1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00

1880 Commits

Author SHA1 Message Date
Jeremy Allison
f9147c4e40 r16241: Fix Klocwork #106 and others like it.
Make 2 important changes. pdb_get_methods()
returning NULL is a *fatal* error. Don't try
and cope with it just call smb_panic. This
removes a *lot* of pointless "if (!pdb)" handling
code. Secondly, ensure that if samu_init()
fails we *always* back out of a function. That
way we are never in a situation where the pdb_XXX()
functions need to start with a "if (sampass)"
test - this was just bad design, not defensive
programming.
Jeremy.
(This used to be commit a0d368197d6ae6777b7c2c3c6e970ab8ae7ca2ae)
2007-10-10 11:17:27 -05:00
Volker Lendecke
efdc5b72fd r16065: Re-add a strlower_m(account) in samr_create_user that was dropped for no
reason but to increase fidelity with W2k3. Tom Bork has raised valid concerns
that Unix scripts might rely on the account names being lower-case, so keep
that. We might later decide to only lower-case the unix name passed to
'add [user|group] script' but keep the passdb entry upper-case. But there are
enough user-visible changes in 3_0 already so that we should push this off to
a later date.

Tom, waiting for more bug reports from you ;-))

Thanks for insisting!

Volker
(This used to be commit bc78cca290559c5ca7623b9f6d9933e32668b9c4)
2007-10-10 11:17:19 -05:00
Volker Lendecke
c594a5519d r16060: This is one of the more dirty patches I've put in lately. Parse enough of
SetUserInfo level 25 to survive the join method XP uses if the user did not
exist before. For good taste this contains way too much cut&paste, but for a
real fix there is just not enough time.

Up to 3.0.22 we completely ignored that a full level 21 is being sent together
with level 25, but we got away with that because on creation we did not set
the "disabled" flag on the workstation account. Now we correctly follow W2k3
in this regard, and we end up with a disabled workstation after join.

Man, I hate rpc_parse/. The correct fix would be to import PIDL generated samr
parsing, but this is would probably be a bit too much for .23...

Thanks to Tom Bork for finding this one.

Volker
(This used to be commit 5a37aba10551456042266443cc0a92f28f8c3d0d)
2007-10-10 11:17:18 -05:00
Jeremy Allison
656d8c30db r16054: Janitor for Volker ? Volker - some reason you didn't
fix this in 3.0 ?
Jeremy.

We had no way to return NT_STATUS_OK from the netlogon serverpwset,
although
we successfully set the machine password...

One thing the samba3 join test found.

Volker
(This used to be commit e5b7acc9b5cb6e8cf3d03c9d392fad06e0d282d9)
2007-10-10 11:17:18 -05:00
Gerald Carter
1a850a4f37 r15975: Only call the printer publishing calls if 'security = ads'
(prevent a segv)
(This used to be commit a2ef525d9e3b4f050cb4e02fad67808d3e916373)
2007-10-10 11:17:15 -05:00
Volker Lendecke
77aa11f4dc r15570: Fix Coverity bug # 286. I really wonder why gcc -O1 did not catch this one.
Volker
(This used to be commit c6bf2c8922e612278349fe53ca11f6be6c819009)
2007-10-10 11:17:02 -05:00
Günther Deschner
4137c63d02 r15455: Add rpccli_samr_query_dom_info2() and return the comment string in
samr_query_domain_info(2) for consistency reasons.

Guenther
(This used to be commit 870495e2c8628deee0498e68cc1d93abfbc56da4)
2007-10-10 11:16:48 -05:00
Günther Deschner
212b832e4a r15454: As testing, documentation and samba4 idl indicate that there is no known
difference between samr_query_domain_info and samr_query_domain_info2,
wrap the info2 call around the info call. There have been various "could
not access LDAP when not root" bugs lurking around in
samr_query_domain_info2 anyway.

Guenther
(This used to be commit 3e181b46bea87797d654d57a6c8231cba6ff5a7b)
2007-10-10 11:16:48 -05:00
Günther Deschner
c5e2804762 r15452: Again purely cosmetic reformat of the samr query domain info calls.
Guenther
(This used to be commit 6ed7d7fa70e3f750f921192c0f75594d608875b7)
2007-10-10 11:16:47 -05:00
Günther Deschner
0fe21ac560 r15442: Add some more client rpc for the querydominfo calls (from samba4 idl).
Also return the hostname for the level 6 call (to be consistent with the
server name in level 2).

