1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
Commit Graph

1664 Commits

Author SHA1 Message Date
Günther Deschner
ad8493d90c r15198: Mention the auditing tool in "net rpc help".
Guenther
(This used to be commit e55e1e1e96)
2007-10-10 11:16:28 -05:00
Günther Deschner
8fca274e47 r15194: We need to be able to join as PDC as well. Thanks to Andrew Bartlett.
Guenther
(This used to be commit ba81b508ca)
2007-10-10 11:16:28 -05:00
Volker Lendecke
22c4ad8a10 r15173: Fix a non-critical memleak
(This used to be commit bb8c69162f)
2007-10-10 11:16:27 -05:00
Alexander Bokovoy
3cd1101c9b r15152: Fix a case when target is offline. Jerry, this needs to be in 3.0.23pre1
(This used to be commit f068862e56)
2007-10-10 11:16:26 -05:00
Volker Lendecke
fb1f83b05d r15137: Refuse to join if our netbios name is longer than 15 chars. I think this is
sufficient to fix bug #3659.

Volker
(This used to be commit 0ef5e4372c)
2007-10-10 11:16:26 -05:00
Volker Lendecke
d4d04313ea r15136: Fix join consistency check
(This used to be commit a6e88785e7)
2007-10-10 11:16:25 -05:00
Günther Deschner
4549efe696 r15123: Don't even try to join with an inproper configuration.
Guenther
(This used to be commit 22b6875897)
2007-10-10 11:16:25 -05:00
Gerald Carter
8c9eb7631e r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit winbindd server
(This used to be commit a95d11345e)
2007-10-10 11:16:00 -05:00
Günther Deschner
655b04e4f8 r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS
servers. Also add a new "net rpc audit" tool. The lsa query infolevels
were taken from samb4 IDL, the lsa policy flags and categories are
partly documented on msdn. I need to cleanup the double
lsa_query_info_policy{2}{_new} calls next.

Guenther
(This used to be commit 0fed66926f)
2007-10-10 11:15:59 -05:00
Jeremy Allison
22dbd67708 r15018: Merge Volker's ipc/trans2/nttrans changes over
into 3.0. Also merge the new POSIX lock code - this
is not enabled unless -DDEVELOPER is defined.
This doesn't yet map onto underlying system POSIX
locks. Updates vfs to allow lock queries.
Jeremy.
(This used to be commit 08e52ead03)
2007-10-10 11:15:57 -05:00
Volker Lendecke
42131b759d r15011: Fix bug # 2413. net rpc info can't reliably work anonymously anymore.
Volker
(This used to be commit ba41c62b8b)
2007-10-10 11:15:56 -05:00
James Peach
9f9526f0c7 r14900: Separate words in error message.
(This used to be commit ffe1a2e23f)
2007-10-10 11:15:53 -05:00
James Peach
da3b7af764 r14899: Add missing semi-colon.
(This used to be commit 5f4f4cbe6f)
2007-10-10 11:15:53 -05:00
James Peach
4fa5559800 r14898: This change is an attempt to improve the quality of the information that
is produced when a process exits abnormally.

First, we coalesce the core dumping code so that we greatly improve our
odds of being able to produce a core file, even in the case of a memory
fault. I've removed duplicates of dump_core() and split it in two to
reduce the amount of work needed to actually do the dump.

Second, we refactor the exit_server code path to always log an explanation
and a stack trace. My goal is to always produce enough log information
for us to be able to explain any server exit, though there is a risk
that this could produce too much log information on a flaky network.

Finally, smbcontrol has gained a smbd fault injection operation to test
the changes above. This is only enabled for developer builds.
(This used to be commit 56bc02d644)
2007-10-10 11:15:53 -05:00
Jeremy Allison
576e17cbf3 r14831: Fix possible null deref. Coverity #279.
Jeremy.
(This used to be commit 75be5c17bc)
2007-10-10 11:15:49 -05:00
Günther Deschner
895fc239a4 r14757: Make sure we only send out a CLDAP request to an connected AD server.
Guenther
(This used to be commit d17712f976)
2007-10-10 11:15:46 -05:00
Jeremy Allison
4f655c952b r14743: Fix coverity bug #227. Possible deref of null pointer
in error code path.
Jeremy.
(This used to be commit 9117713c5e)
2007-10-10 11:15:45 -05:00
Gerald Carter
efd32bf371 r14699: allow 'net sam addmem' to accept a SID for the member
(This used to be commit 08d201806f)
2007-10-10 11:15:44 -05:00
Jim McDonough
05ef1d6b5d r14683: Get rid of hardcoded output file. With no arg, print to stdout,
otherwise append to output file specified.
(This used to be commit b4ec93f5a2)
2007-10-10 11:15:43 -05:00
Jim McDonough
a0e36ddb68 r14681: Get rid of hardcoded /tmp/add.ldif and /tmp/mod.ldif files. Is there a
different directory the temp files should be in, or is /tmp ok?

