1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

286 Commits

Author SHA1 Message Date
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Günther Deschner
4dbd743e46 s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.
Guenther
2010-09-20 14:04:37 -07:00
Andrew Bartlett
4bf783d4d6 s3-auth Change type of num_sids to uint32_t
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.

This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Günther Deschner
7a05ca2c9c s3-build: use dbwrap.h only where needed.
Guenther
2010-08-26 00:25:55 +02:00
Michael Adam
0dc3cd75a1 s3:groupdb: allocate a gid after allocating a rid in pdb_default_create_alias()
Michael
2010-08-14 02:10:29 +02:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 10:39:59 +02:00
Günther Deschner
3b529d50be s3-rpc_misc: clean out include/rpc_misc.h.
Well known rids don't really belong into an rpc header, just use the ones
defined in security.idl.

Guenther
2010-05-18 00:44:26 +02:00
Volker Lendecke
8693ae741c s3: Fix a typo 2010-04-14 21:50:00 +02:00
Volker Lendecke
e00327323d s3: Fix some nonempty blank lines 2010-03-14 17:42:49 +01:00
Volker Lendecke
0e9844c70a s3: Fix some C++ warnings 2010-03-02 14:29:43 +01:00
Volker Lendecke
2330b625cc s3: Fix an uninitialized variable warning 2010-03-02 14:29:43 +01:00
Simo Sorce
be026a6fd8 s3:groupmap revert to tdb storage
Group mapping needs to be cluster aware, and this means using the tdb backend.
Remove ldb group mapping as this is not cluster aware.
2010-03-01 16:09:58 -05:00
Volker Lendecke
a050c79fab s3: Copy the mapping.c license header to mapping.h
We need some license header there. If this does incorrect copyright
attributions, please correct this.
2010-02-27 11:19:20 +01:00
Volker Lendecke
3ea64e0ad8 s3: Replace most calls to sid_append_rid() by sid_compose() 2010-01-10 20:56:16 +01:00
Volker Lendecke
a51e6ce43c Pass a talloc_ctx to pdb_enum_aliasmem 2009-06-08 21:14:10 +02:00
Günther Deschner
f5e9e1954c s3-groupdb: fix enum_aliasmem in ldb branch.
It is totally valid to have an alias with no members.

Tridge, please check.

Found by RPC-SAMR torture test.

Guenther
2009-06-07 11:25:21 +02:00
Jeremy Allison
53de3b136e Don't steal when we know the ptr will be null. Thanks to Simo for
pointing this out.
Jeremy.
2009-05-21 18:48:17 -07:00
Jeremy Allison
5dd82fb675 Revert the last two commits (fix for #6386). The actual problem
was a bug in ldb in 3.2 which could return a freed pointer on
ret != LDAP_SUCCESS. The main thing we must ensure is that we
never talloc_steal until we know LDAP_SUCCESS was returned.
Jeremy.
2009-05-21 18:37:36 -07:00
Jeremy Allison
87504b27d8 Ensure all possible uses of indirection through res are checked after
an ldb_search.
Jeremy.
2009-05-21 18:00:54 -07:00
Jeremy Allison
d4d06a4ef9 Attempt to fix bug #6386 - Samba Panic triggered by Sophos Control Centre.
Don't indirect a potentially null pointer.
Jeremy.
2009-05-21 17:27:25 -07:00
Jeremy Allison
b4c9cfb2af Fix a bunch of compiler warnings about wrong format types.
Should make Solaris 10 builds look cleaner.
Jeremy.
2009-05-11 21:56:57 -07:00
Jelmer Vernooij
b6981e79df samba3/ldb: Update the ldb_dn API to match that of the Samba 4 LDB:
* ldb_dn_new() now takes an initial DN string
 * ldb_dn_string_compose() -> ldb_dn_new_fmt()
 * dummy ldb_dn_validate(), since LDB DNs in the current implementation
   are always valid if they could be created.
2009-04-23 18:27:32 +02:00
Jelmer Vernooij
9b64073cf7 ldb/samba3: Support event context argument to ldb_init().
This argument is ignored (Samba3's LDB is synchronous) but having it
there is useful for API compatibility with the LDB used by Samba 4 and
available on some systems.
2009-04-23 18:27:31 +02:00
Volker Lendecke
ca701cfd52 Fix a couple of memleaks in mapping_ldb.c 2009-02-07 19:25:34 +01:00
Jelmer Vernooij
f3ecb70133 Replace ldb_search() with ldb_search_exp_fmt(), like in Samba 4. 2009-01-21 16:15:53 +01:00
Jelmer Vernooij
47951fc5d0 Reorder arguments to ldb_search() to match what is in Samba 4. 2009-01-21 15:18:05 +01:00
Volker Lendecke
37f4c70920 Ignore 3.0 style invalid group mappings during upgrade to ldb 2008-11-04 10:56:24 +01:00
Jelmer Vernooij
2d89b52be8 Use separate make variables for libutil and libcrypto. 2008-10-18 14:28:40 +02:00
Stefan Metzmacher
0ee4d20adb s3:mapping_tdb: fix the del_aliasmem() function
We should not cancel the transaction, when we want to delete a key.

