| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This pulls is what I considered safe fixes from SAMBA_3_0.
This boiled down to either Klocwork fixes or obvious compiler
warning fixes. I did not include any changes to fnuction
signatures not the version change to the passdb API.
Also pulled in the 3 nmbd fixes requested by Jeremy
and the wildcard delete fix.
This code will sit for a few days in the cooker and then
become 3.0.23 if nothing blows up. I don't care how many
more compile warning fixes people throw into SAMBA_3_0.
|
| | |
|
| | |
|
| |
|
|
| |
* updating release notes to match
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Bring release tree up to current 3.0 tree
(svn merge -r15845:16103 $SVNURL/branches/SAMBA_3_0)
|
| | |
|
| |
|
|
|
|
|
|
|
| |
does not
have the timeout argument in Samba4. Add a new routine
tdb_lock_bystring_with_timeout.
Volker
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
...
Fix my brain dead inverted logic for turning winbindd on and off
when run on a DC or when calling pdb functions from within winbindd.
|
| |
|
|
|
|
|
|
| |
* depreacte 'acl group control' after discussion with Jeremy
and implement functionality as part of 'dos filemode'
* fix winbindd on a non-member server to expand local groups
* prevent code previously only used by smbd from blindly
turning _NO_WINBINDD back on
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Guenther
|
| |
|
|
|
|
| |
structural objectclass.
Guenther
|
| |
|
|
| |
pdb backend)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Finally fix parsing idmap uid/gid ranges not to break with spaces
surrounding the '-'
* Allow local groups to renamed by adding info level 2 to
_samr_set_aliasinfo()
* Fix parsing bug in _samr_del_dom_alias() reply
* Prevent root from being deleted via Samba
* Prevent builting groups from being renamed or deleted
* Fix bug in pdb_tdb that broke renaming user accounts
* Make sure winbindd is running when trying to create the Administrators
and Users BUILTIN groups automatically from smbd (and not just check the
winbind nexted groups parameter value).
* Have the top level rid allocator verify that the RID it is about to
grant is not already assigned in our own SAM (retries up to 250 times).
This fixes passdb with existing SIDs assigned to users from the RID algorithm
but not monotonically allocating the RIDs from passdb.
|
| |
|
|
|
|
| |
* Add back in the import/export support to pdbedit
* Fix segv in pam_smbpass
* Cleanup some error paths in pdb_tdb and pdb_interface
|
| |
|
|
|
|
| |
Now that I know what all the requirements for this group are
I can generalize the code some more and make it cleaner.
But at least this is working with lusrmgr.msc on XP and 2k now.
|
| |
|
|
| |
* Fix sprintf() args when createing the group search filter.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
groups in the ${MACHINESID} and S_1-5-32 domains correctly,
I had to add a substr search on sambaSID.
* add substr matching rule to OpenLDAP schema
(we need to update the other schema as will since this
is a pretty important change). Sites will need to
- install the new schema
- add 'indea sambaSID sub' to slapd.conf
- run slapindex
* remove uses of SID_NAME_WKN_GRP in pdb_ldap.c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'
* Add a SID domain to the group mapping enumeration passdb call
to fix the checks for local and builtin groups. The SID can be
NULL if you want the old semantics for internal maintenance.
I only updated the tdb group mapping code.
* remove any group mapping from the tdb that have a
gid of -1 for better consistency with pdb_ldap.c.
The fixes the problem with calling add_group_map() in
the tdb code for unmapped groups which might have had
a record present.
* Ensure that we distinguish between groups in the
BUILTIN and local machine domains via getgrnam()
Other wise BUILTIN\Administrators & SERVER\Administrators
would resolve to the same gid.
* Doesn't strip the global_sam_name() from groups in the
local machine's domain (this is required to work with
'winbind default domain' code)
Still todo.
* Fix fallback Administrators membership for root and domain Admins
if nested groups = no or winbindd is not running
* issues with "su - user -c 'groups'" command
* There are a few outstanding issues with BUILTIN\Users that
Windows apparently tends to assume. I worked around this
presently with a manual group mapping but I do not think
this is a good solution. So I'll probably add some similar
as I did for Administrators.
|
| | |
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
| |
checking for
!= NULL. Coverity #149.
Volker
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
|
| | |
|
| |
|
|
| |
Volker
|
| | |
|
| |
|
|
| |
a user since we no longer pay any attention to the value.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
upgrade it calls tdbsam_convert() which calls tdbsam_open()
deep inside the init_sam_from_buffer_vX call.
If the ref count hasn't been set yet then we will close
the tdbsam reference in tdbsam_getsampwsid().
smbpasswd -a was core-dumping again :-).
Jeremy
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* Fix a couple of related parsing issues.
* in the info3 reply in a samlogon, return the ACB-flags (instead of
returning zero)
Guenther
|
| |
|
|
|
|
|
|
| |
Jeremy
-------------
Slightly smaller version of pdb_get_methods() patch. Turns out that
callers to initialize_password_db() use the reload parameter so this
has turned in to a smaller cleanup than I thought.
|
| | |
|
| |
|
|
| |
Volker
|
| |
|
|
|
|
|
|
|
|
| |
* ignore the primary group SID attribute from struct samu*
* generate the primary group SID strictlky from the Unix
primary group when dealing with passdb users
* Fix memory leak in original patch caused by failing to free a
talloc *
* add wrapper around samu_set_unix() to prevent exposing the create
BOOL to callers. Wrappers are samu_set_unix() and samu-allic_rid_unix()
|
| | |
|
| |
|
|
|
|
|
| |
"rename user script" to do the rename of the posix machine account (this
might be changed later). Fixes #2331.
Guenther
|
| |
|
|
|
|
|
|
|
| |
* Add a 'struct passwd *' to the struct samu for later reference
(I know this may be controversial but its easily reverted which is
is why I'm checking this is as a seaparate patch before I get
too deep).
* Remove unix_homedir from struct samu {} and update the pdb wrapper
functions associated with it.
|
| | |
|
| |
|
|
| |
was the only place it was called from.
|
| |
|
|
| |
* replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix()
|
