1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

80 Commits

Author SHA1 Message Date
Volker Lendecke
58f76ab137 winbindd: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-12-20 23:40:25 +01:00
Andrew Bartlett
fc9150dcab winbindd: Do re-connect if the RPC call fails in the passdb case
This is very, very unlikely but possible as in the AD case the RPC server is in
another process that may eventually be able to restart.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-03-24 02:31:15 +01:00
Andrew Bartlett
d418d0ca33 winbindd: Add a cache of the samr and lsa handles for the passdb domain
This domain is very close, in AD DC configurations over a internal ncacn_np pipe
and otherwise in the same process via C linking.  It is however very expensive
to re-create the binding handle per SID->name lookup, so keep a cache.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-03-24 02:31:15 +01:00
Volker Lendecke
3f5fa7c458 Revert "winbind: Remove "lookup_usergroups" winbind method"
This reverts commit b231814c6b.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-03-06 15:09:17 +01:00
Jeremy Allison
e1874bbf26 winbind: Fix CID 1398534 Dereference before null check
Make all query_user_list backends consistent.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jan 13 13:33:37 CET 2017 on sn-devel-144
2017-01-13 13:33:37 +01:00
Volker Lendecke
24a81937d0 winbind: Fix CID 1398531 Resource leak
Not really a leak due to talloc, but this way it's clear

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-11 00:49:22 +01:00
Volker Lendecke
b26ea7ef5e winbind: Avoid a few explicit ZERO_STRUCT calls
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-04 12:22:13 +01:00
Volker Lendecke
480c9581a1 winbind: Simplify query_user_list to only return rids
Unfortunately this is a pretty large patch, because many functions
implement this API. The alternative would have been to create a new
backend function, add the new one piece by piece and then remove the
original function.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-04 12:22:13 +01:00
Volker Lendecke
b231814c6b winbind: Remove "lookup_usergroups" winbind method
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-04 12:22:12 +01:00
Volker Lendecke
241c81b276 winbind: Remove "query_user" backend function
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-04 12:22:12 +01:00
Volker Lendecke
c5b9c58032 lib: Add lib/util_unixsids.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-12-28 20:17:12 +01:00
Volker Lendecke
e8081af2c7 winbind: Fix CID 1035545 Uninitialized scalar variable
In rpc_sequence_number() we always look at *pseq

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed May  6 18:24:01 CEST 2015 on sn-devel-104
2015-05-06 18:24:01 +02:00
Richard Sharpe
57303c30b2 Change all uint32/16/8 to 32_t/16_t/8_t in winbindd.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-04-29 23:42:20 +02:00
Stefan Metzmacher
1623992105 s3:winbindd: make open_internal_lsa_conn() non static
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-12 17:13:43 +01:00
Andrew Bartlett
2e961bf598 winbindd: Call set_dc_type_and_flags on the internal domain
This allows the AD DC to be picked up correctly and gives the correct DNS name.

To ensure no confusion, we also always init it with the full DNS name.

It also means that, aside from the BUILTIN domain the initialized
flag is set only in one place, which will help when we add more details
to the domain structure in the future.

This in turn allows kerberos authentication against winbindd on the AD DC.

Andrew Bartlett

Change-Id: Idc829cfe5f2e867c87107b49275b17f294821dcd
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-11 10:18:26 +02:00
Andrew Bartlett
5a71f46f46 winbindd: Use rpc_pipe_open_interface() so that winbindd uses the correct rpc servers
This means that in the AD DC, we use the AD DC servers, while in the classic DC or file server we continue
to use the built-in SAMR and LSA servers.

Andrew Bartlett

Change-Id: I63b1443f5665016f7fcbed35907ec29d4424ab18
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-04 03:22:26 +02:00
Andrew Bartlett
e85ab68518 winbindd: Remove pointless if statement
Change-Id: I7d2646078f6e7ba596b92da7d37c285d10ad38c0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-04 03:22:26 +02:00
Stefan Metzmacher
8fec421543 samr: don't block the sam sid or the builtin domain sid in sid_to_name
Previously only members of these domains were handled.
But we also need to handle the domain itself.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463

Change-Id: I44f85267eda243d586fffd24a799e153de0ff982
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-02-25 09:17:07 +01:00
Michael Adam
1ee95e4cb1 s3: rename sid_check_is_in_our_domain() to sid_check_is_in_our_sam()
This does not check whether the given sid is in our domain, but
but whether it belongs to the local sam, which is a different
thing on a domain member server.

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 12 18:36:02 CEST 2012 on sn-devel-104
2012-07-12 18:36:02 +02:00
Michael Adam
c43505b621 s3: rename sid_check_is_domain() to sid_check_is_our_sam()
This does not check whether the given sid is the domain sid,
but whether it is the sid of the local sam, which is different
for a domain member server.
2012-07-12 16:43:51 +02:00
Volker Lendecke
d716a9bd06 s3: Fix Coverity ID 242184 Dereference after null check
rpc_query_user unconditionally dereferences user_info if successfull
2012-05-10 09:11:57 +02:00
Volker Lendecke
b72944fea7 s3: Fix two int/enum mixups 2011-08-26 16:36:17 +02:00
Andreas Schneider
eb8a0c7672 s3-winbind: We need to use internal rpc connections in winbind.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-21 09:05:04 -04:00
Andrew Bartlett
9fcc617ff5 s3-auth Use the common auth_session_info
This patch finally has the same structure being used to describe the
authorization data of a user across the whole codebase.