metze
2008-09-29 16:36:10 +02:00
Jeremy Allison
e588f0bc36 Be explicit about setting perms for the ldb. Helps others who may use this api.
Jeremy.
(This used to be commit f0ea0f3502)
2008-08-27 11:28:18 -07:00
Andrew Tridgell
9a89e30229 ldb: Fix permissions of group_mapping.ldb.
This one fixes bug #5715 and CVE-2008-3789.
(cherry picked from commit a94f44c49f)
(This used to be commit 2eaf4ed622)
2008-08-27 12:08:39 +02:00
Andrew Tridgell
fe3dd9b3e6 fixed lots of places that paniced on a failed transaction_commit,
thinking it was a failure of a transaction cancel
(This used to be commit 22dbe158ed)
2008-08-13 11:54:10 +02:00
Andrew Tridgell
0f41961e4f first cut at adding full transactions for ctdb to samba3
(This used to be commit f91a3e0f7b)
2008-08-13 11:54:08 +02:00
Jeremy Allison
b6344d1d45 Add fix from Simo for bug #5540 - missing code to substitute
%u. Make this the same as other uses.
Jeremy.
(This used to be commit c4a137e978)
2008-07-14 12:40:33 -07:00
Günther Deschner
968c91b883 Fix build warning.
Thanks to Thorkil Olesen.

Guenther
(This used to be commit 3130aa63fd)
2008-07-03 11:10:21 +02:00
Stefan Metzmacher
aaf61d9ae4 groupdb: make mapping_tdb compatible to mapping_ldb
mapping_ldb replaces the record if it already exists.
I'm not sure if that a good thing, but for now
both backends should provide the same behavior.

metze
(This used to be commit b313acdd31)
2008-04-12 10:01:42 +02:00
Stefan Metzmacher
37fbe55eea groupdb: readd groupdb:backend parametric option
This reverts c5adb92c02.

The reason is that ldb doesn't work for cluster setups yet.

metze
(This used to be commit 5f5d90ef76)
2008-04-12 09:21:04 +02:00
Michael Adam
2478949821 mapping_tdb: fix enumeration of mappings.
db->traverse_read returns the number of traversed object on success.

Michael
(This used to be commit 2be2188a97)
2008-04-04 17:05:00 +02:00
Michael Adam
1b3f36b2b5 mapping.tdb: fix creation of entries with GROUP_PREFIX
Macro is no expanded inside literal string.

Michael
(This used to be commit 872a3d3d38)
2008-04-04 16:47:51 +02:00
Volker Lendecke
16198dc51e Convert dbwrap_trans_delete to NTSTATUS
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit dead193f46)
2008-04-01 14:04:22 +02:00
Volker Lendecke
fcdfff1cc8 Convert dbwrap_trans_store to NTSTATUS
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit 5f4de856af)
2008-04-01 14:04:22 +02:00
Stefan Metzmacher
e144a8b15f mapping_tdb: use the correct sid for the key creation
metze
(This used to be commit 0d221a3f0a)
2008-04-01 14:04:21 +02:00
Stefan Metzmacher
a114125f89 mapping_tdb: use db_open_trans()
metze
(This used to be commit 16d18df0d0)
2008-04-01 14:04:21 +02:00
Volker Lendecke
04ab839170 Protect group_mapping.tdb ops with transactions
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit d702ed73c1)
2008-04-01 14:04:21 +02:00
Stefan Metzmacher
e191b0edd5 mapping_ldb: fix memory leak in group enumeration
metze
(This used to be commit 235c056a0e)
2008-03-28 19:48:42 +01:00
Volker Lendecke
bfb001526f Fix a segfault
(This used to be commit 40d1d64c6a)
2008-03-28 14:12:34 +01:00
Michael Adam
f1c844c168 util_tdb: remove trivial and unused tdb_wipe().
It has been replaced by tdb_wipe_all().

