1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

1156 Commits

Author SHA1 Message Date
Jeremy Allison
fbdcf2663b r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need
to do the upper layer directories but this is what
everyone is waiting for....

Jeremy.
(This used to be commit 9dafb7f48c)
2007-10-10 11:19:14 -05:00
Volker Lendecke
66259d06fb r16866: No idea why I did not see the warning, sorry....
(This used to be commit 84913caebd)
2007-10-10 11:19:12 -05:00
Volker Lendecke
3899f95e1f r16865: This is a proposal to fix bug 3915. Before sending patches around, this is
what svn is for.

The idea is that we fall back to a pure unix user with S-1-22 SIDs in the
token in case anything weird is going on with the 'force user'.

Volker
(This used to be commit 9ec5ccfe85)
2007-10-10 11:19:12 -05:00
Jeremy Allison
ae30a44bc0 r16683: Fix bug #3900 reported by jason@ncac.gwu.edu.
Jeremy.
(This used to be commit 8c7e40f2a4)
2007-10-10 11:19:07 -05:00
Jeremy Allison
5e924c3962 r16681: Fix bug #3899 reported by jason@ncac.gwu.edu.
Jeremy.
(This used to be commit 1cd9a0ef83)
2007-10-10 11:19:07 -05:00
Jeremy Allison
b85c276e95 r16678: Fix bug #3898 reported by jason@ncac.gwu.edu.
Jeremy.
(This used to be commit 5c5ea3152f)
2007-10-10 11:19:07 -05:00
Jeremy Allison
124cd3c604 r16663: Fix coverity #301, memleak in error path.
Jeremy.
(This used to be commit dfdb4ce891)
2007-10-10 11:19:06 -05:00
Jeremy Allison
6c94466d7b r16628: Fix bug #3880, reported by jason@ncac.gwu.edu
by ensuring we return the correct enum for sid
type, not a uint32.
Jeremy.
(This used to be commit 98a5e20ff4)
2007-10-10 11:19:04 -05:00
Jeremy Allison
5887885da3 r16624: Fix bug #3877, reported by jason@ncac.gwu.edu
Jeremy.
(This used to be commit 1f52b8b406)
2007-10-10 11:19:04 -05:00
Jeremy Allison
8e274e8661 r16593: Make the invarient explicit to Klocwork. Bug #2023.
Jeremy.
(This used to be commit 720a917205)
2007-10-10 11:19:02 -05:00
Jeremy Allison
d1014c1cdf r16582: Fix Klocwork #1997 and all generic class of problems
where we don't correctly check the return from memdup.
Jeremy.
(This used to be commit ce14daf51c)
2007-10-10 11:19:01 -05:00
Volker Lendecke
ca8b86c51a r16427: Fix bug # 3848. Thanks to Wilco Baan Hofman for testing the release candidate!
Volker
(This used to be commit adf2dcce09)
2007-10-10 11:18:53 -05:00
Jeremy Allison
684dd7f2cf r16383: Klocwork #1086. No null deref.
Jeremy.
(This used to be commit 7b68a2acfc)
2007-10-10 11:18:50 -05:00
Jeremy Allison
795c99d6b8 r16381: Now samu can't be null don't check it on set. Klockwork
related fix.
Jeremy.
(This used to be commit 2e5a881478)
2007-10-10 11:18:50 -05:00
Volker Lendecke
e7fc37cf0f r16360: Fix Klocwork ID 136 520 521 522 523 542 574 575 576 607
in net_rpc.c: 715 716 732 734 735 736 737 738 739 749

in net_rpc_audit.c: 754 755 756

in net_rpc_join.c: 757

in net_rpc_registry: 766 767

in net_rpc_samsync.c: 771 773

in net_sam.c: 797 798

Volker
(This used to be commit 3df0bf7d60)
2007-10-10 11:18:48 -05:00
Günther Deschner
17cbb65317 r16350: Fix the build.
GUenther
(This used to be commit 3203ce3b49)
2007-10-10 11:17:37 -05:00
Volker Lendecke
e279878b28 r16334: Fix Klocwork ID's 1087, 1095, 1096, 1098, 1099, 1101, 1102, 1105, 1107, 1109,
1111

