1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

14 Commits

Author SHA1 Message Date
Stefan Metzmacher
6d339b4800 winbindd: remove 'winbind trusted domains only' handling
This parameter is already deprecated in favor of the newer idmap_nss backend.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-01-10 01:01:23 +01:00
Uri Simchoni
c819c7d58f winbindd: queryuser - only get group name if needed
When calculating the user entry for a user, the
primary group id *name* might be needed if it is
part of a home dir / shell template (%g or %G).

Only resolve primary group SID to primary group name
if it is needed, thereby saving a round-trip to the DC
(and better handling situations where it is disconnected).

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-21 19:11:13 +02:00
Volker Lendecke
ece5e67bbc s3:winbind: Use the correct talloc context for user information
This fixes the substitution for 'template homedir'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12699

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Mar 18 19:47:40 CET 2017 on sn-devel-144
2017-03-18 19:47:40 +01:00
Volker Lendecke
bce19a6efe winbind: Restructure wb_getpwsid
This patch moves the responsibility to create a winbind user from the
winbind backends into wb_queryuser.c. The name comes from lsa_lookupsids,
the uid from idmap. If we have a netsamlogon_cache, we get the primary
group sid from there. Without netsamlogon_cache, we default to -513, as
we do right now as default for non-reachable ADS domains anyway. Shell
and homedir default to template. This can all be done in the parent
without contacting any LDAP-related calls and is correct once we have
a netsamlogon_cache.

Once the parent has filled in the userinfo, the idmap child is queried
with the GetNssInfo call, taking the userinfo [in,out]. The child is
free to override the whole thing, something the AD backend will do in
the next patch.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-02 18:04:14 +01:00
Andrew Bartlett
f4ab082d2b librpc/idl: Merge wbint.idl with winbind.idl so we can forward IRPC requests to internal winbind calls
Change-Id: Iba3913d5a1c7f851b93f37e9beb6dbb20fbf7e55
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-11 10:18:26 +02:00
Volker Lendecke
9c2fcb689b s3:winbind: Fork multiple children per domain
This makes us scale better with many simultaneous winbind requests,
some of which might be slow.

This implementation breaks offline logons, as the cached credentials are
maintained in a child (this needs fixing). So, if the offline logons are
active, only allow one DC connection.

Probably the offline logon and the scalable file server cases are
separate enough so that this patch is useful even with the restriction.
2011-01-21 13:51:27 +01:00
Stefan Metzmacher
4f305f438b s3:winbindd: use ndr_wbint_c.h instead of cli_wbint.h
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jan 11 15:40:22 CET 2011 on sn-devel-104
2011-01-11 15:40:21 +01:00
Volker Lendecke
1d5cb5125c s3: Use any_nt_status_not_ok in winbind 2010-10-20 18:09:20 +02:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Stefan Metzmacher
13c744fa30 s3:winbindd: use dcerpc_wbint_* functions instead of rpccli_wbint_*
metze
2010-08-16 14:30:21 +02:00
Volker Lendecke
c4a95f900a s3:winbind: Remove the manual caching for the async wb_ functions
The generic NDR-based cache in winbindd_dual_ndr.c replaces this.
2009-08-27 15:04:09 +02:00
Volker Lendecke
a09b9ed9e2 s3:winbind: Fix the talloc hierarchy in wb_queryuser_done
We need to return state->userinfo beyond the end of wb_queryuser_recv, so the
unmarshalled strings are children of that, not the state that is lost sooner.

Metze, this scheme works fine as long as we only have a single malloc'ed
entity that is returned. I think we need a different scheme in the future
when we might have more than one independent object to be returned.
2009-08-23 10:19:32 +02:00
Volker Lendecke
c6b36ce573 s3:winbind: WINBIND_USERINFO -> wbint_userinfo 2009-08-16 10:38:24 +02:00
Volker Lendecke
7077492778 s3:winbind: Add async wb_queryuser 2009-08-05 03:21:22 -04:00