Michael
(This used to be commit cdde2e4eac)
2008-03-26 11:15:03 +01:00
Michael Adam
aaa5971315 util_tdb: add a wrapper tdb_wipe() for traverse with tdb_traverse_delete_fn().
Replace all callers of traverse with this tdb_traverse_delete_fn() and
don't export tdb_traverse_delete_fn() anymore.

Michael
(This used to be commit d4be4e30cd)
2008-03-25 15:55:34 +01:00
Volker Lendecke
27c07c9861 Convert mapping_tdb.c to dbwrap
I know, this is not used anymore, but until ldb knows about ctdb which is
blocked by the lack of transactions in ctdb, a tiny patch reactivating
mapping_tdb.c might be needed for cluster setups.
(This used to be commit 8e0fa453a3)
2008-03-11 17:21:28 +01:00
Volker Lendecke
0e5d6c0d27 Clean up add_mapping_entry slightly
(This used to be commit 38bb69cb31)
2008-03-11 17:09:20 +01:00
Volker Lendecke
41bea30dd8 Cleanup after pstring removal
(This used to be commit 66d2a9c874)
2008-03-11 17:09:19 +01:00
Jeremy Allison
ddabc2b00c Fix "status used uninitialized" warnings.
Jeremy.
(This used to be commit e57856fff2)
2008-01-15 15:09:13 -08:00
Michael Adam
f3603d5a5a Convert add_sid_to_array() add_sid_to_array_unique() to return NTSTATUS.
Michael
(This used to be commit 6b2b9a60ef)
2008-01-09 01:47:10 +01:00
Michael Adam
f168fac54c Don't leak data.dptr on error path.
Michael
(This used to be commit d14de0692c)
2008-01-09 01:47:10 +01:00
Michael Adam
286b050e15 Fix flags in call of lookup_name() in pdb_default_create_alias().
Use new flag LOOKUP_NAME_LOCAL.

Michael
(This used to be commit 280d6cb6c8)
2007-12-17 13:05:45 +01:00
Volker Lendecke
2e07c2ade8 s/sid_to_string/sid_to_fstring/
least surprise for callers
(This used to be commit eb523ba776)
2007-12-15 22:47:30 +01:00
Volker Lendecke
14ef4cdec1 Replace sid_string_static with sid_to_string
This adds 28 fstrings on the stack, but I think an fstring on the stack is
still far better than a static one.
(This used to be commit c7c885078b)
2007-12-15 22:09:37 +01:00
Volker Lendecke
900288a2b8 Replace sid_string_static by sid_string_dbg in DEBUGs
(This used to be commit bb35e794ec)
2007-12-15 22:09:36 +01:00
Volker Lendecke
43473c8ded Fix a segfault
sid_to_string still expects a fstring
(This used to be commit 1f352cdd19)
2007-12-15 09:13:56 -08:00
Jeremy Allison
42cfffae80 Remove next_token - all uses must now be next_token_talloc.
No more temptations to use static length strings.
Jeremy.
(This used to be commit ec003f3936)
2007-12-07 17:32:32 -08:00
Jeremy Allison
e2eaf24f7b Remove all pstring from groupdb/
Jeremy.
(This used to be commit 6959c5c7e3)
2007-11-13 15:00:48 -08:00
Gerald (Jerry) Carter
88ee61625a Patch 2 of 3 from Debian Samba packagers:
The point is doing the following associations:

- non discardable state data (all TDB files that may need to be backed
  up) go to statedir
- shared data (codepage stuff) go to codepagedir

The patch *does not change* the default location for these
directories. So, there is no behaviour change when applying it.

The main change is for samba developers who have to think when dealing
with files that previously pertained to libdir whether they:
- go in statedir
- go in codepagedir
- stay in libdir
(This used to be commit d6cdbfd875)
2007-11-01 15:53:44 -04:00
Stefan Metzmacher
cd8a2b5ffe [crash fix] don't use already free'ed memory
(found by "make valgrindtest" and my "start winbindd on make test" patch)

