1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

38 Commits

Author SHA1 Message Date
Volker Lendecke
4cbc9369fb lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-03-11 16:11:07 +01:00
Jeremy Allison
821bd95156 Replace all uses of setXX[ug]id() and setgroups with samba_setXX[ug]id() calls.
Will allow thread-specific credentials to be added by modifying
the central definitions. Deliberately left the setXX[ug]id()
call in popt as this is not used in Samba.
2012-06-28 17:15:16 -07:00
Günther Deschner
49fcf653b1 s3-includes: only include system/passwd.h when needed.
Guenther
2011-03-30 01:13:07 +02:00
Christian Ambach
ed46dfc4f1 s3: use getgrset() when it is available
When getgrouplist() is not defined, use getgrset() if it is defined
instead of using the initgroups() + getgroups() combo

Major contributions from Yannick Bergeron <yaberger@ca.ibm.com>

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Mar 19 10:09:38 CET 2011 on sn-devel-104
2011-03-19 10:09:38 +01:00
Stefan Metzmacher
d7fa349052 s3:auth: change num_groups to from size_t to uint32_t
This will help with the change from UNIX_USER_TOKEN to security_unix_token

metze
2011-02-22 16:20:11 +11:00
Günther Deschner
7ff7eb0b52 s3-build: only include nsswitch header where needed.
Guenther
2010-08-26 00:20:28 +02:00
Peter Watkins
d3a42946cc s3: Fix initgroups return check
A return code of 1 from initgroups() is OK since apparently it means
the gid has already been set. The man page doesn't mention this.
2010-02-14 12:45:04 +01:00
Yannick Bergeron
c3e12444f5 Increase the max_grp value to 128 (AIX NGROUPS_MAX value) instead of 32 to allow AIX to call sys_getgrouplist only once 2009-07-31 04:34:37 -04:00
Stefan Metzmacher
cedfcaec0c nsswitch: convert winbind_env_set(), winbind_on() and winbind_off() into macros
metze
(This used to be commit 5f623f54a9)
2008-02-13 10:44:52 +01:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
2007-10-18 17:40:25 -07:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Volker Lendecke
5e8a4c12f9 r23528: Two changes to make the valgrind massif (heap profiler) output readable:
Remove the allocated inbuf/output. In async I/O we copy the buffers
explicitly now, so NewInBuffer is called exactly once. This does not
reduce memory footprint, but removes one of the larger chunks that
clobber the rest of the massif output

In getgroups_unix_user on Linux 2.6 we allocated 64k groups x 4 bytes
per group x 2 (once in the routine itself and once in libc) = 512k just
to throw it away directly again. This reduces it do a more typical limit
of 32 groups per user. We certainly cope with overflow fine if 32 is not
enough. Not 100% sure about this one, a DEVELOPER only thing?
(This used to be commit 009af09099)
2007-10-10 12:23:26 -05:00
James Peach
b1ce226af8 r23510: Tidy calls to smb_panic by removing trailing newlines. Print the
failed expression in SMB_ASSERT.
(This used to be commit 171dc060e2)
2007-10-10 12:23:23 -05:00
James Peach
74c74f8dcc r23393: Support BSD group semantics by making sure that the effective GID is always
passed as the first GID when calling setgroups(2).
(This used to be commit 6ebaf856c1)
2007-10-10 12:23:12 -05:00
Jeremy Allison
63609fbb04 r20090: Fix a class of bugs found by James Peach. Ensure
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
(This used to be commit 0ffca7559e)
2007-10-10 12:16:24 -05:00
Gerald Carter
2145eff91d r19419: BUG 4109: Patch from Timur Bakeyev. Fix bug causing smbd to turn off
winbindd and fail to disable the _NO_WINBIND environment.
(This used to be commit a6366b40b3)
2007-10-10 12:15:34 -05:00
Gerald Carter
e4998337e7 r14868: I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.

...

Fix my brain dead inverted logic for turning winbindd on and off
when run on a DC or when calling pdb functions from within winbindd.
(This used to be commit 021b3dc2db)
2007-10-10 11:15:52 -05:00
Gerald Carter
6c9eaa6880 r14855: Various fixes:
* depreacte 'acl group control' after discussion with Jeremy
  and implement functionality as part of 'dos filemode'
* fix winbindd on a non-member server to expand local groups
* prevent code previously only used by smbd from blindly
  turning _NO_WINBINDD back on
(This used to be commit 4ab372f4ca)
2007-10-10 11:15:51 -05:00
Jeremy Allison
894358a8f3 r13915: Fixed a very interesting class of realloc() bugs found by Coverity.
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.

