Age | Commit message (Collapse) | Author | Files | Lines |
|
* Fix getgroups() call called using a normalized name
* Fix some more name mappings that could cause for example
a user to be unable to unlock the screen as the username
would not match in the PAM authenticate call.
(This used to be commit 505fc669a1b2c36e1639924b9639c97988056d8d)
|
|
Patch from Zack Kirsch <zack.kirsch@isilon.com>.
Jeremy.
(This used to be commit df07a662e32367a52c1e8473475423db2ff5bc51)
|
|
Guenther
(This used to be commit e3c32583795631212dc0d5cd01981b27cde2a489)
|
|
lookup when we actually are. Although the Linux nss winbind backend
protects against num_mem != 0 && buf == NULL.
Guenther
(This used to be commit a9ac4630b46242f88bd7a4e92511b55cc82e9940)
|
|
(This used to be commit 5c36d67d272a52f58532daa3c3c09b8f8b6a34e0)
|
|
have a build failure in 3.0.24 in event_add_timed ?
Jeremy
(This used to be commit ede30a8b4b705808d9c46ae848f5cbd89a808cdc)
|
|
on the samba-technical ml. The replacement character is hardcoded
as a '_' for now.
(This used to be commit bd8238417b8d692ed381a870901ff1ee4cfa80f6)
|
|
(This used to be commit af5a2fa9eccf753106cd944be31f38845363ace6)
|
|
being talloc'ed off the NULL context instead
of being malloced.
Jeremy.
(This used to be commit 47bdeb4efeaa5a441ad2d39bb3b94d72263e66e4)
|
|
response_extra_sent() expects to free a malloced
extra_data.data while the add_XX_to_array functions all return talloced
memory now. Jeremy, please check.
Guenther
(This used to be commit 9f34c9f3695757819d728a17a1497247ea479ebf)
|
|
leak memory by using the wrong(long lived) mem context
(This used to be commit a28cdd6e742cb72a728bd337546ee95fd4160ed8)
|
|
Simo.
(This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)
|
|
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
(This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
|
|
(This used to be commit 40cff1449886449b34b896e31fd43b7dff436a3f)
|
|
(This used to be commit cc6cdabf19e9a610be064e26fdf3a9d2a3c76c2c)
|
|
Jerry.
If "enum users" is set to false, and the group being looked
up is the Domain Users SID: S-1-5-domain-513, then for the
list of members check if the querying user is in that group,
and if so only return that user as the gr_mem array.
We can change this to a different parameter than "enum users"
if neccessaey, or parameterize the group list we do this for.
Jeremy.
(This used to be commit 91b40e25cc38ed6e8df9e448da975d3e202d919f)
|
|
"winbind use default domain" is set. Defaults to "root, nobody, lp"
currently.
Guenther
(This used to be commit b5b42196a6f2869deefc700dc98060f5ab832e40)
|
|
Jeremy.
(This used to be commit 42e5481ce4bebc65040d466b49e3c45cd4e79f5d)
|
|
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
|
|
(This used to be commit 05268d7a731861b10ce8556fd32a004808383923)
|
|
This patch add some missing async functions to
solve UID/GID -> SID requests not just out of the cache,
but down the remote idmap if necessary.
This patch solves the problem of servers not showing users/groups names
for allocated UID/GIDs when joined to a group of servers that share a
prepopulated idmap backend.
Also correctly resolve UID/GIDs to SIDs when looking ACLs from the
windows security tab on teh same situation.
Simo.
(This used to be commit b8578bfab6a04fcd65a2e65f507067459e326077)
|
|
This break local users and 'winbind nested groups' on domain members.
Cannot be helped.
My plans is to move the default domain crud to the client code (pam and
nss libraries) in 3.0.24.
(This used to be commit 8ee22eeab5d06008b363f8bb250dc767ddfbb86a)
|
|
(This used to be commit 07c67fbfc0790169ee748c0e62da14c89d3add23)
|
|
int
in a format string.
Jeremy.
(This used to be commit face01ef01e1a3c96eae17c56cadf01020d4cb46)
|
|
enabled).
Do not bail out when a group just has 0 members.
Jeremy, please check, this has been removed with r13915.
Guenther
(This used to be commit 3a738a855d335e44e167351e6396bf3fe81a03af)
|
|
Jeremy.
(This used to be commit 634e0dc3c73968da8f1f50186ca15f8873f380ce)
|
|
winbindd server
(This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
|
|
* Automatically creates the BUILTIN\Users group similar to
how BUILTIN\Administrators is done. This code does need to
be cleaned up considerably. I'll continue to work on this.