Volker
(This used to be commit d3f5acb16e)
2007-10-10 11:17:34 -05:00
Jeremy Allison
f9147c4e40 r16241: Fix Klocwork #106 and others like it.
Make 2 important changes. pdb_get_methods()
returning NULL is a *fatal* error. Don't try
and cope with it just call smb_panic. This
removes a *lot* of pointless "if (!pdb)" handling
code. Secondly, ensure that if samu_init()
fails we *always* back out of a function. That
way we are never in a situation where the pdb_XXX()
functions need to start with a "if (sampass)"
test - this was just bad design, not defensive
programming.
Jeremy.
(This used to be commit a0d368197d)
2007-10-10 11:17:27 -05:00
Volker Lendecke
8fa2907efd r16197: Fix Klocwork id 1338
(This used to be commit 963ae5bd14)
2007-10-10 11:17:24 -05:00
Jeremy Allison
685aed3fb4 r16155: Janitor for jelmer.
Fix typo in DEBUG()
Jeremy.
(This used to be commit da768bf9c2)
2007-10-10 11:17:23 -05:00
Günther Deschner
d28456fe22 r16121: Fix a eDir related memory leak.
Guenther
(This used to be commit 322f1664df)
2007-10-10 11:17:21 -05:00
Jeremy Allison
f897e7094f r16076: Fix for machine password timeout overflow from Shlomi Yaakobovich
<Shlomi@exanet.com>.
Jeremy.
(This used to be commit 5cd234a1ff)
2007-10-10 11:17:19 -05:00
Volker Lendecke
40dc4e2d1a r16064: Bug fix for another one Tom Bork has reported:
'valid users = +unixgroup' failed with smbpasswd if 'unixgroup' has a
(non-algorithmic) group mapping.

Thanks a lot!

People out there listening, please test current code, this release is

	   **BIG**

:-)

Volker
(This used to be commit 8f9ba5f96c)
2007-10-10 11:17:19 -05:00
Jeremy Allison
3d4d799eee r16016: Add debug to be symetrical with reading from
cache.
Jeremy.
(This used to be commit da26565a2e)
2007-10-10 11:17:17 -05:00
Volker Lendecke
d7dbf37825 r16014: Correctly set the group RID in init_sam_from_buffer.
BIG THANKS to Tom Bork for reporting that Bug!

Volker
(This used to be commit 40339fdcce)
2007-10-10 11:17:17 -05:00
Jeremy Allison
865e13aea1 r15895: Ensure all new rid allocation goes through
the same function (deals with races).
Jeremy.
(This used to be commit 4962548dfe)
2007-10-10 11:17:12 -05:00
Jeremy Allison
a835b9500a r15888: Fix bug #3804 from jason@ncac.gwu.edu
Invalid comparisons.
Jeremy.
(This used to be commit 9890a31c5f)
2007-10-10 11:17:12 -05:00
Günther Deschner
f81e4521bf r15649: Allow to store 24 password history entries in ldapsam (same limit as on
Windows). Fixes bug #1914.

Guenther
(This used to be commit b5a5d0b24e)
2007-10-10 11:17:05 -05:00
Günther Deschner
22bed618b6 r15633: Minor smbldap/pdb_ldap cleanup
Guenther
(This used to be commit 1b5a712467)
2007-10-10 11:17:04 -05:00
Volker Lendecke
75d2304643 r15601: Fix segfaults with 'security=share' and 'guest only = yes'
Volker
(This used to be commit ea7cced6bc)
2007-10-10 11:17:03 -05:00
Volker Lendecke
91828b893d r15571: Fix Coverity bug #285
(This used to be commit 2cf503d7da)
2007-10-10 11:17:02 -05:00
Gerald Carter
745e2490ae r15547: say goodbye to --with-ldapsam (although the ldapsam_compat passdb backend still exists
(This used to be commit 7d99e05ee8)
2007-10-10 11:16:58 -05:00
Günther Deschner
fc5f948260 r15542: Close the LDAP connection and free the struct, regardless whether the
simple bind operation was successful or not.

