1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Commit Graph

172 Commits

Author SHA1 Message Date
Jeremy Allison
894358a8f3 r13915: Fixed a very interesting class of realloc() bugs found by Coverity.
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.

The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :

 tmp = realloc(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :

 p = realloc(p, size)
 if (!p) {
    return error;
 }

which will leak the memory pointed to by p on realloc fail.

This commit (hopefully) fixes all these cases by moving to
a standard idiom of :

 p = SMB_REALLOC(p, size)
 if (!p) {
    return error;
 }

Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.

For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :

 tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).

It remains to be seen what this will do to our Coverity bug count :-).

Jeremy.
(This used to be commit 1d710d06a2)
2007-10-10 11:10:59 -05:00
Gerald Carter
fb5362c069 r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()
macro which sets the freed pointer to NULL.
(This used to be commit b65be8874a)
2007-10-10 11:10:14 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Lars Müller
bc1a5b7935 r12964: Rewind rem_backend in the case we have to workaround the idmap_ prefix.
Else SAFE_FREE seg faults.  Thanks to Günther for pointing me at this.

I've implemented in in this was as we should announce to remove the
idmap_ strip stuff after some time at all.
(This used to be commit 6a5bf399a5)
2007-10-10 11:06:09 -05:00
Lars Müller
4dea23da04 r12936: Fix bug #3264.
If we detect a leading 'idmap_' for the idmap backend setting we strip
this and inform about the deprecated config with DEBUG 0.

I'm not sure if we should set a TTL of one year or five additional
releases from now for this code.

This is required for the changes Günther made as the first step to solve
bug #3264.  With this fix we can even run with an old config.  This is
very important as we else will break existing configurations with an
update.
(This used to be commit 34c7d8c069)
2007-10-10 11:06:08 -05:00
Günther Deschner
8eba11978d r12904: Fix #3264, allow to load idmap_ad with "idmap backend = ad".
Finally cleanup the way idmap modules are build and loaded, idmap_rid
now will have to be loaded without prefix, just "rid".

Guenther
(This used to be commit a77e02177d)
2007-10-10 11:06:06 -05:00
Gerald Carter
54abd2aa66 r10656: BIG merge from trunk. Features not copied over
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
2007-10-10 11:04:48 -05:00
Günther Deschner
1fe2c5f9f0 r10170: Fix for #3056:
Allow to include BUILTIN to the mapping table also when
"allow trusted domains" is disabled.

Guenther
(This used to be commit 3ccb1913a7)
2007-10-10 11:03:35 -05:00
Günther Deschner
5873b41475 r8155: ops, add missing function.
Guenther
(This used to be commit f3da329fa8)
2007-10-10 10:58:15 -05:00
Günther Deschner
944ecbdbb0 r8145: When inventing a new parameter for SFU-support, be aware of Volker's
upcoming changes for "unixinfo"-pipe.

Therefor (after speaking with Volker) replace "winbind sfu support" with
the list-parameter "winbind nss info" which defaults to "template". For
SFU-support set it to "winbind nss info = template sfu".

Note that nss_info_use() is just a dummy function at the moment.

Guenther
(This used to be commit 91596330ea)
2007-10-10 10:58:12 -05:00
Günther Deschner
2c03a3cb52 r8133: Got approval from Luke Howard (PADL) to change the company copyright to
to a personal one.

Thanks Luke!

Guenther
(This used to be commit 892ef0bbc1)
2007-10-10 10:58:11 -05:00
Volker Lendecke
3a8af94424 r8093: Next round. Now it compiles with --enable-socket-wrapper.
Volker
(This used to be commit 25cbcfba30)
2007-10-10 10:58:11 -05:00
Günther Deschner
2e7f22e833 r7994: This adds support in Winbindd's "security = ads"-mode to retrieve the POSIX
homedirectory and the loginshell from Active Directory's "Services for Unix".

Enable it with:

        winbind sfu support = yes

User-Accounts without SFU-Unix-Attributes will be assigned template-based
Shells and Homedirs as before.

Note that it doesn't matter which version of Services for Unix you use (2.0,
2.2, 3.0 or 3.5). Samba should detect the correct attributes (msSFULoginShell,
msSFU30LoginShell, etc.) automatically.

If you also want to share the same uid/gid-space as SFU then also use PADL's
ad-idmap-Plugin:

        idmap backend = ad

When using the idmap-plugin only those accounts will appear in Name Service
Switch that have those UNIX-attributes which avoids potential uid/gid-space
clashes between SFU-ids and automatically assigned idmap-ids.

Guenther
(This used to be commit 28b5969942)
2007-10-10 10:58:07 -05:00
Günther Deschner
3922667cbe r7992: Adding PADL's idmap_ad plugin (taken from the latest
xad_oss_plugins-tarball).

