| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A customer complained that after upgrading to Samba 4.0 fileserver
its LDAP server was flooded with uid2sid and gid2sid request for id
0. With 4.0 we do a lot more user-space ACL checking which involves
uid2sid/gid2sid. This caches the corresponding results.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 7 12:00:10 CET 2015 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
| |
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10940
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jan 5 16:51:30 CET 2015 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
| |
pdb_samba_dsdb_get_trusteddom_creds()
If both ends have a dns domain, we can use SEC_CHAN_DNS_DOMAIN in order to match
a Windows DC.
For kerberos we still need to use MY_NETBIOS_DOMAIN$@REMOTE_REALM.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
|
| |
We have the password as raw UTF16 blob, which might not be
valid utf16, so we need to use cli_credentials_set_utf16_password().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NT_STATUS_NOT_IMPLEMENTED lets it fallback to the old get_trust_pw_clear2()
code.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 18 06:46:05 CET 2014 on sn-devel-104
|
|
|
|
|
|
|
| |
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the process, we can also rename pdb to avoid conflicts with libpdb.
We don't depend directly on pdb to avoid duplicate symbols.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10355
Change-Id: I4df6ba2f4ce35d3718dc4198b527cca46a139efe
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of passing down gid or uid, a pointer to a unixid is now sent
down. This acts as an in-out variable so that the idmap functions can
correctly receive ID_TYPE_BOTH, filling in cache details correctly
rather than forcing the cache to store ID_TYPE_UID or ID_TYPE_GID.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10720
Change-Id: I11409a0f498e61a3c0a6ae606dd7af1135e6b066
Pair-programmed-with: Andrew Bartlett <abarlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
|
| |
We should not write to memory marked as const
(returned from pdb_get_pw_history())!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
|
|
|
| |
ctdb gives us 0-sized records for deleted passdb entries
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Nov 11 16:19:37 CET 2014 on sn-devel-104
|
|
|
|
|
| |
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
|
|
|
|
|
| |
Also check for allocation failures.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
| |
Also check for allocation failures.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This avoids some duplication in setting the machine account passsword
for the domain member and DC case.
This does not yet remove the duplication, that requires a bigger
restructure of the various routines used here to obtain the machine
and domain trust secrets.
Also no longer used is the timeout/2 code to not set the previous
password. It is now always passed to the caller.
Andrew Bartlett
Change-Id: Idd5bafedf4cbac30b174955d743ec4128a6902ee
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
| |
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Sep 20 08:29:31 CEST 2014 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The issue here is that pdb_set_plaintext_passwd() re-used the memory from pdb_get_pw_history() as input
We need to free this after we copy and set it.
Found by AddressSanitizer
Andrew Bartlett
Change-Id: I4e148e23ccbbe5444c969ff8f91709791c7696bb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pdb_samba_dsdb_get_trusteddom_pw
We now return the plaintext passwords for trusted domains so winbindd can use them.
Change-Id: Ifcd59b0be815d25b73bdbc41db7477895461c7b6
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Share options like "force group" and "valid users = @group1"
triggered a NT_STATUS_NO_SUCH_GROUP. While the group was found in
the SAM backend, its objectclass was not retrived.
This fix also revealed a talloc access after free in the group
branch of pdb_samba_dsdb_getgrfilter.
[Bug 9570] Access failure for shares with "force group" or "valid users = @group"
https://bugzilla.samba.org/show_bug.cgi?id=9570
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pdb_samba_dsdb_getgrfilter() function first determines the security type
of a group and sets map->sid_name_use accordingly. A little later, this
variable is set again, undoing the previous work.
https://bugzilla.samba.org/show_bug.cgi?id=10777
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 23 02:48:52 CEST 2014 on sn-devel-104
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Justin Maggard <jmaggard@netgear.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sat Aug 9 00:44:06 CEST 2014 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
| |
This is generic enough that it could be used in all code.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jul 18 15:43:33 CEST 2014 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is not allowed to be odd length, as otherwise we can not send it over the SAMR transport correctly.
