IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We call make_server_info(NULL) and it is possible that we do not free
it, because server_info is not allocated on the memory context we pass
to the function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
We set nt_username above but do not use it in this function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Core fix for:
https://bugzilla.samba.org/show_bug.cgi?id=11044
Based on code from Michael Zeis <mzeis.quantum@gmail.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 30 09:14:51 CET 2014 on sn-devel-104
Both functions only read from the struct netr_SamInfo3 * argument.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Simo Sorce <idra@samba.org>
Change-Id: Iedf516e8c24e0d18064aeedd8e287ed692d3c5b4
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Change-Id: If53117023e3ab37c810193edd00a81d247fdde7a
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb 19 01:28:14 CET 2014 on sn-devel-104
Correctly lookup users which come from smb.conf. passwd_to_SamInfo3()
tries to contact winbind if the user is a domain user to get
valid information about it. If winbind isn't running it will try to
create everything from the passwd struct. This is not always reliable
but works in most cases. It improves the current situation which doesn't
talk to winbind at all.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb 5 01:40:38 CET 2014 on sn-devel-104
s3: never try to map global SAM name
Do not treat the global SAM name as a BOGUS domain, and exempt
local users from mapping, instead. This change reinstates the
exact mapping behaviour of Samba 3.2 if parameter 'map untrusted
to domain' is set.
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Still need to fix AES support for the returned validation info.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Currently in smb_getpwnam() the NetBIOS domain name and the winbind separator
character is always added to the user name returned by Get_Pwnam_alloc() if it
does not contain the winbind separator character. As comments in the code
indicates this is done as a work around if 'winbind use default domain' is set
to yes in the samba configuration.
This make sense if the option is set because otherwise the domain information is
lost from the user name. But it causes errors if other services than winbind are
used for user lookup, e.g. sssd. sssd can handle different kind of fully
qualified user names as input, e.g. user@domain.name or DOM\user, but returns a
canonical name, by default user@domain.name.
While it would be possible to get around this issue with a special configuration
either on the sssd or samba side I think the cleaner solution is to use the work
around only if 'winbind use default domain' is set to yes which is what this
patch does.
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Nov 12 15:54:15 CET 2012 on sn-devel-104
This was incorrect in commit 9dd7e7fc2d6d1aa7f3c3b741ac134e087ce808fd
as the RID was from the BUILTIN domain, but this creates a guest
account token for the real domain.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jul 19 05:56:28 CEST 2012 on sn-devel-104
This reverts commit 00089fd74af740f832573d904312854e494a869e.
The issue with this patch, which I did sign off on, is that for the
domain member case, we already know that the SID is reasonable and
valid, and we indeed rely on that, because we keep it as an additonal
group anyway. The primary group is not so special that we need to do
extra validation.
Calling this function may put a user into the domain 'domain users'
group, even if they are not in that group to start with.
Andrew Bartlett
They use talloc_tos() internally: hoist that up to the callers, some
of whom don't want to us talloc_tos().
A simple patch, but hits a lot of files.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This is important in some situations where these queries might be
costly LDAP queries and is just not required for the system token.
This is because the system token should be just the NT
AUTHORITY\SYSTEM user and just enough unix info to allow the token to
be used.
Andrew Bartlett
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 19 13:34:28 CEST 2012 on sn-devel-104
This is important in some situations where these queries might be
costly LDAP queries and is just not required for the system token.
This is because the system token should be just the NT
AUTHORITY\SYSTEM user and just enough unix info to allow the token to
be used.
We query only NSS to get the name of sec_initial_uid()
Signed-off-by: Andreas Schneider <asn@samba.org>
With the split up to handle system specially, there is no need for these
static helper functions any more.
Andrew Bartlett
Signed-off-by: Andreas Schneider <asn@samba.org>
This removes the duplication on how to detect that a user is system in Samba
now that the smbd system account is also only SID_NT_SYSTEM we can use the same
check everywhere.
Andrew Bartlett
Signed-off-by: Andreas Schneider <asn@samba.org>
The SID for the SYSTEM token should be a fixed value, and not the
administrator. Note however that it will be replaced by the SID of
sec_initial_uid() by the create_local_token() code. Fixing this
requires fixes the other parts of the code that cannot cope with a
token of just SID_NT_SYSTEM.
Andrew Bartlett
This continues on from commit caaebb455cf955f66c2f662c53998c480cb2d6c9
which is marked as being part of bug #8944, ldapsam:trusted and ipasam
and an additional fix for bug #8567
(0528cb5f3a15b72dcb34ece21a3ffb3e7b8d6eb9).
The problem here was that the primary_gid was simply the pointer result
of dom_sid_parse_talloc() cast to a uint32_t (found by the IRIX cc on
the build farm).
Andrew Bartlett
This avoids the union in the struct wbcUnixId and moves us to using only struct unixid
internally.
Andrew Bartlett
Signed-off-by: Michael Adam <obnox@samba.org>
On LSA and SAMR pipes session_key is truncated to 16 byte when doing encryption/decryption.
However, this was not done for trusted domain-related modifying operations.
As result, Samba 4 client libraries do not work against Samba 3 while working
against Windows 2008 r2.
Solved this by introducing "session_extract_session_key()" function that allows to specify
intent of use of the key.
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Mar 13 12:23:44 CET 2012 on sn-devel-104
This patch ensures consistency in behaviour between NTLMSSP and NTLM
session setup handlers. By calling the same layer that auth_ntlmssp
calls, we can not only allow redirection of all authentication to the
AD DC, we ensure that map to guest and username map handling is
consistent, even in the file server alone.
Andrew Bartlett
This was lost when the server_info and session_info structures were split.
This helps avoid doing lookups for the guest account to determine the
uid/gid and SID values.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 22 15:51:09 CET 2011 on sn-devel-104
Change some misleading variable names to reflect the actual function.
Add missing field name/types previously marked as unkown.
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
this allows the s3 code to understand and cache responses from the s4
winbindd which may include a single SID mapped to both a uid and a gid
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Fri Sep 23 01:47:54 CEST 2011 on sn-devel-104
This structure element was only written to, not read.
It is filled into the companion structure, auth_session_info()
by create_local_token().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Rather than passing this value around the callers, and eventually
setting it in register_existing_vuid(), we simply pass it to
create_local_token(). This also removes the need for
auth_ntlmssp_get_username().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This means we no longer need two different map to guest functions
and have consistent logic with fewer layering violations.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
