IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This reverts commit ec0f51b200.
A more generic fix is now in use.
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jan 15 01:37:38 CET 2014 on sn-devel-104
This needs a password to work, and it confuses users for it to appear to be valid here.
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: David Disseldorp <ddiss@samba.org>
This is a better fix for 8564 and will allow ec0f51b200 to be reverted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8564
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: David Disseldorp <ddiss@samba.org>
furthermore if more than one name is supplied and no sid is converted
then also fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=8598
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Nov 29 15:45:11 CET 2013 on sn-devel-104
We have that available via libreplace, so use it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Nov 28 14:33:32 CET 2013 on sn-devel-104
older iniparser versions ( like that used in upstream samba ) ignore 'key='
entries, the key is not entered into the dictionary at all. Later
versions of iniparse specifically handle the following special cases
* key=
* key=;
* key=#
by assigning a value of "" ( a zero length string ) to the key
in the dictionary.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Nov 20 16:12:13 CET 2013 on sn-devel-104
We set the socket to nonblocking and don't handle EAGAIN right. We do
a poll anyway, so wait for writability, which should fix this.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10195
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Mon Aug 12 00:46:34 CEST 2013 on sn-devel-104
Might as well fix it to handle large authority values properly. Also
correct some of the formatting.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
By default wbinfo -u|-g should only enumerate the domain winbindd is
joined to. The command can be harmfull if you have e.g. 30 domains and
700k users. Then the parent will collect all information and the
oom-killer will kill winbind. As we still want to support it, you can
enable it the old behaviour with wbinfo --domain='*' -u. This is
a measure that sysadmins don't shoot themself.
https://bugzilla.samba.org/show_bug.cgi?id=10034
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 18 11:54:58 CEST 2013 on sn-devel-104
In reviewing various files in Samba-4.0.7, I found a number
of instances where malloc()/calloc() were called without the
checking the return value for a value of NULL, which would
indicate failure.
(NB. The changes needed to ccan, iniparser, popt and heimdal
will be reported upstream, not patched inside Samba).
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Source <idra@samba.org>
the beginning if is only ifdef LINUX now, not the long list this comment refers to
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 17 01:09:33 CEST 2013 on sn-devel-104
wbinfo_pam_logon() incorrectly assumes that wbcLogonUser() always
returns an allocated wbcAuthErrorInfo struct on failure.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 17 21:29:29 CEST 2013 on sn-devel-104
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Mar 22 16:18:06 CET 2013 on sn-devel-104
Create a new test environment with 'idmap config DOMAIN : backend =
rfc2307'. A new test script adds LDAP records and queries them again for
the mapped uid and gid.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar 9 08:18:43 CET 2013 on sn-devel-104
from the FreeBSD required name to the built module.
Signed-off-by: Timur Bakeyev <timur@FreeBSD.org>
Reviewed-by: Andrew Bartlett <abartlett@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Fri Mar 8 05:04:04 CET 2013 on sn-devel-104
Our LGPL winbind client libs do not link against our server-side code, and
should not use the server-side includes.h.
This removes a build-time dep on talloc that was brought in via includes.h as
this code also does not use talloc.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
WBFLAG_PAM_AUTH_PAC and WBFLAG_BIG_NTLMV2_BLOB
are the same causing errors in NTLMv2 authentication.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 18 22:13:09 CET 2013 on sn-devel-104
In the code you normally use:
BAIL_ON_WBC_ERROR;
but the last ; is statement never reached, so dead code.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
These binaries are for developer or selftest use, and are not
supported for installation onto the system. The autoconf build does
not install these binaries, and so neither should the waf build.
Andrew Bartlett
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 22 12:00:36 CET 2012 on sn-devel-104
Ensure the potentially null winbind context is not dereferenced on
cleanup.
https://bugzilla.samba.org/show_bug.cgi?id=8564
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 26 22:40:57 CEST 2012 on sn-devel-104
Due to not building and linking in the winbind_nss_solaris bits in addition
to the linux bits, nss was broken on Solaris.
