ldapsam_nua and SAMBA_3_0 CVS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi, i tried a lot of things with the current SAMBA_3_0 today. everything is working fine, except, the ldapsam_nua passdb backend. i've all accounts in the ldap tree and i want to provide 2 machines running FreeBSD. one is used to be the PDC and one the BDC and nothing more. no writing or reading of files only the domain logons. the disadvantage is, that nss_ldap still isn't working with FreeBSD. so i need the ldapsam_nua because i don't want to use NIS or want to put all accounts to the local files too. now i'm a little bit confused because everything i tried ends up with the following message: auth/auth_util.c:get_user_groups_from_local_sam(687) user XXX does not have a unix identity! i searched a little bit in the source (but i'm not a real programmer). normally there should be a message like: user has posixAcccount attributes from 'get_unix_attributes' in pdb_ldap.c but it seemes to me that this function is not invoked, because i get nothing about posix in the logs. and yes, the ldap entry really has posixAccount attributes like uidNumber, gidNumber, homeDirectory, userPassword, gecos ... i don't know how to fix this problem. maybe someone of the core-developers can have a look at this. thanks in advance joerg - -- _/_/_/_/ _/_/_/ _/ _/ _/_/ Joerg Pulz _/ _/_/ _/_/ _/_/ _/ _/ TU Muenchen _/ _/_/ _/ _/_/ _/ _/ ZWE-FRM-II _/_/_/ _/_/_/ _/ _/ _/ _/_/_/ Lichtenbergstrasse 1 _/ _/_/ _/ _/_/ 85747 Garching _/ _/ _/ _/ _/ _/ Tel.: +49 (0)89-289-14708 _/ _/_/ _/ _/ _/_/_/_/ Fax : +49 (0)89-289-14666 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+djevSPOsGF+KA+MRApzmAJ9cnBCEmqZhR1PHjL5+OG630GDxtgCeN25Y klDwFe/2O9iOotfHmN/M9EA= =NzYR -END PGP SIGNATURE-
Memory allocation without check
Hello, in libads of samba 3.0 I have found the following lines where memory is allocated, but there is no check if the allocation failed. Bye and a happy new year Andreas ldap.c line 328 value = talloc_zero(ctx, sizeof(struct berval)); if (in_val-bv_len == 0) return value; value-bv_len = in_val-bv_len; ldap.c line 1545, ret = talloc(mem_ctx, sizeof(char *) * (n+1)); for (i=0;in;i++) { if (pull_utf8_talloc(mem_ctx, ret[i], values[i]) == -1) { return NULL; } } ret[i] = NULL; ldap.c line 1658, (*sids) = talloc(mem_ctx, sizeof(DOM_SID) * i); count = 0; for (i=0; values[i]; i++) { ret = sid_parse(values[i]-bv_val, values[i]-bv_len, (*sids)[count]); if (ret) count++; } ads_struct.c line 44 ret = malloc(len); strlcpy(ret,field, len); krb5_setpw.c line 141 packet-data = (char *)malloc(ap_req-length + cipherpw.length + 6); /* see the RFC for details */ p = packet-data + 2; RSSVAL(p, 0, 0xff80); p += 2; krb5_setpw.c line 403 chpw_rep.data = (char *) malloc(chpw_rep.length); ret = read(sock, chpw_rep.data, chpw_rep.length)
Patch for Smbldap-tools and problems on Samba3.0 a20
Hi, During our test on the the migration from the AS/U /Advanced Server for Unix) based domain to a Samba-ldap based domain, we have found and fixed some bugs on the smbldap tools of Idealx. In attachment you would find the improved tools package. The main changes are: - smbldap-migrate-accounts.pl : the user's rid was added. - smbldap-useradd.pl : improved the PrimaryGroupID setting, added the option for trusting domain add. - smbldap-usermod.pl : fixed the bug on acctFlags setting. - smbldap-groupdel.pl : fixed the problem for group names that included the blank. - smbldap_tools.pm : for all listed above. We are using Samba 3.0 Alpha20 on a RedHat 7.3 system to test our migration and