1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

44 Commits

Author SHA1 Message Date
Joseph Sutton
0a3aa5f908 CVE-2022-32746 ldb: Make use of functions for appending to an ldb_message
This aims to minimise usage of the error-prone pattern of searching for
a just-added message element in order to make modifications to it (and
potentially finding the wrong element).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-27 10:52:36 +00:00
Douglas Bagnall
213a8d551d s4/winbind/idmap: check the right variable (CID 1272950)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-07-06 12:30:33 +00:00
Noel Power
c534b05c8d s4/winbind: clang: Fixes 'Value stored during its initialization is never read'
Fixes:

source4/winbind/idmap.c:214:11: warning: Value stored to 'status' during its initialization is never read <--[clang]
        NTSTATUS status = NT_STATUS_NONE_MAPPED;

source4/winbind/idmap.c:397:11: warning: Value stored to 'status' during its initialization is never read <--[clang]
        NTSTATUS status = NT_STATUS_NONE_MAPPED;
                 ^~~~~~   ~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-09-26 18:41:26 +00:00
Mathieu Parent
271b04aaae Spelling fixes s/noone/no one/
Skipping source4/torture/winbind/struct_based.c

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-09-01 22:21:27 +00:00
Volker Lendecke
f1e71a2c1e winbind4: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-08 03:40:28 +01:00
Gary Lockyer
5c0345ea9b samdb: Add remote address to connect
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-10 20:02:23 +02:00
Volker Lendecke
2e1dc952f0 idmap4: Use sid_check_is_in_unix_groups()
This avoids the need for the special unix groups sid

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Dec 29 00:05:25 CET 2016 on sn-devel-144
2016-12-29 00:05:25 +01:00
Volker Lendecke
e06a342f80 idmap4: Use sid_check_is_in_unix_users()
This avoids the need for the special unix users sid

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-12-28 20:17:13 +01:00
Volker Lendecke
6830a6a350 idmap4: Slightly simplify idmap_xid_to_sid
No need to parse "S-1-22-1", we have global_sid_Unix_Users

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-12-28 20:17:12 +01:00
Volker Lendecke
2146df24d8 idmap4: Fix error path memleaks in idmap_init
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-12-28 20:17:12 +01:00
Volker Lendecke
f39ed433dc idmap4: Fix idmap_ctx talloc hierarchy
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-12-28 20:17:12 +01:00
Garming Sam
58b343be47 idmap: return the correct id type to *id_to_sid methods
We have a pointer to a unixid which is sent down instead of a uid or
gid. We can use this as an in-out variable so that pdb_samba_dsdb can be
returned ID_TYPE_BOTH to cache correctly instead of leaving it as
ID_TYPE_UID or ID_TYPE_GID.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10720

Change-Id: I0cef2e419cbb337531244b7b41c708cf2ab883e3
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-12-03 04:21:09 +01:00
Michael Adam
8bf311288b s4:idmap: break account_type check lines for readability in idmap_sid_to_xid()
Also makes code obey README.Coding, regarding line-length.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon May 27 00:05:19 CEST 2013 on sn-devel-104
2013-05-27 00:05:19 +02:00
Andrew Bartlett
5e0fcb04a4 s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307
This change matches the source3/idmap/idmap_ad.c code, and allows this
feature to work with only the setting of the UID/GID in Active
Directory Users and Computers.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-10 14:52:56 +01:00
Michele Baldessari
008bb29023 Set trans to a value that is not LDB_SUCCESS (all LDB_ constants are
positive) so that any "goto failed:" call does not end up calling
ldb_transaction_cancel() if trans is initialized to 0 (LDB_SUCCESS)
by chance.

Signed-off-by: Jeremy Allison <jra@samba.org>
2012-09-10 14:58:28 -07:00
Sergey Urushkin
e8b3b1c110 s4 rfc2307 gids mapping fix
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-07-22 19:11:26 +10:00
Andrew Bartlett
8822b3b662 s4-param: Remove unused "idmap trusted only"
When we revamp the idmap layer, we will end up just following the s3
options, and this option is not used there either.

Andrew Bartlett

Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2012-07-19 08:02:32 +02:00
Andrew Bartlett
352dbddb6d s4-idmap: Add parameter 'idmap_ldb:use rfc2307' and correct implementation errors 2012-06-20 16:22:41 +10:00
Andrew Bartlett
3c65bac0b6 s4-idmap: Add mapping using uidNumber and gidNumber like idmap_ad
This is a solution for users who are upgrading from Samba 3.x in
particuar, or have clients that will be using idmap_ad.  This avoids
needing to have duplicate values in idmap.ldb and in the directory.

No check for conflicts is made with the idmap.ldb - the AD store always wins.

