1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

18594 Commits

Author SHA1 Message Date
Simo Sorce
e9e6af5951 r21606: Implement escaping function for ldap RDN values
Fix escaping of DN components and filters around the code
Add some notes to commandline help messages about how to pass DNs

revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was
incorrect.
The 2 functions use DNs in different ways.

- lookup_usergroups_member() uses the DN in a search filter,
and must use the filter escaping function to escape it
Escaping filters that include escaped DNs ("\," becomes "\5c,") is the
correct way to do it (tested against W2k3).

- lookup_usergroups_memberof() instead uses the DN ultimately as a base dn.
Both functions do NOT need any DN escaping function as DNs can't be reliably
escaped when in a string form, intead each single RDN value must be escaped
separately.

DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as
they come already escaped on the wire and passed as is by the ldap libraries

DN filtering has been tested.
For example now it is possible to do something like:
'net ads add user joe#5' as now the '#' character is correctly escaped when
building the DN, previously such a call failed with Invalid DN Syntax.

Simo.
(This used to be commit 5b4838f62a)
2007-10-10 12:18:16 -05:00
Jeremy Allison
578a817e47 r21605: Fix small typo noticed by Raúl Sánchez Siles <rss@barracuda.es>.
Jeremy.
(This used to be commit 5ed61d5af6)
2007-10-10 12:18:16 -05:00
Jeremy Allison
fd5cf34e26 r21604: I got this wrong also in libsmb :-(.
Jeremy.
(This used to be commit 4a04555e23)
2007-10-10 12:18:15 -05:00
Jeremy Allison
62a6f8940d r21603: Horrible backwards compatibility hack as an old server bug
allowed a CIFS client bug to remain unnoticed :-(.
I suck.
Jeremy.
(This used to be commit 29761173ee)
2007-10-10 12:18:15 -05:00
Volker Lendecke
84d2ceb1df r21581: Add an error code I just got
(This used to be commit 5ef0286b56)
2007-10-10 12:18:15 -05:00
Jeremy Allison
1aa730ef96 r21577: Remove unneeded #define (part of earlier patch that was
removed).
Jeremy.
(This used to be commit 645b0438dd)
2007-10-10 12:18:15 -05:00
Jeremy Allison
3e12cf85ac r21576: Patch based on work from Todd Stecher <todd.stecher@isilon.com>
to allow client to fragment large SPNEGO blobs (large krb5
tickets). Tested against W2K3R2. Should fix bug #4400.
Jeremy.
(This used to be commit b81c5c6adc)
2007-10-10 12:18:14 -05:00
Jeremy Allison
8c5846acf2 r21569: Fix bug reported by Martin Zielinski <mz@seh.de>
where return value was incorrectly initialized.
Jeremy.
(This used to be commit 8d45f1f3b5)
2007-10-10 12:18:14 -05:00
Jeremy Allison
2546b63f73 r21566: If we're going to be broken, at least be *consistently*
broken :-). This will do until Simo fixes the escape
calls properly.
Jeremy.
(This used to be commit b7d91ec1b2)
2007-10-10 12:18:14 -05:00
Jelmer Vernooij
2b5d317af1 r21565: Import ndrdump (doesn't compile yet, needs table support functions).
(This used to be commit 9a9b942167)
2007-10-10 12:18:14 -05:00
Volker Lendecke
2838d7499c r21563: Fix a memleak: We only need dispinfo structs for "our" and for the builtin
domain. Without this patch we leaked a DISPINFO for the (NULL) domain per
samr_connect*() call.

Volker
(This used to be commit 4423880ff4)
2007-10-10 12:18:14 -05:00
Jelmer Vernooij
7d2152b8dc r21562: Regenerate gen_ndr after pidl changes.
(This used to be commit 952f648d81)
2007-10-10 12:18:13 -05:00
Günther Deschner
81e4a28718 r21561: It makes absolutely no sense to call krb5_kt_resolve() two times
directly after another.

Guenther
(This used to be commit 76ba11d777)
2007-10-10 12:18:13 -05:00
Günther Deschner
5c0d13a8ae r21560: Convert name_to_fqdn to BOOL.
Guenther
(This used to be commit 28ce79629b)
2007-10-10 12:18:13 -05:00
Günther Deschner
4e00351fd4 r21558: Safe more indent, again no code changes.
Guenther
(This used to be commit 7b18a4730d)
2007-10-10 12:18:13 -05:00
Günther Deschner
59e8bd617b r21557: indent only fix. No code change.
Guenther
(This used to be commit 8ff0903a17)
2007-10-10 12:18:13 -05:00
Günther Deschner
3e946cbb85 r21556: Remove superfluos return check in ads_keytab_verify_ticket().
Guenther
(This used to be commit 020601ea0a)
2007-10-10 12:18:13 -05:00
Lars Müller
2fb172f235 r21552: Ensure to check for proto_exists before linking any binary. No make
proto should be required before creating any binary from now on.

