1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-17 02:05:21 +03:00

707 Commits

Author SHA1 Message Date
Günther Deschner
531af136f9 s3: remove POLICY_HND.
Guenther
2009-03-18 23:22:29 +01:00
Stefan Metzmacher
93c2057c8b s3:winbindd: accept new connections via fd events
metze
2009-03-18 07:00:42 +01:00
Stefan Metzmacher
3b8dd79f2b s3:winbindd: move non event related code out of process_loop() in the the caller
metze
2009-03-18 07:00:42 +01:00
Stefan Metzmacher
0685031ccf s3:winbindd: remove unused close_winbindd_socket() function
metze
2009-03-18 07:00:41 +01:00
Volker Lendecke
b29c69f459 Fix #6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped members
Thanks to François Legal <devel@thom.fr.eu.org> for reporting this bug
2009-03-17 21:19:32 +01:00
Volker Lendecke
7735650f2e Fix a valgrind error
Found in "make test" -- if we can't connect at all, "cli" is uninitialized
2009-03-17 11:32:23 +01:00
Jeremy Allison
f48a345e4a Remove pwd_cache.c, it was doing nothing. Make user_name, domain, and
password talloc'ed strings within the cli_struct.
Jeremy.
2009-03-13 17:49:24 -07:00
Volker Lendecke
a0a9c5d170 Fix #6167: winbindd -n should disable the winbind idmap cache 2009-03-12 10:20:08 +01:00
Volker Lendecke
b17f9e15ef Make opt_nocache static to winbindd.c 2009-03-12 10:20:08 +01:00
Volker Lendecke
46bcb10b5a Shape up pdb_search a bit by making it a talloc ctx with a destructor 2009-03-07 17:51:21 +01:00
Stefan Metzmacher
589eb81e3f s3:winbindd_cm: remove useless cli_setup_signing_state(*cli, Undefined) call
cli_setup_signing_state() with Undefined is a noop.

metze
2009-03-06 16:37:20 +01:00
Bo Yang
d526d340d8 Fix careless mistake in winbindd_setup_sig_usr2_handler 2009-03-04 17:26:57 -08:00
Bo Yang
deb73e87b2 More fix to initialize idmap statuses 2009-03-02 15:51:55 -08:00
Bo Yang
a54520fd4d Initialize the id_map status in idmap_ldap to avoid surprise 2009-02-27 09:28:46 -08:00
Jeremy Allison
faa1100d22 More warning fixes for Solaris.
Jeremy.
2009-02-23 16:22:43 -08:00
Michael Adam
2feaaa885a s3:winbindd: make do_async_domain() static.
Michael
2009-02-17 18:21:53 +01:00
Dan Sledz
3b8a57e064 s3: Implement wbcGetSidAliases
* Adds wbcGetSidAliases that calls the lookup_useraliases function.
* Updates wbinfo and winbind_util.c to call the new function.
* Also added winbind_get_groups helper function.
2009-02-11 19:39:18 -08:00
Dan Sledz
aed8e9aa0a s3: Implement wbcGetpwsid
* Adds the plumbing required to lookup users by sid into winbind, wbinfo
  and smbd helper lib (winbind_util.c).
* Removes some double declarations of winbind_util.c functions.
* Bumps the winbind protocol version to 21 and the minor version of
  wbclient to 3.
2009-02-11 19:39:15 -08:00
Michael Adam
ecc53d0312 Revert "s3:winbindd_user: create domain connection in winbindd_fill_pwent if necessary."
This reverts commit 487f5e7b4768cfe9e511b0ba56f16c411e21f702.

I was confused about the real meaning of find_domain_from_name_noinit()
vs. find_domain_from_name(). We don't need the connection established
here, just the domain struct which gets initialized by rescan_trusted_domains().

Sorry for the noise.

Michael
2009-02-09 23:30:42 +01:00
Michael Adam
487f5e7b47 s3:winbindd_user: create domain connection in winbindd_fill_pwent if necessary.
Calling find_domain_from_name_noinit() might not be enough here.
This makes winbindd_getpwent() behave the same as winbindd_getgrent().

