sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code
66,231 Commits 60 Branches 1,144 Tags 452 MiB
18962ea385
Commit Graph

1195 Commits

Author SHA1 Message Date
Michael Adam
a08e60dd2c s3:idmap: add a debug message to idmap_sid_to_uid 2010-08-14 02:10:36 +02:00
Michael Adam
9ee3134691 s3:idmap: don't call idmap_new_mapping idmap_sid_to_gid 
The setting of a new mapping is moved into the backend code
to achieve atomicity and greater flexibility.

Michael
 2010-08-14 02:10:36 +02:00
Michael Adam
f301ea5977 s3:idmap: don't call idmap_new_mapping idmap_sid_to_unixid. 
The setting of a new mapping is moved into the backend code
to achieve atomicity and greater flexibility.

Michael
 2010-08-14 02:10:36 +02:00
Michael Adam
95b840cbf1 s3:idmap: remove unused method set_id_hwm from idmap API 
Michael
 2010-08-14 02:10:35 +02:00
Michael Adam
3715a1687f s3:idmap: remove unused alloc method get_id_hwm from idmap API 
Michael
 2010-08-14 02:10:35 +02:00
Michael Adam
672ab10ee7 s3:idmap: remove unused method dump_data() from the idmap API 
Michael
 2010-08-14 02:10:35 +02:00
Michael Adam
0f91373156 s3:idmap: remove the remove_mapping method from API and backends 
Michael
 2010-08-14 02:10:34 +02:00
Michael Adam
d888e726a9 s3:idmap: remove unused idmap_remove_mapping(). 
Michael
 2010-08-14 02:10:34 +02:00
Michael Adam
3b56f7f6b5 s3:winbind: remove the method REMOVE_MAPPING from winbind's API 
Michael
 2010-08-14 02:10:34 +02:00
Michael Adam
6740c180e6 s3:idmap: remove unused idmap_set_mapping(). 
Michael
 2010-08-14 02:10:34 +02:00
Michael Adam
474020b1ae s3:winbind: remove the method SET_MAPPING from winbind's API 
Michael
 2010-08-14 02:10:33 +02:00
Michael Adam
806e006288 s3:idmap: remove unused idmap_set_gid_hwm() 
Michael
 2010-08-14 02:10:32 +02:00
Michael Adam
002fe91768 s3:idmap: remove unused idmap_set_uid_hwm() 
Michael
 2010-08-14 02:10:32 +02:00
Michael Adam
66e67c1bad s3:winbind: remove SET_HWM from winbind's API. 2010-08-14 02:10:31 +02:00
Michael Adam
b28371b9a4 s3:idmap_tdb2: fix a debug message 2010-08-14 02:10:29 +02:00
Stefan Metzmacher
7e24d1dd57 s3:winbindd: add wbint dcerpc_binding_handle backend 
metze
 2010-08-12 14:31:22 +02:00
Günther Deschner
be396411a4 s3-winbind: Fix Bug #7568: Make sure cm_connect_lsa_tcp does not reset the secure channel. 
This is an important fix as the following could and is happening:

* winbind authenticates a user via schannel secured netlogon samlogonex call,
current secure channel cred state is stored in winbind state, winbind
sucessfully decrypts session key from the info3

* winbind sets up a new schannel ncacn_ip_tcp lsa pipe (and thereby resets the
secure channel on the dc)

* subsequent samlogonex calls use the new secure channel creds on the dc to
encrypt info3 session key, while winbind tries to use old schannel creds for
decryption

Guenther
 2010-08-09 16:36:22 +02:00
Volker Lendecke
2d3623529f s3: Lift the smbd_messaging_context from rpc_pipe_open_internal 2010-08-08 16:03:15 +02:00
Günther Deschner
257a1f1097 s3-krb5: include krb5pac.h where needed. 
Guenther
 2010-08-06 15:43:37 +02:00
Andreas Schneider
ce2a086119 s3-popt: Only include popt-common.h when needed. 2010-08-05 12:08:31 +02:00
Günther Deschner
c136b84f0d s3-secrets: only include secrets.h when needed. 
Guenther
 2010-08-05 10:12:25 +02:00
Günther Deschner
e7a6a3ec0d s3: avoid global include of ads.h. 
Guenther
 2010-08-05 00:32:02 +02:00
Jeremy Allison
b7f029016a We should be using the winbindd separator in this case, not hardcoding a \\ value. 
Jeremy.
 2010-07-29 13:54:22 -07:00
Jeremy Allison
4f43030482 Fix bug #7589 - ntlm_auth fails to use cached credentials. 
In handling the WINBINDD_PAM_AUTH message winbindd canonicalizes a *copy*
of the mapped username, but fails to canonicalize the actual username
sent to the backend domain process. When "winbind default domain"
is set this can lead to credentials being cached with an index of
user: user, not DOMAIN\user. All other code paths that use
canonicalize_username() (WINBINDD_PAM_CHAUTHTOK, WINBINDD_PAM_LOGOFF)
correctly canonicalize the data sent to the backend. All calls
the can cause credentials to be looked up (PAM_CHAUTHTOK etc.)
correctly call canonicalize_username() to create the credential
lookup key.

