| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| | |
marshall a buffer based on an unknown size. Zero out the sec_desc
buffer to prevent this. This is still not getting proper results for
a registry security descriptor (everything gets ACCESS DENIED), but
at least we aren't blowing out memory now...
|
| | |
| |
| |
| |
| | |
should be done correctly. Fix coverity #37.
Jeremy.
|
| | |
| |
| |
| |
| | |
(variable definition was missing).
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'
* Add a SID domain to the group mapping enumeration passdb call
to fix the checks for local and builtin groups. The SID can be
NULL if you want the old semantics for internal maintenance.
I only updated the tdb group mapping code.
* remove any group mapping from the tdb that have a
gid of -1 for better consistency with pdb_ldap.c.
The fixes the problem with calling add_group_map() in
the tdb code for unmapped groups which might have had
a record present.
* Ensure that we distinguish between groups in the
BUILTIN and local machine domains via getgrnam()
Other wise BUILTIN\Administrators & SERVER\Administrators
would resolve to the same gid.
* Doesn't strip the global_sam_name() from groups in the
local machine's domain (this is required to work with
'winbind default domain' code)
Still todo.
* Fix fallback Administrators membership for root and domain Admins
if nested groups = no or winbindd is not running
* issues with "su - user -c 'groups'" command
* There are a few outstanding issues with BUILTIN\Users that
Windows apparently tends to assume. I worked around this
presently with a manual group mapping but I do not think
this is a good solution. So I'll probably add some similar
as I did for Administrators.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| |
| |
| | |
sink by ensuring all uses of rpcstr_push are consistent
with a size_t dest size arg.
Jeremy.
|
| | | |
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
was here
was clearly buggy as Coverity showed with bug id #36.
According to samba4 idl the sec_desc_buf is [in,out,ref], so we _have_ to ship
it in the request.
Volker
|
| | |
| |
| |
| |
| | |
the correct malloc-macros.
Jeremy.
|
| | |
| |
| |
| |
| |
| | |
aliasing clearer. This isn't a bug but a code
clarification.
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
aliasing clearer. This isn't a bug but a code
clarification.
Jeremy.
line, and those below, will be ignored--
M source/smbd/posix_acls.c
|
| | |
| |
| |
| |
| |
| | |
aliasing clearer. This isn't a bug but a code
clarification.
Jeremy.
|
| | |
| |
| |
| |
| | |
the size of the data table. Clean up the struct a little.
Jeremy.
|
| | |
| |
| |
| |
| | |
Fix Coverity #59.
Jeremy.
|
| | |
| |
| |
| |
| |
| | |
alloc error back up the stack from smbldap_set_mod()
so ensure we abort correctly.
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| | |
we're using -1 as a special size_t case by casting.
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | | |
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Testing pam_smbpass pam_winbind
dlopen() of "./bin/pam_smbpass.so" succeeded.
dlopen() of "./bin/pam_winbind.so" failed: ././bin/pam_winbind.so:
undefined symbol: secrets_fetch_domain_sid
make: *** [test_pam_modules] Error 1
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
called as part of the all rule (again only if pam modules are requested
by configure).
Add pam_winbind rule.
Ensure proto_exists before we build the pam modules.
Add test_pam_modules rule to test if the built pam modules have any
unresolved symbols. For test_pam_modules we use script/tests/dlopen.sh
which was written by Nalin Dahyabhai <nalin@redhat.com>. Thanks Nalin!
RedHat and SuSE use this script to test nss and pam modules since
several years.
|
| | |
| |
| |
| |
| |
| | |
nscd caches so that NSS-calls can deliver accurate information.
Guenther
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The intention is to have the resulting binaries at one place. This is
also usefull for upcoming changes to provide a test_pammodules rule.
With these changes I even got aware of
testsuite/nsswitch/pam_winbind_syms.exp But this only covers
pam_winbind.
|
| | |
| |
| |
| |
| | |
resources on error exit path.
Jeremy.
|
| | |
| |
| |
| |
| | |
resources on error exit path.
Jeremy.
|
| | |
| |
| |
| |
| | |
resources on error exit path.
Jeremy.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
to Samba4 talloc).
Jeremy
- make the snprintf call in talloc portable to older solaris boxes
- fixed an error found sing the beam analyser
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| | |
not a real issue but this code is easier to read.
Jeremy.
|
| | |
| |
| |
| |
| |
| | |
quieten coverity bug #194 (which I think is a
false positive).
Jeremy.
|
| | |
| |
| |
| |
| | |
was especially silly as we checked immediately _after_ dereferencing it
:-/
|
| | |
| |
| |
| |
| | |
Free grp_sid and owner_sid before returning. Also, only allow one group
or owner.
|
| | |
| |
| |
| |
| | |
specified once in an ACL, so it can be allocated a second time,
overwriting the first
|
| | |
| |
| |
| |
| | |
explicit.
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | | |
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
