Günther Deschner [Thu, 12 Sep 2019 14:39:10 +0000 (16:39 +0200)]
s3-winbindd: fix forest trusts with additional trust attributes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14130
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(backported from commit
d78c87e665e23e6470a19a69383ede7137172c26)
Volker Lendecke [Thu, 2 Mar 2017 14:14:51 +0000 (15:14 +0100)]
Re-enable token groups fallback
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Mar 6 19:18:31 CET 2017 on sn-devel-144
(backported from commit
6296c32668af60118ae7059772d2f70e58e1f0d1)
Stefan Metzmacher [Mon, 6 Mar 2017 09:30:52 +0000 (10:30 +0100)]
winbindd: find the domain based on the sid within wb_lookupusergroups_send()
That simplifies the potential caller.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(backported from commit
76d94838049b77555cdf7dad2d15692cb18b4dab)
Volker Lendecke [Sun, 25 Dec 2016 10:16:31 +0000 (10:16 +0000)]
winbind: Don't do supplementary group lookup manually
This can never be done successfully without a valid samlogon_cache entry.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Backported-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 4 Nov 2016 14:33:11 +0000 (15:33 +0100)]
winbind: lookup_usergroups_cached doesn't use the "domain" parameter
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Thu, 2 Mar 2017 07:13:57 +0000 (08:13 +0100)]
s3:winbindd: fix endless forest trust scan
Commit
0392ebcd1d48e9f472f2148b85316a77d9cc953b effectively
disabled the enumeration of trusts in other forests.
The fixes for https://bugzilla.samba.org/show_bug.cgi?id=11691
changed the way we fill domain->domain_flags for domains
in other forests.
Commit
fffefe72fcc62d9688b45f53a5327667dc0b2fe6 readded the
ability to enumerate trusts of other forests again, in order to
fix https://bugzilla.samba.org/show_bug.cgi?id=11830
Now we have the problem that multiple domains
(even outside of our forest) are considert to be
our forest root, as they have the following flags:
NETR_TRUST_FLAG_TREEROOT and NETR_TRUST_FLAG_IN_FOREST.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12605
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Mar 2 17:53:14 CET 2017 on sn-devel-144
(cherry picked from commit
f9aaddcdd8f9ea648c9c5ea804f56ee3ff6c4c67)
Rusty Russell [Tue, 17 Jul 2012 19:31:31 +0000 (05:01 +0930)]
source3/winbindd/winbindd_util.c: fix stackframe leak
winbindd_can_contact_domain() doesn't always free its stackframe.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Andreas Schneider [Tue, 13 Feb 2018 13:12:05 +0000 (14:12 +0100)]
s3:libsmb: Use talloc to avoid memory leaks in cli_negprot
Signed-off-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Tue, 13 Feb 2018 13:12:45 +0000 (14:12 +0100)]
s3:rpc_client: Make sure that the memory is initialized
Signed-off-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Fri, 9 Feb 2018 15:19:53 +0000 (16:19 +0100)]
winbindd: Initialize the domain groups member
==9405== 4 errors in context 1 of 493:
==9405== Conditional jump or move depends on uninitialised value(s)
==9405== at 0x7507F71: vfprintf (in /lib64/libc-2.12.so)
==9405== by 0x75C515B: __vasprintf_chk (in /lib64/libc-2.12.so)
==9405== by 0x2A8728: dbgtext (stdio2.h:199)
==9405== by 0x22DCBB: winbindd_list_groups_done (winbindd_list_groups.c:127)
==9405== by 0x6C7F568: _tevent_req_error (tevent_req.c:167)
==9405== by 0x6C7F568: _tevent_req_error (tevent_req.c:167)
==9405== by 0x6C7F568: _tevent_req_error (tevent_req.c:167)
==9405== by 0x3CDAE8: dcerpc_binding_handle_call_done (binding_handle.c:445)
==9405== by 0x6C7F568: _tevent_req_error (tevent_req.c:167)
==9405== by 0x6C7F568: _tevent_req_error (tevent_req.c:167)
==9405== by 0x202701: wbint_bh_raw_call_done (winbindd_dual_ndr.c:139)
==9405== by 0x6C82C60: tevent_common_loop_timer_delay (tevent_timed.c:341)
==9405== by 0x6C83CA1: epoll_event_loop_once (tevent_epoll.c:911)
==9405== by 0x6C822D5: std_event_loop_once (tevent_standard.c:114)
==9405== by 0x6C7DC3C: _tevent_loop_once (tevent.c:533)
==9405== by 0x1D8A03: main (winbindd.c:1490)
==9405== Uninitialised value was created by a heap allocation
==9405== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==9405== by 0x6A71DCA: _talloc_array (in /usr/lib64/libtalloc.so.2.1.5)
