1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

1339 Commits

Author SHA1 Message Date
Günther Deschner
619671a718 r20240: Be a little more verbose about the credential flags when the debug flag
is set.

Guenther
(This used to be commit ecbab58826)
2007-10-10 12:16:35 -05:00
Günther Deschner
6fdbdfc86f r20239: Parse the configfile for pam_sm_setcred as well
(e.g. to get the debug flag)

Guenther
(This used to be commit 2c549f71f1)
2007-10-10 12:16:35 -05:00
Volker Lendecke
f5b3bed84f r20218: Same fix as r20217 -- can we consolidate that duplicated code a bit?
(This used to be commit fdb310f579)
2007-10-10 12:16:33 -05:00
Volker Lendecke
34a0885df0 r20217: uid_t and gid_t are not necessarily 32 bit. In assignments we get an automatic
conversion, but not when we pass pointers down to other functions.

Simo, please check.

Volker
(This used to be commit 04845f600b)
2007-10-10 12:16:33 -05:00
Simo Sorce
b1de1a6eab r20216: Fix fallback code.
A reversed check made it impossile to fallback to the Unix Domain mapping code.
Also fix a potential use of a freed array.

Jerry,
my tests shows that this code now correctly handle the fallback to Unix Domain
when our Domain member is asked for a mapped group that has a unix name different
from the Windows name against a Samba DC and we do not use winbindd but share
users/groups by other means (ldap / sync of passwd and group files)

Immediate Fix would be to discuss if we should answer back when DOMAIN\unixgroup -> SID
is asked for, in the case the unixgroup name is mapped to a different name.
IE: DOMAIN\Domain Admins -> ntadmins

Currently if we are asked for "DOMAIN\Domain Admins" we return the dom admins SID
If we are asked for "DOMAIN\ntadmins we return "not found", but we may consider to
return the Domain admins SID in this case too.

Comments are welcome on this point!

Long term fix I think is the unixinfo pipe and of course an idmap_unixinfo moudle.

Simo.
(This used to be commit 07bdbb4c21)
2007-10-10 12:16:33 -05:00
Jeremy Allison
f0c7dc544b r20207: Fix a couple more places where extra_data was
being talloc'ed off the NULL context instead
of being malloced.
Jeremy.
(This used to be commit 47bdeb4efe)
2007-10-10 12:16:32 -05:00
Jeremy Allison
bf8988feaf r20206: Start cleaning up the talloc_ctx mess.
child->mem_ctx isn't actually used for
anything, so remove it.
Jeremy.
(This used to be commit a7f294b592)
2007-10-10 12:16:31 -05:00
Günther Deschner
b49f0ae018 r20186: Fix winbind crash bug in WINBIND_GETGROUPS.
response_extra_sent() expects to free a malloced
extra_data.data while the add_XX_to_array functions all return talloced
memory now. Jeremy, please check.

