IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We need to keep the names around on the search. Probably a tdb_move would do it
here as well, but RPC is not the fastest thing on earth anyway...
Thanks to Günther for pointing that out to me!
(This used to be commit c9472ae610)
I very much doubt that this is called enough to justify a global. If this turns
out to be a hot code path, we might reconsider :-)
(This used to be commit 5223d18ea2)
This is to ease debugging. I sporadically get panics that are
apparently due to NULL domain sid passed to lookup_rids somewhere.
Michael
(This used to be commit 723e877c24)
One lp_private_dir() has to be used instead of get_dyn_PRIVATE_DIR()
to determine the location of the passdb.tdb.
I noticed this when running make test as a "normal user" from a
build, where I had done "make install" as root before, and so
the passdb.tdb could not be accessed during the startup phase
"CREATE TEST ENVIRONMENT IN ./st ..." in selftest.sh.
Michael
(This used to be commit 1f96389afa)
Jerry, as part of d6cdbfd87 the default location of passdb.tdb has changed from
the private directory to the state directory. I think because passdb.tdb holds
the password hashes, it is reasonable to keep this next to the smbpasswd file.
Please review and potentially push.
Thanks,
Volker
(This used to be commit c9c7607c40)
This patch is still incomplete in that winbindd does not walk
the the trusted domains to lookup unqualified names here.
Apart from that this fix should be pretty much complete.
Michael
(This used to be commit f7efc0eca9)
As it breaks all tests which try to join a new machine account.
So more testing is needed...
metze
This reverts commit dd320c0924.
(This used to be commit cccb80b7b7)
get_trust_pw() just now computes the md4 hash of the result of
get_trust_pw_clear() if that was successful. As a last resort,
in the non-trusted-domain-situation, get_trust_pw() now tries to
directly obtain the hashed version of the password out of secrets.tdb.
Michael
(This used to be commit 4562342eb8)
into a new function secrets_fetch_trust_account_password_legacy() that
does only try to obtain the hashed version of the machine password directly
from secrets.tdb.
Michael
(This used to be commit 91da12b751)
Up to now each caller used its own logic.
This eliminates code paths where there was a special treatment
of the following situation: the domain given is not our workgroup
(i.e. our own domain) and we are not a DC (i.e. it is not a typical
trusted domain situation). In situation the given domain name was
previously used as the machine account name, resulting in an account
name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me.
get_trust_pw would not have obtained a password in this situation
anyways.
I hope I have not missed an important point here!
Michael
(This used to be commit 6ced4a7f88)
secrets_store_trust_account_password() and trust_password_delete()
are the write access functions to the SECRETS/$MACHINE.ACC/domain keys
in secrets.tdb, the md4 hashed machine passwords. These are not used
any more: Current code always writes the clear text password.
Michael
(This used to be commit 4788fe3924)
This is a first patch aimed at fixing bug #4801.
It is still incomplete in that winbindd does not walk
the the trusted domains to lookup unqualified names here.
Apart from that this fix should be pretty much complete.
Michael
(This used to be commit dd320c0924)
New size calculation logic in tdb_trusted_dom_pass_pack()
and tdb_sid_pack() used accumulated sizes as successive offsets
to buffer pointer.
Michael
(This used to be commit 9c24713b40)
The point is doing the following associations:
- non discardable state data (all TDB files that may need to be backed
up) go to statedir
- shared data (codepage stuff) go to codepagedir
The patch *does not change* the default location for these
directories. So, there is no behaviour change when applying it.
The main change is for samba developers who have to think when dealing
with files that previously pertained to libdir whether they:
- go in statedir
- go in codepagedir
- stay in libdir
(This used to be commit d6cdbfd875)
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
passdb backend = ldapsam.
Along with reproducing the functionality of the secrets.tdb
code, I have prepared the handling of the previous trust password
(in case we are contacting a dc which does not yet know of a recent
password change). This information has still to be propagated
to the outside, but this requires a change of the api and also
a change of the secrets.tdb code.
Michael
(This used to be commit 6c3c20e6c4)
> Here's the problem I hit:
>
> getgrnam("foo") -> nscd -> NSS -> winbindd ->
> winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() ->
> getgrnam("foo") -> nscd -> ....