==9405== by 0x22D959: winbindd_list_groups_send (winbindd_list_groups.c:69)
==9405== by 0x1D76BC: winbind_client_request_read (winbindd.c:647)
==9405== by 0x23AF2A: wb_req_read_done (wb_reqtrans.c:126)
==9405== by 0x6C83EA5: epoll_event_loop_once (tevent_epoll.c:728)
==9405== by 0x6C822D5: std_event_loop_once (tevent_standard.c:114)
==9405== by 0x6C7DC3C: _tevent_loop_once (tevent.c:533)
==9405== by 0x1D8A03: main (winbindd.c:1490)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Feb 13 00:25:27 CET 2018 on sn-devel-144
(cherry picked from commit
1e8ad19653f11adbcffecde3a5762b28c5e06c8d)
Andreas Schneider [Thu, 11 Jan 2018 15:51:39 +0000 (16:51 +0100)]
s3:smbd: Fix spnego session setup
Signed-off-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 07:59:52 +0000 (08:59 +0100)]
s3:winbind: Correctly initialize pointers in _wbint_QueryGroupList
Signed-off-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 24 Jan 2018 16:16:56 +0000 (17:16 +0100)]
s3:winbind: Add 'winbind request timeout' option
Signed-off-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Tue, 16 May 2017 15:16:50 +0000 (17:16 +0200)]
s3:winbindd: Only fallback to samlogon if we are the primary domain
BUG: https://bugzilla.redhat.com/show_bug.cgi?id=
1431000
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Uri Simchoni [Tue, 9 Feb 2016 22:38:11 +0000 (00:38 +0200)]
winbindd: return trust parameters when listing trusts
When asking a child domain process to list trusts on that domain,
return (along with trust domain names and SID) the trust properties -
flags, type, and attributes.
Use those attributes to initialize domain object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11691
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Feb 23 22:02:16 CET 2016 on sn-devel-144
Uri Simchoni [Tue, 9 Feb 2016 22:32:23 +0000 (00:32 +0200)]
winbindd: initialize foreign domain as AD based on trust
Based on trust parameters, initialize the active_directory
member of domain object to true.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11691
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Dec 2014 09:43:03 +0000 (09:43 +0000)]
s3:winbindd: mark our primary as active_directory if possible
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Uri Simchoni [Tue, 9 Feb 2016 22:26:45 +0000 (00:26 +0200)]
winbindd: introduce add_trusted_domain_from_tdc()
This is purely a refactoring patch -
Add a routine that adds a winbindd domain object based on
domain trust cache entry. add_trusted_domain() becomes
a wrapper for this new routine.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11691
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Thu, 9 Feb 2017 14:05:01 +0000 (15:05 +0100)]
s3-vfs: Only walk the directory once in open_and_sort_dir()
On a slow filesystem or network filesystem this can make a huge
difference.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12571
Signed-off-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Tue, 25 Oct 2016 10:28:12 +0000 (12:28 +0200)]
lib/util/charset: Optimize next_codepoint for the ascii case
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
07d9a909ba6853fb0b96f6d86e4cf0d5d1b35b28)
Volker Lendecke [Thu, 9 Feb 2017 14:40:39 +0000 (15:40 +0100)]
smbd: Streamline get_ea_names_from_file
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Backported-by: Andreas Schneider <asn@samba.org>
Backported-from:
27daed8fcf95eed2df112dc1c30c3a40b5c9565b
Günther Deschner [Thu, 6 Dec 2012 13:54:25 +0000 (14:54 +0100)]
s3-rpc_server: Remove obsolete process_creds boolean in samlogon server.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
c1fb595081c2b0bf66bce06c09750f53e8031311)
Andreas Schneider [Tue, 8 Nov 2016 11:20:41 +0000 (12:20 +0100)]
s3-spoolss: Remove printer from registry if it is unpublished
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11665
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
07505429cc4bb7e56f4dcdcaeb4eabdcd8e550e5)
Andreas Schneider [Wed, 2 Nov 2016 16:19:09 +0000 (17:19 +0100)]
s3-winbind: Do not return NO_MEMORY if we have an empty user list
The domain child for the MACHINE ACCOUNT might fail with
NT_STATUS_NO_MEMORY because an emtpy user list is returned.
