[SCM] Samba Shared Repository - branch v4-8-test updated
Stefan Metzmacher
metze at samba.org
Tue Feb 27 20:00:03 UTC 2018
The branch, v4-8-test has been updated
via 105a5b0 repl_md: avoid returning LDB_SUCCESS on failure
via 633df98 repl_metadata: Avoid silent skipping an object during DRS (due to RODC rename collisions)
via 1765edc repl_metadata: Avoid silent skipping an object during DRS (due to RODC name collisions)
via c57f17b tests/replica_sync_rodc: Test conflict handling on an RODC
via 7e17897 selftest: Add RODC variables to list of those exported
via 8d81d9b tests/drs_base: Allow the net drs replicate to try with a single object
via 59725be tests/replica_sync: Add some additional replication in setUp
via 0b0664b winbind: don't try to do an authenticated SMB connection as AD DC
via 61af154 winbind: set_dc_type_and_flags() is not needed on a DC
via f767b7b winbind: make sure we don't contact trusted domains via LDAP as AD DC
via 24f8170 winbind: make sure we don't contact trusted domains via SAMR as AD DC
via ae962f8 winbind: let cm_connect_netlogon_transport() only work against direct trust as AD DC
via ceaf7ac winbind: force the usage of schannel in cm_connect_lsa() as AD DC
via cdcb8a9 s3:smb_macros.h: add IS_AD_DC as addition to IS_DC
via c6f69f7 dsdb/encrypted_secrets: remove dependency to libnettle and use our own aes_gcm_128_*()
via 9535550 winbind: Use one queue for all domain children
via 0465985 winbind: Maintain a binding handle per domain and always go via wb_domain_request_send()
via 0dc0c59 winbind: make choose_domain_child() static
via d4970bc winbind: add locator_child_handle() and use it instead of child->binding_handle
via f613d22 winbind: add idmap_child_handle() and use it instead of child->binding_handle
via 52de132 winbind: improve wb_domain_request_send() to use wb_dsgetdcname_send() for a foreign domain
via 8996baa winbind: use state->{ev,request} in wb_domain_request_send()
via 3b49053 winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection
via a993d0f winbind: cleanup winbindd_cli_state->pwent_state if winbindd_getpwent_recv() returns an error
via 0032296 winbind: cleanup winbindd_cli_state->grent_state if winbindd_getgrent_recv() returns an error
via f9103fc winbind: call lp_winbind_enum_{users,groups}() already in set{pw,gr}ent()
via 4c1e32d winbind: protect a pending wb_child_request against a talloc_free()
via be881cb winbind: use tevent_queue_wait_send/recv in wb_child_request_*()
via 456d7eb winbind: Improve child selection
via 5e43980 tevent: version 0.9.36
via 8a29a03 tevent: add tevent_queue_entry_untrigger()
via 5eaf80b tevent: improve documentation of tevent_queue_add_optimize_empty()
via 73121c4 s4:auth_sam: allow logons with an empty domain name
via e3bbe2c tests/bind.py: Add a bind test with NTLMSSP with no domain
via f0a233d tests/py_creds: Add a SamLogonEx test with an empty string domain
via cacf4bb s3:cliconnect.c: remove useless ';'
via 0b69a7a s3:libsmb: allow -U"\administrator" to work
via a72353a s4:rpc_server: fix call_id truncation in dcesrv_find_fragmented_call()
via 0fa4986 tests:dcerpc/raw_protocol: reproduce call_id truncation bug
via bb2dc6c s4:rpc_server/lsa: implement forwarding lsa_Lookup{Sids,Names}() requests to winbindd
via d130e1f winbindd: implement wb_irpc_lsa_{LookupNames4,LookupSids3}()
via bd083ae s4:rpc_server/lsa: rewrite lookup sids/names code to honor the given lookup level
via 5defe8c test_trust_ntlm.sh: add lookup name tests
via 80266e1 libcli/security: add dom_sid_lookup_predefined_{sid,name}()
via 6075763 s4:dsdb: add dsdb_trust_domain_by_{sid,name}()
via 4e6f20a s4:rpc_server/lsa: prepare dcesrv_lsa_LookupNames* for async processing
via 6a2ff19 s4:rpc_server/lsa: prepare dcesrv_lsa_LookupSids* for async processing
via 82a36e4 s4:rpc_server/lsa: base dcesrv_lsa_LookupNames2() on dcesrv_lsa_LookupNames_common()
via 7ab3d8c s4:rpc_server/lsa: base dcesrv_lsa_LookupNames() on dcesrv_lsa_LookupNames_common()
via b45afd3 s4:rpc_server/lsa: rename 'state' variable to 'policy_state' in dcesrv_lsa_LookupNames2()
via 7c8c5ed s4:rpc_server/lsa: rename 'state' variable to 'policy_state' in dcesrv_lsa_LookupSids2()
via 552b0f7 s4:rpc_server/lsa: rename 'state' variable to 'policy_state' in dcesrv_lsa_LookupSids_common()
via d210946 s4:rpc_server/lsa: simplify [ref] pointer handling in dcesrv_lsa_LookupNames()
via 4276801 s4:rpc_server/lsa: simplify [ref] pointer handling in dcesrv_lsa_LookupSids()
via 62879fe s4:rpc_server/lsa: remove unused 'status' variable in dcesrv_lsa_LookupSids_common()
via 0c331d5 s4:rpc_server/lsa: make sure dcesrv_lsa_LookupNames2() gets prepared [ref] pointers
via efe06ef s4:rpc_server/lsa: expect prepared [ref] pointers in dcesrv_lsa_LookupNames_common()
via a4a619d s4:rpc_server/lsa: make sure dcesrv_lsa_LookupSids_common() gets prepared [ref] pointers
via d68a14e s4:rpc_server/lsa: use LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES/LSA_CLIENT_REVISION_1 in compat code
via 5e399aa rpcclient: add lookupsids_level command
via 0d4e2c8 rpcclient: fix variable initialisation and add parenthesis to if clauses
via 92f0b55 provision: fix the 'dnsdomain' for the local sam of a domain member
via 46f9507 traffic_packets.py: let Lookup{Sids,Names}() work against a sane server
via 2ba8639 nsswitch: fix double free errors in nsstest.c
via 3bc00ec s4:torture: zero initialize variables in test_LookupSidsReply()
via 2d1b48a winbindd: make use of talloc_zero_array() in wb_lookupsids*()
via d90f8fe s3:cli_lsarpc: use talloc_zero_array() in dcerpc_lsa_lookup_names_generic()
via 00b55da s3:cli_lsarpc: use talloc_zero_array() in dcerpc_lsa_lookup_sids_generic()
via 41562d1 winbindd: initialize type = SID_NAME_UNKNOWN in wb_lookupsids_single_done()
via 3c426d6 winbindd: don't split the rid for SID_NAME_DOMAIN sids in wb_lookupsids
via d113629 vfs_fileid: Fix the 32-bit build
via e002514 mit-kdb: support MIT Kerberos 1.16 KDB API changes
via 6b9c094 vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async
via 4d47c72 vfs_glusterfs: Add fallocate support for vfs_glusterfs
from a46dc61 subnet: Avoid a segfault when renaming subnet objects
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test
- Log -----------------------------------------------------------------
commit 105a5b09f2160fb2092e4eb4a2960f1a9bfc93c4
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Feb 14 17:15:07 2018 +1300
