| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
|
|
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
|
|
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Nov 26 22:03:05 CET 2012 on sn-devel-104
|
|
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
access."
This reverts commit ae6a779bf9f816680e724ede37324b7f5355996b.
Bug 9125 analysis from Volker:
The problem is that there are no network calls possible at all that
would do what the samlogon cache does for us. There is just no way to
retrieve the group membership in a complex trusted environment. If you
have just a single domain with Samba as domain controller it might be
possible, but even within a single domain it is not possible to
correctly retrieve all group memberships using LDAP calls due to ACLs on
directory objects. The call to get that is called NetSamLogon on the
NETLOGON pipe. But this call requires user credentials and might trigger
updating counts on the server. So to correctly implement wbinfo -r after
a user has logged in, you have two alternatives: Save the info3 struct
or the PAC in the netsamlogon cache. If you insist on doing network
calls, you need to cache the user credentials somewhere to re-do the
NetSamLogon call every time the wbinfo -r is requested.
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
The removal of consumption of the time field from the centry
as "removal of unused variable" in 21528da9cd12a4f5c3792a482a5d18fe946a6f7a
had the side effect of changing the offset for reading the following
nt password hash, so the read password hash was wrong.
This patch re-installs the consumption of the time,
thereby fixing the bug without changing the disk format of the cache.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
This does not check whether the given sid is the domain sid,
but whether it is the sid of the local sam, which is different
for a domain member server.
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Feb 18 06:22:40 CET 2012 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Dec 20 13:13:17 CET 2011 on sn-devel-104
|
|
With 57b3d32 we changed the format for the winbind cache database and
the code deleted the database for the upgrade. As this database holds
also cached credentials, removing it is not an option. We need to update
from version 1 to version 2.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Dec 3 03:47:58 CET 2011 on sn-devel-104
|
|
DR and DE have been removed with
0834574fdd6b469797b3b6a4edd45f321b9b9971.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Fri Dec 2 19:02:45 CET 2011 on sn-devel-104
|
|
Found and fix reported by Micha Lenk <micha@lenk.info>. Thanks !
|
|
If you're going to move winbindd_cache.tdb to the state_path, do it *everywhere*.
Found by Ira Cooper <ira@wakeful.net>.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Sep 15 00:43:04 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Sep 8 15:08:43 CEST 2011 on sn-devel-104
|
|
Despite the name, in winbind offline logon mode, this is a database
that contains valuable information and should not be cleared.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Sep 7 21:17:37 CEST 2011 on sn-devel-104
|
|
|
|
My previous patches fixed up all direct TDB callers, but there are a
few utility functions and the db_context functions which are still
using the old -1 / 0 return codes.
It's clearer to fix up all the callers of these too, so everywhere is
consistent: non-zero means an error.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
Since TDB2 functions return the error directly, tdb_errorstr() taken an
error code, not the tdb as it does in TDB1.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
TDB2 returns a negative error number on failure. This is compatible
if we always check for < 0 instead of == -1.
Also, there's no tdb_traverse_read in TDB2: we don't try to make
traverse reliable any more, so there are no write locks anyway.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
TDB2 returns a negative error number on failure. This is compatible
if we always check for != 0 instead of == -1.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
This is a noop for tdb1.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_ARRAY isn't standard talloc.
|
|
Using the standard macro makes it easier to move code into common, as
TALLOC_P isn't standard talloc.
|
|
Using the standard macro makes it easier to move code into common, as
TALLOC_ARRAY isn't standard talloc.
|
|
Using the standard macro makes it easier to move code into common, as
TALLOC_REALLOC_ARRAY isn't standard talloc.
Andrew Bartlett
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Jun 8 14:44:31 CEST 2011 on sn-devel-104
|
|
Guenther
|
|
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Apr 1 09:35:19 CEST 2011 on sn-devel-104
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Nov 18 15:32:32 UTC 2010 on sn-devel-104
|
|
add a function to lookup a domain in the winbind cache by domain SID
|
|
|
|
|
|
This adds a timeout value to cache entries and the NDR records
in the winbind cache.
The previous approach of just comparing the sequence number has some issues,
e.g. when retrying a wbinfo -n operation for a user in a not yet trusted
domain was always failing even after the trusted domain was added.
The new approach compares sequence number and timeout value to
determine if a cache entry is still valid or not.
I increased the cache version number so an old cache will be wiped
automatically after upgrade.
|
|
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
|
|
TDB_CLEAR_IF_FIRST tdb's. For tdb's like gencache where we open
without CLEAR_IF_FIRST and then with CLEAR_IF_FIRST if corrupt
this is still safe to use as if opening an existing tdb the new
hash will be ignored - it's only used on creating a new tdb not
opening an old one.
Jeremy.
|
|
Guenther
|
|
Guenther
|
|
|