*pnum_info is already set to 0 at the beginngin so we should just
declare victory here!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12405
Signed-off-by: Andreas Schneider <asn@samba.org>
Jeremy Allison [Wed, 16 Dec 2015 19:04:20 +0000 (11:04 -0800)]
s3: libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections.
Greatly helped by <shargagan@novell.com> to
track down this issue.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11624
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Dec 18 01:02:55 CET 2015 on sn-devel-144
(cherry picked from commit
d7feb1879ee711598540049c2c5eccc80fd6f1e5)
Andreas Schneider [Wed, 5 Oct 2016 08:32:16 +0000 (10:32 +0200)]
s3-winbind: Fix memory leak in ad_idmap_cached_connection_internal()
Signed-off-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 29 Jun 2016 11:38:19 +0000 (13:38 +0200)]
s3-winbind: Fix memory leak with each cached credential login
When we allow offline logon and have a lot of logins, windbind will leak
4k of memory which each log in. On systems with heavy load this can grow
quickly and the OOM killer will kill Winbind.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11999
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Volker Lendecke [Sun, 20 Oct 2013 15:25:27 +0000 (17:25 +0200)]
winbind3: Fix CID 241468 Resource leak
We were leaking centry in this error case
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
71c8cd19cf079c7e1462a9ca4432725e3623f7cd)
Günther Deschner [Fri, 15 Jan 2016 13:43:48 +0000 (14:43 +0100)]
s3-util: skip S-1-18 sids in token generaion in sid_array_from_info3().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Fri, 15 Jan 2016 13:43:12 +0000 (14:43 +0100)]
s3-util: add helper functions to deal with the S-1-18 domain.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Fri, 15 Jan 2016 13:46:07 +0000 (14:46 +0100)]
security: Add Asserted Identity sids (S-1-18)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
definitions taken from [MS-DTYP]: Windows Data Types,
2.4.2.4 Well-Known SID Structures.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Michael Adam [Wed, 6 Jan 2016 10:04:16 +0000 (11:04 +0100)]
net: add option --no-dns-updates for net ads join
If called with this option, 'net ads join' will not attempt
to perform dns updates.
Backported for Samba 3.6 from master patches:
ae81a40b1193ef93add61666ace6fff1a1e0676a
d7a617f2f00c4a2b5294523fa651915c85de0d8b
Signed-off-by: Michael Adam <obnox@samba.org>
David Disseldorp [Tue, 31 Mar 2015 23:03:13 +0000 (01:03 +0200)]
spoolss: purge the printer name cache on name change
Currently the name cache is only cleared on printer deletion. This means
that if a printer undergoes a name change, the old name remains in the
cache and can be subsequently used incorrecly if another printer takes
the same name as the old.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11210
Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 14 05:37:50 CEST 2015 on sn-devel-104
(cherry picked from commit
a97507a9a7ba01beead6a621e1210618e93a9f9c)
Matt Rogers [Mon, 12 Oct 2015 12:46:18 +0000 (14:46 +0200)]
s3-auch: Fix secuirty = server share access
Resolve user groups in non-winbind path of passwd_to_SamInfo3(), fixing
group memberships with server security.
Signed-off-by: Matt Rogers <mrogers@redhat.com>
Andreas Schneider [Wed, 19 Aug 2015 14:11:47 +0000 (16:11 +0200)]
s3-auth: Fix 'map to guest = Bad Uid' support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
34965d4d98d172e848e2b96fad8a9e0b99288ba7)
Andreas Schneider [Wed, 19 Aug 2015 14:24:08 +0000 (16:24 +0200)]
s3-auth: Pass nt_username to check_account()
We set nt_username above but do not use it in this function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
e8c76932e4ac192a00afa3b9731f5921c4b37da6)
Andreas Schneider [Wed, 15 Jul 2015 11:22:40 +0000 (13:22 +0200)]
docs: Documents length limitations for NetBIOS name
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11401
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul 15 19:35:48 CEST 2015 on sn-devel-104
Volker Lendecke [Tue, 19 Aug 2014 14:32:15 +0000 (14:32 +0000)]
smbd: Properly initialize mangle_hash
[Bug 10782] mangle_hash() can fail to initialize charset (smbd crash).
https://bugzilla.samba.org/show_bug.cgi?id=10782
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 26 01:30:38 CEST 2014 on sn-devel-104
(cherry picked from commit
e914c2c52db7ecf3bb2a3860820c5cfe8812696e)
Andreas Schneider [Tue, 8 Sep 2015 14:48:08 +0000 (16:48 +0200)]
pam_winbind: Fix a segfault if initialization fails
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11502
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Sep 8 21:39:21 CEST 2015 on sn-devel-104
(cherry picked from commit
7d84cd6e40024fd361ea21635f7befed40f0e41f)
Justin Maggard [Tue, 21 Jul 2015 22:17:30 +0000 (15:17 -0700)]
s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup.
