Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit d9b85e3b287c24d2a3e2076da331fe06192b0eef)
|
|
Guenther
(This used to be commit c81eb71834dc827db63c8adb3f816bbbe916473c)
|
|
and want to just shutdown and exit.
Guenther
(This used to be commit 0aa6328ed6ba6d0d24169ffdff0099405c9bfb00)
|
|
Guenther
(This used to be commit 4157bfe9cfe79ff78e7e527a50058cf9103cab61)
|
|
* Automatically creates the BUILTIN\Users group similar to
how BUILTIN\Administrators is done. This code does need to
be cleaned up considerably. I'll continue to work on this.
* The important fix is for getusergroups() when dealing with a
local user and nested groups. Now I can run the following
successfully:
$ su - jerry -c groups
users BUILTIN\users
(This used to be commit f54d911e686ffd68ddc6dbc073987b9d8eb2fa5b)
|
|
(variable definition was missing).
Jeremy.
(This used to be commit 48594f0270502149069fc883096181a9730d76bf)
|
|
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'
* Add a SID domain to the group mapping enumeration passdb call
to fix the checks for local and builtin groups. The SID can be
NULL if you want the old semantics for internal maintenance.
I only updated the tdb group mapping code.
* remove any group mapping from the tdb that have a
gid of -1 for better consistency with pdb_ldap.c.
The fixes the problem with calling add_group_map() in
the tdb code for unmapped groups which might have had
a record present.
* Ensure that we distinguish between groups in the
BUILTIN and local machine domains via getgrnam()
Other wise BUILTIN\Administrators & SERVER\Administrators
would resolve to the same gid.
* Doesn't strip the global_sam_name() from groups in the
local machine's domain (this is required to work with
'winbind default domain' code)
Still todo.
* Fix fallback Administrators membership for root and domain Admins
if nested groups = no or winbindd is not running
* issues with "su - user -c 'groups'" command
* There are a few outstanding issues with BUILTIN\Users that
Windows apparently tends to assume. I worked around this
presently with a manual group mapping but I do not think
this is a good solution. So I'll probably add some similar
as I did for Administrators.
(This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
|
|
Jeremy.
(This used to be commit 8444c997bd3e18b1d04ebe85f06c8c6e34d7373f)
|
|
Guenther
(This used to be commit 4cfd737cc1d8840888f80e360119eeb627acb381)
|
|
the correct malloc-macros.
Jeremy.
(This used to be commit 412dc6f5dbc796126b94f3809fe660afac5d3c2a)
|
|
Guenther
(This used to be commit 44fcd3113be970edd01f7f076c4b6cad2d03ebcd)
|
|
nscd caches so that NSS-calls can deliver accurate information.
Guenther
(This used to be commit a32a423a0e9e0d4dd21282fd528bcd3247fddbd1)
|
|
quieten coverity bug #194 (which I think is a
false positive).
Jeremy.
(This used to be commit 07d8b02d3dddf7322e096f3f0a7cc1c8fa709fa3)
|
|
explicit.
Jeremy.
(This used to be commit aeae20a8d9f3658acb8edd373eb601bdf7eab98b)
|
|
Jeremy.
(This used to be commit 9fa2e1bdedb61557b43f86c2898b7bf8762bbb63)
|
|
in error code path.
Jeremy.
(This used to be commit 9f5fcdd8fb437882568e38e174e2df27bd077ba3)
|
|
over --with-kcm. No time to look after it for the moment.
Guenther
(This used to be commit 7ec2b31a8790db1466ffafeab533c11ab7ea801a)
|
|
Guenther
(This used to be commit 977079a0583497255fbd4a48de52ebd404710b62)
|
|
NTSTATUS code will be NT_STATUS_NO_MORE_ENTRIES. In that case store
NT_STATUS_OK in the centry so that the entry does not automatically
deleted upon startup or invalidated upon next query.
Guenther
(This used to be commit 200d4566619c58951e22d9543420407b3baf878f)
|
|
(This used to be commit 0a2aa3a48bd5fd7e5a9aa06068ddd621b19c1dbe)
|
|
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
(This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
|
|
I think this is actually a false warning, but as I've seen it with high gcc
warning levels, lets fix it :-)
Volker
(This used to be commit 3f671033bca7a025f9639728a0a0a0adede6ed35)
|
|
WBFLAG_PAM_CONTACT_TRUSTDOM. This
can not work for NTLM auth, where we only have a workstation account for our
own domain. For the PAM Kerberos login we need to find a better way to do
this, probably using Dsr_GetDCName and some winbind-crafted krb5.conf.
Volker
(This used to be commit bf7c608147bcbbedd89b3dcd24a929ea3e601bc8)
|
|
when we are told to do so by the password_properties.