Guenther
(This used to be commit e4734cb99c)
2007-10-10 11:16:57 -05:00
Jeremy Allison
d819760f8e r15444: Fix from Jim to ensure we do a wildcard search for SID's
starting with the global SAM sid, not an exact search.
Jeremy.
(This used to be commit 755c272ebf)
2007-10-10 11:16:45 -05:00
Volker Lendecke
be8e338ef7 r15360: Fix bug # 3741. One more place where the algorithmic mapping needs to stay.
Volker
(This used to be commit 898948d654)
2007-10-10 11:16:37 -05:00
Gerald Carter
6e807c763f r15310: only store lanman passwords on a change if 'lanman auth = yes'
(This used to be commit b6904e0950)
2007-10-10 11:16:34 -05:00
Paul Green
31693197be r15283: Oh yeah. The build farm doesn't do much with head. OK, here is the patch to SAMBA_3_0 to declare prototypes for the initialization functions. These are the same changes I just made to head. --paulg
(This used to be commit 17774387ad)
2007-10-10 11:16:31 -05:00
Volker Lendecke
e17302200c r15101: Little step towards getting Samba4 tdb into 3: tdb_lock_bystring does not
have the timeout argument in Samba4. Add a new routine
tdb_lock_bystring_with_timeout.

Volker
(This used to be commit b9c6e3f556)
2007-10-10 11:16:23 -05:00
Volker Lendecke
4cde26cfc9 r15009: Add a check for NULL
(This used to be commit 0a7d4f1ab1)
2007-10-10 11:15:56 -05:00
Gerald Carter
e4998337e7 r14868: I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.

...

Fix my brain dead inverted logic for turning winbindd on and off
when run on a DC or when calling pdb functions from within winbindd.
(This used to be commit 021b3dc2db)
2007-10-10 11:15:52 -05:00
Gerald Carter
6c9eaa6880 r14855: Various fixes:
* depreacte 'acl group control' after discussion with Jeremy
  and implement functionality as part of 'dos filemode'
* fix winbindd on a non-member server to expand local groups
* prevent code previously only used by smbd from blindly
  turning _NO_WINBINDD back on
(This used to be commit 4ab372f4ca)
2007-10-10 11:15:51 -05:00
Jeremy Allison
d0c0079ef8 r14780: Fix coverity bug #272, null deref.
Jeremy.
(This used to be commit 1588ce8efe)
2007-10-10 11:15:48 -05:00
Günther Deschner
57909a1540 r14758: Fix broken LDAP search filter.
Guenther
(This used to be commit 25970a5429)
2007-10-10 11:15:46 -05:00
Günther Deschner
2ab46a7a93 r14756: Make smbpasswd -a root work for eDirectory where there is no "account"
structural objectclass.

Guenther
(This used to be commit 7eefeaad35)
2007-10-10 11:15:46 -05:00
Jelmer Vernooij
ac2b7c0d93 r14696: make pdb_find_backend_entry public (for use by an external "multi" pdb backend)
(This used to be commit c149421ef7)
2007-10-10 11:15:44 -05:00
Gerald Carter
1839b4be14 r14634: Many bug fixes thanks to train rides and overnight stays in airports
* Finally fix parsing idmap uid/gid ranges not to break with spaces
  surrounding the '-'
* Allow local groups to renamed by adding info level 2 to
  _samr_set_aliasinfo()
* Fix parsing bug in _samr_del_dom_alias() reply
* Prevent root from being deleted via Samba
* Prevent builting groups from being renamed or deleted
* Fix bug in pdb_tdb that broke renaming user accounts
* Make sure winbindd is running when trying to create the Administrators
  and Users BUILTIN groups automatically from smbd (and not just check the
  winbind nexted groups parameter value).
* Have the top level rid allocator verify that the RID it is about to
  grant is not already assigned in our own SAM (retries up to 250 times).
  This fixes passdb with existing SIDs assigned to users from the RID algorithm
  but not monotonically allocating the RIDs from passdb.
(This used to be commit db1162241f)
2007-10-10 11:15:41 -05:00
Gerald Carter
5aa66fd039 r14577: BUG Fixes:
* Add back in the import/export support to pdbedit
* Fix segv in pam_smbpass
* Cleanup some error paths in pdb_tdb and pdb_interface
(This used to be commit df53d64910)
2007-10-10 11:15:37 -05:00
Gerald Carter
41a0da4cfc r14457: Add a few more special cases for RID 513 in the samr code.
Now that I know what all the requirements for this group are
I can generalize the code some more and make it cleaner.
But at least this is working with lusrmgr.msc on XP and 2k now.
(This used to be commit d2c1842978)
2007-10-10 11:15:31 -05:00
Gerald Carter
14b07dccc0 r14452: Sorry. Need more coffee....
* Fix sprintf() args when createing the group search filter.
(This used to be commit 0b7549997a)
2007-10-10 11:15:31 -05:00
Gerald Carter
5133ab016e r14451: In order to get pdb_ldap searching for SID_NAME_ALIAS
groups in the ${MACHINESID} and S_1-5-32 domains correctly,
I had to add a substr search on sambaSID.