Somewhere along the line, a config line like "valid users = @foo"
broke when "foo" also exists as a user.
user_ok_token() already does the right thing by adding the LOOKUP_NAME_GROUP
flag; but lookup_name() was not respecting that flag, and went ahead and looked
for users anyway.
Regression test to follow.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320
Signed-off-by: Justin Maggard <jmaggard@netgear.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 28 21:35:58 CEST 2015 on sn-devel-104
(cherry picked from commit
dc99d451bf23668d73878847219682fced547622)
Andreas Schneider [Tue, 7 Apr 2015 14:12:18 +0000 (16:12 +0200)]
rpcclient: Fix the timeout command
https://bugzilla.samba.org/show_bug.cgi?id=11199
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
2bca4cdc6f83dce48c73a33288c4fd3ae80f883b)
Andreas Schneider [Tue, 31 Mar 2015 16:15:51 +0000 (18:15 +0200)]
s3-passdb: Fix 'force user' with winbind default domain
If we set 'winbind use default domain' and specify 'force user = user'
without a domain name we fail to log in. In this case we need to try a
lookup with the domain name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11185
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
cd4442c7ac93e165862c9195a7c345472646aa59)
Michael Adam [Mon, 9 Mar 2015 14:15:37 +0000 (15:15 +0100)]
s3-winbind: Fix chached user group lookup of trusted domains.
If a user group lookup has aleady been done before with a machine
account we did always return the incomplete information from the cache.
This patch makes sure we return the correct group information from the
netsamlogon cache.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11143
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
f5d0204bfa1eb641fe7697613c1f773b6a7e65de)
Andreas Schneider [Wed, 4 Mar 2015 16:45:39 +0000 (17:45 +0100)]
s3-winbind: Merge resource groups from a trusted PAC into the sid array.
This is a backport of
db775c68ccbed0252abf092b5cb811e8f5fa9bb6.
Jeremy Allison [Tue, 17 Jun 2014 06:11:58 +0000 (23:11 -0700)]
s3: auth: Add create_info3_from_pac_logon_info() to create a new info3 and merge resource group SIDs into it.
Originally written by Richard Sharpe Richard Sharpe <realrichardsharpe@gmail.com>.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Simo Sorce <idra@samba.org>
(cherry picked from commit
db775c68ccbed0252abf092b5cb811e8f5fa9bb6)
Jeremy Allison [Tue, 17 Jun 2014 05:54:45 +0000 (22:54 -0700)]
s3: auth: Change make_server_info_info3() to take a const struct netr_SamInfo3 pointer instead of a struct PAC_LOGON_INFO.
make_server_info_info3() only reads from the info3 pointer.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Simo Sorce <idra@samba.org>
(cherry picked from commit
527f7b54388713acaaf7b66c718cc0f7114fc368)
Conflicts:
source3/auth/auth_generic.c
source3/auth/proto.h
source3/auth/user_krb5.c
Jeremy Allison [Tue, 17 Jun 2014 05:49:29 +0000 (22:49 -0700)]
s3: auth: Add some const to the struct netr_SamInfo3 * arguments of copy_netr_SamInfo3() and make_server_info_info3()
Both functions only read from the struct netr_SamInfo3 * argument.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Simo Sorce <idra@samba.org>
(cherry picked from commit
c2411767adb5ce48a4619349075f6f8faae41aab)
Conflicts:
source3/auth/proto.h
Michael Adam [Sat, 1 Jun 2013 00:14:41 +0000 (02:14 +0200)]
shadow_copy2: implement disk_free
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Mon, 19 Jan 2015 12:51:55 +0000 (13:51 +0100)]
s3:winbind:grent: don't stop group enumeration when a group has no gid
simply continue with the next group
Note: this patch introduces some code duplication to make it
easier to create minimal backport patch. Subsequent patches
will provide some refactoring to reduce the duplication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8905
Signed-off-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Mon, 2 Mar 2015 10:55:01 +0000 (11:55 +0100)]
doc-xml: Add 'sharesec' reference to 'access based share enum'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11127
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Mar 2 14:33:33 CET 2015 on sn-devel-104
(cherry picked from commit
e2ed224653985afa13e906e2a5f3656a18d622c0)
Christian Ambach [Thu, 7 Apr 2011 12:05:04 +0000 (14:05 +0200)]
s4/libcli: do not use netbios name in NTLMv2 blobs w/o spnego
I have seen domain controllers rejecting NTLMv2 blobs presented to
NetrLogonSamLogonEx with LOGON_FAILURE when the MsvAvNbComputerName
was a FQDN or an IP address
I have not seen this field in NTLMv2 blobs send by Windows clients
when extended security was not available, so omitting the field
makes Samba similar to Windows.