repl_md: avoid returning LDB_SUCCESS on failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit bc56913271e9d3a30143ef5a45d32430766d9dc3)
Autobuild-User(v4-8-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-8-test): Tue Feb 27 20:59:28 CET 2018 on sn-devel-144
commit 633df988d681fca58d60a3f9b0621efb52e73f7e
Author: Garming Sam <garming at catalyst.net.nz>
Date: Wed Feb 14 13:32:33 2018 +1300
repl_metadata: Avoid silent skipping an object during DRS (due to RODC rename collisions)
No error code was being set in this case, and so, we would commit the
HWM and UDV without actually having all the updates.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Garming Sam <garming at samba.org>
Autobuild-Date(master): Thu Feb 15 10:18:42 CET 2018 on sn-devel-144
(cherry picked from commit 9952eda7a1923971f77f3183cfa4c505386b30ee)
commit 1765edc7d616a2c3f94be78ce00b384ab4405f2f
Author: Garming Sam <garming at catalyst.net.nz>
Date: Wed Feb 14 13:32:24 2018 +1300
repl_metadata: Avoid silent skipping an object during DRS (due to RODC name collisions)
No error code was being set in this case, and so, we would commit the
HWM and UDV without actually having all the updates.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 59fa9e7ecf84bd4c2469e9a6835855769c4f6287)
commit c57f17b0b8f7fbbd955ba7f917ee726ca4869fd6
Author: Garming Sam <garming at catalyst.net.nz>
Date: Wed Feb 14 13:30:26 2018 +1300
tests/replica_sync_rodc: Test conflict handling on an RODC
There are two cases we are interested in:
1) RODC receives two identical DNs which conflict
2) RODC receives a rename to a DN which already exists
Currently these issues are ignored, but the UDV and HWM are being
updated, leading to objects/updates being skipped.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 45d19167d52e42bd2f9369dbe37a233902cc81b0)
commit 7e178970f008fc11dbc65bb402824e0610931688
Author: Garming Sam <garming at catalyst.net.nz>
Date: Wed Feb 14 13:27:27 2018 +1300
selftest: Add RODC variables to list of those exported
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e694b8a1b993bf7213b191e1132c5d02e16ab85d)
commit 8d81d9bd603efaa92e5151792aa94adc49a79366
Author: Garming Sam <garming at catalyst.net.nz>
Date: Wed Feb 14 13:27:59 2018 +1300
tests/drs_base: Allow the net drs replicate to try with a single object
This eventually passes down the replicate single object exop.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ff9e63f976ef76f7f70221d4f6276e221ecd167f)
commit 59725be66da569c20b22aa6018903bd0218f7c39
Author: Garming Sam <garming at catalyst.net.nz>
Date: Wed Feb 14 13:26:35 2018 +1300
tests/replica_sync: Add some additional replication in setUp
This should avoid some failures due to stale objects.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13269
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 19fcd872ec76afffbc4952266fdfad9a352c4871)
commit 0b0664b4809b6d0c5155178377344229d90f7e20
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 22 10:19:58 2018 +0100
winbind: don't try to do an authenticated SMB connection as AD DC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Feb 23 17:58:23 CET 2018 on sn-devel-144
(cherry picked from commit 06601b3a9293db35feda1b033fa864dc1a764164)
commit 61af154fc7b6ba185ce8b90efa220ee7ccb55094
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 22 11:24:38 2018 +0100
winbind: set_dc_type_and_flags() is not needed on a DC
On a DC we load the trusts in the parent in add_trusted_domains_dc()
from our local configuration. There's no need to find out the trust details
via network calls.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 55c3af89f1b0baecf5e2d6c2646902edd0684aa8)
commit f767b7b77aed8ffae7c6e42e5dae5332c6ee0c26
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 2 16:55:01 2018 +0100
winbind: make sure we don't contact trusted domains via LDAP as AD DC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 18f27b5385240852e537cd5010cedb09f0bf233d)
commit 24f8170833f63894b3caf3b05f215767dd789e73
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 22 10:33:48 2018 +0100
winbind: make sure we don't contact trusted domains via SAMR as AD DC
This is not needed for the normal operation of an AD DC.
Administrators should just use other tools instead of
wbinfo to list and query users and groups.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 32a63e3ea985c967ca2aadbcd9e0c60ade2d0367)
commit ae962f80d407549c83032b49ea3f699695317bcb
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 22 10:40:19 2018 +0100
winbind: let cm_connect_netlogon_transport() only work against direct trust as AD DC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 532a14dc684e7a6d8c584d5671a4ebbad00aa4fc)
commit ceaf7acd7215e69b6057e775c58877bb10c835bf
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 22 10:40:19 2018 +0100
winbind: force the usage of schannel in cm_connect_lsa() as AD DC
This makes sure we only talk to direct trusts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 3e17a3b7cd4083299037ba9377931bea792b2d18)
commit cdcb8a9540ac6d46784d4b6e31456f9d13c515c8
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 22 10:03:23 2018 +0100
s3:smb_macros.h: add IS_AD_DC as addition to IS_DC
In the long run we should remove this again (as well as IS_DC).
But for now this makes some code changes in winbindd easier to
follow.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit c58f8c3cd84ab18d04bd39ad7d5f53676e092abb)
commit c6f69f7babc34bfd312a533464765b78e0514dc1
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 22 15:56:45 2018 +0100
dsdb/encrypted_secrets: remove dependency to libnettle and use our own aes_gcm_128_*()
We already rely on gnutls in order to implement SSL/TLS, so using that
to speed up crypto like aes gcm 128 is fine, but as we already have
code for that algorithm, we should use that instead of adding a new
dependency to libnettle.
Some (I guess newer versions) of gnutls use nettle internally, so
we may end up using that code, but we should not have a direct dependency.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13276
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 07844a9a13506b4ca9181cfde05d9e4170208f88)
commit 9535550064ca006bc80b8cc21e48d8c7ba51f1ee
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 14 15:04:01 2018 +0100
winbind: Use one queue for all domain children
If we have multiple domain children, it's important
that the first idle child takes over the next waiting request.
