1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Commit Graph

157 Commits

Author SHA1 Message Date
Jeremy Allison
63609fbb04 r20090: Fix a class of bugs found by James Peach. Ensure
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
(This used to be commit 0ffca7559e)
2007-10-10 12:16:24 -05:00
Volker Lendecke
78a0932145 r19927: Fix klokwork ID 4702
(This used to be commit 820a64af25)
2007-10-10 12:16:10 -05:00
Simo Sorce
2c14cf3b2b r19516: Fix the DN, to make searches using the domain as base
the DN must be rid,domain and not domain,rid

Also use member and not memberOf for group members
following conventions.
(This used to be commit 7c0ea791d2)
2007-10-10 12:15:40 -05:00
Volker Lendecke
638a16900c r19073: mapping_dn can fail
(This used to be commit d234f39c79)
2007-10-10 12:15:08 -05:00
Andrew Tridgell
afbc8a1faa r18938: fixed a group map bug reported by Jerry. The caller in mapping.c
relies on appending to this list. Unfortunately this can't be tested
using 'net groupmap'
(This used to be commit a8d398edf0)
2007-10-10 12:14:48 -05:00
Andrew Tridgell
cda3a18f23 r18912: we don't need the special case for comments now in the
This also fixes comments in group mappings, as the code accidentially
put in "ntName" in the comment field :-)
(This used to be commit 7f1f5d6056)
2007-10-10 12:14:46 -05:00
Volker Lendecke
6f3c6a46f9 r18875: The comment field can be empty
(This used to be commit 6d5d7bf4bb)
2007-10-10 12:14:40 -05:00
Andrew Tridgell
7c5f1f28db r18870: - enable the ldb ldap backend properly based on configure tests for
ldap

- use ldb_global_init() instead of the backend specific
  ldb_tdb_init().
(This used to be commit a6c53e5861)
2007-10-10 12:14:40 -05:00
Andrew Tridgell
3cf367f0e7 r18868: just in case there is a disaster (with our code? never ...) use a
rename to group_mapping.tdb.upgraded rather than an unlink when
upgrading. So if we absolutely have to go back to the tdb, we can
change mapping_ldb.o to mapping_tdb.o in Makefile.in and recover
peoples group mappings.

We could go one step futher and make the backend configurable. Any
opinions on that?
(This used to be commit 203fc0b03c)
2007-10-10 12:14:39 -05:00
Andrew Tridgell
8761f5dcc4 r18867: change the group mapping code to use ldb instead of tdb
See the discussion of this on the samba-technical list
(This used to be commit 4ad1436cea)
2007-10-10 12:14:39 -05:00
Günther Deschner
a3e1f7e44d r18703: Fix the annoying effect that happens when nscd is running:
We usually do not get the results from user/group script modifications
immediately. A lot of users do add nscd restart/refresh commands into
their scripts to workaround that while we could flush the nscd caches
directly using libnscd.

Guenther
(This used to be commit 7db6ce295a)
2007-10-10 12:00:49 -05:00
Gerald Carter
2b27c93a9a r18271: Big change:
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
  gen_ndr/ndr_security.c in SAMBA_4_0

The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28)
2007-10-10 11:51:18 -05:00
Gerald Carter
c9f9c65050 r17669: Remove RID algorithm support from unmapped users and groups
when using smbpasswd
(This used to be commit dde552336c)
2007-10-10 11:38:45 -05:00
Volker Lendecke
03e3cd1d5a r17554: Cleanup
(This used to be commit 761cbd52f0)
2007-10-10 11:38:38 -05:00
Volker Lendecke
0c53b0ab72 r17550: Fix a few bugs in the tdb_multikey code. Thanks to tridge for pointing them
out.

Volker
(This used to be commit 6bf5e7080a)
2007-10-10 11:38:38 -05:00
Volker Lendecke
108009f268 r17470: This is the group mapping rewrite announced a few days ago. I'm afraid it's
more than 1000 lines of patch, but doing it in smaller pieces is hardly
possible.