This prevents errors with some smbtorture testcases that disable
spnego and when a target name is specified that is not a valid
netbios name.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Apr 14 02:19:08 CEST 2011 on sn-devel-104
(cherry picked from commit
29c0c37691da10bf061ba90a5b31482bda2fa486)
Stefan Metzmacher [Thu, 21 Jul 2011 19:15:38 +0000 (21:15 +0200)]
s3:libsmb: don't pass cli->called.name to NTLMv2_generate_names_blob()
cli->called.name is never initialized, so this change doesn't change
the behavior. And this behavior seems to be correct, see
commit
29c0c37691da10bf061ba90a5b31482bda2fa486
s4/libcli: do not use netbios name in NTLMv2 blobs w/o spnego.
metze
(cherry picked from commit
392ddf970c8f8486e79eec5214ed49912e344e09)
David Disseldorp [Wed, 6 Aug 2014 12:33:02 +0000 (14:33 +0200)]
printing: reload printer shares on OpenPrinter
The printer share inventory should be reloaded on open _and_
enumeration, as there are some clients, such as cupsaddsmb, that do not
perform an enumeration prior to access.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Wed, 23 Jul 2014 12:42:00 +0000 (14:42 +0200)]
smbd: only reprocess printer_list.tdb if it changed
The per-client smbd printer share inventory is currently updated from
printer_list.tdb when a client enumerates printers, via EnumPrinters or
NetShareEnum.
printer_list.tdb is populated by the background print process, based on
the latest printcap values retrieved from the printing backend (e.g.
CUPS) at regular intervals.
This change ensures that per-client smbd processes don't reparse
printer_list.tdb if it hasn't been updated since the last enumeration.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Suggested-by: Volker Lendecke <vl@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Wed, 23 Jul 2014 10:12:34 +0000 (12:12 +0200)]
printing: return last change time with pcap_cache_loaded()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Fri, 25 Jul 2014 10:18:54 +0000 (12:18 +0200)]
printing: remove pcap_cache_add()
All print list updates are now done via pcap_cache_replace(), which can
call into the print_list code directly.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Tue, 22 Jul 2014 18:17:38 +0000 (20:17 +0200)]
printing: reload printer_list.tdb from in memory list
This will allow in future for a single atomic printer_list.tdb update.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Fri, 11 Jul 2014 15:00:05 +0000 (17:00 +0200)]
printing: only reload printer shares on client enum
Currently, automatic printer share updates are handled in the following
way:
- Background printer process (BPP) forked on startup
- Parent smbd and per-client children await MSG_PRINTER_PCAP messages
- BPP periodically polls the printing backend for printcap data
- printcap data written to printer_list.tdb
- MSG_PRINTER_PCAP sent to all smbd processes following update
- smbd processes all read the latest printer_list.tdb data, and update
their share listings
This procedure is not scalable, as all smbd processes hit
printer_list.tdb in parallel, resulting in a large spike in CPU usage.
This change sees smbd processes only update their printer share lists
only when a client asks for this information, e.g. via NetShareEnum or
EnumPrinters.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Suggested-by: Volker Lendecke <vl@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Wed, 9 Jul 2014 22:18:10 +0000 (00:18 +0200)]
printing: traverse_read the printer list for share updates
The printcap update procedure involves the background printer process
obtaining the printcap information from the printing backend, writing
this to printer_list.tdb, and then notifying all smbd processes of the
new list. The processes then all attempt to simultaneously traverse
printer_list.tdb, in order to update their local share lists.
With a large number of printers, and a large number of per-client smbd
processes, this traversal results in significant lock contention, mostly
due to the fact that the traversal is unnecessarily done with an
exclusive (write) lock on the printer_list.tdb database.
This commit changes the share update code path to perform a read-only
traversal.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Reported-by: Alex K <korobkin+samba@gmail.com>
Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Matt Rogers [Wed, 12 Nov 2014 16:21:05 +0000 (17:21 +0100)]
s3-keytab: fix keytab array NULL termination.