* add substr matching rule to OpenLDAP schema
  (we need to update the other schema as will since this
  is a pretty important change).  Sites will need to
  - install the new schema
  - add 'indea sambaSID   sub' to slapd.conf
  - run slapindex

* remove uses of SID_NAME_WKN_GRP in pdb_ldap.c
(This used to be commit 2c0a46d731)
2007-10-10 11:15:30 -05:00
Gerald Carter
0ce53f8ba5 r14403: * modifies create_local_nt_token() to create a BUILTIN\Administrators
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'

* Add a SID domain to the group mapping enumeration passdb call
  to fix the checks for local and builtin groups.  The SID can be
  NULL if you want the old semantics for internal maintenance.
  I only updated the tdb group mapping code.

* remove any group mapping from the tdb that have a
  gid of -1 for better consistency with pdb_ldap.c.
  The fixes the problem with calling add_group_map() in
  the tdb code for unmapped groups which might have had
  a record present.

* Ensure that we distinguish between groups in the
  BUILTIN and local machine domains via getgrnam()
  Other wise BUILTIN\Administrators & SERVER\Administrators
  would resolve to the same gid.

* Doesn't strip the global_sam_name() from groups in the
  local machine's domain (this is required to work with
  'winbind default domain' code)

Still todo.

* Fix fallback Administrators membership for root and domain Admins
  if nested groups = no or winbindd is not running

* issues with "su - user -c 'groups'" command

* There are a few outstanding issues with BUILTIN\Users that
  Windows apparently tends to assume.  I worked around this
  presently with a manual group mapping but I do not think
  this is a good solution.  So I'll probably add some similar
  as I did for Administrators.
(This used to be commit 612979476a)
2007-10-10 11:15:28 -05:00
Volker Lendecke
b3d058a0ec r14103: Fix a memleak found by valgrind (!!)
(This used to be commit b880602c4c)
2007-10-10 11:11:12 -05:00
Volker Lendecke
56a99b1d1c r14102: Fix Coverity bug # 70
(This used to be commit 56dc19879c)
2007-10-10 11:11:12 -05:00
Jeremy Allison
e096440b74 r14088: Fix Coverity bug #20. Don't deref possible null.
Jeremy.
(This used to be commit 7f3ace5481)
2007-10-10 11:11:11 -05:00
Volker Lendecke
4357ef3bd6 r13979: We've dereferenced my_methods already, so there's no point in checking for
!= NULL. Coverity #149.

Volker
(This used to be commit d38e05329a)
2007-10-10 11:11:02 -05:00
Jeremy Allison
894358a8f3 r13915: Fixed a very interesting class of realloc() bugs found by Coverity.
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.

The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :

 tmp = realloc(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :

 p = realloc(p, size)
 if (!p) {
    return error;
 }

which will leak the memory pointed to by p on realloc fail.

This commit (hopefully) fixes all these cases by moving to
a standard idiom of :

 p = SMB_REALLOC(p, size)
 if (!p) {
    return error;
 }

Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.

