The branch, master has been updated
via 80b4d50... Revert "Make -k a simple non-bool option."
via 91807d9... s4:auth Error out when a memberOf DN does not have a SID
from 783cd32... s4-smbtorture: add kernel_mode_registry_path().
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 80b4d50603fb54011396f0d868ffc9907247d2af
Author: Andrew Bartlett <[email protected]>
Date: Fri May 21 15:04:36 2010 +1000
Revert "Make -k a simple non-bool option."
This reverts commit 2bbf055dbb15ea99b80ae66adc906ad5494a3999.
This change broke 'make test', because the current syntax is deliberate
and an integral part of how Samba4 uses Kerberos.
If a change like this is to be implemented, then careful review of all
our test scripts must be taken first, and then new options such as
--dont-use-kerberos, --may-use-kerberos and --must-use-kerberos
should be added.
Andrew Bartlett
commit 91807d9dd59b3b99250e5e52f84748710be3c360
Author: Andrew Bartlett <[email protected]>
Date: Fri May 21 15:02:22 2010 +1000
s4:auth Error out when a memberOf DN does not have a SID
We previously segfaulted if this was not the case.
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
source4/auth/sam.c | 21 ++++++++-------------
source4/lib/cmdline/popt_credentials.c | 9 +++++++++
2 files changed, 17 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index d5dc4de..2cc8118 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -308,13 +308,11 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context
*sam_ctx,
int ret;
bool already_there;
struct ldb_dn *dn;
- struct dom_sid *sid;
+ struct dom_sid sid;
TALLOC_CTX *tmp_ctx;
struct ldb_result *res;
NTSTATUS status;
- const struct ldb_val *v;
const struct ldb_message_element *el;
- enum ndr_err_code ndr_err;
if (*res_sids == NULL) {
*num_res_sids = 0;
@@ -322,19 +320,16 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context
*sam_ctx,
tmp_ctx = talloc_new(res_sids_ctx);
- sid = talloc(tmp_ctx, struct dom_sid);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sid, tmp_ctx);
-
dn = ldb_dn_from_ldb_val(tmp_ctx, sam_ctx, dn_val);
if (dn == NULL) {
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- v = ldb_dn_get_extended_component(dn, "SID");
-
- ndr_err = ndr_pull_struct_blob(v, sid, sid,
- (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ status = dsdb_get_extended_dn_sid(dn, &sid, "SID");
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, (__location__ "when parsing DN %s we failed to find or
parse SID component, so we cannot calculate the group token: %s",
+ ldb_dn_get_extended_linearized(tmp_ctx, dn, 1),
+ nt_errstr(status)));
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -344,7 +339,7 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context
*sam_ctx,
} else {
/* This is an O(n^2) linear search */
already_there = sids_contains_sid((const struct dom_sid**)
*res_sids,
- *num_res_sids, sid);
+ *num_res_sids, &sid);
if (already_there) {
return NT_STATUS_OK;
}
@@ -373,7 +368,7 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context
*sam_ctx,
*res_sids = talloc_realloc(res_sids_ctx, *res_sids,
struct dom_sid *, *num_res_sids + 1);
NT_STATUS_HAVE_NO_MEMORY(*res_sids);
- (*res_sids)[*num_res_sids] = talloc_steal(*res_sids, sid);
+ (*res_sids)[*num_res_sids] = talloc_steal(*res_sids, &sid);
++(*num_res_sids);
}
diff --git a/source4/lib/cmdline/popt_credentials.c
b/source4/lib/cmdline/popt_credentials.c
index 384024f..80f71eb 100644
--- a/source4/lib/cmdline/popt_credentials.c
+++ b/source4/lib/cmdline/popt_credentials.c
@@ -103,6 +103,15 @@ static void popt_common_credentials_callback(poptContext
con,
case OPT_KERBEROS:
{
bool use_kerberos = true;
+ /* Force us to only use kerberos */
+ if (arg) {
+ if (!set_boolean(arg, &use_kerberos)) {
+ fprintf(stderr, "Error parsing -k %s\n", arg);
+ exit(1);
+ break;
+ }
+ }
+
cli_credentials_set_kerberos_state(cmdline_credentials,
use_kerberos
? CRED_MUST_USE_KERBEROS
--
Samba Shared Repository