Still have to get rid of the output file hardcoding, but that is to
come, because I need to cleanup stdout.
(This used to be commit 0d4bd93a5c)
2007-10-10 11:15:43 -05:00
Günther Deschner
485a286a65 r14585: Tighten argument list of kerberos_kinit_password again,
kerberos_kinit_password_ext provides access to more options.

Guenther
(This used to be commit afc519530f)
2007-10-10 11:15:38 -05:00
Gerald Carter
b36e2921ee r14580: add 'net sam createbuiltingroup' to map BUILTIN local groups to a gid
(This used to be commit 3137fe5068)
2007-10-10 11:15:38 -05:00
Gerald Carter
5aa66fd039 r14577: BUG Fixes:
* Add back in the import/export support to pdbedit
* Fix segv in pam_smbpass
* Cleanup some error paths in pdb_tdb and pdb_interface
(This used to be commit df53d64910)
2007-10-10 11:15:37 -05:00
Jeremy Allison
fa57a318b4 r14416: Remove deadcode. Coverity #198.
Jeremy.
(This used to be commit 7fc61f5a63)
2007-10-10 11:15:29 -05:00
Gerald Carter
0ce53f8ba5 r14403: * modifies create_local_nt_token() to create a BUILTIN\Administrators
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'

* Add a SID domain to the group mapping enumeration passdb call
  to fix the checks for local and builtin groups.  The SID can be
  NULL if you want the old semantics for internal maintenance.
  I only updated the tdb group mapping code.

* remove any group mapping from the tdb that have a
  gid of -1 for better consistency with pdb_ldap.c.
  The fixes the problem with calling add_group_map() in
  the tdb code for unmapped groups which might have had
  a record present.

* Ensure that we distinguish between groups in the
  BUILTIN and local machine domains via getgrnam()
  Other wise BUILTIN\Administrators & SERVER\Administrators
  would resolve to the same gid.

* Doesn't strip the global_sam_name() from groups in the
  local machine's domain (this is required to work with
  'winbind default domain' code)

Still todo.

* Fix fallback Administrators membership for root and domain Admins
  if nested groups = no or winbindd is not running