* The important fix is for getusergroups() when dealing with a
local user and nested groups. Now I can run the following
successfully:
$ su - jerry -c groups
users BUILTIN\users
(This used to be commit f54d911e686ffd68ddc6dbc073987b9d8eb2fa5b)
|
|
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'
* Add a SID domain to the group mapping enumeration passdb call
to fix the checks for local and builtin groups. The SID can be
NULL if you want the old semantics for internal maintenance.
I only updated the tdb group mapping code.
* remove any group mapping from the tdb that have a
gid of -1 for better consistency with pdb_ldap.c.
The fixes the problem with calling add_group_map() in
the tdb code for unmapped groups which might have had
a record present.
* Ensure that we distinguish between groups in the
BUILTIN and local machine domains via getgrnam()
Other wise BUILTIN\Administrators & SERVER\Administrators
would resolve to the same gid.
* Doesn't strip the global_sam_name() from groups in the
local machine's domain (this is required to work with
'winbind default domain' code)
Still todo.
* Fix fallback Administrators membership for root and domain Admins
if nested groups = no or winbindd is not running
* issues with "su - user -c 'groups'" command
* There are a few outstanding issues with BUILTIN\Users that
Windows apparently tends to assume. I worked around this
presently with a manual group mapping but I do not think
this is a good solution. So I'll probably add some similar
as I did for Administrators.
(This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
|
|
Jeremy.
(This used to be commit 9fa2e1bdedb61557b43f86c2898b7bf8762bbb63)
|
|
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
(This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
|
|
Fix parse_domain_user to fail when splitting a full name like "DOM\user"
when "winbind use default domain" and "winbind trusted domains only" are
not enabled.
This allows pam_winbind to behave correctly when more modules are
stacked in the "account" or "password" PAM facility. pam_winbindd calls
WINBINDD_GETPWNAM which can decide whether or not a user is a winbind
user and return correct PAM error codes.
Guenther
(This used to be commit e6d52c1e9d8cec7be6d552c2a67a392df21c3ec9)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
x86_64 box.
Jeremy.
(This used to be commit d720867a788c735e56d53d63265255830ec21208)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
Guenther
(This used to be commit ac3786a7a7dfc77d3b305ae67c97ab4f7f63961e)
|
|
group)
* Give a better debug message when returning builtin groups.
Guenther
(This used to be commit ec79971dc7606c1dfea3acf87cd19fa4153ae417)
|
|
down with
valgrind.
Jerry, if this patch proves to fix his problem, it is definitely a candidate
for the recommended patches page.
Volker
(This used to be commit 5232034b0daca8486fd55e53c2d910e4fbf0299d)
|
|
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
|
|
Volker
(This used to be commit 7d1b890fead61551465e2a972e4097d9c1a4d6fd)
|
|
of the
parent winbind not to return winbindd_result. This is to hopefully fix all the
problems where a result has been scheduled for write twice.
The problematic ones have been the functions that might have been delayed as
well as under other circumstances immediately gets answered from the cache.
Now a request needs to be explicitly replied to with a request_error() or
request_ok().
Volker
(This used to be commit 7365c9accf98ec1dd78a59dd7f62462bbb8528d4)
|
|
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
|
|
(This used to be commit 318c3db4cb1c85be40b2f812f781bcf5f1da5c19)
|
|
(This used to be commit 6a5a9f17fb3c18e9dd8d447889b527055e5e3bd5)
|
|
(This used to be commit b451434e378e52e8ab6b932d7b26657ea9d0353c)
|
|
fixes the
expansion of domain local groups in case the netsamlogon_cache is valid. The
non-samlogon-cache side needs more work, as well as the samlogon cache itself.
Volker
(This used to be commit b6352a3c46f8e67503945eeac33e157ecea01bfb)
|
|
really use
domain local groups ...
Volker
(This used to be commit ed2d76d663a4388acc26a724cf2cdb5c40763def)
|
|
is the
change in pdb_enum_alias_memberships to match samr.idl a bit closer.
Volker
(This used to be commit 3a6786516957d9f67af6d53a3167c88aa272972f)
|
|
initialized whenenumerating users and groups
(This used to be commit 105a63c207e8d2b03a30dec2b8b55b92047cba80)
|
|
(This used to be commit 5205949dac4566a815ea443114309c284270ba91)
|