Michael
2009-02-09 14:05:42 +01:00
Michael Adam
a63f602473 s3:winbindd_user: fix a debug message.
find_domain_from_name_noinit() is no longer called only for
name alias support.

Michael
2009-02-09 14:03:52 +01:00
Kai Blin
c3b9b6c8aa async_sock: Use unix errnos instead of NTSTATUS
This also switches wb_reqtrans to use wbcErr instead of NTSTATUS as it would
be pointless to convert to errno first and to wbcErr later.
2009-02-09 08:36:08 +01:00
Volker Lendecke
4e79ca6161 Fix coverity ID 876 (FORWARD_NULL)
Michael, please check!
2009-02-07 11:10:10 +01:00
Michael Adam
2c1d980abe s3:idmap_tdb2: untangle assignment and check in idmap_tdb2_alloc_load()
Michael
2009-02-06 10:20:08 +01:00
Michael Adam
e0f91c8930 s3:idmap_tdb2: factor lodaing of ranges out into idmap_tdb2_load_ranges()
Michael
2009-02-06 10:20:08 +01:00
Michael Adam
2125777803 s3:idmap_tdb2: move together code that belongs together in idmap_tdb2_alloc_load
Michael
2009-02-06 10:20:08 +01:00
Michael Adam
30d08223e6 s3:idmap_tdb2: streamline idmap_tdb2_sid_to_id,
adding tmp talloc ctx and removing a variable

Michael
2009-02-06 10:20:07 +01:00
Michael Adam
9c626e37cf s3:idmap_tdb: simplify talloc usage with temp context from talloc_stackframe
Michael
2009-02-06 10:20:07 +01:00
Michael Adam
77b4437b12 s3:idmap_tdb: refactor out new function idmap_tdb_load_ranges()
Michael
2009-02-06 10:20:06 +01:00
Michael Adam
e4035ab304 s3:idmap_tdb: use transactions in idmap_tdb_allocate_id()
Michael
2009-02-06 10:20:06 +01:00
Michael Adam
a9184d5c62 s3:idmap_tdb: add tmp talloc ctx to idmap_tdb_sid_to_id and remove an fstring
Michael
2009-02-06 10:20:06 +01:00
Tim Prouty
10e9e95ce8 s3 build: Fix "assignment discards qualifiers from pointer target type" warnings 2009-02-02 00:03:09 -08:00
Dan Sledz
d96248a9b4 Add two new parameters to control how we verify kerberos tickets. Removes lp_use_kerberos_keytab parameter.
The first is "kerberos method" and replaces the "use kerberos keytab"
with an enum.  Valid options are:
secrets only - use only the secrets for ticket verification (default)
system keytab - use only the system keytab for ticket verification
dedicated keytab - use a dedicated keytab for ticket verification.
secrets and keytab - use the secrets.tdb first, then the system keytab

For existing installs:
"use kerberos keytab = yes" corresponds to secrets and keytab
"use kerberos keytab = no" corresponds to secrets only

The major difference between "system keytab" and "dedicated keytab" is
that the latter method relies on kerberos to find the correct keytab
entry instead of filtering based on expected principals.

The second parameter is "dedicated keytab file", which is the keytab
to use when in "dedicated keytab" mode.  This keytab is only used in
ads_verify_ticket.
2009-02-01 20:23:31 -08:00
Michael Adam
d75b3913c9 s3:winbind_group: fix "getent group" to allocate new gids.
"getent group" used to fill the idmap cache with negative
cache entries for unmapped group sids.

Don't pass domain name unconditionally to idmap_sid_to_gid().
idmap_sid_to_gid() only creates new mappings (allocating
idmap backends tdb, tdb2, ldap...) when the domain name passed
in is "".

Note that it is _wrong_ to directly call the idmap_sid_to_gid()
functions here, in the main winbindd. The correct fix would be
to send a sid_to_gid request to winbindd itself, but this needs
more work to prepare the async mechanisms, and we nee a quick
fix for getent passwd now.