Jeremy.
 2010-07-29 12:44:00 -07:00
Andreas Schneider
97dba0c0d9 s3-winbind: Use struct pipes_struct. 2010-07-28 10:39:25 +02:00
Jeremy Allison
cc43f985d1 Second part of fix for bug 7578 - 'net idmap restore' fails to set HWM, causing duplicates. 
Jeremy.
 2010-07-27 00:23:37 -07:00
Justin Maggard
4f01159a31 s3: Fix bug 7578 
Uninitialized variable read in _wbint_SetHWM
 2010-07-27 08:44:25 +02:00
Andreas Schneider
5cefbfef26 s3-rpc_server: Added callbacks for init and shutdown of a rpc service. 
This adds two callback function for each rpc service. One is for
initialisation and the other for shutdown. rpc_<service>_unregister()
needs to be called to execute the shutdown function.
 2010-07-19 12:59:18 +02:00
Simo Sorce
cdcdaaa6dd s3-ntlmssp: Remove ntlmssp_end and let the talloc hierarchy handle it. 
All the members are children of ntlmssp_state anyway.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-19 14:19:47 +10:00
Volker Lendecke
7ac58281ae s3: Remove a direct use of procid_self() 2010-07-18 21:22:41 +02:00
Simo Sorce
100d37fc46 s3-dcerpc: Use DATA_BLOB for pipes_struct input data 
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-07-16 01:51:18 +02:00
Simo Sorce
31b59bbf99 s3-dcerpc: Convert rdata from prs_struct to a simple DATA_BLOB 
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-07-16 01:51:16 +02:00
Andreas Schneider
f85167a161 s3-winbind: Don't cache queries to builtin and own sam domain. 2010-07-13 19:17:41 +02:00
Andreas Schneider
57ebc8af80 s3-winbind: Set status before we leave in some msrpc functions. 2010-07-13 19:17:41 +02:00
Günther Deschner
690ed0c5e2 s3-rpc: when using rpc_pipe_open_internal, make sure to go through NDR. 
Otherwise a lot of information that is usually generated in the ndr_push remains
in an uninitialized state.

Guenther
 2010-07-08 16:35:26 +02:00
Simo Sorce
f0b918473d s3:winbindd_samr Do not use static contexts 
It is a very bad idea to use a static context within the open function.
Use the memory hierarchy to keep track of a client connection.
 2010-07-07 23:45:50 -04:00
Günther Deschner
76a084feee s3-winbindd: Fix child logfile handling which broke with c67cff0372. 
Andreas, please check.