Before we had the problem that a request could get stuck in the
queue of a busy child, while later requests could get served fine by
other children.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13292
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Feb 23 09:04:23 CET 2018 on sn-devel-144
(cherry picked from commit 7f2d45a6c2a88dd8833fc66d314ec21507dd52c3)
commit 0465985286befeb0438b82afaa67c1981a9a7274
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 13 16:04:44 2018 +0100
winbind: Maintain a binding handle per domain and always go via wb_domain_request_send()
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13292
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit b518cb0597d269002105644302c58ca8f9f0f717)
commit 0dc0c594a064c60ea258e3c2d6ae2aedbb5efb65
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 20 14:43:38 2018 +0100
winbind: make choose_domain_child() static
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13292
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 5116aff286bdffe4abc9ddda09cf64ab999fd13e)
commit d4970bccb0c9db4fb5cdd52a39a35d405df1068b
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 14 13:24:54 2018 +0100
winbind: add locator_child_handle() and use it instead of child->binding_handle
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13292
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 44ebaaac8933f5fc16a043b8c15a9449746af47b)
commit f613d22ad52e74e1662e6a8240dc66cebe71a228
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 14 13:24:54 2018 +0100
winbind: add idmap_child_handle() and use it instead of child->binding_handle
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13292
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit c2d78a0a0a3f9b9ade61cf707f23e59a1a16c61b)
commit 52de1322cd5822f4219321570fbf2eb043bdc5fd
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 14 15:11:50 2018 +0100
winbind: improve wb_domain_request_send() to use wb_dsgetdcname_send() for a foreign domain
Commit ed3bc614cccec6167c64ac58d78344b6426cd019 got the logic wrong while
trying to implement the logic we had in init_child_connection(),
which was removed by commit d61f3626b79e0523beadff355453145aa7b0195c.
Instead of doing a WINBINDD_GETDCNAME request (which would caused an error
because the implementation was removed in commit
958fdaf5c3ba17969a5110e6b2b08babb9096d7e), we sent the callers request
and interpreted the result as WINBINDD_GETDCNAME response, which
led to an empty dcname variable. As result the domain child
opened a connection to the primary domain in order to lookup
a dc.
If we want to connect the primary domain from the parent via
a domain child of the primary domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13295
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 1f41193e005df37401a28004f0a95d4d73b98ccd)
commit 8996baadd46e8a4506f71480349829ee00cf6dcf
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 14 15:09:51 2018 +0100
winbind: use state->{ev,request} in wb_domain_request_send()
This will reduce the diff for the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13295
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 4d804f5f3e65df0e2f646d4f88793cab8e2f32d1)
commit 3b4905371592c07225a21479ea92d2100dee6cda
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 15 16:00:33 2018 +0100
winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection
domain->dcname was converted from fstring to char * by commit
14bae61ba36814ea5eca7c51cf1cc039e9e6803f.
Luckily this was only ever called with an empty string in
state->request->data.init_conn.dcname.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13294
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit d73e3d451976e692c6c346f98547d7123f7b9006)
commit a993d0fc49a37901af45a5a2861ea177a246b37f
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 16 16:13:16 2018 +0100
winbind: cleanup winbindd_cli_state->pwent_state if winbindd_getpwent_recv() returns an error
A client may skip the explicit endpwent() if getgrent() fails.
This allows client_is_idle() return true in more cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13293
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit b158d4e4c1c3fee0a8884bc5e8f0c5a5ce49687f)
commit 003229686af3ba4694d2b47665c44ac9af0c0a6c
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 16 16:13:16 2018 +0100
winbind: cleanup winbindd_cli_state->grent_state if winbindd_getgrent_recv() returns an error
A client may skip the explicit endgrent() if getgrent() fails.
This allows client_is_idle() return true in more cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13293
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit b7789da8468c3f070727011639d5f74aca76cb59)
commit f9103fc0bd2d6b737e0605fe1ceae702cd48b117
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 16 16:09:58 2018 +0100
winbind: call lp_winbind_enum_{users,groups}() already in set{pw,gr}ent()
This way we don't keep winbindd_cli_state->{pw,gr}ent_state arround forever,
if the client forgets an explicit end{pw,gr}ent().
This allows client_is_idle() return true in more cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13293
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 6548b82b5c1ed30ce14e17e4ba9d4bc24ab49c42)
commit 4c1e32d5abf89ccf24e2679177e7dd1134861186
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 16 15:05:57 2018 +0100
winbind: protect a pending wb_child_request against a talloc_free()
If the (winbind) client gave up we call TALLOC_FREE(state->mem_ctx)
in remove_client(). This triggers a recursive talloc_free() for all
in flight requests.
In order to maintain the winbindd parent-child protocol, we need
to keep the orphaned wb_simple_trans request until the parent
got the response from the child.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13290
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 43af57d8728883c5ddbe169e1483181246fb68a8)
commit be881cbcb8814840f941029e43887e085d654a08
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 16 15:02:42 2018 +0100
winbind: use tevent_queue_wait_send/recv in wb_child_request_*()
We need a way to keep the child->queue blocked without relying on
the current 'req' (wb_child_request_state).
The next commit will make use of this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13290
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit d29dda141e08af42c535e8718226f95c45aadab8)
commit 456d7eb70fa541d386419d821642750d424d0505
Author: Volker Lendecke <vl at samba.org>
Date: Fri Feb 9 10:27:55 2018 +0100
winbind: Improve child selection
This improves the situation when a client request blocks a winbind
child. This might be a slow samlogon or lookupnames to a domain that's
far away. With random selection of the child for new request coming in
we could end up with a long queue when other, non-blocked children
could serve those new requests. Choose the shortest queue.