Guenther
(This used to be commit 30f2fdef79f89a4bee544bd209cfb86975b33f94)
|
|
* ignore the primary group SID attribute from struct samu*
* generate the primary group SID strictlky from the Unix
primary group when dealing with passdb users
* Fix memory leak in original patch caused by failing to free a
talloc *
* add wrapper around samu_set_unix() to prevent exposing the create
BOOL to callers. Wrappers are samu_set_unix() and samu-allic_rid_unix()
(This used to be commit bcf269e2ec6630b78d909010fabd3b69dd6dda84)
|
|
startup; don't panic, shutdown instead.
Guenther
(This used to be commit f209192e26c12fd48feb6195b724715fbada8b85)
|
|
attribute when "winbind nss info = sfu" is set. Fixes #3539.
Guenther
(This used to be commit ffce0461de130828345c44293e564ca03227607d)
|
|
Guenther
(This used to be commit c201e51de387d3d49880ed519eb9d825df92f5af)
|
|
macro which sets the freed pointer to NULL.
(This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
|
|
(This used to be commit a918e4ac2426d4cb3cd526c4fad7480b832e6a12)
|
|
Fix parse_domain_user to fail when splitting a full name like "DOM\user"
when "winbind use default domain" and "winbind trusted domains only" are
not enabled.
This allows pam_winbind to behave correctly when more modules are
stacked in the "account" or "password" PAM facility. pam_winbindd calls
WINBINDD_GETPWNAM which can decide whether or not a user is a winbind
user and return correct PAM error codes.
Guenther
(This used to be commit e6d52c1e9d8cec7be6d552c2a67a392df21c3ec9)
|
|
Guenther
(This used to be commit f60eddc0a4dfe623e5f115533a62c03810fd5f38)
|
|
Guenther
(This used to be commit 286f6fc2339cf4ef232c16466b8dffdcddbe343f)
|
|
(got it wrong the first time as administrator has this flag set by
default).
Guenther
(This used to be commit e9ccebf45a5db8964793084950fbb2c23b2469a3)
|
|
(handle no ACB_NORMAL flag and save name2sid as early as possible).
Guenther
(This used to be commit a04a5e40b774b7fe535e9cbbabddf94ee5578005)
|
|
password on logon. (this might be true for all domain admins as well).
Guenther
(This used to be commit 24c6b9fecb521380008cb44e6d987a6f495027dc)
|
|
(This used to be commit dde8322b5c26b04222eefd3c1d450852f849079f)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
(This used to be commit 6c3480f9aecc061660ad5c06347b8f1d3e11a330)
|
|
(NT_STATUS_NONE_MAPPED),
we have S-0-0 as a SID in the cache. This leads to ugly level 0 messages from
string_to_sid. Avoid them.
Volker
(This used to be commit d62da3e9875592af91469bf75ca32be77a40ea59)
|
|
rebooting
(This used to be commit 994794383361cfe5d58098ae494489fb0164e1df)
|
|
* update output from mkversion.sh to include the SAMBA_VENDOR_PATCH
(This used to be commit 485f0370942880a71095da5096e414b28193b150)
|
|
lp_load() could not be called multiple times to modify parameter settings based
on reading from multiple configuration settings. Each time, it initialized all
of the settings back to their defaults before reading the specified
configuration file.
This patch adds a parameter to lp_load() specifying whether the settings should
be initialized. It does, however, still force the settings to be initialized
the first time, even if the request was to not initialize them. (Not doing so
could wreak havoc due to uninitialized values.)
(This used to be commit f2a24de769d1b2266e576597c57a8e3b1e2a2b51)
|
|
--enable-developer is specified
(This used to be commit 1c7787e4a11c530cec93fa210c97fbe4b38f333a)
|
|
When doing auth_crap authentication use the client
given workstation name not our own.
Jeremy.
(This used to be commit a2bb2e3e819c56b710885fc8206632e22a6ec0ce)
|
|
GUenther
(This used to be commit 3a6e41a0cb2872a656ea79c8d4fc4b8bce436492)
|
|
Correctly handle the case where users logon with an expired password.
In that case pam_sm_authenticate has to return PAM_SUCESS instead of
PAM_NEW_AUTHTOK_REQD or PAM_AUTHTOK_EXPIRED and pam_sm_acct_mgmt has to
take care of requesting an immediate password change. (see the Linux PAM
documentation).
Fixes Bugzilla #1524, #3205. Tested with login, sshd, kdm and gdm on
Linux.
Thanks to Scott Barker <Scott_Barker@mtechIT.com>.
Guenther
(This used to be commit 4cb662ffd76dbe30003c618c94ccf6ebd4afb48c)
|
|
sid_to_name lookup result already after doing a sucessfull name_to_sid
lookup.
Guenther
(This used to be commit 2456832a6d9ad2590dc02e147cc2c2e87d5a3a7a)
|
|
name_to_sid lookups in the cache.
Guenther
(This used to be commit 348d309688260d17d9cdbf11fc54ad30829ceae5)
|
|
Thanks to "The Written Word" -- whoever that is :-)
Volker
(This used to be commit 7d0956f0bd28728fbb8b4c24c4ed3cdcc04e2daf)
|