Guenther
 2010-07-07 17:01:09 +02:00
Günther Deschner
0da5e15378 s3-winbindd: route samr chgpwd ops for own domain over internal samr pipe as well. 
Guenther
 2010-07-07 16:49:26 +02:00
Andreas Schneider
44d8c8dbb7 s3-winbind: Handle aliases in rpc_lookup_groupmem(). 2010-07-06 18:38:14 +02:00
Günther Deschner
11ae9aff97 s3-winbind: Fixed the winbind caching. 2010-07-06 18:38:14 +02:00
Andreas Schneider
66fc77e886 s3-winbind: Use same format for all msrpc debug messages. 2010-07-06 18:38:14 +02:00
Andreas Schneider
2794c5ad24 s3-winbind: Fixed debug messages of open_internal_lsa_pipe(). 2010-07-06 18:38:14 +02:00
Andreas Schneider
9d23f8fbc5 s3-winbind: Make sure that the policy handles are closed. 2010-07-06 18:38:13 +02:00
Andreas Schneider
c5cd35658b s3-winbind: Make sure we close all policy handles in sam. 2010-07-06 18:38:13 +02:00
Andreas Schneider
c67cff0372 s3-winbind: Create all logfiles in the same directory. 
If log file is set in the config file, we should create the log files of
the winbind child processes in the same directory.
 2010-07-06 18:38:13 +02:00
Volker Lendecke
60a3cc850a s3: Fix another winbind crash 
This is similar to 09a9cc3, this re-arranges winbindd_ads.c:query_user_list()
so that "ads" is not accessed anymore across a call to nss_get_info_cached()
call which can destroy it behind the scenes.
 2010-07-06 14:21:41 +02:00
Andreas Schneider
3323e88f74 s3-winbind: Rename lookup_groupmem to msrpc_lookup_groupmem. 2010-07-05 15:59:15 +02:00
Andreas Schneider
973ef399e3 s3-winbind: Use rpc_trusted_domains in msrpc. 2010-07-05 15:59:15 +02:00
Andreas Schneider
b4160af736 s3-winbind: Use rpc_trusted_domains in samr. 2010-07-05 15:59:14 +02:00
Andreas Schneider
9c372a145d s3-winbind: Added a common rpc_trusted_domains function. 2010-07-05 15:59:14 +02:00
Andreas Schneider
b8a0b95e74 s3-winbind: Rename common_password_policy to sam_password_policy. 2010-07-05 15:59:14 +02:00
Andreas Schneider
3f2c2c7c70 s3-winbind: Rename common_lockout_policy to sam_lockout_policy. 2010-07-05 15:59:14 +02:00
Andreas Schneider
49dc713957 s3-winbind: Use rpc_sequence_number in msrpc. 2010-07-05 15:59:14 +02:00
Andreas Schneider
eba6ff0c1a s3-winbind: Use rpc_sequence_number in samr. 2010-07-05 15:59:14 +02:00
Andreas Schneider
c4a5fc72c7 s3-winbind: Added a common rpc_sequence_number function. 2010-07-05 15:59:13 +02:00
Andreas Schneider
62038010e0 s3-winbind: Use rpc_lookup_groupmem in samr. 2010-07-05 15:59:13 +02:00
Andreas Schneider
3c06d42bec s3-winbind: Added a common rpc_lookup_groupmem function. 2010-07-05 15:59:13 +02:00
Andreas Schneider
1f2fe8dee9 s3-winbind: Use rpc_lookup_useraliases in msrpc. 2010-07-05 15:59:13 +02:00
Andreas Schneider
aa831374b8 s3-winbind: Use rpc_lookup_useraliases in samr. 2010-07-05 15:59:13 +02:00
Andreas Schneider
73b2f60f6d s3-winbind: Added a common rpc_lookup_useraliases function. 2010-07-05 15:59:12 +02:00
Andreas Schneider
ad8c912563 s3-winbind: Use rpc_lookup_usergroups in msrpc. 2010-07-05 15:59:12 +02:00
Andreas Schneider
c1a6a24a76 s3-winbind: Use rpc_lookup_usergroups in samr. 2010-07-05 15:59:12 +02:00
Andreas Schneider
473d1f1086 s3-winbind: Added a common rpc_lookup_usergroups function. 2010-07-05 15:59:12 +02:00
Andreas Schneider
a3f8bbf3da s3-winbind: Use rpc_query_user in samr. 2010-07-05 15:59:12 +02:00
Andreas Schneider
64f1052c7f s3-winbind: Use rpc_query_user in msrpc. 2010-07-05 15:59:12 +02:00
Andreas Schneider
7d304d7e99 s3-winbind: Added a common rpc_query_user function. 2010-07-05 15:59:11 +02:00
Andreas Schneider
c48d850265 s3-winbind: Use rpc_rids_to_names in samr. 2010-07-05 15:59:11 +02:00
Andreas Schneider
fd79bc9a58 s3-winbind: Added a common rpc_rids_to_names function. 2010-07-05 15:59:11 +02:00
Andreas Schneider
aa745bedd3 s3-winbind: Use rpc_sid_to_name in samr. 2010-07-05 15:59:11 +02:00
Andreas Schneider
506dc899b2 s3-winbind: Added a common rpc_sid_to_name function. 2010-07-05 15:59:11 +02:00
Andreas Schneider
22c9ced119 s3-winbind: Use rpc_name_to_sid in samr. 2010-07-05 15:59:10 +02:00
Andreas Schneider
37dbfaebc7 s3-winbind: Added a common rpc_name_to_sid function. 2010-07-05 15:59:10 +02:00
Andreas Schneider
01730e4b47 s3-winbind: Use rpc_enum_local_groups in samr. 2010-07-05 15:59:10 +02:00
Andreas Schneider
44c6432d64 s3-winbind: Use rpc_enum_local_groups in msrpc. 2010-07-05 15:59:10 +02:00
Andreas Schneider
89c8ef97c4 s3-winbind: Added a common rpc_enum_local_groups function. 2010-07-05 15:59:10 +02:00
Andreas Schneider
8159b1281b s3-winbind: Use rpc_query_user_list in samr. 2010-07-05 15:59:09 +02:00
Andreas Schneider
e44d7e1582 s3-winbind: Use rpc_query_user_list in msrpc. 2010-07-05 15:59:09 +02:00
Andreas Schneider
c83e8cbe4a s3-winbind: Added a common rpc_query_user_list function. 2010-07-05 15:59:09 +02:00
Andreas Schneider
b3f4e18859 s3-winbind: Use rpc_enum_dom_groups in samr. 2010-07-05 15:59:09 +02:00
Andreas Schneider
