samba.git/source3/passdb, branch talloc-2.3.2 Unnamed repository; edit this file 'description' to name the repository. Revert "lookup_name: allow lookup for own realm" 2020-11-05T07:53:02+00:00 Alexander Bokovoy ab@samba.org 2020-11-04T17:21:24+00:00 ca07dc775cbf0d6736783ced8d0dfb6ddec8520f This reverts commit f901691209867b32c2d7c5c9274eee196f541654. Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Thu Nov 5 07:53:03 UTC 2020 on sn-devel-184 
This reverts commit f901691209867b32c2d7c5c9274eee196f541654.

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Thu Nov  5 07:53:03 UTC 2020 on sn-devel-184
lookup_name: allow lookup for own realm 2020-11-04T16:23:40+00:00 Alexander Bokovoy ab@samba.org 2020-11-04T12:21:33+00:00 f901691209867b32c2d7c5c9274eee196f541654 When using a security tab in Windows Explorer, a lookup over a trusted forest might come as realm\name instead of NetBIOS domain name: -------------------------------------------------------------------- [2020/01/13 11:12:39.859134, 1, pid=33253, effective(1732401004, 1732401004), real(1732401004, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:471(ndr_print_function_debug) lsa_LookupNames3: struct lsa_LookupNames3 in: struct lsa_LookupNames3 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000e-0000-0000-1c5e-a750e5810000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x001e (30) size : 0x0020 (32) string : * string : 'ipa.test\admins' sids : * sids: struct lsa_TransSidArray3 count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 (6) count : * count : 0x00000000 (0) lookup_options : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0) client_revision : LSA_CLIENT_REVISION_2 (2) -------------------------------------------------------------------- Allow this lookup using realm to be done against primary domain when we are a domain controller. This corresponds to FreeIPA use of Samba as a DC. For normal domain members a realm-based lookup falls back to a lookup over to its own domain controller with the help of winbindd. Refactor user name parsing code to reuse cli_credentials_* API to be consistent with other places. cli_credentials_parse_name() handles both domain and realm-based user name variants. Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Wed Nov 4 16:23:40 UTC 2020 on sn-devel-184 
When using a security tab in Windows Explorer, a lookup over a trusted
forest might come as realm\name instead of NetBIOS domain name:

--------------------------------------------------------------------
[2020/01/13 11:12:39.859134,  1, pid=33253, effective(1732401004, 1732401004), real(1732401004, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:471(ndr_print_function_debug)
       lsa_LookupNames3: struct lsa_LookupNames3
          in: struct lsa_LookupNames3
              handle                   : *
                  handle: struct policy_handle
                      handle_type              : 0x00000000 (0)
                      uuid                     : 0000000e-0000-0000-1c5e-a750e5810000
              num_names                : 0x00000001 (1)
              names: ARRAY(1)
                  names: struct lsa_String
                      length                   : 0x001e (30)
                      size                     : 0x0020 (32)
                      string                   : *
                          string                   : 'ipa.test\admins'
              sids                     : *
                  sids: struct lsa_TransSidArray3
                      count                    : 0x00000000 (0)
                      sids                     : NULL
              level                    : LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 (6)
              count                    : *
                  count                    : 0x00000000 (0)
              lookup_options           : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0)
              client_revision          : LSA_CLIENT_REVISION_2 (2)
--------------------------------------------------------------------

Allow this lookup using realm to be done against primary domain when we
are a domain controller. This corresponds to FreeIPA use of Samba as a
DC. For normal domain members a realm-based lookup falls back to a
lookup over to its own domain controller with the help of winbindd.

Refactor user name parsing code to reuse cli_credentials_* API to be
consistent with other places. cli_credentials_parse_name() handles
both domain and realm-based user name variants.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Nov  4 16:23:40 UTC 2020 on sn-devel-184
auth:creds: Rename CRED_USE_KERBEROS values 2020-11-03T15:25:37+00:00 Andreas Schneider asn@samba.org 2020-08-20T07:40:41+00:00 1298280a22ef7494fb85a6a5953bae15d22fa204 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
 winbindd: allow idmap backends to mark entries with ID_[TYPE_WB_]REQUIRE_TYPE 2020-10-23T03:25:37+00:00 Stefan Metzmacher metze@samba.org 2020-09-15T15:26:11+00:00 493f5d6b078e0b0f80d1ef25043e2834cb4fcb87 This must only be used between winbindd parent and child! It must not leak into outside world. Some backends require ID_TYPE_UID or ID_TYPE_GID as type_hint, while others may only need ID_TYPE_BOTH in order to validate that the domain exists. This will allow us to skip the wb_lookupsids_send/recv in the winbindd parent in future and only do that on demand. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
This must only be used between winbindd parent and child!
It must not leak into outside world.

Some backends require ID_TYPE_UID or ID_TYPE_GID as type_hint,
while others may only need ID_TYPE_BOTH in order to validate that
the domain exists.

This will allow us to skip the wb_lookupsids_send/recv in the winbindd parent
in future and only do that on demand.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
s3:passdb: use ID_TYPE_* instead of WBC_ID_TYPE_* 2020-10-23T03:25:35+00:00 Stefan Metzmacher metze@samba.org 2020-09-15T14:46:44+00:00 58e9b62222ad62c81cdf11d704859a227cb2902b Currently these enums have the same values, but that will change in future. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
Currently these enums have the same values, but that will
change in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
s3: safe_string: do not include string_wrappers.h 2020-08-28T00:56:34+00:00 Matthew DeVore matvore@google.com 2020-08-07T18:17:34+00:00 c2ac923c6a5d089fe110eb3eb6cf78298b46992d Rather than have safe_string.h #include string_wrappers.h, make users of string_wrappers.h include it explicitly. includes.h now no longer includes string_wrappers.h transitively. Still allow includes.h to #include safe_string.h for now so that as many modules as possible get the safety checks in it. Signed-off-by: Matthew DeVore <matvore@google.com> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Rather than have safe_string.h #include string_wrappers.h, make users of
string_wrappers.h include it explicitly.

includes.h now no longer includes string_wrappers.h transitively. Still
allow includes.h to #include safe_string.h for now so that as many
modules as possible get the safety checks in it.

Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Fix a comment typo copied around 2020-08-17T19:35:38+00:00 Volker Lendecke vl@samba.org 2020-08-09T14:14:02+00:00 f05f40316dd95a01d765095f431a652cb548894e Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
lib: relicense smb_strtoul(l) under LGPLv3 2020-08-03T22:21:02+00:00 Ralph Boehme slow@samba.org 2020-07-03T06:11:20+00:00 23274717563b19684c52f8a909f528f608dafd7c Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Aug 3 22:21:04 UTC 2020 on sn-devel-184 
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug  3 22:21:04 UTC 2020 on sn-devel-184
pdb_dsdb: Fix typos 2020-07-02T10:38:34+00:00 Volker Lendecke vl@samba.org 2020-06-25T13:59:48+00:00 9d988ce090fa1755ac203d74b759f210249966ed Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Fix clang 9 missing-field-initializer warnings 2020-05-08T09:31:31+00:00 Gary Lockyer gary@catalyst.net.nz 2020-05-05T01:47:39+00:00 13a2f70a4dd6dd68e0dbd0379d35409c5f100f06 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> 
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>