Signed-off-by: Matt Rogers <mrogers@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0de6799996955fbf8e19ace8c4b7b61f5a262cb5)
Andreas Schneider [Thu, 18 Dec 2014 15:14:36 +0000 (15:14 +0000)]
spoolss: retrieve published printer GUID if not in registry
When a printer is published, the GUID for the published DN is retrieved
from the domain controller and stored in the registry.
When handling a spoolss GetPrinter(level=7) request, the same GUID is
obtained from the registry and returned to the client.
This change sees the spoolss server query the DC for the published
printer GUID if it is not present in the registry when handling a
spoolss GetPrinter(level=7) request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11018
Pair-Programmed-With: David Disseldorp <ddiss@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Feb 18 12:43:44 CET 2015 on sn-devel-104
(cherry picked from commit
a4157e7c5d75be7003ad0b72fdfe9856a9e5ba8f)
Andreas Schneider [Thu, 18 Dec 2014 15:13:27 +0000 (15:13 +0000)]
printing: rework nt_printer_guid_store to return errors
Callers can now choose whether or not to ignore errors.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11018
Pair-programmed-with: David Disseldorp <ddiss@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
6595ced146a53dcef9bbd5d2deb82a44c8ce1a1a)
David Disseldorp [Thu, 18 Dec 2014 17:23:11 +0000 (18:23 +0100)]
printing: add nt_printer_guid_retrieve() helper
This function connects to the domain controller and retrieves the
GUID for the corresponding printer DN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11018
Pair-programmed-with: Andreas Schneider <asn@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
38dbd054dc331a441b10fdebbdb4bd0fc51cfc0a)
David Disseldorp [Thu, 18 Dec 2014 17:18:21 +0000 (18:18 +0100)]
printing: split out printer DN and GUID retrieval
This functions are used for printer publishing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11018
Pair-programmed-with: Andreas Schneider <asn@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
7cabd89789a50d37fc32735968c493092a37e69f)
Günther Deschner [Sat, 19 Jan 2013 00:37:29 +0000 (01:37 +0100)]
s3-spoolss: Make it easier to manipulate the returned OSVersion at runtime.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jeremy Allison [Tue, 3 Dec 2013 18:21:16 +0000 (10:21 -0800)]
smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 9 21:02:21 CET 2013 on sn-devel-104
(cherry picked from commit
f98d10af2a05f0261611f4cabdfe274cd9fe91c0)
Jeremy Allison [Tue, 3 Dec 2013 18:19:09 +0000 (10:19 -0800)]
smbd: change flag name from UCF_CREATING_FILE to UCF_PREP_CREATEFILE
In preparation to using it for all open calls.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
874318a97868e08837a1febb1be8e8a167b5ae0f)
Volker Lendecke [Tue, 3 Dec 2013 12:20:17 +0000 (13:20 +0100)]
smbd: Fix regression for the dropbox case.
We need to allow to save a file to a directory with perm -wx.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
5b49fe24c906cbae12beff7a1b45de6809258cab)
Andreas Schneider [Wed, 20 Aug 2014 13:51:21 +0000 (15:51 +0200)]
: Reset netlogon pipe for interactive samlogon_ex.
Günther Deschner [Tue, 15 Jul 2014 14:22:15 +0000 (16:22 +0200)]
s3-winbindd: prefer to do a rpccli_netlogon_sam_logon_ex if we can.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Tue, 15 Jul 2014 14:21:08 +0000 (16:21 +0200)]
s3-rpc_client: add rpccli_netlogon_sam_logon_ex().
This function deals with interactive samlogon and does a dcerpc_netr_SamLogonEx
call (w/o credential chaining).
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Thu, 3 Jul 2014 14:19:42 +0000 (16:19 +0200)]
s3-winbind: Don't set the gecos field to NULL.
The value is loaded from the cache anyway. So it will be set to NULL if
it is not available.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10440
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Thu, 3 Jul 2014 14:17:46 +0000 (16:17 +0200)]
samlogon_cache: avoid overwriting info3->base.full_name.string.
This field servers as a source for the gecos field. We should not overwrite it
when a info3 struct from a samlogon network level gets saved in which case this
field is always NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10440
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Wed, 9 Jul 2014 11:36:06 +0000 (13:36 +0200)]
samlogon_cache: use a talloc_stackframe inside netsamlogon_cache_store.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Mon, 7 Jul 2014 15:16:32 +0000 (17:16 +0200)]
s3-winbindd: use wcache_query_user_fullname after inspecting samlogon cache.