11610a4e99 s3-winbind: Use rpc_enum_dom_groups in msrpc. 2010-07-05 15:59:09 +02:00
Andreas Schneider
bec184048e s3-winbind: Added a common rpc_enum_dom_groups function. 2010-07-05 15:59:09 +02:00
Andreas Schneider
692cc06f0c s3-winbind: Rename winbindd_rpc.c to winbindd_msrpc.c. 2010-07-05 15:59:08 +02:00
Andreas Schneider
e1c4b5bbe9 s3-winbind: Replace the passdb backend with a samr/lsa based backend. 2010-07-05 15:59:08 +02:00
Andreas Schneider
488badb8ac s3-winbind: Implemented samr backend function common_sequence_number. 2010-07-05 15:59:08 +02:00
Andreas Schneider
645ce68e35 s3-winbind: Implemented samr backend function common_lookup_useraliases. 2010-07-05 15:59:08 +02:00
Andreas Schneider
d92cb43b77 s3-winbind: Implemented samr backend function common_lookup_usergroups. 2010-07-05 15:59:07 +02:00
Andreas Schneider
c60a9e8077 s3-winbind: Implemented samr backend function common_password_policy. 2010-07-05 15:59:07 +02:00
Andreas Schneider
54e8f8bd57 s3-winbind: Implemented samr backend function common_lockout_policy. 2010-07-05 15:59:07 +02:00
Andreas Schneider
de7990bca1 s3-winbind: Implemented samr backend function common_rids_to_names. 2010-07-05 15:59:07 +02:00
Andreas Schneider
79700e690e s3-winbind: Implemented samr backend function common_sid_to_name. 2010-07-05 15:59:07 +02:00
Andreas Schneider
f11648bfd7 s3-winbind: Implemented samr backend function common_name_to_sid. 2010-07-05 15:59:07 +02:00
Andreas Schneider
483d4528d9 s3-winbind: Implemented samr backend function common_enum_local_groups. 2010-07-05 15:59:06 +02:00
Andreas Schneider
47447809c8 s3-winbind: Implemented samr backend function sam_lookup_groupmem. 2010-07-05 15:59:06 +02:00
Andreas Schneider
41939ce32f s3-winbind: Implemented samr backend function sam_trusted_domains. 2010-07-05 15:59:06 +02:00
Andreas Schneider
48147555d2 s3-winbind: Implemented samr backend function sam_query_user. 2010-07-05 15:59:06 +02:00
Andreas Schneider
7ee0ebe406 s3-winbind: Implemented samr backend function sam_enum_dom_groups. 2010-07-05 15:59:05 +02:00
Andreas Schneider
9d0d6ed66f s3-winbind: Implemented samr backend function sam_query_user_list. 2010-07-05 15:59:05 +02:00
Andreas Schneider
cc3d9dd042 s3-winbind: Added a skeleton for samr based functions. 
The goal is to replace the passdb backend later.
 2010-07-05 15:59:05 +02:00
Andreas Schneider
9fa7239907 s3-winbind: Initialize the server_info on winbindd start. 2010-07-05 15:59:05 +02:00
Andreas Schneider
7d013f4065 s3-winbind: Free some memory which isn't needed anymore. 2010-07-05 15:59:04 +02:00
Volker Lendecke
7f0e6df883 s3: Pass the new server_id through reinit_after_fork 2010-07-04 17:29:23 +02:00
Volker Lendecke
b01958b0bd s3: Remove serverid_[de]register_self 
This removes some deep references to procid_self()
 2010-07-04 16:41:14 +02:00
Günther Deschner
d1538add73 s3-nss_info: only include nss_info.h where needed. 
Guenther
 2010-07-01 23:20:40 +02:00
Günther Deschner
04641abb33 s3-libads: move ldap posix schema defines to their own header file. 
Guenther
 2010-07-01 23:20:40 +02:00
Günther Deschner
dff7be8ccb s3-libads: only include libds flags where needed. 
Guenther
 2010-07-01 23:20:40 +02:00
Volker Lendecke
121214df91 s3: More cleanup in winbindd_ads.c:query_user 
We can't ads_msgfree after the ads struct has been killed. Do early returns.
 2010-06-28 14:09:58 +02:00
Volker Lendecke
8707be6d75 s3: Fix a valgrind error 
nss_get_info_cached does not necessarily fill in gid
 2010-06-28 13:54:45 +02:00
Volker Lendecke
09a9cc32ee s3: Re-arrange winbindd_ads.c:query_user 
We can't access the LDAP message after nss_get_info_cached has potentially
destroyed the ads_struct
 2010-06-28 13:54:45 +02:00
Volker Lendecke
a670804579 s3: free -> SAFE_FREE 2010-06-28 13:54:44 +02:00
Volker Lendecke
c79e0c0ce4 s3: Do an early TALLOC_FREE 2010-06-28 13:54:44 +02:00
Volker Lendecke
7cf0443159 s3: Fix a winbind crash 
nss_get_info_cached might deep inside sequence_number() invalidate the
ads_struct without telling its callers.
 2010-06-25 12:54:15 +02:00
Volker Lendecke
a9523f17ea s3: Fix a winbind crash 
nss_get_info_cached might have invalidated "ads" deep inside.
 2010-06-25 12:54:15 +02:00
Volker Lendecke
acf54c37a8 s3-winbind: Make KRB5_EVENT_REFRESH_TIME a function 2010-06-21 17:44:23 +02:00
Michael Adam
3f99ff104a s3:idmap_ldap: remove unreached code (and explicit error return code) 2010-06-21 12:38:25 +02:00
Jeremy Allison
be31b2ba62 Use #defined constant instead of "false" to be clearer about intent. 2010-06-17 12:34:15 -07:00
Simo Sorce
cbda0369a8 s3:winbindd use common server context functions 2010-06-10 17:30:45 -04:00
Andreas Schneider
95047bc717 s3-winbind: Fixed setting default sequence number. 2010-06-09 16:17:46 +02:00
Günther Deschner
bcd4077be6 s3: remove unused librpc/ndr/sid.c. 
Guenther
 2010-06-03 01:07:17 +02:00
Stefan Metzmacher
3f14d03adb s3:winbindd: make sure we only call static_init_idmap once 
metze

