| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
groups in the ${MACHINESID} and S_1-5-32 domains correctly,
I had to add a substr search on sambaSID.
* add substr matching rule to OpenLDAP schema
(we need to update the other schema as will since this
is a pretty important change). Sites will need to
- install the new schema
- add 'indea sambaSID sub' to slapd.conf
- run slapindex
* remove uses of SID_NAME_WKN_GRP in pdb_ldap.c
|
|
|
|
|
| |
in the switch statement which matched the schannel type
against the account type.
|
| |
|
|
|
|
| |
* Fix inverted logic check for machine accounts in get_md4pw()
|
|
|
|
|
|
| |
we now check wheter the sec_channel_type matches the trust account type.
Guenther
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Automatically creates the BUILTIN\Users group similar to
how BUILTIN\Administrators is done. This code does need to
be cleaned up considerably. I'll continue to work on this.
* The important fix is for getusergroups() when dealing with a
local user and nested groups. Now I can run the following
successfully:
$ su - jerry -c groups
users BUILTIN\users
|
|
|
|
|
| |
implicit function contract explicit.
Jeremy.
|
|
|
|
| |
Jeremy.
|
|
|
|
|
|
|
| |
marshall a buffer based on an unknown size. Zero out the sec_desc
buffer to prevent this. This is still not getting proper results for
a registry security descriptor (everything gets ACCESS DENIED), but
at least we aren't blowing out memory now...
|
|
|
|
|
| |
should be done correctly. Fix coverity #37.
Jeremy.
|
|
|
|
|
| |
(variable definition was missing).
Jeremy.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'
* Add a SID domain to the group mapping enumeration passdb call
to fix the checks for local and builtin groups. The SID can be
NULL if you want the old semantics for internal maintenance.
I only updated the tdb group mapping code.
* remove any group mapping from the tdb that have a
gid of -1 for better consistency with pdb_ldap.c.
The fixes the problem with calling add_group_map() in
the tdb code for unmapped groups which might have had
a record present.
* Ensure that we distinguish between groups in the
BUILTIN and local machine domains via getgrnam()
Other wise BUILTIN\Administrators & SERVER\Administrators
would resolve to the same gid.
* Doesn't strip the global_sam_name() from groups in the
local machine's domain (this is required to work with
'winbind default domain' code)
Still todo.
* Fix fallback Administrators membership for root and domain Admins
if nested groups = no or winbindd is not running
* issues with "su - user -c 'groups'" command
* There are a few outstanding issues with BUILTIN\Users that
Windows apparently tends to assume. I worked around this
presently with a manual group mapping but I do not think
this is a good solution. So I'll probably add some similar
as I did for Administrators.
|
|
|
|
| |
Jeremy.
|
|
|
|
| |
Jeremy.
|
|
|
|
| |
Jeremy.
|
|
|
|
| |
Jeremy.
|
|
|
|
| |
Guenther
|
|
|
|
|
|
| |
sink by ensuring all uses of rpcstr_push are consistent
with a size_t dest size arg.
Jeremy.
|
| |
|
|
|
|
| |
Guenther
|
|
|
|
|
|
|
|
|
|
|
| |
was here
was clearly buggy as Coverity showed with bug id #36.
According to samba4 idl the sec_desc_buf is [in,out,ref], so we _have_ to ship
it in the request.
Volker
|
|
|
|
|
| |
the correct malloc-macros.
Jeremy.
|
|
|
|
|
|
| |
aliasing clearer. This isn't a bug but a code
clarification.
Jeremy.
|
|
|
|
|
|
|
|
|
| |
aliasing clearer. This isn't a bug but a code
clarification.
Jeremy.
line, and those below, will be ignored--
M source/smbd/posix_acls.c
|
|
|
|
|
|
| |
aliasing clearer. This isn't a bug but a code
clarification.
Jeremy.
|
|
|
|
|
| |
the size of the data table. Clean up the struct a little.
Jeremy.
|
|
|
|
|
| |
Fix Coverity #59.
Jeremy.
|
|
|
|
|
|
| |
alloc error back up the stack from smbldap_set_mod()
so ensure we abort correctly.
Jeremy.
|
|
|
|
| |
Jeremy.
|
|
|
|
| |
Jeremy.
|
|
|
|
| |
Jeremy.
|
|
|
|
|
| |
we're using -1 as a special size_t case by casting.
Jeremy.
|
|
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
Guenther
|
|
|
|
|
|
|
|
| |
Testing pam_smbpass pam_winbind
dlopen() of "./bin/pam_smbpass.so" succeeded.
dlopen() of "./bin/pam_winbind.so" failed: ././bin/pam_winbind.so:
undefined symbol: secrets_fetch_domain_sid
make: *** [test_pam_modules] Error 1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
called as part of the all rule (again only if pam modules are requested
by configure).
Add pam_winbind rule.
Ensure proto_exists before we build the pam modules.
Add test_pam_modules rule to test if the built pam modules have any
unresolved symbols. For test_pam_modules we use script/tests/dlopen.sh
which was written by Nalin Dahyabhai <nalin@redhat.com>. Thanks Nalin!
RedHat and SuSE use this script to test nss and pam modules since
several years.
|
|
|
|
|
|
| |
nscd caches so that NSS-calls can deliver accurate information.
Guenther
|
|
|
|
|
|
|
|
|
| |
The intention is to have the resulting binaries at one place. This is
also usefull for upcoming changes to provide a test_pammodules rule.
With these changes I even got aware of
testsuite/nsswitch/pam_winbind_syms.exp But this only covers
pam_winbind.
|
|
|
|
|
| |
resources on error exit path.
Jeremy.
|
|
|
|
|
| |
resources on error exit path.
Jeremy.
|
|
|
|
|
| |
resources on error exit path.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
to Samba4 talloc).
Jeremy
- make the snprintf call in talloc portable to older solaris boxes
- fixed an error found sing the beam analyser
|
|
|
|
| |
Jeremy.
|
|
|
|
| |
Jeremy.
|
|
|
|
|
| |
not a real issue but this code is easier to read.
Jeremy.
|
|
|
|
|
|
| |
quieten coverity bug #194 (which I think is a
false positive).
Jeremy.
|