This is an immediate and simple fix. Step two will be to have a
per-domain and not a per-child queue. Right now we're pre-selecting
the check-out queue at Fry's randomly without looking at the queue
length. With this change we're picking the shortest queue. The better
change will be what Fry's really does: One central queue and red/green
lights on the busy/free checkout counters.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13290
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Feb 12 19:51:35 CET 2018 on sn-devel-144
(cherry picked from commit b4384b7f0ecf3b47dd60acaf77636b679e3adc05)
commit 5e43980e275ce42aafe353569929340fe43b577e
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 20 13:54:49 2018 +0100
tevent: version 0.9.36
* improve documentation of tevent_queue_add_optimize_empty()
* add tevent_queue_entry_untrigger()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13291
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit f00c7cf9f5f325de0b754b127fcc0f07bea2d825)
commit 8a29a03dd78706a75a9d56599fe9bc3d0fbdd9f3
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 15 14:47:25 2018 +0100
tevent: add tevent_queue_entry_untrigger()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13291
Pair-Programmed-With: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 5c6f31697a8edb03d36eece5c79581b952743b5b)
commit 5eaf80b8cba91ba36cc2d24130e4245c8dfcf336
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 16 16:47:57 2018 +0100
tevent: improve documentation of tevent_queue_add_optimize_empty()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13291
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 88d6703b89f9a7f847b6ec47d97569432927dcff)
commit 73121c488cc09280fa6bdd85c9c39a3c52ab7304
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jan 9 08:54:11 2018 +0100
s4:auth_sam: allow logons with an empty domain name
It turns out that an empty domain name maps to the local SAM.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Feb 23 04:08:26 CET 2018 on sn-devel-144
(cherry picked from commit 57762229da971e837b923f09ca01bad6151f9419)
commit e3bbe2c8ece68d85d8800374794d408b7ba2e7af
Author: Garming Sam <garming at catalyst.net.nz>
Date: Mon Jan 8 16:34:02 2018 +1300
tests/bind.py: Add a bind test with NTLMSSP with no domain
Confirmed to pass against Windows 2012 R2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2e49a97777ebf5bffbeadca03517b4a21bca24c0)
commit f0a233dd2fb156a4477685c8bb1be19d0ccf3e14
Author: Garming Sam <garming at catalyst.net.nz>
Date: Mon Jan 8 13:36:59 2018 +1300
tests/py_creds: Add a SamLogonEx test with an empty string domain
This test passes against 4.6, but failed against 4.7.5 and master.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 5c625eae3f54e8de434de26e9f6a0f2fde557c18)
commit cacf4bbd30e5b7cd19cb8e2481576e08b72f43ae
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jan 9 08:57:05 2018 +0100
s3:cliconnect.c: remove useless ';'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e039e9b0d2a16b21ace019b028e5c8244486b8a3)
commit 0b69a7a3b1eeb6121c117bc752c68844d1dff7db
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jan 9 08:55:48 2018 +0100
s3:libsmb: allow -U"\\administrator" to work
cli_credentials_get_principal() returns NULL in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 0786a65cabb92a812cf1c692d0d26914f74a6f87)
commit a72353ac0207d8252fd89303dc5f7186b805cc54
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 21 00:49:55 2018 +0100
s4:rpc_server: fix call_id truncation in dcesrv_find_fragmented_call()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13289
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Feb 21 19:02:56 CET 2018 on sn-devel-144
(cherry picked from commit 5d113f80944f2e1d2a7e80f73aea7a4cfdfbd140)
commit 0fa4986684dc3bde32bd23ab73825921b92fc1e7
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 21 00:50:26 2018 +0100
tests:dcerpc/raw_protocol: reproduce call_id truncation bug
We need to make sure the server handles call_id values > UINT16_MAX.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13289
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 65e8edb382fbc7450919aad8b42cfcae9e779d11)
commit bb2dc6c920cc396b1700835d98ffbb3d7ca7b63b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jan 19 13:42:40 2018 +0100
s4:rpc_server/lsa: implement forwarding lsa_Lookup{Sids,Names}() requests to winbindd
This might not be perfect yet, but it's enough to allow names from trusted
forests/domain to be resolved, which is very important for samba based
domain members.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e9d5b8b6b41155a8a043275ae497bdb87044d476)
commit d130e1f03febe86edf64446c545ce5b37d2b5525
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jan 23 13:19:37 2018 +0100
winbindd: implement wb_irpc_lsa_{LookupNames4,LookupSids3}()
This will be used by the LSA Server on an AD DC to request remote views
from trusts.
In future we should implement wb_lookupnames_send/recv similar to
wb_lookupsids_send/recv, but for now using wb_lookupname_send/recv in a loop
works as a first step.
We also need to make use of req->in.level and req->in.client_revision
once we want to support more than one domain within our own forest.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 3ffebee3de4aa313027779bc98cb6326fa17be85)
commit bd083ae72464889cb3358ca6338550db9986650c
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jan 23 00:52:50 2018 +0100
s4:rpc_server/lsa: rewrite lookup sids/names code to honor the given lookup level
[MS-LSAT] 2.2.16 LSAP_LOOKUP_LEVEL defines the which views each level should
consult.
Up to now we support some wellknown sids, the builtin domain and our
account domain, but all levels query all views.
This commit implements 3 views (predefined, builtin, account domain)
+ a dummy winbind view (which will later be used to implement the
gc, forest and trust views)..
Depending on the level we select the required views.
This might not be perfect in all details, but it's enough
to pass all existing tests, which already revealed bugs
during the development of this patch.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 3801c417db5891ee4a45b09e8841d8f1ff4500f9)
commit 5defe8cb3b6bc12c42c6766652694350ca199531
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 15 10:30:28 2018 +0100
test_trust_ntlm.sh: add lookup name tests
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 475a761637bbcc93edbe8d83fc13037e1087941a)
commit 80266e194b26c81af08f3b2b0d48bb4e94d36a0d
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Mar 20 12:55:44 2017 +0100
libcli/security: add dom_sid_lookup_predefined_{sid,name}()
This basically implements [MS-LSAT] 3.1.1.1.1 Predefined Translation Database
and Corresponding View.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit d7780c66866144eba59408c03af50256825165ba)
commit 6075763e34b492f470fa9f4164cea78f376d8179
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 16 01:14:00 2018 +0100
s4:dsdb: add dsdb_trust_domain_by_{sid,name}()
This gets the lsa_ForestTrustDomainInfo for the searched
domain as well as the lsa_TrustDomainInfoInfoEx for the
direct trust (which might be the same for external trust or
the forest root domain).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e9ace1852ff88ebb7778e8db9a49bc5c61512d16)
commit 4e6f20a1de36aa510e63e12c8054efead0f19d6b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jan 19 13:42:40 2018 +0100
s4:rpc_server/lsa: prepare dcesrv_lsa_LookupNames* for async processing
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 9b6a0b1a63f2ebfbd578047401dfbe38606c8c44)
commit 6a2ff1908912a93b176577ae04bbad5ccb9af482
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jan 19 13:42:40 2018 +0100
s4:rpc_server/lsa: prepare dcesrv_lsa_LookupSids* for async processing
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit ab7988aa2fd1a43f576a4b73a6893c61c7ef1957)
commit 82a36e4ad144371423930c11b43cd688033046a6
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jan 22 20:21:14 2018 +0100
s4:rpc_server/lsa: base dcesrv_lsa_LookupNames2() on dcesrv_lsa_LookupNames_common()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e6c9984bd563525dc312b67fe69ea7e4be04ee4e)
commit 7ab3d8c092db5c1dafa6558b45ebd7b2ea91110b
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jan 22 20:21:14 2018 +0100
s4:rpc_server/lsa: base dcesrv_lsa_LookupNames() on dcesrv_lsa_LookupNames_common()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 37cb34d16406d27831be74e952ee744e58b79fb4)
commit b45afd307a9e7a3e13b2897375be5d7bec126886
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jan 22 09:27:49 2018 +0100
s4:rpc_server/lsa: rename 'state' variable to 'policy_state' in dcesrv_lsa_LookupNames2()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit ec55c18ceda5c430eaec97c5d7e594941e3a31fc)
commit 7c8c5ed763eefe7a891fbc2a14ac7264cbbad6b4
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jan 22 09:27:49 2018 +0100