Anybody interested please look over this. The patch is not really interesting,
just look at the new groupdb/mapping.c file.

Jerry, one entry for the 3.0.24 release notes: smbd will refuse to start if we
have overlapping mappings in group_mapping.tdb. With the old db a unix gid can
be mapped to two different SIDs. This will be refused with the new code.

Volker
(This used to be commit f0f0e893ca)
2007-10-10 11:38:36 -05:00
Volker Lendecke
76362d0d33 r17468: To minimize the diff later on, pre-commit some changes independently: Change
internal mapping.c functions to return NTSTATUS instead of BOOL.

Volker
(This used to be commit 4ebfc30a28)
2007-10-10 11:38:36 -05:00
Volker Lendecke
d802774e02 r17465: Get rid of add_initial_entry. In the two places it was called in it seemed a
bit pointless to me.

Volker
(This used to be commit 244b25ae49)
2007-10-10 11:38:36 -05:00
Volker Lendecke
e1e62d8999 r17463: A bit of cleanup work:
Remove some unused code: pdb_find_alias is not used anymore, and nobody I
think has ever used the pdb_nop operations for group mapping. smbpasswd and
tdb use the default ones and ldap has its own.

Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right
now really makes use of it, but it feels wrong to throw away information so
early.

Volker
(This used to be commit f9856f6490)
2007-10-10 11:38:36 -05:00
Volker Lendecke
ff7c0a7c35 r17451: Change pdb_getgrsid not to take a DOM_SID but a const DOM_SID * as an
argument.

Volker
(This used to be commit 873a5a1211)
2007-10-10 11:38:34 -05:00
Volker Lendecke
e17302200c r15101: Little step towards getting Samba4 tdb into 3: tdb_lock_bystring does not
have the timeout argument in Samba4. Add a new routine
tdb_lock_bystring_with_timeout.

Volker
(This used to be commit b9c6e3f556)
2007-10-10 11:16:23 -05:00
Gerald Carter
1839b4be14 r14634: Many bug fixes thanks to train rides and overnight stays in airports
* Finally fix parsing idmap uid/gid ranges not to break with spaces
  surrounding the '-'
* Allow local groups to renamed by adding info level 2 to
  _samr_set_aliasinfo()
* Fix parsing bug in _samr_del_dom_alias() reply
* Prevent root from being deleted via Samba
* Prevent builting groups from being renamed or deleted
* Fix bug in pdb_tdb that broke renaming user accounts
* Make sure winbindd is running when trying to create the Administrators
  and Users BUILTIN groups automatically from smbd (and not just check the
  winbind nexted groups parameter value).
* Have the top level rid allocator verify that the RID it is about to
  grant is not already assigned in our own SAM (retries up to 250 times).
  This fixes passdb with existing SIDs assigned to users from the RID algorithm
  but not monotonically allocating the RIDs from passdb.
(This used to be commit db1162241f)
2007-10-10 11:15:41 -05:00
Gerald Carter
41a0da4cfc r14457: Add a few more special cases for RID 513 in the samr code.
Now that I know what all the requirements for this group are
I can generalize the code some more and make it cleaner.
But at least this is working with lusrmgr.msc on XP and 2k now.
(This used to be commit d2c1842978)
2007-10-10 11:15:31 -05:00
Gerald Carter
0ce53f8ba5 r14403: * modifies create_local_nt_token() to create a BUILTIN\Administrators
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'

* Add a SID domain to the group mapping enumeration passdb call
  to fix the checks for local and builtin groups.  The SID can be
  NULL if you want the old semantics for internal maintenance.
  I only updated the tdb group mapping code.

* remove any group mapping from the tdb that have a
  gid of -1 for better consistency with pdb_ldap.c.
  The fixes the problem with calling add_group_map() in
  the tdb code for unmapped groups which might have had
  a record present.