metze
(cherry picked from commit fe21e48489852720a05b305b251e4f5cbb200f7a)
(cherry picked from commit 26d8a1ad20)
(This used to be commit a128a8805e)
2007-10-24 15:36:53 +02:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
2007-10-18 17:40:25 -07:00
Gerald Carter
5335a5d0c4 r25405: Fix formatting as per metze's comments
(This used to be commit 45fa393358)
2007-10-10 12:31:03 -05:00
Gerald Carter
1f4e302dc2 r25393: Removed unused variable
(This used to be commit 11894a62e3)
2007-10-10 12:31:01 -05:00
Gerald Carter
d7a4d51ead r25380: Remove the groupdb:mapping parameter as discussed in the following thread:
http://lists.samba.org/archive/samba-technical/2007-June/053747.html
(This used to be commit c5adb92c02)
2007-10-10 12:31:01 -05:00
Volker Lendecke
56a029258f r25024: Fix a whole bunch of Coverity bugs
The callers of get_domain_group_from_sid() with some justification
expected map->gid to be initialized when get_domain_group_from_sid
returned True.
(This used to be commit bc8b74dbfe)
2007-10-10 12:30:35 -05:00
Andrew Tridgell
153cfb9c83 r23801: The FSF has moved around a lot. This fixes their Mass Ave address.
(This used to be commit 87c91e4362)
2007-10-10 12:28:27 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
James Peach
b1ce226af8 r23510: Tidy calls to smb_panic by removing trailing newlines. Print the
failed expression in SMB_ASSERT.
(This used to be commit 171dc060e2)
2007-10-10 12:23:23 -05:00
Andrew Tridgell
422722aad2 r23367: check the "use mmap" option for ldb too
(This used to be commit 15345bbc73)
2007-10-10 12:23:10 -05:00
Andrew Tridgell
248a82c0f2 r23323: merged ldb changes from 3.0.26
(This used to be commit 7c9a5c2a3f)
2007-10-10 12:23:06 -05:00
Volker Lendecke
1cb8a948b3 r22787: More from Karolin: Make map_unix_group() static to net_sam.c, add "net
sam unmapunixgroup"
(This used to be commit 55e2f35fad)
2007-10-10 12:21:57 -05:00
Volker Lendecke
9e30a76c04 r22786: Some cleanup by Karolin Seeger: Remove unused pdb_find_alias, and change
return values of some alias-releated pdb functions from BOOL to NTSTATUS

Thanks :-)
(This used to be commit 590d2164b3)
2007-10-10 12:21:57 -05:00
Volker Lendecke
2724ce625c r22554: Fix an assumption that TALLOC_ARRAY(.., 0) != NULL.
Volker
(This used to be commit 1f15a8f371)
2007-10-10 12:19:44 -05:00
Gerald Carter
0ecd719499 r22509: Fix some memory corruption caused by calling free()
on talloc()'d memory when adding/removing members
from Local Groups.
(This used to be commit bade93ef9d)
2007-10-10 12:19:41 -05:00
Stefan Metzmacher
bc2b6436d0 r22009: change TDB_DATA from char * to unsigned char *
and fix all compiler warnings in the users

metze
(This used to be commit 3a28443079)
2007-10-10 12:19:00 -05:00
Stefan Metzmacher
38afa75965 r21974: make use of tdb_*_bystring() and string_term_tdb_data() in groupdb/
to avoid creating the TDB_DATA struct from strings "by hand"

metze
(This used to be commit 2f2e9a7083)
2007-10-10 12:18:54 -05:00
Jeremy Allison
63609fbb04 r20090: Fix a class of bugs found by James Peach. Ensure
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
(This used to be commit 0ffca7559e)
2007-10-10 12:16:24 -05:00
Volker Lendecke
78a0932145 r19927: Fix klokwork ID 4702
(This used to be commit 820a64af25)
2007-10-10 12:16:10 -05:00
Simo Sorce
2c14cf3b2b r19516: Fix the DN, to make searches using the domain as base
the DN must be rid,domain and not domain,rid

Also use member and not memberOf for group members
following conventions.
(This used to be commit 7c0ea791d2)
2007-10-10 12:15:40 -05:00
Volker Lendecke
638a16900c r19073: mapping_dn can fail
(This used to be commit d234f39c79)
2007-10-10 12:15:08 -05:00
Andrew Tridgell
afbc8a1faa r18938: fixed a group map bug reported by Jerry. The caller in mapping.c
relies on appending to this list. Unfortunately this can't be tested
using 'net groupmap'
(This used to be commit a8d398edf0)
2007-10-10 12:14:48 -05:00
Andrew Tridgell
cda3a18f23 r18912: we don't need the special case for comments now in the
This also fixes comments in group mappings, as the code accidentially
put in "ntName" in the comment field :-)
(This used to be commit 7f1f5d6056)
2007-10-10 12:14:46 -05:00
Volker Lendecke
6f3c6a46f9 r18875: The comment field can be empty
(This used to be commit 6d5d7bf4bb)
2007-10-10 12:14:40 -05:00
Andrew Tridgell
7c5f1f28db r18870: - enable the ldb ldap backend properly based on configure tests for
ldap