s4:rpc_server/lsa: rename 'state' variable to 'policy_state' in dcesrv_lsa_LookupSids2()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit c78c17dc2fbaf523d1957bb748aa75ecd81e793b)
commit 552b0f75d80db408d5a89ab59e213be58cf5eb29
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jan 22 09:27:49 2018 +0100
s4:rpc_server/lsa: rename 'state' variable to 'policy_state' in dcesrv_lsa_LookupSids_common()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit c0f6103ddea9a825f0f0dcf169e70a5f6a55c2e2)
commit d210946f50cb155a5a0ec679841ef0d5285e4af2
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Mar 20 12:56:00 2017 +0100
s4:rpc_server/lsa: simplify [ref] pointer handling in dcesrv_lsa_LookupNames()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 7c1c9bf53ffc24a25038326767e33f008c7a5552)
commit 42768011c543f086307f9b022e3bde961420debc
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Mar 20 12:56:00 2017 +0100
s4:rpc_server/lsa: simplify [ref] pointer handling in dcesrv_lsa_LookupSids()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 5d868fd875803e361653ccca4e61c5c25dc114aa)
commit 62879feb2b824643a015d8ff3a84e15c9f118664
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Mar 20 12:56:00 2017 +0100
s4:rpc_server/lsa: remove unused 'status' variable in dcesrv_lsa_LookupSids_common()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e8a0223633fd2e6ebb3d864570b76932bc3e293a)
commit 0c331d5bd710863fa50d7a9ec7c208dbaa5ab874
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Mar 20 12:56:00 2017 +0100
s4:rpc_server/lsa: make sure dcesrv_lsa_LookupNames2() gets prepared [ref] pointers
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit fe43dd8678e4f598e0ae802e3d93ad9b28988783)
commit efe06efc469daad2aab0ff102760243e94f5c752
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Mar 20 12:56:00 2017 +0100
s4:rpc_server/lsa: expect prepared [ref] pointers in dcesrv_lsa_LookupNames_common()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 3339a1c57266181570d5ca5e389719951f26b41d)
commit a4a619dd56803a237ec7b185a9dc1445b274d08c
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Mar 20 12:56:00 2017 +0100
s4:rpc_server/lsa: make sure dcesrv_lsa_LookupSids_common() gets prepared [ref] pointers
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit f6e60d2c2e1f0a4eb6426c7da683abaa11babd05)
commit d68a14e0595201706fbfc891a76abb611a7144c2
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Mar 20 12:56:00 2017 +0100
s4:rpc_server/lsa: use LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES/LSA_CLIENT_REVISION_1 in compat code
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 3909f8fcfe6b82575ad8974acacde3270ce849fe)
commit 5e399aaede8164cb502c204092a65fe4b19298bc
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 25 11:24:25 2018 +0100
rpcclient: add lookupsids_level command
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 76868818e8b98a0cd4881d319e0735de5091b8b1)
commit 0d4e2c8829472a61d19f10b05e9bd7d0df18dd4f
Author: Ralph Boehme <slow at samba.org>
Date: Tue Feb 20 15:57:37 2018 +0100
rpcclient: fix variable initialisation and add parenthesis to if clauses
Just a few README.Coding fixes.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 9ccc6eef145c1f67e24cbb1c21402714f612c607)
commit 92f0b55258defdafd0922b206a622f3fc687140f
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 2 21:06:38 2018 +0100
provision: fix the 'dnsdomain' for the local sam of a domain member
A member has a local AD database, which should not use the 'dnsdomain'
as the one on domain controllers.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13285
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit b02de5ad3e04babe1565868c69422cfc778458d9)
commit 46f9507734eb04eafd5f1732950d48a408d9bd38
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 25 18:04:29 2018 +0100
traffic_packets.py: let Lookup{Sids,Names}() work against a sane server
In order to resolve predefined sids or names we need to use
level = LSA_LOOKUP_NAMES_ALL (1).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13284
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 1a258b6b0f667ec077639a7cfe826e5e25f46768)
commit 2ba8639067f96927a7c95c5525d8722553bbeb51
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Feb 10 23:54:33 2018 +0100
nsswitch: fix double free errors in nsstest.c
We need to zero out static pointers on free.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13283
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit da784305e7b306664b79d30a734d45582f5bf4dd)
commit 3bc00ecaea4beeeaf233c8e5e0c5d5cb074902bf
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jan 26 00:38:32 2018 +0100
s4:torture: zero initialize variables in test_LookupSidsReply()
This avoids crashes if the server returns unexpected results. The test
should just report the failure in that case.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13282
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 7b86b94c71268cdab434ced74caedcdd5eb20e12)
commit 2d1b48a736e37bb5bbd3dcc3cc135a0cbc99bf1a
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jan 23 23:52:37 2018 +0100
winbindd: make use of talloc_zero_array() in wb_lookupsids*()
It just feels better for such a complex function.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13281
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit c376ab29d1d9f4b06fbb3a713029d79ecac80b59)
commit d90f8fee5d10326ff4eb18baaca40660f98627f4
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 2 12:07:11 2018 +0100
s3:cli_lsarpc: use talloc_zero_array() in dcerpc_lsa_lookup_names_generic()
It just feels better for such a complex function.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13281
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 569c910b950df24b22777c545fe9f6427a19b035)
commit 00b55da68802a8ec64a051cc0d0bc928e61f6dbd
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 2 12:07:11 2018 +0100
s3:cli_lsarpc: use talloc_zero_array() in dcerpc_lsa_lookup_sids_generic()
It just feels better for such a complex function.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13281
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 5cae7da1de302b38ee0059590b1e93a3d60ee42c)
commit 41562d1726e0b8d0d92fd07a224beb505e99b6e9
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jan 23 23:52:59 2018 +0100
winbindd: initialize type = SID_NAME_UNKNOWN in wb_lookupsids_single_done()
We check for !NT_STATUS_LOOKUP_ERR(), but wb_lookupsid_recv()
only initializes the results together with NT_STATUS_OK.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13280
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit b5ffa0e21f74fa0c452df38cf50e542eb278562d)
commit 3c426d6eb11a4a1e0e3ad04c0fbd8de0e7a91dd9
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jan 23 14:34:45 2018 +0100
winbindd: don't split the rid for SID_NAME_DOMAIN sids in wb_lookupsids
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13279
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 17c48f26dea5701feed1c24769348f332695391c)
commit d11362948c32ea9b7520a1a66c44472e81403e5c
Author: Volker Lendecke <vl at samba.org>
Date: Fri Jan 19 12:15:58 2018 +0000
vfs_fileid: Fix the 32-bit build
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13305
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit c6999a248ad78f75cbfcc0f461298021b20905b4)
commit e00251410b76d1547a685380e1e0d268b90996cb
Author: Alexander Bokovoy <ab at samba.org>
Date: Tue Oct 24 12:01:39 2017 +0300
mit-kdb: support MIT Kerberos 1.16 KDB API changes
MIT Kerberos 1.16 adds ability to audit local and remote addresses
during AS_REQ processing. As result, audit_as_req callback signature
was changed to include the addresses and KDB API version was increased.
Change mit-kdb code to properly expose audit_as_req signature KDC
expects in 1.16 version. Also update #ifdefs to account for the new
KDB API version.
This commit does not add actual audit of the local and remote IP
addresses, it only makes it possible to compile against MIT Kerberos
1.16.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13304
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jan 19 01:36:22 CET 2018 on sn-devel-144
(cherry picked from commit 7c1c8c68174ed484fe86a0d9e429daad3a47a57d)
commit 6b9c0943b3456807c0e308e2751972bb843501a1
Author: Poornima G <pgurusid at redhat.com>
Date: Thu Feb 22 16:21:35 2018 +0530
vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13297
Pair-Programmed-With: Anoop C S <anoopcs at redhat.com>
Signed-off-by: Poornima G <pgurusid at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Mon Feb 26 20:17:50 CET 2018 on sn-devel-144
(cherry picked from commit 46e6626f73f42c84f254507c3ec2b591e2e732ba)
commit 4d47c72206c0eee737e8aaae6578066defd6b2b6
Author: Sachin Prabhu <sprabhu at redhat.com>
Date: Tue Nov 14 15:51:44 2017 +0530
vfs_glusterfs: Add fallocate support for vfs_glusterfs
Adds fallocate support to the vfs glusterfs plugin.
v2: Add check for glusterfs-api version.