The reason for this followup query is that very often the samlogon cache only
contains a info3 netlogon user structure that has been retrieved during a
netlogon samlogon authentication using "network" logon level. With that logon
level only a few info3 fields are filled in; the user's fullname is never filled
in that case. This is problematic when the cache is used to fill in the user's
gecos field (for NSS queries). When we have retrieved the user's fullname during
other queries, reuse it from the other caches.
Thanks to Matt Rogers <mrogers@redhat.com>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10440
Guenther
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Mon, 7 Jul 2014 15:14:37 +0000 (17:14 +0200)]
s3-winbindd: add wcache_query_user_fullname().
This helper function is used to query the full name of a cached user object (for
further gecos processing).
Thanks to Matt Rogers <mrogers@redhat.com>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10440
Guenther
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Tue, 15 Jul 2014 12:25:19 +0000 (14:25 +0200)]
s3-winbindd: call interactive samlogon via rpccli_netlogon_password_logon.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Tue, 15 Jul 2014 12:16:56 +0000 (14:16 +0200)]
s3-rpc_client: return info3 in rpccli_netlogon_password_logon().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Wed, 16 Apr 2014 14:07:14 +0000 (16:07 +0200)]
s3-libads: allow ads_try_connect() to re-use a resolved ip address.
Pass down a struct sockaddr_storage to ads_try_connect.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Apr 17 19:56:16 CEST 2014 on sn-devel-104
Andrew Bartlett [Tue, 26 Apr 2011 07:03:32 +0000 (17:03 +1000)]
s3-libads Pass a struct sockaddr_storage to cldap routines
This avoids these routines doing a DNS lookup that has already been
done, and ensures that the emulated DNS lookup isn't thrown away.
Andrew Bartlett
Günther Deschner [Wed, 2 Apr 2014 17:37:34 +0000 (19:37 +0200)]
s3-kerberos: make ipv6 support for generated krb5 config files more robust.
Older MIT Kerberos libraries will add any secondary ipv6 address as
ipv4 address, defining the (default) krb5 port 88 circumvents that.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Apr 4 16:33:12 CEST 2014 on sn-devel-104
Conflicts:
source3/libads/kerberos.c
Günther Deschner [Fri, 7 Mar 2014 13:47:31 +0000 (14:47 +0100)]
s3-kerberos: remove unused kdc_name from create_local_private_krb5_conf_for_domain().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Mar 7 18:43:57 CET 2014 on sn-devel-104
Conflicts:
source3/libads/kerberos.c
source3/libads/kerberos_proto.h
source3/libnet/libnet_join.c
source3/winbindd/winbindd_cm.c
Günther Deschner [Mon, 13 Jan 2014 14:59:26 +0000 (15:59 +0100)]
s3-kerberos: remove print_kdc_line() completely.
Just calling print_canonical_sockaddr() is sufficient, as it already deals with
ipv6 as well. The port handling, which was only done for IPv6 (not IPv4), is
removed as well. It was pointless because it always derived the port number from
the provided address which was either a SMB (usually port 445) or LDAP
connection. No KDC will ever run on port 389 or 445 on a Windows/Samba DC.
Finally, the kerberos libraries that we support and build with, can deal with
ipv6 addresses in krb5.conf, so we no longer put the (unnecessary) burden of
resolving the DC name on the kerberos library anymore.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Conflicts:
source3/libads/kerberos.c
Andreas Schneider [Wed, 28 May 2014 14:02:15 +0000 (16:02 +0200)]
s3-libsmbclient: Always initialize globals.
This fixes cases where we dereference NULL pointers of globals which
were not initialized.
Niels de Vos [Fri, 10 Jan 2014 15:26:18 +0000 (16:26 +0100)]
vfs/glusterfs: in case atime is not passed, set it to the current atime
The Linux CIFS client does not pass an updated atime when a write() is
done. This causes the vfs/glusterfs module to set the atime to -1 on the
Gluster backend, resulting in an atime far in the future (year 2106).
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 15 21:31:30 CET 2014 on sn-devel-104
Poornima Gurusiddaiah [Sun, 24 Nov 2013 21:37:53 +0000 (21:37 +0000)]
vfs_glusterfs: Enable per client log file
In Samba configuration file, one of the options of gluster type is
log file, the value of this option was not allowed to contain any
variables, as a result all the clients would have a single log file,
which complicated debugging.
In this patch, variable substitution is performed for gluster log file.
Hence allowing user to customise the gluster log file name.