Andrew Bartlett
2012-06-16 08:18:10 +02:00
Andrew Bartlett
834d590bcf s4-param Remove 'idmap database'
This is now just idmap.ldb in the private dir, which remains.
2011-06-06 15:02:39 +10:00
Andrew Tridgell
8dc92c8f71 ldb: use #include <ldb.h> for ldb
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-10 06:51:07 +01:00
Matthias Dieter Wallnöfer
90db6a793a s4:winbind/idmap.c - we cannot use "failed" until we are in a transaction
We've to wait until "trans" is initialised.
2011-01-12 19:52:19 +01:00
Andrew Tridgell
6b266b85cf s4-loadparm: 2nd half of lp_ to lpcfg_ conversion
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-16 18:24:27 +10:00
Stefan Metzmacher
6dbcffb51d s4:lib: merge LDB_WRAP and LDBSAMBA and make LDBSAMBA a library.
This is needed to remove samba specifc symbols from the bundled
ldb, in order to get the ABI right.

metze

Signed-off-by: Andreas Schneider <asn@samba.org>
2010-06-16 14:07:28 +02:00
Andrew Bartlett
1d66cb0e20 s4:winbind Give more detail on the parameters when reporting idmap failure 2010-05-24 23:08:57 +10:00
Andrew Bartlett
dceca3d8ae s4:winbind Change idmap API to match that used by the source3/ idmap subsystem
This makes it much easier to write an idmap module that bridges the gap.

We should finish the change to the new API, but for the moment this
choke point works for the conversion.

Andrew Bartlett
2010-05-24 23:08:57 +10:00
Andrew Bartlett
9573c35636 s4:winbind Change include guard so as not to conflict with idmap.h in source3 2010-05-24 23:08:57 +10:00
Andrew Bartlett
285647664c s4:idmap Adjust code to new idmap structure names and layout.
Andrew Bartlett
2010-05-24 23:08:56 +10:00
Jelmer Vernooij
f9ca9e46ad Finish removal of iconv_convenience in public API's. 2010-05-18 11:45:30 +02:00
Kai Blin
ea055e8c79 s4: Switch to S3-style id mapping data types. 2010-02-11 23:56:35 +01:00
Kai Blin
86d70ae944 s4 idmap: Make the sid_to_xid and xid_to_sid calls static.
Looking at the winbind interface, we should only be using the bulk conversion calls.
2010-02-11 23:56:35 +01:00
Andrew Tridgell
4ad0397d8a s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()
This allows us to reuse a ldb context if it is open twice, instead
of going through the expensive process of a full ldb open. We can
reuse it if all of the parameters are the same.

The change relies on callers using talloc_unlink() or free of a parent
to close a ldb context.
2009-10-23 14:52:17 +11:00
Andrew Tridgell
7f1832c469 s4: ran minimal_includes.pl on source4/winbind 2009-10-20 16:04:51 +11:00
Kai Blin
07aa05f678 shared: Move dom_sid_* utility functions to top level 2009-02-01 19:42:30 +01:00
Stefan Metzmacher
183c379fe5 s4:lib/tevent: rename structs
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"

for s in $list; do
	o=`echo $s | cut -d ':' -f1`
	n=`echo $s | cut -d ':' -f2`
	r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
	files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
	for f in $files; do
		cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
		mv $f.tmp $f
	done
done

metze
2008-12-29 20:46:40 +01:00
Simo Sorce
508527890a Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
2008-09-23 18:17:46 -04:00
Jelmer Vernooij
21fc767378 Specify event_context to ldb_wrap_connect explicitly.
(This used to be commit b4e1ae07a2)
2008-04-17 12:23:44 +02:00
Andrew Tridgell
6abdaefb0f show what type of idmapping has failed
(This used to be commit 8a22241952)
2008-04-14 11:30:10 +02:00
Kai Blin
b6c48091d4 idmap: Also store sid type in the idmap db
(This used to be commit 018eb64f03)
2008-04-02 23:07:41 +02:00
Kai Blin
a1875b039b idmap: Map SIDs to unixids instead of uids/gids
(This used to be commit 73ac7c4a1c)
2008-03-18 10:55:31 +01:00
Kai Blin
99b311449f idmap: Handle SID->gid
(This used to be commit 78d22a28ec)
2008-02-21 11:22:15 +01:00
Kai Blin
705abe2cb3 idmap: Handle SID->uid
(This used to be commit 4037ca6b9c)
2008-02-21 11:22:10 +01:00
Kai Blin
9c7f714962 idmap: Handle gid->SID mapping
(This used to be commit 6f2d95030c)
2008-02-21 11:22:06 +01:00
Kai Blin
895874d966 idmap: Handle uid->SID mapping
(This used to be commit 6ac6de8476)
2008-02-21 11:21:59 +01:00