Michael
2009-02-02 00:53:05 +01:00
Michael Adam
a0d0519200 s3:winbind_user: fix "getent passwd" to allocate new uids.
"getent passwd" used to fill the idmap cache with negative
cache entries for unmapped user sids.

Don't pass domain name unconditionally to idmap_sid_to_[ug]id().
idmap_sid_to_[ug]id() only creates new mappings (allocating
idmap backends tdb, tdb2, ldap...) when the domain name passed
in is "".

Note that it is _wrong_ to directly call the idmap_sid_to_[ug]id()
functions here, in the main winbindd. The correct fix would be
to send a sid_to_[ug]id request to winbindd itself, but this needs
more work to prepare the async mechanisms, and we nee a quick
fix for getent passwd now.

Michael
2009-02-02 00:53:05 +01:00
Michael Adam
8c57f34b99 s3:winbind_user: move initialization of domain up in winbindd_fill_pwent()
and streamline logic some

Michael
2009-02-02 00:53:04 +01:00
Volker Lendecke
0bd92281e4 Make cli_tcon_andx async 2009-01-30 12:47:59 +01:00
Michael Adam
f2224e53b2 s3:idmap: move IDMAP_VERSION to the idmap tdb backend, where it belogns.
Michael
2009-01-30 00:17:57 +01:00
Michael Adam
1021c752ea s3:winbind: remove prototype for non-existent function from winbind_proto.h
Michael
2009-01-28 12:41:04 +01:00
Michael Adam
59859b547c s3: separate tdb validation code out into its own source file
So this gets now linked only into its single user: winbindd
(needed by winbindd_cache.c)

Michael
2009-01-28 09:43:57 +01:00
Tim Prouty
31e46ff4ac s3: Fix shadowed declaration 2009-01-27 10:37:51 -08:00
Stefan Metzmacher
e6612c99fe s3:winbindd: handle SIG_TERM, SIGHUP, SIGCHLD and SIGUSR2 via tevent
metze
2009-01-27 15:28:08 +01:00
Stefan Metzmacher
cf53e48fec s3:winbindd: we don't need to call message_dispatch() anymore it's event triggered now
metze
2009-01-22 12:37:32 +01:00
Stefan Metzmacher
048f8dba14 s3: always call run_events() before and after sys_select()
And always setup the fd events.

metze
2009-01-22 12:37:29 +01:00
todd stecher
989ad44d32 Memory leaks and other fixes found by Coverity 2009-01-21 17:13:03 -08:00
Stefan Metzmacher
4feafd7c7b s3:idmap_tdb: convert to the dbwrap api
metze
2009-01-19 17:06:41 +01:00
Volker Lendecke
e58a8c169c Fix the same bug as 8b618d0 fixes, this time in winbindd_passdb.c 2009-01-19 11:49:18 +01:00
Michael Adam
edbc7efa35 s3:winbindd: put winbindd_cache.tdb into cache_dir, not lock_dir.
Michael
2009-01-16 01:02:23 +01:00
Michael Adam
39ec8791f8 s3: make better use of ccache by not including version.h in every C-file.
version.h changes rather frequently. Since it is included via includes.h,
this means each C file will be a cache miss. This applies to the following
situations:

* When building a new package with a new Samba version

* building in a git branch after calling mkversion.sh
  after a new commit (i.e. virtually always)

This patch improves the situation in the following way:

* remove inlude "version.h" from includes.h

* Use samba_version_string() instead of SAMBA_VERSION_STRING
  in files that use no other macro from version.h instead of
  SAMBA_VERSION_STRING.

* explicitly include "version.h" in those files that use more
  macros from "version.h" than just SAMBA_VERSION_STRING.

Michael
2009-01-15 22:56:01 +01:00
Bo Yang
e3ef19b9b9 Fix bug in get_dc_name_via_netlogon(), null pointer refrence. 2009-01-14 11:47:45 -08:00