For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :

 tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).

It remains to be seen what this will do to our Coverity bug count :-).

Jeremy.
(This used to be commit 1d710d06a2)
2007-10-10 11:10:59 -05:00
Simo Sorce
d54010e219 r13843: Merge in net sam provision and some pdb_ldap fixes
(This used to be commit 705d811808)
2007-10-10 11:10:56 -05:00
Volker Lendecke
30675b36f5 r13791: Having S-1-1-0 show up in winbind lookupsid does not really make sense.
Volker
(This used to be commit ae9614ce01)
2007-10-10 11:10:54 -05:00
Simo Sorce
1da8345777 r13776: Merge in the editposix ldapsam optimization
(This used to be commit a374546c7e)
2007-10-10 11:10:53 -05:00
Gerald Carter
5837baa126 r13765: Fix bug reported by jra. Don't check for a group SID when storing
a user since we no longer pay any attention to the value.
(This used to be commit 085c6859ee)
2007-10-10 11:10:53 -05:00
Gerald Carter
a8325d28d2 r13756: use samu_new() rather than calling talloc() directly.
(This used to be commit c13af58f63)
2007-10-10 11:10:52 -05:00
Jeremy Allison
ddf14cc286 r13747: Fix the reference count for tdbsam_open() - on an
upgrade it calls tdbsam_convert() which calls tdbsam_open()
deep inside the init_sam_from_buffer_vX call.
If the ref count hasn't been set yet then we will close
the tdbsam reference in tdbsam_getsampwsid().
smbpasswd -a was core-dumping again :-).
Jeremy
(This used to be commit 993069eb87)
2007-10-10 11:10:51 -05:00
Volker Lendecke
2479b8305b r13729: Fix smbpasswd -x
(This used to be commit 2afcbbfb6f)
2007-10-10 11:10:51 -05:00
Volker Lendecke
06e720a66c r13728: No, we have not talked about this on irc less than 24h ago... ;-)
(This used to be commit 59f95ea752)
2007-10-10 11:10:51 -05:00
Volker Lendecke
ded57f29b3 r13727: Fix a segfault
(This used to be commit 76c100834d)
2007-10-10 11:10:51 -05:00
Günther Deschner
e54786b535 r13711: * Correctly handle acb_info/acct_flags as uint32 not as uint16.
* Fix a couple of related parsing issues.
* in the info3 reply in a samlogon, return the ACB-flags (instead of
  returning zero)

Guenther
(This used to be commit 5b89e8bc24)
2007-10-10 11:10:25 -05:00
Jeremy Allison
2ef2e01314 r13704: Janitor for tpot.
Jeremy
-------------
Slightly smaller version of pdb_get_methods() patch.  Turns out that
callers to initialize_password_db() use the reload parameter so this
has turned in to a smaller cleanup than I thought.
(This used to be commit 7e243104eb)
2007-10-10 11:10:24 -05:00
Volker Lendecke
9fffb6ab5b r13693: More Solaris/LDAP fixes from Bjoern <bjoern@j3e.de>
(This used to be commit 7c098ca0ae)
2007-10-10 11:10:24 -05:00
Volker Lendecke
2ced94c54d r13683: Fix the 'valid users = +users' problem I introduced.
Volker
(This used to be commit dbdb8bdb99)
2007-10-10 11:10:23 -05:00
Gerald Carter
d95e13e68f r13679: Commiting the rm_primary_group.patch posted on samba-technical
* ignore the primary group SID attribute from struct samu*
* generate the primary group SID strictlky from the Unix
  primary group when dealing with passdb users
* Fix memory leak in original patch caused by failing to free a
  talloc *
* add wrapper around samu_set_unix() to prevent exposing the create
  BOOL to callers.  Wrappers are samu_set_unix() and samu-allic_rid_unix()
(This used to be commit bcf269e2ec)
2007-10-10 11:10:23 -05:00
Volker Lendecke
2b0277a1d6 r13678: Remove unneeded braces
(This used to be commit faf1d832a1)
2007-10-10 11:10:23 -05:00
Günther Deschner
cab298856a r13622: Allow to rename machine accounts in a Samba Domain. This still uses the
"rename user script" to do the rename of the posix machine account (this
might be changed later). Fixes #2331.

