Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 454cb852e06fa3d8bdd0eebb3ebdb24b3d74ecd0)
|
|
(This used to be commit dcc39ed00453a075b23daece2844ca4817bfbfaf)
|
|
Don't replicate code unnecessarily
(This used to be commit cd8e63b2b45402091d6d328b3c6ca593fc19ac92)
|
|
Always, always run "make test" before pushing stuff :-)
(This used to be commit 1444db8be1de00a3e9c805f1accd8f1f4670d729)
|
|
When we're given a SID, it is not always padded with zeros. Only look at the
initialized parts in the SID.
(This used to be commit 8717085dba832cfe6d7b807a10f779e495adc326)
|
|
Jeremy.
(This used to be commit 21594cb34c683262ed4f743b68c35e586676ff75)
|
|
This fixes panics in wbcLookupRids when 1-2-22 was passed as a
domain sid.
Michael
(This used to be commit c0d9732cf4482b0db02c75f316ff2b41f3336425)
|
|
Michael
(This used to be commit 6c7c6c3f85a4bd171c62031b2b8e59d3f7054061)
|
|
This is to ease debugging. I sporadically get panics that are
apparently due to NULL domain sid passed to lookup_rids somewhere.
Michael
(This used to be commit 723e877c241dd5a0c8addb89507c9eda75b88ea4)
|
|
(This used to be commit 4baf36784f6496121a6863af0283821785eb0cf1)
|
|
This is a regession introduced by f7efc0eca9426e63b751c07a90265a12bb39cf95.
This calls pdb_get_trusteddom_pw() instead, again.
Michael
(This used to be commit 91be824d2ba0b8dccf42ba2b8555a204aa1fa56c)
|
|
This patch is still incomplete in that winbindd does not walk
the the trusted domains to lookup unqualified names here.
Apart from that this fix should be pretty much complete.
Michael
(This used to be commit f7efc0eca9426e63b751c07a90265a12bb39cf95)
|
|
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
|
|
lookupnames."
As it breaks all tests which try to join a new machine account.
So more testing is needed...
metze
This reverts commit dd320c0924ce393a89b1cab020fd5cffc5b80380.
(This used to be commit cccb80b7b7980fbe1298ce266375e51bacb4a425)
|
|
This is a first patch aimed at fixing bug #4801.
It is still incomplete in that winbindd does not walk
the the trusted domains to lookup unqualified names here.
Apart from that this fix should be pretty much complete.
Michael
(This used to be commit dd320c0924ce393a89b1cab020fd5cffc5b80380)
|
|
changed from BOOL to bool.
Michael
(This used to be commit 03673f2cd614526e7720275a5ba0869c68429f4d)
|
|
<ying.li2@hp.com>.
We aren't currently leaking memory, but are leaving it around for
longer than we need to.
Jeremy.
(This used to be commit 25bbc9a6613bef0f3f73ecf634a38a9d56020f40)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
only query transitive forest trusts.
Guenther
(This used to be commit e744efa1ee33fb150132f0b7f46ee1711681afc6)
|
|
> Here's the problem I hit:
>
> getgrnam("foo") -> nscd -> NSS -> winbindd ->
> winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() ->
> getgrnam("foo") -> nscd -> ....
>
> This is in the SAMBA_3_0 specifically but in theory could happen
> SAMBA_3_0_25 (or 26) for an unknown group.
>
> The attached patch passes down enough state for the
> name_to_sid() call to be able to determine the originating
> winbindd cmd that came into the parent. So we can avoid
> making more NSS calls if the original call came in trough NSS
> so we don't deadlock ? But you should still service
> lookupname() calls which are needed for example when
> doing the token access checks for a "valid groups" from
> smb.conf.
>
> I've got this in testing now. The problem has shown up with the
> DsProvider on OS X and with nscd on SOlaris and Linux.