Guenther
(This used to be commit 1d59841c99)
2007-10-10 10:58:07 -05:00
Gerald Carter
fed660877c r7415: * big change -- volker's new async winbindd from trunk
(This used to be commit a0ac9a8ffd)
2007-10-10 10:57:08 -05:00
Gerald Carter
2d6e5ad90f r6450: * fix typo in htlm_auth help message
* add synonym for idmap_rid in better lining with
  other idmap backend names
* remove old debug messages when idmap {uid|gid} options
  are not defined
(This used to be commit 03ebf3ebfe)
2007-10-10 10:56:41 -05:00
Volker Lendecke
2e0cac8e3e r6445: Make us survive the PARANOID_MALLOC_CHECKER. Should we enable that for
--enable-developer=yes?

Volker
(This used to be commit 61d40ac60d)
2007-10-10 10:56:41 -05:00
Volker Lendecke
31b806b5df r6273: Remove some unused code, minor cleanup
(This used to be commit b451434e37)
2007-10-10 10:56:34 -05:00
Gerald Carter
32416866dd r5708: BUG 2424: patch from Vince Brimhall <vbrimhall@novell.com> to ensure that uidNumber and gidNumber use match the rfc2307 schema
(This used to be commit c1727dc9e0)
2007-10-10 10:55:56 -05:00
Volker Lendecke
13b9edc9a7 r5692: Fix compile warnings
(This used to be commit 6fad82d3d5)
2007-10-10 10:55:55 -05:00
Gerald Carter
76d72a6bc6 r5571: fix another breakage on gcc 2.96
(This used to be commit cadd5a44e7)
2007-10-10 10:55:48 -05:00
Gerald Carter
40d738f509 r5568: fix more breakage on gcc 2.96
(This used to be commit 3eeecff05e)
2007-10-10 10:55:48 -05:00
Volker Lendecke
f51677051c r5428: Apply some const. LDAP attribs should now be declared const char *attr[]. This
gives some new warnings in smbldap.c, but a the callers are cleaned up.

Volker
(This used to be commit 543799fc0d)
2007-10-10 10:55:40 -05:00
Gerald Carter
a66913aca1 r5278: BUG 2327: fix compile bug in idmap_rid.c
(This used to be commit dd55ef25d1)
2007-10-10 10:55:36 -05:00
Gerald Carter
26dd1bab96 r5272: BUG 2132, 2134: patch from Jason Mader <jason@ncac.gwu.edu> to remove unused variables
(This used to be commit 82c4e2f37f)
2007-10-10 10:55:36 -05:00
Günther Deschner
49067b308f r4870: Make multi-domain-mode in idmap_rid accessible from outside (can be
compiled with -DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS) as requested by Lars
Mueller <lmuelle-at-suse.de>.

Allow to map ID's for a local SAM and add some more
debugging-information.

Guenther
(This used to be commit 4d8e7c9ff0)
2007-10-10 10:55:05 -05:00
Günther Deschner
5f731a20f7 r4221: when in the multi-mapping mode of idmap_rid:
allow BUILTIN domain-mapping.

Guenther
(This used to be commit e3b067ee99)
2007-10-10 10:53:38 -05:00
Günther Deschner
37e5f14089 r4216: fix segfault in idmap_rid
(only ever shows up when the somewhat hidden
IDMAP_RID_SUPPORT_TRUSTED_DOMAINS - define is set).

Thanks to Stephan Martin <sm@suse.de> for reporting this bug.

Guenther
(This used to be commit e7b81d679b)
2007-10-10 10:53:37 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Volker Lendecke
fc7302b09e r3758: Increase a debug level. This error condition can actually happen in real life
if you have several competing winbinds that might get a lag due to
replication.

Volker
(This used to be commit 1c3f194ab7)
2007-10-10 10:53:16 -05:00
Günther Deschner
3c5173c5f0 r3498: Optimisation of idmap_rid init: Avoid calling a DC for the domain-sid
when trusted domains are disabled anyway.

Guenther
(This used to be commit cd30a0b14a)
2007-10-10 10:53:08 -05:00
John Terpstra
445f8c77ca r3221: Remove check for allow-trusted-domains so that this thing does not throw-up.
(This used to be commit 3d8e19468b)
2007-10-10 10:53:02 -05:00
Günther Deschner
6ee497934b r3151: Add the "no warranty"-section in the licence header.
Guenther
(This used to be commit c9a7bc10b7)
2007-10-10 10:53:02 -05:00
Günther Deschner
36ef1b50e5 r3146: Some cleanup for idmap_rid:
- fix several memleaks found by valgrind
- turn off support for trusted domains (can be reenabled with
  #define IDMAP_RID_SUPPORT_TRUSTED_DOMAINS 1)
- improve readability

Guenther
(This used to be commit 351a1227e8)
2007-10-10 10:53:02 -05:00
Günther Deschner
94bfc6ff0f r3145: Add experimental idmap_rid-Plugin.
Written by Sumit Bose <sbose@suse.de> and myself a while ago.

idmap_rid does a direct, static mapping between RIDs and UIDs/GIDs using
the idmap-range as offset. It does thus allow to have a unified mapping
over several winbindd-systems without having the need of a central
LDAP-Server (and all related dependencies and problems this solution can
bring).