Guenther
(This used to be commit 41b72e77ae70c96de4659af6b4b6bd842dd67981)
2007-10-10 11:16:44 -05:00
Günther Deschner
52e778e6f8 r15438: Fix samrQueryDomainInfo level 5 where we returned our netbios
name eversince instead of the domain name when we are a DC.

Yes, there are applications relying on this call to be correct.

Guenther
(This used to be commit 26dd22c9af8caf3db236984e4683ba210376ca59)
2007-10-10 11:16:43 -05:00
Gerald Carter
2bdbd3fa6d r15380: default eventlog tdbs to mode 0660 to allow easier access by BUILTIN\Administrators
(This used to be commit a02933c9589e34488f289cbc40f77f6864a58367)
2007-10-10 11:16:38 -05:00
Jeremy Allison
1f3fe6a504 r15334: Fix warning. This table and function not used anymore. Jerry please
check.
Jeremy.
(This used to be commit 9f676603aaf84829d52dc8d0e0872a058a4d3d4e)
2007-10-10 11:16:36 -05:00
Gerald Carter
d4a51cc500 r15309: normalize printing keys when deleting
(This used to be commit 037f9f831e001a12261419e37c725558dd717af9)
2007-10-10 11:16:34 -05:00
Jeremy Allison
0498f3b889 r15129: Separate out mechanism and policy for NTLMSSP auth/sign/seal.
With this change (and setting lanman auth = no in smb.conf)
we have *identical* NTLMSSP flags to W2K3 in SPNEGO auth.
Jeremy
(This used to be commit 93ca3eee55297eb7fdd38fca38103ce129987e2a)
2007-10-10 11:16:25 -05:00
Volker Lendecke
e17302200c r15101: Little step towards getting Samba4 tdb into 3: tdb_lock_bystring does not
have the timeout argument in Samba4. Add a new routine
tdb_lock_bystring_with_timeout.

Volker
(This used to be commit b9c6e3f55602fa505859a4b2cd137b74105d685f)
2007-10-10 11:16:23 -05:00
Günther Deschner
3f2b06d614 r15044: Fix the build. (void returning non-void).
Guenther
(This used to be commit 3ff278b852b4085461127bc7ccb2c5dba81fb3c8)
2007-10-10 11:15:59 -05:00
Günther Deschner
655b04e4f8 r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS
servers. Also add a new "net rpc audit" tool. The lsa query infolevels
were taken from samb4 IDL, the lsa policy flags and categories are
partly documented on msdn. I need to cleanup the double
lsa_query_info_policy{2}{_new} calls next.

Guenther
(This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
2007-10-10 11:15:59 -05:00
Jeremy Allison
2178bcaa39 r14788: Fix coverity bug #276. null deref.
Jeremy.
(This used to be commit 0217f7d7bf4c8b5b7de2433485fb6f78b62ac817)
2007-10-10 11:15:48 -05:00
Jeremy Allison
00fb5e431d r14786: Fix coverity #275. null deref.
Jeremy.
(This used to be commit 363d31c9ec2d2a4429ab4d26b3d7c78b76f60626)
2007-10-10 11:15:48 -05:00
Günther Deschner
20204ab040 r14646: Adding samr querygroup infolevels 2 & 5.
Guenther
(This used to be commit 6c4fe819c69f281915ad0f4c3bde4dfb194aa33a)
2007-10-10 11:15:42 -05:00
Gerald Carter
1839b4be14 r14634: Many bug fixes thanks to train rides and overnight stays in airports
* Finally fix parsing idmap uid/gid ranges not to break with spaces
  surrounding the '-'
* Allow local groups to renamed by adding info level 2 to
  _samr_set_aliasinfo()
* Fix parsing bug in _samr_del_dom_alias() reply
* Prevent root from being deleted via Samba
* Prevent builting groups from being renamed or deleted
* Fix bug in pdb_tdb that broke renaming user accounts
* Make sure winbindd is running when trying to create the Administrators
  and Users BUILTIN groups automatically from smbd (and not just check the
  winbind nexted groups parameter value).
* Have the top level rid allocator verify that the RID it is about to
  grant is not already assigned in our own SAM (retries up to 250 times).
  This fixes passdb with existing SIDs assigned to users from the RID algorithm
  but not monotonically allocating the RIDs from passdb.
(This used to be commit db1162241f79c2af8afb7d8c26e8ed1c4a4b476f)
2007-10-10 11:15:41 -05:00
Günther Deschner
1d5ab8fd05 r14597: Merge DCERPC_FAULT constants from Samba 4.
Guenther
(This used to be commit 3f195f8248c88ec8bf8ceb195575ce6bb49d7fc4)
2007-10-10 11:15:38 -05:00
Gerald Carter
f4a5c016e3 r14482: Fixes for spoolss code (after coverity fixes) when the
client sends a NULL RPC_BUFFER*
(This used to be commit 69f816e9f885bdeb6e8c67222b6fdca76d9d1025)
2007-10-10 11:15:33 -05:00
Gerald Carter
36f622acea r14450: Fix more get_md4pw() breakage caused by missing "breaks"
in the switch statement which matched the schannel type
against the account type.
(This used to be commit 57c705ea63381ed9ab09145b4f57a736931fa6ca)
2007-10-10 11:15:30 -05:00
Gerald Carter
0f0ad2992e r14448: * protect against NULL cli_state* pointers in cli_rpc_pipe_open()
* Fix inverted logic check for machine accounts in get_md4pw()
(This used to be commit a36529535dcb5a262e7627b80fb62a31240dc8ad)
2007-10-10 11:15:30 -05:00
Günther Deschner
24961b173b r14443: rework get_md4pw() to ease debugging. The only functional change is that
we now check wheter the sec_channel_type matches the trust account type.