The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :

 tmp = realloc(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :

 p = realloc(p, size)
 if (!p) {
    return error;
 }

which will leak the memory pointed to by p on realloc fail.

This commit (hopefully) fixes all these cases by moving to
a standard idiom of :

 p = SMB_REALLOC(p, size)
 if (!p) {
    return error;
 }

Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.

For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :

 tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).

It remains to be seen what this will do to our Coverity bug count :-).

Jeremy.
(This used to be commit 1d710d06a2)
2007-10-10 11:10:59 -05:00
Volker Lendecke
301d51e13a r13494: Merge the stuff I've done in head the last days.
Volker
(This used to be commit bb40e544de)
2007-10-10 11:10:06 -05:00
Gerald Carter
75ef18fa75 r13460: by popular demand....
* remove pdb_context data structure
* set default group for DOMAIN_RID_GUEST user as RID 513 (just
  like Windows)
* Allow RID 513 to resolve to always resolve to a name
* Remove auto mapping of guest account primary group given the
  previous 2 changes
(This used to be commit 7a2da5f0cc)
2007-10-10 11:10:04 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Volker Lendecke
8ee13ab866 r12291: Make getgroups_user static.
Jeremy, there's a #ifdef'ed 0 call to this in your usershare code. We need to
talk about what exactly what you intend to do here and in what scenarios.

Volker
(This used to be commit 95094ef758)
2007-10-10 11:05:52 -05:00
Jeremy Allison
8d7c886671 r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4
x86_64 box.
Jeremy.
(This used to be commit d720867a78)
2007-10-10 11:05:02 -05:00
Volker Lendecke
e84ead0cfd r6080: Port some of the non-critical changes from HEAD to 3_0. The main one is the
change in pdb_enum_alias_memberships to match samr.idl a bit closer.

Volker
(This used to be commit 3a67865169)
2007-10-10 10:56:20 -05:00
Volker Lendecke
3924332071 r5127: Fix Bug 2289 -- thanks to jason@ncac.gwu.edu
(This used to be commit 8c35c3bf2e)
2007-10-10 10:55:28 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Volker Lendecke
f9e87b9ba6 r3705: Nobody has commented, so I'll take this as an ack...
abartlet, I'd like to ask you to take a severe look at this!

We have solved the problem to find the global groups a user is in twice: Once
in auth_util.c and another time for the corresponding samr call. The attached
patch unifies these and sends them through the passdb backend (new function
pdb_enum_group_memberships). Thus it gives pdb_ldap.c the chance to further
optimize the corresponding call if the samba and posix accounts are unified by
issuing a specialized ldap query.

The parameter to activate this ldapsam behaviour is

ldapsam:trusted = yes

Volker
(This used to be commit b94838aff1)
2007-10-10 10:53:15 -05:00
Gerald Carter
1b69619e6d r470: BUG 1302: fix seg fault by not trying to optimize a list of invalid gids using the wrong array size
(This used to be commit 3003769164)
2007-10-10 10:51:24 -05:00
Gerald Carter
ae2e649074 r288: combination of BUG 1081 and patch from J. Klinger -- added remove_duplicate_gids() to smbd and winbindd
(This used to be commit 95c68103ea)
2007-10-10 10:51:16 -05:00
Gerald Carter
b526d07d54 wrap internals of sys_setgroups() so the sys_XX() call can be done unconditionally; bug 550
(This used to be commit 9df3f53e6a)
2003-10-01 17:01:21 +00:00
Gerald Carter
0b18acb841 and so it begins....
* remove idmap_XX_to_XX calls from smbd.  Move back to the
  the winbind_XXX and local_XXX calls used in 2.2

* all uid/gid allocation must involve winbindd now

* move flags field around in winbindd_request struct

* add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id()
  to prevent automatic allocation for unknown SIDs

* add 'winbind trusted domains only' parameter to force a domain member
  server to use matching users names from /etc/passwd for its domain
  (needed for domain member of a Samba domain)

* rename 'idmap only' to 'enable rid algorithm' for better clarity
  (defaults to "yes")

code has been tested on

  * domain member of native mode 2k domain
  * ads domain member of native mode 2k domain
  * domain member of NT4 domain
  * domain member of Samba domain
  * Samba PDC running winbindd with trusts