Signed-off-by: Michael Adam <obnox@samba.org>
 2010-06-01 10:33:13 +02:00
Andrew Bartlett
e67b0cf603 s3:winbind Ensure we always init idmap_passdb before we use it 
It seems that it is possible for idmap_init_passdb_domain() to be run
before idmap_init_domain(), so ensure we run the static init functions
in both.

Andrew Bartlett

Signed-off-by: Michael Adam <obnox@samba.org>
 2010-06-01 10:33:13 +02:00
Andrew Bartlett
d33c41fbf5 s3:winbindd move reinit_after_fork() back out of winbindd_register_handlers 
This particular init function needs to be done in a native Samba3
build, but it turns out to be difficult for s3compat, which has other
code listening on the sockets.

Andrew Bartlett
 2010-05-31 21:36:56 +02:00
Andrew Bartlett
19f4229fff s3:winbind Make state->mem_ctx a talloc child of state 
This way everything is destoryed at the conclusion of
the connection correctly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2010-05-31 21:36:55 +02:00
Andrew Bartlett
61eb56be4e s3:winbind tidy up connecting the winbind sockets. 
By putting this code inline in winbindd_setup_listeners() we remove 2
static variables and simplify the code.

By putting the get_winbind_priv_pipe_dir() in the same file, we allow
it to be reimplemented in s3compat.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2010-05-31 21:36:55 +02:00
Andrew Bartlett
e5ebc52e9f Revert "s3:winbindd Split helper functions to allow s3compat to call them" 
I'm experimenting with a different entry point

This reverts commit f5c0f90da5.
 2010-05-31 21:36:55 +02:00
Andrew Bartlett
ebae21f023 ntlmssp: Make the ntlmssp.h from source3/ a common header 
The code is not yet in common, but I hope to fix that soon.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-31 15:10:56 +02:00
Günther Deschner
fbb7814f91 s3: only use netlogon/nbt header when needed. 
Guenther
 2010-05-31 11:32:37 +02:00
Günther Deschner
f9f8007361 s3-build: only use ndr_security.h where needed. 
Guenther
 2010-05-31 11:32:37 +02:00
Andrew Bartlett
8d6f88b469 s3:winbind Kill amusing but un-used winbindd_kill_all_clients 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2010-05-28 18:08:28 +02:00
Günther Deschner
2807ab358e s3-samr: move chgpasswd.c out of smbd and into the samr server. 
Guenther
 2010-05-26 22:17:02 +02:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid 
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-21 10:39:59 +02:00
Michael Adam
612a333d65 s3:winbind:idmap_tdb2_set_mapping: untangle assignment from check 2010-05-20 09:18:59 +02:00
Günther Deschner
230b880d14 s3-rpc_client: move protos to cli_lsarpc.h 
Guenther
 2010-05-18 21:42:41 +02:00
Günther Deschner
5ed3654112 s3-rpc_client: move protos to cli_netlogon.h 
Guenther
 2010-05-18 21:42:37 +02:00
Günther Deschner
3f2719c202 s3-rpc_client: move protos to cli_samr.h 
Guenther
 2010-05-18 21:42:32 +02:00
Andrew Bartlett
864a95fd9c s3:winbind use no_srv_register to avoid needing rpc_srv_register 
This pidl attribute avoids the need for this dummy function, which
helps s3compat.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-18 17:17:43 +02:00
Jelmer Vernooij
b8268cf7b0 s3: Remove use of iconv_convenience. 2010-05-18 11:45:31 +02:00
Günther Deschner
1d2dd47d31 s3-crypto: only include crypto headers when crypto is done. 
Guenther
 2010-05-18 00:44:27 +02:00
Günther Deschner
3b529d50be s3-rpc_misc: clean out include/rpc_misc.h. 
Well known rids don't really belong into an rpc header, just use the ones
defined in security.idl.