* Ensure that we distinguish between groups in the
  BUILTIN and local machine domains via getgrnam()
  Other wise BUILTIN\Administrators & SERVER\Administrators
  would resolve to the same gid.

* Doesn't strip the global_sam_name() from groups in the
  local machine's domain (this is required to work with
  'winbind default domain' code)

Still todo.

* Fix fallback Administrators membership for root and domain Admins
  if nested groups = no or winbindd is not running

* issues with "su - user -c 'groups'" command

* There are a few outstanding issues with BUILTIN\Users that
  Windows apparently tends to assume.  I worked around this
  presently with a manual group mapping but I do not think
  this is a good solution.  So I'll probably add some similar
  as I did for Administrators.
(This used to be commit 612979476a)
2007-10-10 11:15:28 -05:00
Volker Lendecke
fde3304981 r13955: Fix Coverity ID 139.
Not a bug in the strictest sense, more a clarification. This whole routine
assumes new_gid != NULL anyway, so there's no point in checking.

Volker
(This used to be commit dfbf09c772)
2007-10-10 11:11:01 -05:00
Jeremy Allison
894358a8f3 r13915: Fixed a very interesting class of realloc() bugs found by Coverity.
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.

The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :

 tmp = realloc(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :

 p = realloc(p, size)
 if (!p) {
    return error;
 }

which will leak the memory pointed to by p on realloc fail.

This commit (hopefully) fixes all these cases by moving to
a standard idiom of :

 p = SMB_REALLOC(p, size)
 if (!p) {
    return error;
 }

Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.

For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :

 tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).

It remains to be seen what this will do to our Coverity bug count :-).

Jeremy.
(This used to be commit 1d710d06a2)
2007-10-10 11:10:59 -05:00
Gerald Carter
fb5362c069 r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()
macro which sets the freed pointer to NULL.
(This used to be commit b65be8874a)
2007-10-10 11:10:14 -05:00
Volker Lendecke
301d51e13a r13494: Merge the stuff I've done in head the last days.
Volker
(This used to be commit bb40e544de)
2007-10-10 11:10:06 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Volker Lendecke
88d3b08147 r12438: Remove an unused function
(This used to be commit 561e351d25)
2007-10-10 11:05:56 -05:00
Volker Lendecke
db6eea0fb4 r12185: Cosmetic cleanup
(This used to be commit d1e8f9afff)
2007-10-10 11:05:48 -05:00
Volker Lendecke
4d03fc55df r12182: Cosmetic cleanup
(This used to be commit 81c358b511)
2007-10-10 11:05:48 -05:00
Volker Lendecke
05ac2de0df r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm
reacts :-)

Volker
(This used to be commit 9f99d04a54)
2007-10-10 11:05:43 -05:00
Jeremy Allison
8d7c886671 r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4
x86_64 box.
Jeremy.
(This used to be commit d720867a78)
2007-10-10 11:05:02 -05:00
Gerald Carter
54abd2aa66 r10656: BIG merge from trunk. Features not copied over
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
2007-10-10 11:04:48 -05:00
Gerald Carter
450e8d5749 r7130: remove 'winbind enable local accounts' code from the 3.0 tree
(This used to be commit 318c3db4cb)
2007-10-10 10:57:01 -05:00
Tim Potter
70490aae0c r6769: Fix bugzilla #2538 and #2527. Unused variables found by Jason Mader.
(This used to be commit 68b1c1f533)
2007-10-10 10:56:54 -05:00
Volker Lendecke
d3d6126d94 r6351: This is quite a large and intrusive patch, but there are not many pieces that
can be taken out of it, so I decided to commit this in one lump. It changes
the passdb enumerating functions to use ldap paged results where possible. In
particular the samr calls querydispinfo, enumdomusers and friends have
undergone significant internal changes. I have tested this extensively with
rpcclient and a bit with usrmgr.exe. More tests and the merge to trunk will
follow later.

The code is based on a first implementation by Günther Deschner, but has
evolved quite a bit since then.