Allocating one byte less memory than required causes malloc() heap corruption
and then a crash or lockup of the SAMR server.
Andrew Bartlett
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10130
Change-Id: I5c0c531c1d660141e07f884a4789ebe11c1716f6
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
| |
This will allow winbindd to know when we are an RODC
without needing to dig into sam.ldb.
Change-Id: Ibdfa37fe6269305ccc5db42479f4a8db5eea53f3
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch seems odd, but the pdb_samba_dsdb module has exactly this
semantics. That is, the pdb_samba_dsdb is responsible for all IDMAP
values, due to backing on to the idmap.ldb allocator. This option is
added so we can continue to support the mappings written into that
database even when switching winbindd implementations - the source4/
winbind code would only ask the idmap_ldb code, no matter what the
SID.
Almost all of the behaviour for this is already in winbindd, but we
need this extra flag function so as to avoid (currently intentional)
errors at startup due to not having a per-domain allocation
configured in the smb.conf.
Andrew Bartlett
Change-Id: I6b0d7a1463fe28dfd36715af0285911ecc07585c
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
get_global_sam_sid()
This avoids use-after-free errors and tdb database churn.
Andrew Bartlett
Change-Id: If7ab2e24556d9dffc7ad22c0489d665dd75a0cab
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Samuel Cabrero <scabrero@zentyal.com>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date(master): Fri May 30 15:29:29 CEST 2014 on sn-devel-104
|
|
|
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
|
|
| |
And don't cache in the pdb_ldap module on the id_to_sid calls.
Signed-off-by: Alexander Werth <alexander.werth@de.ibm.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sat May 3 04:14:05 CEST 2014 on sn-devel-104
|
|
|
|
|
| |
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
msDS-User-Account-Control-Computed
This allows us to avoid the domain lookup in the constructed attribute
when not required.
By using msDS-User-Account-Control-Computed the lockout and password
expiry checks are now handled in the operational ldb module.
Andrew Bartlett
Change-Id: I6eb94933e4602e2e50c2126062e9dfa83a46191b
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Following the current coding guidelines, it is considered bad practice to return from
within a macro and change control flow as they look like normal function calls.
Change-Id: I133eb5a699757ae57b87d3bd3ebbcf5b556b0268
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we have no name indexes for a domain, all names were domain
names and have been resolved earlier, including the domain name.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463
Change-Id: I5a7a387fa89d2b2bdd465c13b3dca0e18ca0482c
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Feb 25 11:17:18 CET 2014 on sn-devel-104
|
|
|
|
|
|
|
|
| |
Coverity-id: 1107228,1107227
Signed-off-by: Poornima Gurusiddaiah <pgurusid@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Moved the call to the talloc autofree function to as early a point as
possible. init_ldap_from_sam() already calls smbldap_set_mod(), and there's
a chance that the init will fail after having already allocated memory for
&mods.
Coverity-Id: 1167997
Change-Id: Ic26bfb3c530f90aa885e447b8409deba49708d64
Reviewed-by: Ira Cooper <ira@samba.org>
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
Reviewed-by: Simo Sorce <idra@samba.org>
|
|
|
|
|
|
|
|
| |
"rename_user_script"
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
|
| |
"delete_user_script"
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
|
| |
"add_user_script"
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
|
| |
"add_machine_script"
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
| |
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
|
|
|
| |
This is in preparation to support handing flags to backends,
in particular activating read only record support for ctdb
databases. For a start, this does nothing but adding the
parameter, and all databases use DBWRAP_FLAG_NONE.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
| |
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
| |
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jan 9 22:35:25 CET 2014 on sn-devel-104
|
|
|
|
|
|
|
|
|
| |
http://www.python.org/doc//current/c-api/none.html
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date(master): Thu Jan 9 16:27:47 CET 2014 on sn-devel-104
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
|
|
|
|
|
|
|
|
| |
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 5 20:09:21 CEST 2013 on sn-devel-104
|
|
|
|
|
| |
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|