Guenther
 2010-05-18 00:44:26 +02:00
Günther Deschner
e3bdff3d67 s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain(). 
Guenther
 2010-05-17 12:47:50 +02:00
Günther Deschner
14ac2bb36e s3-winbind: make the getpeername() checks in cm_prepare_connection IPv6 aware. 
Note that this failure was hard to track, as winbind did only log a super helpful
"cm_prepare_connection: Success" debug message.

IPv6 gurus, please check

Successfully tested in two independent IPv6 networks now.

Guenther
 2010-05-17 12:47:34 +02:00
Michael Adam
a15b666438 s3:winbind:idmap_tdb: don't check ranges when an invalid entry was found. 
There is no point in checking the ranges this if the record found had an
invalid/unknown type: the mapping is not filled in. If it were initialized
to some defaults before, the check just might replace the status
NT_STATUS_INTERNAL_DB_ERROR with a NT_STATUS_NONE_MAPPED, which is not
as precise.
 2010-05-17 11:45:31 +02:00
Andrew Bartlett
72e65a0521 s3:winbindd Provide a winbindd_register_handlers() helper function for s3compat 
This function provides a useful entry point for s3compat to set things
up in winbindd.

Andrew Bartlett
 2010-05-13 10:12:27 +10:00
Andrew Bartlett
f5c0f90da5 s3:winbindd Split helper functions to allow s3compat to call them 
This provides a more useful entry point for s3compat.

Andrew Bartlett
 2010-05-13 10:12:27 +10:00
Andrew Bartlett
7f70b53dd6 s3:Winbindd Move winbindd_event_context to a different file 
This allows this function to be easily replaced in s3compat

Andrew Bartlett
 2010-05-13 10:12:26 +10:00
Andrew Bartlett
cdf0704272 s3:winbindd Rename 'children' to 'winbindd_children' and make static 2010-05-13 10:12:26 +10:00
Andrew Bartlett
82fb4ebca7 s3:winbindd Remove call to namecache_enable(). 
This call only prints a DEBUG()

Andrew Bartlett
 2010-05-13 10:12:26 +10:00
Andrew Bartlett
454b0b3f20 s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATA 
All the callers just want the PAC_LOGON_INFO, so search for that in
ads_verify_ticket(), and don't bother the callers with the rest of the
PAC.

This change makes sense on it's own (removing boilerplate wrappers
that just confuse the code), but it also makes it much easier to
implement a matching ads_verify_ticket() function in Samba4 for the
s3compat proposal.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-11 22:52:37 +02:00
Günther Deschner
c6ebab846d s3: only include gen_ndr headers where needed. 
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time
as follows:

ccache build w/o patch
real    4m21.529s
ccache build with patch
real    3m6.402s

pch build w/o patch
real    4m26.318s
pch build with patch
real    3m6.932s

Guenther
 2010-05-06 00:22:59 +02:00
Volker Lendecke
668e28b80e s3: Unify DEBUG_KRB5_TKT_REGAIN and DEBUG_KRB5_TKT_RENEWAL 
I don't think it makes sense to #ifdef this one case separately.

Metze, Bo Yang, please check!
 2010-05-02 15:16:14 +02:00
Volker Lendecke
ef0adbff93 s3: Fix a typo 2010-05-02 15:16:14 +02:00
Volker Lendecke
685b4625bc s3: Fix the code order in append_auth_data 
This is to comply with the comment

"currently, anything from here on potentially overwrites extra_data."