Signed-off-by: Poornima Gurusiddaiah <pgurusid@redhat.com>
Reviewed-by: Ira Cooper <ira@samba.org>
Andreas Schneider [Fri, 15 Nov 2013 16:02:19 +0000 (17:02 +0100)]
s3-vfs: Make glfs_set_preopened() static.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 4 Nov 2013 11:32:05 +0000 (12:32 +0100)]
vfs: Fix some build warnings in glusterfs.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Christopher R. Hertel [Thu, 29 Aug 2013 16:01:24 +0000 (11:01 -0500)]
vfs_glusterfs: Fix excessive debug output from vfs_gluster_open().
The vfs_gluster_open() function generates a debug message (at level 0)
for every failed attempt to open a pathname. This includes cases in
which attempts are made to open a directory as a file (those attempts
are retried calling vfs_gluster_opendir()). The result is that the log
file fills with messages about failed attempts to open directories,
because they are directories. This patch ensures that failed attempts
to open directories as files are logged at log level 4, not 0. In
addition, other failed open attempts are logged at level 1, not 0.
Signed-off-by: Christopher R. Hertel <crh@redhat.com>
Reviewed-by : Susant Palai <spalai@redhat.com>
Reviewed-by : Raghavendra Talur <rtalur@redhat.com>
Reviewed-by : Jose A. Rivera <jarrpa@redhat.com>
Anand Avati [Mon, 12 Aug 2013 19:59:24 +0000 (14:59 -0500)]
vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs
Use the primitives available in Samba byteorder.h for implementing
proper (un)marshalling of ACL xattrs.
Signed-off-by: Anand Avati <avati@redhat.com>
Reviewed-by: Raghavendra Talur <rtalur@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Tested-by: "Jose A. Rivera" <jarrpa@redhat.com>
susant [Wed, 7 Aug 2013 06:00:31 +0000 (01:00 -0500)]
vfs_glusterfs: Volume capacity reported to Windows is incorrect
VFS plugin was sending the actual size of the volume instead of the
total number of block units because of which windows was getting the
wrong volume capacity.
Signed-off-by: susant <spalai@redhat.com>
Reviewed-by: Anand Avati <avati@redhat.com>
Raghavendra Talur [Fri, 21 Jun 2013 00:58:15 +0000 (17:58 -0700)]
vfs_glusterfs: New file creation fix.
When a new document is created in explorer, a check for file_exist is made.
vfs_gluster_get_real_filename was returning 0 even when the file did not
exist.
Anand Avati [Wed, 29 May 2013 11:21:46 +0000 (07:21 -0400)]
vfs_glusterfs: Samba VFS module for glusterfs
Implement a Samba VFS plugin for glusterfs based on gluster's gfapi.
This is a "bottom" vfs plugin (not something to be stacked on top of
another module), and translates (most) calls into closest actions
on gfapi.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Signed-off-by: Anand Avati <avati@redhat.com>
Andreas Schneider [Wed, 12 Feb 2014 12:26:02 +0000 (13:26 +0100)]
s3-winbind: Use strlcpy to avoid log entry.
The full_name from Windows can be longer than 255 chars which results in
a warning on log level 0 that we have a string overflow. This will avoid
the warning. However we should fix this sooner or later on the protocol
level to have no limit.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Conflicts:
source3/winbindd/wb_fill_pwent.c
Günther Deschner [Wed, 24 Jan 2018 15:28:52 +0000 (16:28 +0100)]
docs: point out side-effects of global "valid users" setting.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Thu, 5 Apr 2012 12:05:00 +0000 (14:05 +0200)]
nsswitch: disable HAVE_PAM_RADIO_TYPE handling until proper PAM_RADIO_TYPE handling is available.
This is needed that gdm doesn't crash.
Guenther
Günther Deschner [Wed, 21 Dec 2011 14:47:35 +0000 (15:47 +0100)]
s3-dns: prevent from potentially doing wrong SRV DNS lookups.
With an empty sitename we asked for e.g.
_ldap._tcp.._sites.dc._msdcs.AD.EXAMPLE.COM
Guenther
Christian Ambach [Fri, 30 Sep 2011 15:07:05 +0000 (17:07 +0200)]
s3-docs: some corrections for wbinfo
Parameters for --group-info and --gid-info were not listed
properly in the SYNOPSIS and the OPTIONS section
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Fri Sep 30 18:44:34 CEST 2011 on sn-devel-104
Andreas Schneider [Wed, 24 Jan 2018 15:16:41 +0000 (16:16 +0100)]
docs: Document Services for Unix nss_info ldap schema support
Signed-off-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 24 Jan 2018 15:14:28 +0000 (16:14 +0100)]
docs: Update wbinfo manpage to match options
Signed-off-by: Andreas Schneider <asn@samba.org>