Guenther
(This used to be commit b2eac2e6eb)
2007-10-10 11:10:19 -05:00
Gerald Carter
6622ba566e r13601: * Remove unused code from pdb_ldap.c
* Add a 'struct passwd *' to the struct samu for later reference
  (I know this may be controversial but its easily reverted which is
  is why I'm checking this is as a seaparate patch before I get
  too deep).
* Remove unix_homedir from struct samu {} and update the pdb wrapper
  functions associated with it.
(This used to be commit 92c251fdf0)
2007-10-10 11:10:18 -05:00
Gerald Carter
7b9736eb74 r13600: Move functions local to tdbsam to pdb_tdb.c
(This used to be commit e3489f7edd)
2007-10-10 11:10:18 -05:00
Gerald Carter
6a09da5d9e r13593: consolidate pdb_set_sam_sids() into samu_set_unix() which
was the only place it was called from.
(This used to be commit 6568c9cb03)
2007-10-10 11:10:18 -05:00
Gerald Carter
cd55919263 r13590: * replace all pdb_init_sam[_talloc]() calls with samu_new()
* replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix()
(This used to be commit 6f1afa4acc)
2007-10-10 11:10:16 -05:00
Gerald Carter
87ef96e6be r13589: Make sure we only try to close the tdbsam file in endsampwent() when we
have a valid pwent list from a setsampwent().  Fixes a bug with the
reference count on the open tdb.
(This used to be commit 77332f0738)
2007-10-10 11:10:16 -05:00
Gerald Carter
2203bed32c r13576: This is the beginnings of moving the SAM_ACCOUNT data structure
to make full use of the new talloc() interface.  Discussed with Volker
and Jeremy.

* remove the internal mem_ctx and simply use the talloc()
  structure as the context.
* replace the internal free_fn() with a talloc_destructor() function
* remove the unnecessary private nested structure
* rename SAM_ACCOUNT to 'struct samu' to indicate the current an
  upcoming changes.  Groups will most likely be replaced with a
  'struct samg' in the future.

Note that there are now passbd API changes.  And for the most
part, the wrapper functions remain the same.

While this code has been tested on tdb and ldap based Samba PDC's
as well as Samba member servers, there are probably still
some bugs.  The code also needs more testing under valgrind to
ensure it's not leaking memory.

But it's a start......
(This used to be commit 19b7593972)
2007-10-10 11:10:15 -05:00
Gerald Carter
fb5362c069 r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()
macro which sets the freed pointer to NULL.
(This used to be commit b65be8874a)
2007-10-10 11:10:14 -05:00
Gerald Carter
ac456c7440 r13550: remove pdb_guest
(This used to be commit db575c7641)
2007-10-10 11:10:13 -05:00
Jeremy Allison
952a631d5d r13548: Always use the get_remote_macinhe_name() as the key
for the creds store. This should fix the problems
Jerry reported (but I have still to run tests :-).
Jeremy.
(This used to be commit 43f095a38d)
2007-10-10 11:10:13 -05:00
Gerald Carter
671c0098f6 r13545: A patch which I think it's time has come. VOlker, we can talk about
this more but it gets around the primary group issue.

* don't map a SID to a name from the group mapping code if
  the map doesn't have a valid gid.  This is only an issue
  in a tdb setup
* Always allow S-1-$DOMAIN-513 to resolve (just like Windows)
* if we cannot resolve a users primary GID to a SID, then set
  it to S-1-$DOMAIN-513
* Ignore the primary group SID inside pdb_enum_group_memberships().
  Only look at the Unix group membersip.