RHBZ: 1478875
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13303
Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jan 17 06:09:29 CET 2018 on sn-devel-144
(cherry picked from commit 0edce86e97a49f4bd79f4431015ac2b788105e46)
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/tests/bind.py | 26 +-
.../ABI/{tevent-0.9.34.sigs => tevent-0.9.36.sigs} | 1 +
lib/tevent/tevent.h | 25 +
lib/tevent/tevent_queue.c | 13 +
lib/tevent/wscript | 2 +-
libcli/security/dom_sid.h | 13 +
libcli/security/util_sid.c | 499 ++++
nsswitch/nsstest.c | 18 +-
python/samba/emulate/traffic_packets.py | 16 +-
python/samba/provision/__init__.py | 16 +
python/samba/tests/dcerpc/raw_protocol.py | 2 +-
python/samba/tests/py_credentials.py | 27 +
selftest/knownfail.d/s3-lsa-server | 1 +
selftest/selftest.pl | 6 +
source3/include/smb_macros.h | 1 +
source3/libsmb/cliconnect.c | 9 +-
source3/modules/vfs_fileid.c | 4 +-
source3/modules/vfs_glusterfs.c | 30 +-
source3/rpc_client/cli_lsarpc.c | 17 +-
source3/rpcclient/cmd_lsarpc.c | 103 +-
source3/winbindd/idmap_ad.c | 11 +
source3/winbindd/wb_dsgetdcname.c | 8 +-
source3/winbindd/wb_lookupsids.c | 16 +-
source3/winbindd/wb_sids2xids.c | 6 +-
source3/winbindd/winbindd.h | 3 +
source3/winbindd/winbindd_ads.c | 23 +
source3/winbindd/winbindd_allocate_gid.c | 6 +-
source3/winbindd/winbindd_allocate_uid.c | 6 +-
source3/winbindd/winbindd_cm.c | 108 +-
source3/winbindd/winbindd_dsgetdcname.c | 6 +-
source3/winbindd/winbindd_dual.c | 285 ++-
source3/winbindd/winbindd_dual_ndr.c | 61 +-
source3/winbindd/winbindd_getgrent.c | 9 +-
source3/winbindd/winbindd_getpwent.c | 6 +-
source3/winbindd/winbindd_idmap.c | 5 +
source3/winbindd/winbindd_irpc.c | 408 +++
source3/winbindd/winbindd_locator.c | 5 +
source3/winbindd/winbindd_proto.h | 3 +-
source3/winbindd/winbindd_setgrent.c | 5 +
source3/winbindd/winbindd_setpwent.c | 5 +
source3/winbindd/winbindd_util.c | 19 +-
source3/wscript | 4 +
source4/auth/ntlm/auth_sam.c | 16 +-
source4/dsdb/common/util_trusts.c | 222 ++
source4/dsdb/samdb/ldb_modules/encrypted_secrets.c | 278 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 12 +-
.../ldb_modules/tests/test_encrypted_secrets.c | 54 +-
source4/dsdb/samdb/ldb_modules/wscript | 22 -
source4/dsdb/samdb/ldb_modules/wscript_build | 1 -
.../dsdb/samdb/ldb_modules/wscript_build_server | 1 -
source4/kdc/mit-kdb/kdb_samba.h | 13 +-
source4/kdc/mit-kdb/kdb_samba_policies.c | 42 +-
source4/kdc/mit-kdb/kdb_samba_principals.c | 2 +-
source4/rpc_server/dcerpc_server.c | 2 +-
source4/rpc_server/lsa/lsa_lookup.c | 2651 ++++++++++++++------
source4/selftest/tests.py | 6 +
source4/torture/drs/python/drs_base.py | 5 +-
source4/torture/drs/python/replica_sync.py | 2 +
source4/torture/drs/python/replica_sync_rodc.py | 156 ++
source4/torture/rpc/lsa_lookup.c | 12 +-
testprogs/blackbox/test_trust_ntlm.sh | 77 +-
61 files changed, 4184 insertions(+), 1227 deletions(-)
copy lib/tevent/ABI/{tevent-0.9.34.sigs => tevent-0.9.36.sigs} (99%)
create mode 100644 selftest/knownfail.d/s3-lsa-server
create mode 100644 source4/torture/drs/python/replica_sync_rodc.py
Changeset truncated at 500 lines:
diff --git a/auth/credentials/tests/bind.py b/auth/credentials/tests/bind.py
index 91e493d..4aa4498 100755
--- a/auth/credentials/tests/bind.py
+++ b/auth/credentials/tests/bind.py
@@ -43,6 +43,7 @@ creds_machine = copy.deepcopy(creds)
creds_user1 = copy.deepcopy(creds)
creds_user2 = copy.deepcopy(creds)
creds_user3 = copy.deepcopy(creds)
+creds_user4 = copy.deepcopy(creds)
class BindTests(samba.tests.TestCase):
@@ -64,7 +65,7 @@ class BindTests(samba.tests.TestCase):
self.config_dn = self.info_dc["configurationNamingContext"][0]
self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn
self.password = "P at ssw0rd"
- self.username = "BindTestUser_" + time.strftime("%s", time.gmtime())
+ self.username = "BindTestUser"
def tearDown(self):
super(BindTests, self).tearDown()
@@ -113,6 +114,7 @@ unicodePwd:: """ + base64.b64encode("\"P at ssw0rd\"".encode('utf-16-le')) + """
expression="(samAccountName=%s)" % self.username)
self.assertEquals(len(ldb_res), 1)
user_dn = ldb_res[0]["dn"]
+ self.addCleanup(delete_force, self.ldb, user_dn)
# do a simple bind and search with the user account in format user at realm
creds_user1.set_bind_dn(self.username + "@" + creds.get_realm())
@@ -138,5 +140,27 @@ unicodePwd:: """ + base64.b64encode("\"P at ssw0rd\"".encode('utf-16-le')) + """
lp=lp, ldap_only=True)
res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+ def test_user_account_bind_no_domain(self):
+ # create user
+ self.ldb.newuser(username=self.username, password=self.password)
+ ldb_res = self.ldb.search(base=self.domain_dn,
+ scope=SCOPE_SUBTREE,
+ expression="(samAccountName=%s)" % self.username)
+ self.assertEquals(len(ldb_res), 1)
+ user_dn = ldb_res[0]["dn"]
+ self.addCleanup(delete_force, self.ldb, user_dn)
+
+ creds_user4.set_username(self.username)
+ creds_user4.set_password(self.password)
+ creds_user4.set_domain('')
+ creds_user4.set_workstation('')
+ print "BindTest (no domain) with: " + self.username
+ try:
+ ldb_user4 = samba.tests.connect_samdb(host, credentials=creds_user4,
+ lp=lp, ldap_only=True)
+ except:
+ self.fail("Failed to connect without the domain set")
+
+ res = ldb_user4.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
TestProgram(module=__name__, opts=subunitopts)
diff --git a/lib/tevent/ABI/tevent-0.9.34.sigs b/lib/tevent/ABI/tevent-0.9.36.sigs
similarity index 99%
copy from lib/tevent/ABI/tevent-0.9.34.sigs
copy to lib/tevent/ABI/tevent-0.9.36.sigs
index 7a6a236..8a579c8 100644
--- a/lib/tevent/ABI/tevent-0.9.34.sigs
