| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
loop when allocating a new id for a SID:
auth_util.patch Revert create_local_token() to
the 3.0.24 codebase
idmap_type.patch Have the caller fillin the
id_map.xid.type field when
resolving a SID so that if we allocate
a new id, we know what type to use
winbindd_api.patch Remove the WINBINDD_SIDS_TO_XIDS calls
from the public winbindd interface
for the 3.0.25 release
idmap_rid.patch Cleanup the idmap_rid backend to not
call back into winbindd to resolve
the SID in order to verify it's type.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
this patch
is moving functions around to fix some linker dependencies for the registry.
Michael, I've renamed your auth_utils2.c to token_utils.c.
Thanks!
Volker
|
| |
|
|
|
|
|
|
| |
- make sure never to free an uninitialised variable
- ensure to free result on getpwnam_alloc failure
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
| |
talloc_free()'ed at the end of a session.
Rework the passwd cache code to use talloc_unlink and
talloc_reference, to more carefully manage the cache.
Andrew Bartlett
|
| |
|
|
|
|
|
|
| |
which matches what samba4 has.
also fix all the callers to prevent compiler warnings
metze
|
| |
|
|
| |
metze
|
| |
|
|
| |
Guenther
|
| |
|
|
|
|
|
|
|
|
| |
so that
in the next step we can store them in LDAP to be replicated across DCs.
Thanks to Michael Adam <ma@sernet.de>
Volker
|
| |
|
|
|
|
|
|
|
| |
This change is needed to make it possible to not expire
caches in disconnected mode.
Jerry, please can you look at this and confirm it is ok?
Simo.
|
| |
|
|
| |
Add necessary fixes.
|
| |
|
|
| |
Simo.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
reported by James. Ensure that this function allocates
everything on the temporary context except the return
memory. Never call this with a null mem context, and
now use conn->mem_ctx instead in smbd/service.c.
Remove separate free functions for conn->ngroups
and conn->nt_user_token as they are now always
talloc'ed off the conn->mem_ctx. Future optimization
will be to remove conn->mem_ctx and make all objects
pointed to in the conn struct talloc'ed off conn itself.
Easy to free then :-).
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The main thing here is a rewrite of srv_winreg_nt.c. The core functionality
has moved to registry/reg_api.c which is then usable by the rest of Samba as
well.
On that way it fixes creating keys with more than one element in the
path. This did not work before.
Two things that sneaked in (sorry :-) is the change of some routines from
NTSTATUS to WERROR the removed "parent" argument to regkey_open_internal.
Volker
|
| |
|
|
|
|
| |
It was missing for security=server/domain/ads
Simo.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
|
| | |
|
| |
|
|
|
|
| |
Destructors now take a pointer to the "real" destroyed object as an argument.
Volker
|
| |
|
|
|
| |
Stanford checker.
Jeremy.
|
| |
|
|
| |
username map.
|
| |
|
|
|
|
|
|
|
|
|
| |
Comments from the patch:
/* Add the "Unix Group" SID for each gid to catch mapped groups
and their Unix equivalent. This is to solve the backwards
compatibility problem of 'valid users = +ntadmin' where
ntadmin has been paired with "Domain Admins" in the group
mapping table. Otherwise smb.conf would need to be changed
to 'valid user = "Domain Admins"'. --jerry */
|
| |
|
|
|
|
|
|
|
| |
up names from smb.conf. If the name is unqualified it
causes the lookup to be done in WORKGROUP\name, then
"Unix [users|groups]"\name rather than searching the
domain. Should fix the problems with "force user"
selecting a domain user by preference.
Jeremy.
|
| | |
|
| |
|
|
|
|
|
| |
For guest connection they may well be zero.
This should fix up the buildfarm (fingers
crossed).
Jeremy.
|
| |
|
|
|
| |
Let's look at the build farm now... :-).
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
netlogon code uses pdb_get_group_sid() which could
return a S-1-1-22 unix sid. Who knew.... :-(.
I'm going to test Volker's fix instead. Once
3.0.23b is out we *have* to rip out the pdb_set_group_sid()
code....
Jeremy.
|
| |
|
|
|
|
| |
please come in and fix it in a less ugly way once
you have some time. Thanks,
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
users (username map) and failure to connect to a
share. Essentially, even on a standalone system
we were going into the create_token_from_username()
code (I think by mistake) if the username was mapped.
Fixes bug #3991.
Volker & Jerry - please go over this with a very careful eye
and let me know if this isn't correct (I think it is,
but this isn't my code and it's a dangerous area for
me to be playing in :-).
Jeremy
|
| | |
|
| |
|
|
|
|
|
|
| |
If no winbind is around, the best we can do to get the user's token correct is
to ask unix via create_token_from_username. More investigation is needed if
this also fixes the +groupname for unmapped groups problems more cleanly.
Volker
|
| |
|
|
| |
Volker
|
| |
|
|
|
|
| |
See the comment in the patch for the reason.
Volker
|
| |
|
|
|
|
|
| |
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
this is
what svn is for.
The idea is that we fall back to a pure unix user with S-1-22 SIDs in the
token in case anything weird is going on with the 'force user'.
Volker
|
| |
|
|
|
|
| |
sid_check_is_in_our_domain cases.
Volker
|
| |
|
|
|
|
|
|
| |
there are
vasprintf implementations that don't like a NULL format.
Volker
|
| |
|
|
|
| |
checking for the builtin Administrators group membership.
security = server has no domain info in secrets.tdb
|
| |
|
|
|
| |
Add missing automatic add of the Administrators SID in the absence
of winbindd and precense of Domain Admins SID in the user's token.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make 2 important changes. pdb_get_methods()
returning NULL is a *fatal* error. Don't try
and cope with it just call smb_panic. This
removes a *lot* of pointless "if (!pdb)" handling
code. Secondly, ensure that if samu_init()
fails we *always* back out of a function. That
way we are never in a situation where the pdb_XXX()
functions need to start with a "if (sampass)"
test - this was just bad design, not defensive
programming.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| | |
|
| | |
|
| |
|
|
|
| |
Spotted by "John E. Malmberg" <wb8tyw@qsl.net>.
Jeremy.
|
| |
|
|
| |
Volker
|
| |
|
|
|
|
|
|
|
|
|
| |
changing the token generation. I *hate* this code!
Jerry, you have been looking at this as well, can you double-check that I did
not screw it up?
Thanks,
Volker
|
| | |
|
| |
|
|
| |
handled by the smb_getpwnam() call deeper in
|
| |
|
|
| |
fails (but is present).
|