>
> This is in the SAMBA_3_0 specifically but in theory could happen
> SAMBA_3_0_25 (or 26) for an unknown group.
>
> The attached patch passes down enough state for the
> name_to_sid() call to be able to determine the originating
> winbindd cmd that came into the parent. So we can avoid
> making more NSS calls if the original call came in trough NSS
> so we don't deadlock ? But you should still service
> lookupname() calls which are needed for example when
> doing the token access checks for a "valid groups" from
> smb.conf.
>
> I've got this in testing now. The problem has shown up with the
> DsProvider on OS X and with nscd on SOlaris and Linux.
(This used to be commit bcc8a3290a)
we have to take care to preserve the "special" values
for Windows of 0x80000000 and 0x7FFFFFFF when casting
between time_t and uint32. Add conversion functions
(and use them).
Jeremy.
(This used to be commit 4e1a0b2549)
would flood at log level 2. We know when we're using the legacy
mapping code anyways since it will log an informative msg.
(This used to be commit 51aac0fcb4)
r22412 | obnox | 2007-04-20 14:23:36 +0200 (Fr, 20 Apr 2007) | 5 lines
Add a "deletelocalgroup" subcommand to net sam.
Thanks to Karolin Seeger <ks@sernet.de>.
(This used to be commit fb6ac8a5b2)
particular SID. Make sure that the passdb backend will accept the same set
range of local SIDs that the idmap system sends it.
Simo, Jerry - this is a 3_0_25 candidate. Can you please review?
(This used to be commit 86a70adb6a)
yet, the next step will be a secrets_fetch_machine_account() function that
also pulls the account name to be used in the appropriate places.
Volker
(This used to be commit f94e5af72e)
Fix escaping of DN components and filters around the code
Add some notes to commandline help messages about how to pass DNs
revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was
incorrect.
The 2 functions use DNs in different ways.
- lookup_usergroups_member() uses the DN in a search filter,
and must use the filter escaping function to escape it
Escaping filters that include escaped DNs ("\," becomes "\5c,") is the
correct way to do it (tested against W2k3).
- lookup_usergroups_memberof() instead uses the DN ultimately as a base dn.
Both functions do NOT need any DN escaping function as DNs can't be reliably
escaped when in a string form, intead each single RDN value must be escaped
separately.
DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as
they come already escaped on the wire and passed as is by the ldap libraries
DN filtering has been tested.
For example now it is possible to do something like:
'net ads add user joe#5' as now the '#' character is correctly escaped when
building the DN, previously such a call failed with Invalid DN Syntax.
Simo.
(This used to be commit 5b4838f62a)
in the next step we can store them in LDAP to be replicated across DCs.
Thanks to Michael Adam <ma@sernet.de>
Volker
(This used to be commit 3c879745cf)
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
(This used to be commit 0ffca7559e)
password at next logon" code. The "password last set time" of zero now
means "user must change password", because that's how windows seems to
use it. The "can change" and "must change" times are now calculated
based on the "last set" time and policies.
We use the "can change" field now to indicate that a user cannot change
a password by putting MAX_TIME_T in it (so long as "last set" time isn't
zero). Based on this, we set the password-can-change bit in the
faked secdesc.
(This used to be commit 21abbeaee9)
calculated based on the last change time, policies, and acb flags.
Next step will be to not bother storing them. Right now I'm just trying to
get them reported correctly.
(This used to be commit fd5761c9e5)
We usually do not get the results from user/group script modifications
immediately. A lot of users do add nscd restart/refresh commands into
their scripts to workaround that while we could flush the nscd caches
directly using libnscd.
Guenther
(This used to be commit 7db6ce295a)
Remove the account_policy_migrated() thingy, and make cache_account_policy_set
use gencache. Account policies are now handled like groups and users are with
respect to "passdb backend".
Volker
(This used to be commit fa8b2e2a58)
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28)
think. This broke 'make test' because the newly created user was set to be
kicked off Mi, 22 Jan 1975 23:55:33 CET (unix time 159663333) with the
setuserinfo21 call.
I'm not 100% sure that 0x7ff... means max time as I do it here, I vaguely
remember it to mean "don't touch".
Does anybody know that for sure?
