Age | Commit message (Collapse) | Author | Files | Lines |
|
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|
|
|
|
|
|
|
|
Michael
|
|
Found by RPC-LSA-LOOKUPNAMES torture test.
Guenther
|
|
It took me a bit to understand what this flag does. I hope this is
a bit clearer, at least it is to me.
|
|
With the previous code, the cache can never have been hit at all.
Michael
|
|
Invalid pointers were being dereferenced in lookup_sids causing
occasional seg faults.
Signed-off-by: Tim Prouty <tprouty@samba.org>
|
|
This is very similar to be1dfff02d562e42a7847bd02fed8538630d3f41
|
|
Should make Solaris 10 builds look cleaner.
Jeremy.
|
|
A client sent a SID with authority 0 and 0 sub-authorities. W2k3 replies with
NT_STATUS_INVALID_SID, even if other SIDs in the list are valid.
Thanks to Pavel <wylda@volny.cz> for the bug report!
|
|
Originally removed in be1dfff02d562e42a7847bd02fed8538630d3f41
|
|
we end up returning the null sid instead of falling back to the legacy
code. Next time through the code we'll hit the negative cache and do
the right thing, but we still fail the first time.
If we fail the winbind id to sid mapping, call the legacy version. This
catches the case where we don't have a negative cache entry for the mapping.
This is better than returning the NULL sid to the caller.
|
|
|
|
Guenther
|
|
This reverts commit 8594edf666c29fd4ddf1780da842683dd81483b6.
(This used to be commit ad462e2e2d025a7fc23e7dea32b2b442b528970b)
|
|
(This used to be commit 8e4dca3b9416d9b5e535bda5e4befc073bfc1641)
|
|
Jeremy.
(This used to be commit a7bbd33139c5835cf32efdbe0ef187117699e3e4)
|
|
Jeremy.
(This used to be commit 91f85d0dcaa917b7a90a77852f3a778a0ad99c4d)
|
|
(This used to be commit e038f1cf9fb305fc1e7a4189208e451d30aaa1f0)
|
|
we just call the legacy function ?).
Jeremy.
(This used to be commit 566d3b6e76afeca8e862cb36202a5283b86920e4)
|
|
mappings.
Jeremy.
(This used to be commit 31ba955d6950420096b9141454aa95b2510a3d9a)
|
|
lookup_domain_name(). This new function accept separated
strings for domain and name.
(This used to be commit 8594edf666c29fd4ddf1780da842683dd81483b6)
|
|
This reverts commit cd8e63b2b45402091d6d328b3c6ca593fc19ac92.
(This used to be commit 061e55d4f48d269dc45fad6739e0872501b9433d)
|
|
This reverts commit dcc39ed00453a075b23daece2844ca4817bfbfaf.
(This used to be commit 26ca09a3570a0df051d042bef586ea57ad9f198c)
|
|
This reverts commit 454cb852e06fa3d8bdd0eebb3ebdb24b3d74ecd0.
(This used to be commit cae8ec3199d5b0ffe0bfb6f15adaa5a12343c763)
|
|
(This used to be commit 454cb852e06fa3d8bdd0eebb3ebdb24b3d74ecd0)
|
|
(This used to be commit dcc39ed00453a075b23daece2844ca4817bfbfaf)
|
|
Don't replicate code unnecessarily
(This used to be commit cd8e63b2b45402091d6d328b3c6ca593fc19ac92)
|
|
Always, always run "make test" before pushing stuff :-)
(This used to be commit 1444db8be1de00a3e9c805f1accd8f1f4670d729)
|
|
When we're given a SID, it is not always padded with zeros. Only look at the
initialized parts in the SID.
(This used to be commit 8717085dba832cfe6d7b807a10f779e495adc326)
|
|
Jeremy.
(This used to be commit 21594cb34c683262ed4f743b68c35e586676ff75)
|
|
This fixes panics in wbcLookupRids when 1-2-22 was passed as a
domain sid.
Michael
(This used to be commit c0d9732cf4482b0db02c75f316ff2b41f3336425)
|
|
Michael
(This used to be commit 6c7c6c3f85a4bd171c62031b2b8e59d3f7054061)
|
|
This is to ease debugging. I sporadically get panics that are
apparently due to NULL domain sid passed to lookup_rids somewhere.
Michael
(This used to be commit 723e877c241dd5a0c8addb89507c9eda75b88ea4)
|
|
(This used to be commit 4baf36784f6496121a6863af0283821785eb0cf1)
|
|
This is a regession introduced by f7efc0eca9426e63b751c07a90265a12bb39cf95.
This calls pdb_get_trusteddom_pw() instead, again.
Michael
(This used to be commit 91be824d2ba0b8dccf42ba2b8555a204aa1fa56c)
|
|
This patch is still incomplete in that winbindd does not walk
the the trusted domains to lookup unqualified names here.
Apart from that this fix should be pretty much complete.
Michael
(This used to be commit f7efc0eca9426e63b751c07a90265a12bb39cf95)
|
|
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
|
|
lookupnames."
As it breaks all tests which try to join a new machine account.
So more testing is needed...
metze
This reverts commit dd320c0924ce393a89b1cab020fd5cffc5b80380.
(This used to be commit cccb80b7b7980fbe1298ce266375e51bacb4a425)
|
|
This is a first patch aimed at fixing bug #4801.
It is still incomplete in that winbindd does not walk
the the trusted domains to lookup unqualified names here.
Apart from that this fix should be pretty much complete.
Michael
(This used to be commit dd320c0924ce393a89b1cab020fd5cffc5b80380)
|
|
changed from BOOL to bool.
Michael
(This used to be commit 03673f2cd614526e7720275a5ba0869c68429f4d)
|
|
<ying.li2@hp.com>.
We aren't currently leaking memory, but are leaving it around for
longer than we need to.
Jeremy.
(This used to be commit 25bbc9a6613bef0f3f73ecf634a38a9d56020f40)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
only query transitive forest trusts.
Guenther
(This used to be commit e744efa1ee33fb150132f0b7f46ee1711681afc6)
|
|
> Here's the problem I hit:
>
> getgrnam("foo") -> nscd -> NSS -> winbindd ->
> winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() ->
> getgrnam("foo") -> nscd -> ....
>
> This is in the SAMBA_3_0 specifically but in theory could happen
> SAMBA_3_0_25 (or 26) for an unknown group.
>
> The attached patch passes down enough state for the
> name_to_sid() call to be able to determine the originating
> winbindd cmd that came into the parent. So we can avoid
> making more NSS calls if the original call came in trough NSS
> so we don't deadlock ? But you should still service
> lookupname() calls which are needed for example when
> doing the token access checks for a "valid groups" from
> smb.conf.
>
> I've got this in testing now. The problem has shown up with the
> DsProvider on OS X and with nscd on SOlaris and Linux.
(This used to be commit bcc8a3290aaa0d2620e9d391ffbbf65541f6d742)
|