Autobuild-User(master): Ira Cooper <ira@samba.org>
Autobuild-Date(master): Sun Sep 30 22:56:30 CEST 2012 on sn-devel-104
These are in configure.in for autoconf. Found in the config.h comparison on
the smbtorture4 build.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 26 11:50:10 CEST 2012 on sn-devel-104
With this new interface, external applications that have authenticated
to an ADS can pass the PAC from the Kerberos ticket to
wbcAuthenticateUserEx. winbindd decodes and extracts the info3
information for the external application. If winbindd can verify the PAC
signature, the info3 from the PACis also added to the netsamlogon_cache.
The info3 data can be used by the external application to get the uid
and primary gid. The data in netsamlogon_cache allows to retrieve the
complete group list through the NSS function getgrouplist.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This is required to properly return PAM_USER_UNKNOWN in case winbind had a
problem.
Guenther
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Sep 19 15:06:10 CEST 2012 on sn-devel-104
The function _pam_winbind_change_pwd crashes due to a null value passed
to the function strcasecmp and denies to login via graphical login
manager. Check for a null value before doing a strcasecmp.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1003296
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9013
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Sep 12 00:07:28 CEST 2012 on sn-devel-104
Microsoft documentation states that maximum fqdn length is 64 characters, so extending DNS Domain column to 65 characters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 23 03:49:00 CEST 2012 on sn-devel-104
The internal domain used in 'make test' does not report a DC name, so
just add tests similar to the old wbcPingDc call.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Use wbcPingDc2 to get the DC name and print it.
Cleanup error messages: Remove "Could not ping our DC", there is always
a more specific message. Avoid printing "failed to call wbcPingDc" in
case the ping has been attempted and it returns an error, the error is
already printed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Add wbcPingDc2 that optionally returns the DC that was attempted to
ping. wbcPing is implemented as a wrapper around wbcPingDc2.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This will ensure that we do not unintentionally break the ABI.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 10 04:08:54 CEST 2012 on sn-devel-104
Don't ask the DC for an IP list when locating kdc's. Ask for the
name and use getaddrinfo to get all possible addresses instead.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Apr 25 22:01:18 CEST 2012 on sn-devel-104
iniparser_getstr is deprecated and has been removed in newer libraries
available in Fedora. Use iniparse_getstring instead.
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Tue Apr 24 02:56:10 CEST 2012 on sn-devel-104
This effectively reverts commit 2c49782dc1
This also adds explaination about what would need to be done to
support a system libwbclient
Andrew Bartlett
This may help me chase down the failure in my idmap rework.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Apr 20 09:51:35 CEST 2012 on sn-devel-104
Found by chance due to a re-order of the tests to start s3member
earlier and chasing down a malloc Abort into a valgrind error. Only
happens when a user has more than 4 groups.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Feb 20 05:23:04 CET 2012 on sn-devel-104
Add "system/passwd.h" so struct group is declared.
Autobuild-User: Ira Cooper <ira@samba.org>
Autobuild-Date: Mon Feb 6 18:28:53 CET 2012 on sn-devel-104
This is done so that the lpcfg_ functions are available across the whole
build, either with the struct loadparm_context loaded from an smb.conf directly
or as a wrapper around the source3 param code.
This is not the final, merged loadparm, but simply one step to make
it easier to solve other problems while we make our slow progress
on this difficult problem.
Andrew Bartlett
the Samba4 winbindd allows for a single SID to map to both a user and
group id. This is used to support files with the owner_sid set to a
group
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Only build pam_winbind.so if we want pam modules _and_ have the libs
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Sun May 8 23:56:33 CEST 2011 on sn-devel-104
This function is problematic because a string may expand in size when
changed into upper or lower case. This will then push characters off
the end of the string in the s3 implementation, or panic in the former
s4 implementation.
Andrew Bartlett
When called from a library, we don't want to call this, as we may
overwrite some of our calling program's context.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Feb 18 09:29:35 CET 2011 on sn-devel-104
The previous merge in this area didn't preserve the 'dl' depedency,
which may be required on some platforms.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
wbinfo --dc-info prints the current DC name and IP address. This helps
diagnosing problems that might happen when a later wbinfo --ping-dc fails.
