| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
3.2.0pre1
|
| | |
|
| |
|
|
|
|
| |
The callers of get_domain_group_from_sid() with some justification
expected map->gid to be initialized when get_domain_group_from_sid
returned True.
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
Tidy calls to smb_panic by removing trailing newlines. Print the
failed expression in SMB_ASSERT.
|
| | |
|
| |
|
|
|
|
|
|
| |
- added back the ldb groupdb backend
- enable switching between the tdb and ldb backends using
"groupdb:backend". This is a safety net only, it should go away in
future versions
|
| |
|
|
|
|
|
|
| |
change TDB_DATA from char * to unsigned char *
and fix all compiler warnings in the users
metze
|
| |
|
|
|
|
| |
(use helper functions to create TDB_DATA elements)
metze
|
| |
|
|
| |
sam unmapunixgroup"
|
| |
|
|
|
|
| |
return values of some alias-releated pdb functions from BOOL to NTSTATUS
Thanks :-)
|
| |
|
|
| |
Volker
|
| |
|
|
|
| |
on talloc()'d memory when adding/removing members
from Local Groups.
|
| |
|
|
| |
No other changes here.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
|
| | |
|
| |
|
|
| |
policy_handle' over from SAMBA_3_0.
|
| | |
|
| | |
|
| | |
|
| |\
| |
| |
| |
| |
| |
| |
| |
| | |
* bring over lib/{ldb,replace,talloc,socket_wrapper}
* bring over libaddns, tdb
* remove smbwrappper
* grab Makefile and configure.in from SAMBA_3_0
* Start dealing with snum -> share struct issues
* Start merging filename mangling code
|
| | |
| |
| |
| |
| |
| |
| | |
the DN must be rid,domain and not domain,rid
Also use member and not memberOf for group members
following conventions.
|
| | | |
|
| | |
| |
| |
| |
| | |
relies on appending to this list. Unfortunately this can't be tested
using 'net groupmap'
|
| | |
| |
| |
| |
| | |
This also fixes comments in group mappings, as the code accidentially
put in "ntName" in the comment field :-)
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
ldap
- use ldb_global_init() instead of the backend specific
ldb_tdb_init().
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
rename to group_mapping.tdb.upgraded rather than an unlink when
upgrading. So if we absolutely have to go back to the tdb, we can
change mapping_ldb.o to mapping_tdb.o in Makefile.in and recover
peoples group mappings.
We could go one step futher and make the backend configurable. Any
opinions on that?
|
| | |
| |
| |
| | |
See the discussion of this on the samba-technical list
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We usually do not get the results from user/group script modifications
immediately. A lot of users do add nscd restart/refresh commands into
their scripts to workaround that while we could flush the nscd caches
directly using libnscd.
Guenther
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
|
| | |
| |
| |
| | |
when using smbpasswd
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
pointing them
out.
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
afraid it's
more than 1000 lines of patch, but doing it in smaller pieces is hardly
possible.
Anybody interested please look over this. The patch is not really interesting,
just look at the new groupdb/mapping.c file.
Jerry, one entry for the 3.0.24 release notes: smbd will refuse to start if we
have overlapping mappings in group_mapping.tdb. With the old db a unix gid can
be mapped to two different SIDs. This will be refused with the new code.
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| | |
independently: Change
internal mapping.c functions to return NTSTATUS instead of BOOL.
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| | |
seemed a
bit pointless to me.
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove some unused code: pdb_find_alias is not used anymore, and nobody I
think has ever used the pdb_nop operations for group mapping. smbpasswd and
tdb use the default ones and ldap has its own.
Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right
now really makes use of it, but it feels wrong to throw away information so
early.
Volker
|
| | |
| |
| |
| |
| |
| | |
argument.
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We usually do not get the results from user/group script modifications
immediately. A lot of users do add nscd restart/refresh commands into
their scripts to workaround that while we could flush the nscd caches
directly using libnscd.
Guenther
|
| |/
|
|
| |
when using smbpasswd
|
| |
|
|
|
|
|
|
|
| |
does not
have the timeout argument in Samba4. Add a new routine
tdb_lock_bystring_with_timeout.
Volker
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Finally fix parsing idmap uid/gid ranges not to break with spaces
surrounding the '-'
* Allow local groups to renamed by adding info level 2 to
_samr_set_aliasinfo()
* Fix parsing bug in _samr_del_dom_alias() reply
* Prevent root from being deleted via Samba
* Prevent builting groups from being renamed or deleted
* Fix bug in pdb_tdb that broke renaming user accounts
* Make sure winbindd is running when trying to create the Administrators
and Users BUILTIN groups automatically from smbd (and not just check the
winbind nexted groups parameter value).
* Have the top level rid allocator verify that the RID it is about to
grant is not already assigned in our own SAM (retries up to 250 times).
This fixes passdb with existing SIDs assigned to users from the RID algorithm
but not monotonically allocating the RIDs from passdb.
|
| |
|
|
|
|
| |
Now that I know what all the requirements for this group are
I can generalize the code some more and make it cleaner.
But at least this is working with lusrmgr.msc on XP and 2k now.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'
* Add a SID domain to the group mapping enumeration passdb call
to fix the checks for local and builtin groups. The SID can be
NULL if you want the old semantics for internal maintenance.
I only updated the tdb group mapping code.
* remove any group mapping from the tdb that have a
gid of -1 for better consistency with pdb_ldap.c.
The fixes the problem with calling add_group_map() in
the tdb code for unmapped groups which might have had
a record present.
* Ensure that we distinguish between groups in the
BUILTIN and local machine domains via getgrnam()
Other wise BUILTIN\Administrators & SERVER\Administrators
would resolve to the same gid.
* Doesn't strip the global_sam_name() from groups in the
local machine's domain (this is required to work with
'winbind default domain' code)
Still todo.
* Fix fallback Administrators membership for root and domain Admins
if nested groups = no or winbindd is not running
* issues with "su - user -c 'groups'" command
* There are a few outstanding issues with BUILTIN\Users that
Windows apparently tends to assume. I worked around this
presently with a manual group mapping but I do not think
this is a good solution. So I'll probably add some similar
as I did for Administrators.
|
| |
|
|
|
|
|
| |
Not a bug in the strictest sense, more a clarification. This whole routine
assumes new_gid != NULL anyway, so there's no point in checking.
Volker
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
|
| |
|
|
| |
macro which sets the freed pointer to NULL.
|
| |
|
|
| |
Volker
|
