Age | Commit message (Collapse) | Author | Files | Lines |
|
This needs to be a talloc child of struct wbsrv_domain
otherwise the cleanup of a broken connection doesn't work.
The following command can trigger the leak on a domain controller.
root@dc:~/samba# ls -l /var/lib/samba/sysvol/samba.private/
total 16
drwxrwx---+ 5 root 3000000 4096 May 14 14:46 Policies
drwxrwx---+ 2 root 3000000 4096 May 14 11:45 scripts
gid 3000000 belongs to Builtin\Administrators.
The code triggers a ncacn_np: connection to the local smbd
and complains that domain BUILTIN is not available:
[2013/05/29 17:28:03, 2] ../source4/winbind/wb_init_domain.c:376(init_domain_recv_queryinfo)
Expected domain name BUILTIN, DC dc.samba.private said SAMBA
In that case the connection was not closed, which is fixed by this commit.
Using ncalrpc: for all local SIDs and serving the BUILTIN domain is
a project for another day...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jun 4 11:05:09 CEST 2013 on sn-devel-104
|
|
Also makes code obey README.Coding, regarding line-length.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon May 27 00:05:19 CEST 2013 on sn-devel-104
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 16 13:37:41 CEST 2013 on sn-devel-104
|
|
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 16 07:49:24 CEST 2013 on sn-devel-104
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 28 03:54:41 CET 2013 on sn-devel-104
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb 27 05:44:39 CET 2013 on sn-devel-104
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
redundent -> redundant
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
This change matches the source3/idmap/idmap_ad.c code, and allows this
feature to work with only the setting of the UID/GID in Active
Directory Users and Computers.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
netlogon_creds_decrypt_samlogon_validation().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
positive) so that any "goto failed:" call does not end up calling
ldb_transaction_cancel() if trans is initialized to 0 (LDB_SUCCESS)
by chance.
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Aug 25 05:06:18 CEST 2012 on sn-devel-104
|
|
metze
|
|
This will protect the netlogon_creds later.
metze
|
|
metze
|
|
metze
|
|
The public wrapper still uses composite_context, because I don't
have time to fix all the callers...
metze
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
When we revamp the idmap layer, we will end up just following the s3
options, and this option is not used there either.
Andrew Bartlett
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
|
|
errors
|
|
This is a solution for users who are upgrading from Samba 3.x in
particuar, or have clients that will be using idmap_ad. This avoids
needing to have duplicate values in idmap.ldb and in the directory.
No check for conflicts is made with the idmap.ldb - the AD store always wins.
Andrew Bartlett
|
|
controller"
This will allow us to detect from the smb.conf if this is a Samba4 AD
DC which will allow smarter handling of (for example) accidentially
starting smbd rather than samba.
To cope with upgrades from existing Samba4 installs, 'domain
controller' is a synonym of 'active directory domain controller' and
new parameters 'classic primary domain controller' and 'classic backup
domain controller' are added.
Andrew Bartlett
|
|
These instances should not cause a problem, but make it easier to audit for
this kind of problem in the future with grep.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Apr 23 14:29:45 CEST 2012 on sn-devel-104
|
|
That avoids recursion if "smbd" is used as file server.
metze
|
|
|
|
Windows Server 2008 returns NT_STATUS_DOWNGRADE_DETECTED if you call
netrServerAuthenticate2 during a domain join without setting the strong
keys flag (128bit crypto).
Only for NT4 we need to do a downgrade to the returned negotiate flags.
See also 0970369ca0cb9ae465cff40e5c75739824daf1d0.
|
|
Change some misleading variable names to reflect the actual function.
Add missing field name/types previously marked as unkown.
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Oct 8 04:52:03 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Sat Sep 24 22:49:50 CEST 2011 on sn-devel-104
|
|
this fixes wbinfo --sids-to-unix-ids
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
extra_data in s3 winbind requests is appended to the end of the
request, but does not change the length header of the packet. Instead
you need to get it from the extra_len element of the request
structure.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this allows callers to know how many SIDs were mapped
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This is needed so that OpenChange can get at _tevent_req_nterr(), which is referenced
by generated PIDL output.
Andrew Bartlett
|
|
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Jul 14 08:20:13 CEST 2011 on sn-devel-104
|
|
w2k8r2
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jun 22 19:40:47 CEST 2011 on sn-devel-104
|
|
This changes commit 49352cafb4259503e6afb44d38db9bfd525d5e0d to comply
with kblin's plans.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Jun 16 10:14:52 CEST 2011 on sn-devel-104
|
|
Don't enumerate all unimplemented types of call which simply leads to
incompleteness.
Reviewed-by: Tridge
|
|
This is now just idmap.ldb in the private dir, which remains.
|
|
|
|
|
|
Will be moved back later, once we have a more common samba-util.so
Guenther
|
|
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Guenther
|
|
We've to wait until "trans" is initialised.
|
|
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Wed Jan 12 01:43:11 CET 2011 on sn-devel-104
|
|
And optimise includes
|
|
We previously allocated sockets as direct children of the event
context. That led to crashes if a service called
task_server_terminate(), as it left the socket open and handling
events for a dead protocol.
Making them a child of the task allows the task to terminate and take
all its sockets with it.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|