- use ldb_global_init() instead of the backend specific
  ldb_tdb_init().
(This used to be commit a6c53e5861)
2007-10-10 12:14:40 -05:00
Andrew Tridgell
3cf367f0e7 r18868: just in case there is a disaster (with our code? never ...) use a
rename to group_mapping.tdb.upgraded rather than an unlink when
upgrading. So if we absolutely have to go back to the tdb, we can
change mapping_ldb.o to mapping_tdb.o in Makefile.in and recover
peoples group mappings.

We could go one step futher and make the backend configurable. Any
opinions on that?
(This used to be commit 203fc0b03c)
2007-10-10 12:14:39 -05:00
Andrew Tridgell
8761f5dcc4 r18867: change the group mapping code to use ldb instead of tdb
See the discussion of this on the samba-technical list
(This used to be commit 4ad1436cea)
2007-10-10 12:14:39 -05:00
Günther Deschner
a3e1f7e44d r18703: Fix the annoying effect that happens when nscd is running:
We usually do not get the results from user/group script modifications
immediately. A lot of users do add nscd restart/refresh commands into
their scripts to workaround that while we could flush the nscd caches
directly using libnscd.

Guenther
(This used to be commit 7db6ce295a)
2007-10-10 12:00:49 -05:00
Gerald Carter
2b27c93a9a r18271: Big change:
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
  gen_ndr/ndr_security.c in SAMBA_4_0

The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28)
2007-10-10 11:51:18 -05:00
Gerald Carter
c9f9c65050 r17669: Remove RID algorithm support from unmapped users and groups
when using smbpasswd
(This used to be commit dde552336c)
2007-10-10 11:38:45 -05:00
Volker Lendecke
03e3cd1d5a r17554: Cleanup
(This used to be commit 761cbd52f0)
2007-10-10 11:38:38 -05:00
Volker Lendecke
0c53b0ab72 r17550: Fix a few bugs in the tdb_multikey code. Thanks to tridge for pointing them
out.

Volker
(This used to be commit 6bf5e7080a)
2007-10-10 11:38:38 -05:00
Volker Lendecke
108009f268 r17470: This is the group mapping rewrite announced a few days ago. I'm afraid it's
more than 1000 lines of patch, but doing it in smaller pieces is hardly
possible.

Anybody interested please look over this. The patch is not really interesting,
just look at the new groupdb/mapping.c file.

Jerry, one entry for the 3.0.24 release notes: smbd will refuse to start if we
have overlapping mappings in group_mapping.tdb. With the old db a unix gid can
be mapped to two different SIDs. This will be refused with the new code.

Volker
(This used to be commit f0f0e893ca)
2007-10-10 11:38:36 -05:00
Volker Lendecke
76362d0d33 r17468: To minimize the diff later on, pre-commit some changes independently: Change
internal mapping.c functions to return NTSTATUS instead of BOOL.

Volker
(This used to be commit 4ebfc30a28)
2007-10-10 11:38:36 -05:00
Volker Lendecke
d802774e02 r17465: Get rid of add_initial_entry. In the two places it was called in it seemed a
bit pointless to me.

Volker
(This used to be commit 244b25ae49)
2007-10-10 11:38:36 -05:00
Volker Lendecke
e1e62d8999 r17463: A bit of cleanup work:
Remove some unused code: pdb_find_alias is not used anymore, and nobody I
think has ever used the pdb_nop operations for group mapping. smbpasswd and
tdb use the default ones and ldap has its own.

Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right
now really makes use of it, but it feels wrong to throw away information so
early.

Volker
(This used to be commit f9856f6490)
2007-10-10 11:38:36 -05:00
Volker Lendecke
ff7c0a7c35 r17451: Change pdb_getgrsid not to take a DOM_SID but a const DOM_SID * as an
argument.

Volker
(This used to be commit 873a5a1211)
2007-10-10 11:38:34 -05:00
Volker Lendecke
e17302200c r15101: Little step towards getting Samba4 tdb into 3: tdb_lock_bystring does not
have the timeout argument in Samba4. Add a new routine
tdb_lock_bystring_with_timeout.

Volker
(This used to be commit b9c6e3f556)
2007-10-10 11:16:23 -05:00