Remove proto_exists from the all, pam_smbpass, and pam_bindind rule.
(This used to be commit 95d2297974)
2007-10-10 12:18:12 -05:00
Volker Lendecke
f4a008424f r21551: Ok, this is more subtle. More tomorrow :-)
(This used to be commit f63189907e)
2007-10-10 12:18:12 -05:00
Volker Lendecke
ab6a1df7a6 r21550: make disp_info_list static to get_samr_dispinfo_by_sid(), add a comment :-)
(This used to be commit fad2ee8aa3)
2007-10-10 12:18:12 -05:00
Volker Lendecke
eccb9b7962 r21549: Only create DISP_INFO structs for domain handles, the others don't need
them. It just does not make sense to do a querydispinfo on an alias handle...

This fixes a memleak: Every samr_connect*() call leaked a DISP_INFO for the
(NULL) sid.

More cleanup pending: Essentially, we only need the DISP_INFO cache for the
get_global_sam_sid() domain. BUILTIN is fixed and small enough, and there are
no other domains around where enumerations could happen.

This also removes the explicit builtin_domain flags. I don't think this is
worth it. If this makes a significant difference, then we have a *VERY* tuned
RPC layer...

Jeremy, please check this. If it's ok, we might want to merge it across.

Volker
(This used to be commit 0aceda68a8)
2007-10-10 12:18:12 -05:00
Herb Lewis
bdc612a098 r21548: prevent segv (reference to -1 element of array)
(This used to be commit b5fd72282d)
2007-10-10 12:18:12 -05:00
Volker Lendecke
28e2069d1f r21547: Fix from Michael Adam <ma@sernet.de>: Refuse registry shares without path.
Thanks,

Volker
(This used to be commit e795865d58)
2007-10-10 12:18:11 -05:00
Herb Lewis
e7d6c7b151 r21546: remove duplicate lines
(This used to be commit 934163782b)
2007-10-10 12:18:11 -05:00
Günther Deschner
af7f764823 r21543: Fix 64bit build warning.
Guenther
(This used to be commit bc04004c18)
2007-10-10 12:18:11 -05:00
Günther Deschner
dd110c9e7b r21540: Fix Bug #3713 and readd reporting what the profiles tool does (when
called with the -v option).

Patch from William Jojo <jojowil@hvcc.edu>.

Guenther
(This used to be commit 5889f588ee)
2007-10-10 12:18:11 -05:00
Günther Deschner
6af7f33bbb r21537: Avoid to trigger the confusing "cached entry differs." warning when
there is just no cache around for a user.

Guenther
(This used to be commit a6c249b592)
2007-10-10 12:18:11 -05:00
Günther Deschner
6784d54a77 r21536: Fix copy/paste typo.
Guenther
(This used to be commit 7edbb636f7)
2007-10-10 12:18:11 -05:00
Jeremy Allison
3f3a3a23ce r21530: Don't code with jet-lag and Volker looking over your
shoulder.... Correct fix for warning :-)
Jeremy.
(This used to be commit 773001870d)
2007-10-10 12:18:10 -05:00
Jeremy Allison
8e9ce06f35 r21529: Fix warning from bad cast.
Jeremy.
(This used to be commit 34675624e2)
2007-10-10 12:18:10 -05:00
Gerald Carter
e972e2967b r21526: Fix stray character in sys_memalign() that is only
is the case where we don't have memalign() or posix_memalign().
(This used to be commit 1635bac800)
2007-10-10 12:18:10 -05:00
Gerald Carter
56c1d7e507 r21525: Go ahead and checkin the mlock() & memalign() fixes so
others don't get stuck with the winbindd hang.
Still waiting on additional confirmation from Guenther
that this fixes thes issues he was observing as well.
But it's been running in my local tree for a day without
problems.
(This used to be commit 0d2b80c6c4)
2007-10-10 12:18:10 -05:00
Günther Deschner
d43dbee713 r21517: Fix build warnings.
Guenther
(This used to be commit 82f1da8117)
2007-10-10 12:18:09 -05:00
Lars Müller
fde308d6a8 r21509: Merge lp_passdb_backend() from rev 21506 to 3_0_25.
Slightly change the DEBUG 0 message as suggested by Volker on
samba-technical.
(This used to be commit c02921e95d)
2007-10-10 12:18:09 -05:00
Simo Sorce
fa5e0a238c r21508: Fix memleak in new idmap_tdb, thanks Herb.
Jerry please check.

