IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
If we set 'winbind use default domain' and specify 'force user = user'
without a domain name we fail to log in. In this case we need to try a
lookup with the domain name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11185
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 31 21:17:23 CEST 2015 on sn-devel-104
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Mar 17 11:29:38 CET 2015 on sn-devel-104
Different gcc versions complain at different places
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar 3 13:14:53 CET 2015 on sn-devel-104
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Feb 13 15:54:18 CET 2015 on sn-devel-104
This macro was used for compatibility with broken compilers.
Since Python 2.3, it is always defined as `static`, and only exists
"for source compatibility with old C extensions".
Signed-off-by: Petr Viktorin <pviktori@redhat.com>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
A customer complained that after upgrading to Samba 4.0 fileserver
its LDAP server was flooded with uid2sid and gid2sid request for id
0. With 4.0 we do a lot more user-space ACL checking which involves
uid2sid/gid2sid. This caches the corresponding results.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 7 12:00:10 CET 2015 on sn-devel-104
If both ends have a dns domain, we can use SEC_CHAN_DNS_DOMAIN in order to match
a Windows DC.
For kerberos we still need to use MY_NETBIOS_DOMAIN$@REMOTE_REALM.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We have the password as raw UTF16 blob, which might not be
valid utf16, so we need to use cli_credentials_set_utf16_password().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
NT_STATUS_NOT_IMPLEMENTED lets it fallback to the old get_trust_pw_clear2()
code.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 18 06:46:05 CET 2014 on sn-devel-104
In the process, we can also rename pdb to avoid conflicts with libpdb.
We don't depend directly on pdb to avoid duplicate symbols.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10355
Change-Id: I4df6ba2f4ce35d3718dc4198b527cca46a139efe
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Instead of passing down gid or uid, a pointer to a unixid is now sent
down. This acts as an in-out variable so that the idmap functions can
correctly receive ID_TYPE_BOTH, filling in cache details correctly
rather than forcing the cache to store ID_TYPE_UID or ID_TYPE_GID.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10720
Change-Id: I11409a0f498e61a3c0a6ae606dd7af1135e6b066
Pair-programmed-with: Andrew Bartlett <abarlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We should not write to memory marked as const
(returned from pdb_get_pw_history())!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
ctdb gives us 0-sized records for deleted passdb entries
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Nov 11 16:19:37 CET 2014 on sn-devel-104
This avoids some duplication in setting the machine account passsword
for the domain member and DC case.
This does not yet remove the duplication, that requires a bigger
restructure of the various routines used here to obtain the machine
and domain trust secrets.
Also no longer used is the timeout/2 code to not set the previous
password. It is now always passed to the caller.
Andrew Bartlett
Change-Id: Idd5bafedf4cbac30b174955d743ec4128a6902ee
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Sep 20 08:29:31 CEST 2014 on sn-devel-104
The issue here is that pdb_set_plaintext_passwd() re-used the memory from pdb_get_pw_history() as input
We need to free this after we copy and set it.
Found by AddressSanitizer
Andrew Bartlett
Change-Id: I4e148e23ccbbe5444c969ff8f91709791c7696bb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
We now return the plaintext passwords for trusted domains so winbindd can use them.
Change-Id: Ifcd59b0be815d25b73bdbc41db7477895461c7b6
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Share options like "force group" and "valid users = @group1"
triggered a NT_STATUS_NO_SUCH_GROUP. While the group was found in
the SAM backend, its objectclass was not retrived.
This fix also revealed a talloc access after free in the group
branch of pdb_samba_dsdb_getgrfilter.
[Bug 9570] Access failure for shares with "force group" or "valid users = @group"
https://bugzilla.samba.org/show_bug.cgi?id=9570
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The pdb_samba_dsdb_getgrfilter() function first determines the security type
of a group and sets map->sid_name_use accordingly. A little later, this
variable is set again, undoing the previous work.
https://bugzilla.samba.org/show_bug.cgi?id=10777
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 23 02:48:52 CEST 2014 on sn-devel-104
Signed-off-by: Justin Maggard <jmaggard@netgear.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sat Aug 9 00:44:06 CEST 2014 on sn-devel-104
This is generic enough that it could be used in all code.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jul 18 15:43:33 CEST 2014 on sn-devel-104
This is not allowed to be odd length, as otherwise we can not send it over the SAMR transport correctly.
Allocating one byte less memory than required causes malloc() heap corruption
and then a crash or lockup of the SAMR server.
Andrew Bartlett
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10130
Change-Id: I5c0c531c1d660141e07f884a4789ebe11c1716f6
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This will allow winbindd to know when we are an RODC
without needing to dig into sam.ldb.
Change-Id: Ibdfa37fe6269305ccc5db42479f4a8db5eea53f3
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
This patch seems odd, but the pdb_samba_dsdb module has exactly this
semantics. That is, the pdb_samba_dsdb is responsible for all IDMAP
values, due to backing on to the idmap.ldb allocator. This option is
added so we can continue to support the mappings written into that
database even when switching winbindd implementations - the source4/
winbind code would only ask the idmap_ldb code, no matter what the
SID.
Almost all of the behaviour for this is already in winbindd, but we
need this extra flag function so as to avoid (currently intentional)
errors at startup due to not having a per-domain allocation
configured in the smb.conf.
Andrew Bartlett
Change-Id: I6b0d7a1463fe28dfd36715af0285911ecc07585c
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
This avoids use-after-free errors and tdb database churn.
Andrew Bartlett
Change-Id: If7ab2e24556d9dffc7ad22c0489d665dd75a0cab
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Signed-off-by: Samuel Cabrero <scabrero@zentyal.com>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date(master): Fri May 30 15:29:29 CEST 2014 on sn-devel-104
And don't cache in the pdb_ldap module on the id_to_sid calls.
Signed-off-by: Alexander Werth <alexander.werth@de.ibm.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sat May 3 04:14:05 CEST 2014 on sn-devel-104
This allows us to avoid the domain lookup in the constructed attribute
when not required.
By using msDS-User-Account-Control-Computed the lockout and password
expiry checks are now handled in the operational ldb module.
Andrew Bartlett
Change-Id: I6eb94933e4602e2e50c2126062e9dfa83a46191b
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Following the current coding guidelines, it is considered bad practice to return from
within a macro and change control flow as they look like normal function calls.
Change-Id: I133eb5a699757ae57b87d3bd3ebbcf5b556b0268
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
If we have no name indexes for a domain, all names were domain
names and have been resolved earlier, including the domain name.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463
Change-Id: I5a7a387fa89d2b2bdd465c13b3dca0e18ca0482c
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Feb 25 11:17:18 CET 2014 on sn-devel-104
Coverity-id: 1107228,1107227
Signed-off-by: Poornima Gurusiddaiah <pgurusid@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Moved the call to the talloc autofree function to as early a point as
possible. init_ldap_from_sam() already calls smbldap_set_mod(), and there's
a chance that the init will fail after having already allocated memory for
&mods.
Coverity-Id: 1167997
Change-Id: Ic26bfb3c530f90aa885e447b8409deba49708d64
Reviewed-by: Ira Cooper <ira@samba.org>
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
Reviewed-by: Simo Sorce <idra@samba.org>