Logons tested using 2k clients and smbclient as domain users
and trusted users. Tested both 'winbind trusted domains only = [yes|no]'

This will be a long week of changes.  The next item on the list is
winbindd_passdb.c & machine trust accounts not in /etc/passwd (done
via winbindd_passdb)
(This used to be commit 8266dffab4)
2003-07-07 05:11:10 +00:00
Gerald Carter
1d8cd8faf6 fix for platforms that don't have unsetenv().
we now have to check the value for _NO_WINBINDD.
"1" enables, and != "1" disables (use "0" by convention).
(This used to be commit 11eccaef1d)
2003-06-30 16:18:29 +00:00
Gerald Carter
b8723aaa65 Here's the code to make winbindd work on a Samba DC
to handle domain trusts.  Jeremy and I talked about this
and it's going in as working code.  It keeps winbind clean
and solves the trust problem with minimal changes.

To summarize, there are 2 basic cases where the deadlock would
occur.  (1) lookuping up secondary groups for a user, and
(2) get[gr|pw]nam() calls that fall through the NSS layer because
they don't exist anywhere.

o To handle case #1, we bypass winbindd in sys_getgrouplist() unless
  the username includes the 'winbind separator'.

o Case #2 is handled by adding checks in winbindd to return failure
  if we are a DC and the domain matches our own.

This code has been tested using basic share connections, domain
logons, and with pam_winbind (both with and without 'winbind
use default domain').  The 'trustdomain' auth module should work
as well if an admin wants to manually create UNIX users for
acounts in the trusted domains.

Other misc fixes:

  * we need to fix check_ntlm_password() to be able to determine
    if an auth module is authoritative over a user (NT_STATUS_WRONG_PASSWORD,
    etc...).  I worked around my specific situation, but this needs to be
    fixed.  the winbindd auth module was causing delays.
  * fix named server mutex deadlock between trust domain auth module
    and winbindd looking up a uid
  * make sure SAM_ACCOUNT gets stored in the server_info struct for the
    _net_sam_logon() reply.

Configuration details:

The recommended method for supporting trusts is to use winbind.
The gets us around some of the server mutex issues as well.

  * set 'files winbind' for passwd: and group: in /etc/nsswitch.conf
  * create domain trusts like normal
  * join winbind on the pdc to the Samba domain using 'net rpc join'
  * add normal parameters to smb.conf for winbind
  * set 'auth method = guest sam winbind'
  * start smbd, nmbd, & winbindd

Problems that remain:

  * join a Windows 2k/XP box to a Samba domain.
  * create a 2-way trust between the Samba domain
    and an NT domain
  * logon to the windows client as a user from theh trusted
    domain
  * try to browse server in the trusted domain (or other
    workstations).  an NT client seems to work ok, but 2k
    and XP either prompt for passwords or fail with errors.

apparanently this never got tested since no one has ever been
able to logon as a trusted user to a Samba domain from a Windows
client.
(This used to be commit f804b590f9)
2003-06-29 03:39:50 +00:00
Andrew Bartlett
251ea1e677 Merge minor library fixes from HEAD to 3.0.
- setenv() replacement
 - mimir's ASN1/SPNEGO typo fixes
 - (size_t)-1 fixes for push_* returns
 - function argument signed/unsigned correction
 - ASN1 error handling (ensure we don't use initiailsed data)
 - extra net ads join error checking
 - allow 'set security discriptor' to fail
 - escape ldap strings in libads.
 - getgrouplist() correctness fixes (include primary gid)

Andrew Bartlett
(This used to be commit e9d6e2ea9a)
2003-02-19 12:31:16 +00:00
Gerald Carter
a834a73e34 sync'ing up for 3.0alpha20 release
(This used to be commit 65e7b5273b)
2002-09-25 15:19:00 +00:00
Andrew Bartlett
8690b271a6 Move tridge's getgrouplist() replacement function from replace.c to a new
'system_smbd.c' file, where it can link with become_root() and unbecome_root(),
and therefore avoiding some nasty 'it workes on linux' bugs.

(The replacement function is implemented in terms of initgroups(), which is
naturally only avaliable to root).

Andrew Bartlett
(This used to be commit a91018dd02)
2002-08-17 07:09:22 +00:00