Jeremy, this fixes a fresh install startup for smbd as far as my tests
are concerned.
(This used to be commit f79f4dc4c5)
2007-10-10 11:10:12 -05:00
Jeremy Allison
5f8a70d01e r13542: Don't reuse a pointer we just freed (Doh!).
Jeremy.
(This used to be commit e755155b0e)
2007-10-10 11:10:11 -05:00
Jeremy Allison
c7aad1deea r13538: Make sure we store all 16 bytes of credentials session
key and delete records that are old. We will need this
for the full 16 byte session key support.
Jeremy.
(This used to be commit cef240d571)
2007-10-10 11:10:11 -05:00
Jeremy Allison
3e4cf56fa3 r13519: Fix the credentials chaining across netlogon pipe disconnects.
I mean it this time :-).
Jeremy.
(This used to be commit 80f4868944)
2007-10-10 11:10:09 -05:00
Gerald Carter
ab4fa1958f r13512: Rewrite tdbsam code to use a reference count based open/close
on the tdb file.  This allow recusive calls to succeed
without complaining about failed opens since a tdb can
only be opened once per process.  We probably still need to backport
the transaction support from Samba 4 here though.
(This used to be commit 94c37e0652)
2007-10-10 11:10:08 -05:00
Volker Lendecke
301d51e13a r13494: Merge the stuff I've done in head the last days.
Volker
(This used to be commit bb40e544de)
2007-10-10 11:10:06 -05:00
Volker Lendecke
3b67210eec r13493: module_name and module_location are the same string. Fix a valgrind
error.

Volker
(This used to be commit 5a92df31d6)
2007-10-10 11:10:06 -05:00
Gerald Carter
75ef18fa75 r13460: by popular demand....
* remove pdb_context data structure
* set default group for DOMAIN_RID_GUEST user as RID 513 (just
  like Windows)
* Allow RID 513 to resolve to always resolve to a name
* Remove auto mapping of guest account primary group given the
  previous 2 changes
(This used to be commit 7a2da5f0cc)
2007-10-10 11:10:04 -05:00
Jeremy Allison
ad8b47a2ba r13407: Change the credentials code to be more like the Samba4 structure,
makes fixes much easier to port. Fix the size of dc->sess_key to
be 16 bytes, not 8 bytes - only store 8 bytes in the inter-smbd
store in secrets.tdb though. Should fix some uses of the dc->sess_key
where we where assuming we could read 16 bytes.
Jeremy.
(This used to be commit 5b3c2e63c7)
2007-10-10 11:09:59 -05:00
Volker Lendecke
7fc2c0befb r13389: get_ldap_filter is only used once, make it static
(This used to be commit d3b66fb871)
2007-10-10 11:09:58 -05:00
Volker Lendecke
74f32df289 r13338: Remove the experimental pdb modules
(This used to be commit a3bc4f5114)
2007-10-10 11:06:25 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Gerald Carter
855e02f164 r13310: first round of server affinity patches for winbindd & net ads join
(This used to be commit 6c3480f9ae)
2007-10-10 11:06:23 -05:00
Volker Lendecke
b2e8358b3d r13209: Make smbpasswd -a work again if passdb did not exist.
Volker
(This used to be commit e747ea7250)
2007-10-10 11:06:17 -05:00
Jeremy Allison
139acd2470 r13190: Fix #3458 from Andriy Gapon <avg@icyb.net.ua>. Don't
access free'd memory.
Jerry please pick up for 3.0.21b !
Jeremy.
(This used to be commit c0ba64297a)
2007-10-10 11:06:16 -05:00
Jeremy Allison
114a24c19b r13175: Actually make adding a new user into an empty pdbtdb
file create the file.
Jeremy.
(This used to be commit 31b3201f53)
2007-10-10 11:06:16 -05:00
Jeremy Allison
3ea781f62a r13172: Fix incorrect error message when new tdb not created correctly.
Jeremy.
(This used to be commit e5f19ad5ac)
2007-10-10 11:06:16 -05:00
Gerald Carter
c5e7ddc63b r12913: missed merge to fix BUG 3391; ensure we can lookup account policies
(This used to be commit 77575c64e4)
2007-10-10 11:06:06 -05:00
Günther Deschner
c3a2101da0 r12714: Fix segfault in pdb_nds.c.
Guenther
(This used to be commit f78c7f8abe)
2007-10-10 11:06:01 -05:00