Guenther
(This used to be commit c35eb449375d53ffa0815897e7723c203be1f732)
2007-10-10 11:15:30 -05:00
Gerald Carter
0ce53f8ba5 r14403: * modifies create_local_nt_token() to create a BUILTIN\Administrators
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'

* Add a SID domain to the group mapping enumeration passdb call
  to fix the checks for local and builtin groups.  The SID can be
  NULL if you want the old semantics for internal maintenance.
  I only updated the tdb group mapping code.

* remove any group mapping from the tdb that have a
  gid of -1 for better consistency with pdb_ldap.c.
  The fixes the problem with calling add_group_map() in
  the tdb code for unmapped groups which might have had
  a record present.

* Ensure that we distinguish between groups in the
  BUILTIN and local machine domains via getgrnam()
  Other wise BUILTIN\Administrators & SERVER\Administrators
  would resolve to the same gid.

* Doesn't strip the global_sam_name() from groups in the
  local machine's domain (this is required to work with
  'winbind default domain' code)

Still todo.

* Fix fallback Administrators membership for root and domain Admins
  if nested groups = no or winbindd is not running

* issues with "su - user -c 'groups'" command

* There are a few outstanding issues with BUILTIN\Users that
  Windows apparently tends to assume.  I worked around this
  presently with a manual group mapping but I do not think
  this is a good solution.  So I'll probably add some similar
  as I did for Administrators.
(This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
2007-10-10 11:15:28 -05:00
Jeremy Allison
be2bc3147c r14395: Fix coverity bug #55. Ensure no unsigned/signed comparisons.
Jeremy.
(This used to be commit cd3ad3f1a6f622b4bad5cb21b132de4cc476e03f)
2007-10-10 11:15:28 -05:00
Jeremy Allison
e6676a9a69 r14387: Try and fix the coverity issues (#53, #54) with negative
sink by ensuring all uses of rpcstr_push are consistent
with a size_t dest size arg.
Jeremy.
(This used to be commit f65d7afe1977d9d85046732842f9643716c15088)
2007-10-10 11:15:27 -05:00
Jeremy Allison
d1684fa82e r14353: Fix coverity bugs #61 and #62. Remember to divide by
the size of the data table. Clean up the struct a little.
Jeremy.
(This used to be commit 338538410d484a9358b60b05a86180275344ffa4)
2007-10-10 11:15:26 -05:00
Jeremy Allison
bd1e853c19 r14338: Fix coverity #55 by explicit cast.
Jeremy.
(This used to be commit 1fece52da4d667fa182aa9a87aaee3917860448b)
2007-10-10 11:15:25 -05:00
Jeremy Allison
d72bb5627c r14303: Fix coverity #223. In a loop we were forgetting to free
resources on error exit path.
Jeremy.
(This used to be commit f71aa3ab8fdfd08c1bec57b6506ead7c4af7299d)
2007-10-10 11:15:24 -05:00
Jeremy Allison
ad838bf65e r14301: Fix coverity #224. In a loop we were forgetting to free
resources on error exit path.
Jeremy.
(This used to be commit f1a5e5aefeeb78512c41cc8fc075b240696a3eb7)
2007-10-10 11:15:24 -05:00
Jeremy Allison
860015db1f r14299: Fix coverity #225. In a loop we were forgetting to free
resources on error exit path.
Jeremy.
(This used to be commit 1c0b4ed0acdb7fccb148d714796752fefc6dd78c)
2007-10-10 11:15:24 -05:00
Jeremy Allison
19879eba83 r14289: Fix coverity #101, resource leak on error code path.
Jeremy.
(This used to be commit d9e1d6fed099e7651807aa839a743fc7756ee326)
2007-10-10 11:15:23 -05:00