Simo.
(This used to be commit a5354aa9a0)
2007-10-10 12:18:09 -05:00
Gerald Carter
2b52e35770 r21507: Fix some "cannot access LDAP when no root" bugs.
The two culprits were

* pdb_get_account_policy()
* pdb_get_group_sid()
(This used to be commit 6a69caf690)
2007-10-10 12:18:09 -05:00
Lars Müller
1945571e3b r21506: Allow old pre 3.0.22 multi passdb backend configurations to work with
post 3.0.23.

This implementation considers spaces in ldapsam configs.  Such configs
are trunkated after the closing quote.
(This used to be commit 5cd9a2e258)
2007-10-10 12:18:09 -05:00
Gerald Carter
43c290639b r21505: make sure mlock()'d memory is aligned on a page boundary
(This used to be commit 52e6a2ceab)
2007-10-10 12:18:08 -05:00
Günther Deschner
9684e353a1 r21500: Fix inappropriate creation of a krb5 ticket refreshing event when a user
changed a password via pam_chauthtok. Only do this if

a) a user logs on using an expired password (or a password that needs to
be changed immediately) or

b) the user itself changes his password.

Also make sure to delete the in-memory krb5 credential cache (when a
user did not request a FILE based cred cache).

Finally honor the krb5 settings in the first pam authentication in the
chauthtok block (PAM_PRELIM_CHECK). This circumvents confusion when
NTLM samlogon authentication is still possible with the old password after
the password has been already changed (on w2k3 sp1 dcs).

Guenther
(This used to be commit c3005c48cd)
2007-10-10 12:18:08 -05:00
Jeremy Allison
ca229b0980 r21483: Fix use of uninitialized variable.
Jeremy.
(This used to be commit 4a74d042c9)
2007-10-10 12:18:08 -05:00
Jeremy Allison
2afcdc8732 r21482: Use IPC$ not ipc$ for consistency.
Jeremy.
(This used to be commit 42a846b3df)
2007-10-10 12:18:07 -05:00
Jeremy Allison
01ecda0534 r21481: No one said anything, so I'm disallowing anything
but explicit shares in "default service" :-).
Jeremy.
(This used to be commit 90bdcce765)
2007-10-10 12:18:07 -05:00
Jeremy Allison
a9dbdf937c r21480: Make fd_open match fd_close be translating
errno into an NTSTATUS immediately.
Jeremy.
(This used to be commit 71dd02cc16)
2007-10-10 12:18:07 -05:00
Jeremy Allison
cedcf06b22 r21478: Add 65k length limit for split SPNEGO blobs.
Jeremy
(This used to be commit 6be078da26)
2007-10-10 12:18:07 -05:00
Jeremy Allison
7f981b457f r21474: Ensure trustdom_cache_shutdown() gets called
on terminate. Pointed out by Herb.
Jeremy.
(This used to be commit 08998b74a5)
2007-10-10 12:18:07 -05:00
Alexander Bokovoy
4156129490 r21467: Add GPFS-provided DMAPI support based on their GPL library
(This used to be commit 5876bedda5)
2007-10-10 12:18:06 -05:00
Jelmer Vernooij
1052cadbae r21462: Fix EnumValue (?)
(This used to be commit e73a418b5b)
2007-10-10 12:18:06 -05:00
Volker Lendecke
b45442e46d r21461: Not strictly necessary, as data_blob() panics if it can't allocate. But I'd
see this as a design flaw in data_blob() and it made me look in that routine.

Jeremy, revert or merge please :-)

Volker
(This used to be commit e7e6b8b5e0)
2007-10-10 12:18:06 -05:00
Jeremy Allison
f77bdcf6c7 r21460: Fix for server-side processing of SPNEGO auth
fragmented into "max xmit" size security blob
chunks. Bug #4400. Needs limits adding, and also
a client-side version.
Jeremy.
(This used to be commit aa69f2481a)
2007-10-10 12:18:06 -05:00
Günther Deschner
83dce23550 r21454: Fix debug typo.
Guenther
(This used to be commit 5c4a58ff3a)
2007-10-10 12:18:05 -05:00