1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

101 Commits

Author SHA1 Message Date
Andreas Schneider
659dd65f8f winbind: Correctly use names in the domain struct.
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-03-05 23:29:29 +01:00
Andreas Schneider
14bae61ba3 winbind: Use talloc for allocating domain, dns, forest and dc name.
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-03-05 23:29:11 +01:00
Andreas Schneider
df0f59f66c winbind: Make the code more readable in trustdom_list_done().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>

Autobuild-User(master): Jim McDonough <jmcd@samba.org>
Autobuild-Date(master): Fri Dec  7 22:38:43 CET 2012 on sn-devel-104
2012-12-07 22:38:43 +01:00
Michael Adam
3f0c31fbd3 s3:winbindd:util: add a comment explaining the function parse_sidlist()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03 08:48:20 +01:00
Sumit Bose
8e53b9dd51 s3-winbindd: Allow DNS resolution of trusted domains if DNS name is avaliable
Signed-off-by: Günther Deschner <gd@samba.org>
2012-09-28 22:44:08 +02:00
Jeremy Allison
b70f23c2b5 Correctly check for errors in strlower_m() returns. 2012-08-09 12:08:18 -07:00
Jeremy Allison
526e875cec Check error returns from strupper_m() (in all reasonable places). 2012-08-09 12:06:54 -07:00
Andreas Schneider
a256d61c50 s3-winbind: Fix bug #9052 resolving our own "Domain Local" groups.
We don't resolve our own "Domain Local" groups since bug #7843 has been
fixed. So we need to add the add resource groups to the sid list too.

Before bug #7843 the "Domain Local" groups were added with a
lookupuseraliases call, but this isn't done anymore for our domain
so we need to resolve resource groups here.

When to use Resource Groups:
http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx

Signed-off-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 23 22:12:30 CEST 2012 on sn-devel-104
2012-07-23 22:12:29 +02:00
Rusty Russell
2314c60629 source3/winbindd/winbindd_util.c: fix stackframe leak
winbindd_can_contact_domain() doesn't always free its stackframe.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-07-18 05:01:31 +09:30
Michael Adam
1ee95e4cb1 s3: rename sid_check_is_in_our_domain() to sid_check_is_in_our_sam()
This does not check whether the given sid is in our domain, but
but whether it belongs to the local sam, which is a different
thing on a domain member server.

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 12 18:36:02 CEST 2012 on sn-devel-104
2012-07-12 18:36:02 +02:00
Michael Adam
c43505b621 s3: rename sid_check_is_domain() to sid_check_is_our_sam()
This does not check whether the given sid is the domain sid,
but whether it is the sid of the local sam, which is different
for a domain member server.
2012-07-12 16:43:51 +02:00
Andrew Bartlett
ad0a07c531 s3-talloc Change TALLOC_ZERO_P() to talloc_zero()
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_P isn't standard talloc.
2011-06-09 12:40:08 +02:00
Günther Deschner
0a3fadc707 s3-winbind: always use samlogon cache for wbinfo -r, even when caching is
disabled.

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Jun  8 17:45:56 CEST 2011 on sn-devel-104
2011-06-08 17:45:56 +02:00
Günther Deschner
ae6a779bf9 s3-winbindd: make sure we obey the -n switch also for samlogon cache access.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Jun  8 14:44:31 CEST 2011 on sn-devel-104
2011-06-08 14:44:31 +02:00
Jeremy Allison
54727f9316 Remove unused function parse_add_domuser().
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed May  4 20:05:42 CEST 2011 on sn-devel-104
2011-05-04 20:05:42 +02:00
Volker Lendecke
74ea52e351 s3: Add is_domain_online
Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-13 14:13:25 -07:00
Volker Lendecke
ef9d2b15e0 s3: Make parse_sidlist public
Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-13 14:13:24 -07:00
Günther Deschner
235f148590 s3-passdb: use passdb headers where needed.
Guenther
2011-03-30 01:13:08 +02:00
Günther Deschner
34722c72f6 pam: share pam errors in a common location.
Guenther
2011-02-08 14:05:36 +01:00
Volker Lendecke
9c2fcb689b s3:winbind: Fork multiple children per domain
This makes us scale better with many simultaneous winbind requests,
some of which might be slow.

This implementation breaks offline logons, as the cached credentials are
maintained in a child (this needs fixing). So, if the offline logons are
active, only allow one DC connection.

Probably the offline logon and the scalable file server cases are
separate enough so that this patch is useful even with the restriction.
2011-01-21 13:51:27 +01:00
Volker Lendecke
d50829a812 s3: Remove some unused code
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Nov 19 11:21:00 CET 2010 on sn-devel-104
2010-11-19 11:21:00 +01:00
Andrew Bartlett
a879a4610d libcli/auth Merge source4/libcli/security and util_sid.c into the common code
This should ensure we only have one copy of these core functions
in the tree.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:05 +00:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Günther Deschner
4dbd743e46 s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.
Guenther
2010-09-20 14:04:37 -07:00
Andrew Bartlett
4bf783d4d6 s3-auth Change type of num_sids to uint32_t
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.