Jeremy, please check this.
Thanks,
Volker
(This used to be commit 872d1299eb)
the this should be necessary. If there is still a bug,
I believe that setting thr group RID from the passdb is
masking it. Not fixing it. It is very likely that
the change was necessary before but is no longer
with the recent changes. But I'm not taking the chance
of merging it to 3.0.23c. :-)
(This used to be commit 1a5b90f3c1)
The would have been primaryly used when adding a user to
an smbpasswd file, but could have been introduce to other
backends by using pdbedit -i -e.
The symptom was
[2006/08/09 13:07:43, 0] rpc_parse/parse_samr.c:init_sam_user_info21A(6276)
init_sam_user_info_21A: User nobody has Primary Group SID S-1-22-2-99,
which conflicts with the domain sid S-1-5-21-1825997848-4107600307-1754506280.
Failing operation.
(This used to be commit 0a3aa8b43a)
Remove some unused code: pdb_find_alias is not used anymore, and nobody I
think has ever used the pdb_nop operations for group mapping. smbpasswd and
tdb use the default ones and ldap has its own.
Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right
now really makes use of it, but it feels wrong to throw away information so
early.
Volker
(This used to be commit f9856f6490)
lookup_name_smbconf, otherwise
force user = domain+administrator
can not work. Also attempt to fix the 'valid users = domain+group' bug at the
same time.
Volker
(This used to be commit 255475901c)
up names from smb.conf. If the name is unqualified it
causes the lookup to be done in WORKGROUP\name, then
"Unix [users|groups]"\name rather than searching the
domain. Should fix the problems with "force user"
selecting a domain user by preference.
Jeremy.
(This used to be commit 1e1fcb5eb2)
* Make sure to lower case all usernames before
calling the create, delete, or rename hooks.
* Preserve case for usernames in passdb
* Flush the getpwnam cache after renaming a user
* Add become/unbecome root block in _samr_delete_dom_user()
when trying to verify the account's existence.
(This used to be commit bbe11b7a95)
what svn is for.
The idea is that we fall back to a pure unix user with S-1-22 SIDs in the
token in case anything weird is going on with the 'force user'.
Volker
(This used to be commit 9ec5ccfe85)
in net_rpc.c: 715 716 732 734 735 736 737 738 739 749
in net_rpc_audit.c: 754 755 756
in net_rpc_join.c: 757
in net_rpc_registry: 766 767
in net_rpc_samsync.c: 771 773
in net_sam.c: 797 798
Volker
(This used to be commit 3df0bf7d60)
Make 2 important changes. pdb_get_methods()
returning NULL is a *fatal* error. Don't try
and cope with it just call smb_panic. This
removes a *lot* of pointless "if (!pdb)" handling
code. Secondly, ensure that if samu_init()
fails we *always* back out of a function. That
way we are never in a situation where the pdb_XXX()
functions need to start with a "if (sampass)"
test - this was just bad design, not defensive
programming.
Jeremy.
(This used to be commit a0d368197d)
'valid users = +unixgroup' failed with smbpasswd if 'unixgroup' has a
(non-algorithmic) group mapping.
Thanks a lot!
People out there listening, please test current code, this release is
**BIG**
:-)
Volker
(This used to be commit 8f9ba5f96c)
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
...
Fix my brain dead inverted logic for turning winbindd on and off
when run on a DC or when calling pdb functions from within winbindd.
(This used to be commit 021b3dc2db)
* depreacte 'acl group control' after discussion with Jeremy
and implement functionality as part of 'dos filemode'
* fix winbindd on a non-member server to expand local groups
* prevent code previously only used by smbd from blindly
turning _NO_WINBINDD back on
(This used to be commit 4ab372f4ca)
* Finally fix parsing idmap uid/gid ranges not to break with spaces
surrounding the '-'
* Allow local groups to renamed by adding info level 2 to
_samr_set_aliasinfo()
* Fix parsing bug in _samr_del_dom_alias() reply
* Prevent root from being deleted via Samba
* Prevent builting groups from being renamed or deleted
* Fix bug in pdb_tdb that broke renaming user accounts
* Make sure winbindd is running when trying to create the Administrators
and Users BUILTIN groups automatically from smbd (and not just check the
winbind nexted groups parameter value).