Günther, please check!
 2010-05-02 15:15:56 +02:00
Volker Lendecke
ca860e4279 s3: range-check idmap script output 
Not doing so results in the id mapping succeeding once unchecked and later on
being refused, because when reading from the tdb we do the checks.
 2010-04-29 14:33:08 +02:00
Volker Lendecke
fcdba1b36f s3: Fix an uninitialized variable in idmap_tdb2_sid_to_id() 
When we find an invalid record in the database, there's no point in checking
the non-existing value against the range limits.
 2010-04-29 14:33:08 +02:00
Volker Lendecke
81e75bacd3 s3: Fix some nonempty blank lines 2010-04-29 14:33:07 +02:00
Volker Lendecke
fd3eeb3878 s3: async_domain_request is no longer used 2010-04-25 12:32:02 +02:00
Volker Lendecke
d53e3450c7 s3: Convert add_trusted_domains() to wb_domain_request_send() 2010-04-25 12:32:02 +02:00
Volker Lendecke
d41836fb62 s3: Simplify trustdom_state 
Don't store information explicitly as boolean flags that can be easily
retrieved from the domain when it's actually needed.
 2010-04-25 10:55:19 +02:00
Volker Lendecke
13cdaf9417 s3: Make "struct trustdom_state" its own talloc context 2010-04-25 10:55:19 +02:00
Volker Lendecke
dbb7db6c25 s3: sendto_domain() is lo longer used 2010-04-24 11:12:19 +02:00
Volker Lendecke
7099a3c446 s3: Allow pdb password change using WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP 2010-04-23 23:41:05 +02:00
Volker Lendecke
f43d1827f3 s3: init_dc_connection() can't init for internal domains 
This fixes a crash in winbindd_dual_pam_chng_pswd_auth_crap when given
global_sam_name() in the domain field
 2010-04-23 23:41:04 +02:00
Volker Lendecke
6eec46ec44 s3: replace some data_blob_talloc by data_blob_const 2010-04-23 23:41:04 +02:00
Volker Lendecke
f2f0fed8aa s3: Convert WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP to the new async API 2010-04-23 23:41:04 +02:00
Günther Deschner
4b1dab5b11 s3-winbind: fix setup_domain_child() callers. 
Volker, please check.

Guenther
 2010-04-23 12:17:25 +02:00
Volker Lendecke
c82fd3ed30 s3: Fix a winbind crash when scanning trusts 
add_trusted_domain() for a new domain always needs to be followed by a
setup_domain_child(). This was not always done, in particular not when walking
to the forest root for additional trusts.

This is a minimal patch, we need to fix add_trusted_domain().
 2010-04-23 10:35:52 +02:00
Volker Lendecke
56b4aa3266 s3: Move the in-memory ccache to the parent 
None of this blocks, so there is no reason to keep this in
a winbind child process
 2010-04-19 14:27:24 +02:00
Volker Lendecke
9d0629d155 s3-winbind: Allow changing the password for pdb 2010-04-19 14:27:20 +02:00
Volker Lendecke
45eeed2893 s3: Convert WINBINDD_PAM_LOGOFF to the new async API 2010-04-19 14:27:20 +02:00
Volker Lendecke
518a4f5423 s3: Convert WINBINDD_PAM_CHAUTHTOK to the new async API 2010-04-19 14:27:20 +02:00
Volker Lendecke
d869e7a0d8 s3: Convert WINBINDD_PAM_AUTH_CRAP to the new async API 2010-04-19 14:27:19 +02:00
Volker Lendecke
61ec0f571a s3: Convert WINBINDD_PAM_AUTH to the new async API 2010-04-19 14:27:19 +02:00
Volker Lendecke
cafba3d7a7 winbindd: Fill in num_entries where available 
The server implementation of WINBINDD_LIST_USERS, WINBINDD_LIST_GROUPS and
WINBINDD_LIST_TRUSTDOM knows the number of entries returned.

Bump up the version number so that a newer lib does not rely on something an
older winbind does not do.
 2010-04-19 14:27:18 +02:00
Volker Lendecke
fec712aca5 s3: Add some debug to GETSIDALIASES 2010-04-19 14:27:18 +02:00
Volker Lendecke
058d4a21af s3: Fix indentation in remove_ccache 2010-04-18 15:25:03 +02:00
Volker Lendecke
36e57fa728 s3: Fix a typo in winbindd_ccache_save 2010-04-18 15:25:03 +02:00
Volker Lendecke
577bceb19b s3-winbind: Authenticate SAM users 2010-04-13 21:21:34 +02:00
Karolin Seeger
b0a9e5ba77 s3-winbindd: Fix typo in comment. 
Karolin
 2010-04-13 20:08:22 +02:00
Volker Lendecke
59d68899c4 s3: Use sizeof(chal) instead of a constant 2010-04-11 15:28:39 +02:00
Volker Lendecke
b91484a1a0 s3: Cosmetics -- I could not spot where "chal" was initialized 2010-04-11 11:15:44 +02:00
Volker Lendecke
f73e480e19 s3: Remove domain selection from dual_pam_auth 
We're in a child, the parent already has chosen the domain by
picking the right child to connect to.

