a very interesting class of realloc() bugs found by Coverity.Jeremy Allison1-7/+2
realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2007-10-10r13494: Merge the stuff I've done in head the last days.Volker Lendecke1-67/+10
Volker (This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
2007-10-10r13460: by popular demand....Gerald Carter1-3/+24
* remove pdb_context data structure * set default group for DOMAIN_RID_GUEST user as RID 513 (just like Windows) * Allow RID 513 to resolve to always resolve to a name * Remove auto mapping of guest account primary group given the previous 2 changes (This used to be commit 7a2da5f0cc05c1920c664c9a690a23bdf854e285)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-66/+25
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r12291: Make getgroups_user static.Volker Lendecke1-2/+2
Jeremy, there's a #ifdef'ed 0 call to this in your usershare code. We need to talk about what exactly what you intend to do here and in what scenarios. Volker (This used to be commit 95094ef758089cfc62700509d45b53bc0980654d)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison1-27/+78
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r6080: Port some of the non-critical changes from HEAD to 3_0. The main one ↵Volker Lendecke1-2/+2
is the change in pdb_enum_alias_memberships to match samr.idl a bit closer. Volker (This used to be commit 3a6786516957d9f67af6d53a3167c88aa272972f)
2007-10-10r5127: Fix Bug 2289 -- thanks to jason@ncac.gwu.eduVolker Lendecke1-2/+1
(This used to be commit 8c35c3bf2ed65d2b93feb0f419e1c7785fba7764)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-4/+4
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3705: Nobody has commented, so I'll take this as an ack...Volker Lendecke1-1/+89
abartlet, I'd like to ask you to take a severe look at this! We have solved the problem to find the global groups a user is in twice: Once in auth_util.c and another time for the corresponding samr call. The attached patch unifies these and sends them through the passdb backend (new function pdb_enum_group_memberships). Thus it gives pdb_ldap.c the chance to further optimize the corresponding call if the samba and posix accounts are unified by issuing a specialized ldap query. The parameter to activate this ldapsam behaviour is ldapsam:trusted = yes Volker (This used to be commit b94838aff1a009f8d8c2c3efd48756a5b8f3f989)
2007-10-10r470: BUG 1302: fix seg fault by not trying to optimize a list of invalid ↵Gerald Carter1-5/+4
gids using the wrong array size (This used to be commit 3003769164ed1265f57504f240e56f4a4ba34550)
2007-10-10r288: combination of BUG 1081 and patch from J. Klinger -- added ↵Gerald Carter1-0/+5
remove_duplicate_gids() to smbd and winbindd (This used to be commit 95c68103ea9dbd02651e26fcaa15dd054b157529)
2003-10-01wrap internals of sys_setgroups() so the sys_XX() call can be done ↵Gerald Carter1-1/+1
unconditionally; bug 550 (This used to be commit 9df3f53e6ae751d522c7ac21deb785f1fa05f225)
2003-07-07and so it begins....Gerald Carter1-2/+2
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-06-30fix for platforms that don't have unsetenv().Gerald Carter1-2/+2
we now have to check the value for _NO_WINBINDD. "1" enables, and != "1" disables (use "0" by convention). (This used to be commit 11eccaef1dc61d80a7db8d0fb4bc5a47d71a4390)
2003-06-29Here's the code to make winbindd work on a Samba DCGerald Carter1-3/+21
to handle domain trusts. Jeremy and I talked about this and it's going in as working code. It keeps winbind clean and solves the trust problem with minimal changes. To summarize, there are 2 basic cases where the deadlock would occur. (1) lookuping up secondary groups for a user, and (2) get[gr|pw]nam() calls that fall through the NSS layer because they don't exist anywhere. o To handle case #1, we bypass winbindd in sys_getgrouplist() unless the username includes the 'winbind separator'. o Case #2 is handled by adding checks in winbindd to return failure if we are a DC and the domain matches our own. This code has been tested using basic share connections, domain logons, and with pam_winbind (both with and without 'winbind use default domain'). The 'trustdomain' auth module should work as well if an admin wants to manually create UNIX users for acounts in the trusted domains. Other misc fixes: * we need to fix check_ntlm_password() to be able to determine if an auth module is authoritative over a user (NT_STATUS_WRONG_PASSWORD, etc...). I worked around my specific situation, but this needs to be fixed. the winbindd auth module was causing delays. * fix named server mutex deadlock between trust domain auth module and winbindd looking up a uid * make sure SAM_ACCOUNT gets stored in the server_info struct for the _net_sam_logon() reply. Configuration details: The recommended method for supporting trusts is to use winbind. The gets us around some of the server mutex issues as well. * set 'files winbind' for passwd: and group: in /etc/nsswitch.conf * create domain trusts like normal * join winbind on the pdc to the Samba domain using 'net rpc join' * add normal parameters to smb.conf for winbind * set 'auth method = guest sam winbind' * start smbd, nmbd, & winbindd Problems that remain: * join a Windows 2k/XP box to a Samba domain. * create a 2-way trust between the Samba domain and an NT domain * logon to the windows client as a user from theh trusted domain * try to browse server in the trusted domain (or other workstations). an NT client seems to work ok, but 2k and XP either prompt for passwords or fail with errors. apparanently this never got tested since no one has ever been able to logon as a trusted user to a Samba domain from a Windows client. (This used to be commit f804b590f9dbf1f0147c06a0a2f12e221ae6fc3b)
2003-02-19Merge minor library fixes from HEAD to 3.0.Andrew Bartlett1-4/+11
- setenv() replacement - mimir's ASN1/SPNEGO typo fixes - (size_t)-1 fixes for push_* returns - function argument signed/unsigned correction - ASN1 error handling (ensure we don't use initiailsed data) - extra net ads join error checking - allow 'set security discriptor' to fail - escape ldap strings in libads. - getgrouplist() correctness fixes (include primary gid) Andrew Bartlett (This used to be commit e9d6e2ea9a3dc01d3849b925c50702cda6ddf225)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-2/+9
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17Move tridge's getgrouplist() replacement function from replace.c to a newAndrew Bartlett1-0/+105
'system_smbd.c' file, where it can link with become_root() and unbecome_root(), and therefore avoiding some nasty 'it workes on linux' bugs. (The replacement function is implemented in terms of initgroups(), which is naturally only avaliable to root). Andrew Bartlett (This used to be commit a91018dd026be3db473bb1cf1f4981295f9758e4)