* Have the top level rid allocator verify that the RID it is about to
grant is not already assigned in our own SAM (retries up to 250 times).
This fixes passdb with existing SIDs assigned to users from the RID algorithm
but not monotonically allocating the RIDs from passdb.
(This used to be commit db1162241f)
* Add back in the import/export support to pdbedit
* Fix segv in pam_smbpass
* Cleanup some error paths in pdb_tdb and pdb_interface
(This used to be commit df53d64910)
Now that I know what all the requirements for this group are
I can generalize the code some more and make it cleaner.
But at least this is working with lusrmgr.msc on XP and 2k now.
(This used to be commit d2c1842978)
groups in the ${MACHINESID} and S_1-5-32 domains correctly,
I had to add a substr search on sambaSID.
* add substr matching rule to OpenLDAP schema
(we need to update the other schema as will since this
is a pretty important change). Sites will need to
- install the new schema
- add 'indea sambaSID sub' to slapd.conf
- run slapindex
* remove uses of SID_NAME_WKN_GRP in pdb_ldap.c
(This used to be commit 2c0a46d731)
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'
* Add a SID domain to the group mapping enumeration passdb call
to fix the checks for local and builtin groups. The SID can be
NULL if you want the old semantics for internal maintenance.
I only updated the tdb group mapping code.
* remove any group mapping from the tdb that have a
gid of -1 for better consistency with pdb_ldap.c.
The fixes the problem with calling add_group_map() in
the tdb code for unmapped groups which might have had
a record present.
* Ensure that we distinguish between groups in the
BUILTIN and local machine domains via getgrnam()
Other wise BUILTIN\Administrators & SERVER\Administrators
would resolve to the same gid.
* Doesn't strip the global_sam_name() from groups in the
local machine's domain (this is required to work with
'winbind default domain' code)
Still todo.
* Fix fallback Administrators membership for root and domain Admins
if nested groups = no or winbindd is not running
* issues with "su - user -c 'groups'" command
* There are a few outstanding issues with BUILTIN\Users that
Windows apparently tends to assume. I worked around this
presently with a manual group mapping but I do not think
this is a good solution. So I'll probably add some similar
as I did for Administrators.
(This used to be commit 612979476a)
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
(This used to be commit 1d710d06a2)
upgrade it calls tdbsam_convert() which calls tdbsam_open()
deep inside the init_sam_from_buffer_vX call.
If the ref count hasn't been set yet then we will close
the tdbsam reference in tdbsam_getsampwsid().
smbpasswd -a was core-dumping again :-).
Jeremy
(This used to be commit 993069eb87)
* Fix a couple of related parsing issues.
* in the info3 reply in a samlogon, return the ACB-flags (instead of
returning zero)
Guenther
(This used to be commit 5b89e8bc24)
Jeremy
-------------
Slightly smaller version of pdb_get_methods() patch. Turns out that
callers to initialize_password_db() use the reload parameter so this
has turned in to a smaller cleanup than I thought.
(This used to be commit 7e243104eb)
* ignore the primary group SID attribute from struct samu*
* generate the primary group SID strictlky from the Unix
primary group when dealing with passdb users
* Fix memory leak in original patch caused by failing to free a
talloc *
* add wrapper around samu_set_unix() to prevent exposing the create
BOOL to callers. Wrappers are samu_set_unix() and samu-allic_rid_unix()
(This used to be commit bcf269e2ec)
"rename user script" to do the rename of the posix machine account (this
might be changed later). Fixes#2331.
Guenther
(This used to be commit b2eac2e6eb)
* Add a 'struct passwd *' to the struct samu for later reference
(I know this may be controversial but its easily reverted which is
is why I'm checking this is as a seaparate patch before I get
too deep).
* Remove unix_homedir from struct samu {} and update the pdb wrapper
functions associated with it.
(This used to be commit 92c251fdf0)
to make full use of the new talloc() interface. Discussed with Volker
and Jeremy.
* remove the internal mem_ctx and simply use the talloc()
structure as the context.
* replace the internal free_fn() with a talloc_destructor() function
* remove the unnecessary private nested structure
* rename SAM_ACCOUNT to 'struct samu' to indicate the current an
upcoming changes. Groups will most likely be replaced with a
'struct samg' in the future.