(This used to be commit bcc8a3290aaa0d2620e9d391ffbbf65541f6d742)
|
|
* strptime() failure check
* make legcacy sid/uid/gid calls static
(This used to be commit 3c9fb1c6f3263c0ce6edbf2a8824c153317a84a3)
|
|
(This used to be commit 2d636ad2a33d0ca61bf6022feceed47dd68ef855)
|
|
would flood at log level 2. We know when we're using the legacy
mapping code anyways since it will log an informative msg.
(This used to be commit 51aac0fcb4528df790aa3ae078f9ef639cc01363)
|
|
(This used to be commit d4c5d5ffb30fe50abb828067b047d5eb61038ddf)
|
|
Jeremy.
(This used to be commit 8968808c3b5b0208cbad9ac92eaf948f2c546dd9)
|
|
messages.c. Refactor to use become_root() instead and
make it local to messages.c
Jeremy.
(This used to be commit f3ffb3f98472b69b476b702dfe5c0575b32da018)
|
|
(This used to be commit d0d16cc55ab830dcfd4f8c6c7bf64d2b9b6dd55b)
|
|
(This used to be commit a2dc1f62fdf7683cfb2ca71499dbe7efddc4aa9b)
|
|
so that
in the next step we can store them in LDAP to be replicated across DCs.
Thanks to Michael Adam <ma@sernet.de>
Volker
(This used to be commit 3c879745cfc39be6128b63a88ecdbfa3d9ce6c2d)
|
|
(This used to be commit 902d81becbd5eac7251e88457be7efc5e951614f)
|
|
Add necessary fixes.
(This used to be commit 4a81ee9608d45f95eaaccc78a080e717cb7d4682)
|
|
Simo.
(This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)
|
|
(This used to be commit eba404e668c270f2d31e3a8ab0721064eda39b40)
|
|
Allow smbd to use winbindd to lookup uids/gids outside the
idmap range if 'winbind trusted domains only = yes'
(This used to be commit 5b3ac400a7d51dfc818563189bdf6649b2dc3a52)
|
|
(This used to be commit d72ba9ed1288e7f498a64c96dd6aa04bda59c8b2)
|
|
pairs. Should fix bug #4097.
Jeremy.
(This used to be commit f787b9d156992e0069860cb1ab829970cb69eb81)
|
|
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
|
|
SID<->uid/gid cache. FIxes a bug in token creation
(This used to be commit fa05708789654a8a34cb4a4068514a0b3d950653)
|
|
(This used to be commit dda0b8bce6b7e0146badd8aeb52b5cce6289de21)
|
|
when using smbpasswd
(This used to be commit dde552336c732ddd6076a6a32575a37cb51aa94c)
|
|
(This used to be commit 761cbd52f0cff6b864c506ec03c94039b6101ef9)
|
|
Remove some unused code: pdb_find_alias is not used anymore, and nobody I
think has ever used the pdb_nop operations for group mapping. smbpasswd and
tdb use the default ones and ldap has its own.
Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right
now really makes use of it, but it feels wrong to throw away information so
early.
Volker
(This used to be commit f9856f6490fe44fdba97ea86062237d8c74d4bdc)
|
|
argument.
Volker
(This used to be commit 873a5a1211d185fd50e7167d88cbc869f70dfd3f)
|
|
Jeremy.
(This used to be commit b5f0b1b6447ac3c77558b32d97ce96d357ce15c0)
|
|
lookup_name_smbconf, otherwise
force user = domain+administrator
can not work. Also attempt to fix the 'valid users = domain+group' bug at the
same time.
Volker
(This used to be commit 255475901c13fde29b1b476560d969cc99712767)
|
|
With lp_workgroup we end up with remote names again...
Volker
(This used to be commit 250b9f353118bee4c080655f57d09011679deaf7)
|
|
(This used to be commit 63325b36872c92d9f9fe04a185d7bd3ac525d84c)
|
|
up names from smb.conf. If the name is unqualified it
causes the lookup to be done in WORKGROUP\name, then
"Unix [users|groups]"\name rather than searching the
domain. Should fix the problems with "force user"
selecting a domain user by preference.
Jeremy.
(This used to be commit 1e1fcb5eb2ac4bd360461b29f85c07dbf460025d)
|