we found that the Samba has some problems to enumerate the domain group´s members. Following were what happened during our test: We logged onto the domain, where the PDC was Samba 3.0 Alpha20, from a NT machine with a normal user samba20, then we connected to a share directory of the PDC using net use After that, we used the windows explorer to access that share directory and tried to view the members of a domain group Gruppo from the security permissions of a directory or a file following the step: Proprieties - Security - Permissions - Add - On the group Gruppo - Members, we got the Access is denied. The user Samba20 is the member of Domain Users group that was mapped also to the unix group. From the debug logs we have seen that the function se_access_check that was called from the _samr_open_group failed due to the mismatch between the access_desired and access_requested, but I think that the user has the right to show the group´s members. Jianliang LU TieSse s.p.a Jianliang Lu E-mail: [EMAIL PROTECTED] Phone: 0125 757061 Mobile: 0333 2839559 smbldap-tools-0.7-2.i386.rpm Description: Binary data
Patch for Smbldap-tools and problems on Samba3.0 a20
Hi, During our test on the the migration from the AS/U /Advanced Server for Unix) based domain to a Samba-ldap based domain, we have found and fixed some bugs on the smbldap tools of Idealx. In attachment you would find the improved tools package. The main changes are: - smbldap-migrate-accounts.pl : the user rid was added - smbldap-useradd.pl : improved the PrimaryGroupID setting, added the option for trusting domain add - smbldap-usermod.pl : fixed the bug on acctFlags setting - smbldap-groupdel.pl : fixed the problem for group names that included the blank - smbldap_tools.pm : for all listed above We are using Samba 3.0 Alpha20 on a RedHat 7.3 system to test our migration and we found that the Samba has some problems to enumerate the domain groups members. Following were what happened during our test: We logged onto the domain, where the PDC was Samba 3.0 Alpha20, from a NT machine with a normal user samba20, then we connected to a share directory of the PDC using net use After that, we used the windows explorer to access that share directory and tried to view the members of a domain group Gruppo from the security permissions of a directory or a file following the step: Proprieties - Security - Permissions - Add - On the group Gruppo - Members, we got the Access is denied. The user Samba20 is the member of Domain Users group that was mapped also to the unix group. From the debug logs we have seen that the function se_access_check that was called from the _samr_open_group failed due to the mismatch between the access_desired and access_requested, but I think that the user has the right to show the groups members. In attchment you would find the debug logs. Jianliang Lu E-mail: [EMAIL PROTECTED] Phone: 0125 757061 Mobile: 0333 2839559 smbldap-tools-0.7-2.i386.rpm Description: Binary data
{ ¼ºÀα¤°í } Ä®¶ó ÇÚµåÆù ¹× PDAÀ» ¹«·á·Î µå¸³´Ï´Ù.
Title: realsex * º» ¸ÞÀÏÀº Á¤º¸Åë½ÅºÎ ±Ç°í»çÇ׿¡ ÀÇ°Å(±¤°í)ÀÓÀ» ¹àÈü´Ï´Ù. Çã¶ô¾øÀÌ È«º¸¸ÞÀÏÀ» º¸³»µå·Á Á˼ÛÇÕ´Ï´Ù. ±ÍÇÏÀÇ E-Mail Àº °Ô½ÃÆÇ µî ÀÎÅÍ³Ý »ó¿¡¼ ¾Ë°Ô µÇ¾úÀ¸¸ç, E-Mail À» Á¦¿ÜÇÑ ¾î¶°ÇÑ Á¤º¸µµ ¾ËÁö ¸øÇÔÀ» ¹àÈü´Ï´Ù. ¼ö½Å°ÅºÎ¸¦ ¿øÇÏ½Ã¸é ¾Æ·¡¿¡¼ ¼ö½Å°ÅºÎ ÇØ ÁÖ¼¼¿ä.°ÅºÎÇϽŠºÐµé¿¡°Ô´Â ´Ù½Ã´Â º¸³»Áö ¾ÊÀ» °ÍÀÔ´Ï´Ù.Á¤º¸¸¦ ¿øÄ¡ ¾Ê´Â ºÐ²²´Â ´ë´ÜÈ÷ ÁË¼Û ÇÕ´Ï´Ù. 16ÈÀ½¸á·Îµð n.topµ¿¿µ»óÁö¿ø ³ë·¡¹æ ±â´É 16ÈÀ½ º§¼Ò¸® 65.000color full Ä÷¯±×·¡ÇÈ ¸Þ´º CDMA2000Áö¿ø 16ÈÀ½¸á·Îµð »çÁø ´Ù¿î·Îµå ±â´É E-mail¼ºñ½º Áõ±Ç °Å·¡ ¹«¼± ÀÎÅÍ³Ý ¼ö½Å°ÅºÎ