Note that there are now passbd API changes. And for the most
part, the wrapper functions remain the same.
While this code has been tested on tdb and ldap based Samba PDC's
as well as Samba member servers, there are probably still
some bugs. The code also needs more testing under valgrind to
ensure it's not leaking memory.
But it's a start......
(This used to be commit 19b7593972)
this more but it gets around the primary group issue.
* don't map a SID to a name from the group mapping code if
the map doesn't have a valid gid. This is only an issue
in a tdb setup
* Always allow S-1-$DOMAIN-513 to resolve (just like Windows)
* if we cannot resolve a users primary GID to a SID, then set
it to S-1-$DOMAIN-513
* Ignore the primary group SID inside pdb_enum_group_memberships().
Only look at the Unix group membersip.
Jeremy, this fixes a fresh install startup for smbd as far as my tests
are concerned.
(This used to be commit f79f4dc4c5)
on the tdb file. This allow recusive calls to succeed
without complaining about failed opens since a tdb can
only be opened once per process. We probably still need to backport
the transaction support from Samba 4 here though.
(This used to be commit 94c37e0652)
* remove pdb_context data structure
* set default group for DOMAIN_RID_GUEST user as RID 513 (just
like Windows)
* Allow RID 513 to resolve to always resolve to a name
* Remove auto mapping of guest account primary group given the
previous 2 changes
(This used to be commit 7a2da5f0cc)
makes fixes much easier to port. Fix the size of dc->sess_key to
be 16 bytes, not 8 bytes - only store 8 bytes in the inter-smbd
store in secrets.tdb though. Should fix some uses of the dc->sess_key
where we where assuming we could read 16 bytes.
Jeremy.
(This used to be commit 5b3c2e63c7)
talloc_string_sub. Someone with time on his hands could convert all the
callers of all_string_sub to this.
realloc_string_sub is *only* called from within substitute.c, it could be
moved there I think.
Volker
(This used to be commit be6c9012da)
account is disabled. If we get this we can't check
the password so have to tell the client the account
was disabled.
Jeremy.
(This used to be commit 43c2d545ab)
box with gcc4 and -O6...
Fix a bunch of C99 dereferencing type-punned pointer will break
strict-aliasing rules errors. Also added prs_int32 (not uint32...)
as it's needed in one place. Find places where prs_uint32 was being
used to marshall/unmarshall a time_t (a big no no on 64-bits).
More warning fixes to come.
Thanks to Volker for nudging me to compile like this.
Jeremy.
(This used to be commit c65b752604)
We came to the conclusion that changing the default is something that has to
wait one or two more releases, but it will happen one way or the other.
Volker
(This used to be commit 30fcdf84d8)
samr_lookup_rids twice. It was done in the srv_samr_nt.c code as well as in
the pdb module. Remove the latter, this might happen more often.
Volker
(This used to be commit 57f0cf8cdd)
static.
One long overdue simplification: Change local_lookup_sid to local_lookup_rid
its responsible for "our" domain only, in fact it checked for it.
Volker
(This used to be commit 35ba5e083c)
no. This changes our default behaviour.
Sorry, Ingo, this *is* a bug that needs fixing.
Jerry, you might want to put a marker into the WHATSNEW.txt when this is due.
Volker
(This used to be commit 6622db97bb)
Also allow to use START_TLS in the pdb_nds_update_login_attempts
function when doing simple binds to eDir.
Guenther
(This used to be commit 04a3ac5e50)
can't assume long long is always there). Removed unused
var in new a/c rename code.
long long still used in eventlog code but Jerry has promised
to fix that.
Jeremy.
(This used to be commit f46d847065)
Based on the Samba4 solution - stores data in
$samba/private/schannel_store.tdb.
This tdb is not left open but open and closed on demand.
Jeremy.
(This used to be commit a6d8a4b1ff)
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
below the machine-suffix (this is where we create them)) to avoid
digging through thousands of user-accounts just to find a handful of
trust-accounts in the enumdomusers-samr-call.
- don't access freed data in DEBUG-statement
Guenther
(This used to be commit 793c82c017)
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145)