+++ b/lib/tevent/ABI/tevent-0.9.36.sigs
@@ -53,6 +53,7 @@ tevent_num_signals: size_t (void)
tevent_queue_add: bool (struct tevent_queue *, struct tevent_context *, struct tevent_req *, tevent_queue_trigger_fn_t, void *)
tevent_queue_add_entry: struct tevent_queue_entry *(struct tevent_queue *, struct tevent_context *, struct tevent_req *, tevent_queue_trigger_fn_t, void *)
tevent_queue_add_optimize_empty: struct tevent_queue_entry *(struct tevent_queue *, struct tevent_context *, struct tevent_req *, tevent_queue_trigger_fn_t, void *)
+tevent_queue_entry_untrigger: void (struct tevent_queue_entry *)
tevent_queue_length: size_t (struct tevent_queue *)
tevent_queue_running: bool (struct tevent_queue *)
tevent_queue_start: void (struct tevent_queue *)
diff --git a/lib/tevent/tevent.h b/lib/tevent/tevent.h
index 7284a85..7bb9c61 100644
--- a/lib/tevent/tevent.h
+++ b/lib/tevent/tevent.h
@@ -1611,6 +1611,9 @@ struct tevent_queue_entry *tevent_queue_add_entry(
* already called tevent_req_notify_callback(), tevent_req_error(),
* tevent_req_done() or a similar function.
*
+ * The trigger function has no chance to see the returned
+ * queue_entry in the optimized case.
+ *
* The request can be removed from the queue by calling talloc_free()
* (or a similar function) on the returned queue entry.
*
@@ -1641,6 +1644,28 @@ struct tevent_queue_entry *tevent_queue_add_optimize_empty(
void *private_data);
/**
+ * @brief Untrigger an already triggered queue entry.
+ *
+ * If a trigger function detects that it needs to remain
+ * in the queue, it needs to call tevent_queue_stop()
+ * followed by tevent_queue_entry_untrigger().
+ *
+ * @note In order to call tevent_queue_entry_untrigger()
+ * the queue must be already stopped and the given queue_entry
+ * must be the first one in the queue! Otherwise it calls abort().
+ *
+ * @note You can't use this together with tevent_queue_add_optimize_empty()
+ * because the trigger function don't have access to the quene entry
+ * in the case of an empty queue.
+ *
+ * @param[in] queue_entry The queue entry to rearm.
+ *
+ * @see tevent_queue_add_entry()
+ * @see tevent_queue_stop()
+ */
+void tevent_queue_entry_untrigger(struct tevent_queue_entry *entry);
+
+/**
* @brief Start a tevent queue.
*
* The queue is started by default.
diff --git a/lib/tevent/tevent_queue.c b/lib/tevent/tevent_queue.c
index 5516c6c..9c3973b 100644
--- a/lib/tevent/tevent_queue.c
+++ b/lib/tevent/tevent_queue.c
@@ -266,6 +266,19 @@ struct tevent_queue_entry *tevent_queue_add_optimize_empty(
trigger, private_data, true);
}
+void tevent_queue_entry_untrigger(struct tevent_queue_entry *entry)
+{
+ if (entry->queue->running) {
+ abort();
+ }
+
+ if (entry->queue->list != entry) {
+ abort();
+ }
+
+ entry->triggered = false;
+}
+
void tevent_queue_start(struct tevent_queue *queue)
{
if (queue->running) {
diff --git a/lib/tevent/wscript b/lib/tevent/wscript
index 2c67f1f..94d190f 100644
--- a/lib/tevent/wscript
+++ b/lib/tevent/wscript
@@ -1,7 +1,7 @@
#!/usr/bin/env python
APPNAME = 'tevent'
-VERSION = '0.9.35'
+VERSION = '0.9.36'
blddir = 'bin'
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index bdcec94..6c3225e 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -62,6 +62,19 @@ extern const struct dom_sid global_sid_Unix_NFS_Groups;
extern const struct dom_sid global_sid_Unix_NFS_Mode;
extern const struct dom_sid global_sid_Unix_NFS_Other;
+enum lsa_SidType;
+
+NTSTATUS dom_sid_lookup_predefined_name(const char *name,
+ const struct dom_sid **sid,
+ enum lsa_SidType *type,
+ const struct dom_sid **authority_sid,
+ const char **authority_name);
+NTSTATUS dom_sid_lookup_predefined_sid(const struct dom_sid *sid,
+ const char **name,
+ enum lsa_SidType *type,
+ const struct dom_sid **authority_sid,
+ const char **authority_name);
+
int dom_sid_compare_auth(const struct dom_sid *sid1,
const struct dom_sid *sid2);
int dom_sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2);
diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index e84cfb4..4e4a8fa 100644
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -434,3 +434,502 @@ bool is_null_sid(const struct dom_sid *sid)
const struct dom_sid null_sid = {0};
return dom_sid_equal(sid, &null_sid);
}
+
+/*
+ * See [MS-LSAT] 3.1.1.1.1 Predefined Translation Database and Corresponding View
+ */
+struct predefined_name_mapping {
+ const char *name;
+ enum lsa_SidType type;
+ struct dom_sid sid;
+};
+
+struct predefined_domain_mapping {
+ const char *domain;
+ struct dom_sid sid;
+ size_t num_names;
+ const struct predefined_name_mapping *names;
+};
+
+/* S-1-${AUTHORITY} */
+#define _SID0(authority) \
+ { 1, 0, {0,0,0,0,0,authority}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}
+/* S-1-${AUTHORITY}-${SUB1} */
+#define _SID1(authority,sub1) \
+ { 1, 1, {0,0,0,0,0,authority}, {sub1,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}
+/* S-1-${AUTHORITY}-${SUB1}-${SUB2} */
+#define _SID2(authority,sub1,sub2) \
+ { 1, 2, {0,0,0,0,0,authority}, {sub1,sub2,0,0,0,0,0,0,0,0,0,0,0,0,0}}
+
+/*
+ * S-1-0
+ */
+static const struct predefined_name_mapping predefined_names_S_1_0[] = {
+ {
+ .name = "NULL SID",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(0, 0), /* S-1-0-0 */
+ },
+};
+
+/*
+ * S-1-1
+ */
+static const struct predefined_name_mapping predefined_names_S_1_1[] = {
+ {
+ .name = "Everyone",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(1, 0), /* S-1-1-0 */
+ },
+};
+
+/*
+ * S-1-2
+ */
+static const struct predefined_name_mapping predefined_names_S_1_2[] = {
+ {
+ .name = "LOCAL",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(2, 0), /* S-1-2-0 */
+ },
+};
+
+/*