Guenther
(This used to be commit 9f34c9f369)
2007-10-10 12:16:31 -05:00
Jeremy Allison
63d8197453 r20180: Ensure that pam returns the correct error messages
when offline and or doing password changes.
Jeremy.
(This used to be commit 4a74c55384)
2007-10-10 12:16:30 -05:00
Günther Deschner
3ff4f4410f r20171: Don't delete the krb5 credential if others still reference to it.
Guenther
(This used to be commit a1378979be)
2007-10-10 12:16:29 -05:00
Simo Sorce
1da72a1c3f r20155: revert, I misread
(This used to be commit 20aa6322ef)
2007-10-10 12:16:28 -05:00
Simo Sorce
7c5dba63a0 r20154: Fix nasty typo, hunting another bug
(This used to be commit bf8dc44cc2)
2007-10-10 12:16:28 -05:00
Simo Sorce
9b5354bea4 r20151: remove meaningless checks
(This used to be commit 33a55f0cfc)
2007-10-10 12:16:28 -05:00
Simo Sorce
25fe484101 r20150: better memory handling for some functions, make sure we don't
leak memory by using the wrong(long lived)  mem context
(This used to be commit a28cdd6e74)
2007-10-10 12:16:27 -05:00
Jeremy Allison
6b232e8c1f r20146: Now online checks are fully async we can do them
every cache timeout times.
Jeremy.
(This used to be commit 5d364bc5cc)
2007-10-10 12:16:27 -05:00
Jeremy Allison
ebb8161e1c r20140: Make online/offline detection completely asynchronous.
Now I've done this I might be able to reduce the probe
timeout and reduce the backoff algorithm, going back
to checking every cache time seconds (5 mins by default),
as the parent or forked domain child will never block.
Jeremy.
(This used to be commit d0add5f946)
2007-10-10 12:16:27 -05:00
Jim McDonough
86a11183f7 r20136: Fix #4290. Properly compute time to password expiration in message from
pam_winbind.  Thanks to Andrew Benham <andrew.benham@thus.net>
(This used to be commit 0d03f51379)
2007-10-10 12:16:27 -05:00
Herb Lewis
791f48f167 r20124: clean up nested extern declaration warnings
(This used to be commit ac3eb7813e)
2007-10-10 12:16:26 -05:00
Simo Sorce
7165944469 r20118: Fix some more warnings
(This used to be commit b6db21ff65)
2007-10-10 12:16:26 -05:00
Simo Sorce
79416a5226 r20117: 1st Error in the merge
(This used to be commit 5e46c43a2e)
2007-10-10 12:16:25 -05:00
Simo Sorce
4225f9a4bd r20116: Start merging in the work done to create the new idmap subsystem.
Simo.
(This used to be commit 50cd8bffee)
2007-10-10 12:16:25 -05:00
Jeremy Allison
63609fbb04 r20090: Fix a class of bugs found by James Peach. Ensure
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
(This used to be commit 0ffca7559e)
2007-10-10 12:16:24 -05:00
Jeremy Allison
5ce139751b r20087: Ensure we clean up any random pending events we
may have inherited from our parent in the winbindd
forked child.
Jeremy.
(This used to be commit 0a1352f440)
2007-10-10 12:16:23 -05:00
Jeremy Allison
5be92d0d18 r20082: When fork_domain_child is forked when we're offline
the child inherits *all* active check_online timout handlers.
This is bad when it's not our domain (ie. BUILTIN).
Jeremy.
(This used to be commit 8d815ec4c1)
2007-10-10 12:16:23 -05:00
Jeremy Allison
1c6de687f1 r20060: Fix the timout calculation.
Jeremy.
(This used to be commit 017be792f3)
2007-10-10 12:16:23 -05:00
Jeremy Allison
b59412e6bf r20058: Ensure we actually do the increasing time
calculation when in offline mode.
Jeremy.
(This used to be commit b7dc67ab2a)
2007-10-10 12:16:23 -05:00
Jeremy Allison
155083547a r20057: Attempt to fix connect timeouts when connected on
a network but not one on which any home DC's can
be found (hotel network problem). Still testing
but this is getting close.
Jeremy.
(This used to be commit 369c9e4138)
2007-10-10 12:16:23 -05:00
Jeremy Allison
490e3205bc r20035: Fix obvious horrible bug in falling back to MS-RPC
methods.
Jeremy.
(This used to be commit 7ac4ae4b51)
2007-10-10 12:16:21 -05:00
Jeremy Allison
4c98afb2de r19975: Deal with 2 keytypes I messed previously (DR/DE).
Fix code that mistakenly assumed tdb_traverse
returned 0 or -1, it actually returns -1 or the
number of entries traversed. Add a static as another
way to return the bad cache value.
Jeremy.
(This used to be commit 5266a70ae9)
2007-10-10 12:16:16 -05:00
Jeremy Allison
913222d76a r19974: Add freelist check for cache. Fix testing of entry
names (all except SEQNUM are *not* null terminated
strings).
Jeremy.
(This used to be commit bcb68260ba)
2007-10-10 12:16:16 -05:00
Jeremy Allison
2941b044b3 r19958: Add check for WINBIND_OFFLINE key.
Jeremy.
(This used to be commit 270e84db6d)
2007-10-10 12:16:15 -05:00
Jeremy Allison
ed34ffb147 r19957: Initial framework to make winbindd robust
against tdb corruption. Needs fleshing out
(and I forgot one record type) and needs helpful
suggestion from Volker to validate freelist,
but should give an idea of how this will look.
Jeremy.
(This used to be commit 8eb53f74e4)
2007-10-10 12:16:15 -05:00
Gerald Carter
95bfb97547 r19809: remove winbind blacklist parameter
(This used to be commit 40cff14498)
2007-10-10 12:15:57 -05:00
Gerald Carter
8fa0a80b49 r19754: * When using a krb5 session setup, we don't fill in the server_name
string the clis_state struct.  So call saf_store() after we
  have the short domain name in the lsa_query_inof_policy code.