This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Günther Deschner
c136b84f0d s3-secrets: only include secrets.h when needed.
Guenther
2010-08-05 10:12:25 +02:00
Günther Deschner
11ae9aff97 s3-winbind: Fixed the winbind caching. 2010-07-06 18:38:14 +02:00
Andrew Bartlett
61eb56be4e s3:winbind tidy up connecting the winbind sockets.
By putting this code inline in winbindd_setup_listeners() we remove 2
static variables and simplify the code.

By putting the get_winbind_priv_pipe_dir() in the same file, we allow
it to be reimplemented in s3compat.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-05-31 21:36:55 +02:00
Andrew Bartlett
8d6f88b469 s3:winbind Kill amusing but un-used winbindd_kill_all_clients
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-05-28 18:08:28 +02:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 10:39:59 +02:00
Volker Lendecke
d53e3450c7 s3: Convert add_trusted_domains() to wb_domain_request_send() 2010-04-25 12:32:02 +02:00
Volker Lendecke
d41836fb62 s3: Simplify trustdom_state
Don't store information explicitly as boolean flags that can be easily
retrieved from the domain when it's actually needed.
2010-04-25 10:55:19 +02:00
Volker Lendecke
13cdaf9417 s3: Make "struct trustdom_state" its own talloc context 2010-04-25 10:55:19 +02:00
Günther Deschner
4b1dab5b11 s3-winbind: fix setup_domain_child() callers.
Volker, please check.

Guenther
2010-04-23 12:17:25 +02:00
Volker Lendecke
c82fd3ed30 s3: Fix a winbind crash when scanning trusts
add_trusted_domain() for a new domain always needs to be followed by a
setup_domain_child(). This was not always done, in particular not when walking
to the forest root for additional trusts.

This is a minimal patch, we need to fix add_trusted_domain().
2010-04-23 10:35:52 +02:00
Volker Lendecke
3d5732fc13 s3: Remove the separate "child" argument from setup_domain_child() 2010-04-08 15:12:42 +02:00
Volker Lendecke
a66341b993 s3: simplify find_root_domain, find_our_domain() never fails 2010-01-02 12:09:05 +01:00
Volker Lendecke
133f023d58 s3: Use global_sid_Builtin in find_builtin_domain 2010-01-02 12:09:05 +01:00
Volker Lendecke
92345f49e3 s3: Avoid adding a domain twice
If we found a match with sid==NULL, we ended up adding the domain twice
2010-01-02 12:09:05 +01:00
Volker Lendecke
22a4a000ce s3: Make free_domain_list() static 2010-01-02 12:09:05 +01:00
Volker Lendecke
d05e17f875 s3: Introduce domain_is_forest_root() helper function
Hopefully this makes the flag tests a bit more understandable
2010-01-02 12:09:05 +01:00
Volker Lendecke
634d084517 s3: Replace IS_DOMAIN_OFFLINE by a function 2009-12-26 12:26:07 +01:00
Volker Lendecke
03617df24d s3: winbindd_cli_state->getgrent_state is no longer used 2009-12-26 12:26:06 +01:00
Volker Lendecke
6dc924fcf3 s3: Remove some unused code 2009-12-23 12:02:19 +01:00
Steven Danneman
5469866242 s3/winbindd: Remove unnecessary check for NULL SID
There's a known bug in some Windows implementations of
DsEnumerateDomainTrusts() where domain SIDs are not returned for
transitively trusted domains within the same forest.

Jerry originally worked around this in the winbindd parent by checking
for S-0-0 and converting it to S-1-0 in 8b0fce0b.  Guenter later moved
these checks into the child process in commit 3bdfcbac making the
initial patch unecessary.

I've removed it and added a clarifying comment to the child process.

If ever this SID is needed we could add an extra DsEnumerateDomainTrusts()
call in trusted_domains() as suggested by the Microsoft KB.
2009-08-26 16:34:09 -07:00
Volker Lendecke
1603c608c9 s3:winbind: Even on a domain controller, "our" domain is internal
It happens to be what we also share out via NETLOGON/SAMR, but winbind has
direct access to it via the passdb domain methods
2009-08-23 10:19:32 +02:00
Volker Lendecke
963419be1b s3:winbind: For internal domains it is pointless to connect to a DC 2009-08-23 10:19:32 +02:00
Volker Lendecke
886e183b0e s3:winbind: Add const to normalize_name_map 2009-08-16 12:38:19 +02:00
Volker Lendecke
4f147388c0 Refactor 9b78af1f: Fix lookupname recursion
Pass a "flags" argument instead of the original winbind command down the
name_to_sid chain. This way we are independent of the winbind commands and
can take the decision at a much higher level
2009-08-02 11:24:48 +02:00
Volker Lendecke
ac94a8b0e3 Place a comment correctly 2009-08-01 10:33:15 +02:00