This will allow of our session handling to be accomplished with common code.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:13 +10:00
Andrew Bartlett
f16d8f4eb8 s3-auth Use struct auth3_session_info outside the auth subsystem
This seperation between the structure used inside the auth modules and
in the wider codebase allows for a gradual migration from struct
auth_serversupplied_info -> struct auth_session_info (from auth.idl)

The idea here is that we keep a clear seperation between the structure
before and after the local groups, local user lookup and the session
key modifications have been processed, as the lack of this seperation
has caused issues in the past.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:10 +10:00
Stefan Metzmacher
283f8a7fb5 Revert "s3-winbind: Fix paranoia checks in winbindd_samr.c."
This reverts commit 207a84d725.

This is the wrong fix for the problem, see bug #8215.

metze
2011-06-16 18:41:01 +02:00
Andreas Schneider
207a84d725 s3-winbind: Fix paranoia checks in winbindd_samr.c.
This fixes looking up the correct unix user instead of allocation a new
uid and creating it.

Fix bug #8215 (winbind unix username lookup doesn't work correctly).
(cherry picked from commit 531edfdd19)

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Jun 15 09:56:01 CEST 2011 on sn-devel-104
2011-06-15 09:56:01 +02:00
Günther Deschner
233779cce4 s3-winbindd: remove unused headers.
Guenther
2011-05-02 15:03:44 +02:00
Günther Deschner
9824e2e5ee s3-rpc_client: add and use rpc_client/rpc_client.h.
Guenther
2011-04-13 22:23:59 +02:00
Günther Deschner
7e73214ebf s3-auth: use auth.h where needed.
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
235f148590 s3-passdb: use passdb headers where needed.
Guenther
2011-03-30 01:13:08 +02:00
Günther Deschner
cc94bcb952 s3-winbindd: copy acct_info to wb_acct_info so we dont need passdb for it.
Guenther
2011-03-30 01:13:08 +02:00
Jeremy Allison
bae14fba52 Remove two unused labels.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Mar 29 02:23:02 CEST 2011 on sn-devel-104
2011-03-29 02:23:02 +02:00
Volker Lendecke
fbe19ba398 s3: Fix Coverity ID 2143: DEADCODE
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Mar 28 12:06:19 CEST 2011 on sn-devel-104
2011-03-28 12:06:19 +02:00
Volker Lendecke
05dac2b7e6 s3: Fix Coverity ID 2143: DEADCODE 2011-03-28 11:16:55 +02:00
Volker Lendecke
dd3d6a160c s3: Fix Coverity ID 2144, DEADCODE
We could never have assigned the real value in line 481.

Andreas, please check!
2011-03-16 22:07:24 +01:00
Volker Lendecke
257f0491cb s3: sid->domain_sid in winbindd_samr sam_rids_to_names
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Mar 10 19:33:47 CET 2011 on sn-devel-104
2011-03-10 19:33:46 +01:00
Volker Lendecke
8d0e241530 s3: Fix paranoia check in sam_rids_to_names 2011-03-10 18:48:34 +01:00
Andrew Bartlett
2e69e89456 s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.

The structure is also not ideal for it's current purpose.  Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session.  This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.

(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-22 16:20:10 +11:00
Volker Lendecke
5a0ee95b95 s3: Fix some nonempty blank lines and some typos
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Feb  9 00:01:45 CET 2011 on sn-devel-104
2011-02-09 00:01:45 +01:00
Günther Deschner
04ac046a46 s3-winbind: prefer dcerpc_lsa_X functions in winbindd/winbindd_samr.c.
Guenther
2011-02-02 20:00:59 +01:00
Günther Deschner
58cdc56acc s3-winbind: prefer dcerpc_samr_X functions in winbindd/winbindd_samr.c.
Guenther
2011-02-02 13:30:04 +01:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Simo Sorce
db46b2bdb0 s3-winbindd: Use rpc_open_pipe_interface in winbindd.
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-15 12:53:43 +02:00
Volker Lendecke
4b5e252354 s3: Add "client_id" to pipes_struct 2010-08-18 11:18:23 +02:00
Volker Lendecke
2d3623529f s3: Lift the smbd_messaging_context from rpc_pipe_open_internal 2010-08-08 16:03:15 +02:00
Günther Deschner
690ed0c5e2 s3-rpc: when using rpc_pipe_open_internal, make sure to go through NDR.
Otherwise a lot of information that is usually generated in the ndr_push remains
in an uninitialized state.

Guenther
2010-07-08 16:35:26 +02:00
Simo Sorce
f0b918473d s3:winbindd_samr Do not use static contexts
It is a very bad idea to use a static context within the open function.
Use the memory hierarchy to keep track of a client connection.
2010-07-07 23:45:50 -04:00
Günther Deschner
0da5e15378 s3-winbindd: route samr chgpwd ops for own domain over internal samr pipe as well.
Guenther
2010-07-07 16:49:26 +02:00
Andreas Schneider
2794c5ad24 s3-winbind: Fixed debug messages of open_internal_lsa_pipe(). 2010-07-06 18:38:14 +02:00