Jeremy Allison
acc651a31b r14286: Similar clarifiction fix for coverity #102.
Jeremy.
(This used to be commit f458596b0edd958321c5d4061f034846348a3fe6)
2007-10-10 11:15:23 -05:00
Jeremy Allison
e4600491cf r14284: Fix coverity bug #103. Make code clearer - probably
not a real issue but this code is easier to read.
Jeremy.
(This used to be commit 6621acc68f9a65540330d5c0d07db2488a3e8678)
2007-10-10 11:15:23 -05:00
Jeremy Allison
bb0d6f0459 r14268: Fix coverity error #204. Resource leak on error path.
Jeremy.
(This used to be commit 5f74e56b865e0bdde0e574cd5f97cf29b06ad155)
2007-10-10 11:15:22 -05:00
Jeremy Allison
88dda37184 r14266: Fix coverity #205. Resource leak on error path.
Jeremy.
(This used to be commit 23d69758bbff9687ab508e12931a5a49691d7e0d)
2007-10-10 11:15:21 -05:00
Jeremy Allison
65eb331afc r14264: Fix coverity #207. Resource leak on error path.
Jeremy.
(This used to be commit 0429b6e8c34a99d4b2a9a4849075ef2a5acadf9e)
2007-10-10 11:15:21 -05:00
Jeremy Allison
05b4d0b38e r14250: Fix coverity bug #107. Resource leak on error path.
Jeremy.
(This used to be commit ca96c7be778d01594a540917acd3c5c218d6459c)
2007-10-10 11:15:20 -05:00
Volker Lendecke
71bf1be099 r14233: Fix Coverity bug # 206
(This used to be commit 0dc3030bce7bc7a58c509c70fe503a70db80b62d)
2007-10-10 11:15:18 -05:00
Volker Lendecke
c9f256cb6c r14226: Fix Coverity bug # 109
(This used to be commit e9a63e3b35822eefbc5e17b6f9a4aab5e8c03074)
2007-10-10 11:15:18 -05:00
Jeremy Allison
dd728b4712 r14182: Ensure we know that dom_sid cannot be null.
Jeremy.
(This used to be commit e3a28bf4c8064f7053b7d1a25a2f087ac2095fcd)
2007-10-10 11:15:15 -05:00
Jeremy Allison
5a1c225c18 r14178: Clarify code for Coverity #49. Ensure we know we
can't have an uninitialized *returned val.
Jeremy.
(This used to be commit e83515afd2cb63b0dfa4f7fe00b6b7163bf35f2f)
2007-10-10 11:15:15 -05:00
Jeremy Allison
77709e58ad r14031: Coverity bug CID #110. Free all resources correctly
on pipe initialization failure.
Jeremy.
(This used to be commit daa919a94b3d81401654004bc0f32c45451203c1)
2007-10-10 11:11:06 -05:00
Jeremy Allison
f7bf439030 r13994: Belt and braces - ensure RPC_BUFFER is valid.
Jeremy.
(This used to be commit d993797191865878ebfd2ff9028d341017605cd6)
2007-10-10 11:11:03 -05:00
Jeremy Allison
894358a8f3 r13915: Fixed a very interesting class of realloc() bugs found by Coverity.
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.

The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :

 tmp = realloc(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :

 p = realloc(p, size)
 if (!p) {
    return error;
 }

which will leak the memory pointed to by p on realloc fail.

This commit (hopefully) fixes all these cases by moving to
a standard idiom of :

 p = SMB_REALLOC(p, size)
 if (!p) {
    return error;
 }

Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.

For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :

 tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).

It remains to be seen what this will do to our Coverity bug count :-).

Jeremy.
(This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2007-10-10 11:10:59 -05:00
Gerald Carter
129fd6c5c6 r13878: move PORT_DATA_1 to use static sized UNICODE strings as per MSDN
(This used to be commit c803e1b2afdfc5bd983f046c976c01adebcfa1ad)
2007-10-10 11:10:57 -05:00