Volker
(This used to be commit f0bb44ac58)
2007-10-10 10:56:38 -05:00
Volker Lendecke
83e11ba86c r6263: Get rid of generate_wellknown_sids, they are const static and initializable
statically.

Volker
(This used to be commit 3493d9f383)
2007-10-10 10:56:33 -05:00
Herb Lewis
978ca84860 r6225: get rid of warnings from my compiler about nested externs
(This used to be commit efea76ac71)
2007-10-10 10:56:30 -05:00
Jeremy Allison
202c7b4571 r6092: This much const causes the compiler on Fedora Core 2
to throw up.
Jeremy.
(This used to be commit 051f0ed807)
2007-10-10 10:56:21 -05:00
Volker Lendecke
e84ead0cfd r6080: Port some of the non-critical changes from HEAD to 3_0. The main one is the
change in pdb_enum_alias_memberships to match samr.idl a bit closer.

Volker
(This used to be commit 3a67865169)
2007-10-10 10:56:20 -05:00
Volker Lendecke
140752fd35 r5647: Caches are good for performance, but you get a consistency problem.
Fix bug # 2401.

Volker
(This used to be commit eb4ef94f24)
2007-10-10 10:55:53 -05:00
Günther Deschner
5f54cc9bd3 r5264: Log with loglevel 0 when account-administration scripts fail.
Guenther
(This used to be commit 3d391ef149)
2007-10-10 10:55:35 -05:00
Gerald Carter
d94d87472c r4724: Add support for Windows privileges in Samba 3.0
(based on Simo's code in trunk).  Rewritten with the
following changes:

* privilege set is based on a 32-bit mask instead of strings
  (plans are to extend this to a 64 or 128-bit mask before
   the next 3.0.11preX release).
* Remove the privilege code from the passdb API
  (replication to come later)
* Only support the minimum amount of privileges that make
  sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
  instead of the 'is a member of "Domain Admins"?' check that started
  all this.

Still todo:

* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
  parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
  Samba DC to another.
* Come up with some management tool for manipultaing privileges
  instead of user manager since it is buggy when run on a 2k client
  (haven't tried xp).  Works ok on NT4.
(This used to be commit 77c10ff9aa)
2007-10-10 10:53:51 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Volker Lendecke
154d5f913b r3566: Completely replace the queryuseraliases call. The previous implementation does
not exactly match what you would expect.

XP workstations during login actually do this, so we should better become a
bit more correct. The LDAP query issued is not really fully optimal, but it is
a lot faster and more correct than what was there before. The change in
passdb.h makes it possible that queryuseraliases is done with a single ldap
query.

Volker
(This used to be commit 2508d4ed1e)
2007-10-10 10:53:09 -05:00
Volker Lendecke
9c61daf667 r3561: Since we have tdb_reopen_all() after all forks, the local_pid logic is not
correct anymore. If we actually open the tdb before the fork, we end up
opening the tdb twice. Jerry, jra, this also happens in the locking and
printing subsystems. You might want to check it there (not that it actually
happens right now, but this gave me some confusion lately...).

Volker
(This used to be commit 40cad9dcc1)
2007-10-10 10:53:09 -05:00
Andrew Bartlett
3d50211480 r2865: Add static and remove unused functions that only cload the blame-game
in finding out who is causing the massive performance problems with
large LDAP directories.

Andrew Bartlett
(This used to be commit f16ed2616a)
2007-10-10 10:52:55 -05:00
Günther Deschner
823936d180 r2753: Workaround for the (rather broken) _samr_query_useraliases rpc-call.
_samr_query_useraliases shows up with all kind of very weird memberships
(global-groups, machine-accounts, etc.). Sometimes even if there is no
alias-membership at all.

One of the biggest mistakes is to convert any unix-group the user is a
member of, into an alias by default in get_group_from_gid.

get_alias_user_groups should be rewritten to use
pdb_enum_alias_memberships.

Guenther
(This used to be commit 73ab2d2a74)
2007-10-10 10:52:51 -05:00