+ * S-1-3
+ */
+static const struct predefined_name_mapping predefined_names_S_1_3[] = {
+ {
+ .name = "CREATOR OWNER",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(3, 0), /* S-1-3-0 */
+ },
+ {
+ .name = "CREATOR GROUP",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(3, 1), /* S-1-3-1 */
+ },
+ {
+ .name = "CREATOR OWNER SERVER",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(3, 0), /* S-1-3-2 */
+ },
+ {
+ .name = "CREATOR GROUP SERVER",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(3, 1), /* S-1-3-3 */
+ },
+ {
+ .name = "OWNER RIGHTS",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(3, 4), /* S-1-3-4 */
+ },
+};
+
+/*
+ * S-1-5 only 'NT Pseudo Domain'
+ */
+static const struct predefined_name_mapping predefined_names_S_1_5p[] = {
+ {
+ .name = "NT Pseudo Domain",
+ .type = SID_NAME_DOMAIN,
+ .sid = _SID0(5), /* S-1-5 */
+ },
+};
+
+/*
+ * S-1-5 'NT AUTHORITY'
+ */
+static const struct predefined_name_mapping predefined_names_S_1_5a[] = {
+ {
+ .name = "DIALUP",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 1), /* S-1-5-1 */
+ },
+ {
+ .name = "NETWORK",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 2), /* S-1-5-2 */
+ },
+ {
+ .name = "BATCH",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 3), /* S-1-5-3 */
+ },
+ {
+ .name = "INTERACTIVE",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 4), /* S-1-5-4 */
+ },
+ {
+ .name = "SERVICE",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 6), /* S-1-5-6 */
+ },
+ {
+ .name = "ANONYMOUS LOGON",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 7), /* S-1-5-7 */
+ },
+ {
+ .name = "PROXY",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 8), /* S-1-5-8 */
+ },
+ {
+ .name = "ENTERPRISE DOMAIN CONTROLLERS",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 9), /* S-1-5-9 */
+ },
+ {
+ .name = "SELF",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 10), /* S-1-5-10 */
+ },
+ {
+ .name = "Authenticated Users",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 11), /* S-1-5-11 */
+ },
+ {
+ .name = "RESTRICTED",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 12), /* S-1-5-12 */
+ },
+ {
+ .name = "TERMINAL SERVER USER",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 13), /* S-1-5-13 */
+ },
+ {
+ .name = "REMOTE INTERACTIVE LOGON",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 14), /* S-1-5-14 */
+ },
+ {
+ .name = "This Organization",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 15), /* S-1-5-15 */
+ },
+ {
+ .name = "IUSR",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 17), /* S-1-5-17 */
+ },
+ {
+ .name = "SYSTEM",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 18), /* S-1-5-18 */
+ },
+ {
+ .name = "LOCAL SERVICE",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 19), /* S-1-5-19 */
+ },
+ {
+ .name = "NETWORK SERVICE",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 20), /* S-1-5-20 */
+ },
+ {
+ .name = "WRITE RESTRICTED",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 33), /* S-1-5-33 */
+ },
+ {
+ .name = "Other Organization",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID1(5, 1000), /* S-1-5-1000 */
+ },
+};
+
+/*
+ * S-1-5-32
+ */
+static const struct predefined_name_mapping predefined_names_S_1_5_32[] = {
+ {
+ .name = "BUILTIN",
+ .type = SID_NAME_DOMAIN,
+ .sid = _SID1(5, 32), /* S-1-5-32 */
+ },
+};
+
+/*
+ * S-1-5-64
+ */
+static const struct predefined_name_mapping predefined_names_S_1_5_64[] = {
+ {
+ .name = "NTLM Authentication",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID2(5, 64, 10), /* S-1-5-64-10 */
+ },
+ {
+ .name = "SChannel Authentication",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID2(5, 64, 14), /* S-1-5-64-14 */
+ },
+ {
+ .name = "Digest Authentication",
+ .type = SID_NAME_WKN_GRP,
+ .sid = _SID2(5, 64, 21), /* S-1-5-64-21 */
+ },
+};
+
+/*
+ * S-1-7
+ */
+static const struct predefined_name_mapping predefined_names_S_1_7[] = {
+ {
+ .name = "Internet$",
+ .type = SID_NAME_DOMAIN,
+ .sid = _SID0(7), /* S-1-7 */
+ },
+};
+
+/*
+ * S-1-16
+ */
+static const struct predefined_name_mapping predefined_names_S_1_16[] = {
+ {
+ .name = "Mandatory Label",
+ .type = SID_NAME_DOMAIN,
+ .sid = _SID0(16), /* S-1-16 */
+ },
+ {
+ .name = "Untrusted Mandatory Level",
+ .type = SID_NAME_LABEL,
+ .sid = _SID1(16, 0), /* S-1-16-0 */
+ },
+ {
+ .name = "Low Mandatory Level",
+ .type = SID_NAME_LABEL,
+ .sid = _SID1(16, 4096), /* S-1-16-4096 */
+ },
+ {
+ .name = "Medium Mandatory Level",
+ .type = SID_NAME_LABEL,
+ .sid = _SID1(16, 8192), /* S-1-16-8192 */
+ },
+ {
+ .name = "High Mandatory Level",
+ .type = SID_NAME_LABEL,
+ .sid = _SID1(16, 12288), /* S-1-16-12288 */
+ },
+ {
+ .name = "System Mandatory Level",
+ .type = SID_NAME_LABEL,
+ .sid = _SID1(16, 16384), /* S-1-16-16384 */
+ },
+ {
+ .name = "Protected Process Mandatory Level",
+ .type = SID_NAME_LABEL,
+ .sid = _SID1(16, 20480), /* S-1-16-20480 */
+ },
+};
+
+static const struct predefined_domain_mapping predefined_domains[] = {
+ {
+ .domain = "",
+ .sid = _SID0(0), /* S-1-0 */
+ .num_names = ARRAY_SIZE(predefined_names_S_1_0),
+ .names = predefined_names_S_1_0,
+ },
+ {
+ .domain = "",
+ .sid = _SID0(1), /* S-1-1 */
+ .num_names = ARRAY_SIZE(predefined_names_S_1_1),
+ .names = predefined_names_S_1_1,
+ },
+ {
+ .domain = "",
+ .sid = _SID0(2), /* S-1-2 */
+ .num_names = ARRAY_SIZE(predefined_names_S_1_2),
+ .names = predefined_names_S_1_2,
+ },
+ {
+ .domain = "",
+ .sid = _SID0(3), /* S-1-3 */
+ .num_names = ARRAY_SIZE(predefined_names_S_1_3),
+ .names = predefined_names_S_1_3,
--
Samba Shared Repository
More information about the samba-cvs
mailing list