IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
There're no callers which try to pass a raw lm_response directly anymore.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Dec 9 13:09:37 CET 2016 on sn-devel-144
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec 7 00:11:03 CET 2016 on sn-devel-144
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sun Dec 4 20:20:19 CET 2016 on sn-devel-144
This is the only way to resolve cirular dependencies with these
libraries. I've tried several ways but this is the only way to do it
correctly. In future we should try to seperate them by passing down
information or making a more lightweight loadparm mechanism.
+---------+ +-------------+
| | | |
| param <---------+ +--------+ smbregistry |
| | | | | |
+----+----+ | | +------^------+
| +---+----v--+ |
| | | |
+----------> smbconf +------------+
| |
+-----------+
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will allow the table to be made static const in the next commit
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This makes it more obvious where this legacy code is used
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Nov 20 06:23:19 CET 2016 on sn-devel-144
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Nov 15 14:51:02 CET 2016 on sn-devel-144
There're no callers which tried to pass raw {lm,nt}_response any more.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The domain child for the MACHINE ACCOUNT might fail with
NT_STATUS_NO_MEMORY because an emtpy user list is returned.
*pnum_info is already set to 0 at the beginngin so we should just
declare victory here!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12405
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 3 05:36:17 CET 2016 on sn-devel-144
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Oct 26 19:45:17 CEST 2016 on sn-devel-144
When doing NTLM validation of credentials, do not modify the
credentials - they might be used in the calculation of
the response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12375
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 11 23:59:18 CEST 2016 on sn-devel-144
domain->methods is always set to cache_methods; call those functions
directly instead of going through the indirection.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is in preparation for calling these directly instead of the
domain->methods indirection.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
For example for samba client joined to a windows AD DC the following
commands fail if 'winbind use default domain = yes'
getent passwd user@domain.com
ssh -o user=user@domain.com localhost
The same commands succeed if the setting above has the default 'no' value
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12298
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Oct 3 23:37:44 CEST 2016 on sn-devel-144
If the idmap call in wb_sids2xids fails, the callers expect xid.type to
be set to ID_TYPE_NOT_SPECIFIED, not the internal type field that is
initialized from the lookupsids call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12295
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 30 02:10:29 CEST 2016 on sn-devel-144
cli_credentials_set_machine_account only reads from a local tdb. Change
that call to cli_credentials_set_machine_account_db_ctx to fix this for
clustered Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12295
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Don't refresh sequence number in parent as the
mapping comes from a trusted DC.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Remove redundant parameter.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
In addition to priming the netsamlogon cache.
This prevents a winbind AD-DC lookup for something
the PAC already told us.
Note we only do this in the case where the PAC successfully
passed signature verification.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
If needed we can add this into actual tevent.
Preparing to remove source3/lib/events.c
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
According to the documentation the commands should look like
"IDTOSID UID xxxx" instead of "UID xxxx".
This fixes changes of commit b4239ca096:
idmap_script: Parallelize script calls
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12194
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 6 19:32:57 CEST 2016 on sn-devel-144
Also add a comment why the file is placed in the state directory.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 19 13:30:23 CEST 2016 on sn-devel-144
Note: in the long run, it might be good to move this kind of
exit check (before handing the result back to the client)
to the parent winbindd code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12155
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Aug 17 01:21:39 CEST 2016 on sn-devel-144
If the range allows it, then id==0 should not be forbidden.
This seems to have been taken in from idmap_ldap when the
function was originally created.
See 634cd2e045 .
The other backends don't seem to have had that
extra check for id == 0.
The reasoning for this change is that the range check should
apply to all cases. If the range includes the 0, then it
should be possible to get it as result. In particular,
this way, the function becomes applicable also to the
passdb backend case, e.g. in a samba4-ad-dc setup where
the Admin gets uid == 0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12155
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
With modern messaging this doesn't do anything (it's an
empty destructor). Clean up so we can add a proper destructor
in future.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The sign of the uid_t type is left unspecified by POSIX. It's defined as
an unsigned 32b int on Linux, therefore the < 0 check is always
false.
For unsigned version of uid_t, "uid == -1" will implicitely cast -1 to
unsigned making it a valid test for both signed and unsigned version of
uid_t.
This commit makes the cast to (uid_t) explicit anyway.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jul 1 05:22:36 CEST 2016 on sn-devel-144
When we allow offline logon and have a lot of logins, windbind will leak
4k of memory which each log in. On systems with heavy load this can grow
quickly and the OOM killer will kill Winbind.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11999
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 29 19:03:53 CEST 2016 on sn-devel-144
When doing a SID to xid mapping for an unknown SID, the idmap child gets
passed a lsa_RefDomainList with an empty domain name (ie ""). This is
coming from LsaLookupSids() and causes the mapping request to end up in
the default idmap domain.
Example request with domain name "":
wbint_Sids2UnixIDs: struct wbint_Sids2UnixIDs
in: struct wbint_Sids2UnixIDs
domains : *
domains: struct lsa_RefDomainList
count : 0x00000001 (1)
domains : *
domains: ARRAY(1)
domains: struct lsa_DomainInfo
name: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0002 (2)
string : *
string : ''
sid : *
sid : S-1-5-21-3152989960-574718769-2188965058
max_size : 0x00000020 (32)
ids : *
ids: struct wbint_TransIDArray
num_ids : 0x00000001 (1)
ids: ARRAY(1)
ids: struct wbint_TransID
type : ID_TYPE_NOT_SPECIFIED (0)
domain_index : 0x00000000 (0)
rid : 0x000029aa (66666)
xid: struct unixid
id : 0xffffffff (4294967295)
type : ID_TYPE_NOT_SPECIFIED (0)
In _wbint_Sids2UnixIDs() we call idmap_find_domain_with_sid() with the
domain name "" and this triggers use of the default idmap domain which
in case of idmap_autorid will allocate an id from a idmap_autorid range.
If we know the domain, ensure we return it for SIDs were the SID was not
found but the domain of the SID was found. Callers like sids2xids depend
on the domain name and returning an empty string "" for valid domain can
trigger unwanted idmap range allocations.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Set socket options from smb.conf before negprot, as done by libsmbclient
Signed-off-by: Jim McDonough <jmcd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
When enumerating users we try to fetch sAMAccountType attribute which
might not be present for whatever reason.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Jun 2 09:04:13 CEST 2016 on sn-devel-144