Metze, you've done work on winbind lately, so it goes to you:

Please check :-)
 2010-04-10 22:42:25 +02:00
Volker Lendecke
4085e189a1 s3: Check 0 termination in GETALIASES 2010-04-10 17:05:38 +02:00
Volker Lendecke
3d5732fc13 s3: Remove the separate "child" argument from setup_domain_child() 2010-04-08 15:12:42 +02:00
Stefan Metzmacher
eb9b7d0363 s3:winbindd: make "smbcontrol winbindd validate-cache" reliable again 
commit 73577205cf
(s3:winbindd: fix problems with SIGCHLD handling (bug #7317))
broke this.

metze
 2010-04-08 12:48:32 +02:00
Volker Lendecke
3ccecdd650 s3: Fix a cut&paste error in winbindd_list_groups_done 2010-04-05 16:04:03 +02:00
Stefan Metzmacher
e18ddb6036 s3:winbindd: remove unused variables 
metze
 2010-04-01 18:11:25 +02:00
Stefan Metzmacher
73577205cf s3:winbindd: fix problems with SIGCHLD handling (bug #7317) 
The main problem is that we call CatchChild() within the
parent winbindd, which overwrites the signal handler
that was registered by winbindd_setup_sig_chld_handler().

That means winbindd_sig_chld_handler() and winbind_child_died()
are never triggered when a winbindd domain child dies.
As a result will get "broken pipe" for all requests to that domain.

To reduce the risk of similar bugs in future we call
CatchChild() in winbindd_reinit_after_fork() now.

We also use a full winbindd_reinit_after_fork() in the
cache validation child now instead instead of just resetting
the SIGCHLD handler by hand. This will also fix possible
tdb problems on systems without pread/pwrite and disabled mmap
as we now correctly reopen the tdb handle for the child.

metze
 2010-04-01 17:25:11 +02:00
Volker Lendecke
3475c61179 s3: Ensure NULL termination before printing in winbindd_pam_logoff 2010-04-01 16:34:01 +02:00
Volker Lendecke
64c564291d s3: Fix a typo in winbindd_pam_logoff 2010-04-01 15:14:09 +02:00
Stefan Metzmacher
a2411c5708 s3:winbindd: correctly invalidate the cached connection 
There're maybe additional TCP connection for ncacn_ip_tcp.

metze
 2010-04-01 13:01:27 +02:00
Stefan Metzmacher
0f95d00f49 s3:winbindd: only set child_domain in the child 
metze
 2010-04-01 13:01:26 +02:00
Stefan Metzmacher
d930904b99 s3:winbindd: make sure we don't try rpc requests against unaccessable domains 
This makes sure we don't crash while trying to dereference domain->conn.cli->foo
while trying to establish a rpc connection to the server.

metze
 2010-04-01 13:01:26 +02:00
Volker Lendecke
658dc77446 s3: fix a typo in winbind_client_response_written 2010-04-01 12:56:54 +02:00
Volker Lendecke
0e3f031e59 s3: Fix an error message in winbindd_pam_chauthtok() 2010-03-31 22:07:39 +02:00
Volker Lendecke
15d58f688f s3: Ensure null termination in winbindd_pam_chauthtok() 2010-03-31 22:07:38 +02:00
Volker Lendecke
6d9b2e62cb s3: Make check_info3_in_group static 2010-03-31 21:03:07 +02:00
Volker Lendecke
cf4a8f7639 s3-winbind: Make append_auth_data() static 2010-03-31 21:03:06 +02:00
Stefan Metzmacher
4c6cde99c0 s3:winbindd: correctly retry if the netlogon pipe gets disconnected during a logon call 
This fixes hopefully the last part of bug #7295.

metze
 2010-03-29 22:15:13 +02:00
Stefan Metzmacher
6bd5a2a373 s3:winbindd_reconnect: don't only reconnect on NT_STATUS_UNSUCCESSFUL 
metze
 2010-03-29 18:11:19 +02:00
Stefan Metzmacher
94a4bcd2f0 s3:winbindd_cm: invalidate connection if cm_connect_netlogon() fails 
metze
 2010-03-29 18:11:18 +02:00
Stefan Metzmacher
4f391fedac s3:winbindd: consistently use TALLOC_FREE(conn->foo_pipe) is we create a new connection 
metze
 2010-03-29 18:11:18 +02:00