This patch started out by using the SAF and NBT cache entires, but those are
relatively short-lived. So I decided to invent a new gencache entry with a very
long timeout. We need to go via the gencache because when for some reason a
winbind child process is stuck, we can't query it for the current DC it's
connected to. This must eventually go away again when we have a fully async
winbind.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Jan 19 08:40:28 CET 2011 on sn-devel-104
This reverts commit 640028d158.
This is not needed anymore.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jan 4 09:38:57 CET 2011 on sn-devel-104
nsstest does not use talloc, but it includes talloc.h via includes.h,
and so without this it cannot find the right internal header.
This wasn't noticed before, as most linux developer boxes have a talloc.h.
The issue was reported by Adam Tauno Williams <awilliam at whitemice.org>
Andrew Bartlett
This is consistent with the test names used by selftest, should
make the names less confusing and easier to integrate with other tools.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 11 04:16:13 CET 2010 on sn-devel-104
needed to fix a build issue on NetBSD and other platforms
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Wed Dec 1 16:15:19 CET 2010 on sn-devel-104
In these cases, it does not make a functional difference.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Nov 27 19:56:02 CET 2010 on sn-devel-104
By removing this global variable, the API between the two different
debug systems is made more similar. Both s3 and s4 now have
lp_set_cmdline() which ensures that the smb.conf cannot overwrite
these the user-specified log level.
Andrew Bartlett
The new waf-based build system now has all the same functionality, and
the old build system has been broken for quite some time.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
Only link to nss_wrapper when it is enabled.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Oct 23 23:05:44 UTC 2010 on sn-devel-104
The old approach on doing async libwbclient was never really finished.
Go ahead and remove this implementation.
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Tue Oct 12 07:05:31 UTC 2010 on sn-devel-104
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
this struct member h_errno is not used in the HP-UX code paths, it was just
there because Solaris has it, too. As h_errno is a function call macro on HP-UX
when thread support is enabled we run into trouble here. Just commenting it out
should be okay as we don't use it anyway.
__attribute__((destructor)) makes winbind_close_sock() being called at
dlclose() time.
Found while testing apache on Linux with mod_auth_pam.
Other platforms will have to find a different fix. One possibility would be to
always close the socket after each operation, but this badly sucks
performance-wise.
The server implementation of WINBINDD_LIST_USERS, WINBINDD_LIST_GROUPS and
WINBINDD_LIST_TRUSTDOM knows the number of entries returned.
Bump up the version number so that a newer lib does not rely on something an
older winbind does not do.
This prepares for removing libwbclient's talloc dependency. It is a
non-hierarchical "talloc-lite" that has destructors. It is necessary because we
have the catch-call wbcFreeMemory call. Individual wbcFreeXXX calls for the
different structures wbclient returns would have made this easier, but
wbcFreeMemory is the API we have to live with.
> r21878: Fix a bug with smbd serving a windows terminal server: If winbind
> decides smbd to be idle it might happen that smbd needs to do a winbind
> operation (for example sid2name) as non-root. This then fails to get the
> privileged pipe. When later on on the same connection another authentication
> request comes in, we try to do the CRAP auth via the non-privileged pipe.
>
> This adds a winbindd_priv_request_response() request that kills the existing
> winbind pipe connection if it's not privileged.
The fix for this was lost during the conversion to libwbclient.
Thanks to Ira Cooper <samba@ira.wakeful.net> for pointing this out!
Volker
Make sure _nss_wins_gethostbyname_r has a talloc stackframe available
Thanks to Sergey Tereschenko <serg.partizan@gmail.com> for reporting the bug!
Volker
* Modify the nsswitch/config.m4 to add tests and build that will be put in configure by the autoconf/autoheader
We test if there is pam headers and pam library to be able to build the pam module
We add s4 build directive (that are normaly in standalone config.mk) this is due to the fact that we need
to rely on path that are guessed during configure.
Add tests not to build pam_winbind if pam dev files is not present
Signed-off-by: Stefan Metzmacher <metze@samba.org>