Compile:
./configure --with-shared-modules=idmap_rid

Usage:
        idmap backend = idmap_rid

idmp_rid does even allow you to have multiple mappings (for trusted
domains). This is a rather problemtic feature and will be turned off by
default rather soon. The problem is that ranges can quickly overlap when
not measured with caution.

        idmap backend = idmap_rid:"MYDOMAIN=1000-9999 OTHER=10000-19999"

Will valgrind idmap_rid later today and fix a couple of things.

Guenther
(This used to be commit 49a238bd37)
2007-10-10 10:53:02 -05:00
Günther Deschner
ff5d4a7b4d r3137: Do not simply ignore failing idmap-module init for remotemaps.
(in preparation of adding idmap_rid)

Guenther
(This used to be commit e7691f4862)
2007-10-10 10:53:01 -05:00
Volker Lendecke
cc146adb26 r2691: Increase a debug level for a quite frequent operation.
Optimization for 'idmap backend = ldap': When asking sid2id for the wrong
type, don't ask ldap when we have the opposite mapping in the local tdb.

Volker
(This used to be commit c91cff3bd3)
2007-10-10 10:52:49 -05:00
Volker Lendecke
f0f87cf7fa r1430: Although prepared for only one remote backend, make the 'idmap backend'
parameter a list instead of a string. This makes

idmap backend = ldap:"ldap://localhost/ ldap://fallback/"

possible.

Volker
(This used to be commit ea71834793)
2007-10-10 10:52:11 -05:00
Volker Lendecke
33c2230524 r1297: Yes, it does survive valgrind for my tests :-)
Check in the 'winbind proxy only' mode -- no new parameter required :-)

If you don't set idmap uid or idmap gid, winbind will not do idmap stuff, it
will only proxy the netlogon request and thus speed up the authentication of
domain users.

Volker
(This used to be commit 29235f0c69)
2007-10-10 10:52:05 -05:00
Jeremy Allison
6b5f46c245 r916: Memory leak fix from kawasa_r@itg.hitachi.co.jp.
Jeremy.
(This used to be commit c336ccf4e8)
2007-10-10 10:51:49 -05:00
Jim McDonough
3d18997afd Get MungedDial actually working with full TS strings in it for pdb_ldap.
I know this isn't pretty, but neither was our assumption that all strings
from the directory fit inside a pstring.  There was no way this worked
before will all versions of usrmgr (for example, the only version of
mine that has the TS Confic button).
(This used to be commit d275c0e384)
2004-03-11 16:32:19 +00:00
Jim McDonough
24df38dbc6 Janitor for tpot...bugzilla #1098, msleep already exists on aix
(This used to be commit 4319df7fdc)
2004-02-23 02:54:03 +00:00
Gerald Carter
29b4959815 isolate ldap debug messages to the common smbldap_XXX() functions
(This used to be commit 7d7a262f45)
2004-01-06 18:26:18 +00:00
Gerald Carter
36558f8f2b fix more memory leaks in the LDAP backend code; patches from metze
(This used to be commit e079c8842a)
2003-11-14 03:28:03 +00:00
Gerald Carter
84ca7ad00c fix for bug 680 (heads up). This gist is to map the
UNIX entity foo to DOMAIN\foo instead of SERVER\foo
on members of a Samba domain when all UNIX accounts
are shared via NIS, et. al.

  * allow winbindd to match local accounts to domain SID
    when 'winbind trusted domains only = yes'

  * remove code in idmap_ldap that searches the user
    suffix and group suffix.  It's not needed and
    provides inconsistent functionality from the tdb backend.

This has been tested.  I'm still waiting on some more feedback
but This needs to be in 3.0.1pre2 for widespread use.
(This used to be commit ee272414e9)
2003-11-07 14:39:47 +00:00
Jeremy Allison
4fd6fdd9a9 Ensure we consistantly translate to/from utf8 for talking to LDAP.
Jeremy.
(This used to be commit b5d953bc26)
2003-09-10 23:49:23 +00:00
Herb Lewis
aa39cc37da get rid of more compiler warnings
(This used to be commit 398bd14fc6)
2003-08-15 04:42:05 +00:00
Gerald Carter
5faf3ba9af 2 fixes
* bug #280 (my fault) - initialize sambaNextUserRid and
   sambaNextGroupRid

 * Unix users shared vis LDAP or NIS between a samba domain member
   of a Samba domain are not seen as domain users on the member servers.
   not as local users.
(This used to be commit a030fa373a)
2003-08-13 00:08:28 +00:00
Gerald Carter
df2337692a rework winbindd_accountdb_init() to reduce error messages in the log
(This used to be commit d98a68e0eb)
2003-08-06 18:01:39 +00:00
Jim McDonough
8c64504f7c Update my copyrights according to my agreement with IBM
(This used to be commit a2bd8f0bfa)
2003-08-01 15:30:44 +00:00