* issues with "su - user -c 'groups'" command

* There are a few outstanding issues with BUILTIN\Users that
  Windows apparently tends to assume.  I worked around this
  presently with a manual group mapping but I do not think
  this is a good solution.  So I'll probably add some similar
  as I did for Administrators.
(This used to be commit 612979476a)
2007-10-10 11:15:28 -05:00
Jim McDonough
e0793b1b28 r14278: Remainder of fix for Coverity #79,80,81: only allow GROUP or OWNER to be
specified once in an ACL, so it can be allocated a second time,
overwriting the first
(This used to be commit 1804a8a01e)
2007-10-10 11:15:22 -05:00
Jim McDonough
30e751c56b r14272: Fix Coverity # 81: free alloc'ed storage before returning
(This used to be commit 1899d8ea28)
2007-10-10 11:15:22 -05:00
Volker Lendecke
3b6f14990a r14214: Fix Coverity Bug # 57
(This used to be commit 32364d8f01)
2007-10-10 11:15:16 -05:00
Jim McDonough
a5eda88677 r14156: Fix coverity #114: free storage alloc'ed by sstring_sub()
(This used to be commit 655fb66b28)
2007-10-10 11:15:14 -05:00
Jim McDonough
c0d4100517 r14155: Fix coverity #115: free storage alloc'ed by sstring_sub()
(This used to be commit a197b8c5cb)
2007-10-10 11:15:14 -05:00
Jim McDonough
49dec1cac6 r14153: Fix coverity #116: free storage alloc'ed by sstring_sub()
(This used to be commit dbc0ff5544)
2007-10-10 11:15:14 -05:00
Jim McDonough
c53c08ef86 r14152: Fix coverity #117: free storage alloc'ed by sstring_sub
(This used to be commit cf36f5949f)
2007-10-10 11:15:14 -05:00
Jim McDonough
b5f12bc0f8 r14150: Fix coverity #118: not freeing alloc'ed storage returned from
sstring_sub().
(This used to be commit 6ff849f35a)
2007-10-10 11:15:14 -05:00
Jim McDonough
a2d489c187 r14147: Fix coverity #119. alloc'ed memory returned not saved, so not freed.
Need to go back and correct the assumption that an "ldap xxx suffix"
parm must have an OU.
(This used to be commit 2d7ba11ffb)
2007-10-10 11:15:13 -05:00
Günther Deschner
c34e73cfcf r14146: Just some typos.
Guenther
(This used to be commit ade86cc787)
2007-10-10 11:15:13 -05:00
Jim McDonough
7a2bc34d4d r14135: Fix for Coverity #123: resource leak. Also rework much of the code to
make it cleaner.  There's still more to do on this...
(This used to be commit f75dad0325)
2007-10-10 11:15:13 -05:00
Volker Lendecke
35d2856ae3 r14101: Fix a segfault in trustdom establish, cli is NULL here.
(This used to be commit 1df58c7a00)
2007-10-10 11:11:12 -05:00
Volker Lendecke
d95efac94d r14099: Fix Coverity # 113
(This used to be commit db00570535)
2007-10-10 11:11:12 -05:00
Volker Lendecke
10373355df r14098: Fix Coverity # 112
(This used to be commit 121a350b92)
2007-10-10 11:11:11 -05:00
Jeremy Allison
485714ac6b r14087: Protect against domain being NULL. Finish Coverity #152.
Jeremy.
(This used to be commit 88dd4ab481)
2007-10-10 11:11:11 -05:00
Jim McDonough
cc7b53f673 r14085: Fix coverity bg #152, uninit'ed var.
(This used to be commit d8e69c18e0)
2007-10-10 11:11:11 -05:00
Günther Deschner
aeea749548 r14062: Forgot those in the uint16/32 acb_info switch.
Guenther
(This used to be commit 0167b6cca8)
2007-10-10 11:11:09 -05:00
Jim McDonough
924be04217 r14053: Implement Simo's suggestion: don't use /dev/null for a 'bad' path for
users/workstations
(This used to be commit 2690f015be)
2007-10-10 11:11:08 -05:00
Volker Lendecke
753dcde401 r14036: Ok, the last one generated a const warning. Also fix Coverity # 119.
net rpc vampire is ugly....

Volker
(This used to be commit c1ea48949d)
2007-10-10 11:11:07 -05:00
Volker Lendecke
3cc8b8125a r14035: Fix Coverity bug # 124
(This used to be commit 9fe21fd032)
2007-10-10 11:11:07 -05:00
Volker Lendecke
991fd6c28e r14034: Fix Coverity id # 125.
Jeremy, you might want to take a look here.

Volker
(This used to be commit e6e29937e8)
2007-10-10 11:11:07 -05:00
Volker Lendecke
4479d1b061 r14033: Fix Coverity bug # 126
(This used to be commit bb6d678575)
2007-10-10 11:11:06 -05:00
Jim McDonough
247bacf19b r13968: fix typo, caught by Guenther
(This used to be commit 217d3fbe79)
2007-10-10 11:11:02 -05:00
Jim McDonough
9bc20e14db r13957: Based on patch from Richard Renard <richard.renard@idealx.com>:
Fix machine accounts (should not have valid shells) and users with no
home directory (were getting previous user's directory).
(This used to be commit f629f8a7b9)
2007-10-10 11:11:01 -05:00
Jeremy Allison
894358a8f3 r13915: Fixed a very interesting class of realloc() bugs found by Coverity.
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.

The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :

 tmp = realloc(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :

 p = realloc(p, size)
 if (!p) {
    return error;
 }

which will leak the memory pointed to by p on realloc fail.

This commit (hopefully) fixes all these cases by moving to
a standard idiom of :

 p = SMB_REALLOC(p, size)
 if (!p) {
    return error;
 }

Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.

For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :

 tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).

It remains to be seen what this will do to our Coverity bug count :-).

Jeremy.
(This used to be commit 1d710d06a2)
2007-10-10 11:10:59 -05:00