* Remove unused server string in saf_delete()
(This used to be commit 3eddae2f20)
2007-10-10 12:15:53 -05:00
Jeremy Allison
8f723972ae r19710: Fix memory leak in get_conf_item_string(). As
we're just doing strchr on a const string there's
no need to strdup it before, we're never modifying
it. Just remove the variable "parm".
Jeremy.
(This used to be commit 1af18f613b)
2007-10-10 12:15:48 -05:00
Simo Sorce
b903eb231a r19703: Don't free a string if you want to return it!
(This used to be commit 3fed72ac3e)
2007-10-10 12:15:48 -05:00
Volker Lendecke
782d33e1c8 r19686: Fix the build
(This used to be commit 28ac023581)
2007-10-10 12:15:46 -05:00
Volker Lendecke
5f3a692748 r19667: Fix incorrect null check
(This used to be commit dc9cdf37e9)
2007-10-10 12:15:46 -05:00
Volker Lendecke
bf6bb74985 r19657: Correctly check for malloc failure
(This used to be commit e5b5c9b058)
2007-10-10 12:15:45 -05:00
Volker Lendecke
8371c0e44c r19656: Correctly check for malloc failure
(This used to be commit 3d0661b039)
2007-10-10 12:15:45 -05:00
Günther Deschner
61a38bd4b8 r19651: Fix interesting bug with the automatic site coverage in Active Directory:
When having DC-less sites, AD assigns DCs from other sites to that site
that does not have it's own DC. The most reliable way for us to identify
the nearest DC - in that and all other cases - is the closest_dc flag in
the CLDAP reply.

Guenther
(This used to be commit ff004f7284)
2007-10-10 12:15:44 -05:00
James Peach
9a02736348 r19626: Coalesce usage of DUMP_CORE. Fix formatting on chdir error message
in core dump path.
(This used to be commit 9a51fba71c)
2007-10-10 12:15:42 -05:00
Gerald Carter
80d40172ef r19420: Remove strequal and use strcmp() instead. Meant to
make the change before theprevious commit.
(This used to be commit 815388c4c8)
2007-10-10 12:15:34 -05:00
Gerald Carter
2145eff91d r19419: BUG 4109: Patch from Timur Bakeyev. Fix bug causing smbd to turn off
winbindd and fail to disable the _NO_WINBIND environment.
(This used to be commit a6366b40b3)
2007-10-10 12:15:34 -05:00
Jeremy Allison
e070996cc3 r19413: Now we're calling init_dc_connection, this code
is completely useless (and in fact harmful :-) in
that it causes a winbindd error where there should
be none.
Jeremy.
(This used to be commit acf5419d62)
2007-10-10 12:15:33 -05:00
Jeremy Allison
d273a2ef1d r19399: Now Guenther discovered one crash dereferencing domain->backends,
get paranoid. I don't think this can really happen, but let's be
sure.
Jeremy.
(This used to be commit be4709984b)
2007-10-10 12:15:33 -05:00
Günther Deschner
5afaa37662 r19394: When we fail to get the list of trusted domains, make sure to return
WINBINDD_ERROR.

Guenther
(This used to be commit 6089b3007b)
2007-10-10 12:15:32 -05:00
Günther Deschner
edba79e500 r19391: Fix crash bug within the winbind caching method.
That one was hard to find: when coming from offline mode and switching
to online, a refresh sequence number call (using the default MS-RPC
mechanism) may reset domain->backend to NULL (by the set_domain_online
event). We need to make sure to reidentify the remote domain in that
case.

Guenther
(This used to be commit 4d6503d137)
2007-10-10 12:15:32 -05:00
Günther Deschner
21344a731c r19371: Add two missing refresh_sequence_number calls where they are missing
just before writing to the winbind cache tdb.

Guenther
(This used to be commit bd8548998b)
2007-10-10 12:15:32 -05:00
Günther Deschner
b26b8f95e9 r19351: Also export the info3 profilepath via the PAM_WINBIND_PROFILEPATH data
field.

Guenther
(This used to be commit 66b92f27fa)
2007-10-10 12:15:30 -05:00