1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-07 17:18:11 +03:00
Commit Graph

376 Commits

Author SHA1 Message Date
Volker Lendecke
e190eaa30f winbind: Add idmap_config_int
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2017-03-20 19:36:22 +01:00
Volker Lendecke
66f5e7dbda winbind: Add idmap_config_bool()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2017-03-20 19:36:21 +01:00
Volker Lendecke
1c34166c12 winbind: Add idmap_config_const_string
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2017-03-20 19:36:21 +01:00
Stefan Metzmacher
a860400725 winbindd: remove unused find_root_domain()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2017-03-11 21:05:09 +01:00
Volker Lendecke
431bc966ea winbind: Remove unused wcache_tdc_fetch_domainbysid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-08 00:04:22 +01:00
Volker Lendecke
3a6a7b53af winbind: Pass up args from winbind_dual_SamLogon
We'll need to pass "authoritative" back to the winbind client

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-03-07 09:15:17 +01:00
Stefan Metzmacher
76d9483804 winbindd: find the domain based on the sid within wb_lookupusergroups_send()
That simplifies the potential caller.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-03-06 15:09:18 +01:00
Volker Lendecke
1a12cfbf1f Revert "winbind: Remove wb_lookupusergroups"
This reverts commit c0570e6ae8.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-03-06 15:09:18 +01:00
Volker Lendecke
55321a39bb Revert "winbind: Remove wb_cache_lookup_usergroups"
This reverts commit f83863b4d1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-03-06 15:09:17 +01:00
Volker Lendecke
52105ebaa8 Revert "winbind: Remove wcache_lookup_usergroups"
This reverts commit 876dc28b9c.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-03-06 15:09:17 +01:00
Volker Lendecke
2b722af423 winbind: Remove unused nss_get_info_cached
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-04 12:22:13 +01:00
Volker Lendecke
480c9581a1 winbind: Simplify query_user_list to only return rids
Unfortunately this is a pretty large patch, because many functions
implement this API. The alternative would have been to create a new
backend function, add the new one piece by piece and then remove the
original function.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-04 12:22:13 +01:00
Volker Lendecke
81e5770aee winbind: Make wb_query_user_list just return names
Yes, this compiles. Nobody call this right now. Hold on :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-04 12:22:12 +01:00
Volker Lendecke
876dc28b9c winbind: Remove wcache_lookup_usergroups
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-04 12:22:12 +01:00
Volker Lendecke
f83863b4d1 winbind: Remove wb_cache_lookup_usergroups
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-04 12:22:12 +01:00
Volker Lendecke
c0570e6ae8 winbind: Remove wb_lookupusergroups
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-04 12:22:12 +01:00
Volker Lendecke
bb050bfd88 winbind: Add "expand_local_aliases" to wb_gettoken
I hate passing down booleans, but we have the "domain_groups_only"
parameter in wbcLookupUserSids which we need to keep for API
compatibility. To make sure we use as few code paths as possible, this
basically passes down this flag.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-04 12:22:12 +01:00
Volker Lendecke
81f3400974 winbind: Remove unused wb_cache_query_user
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-04 12:22:12 +01:00
Volker Lendecke
ec62194567 winbind: Remove find_builtin_domain helper function
There was only one caller, and the function was pretty small anyway.

This makes a "git grep find_domain_from" more obvious :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jan  2 21:52:02 CET 2017 on sn-devel-144
2017-01-02 21:52:02 +01:00
Volker Lendecke
7981c6f9b5 winbind: Remove wb_fill_pwent
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-02 18:04:14 +01:00
Volker Lendecke
807f37493d winbind: lookup_usergroups_cached doesn't use the "domain" parameter
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-12-04 16:35:22 +01:00
Christof Schmitt
148f1511b3 winbindd: Make functions in cache_methods non-static
This is in preparation for calling these directly instead of the
domain->methods indirection.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-11 20:15:25 +02:00
Jeremy Allison
1017b22f68 s3: winbind: Trust name2sid mappings from the PAC.
Don't refresh sequence number in parent as the
mapping comes from a trusted DC.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-09-29 22:17:20 +02:00
Christof Schmitt
3d33ebe36b winbindd: Remove unused prototypes for winbindd_group.c
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-04-30 01:01:42 +02:00
Volker Lendecke
10ae56f142 winbind: Add wb_dsgetdcname_gencache_[gs]et
This is a sneaky way to pass the DC info from the parent winbind to children
and other users.

Not sure where exactly to put these routines. For now, put them into the parent
code to find the dcinfo from "our" dc.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-04-15 15:32:11 +02:00
Volker Lendecke
16dc16e904 idmap: Factor out lp_scan_idmap_domains()
This simplifies idmap_found_domain_backend() by moving the regex magic
somewhere else. Also, this routine will be useful soon somewhere else, thus
make it non-static to idmap.c.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-30 14:27:23 +02:00
Michael Adam
fb80e1158b s3:winbindd:idmap: add domain_has_idmap_config() helper function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-17 01:08:32 +01:00
Volker Lendecke
eeb0f3b075 winbind: Remove unused wbint_Gid2Sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-02-22 20:29:15 +01:00
Volker Lendecke
708df7e85c winbind: Remove unused wbint_Uid2Sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-02-22 20:29:15 +01:00
Volker Lendecke
5cd5ce70a1 winbind: Expose WINBINDD_XIDS_TO_SIDS externally
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-02-22 20:29:15 +01:00
Volker Lendecke
e50c1a6648 winbind: Add parse_xidlist()
This will be part of parsing the socket protocols xids2sids request

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-02-22 20:29:15 +01:00
Volker Lendecke
5bb6600110 winbind: Add wb_xids2sids
Async wrapper around wbint_UnixIDs2Sids

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-02-22 20:29:15 +01:00
Volker Lendecke
ad82251c23 winbind: Add some const
This makes source and destination a bit clearer to me

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-02-16 10:50:10 +01:00
Christof Schmitt
e4adf55e24 winbindd: Add retry also for ADS method calls
RPC calls can return IO_DEVICE_ERROR on expired SMB2 sessions. Retrying
on a new connection avoids surfacing this error to winbindd clients.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11670

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-13 00:26:16 +01:00
Uri Simchoni
f065100639 winbindd: add service routines to support a sorted client list
Add some routines that support keeping the client list sorted
(by last access time) and traversing the list from oldest to
newest

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11397

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2015-07-15 22:41:13 +02:00
Richard Sharpe
57568f1900 Convert all uint32/16/8 to _t in a grab-bag of remaining files.
I still need to fix the rpc stuff, but we are almost there.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 14 22:16:56 CEST 2015 on sn-devel-104
2015-05-14 22:16:56 +02:00
Richard Sharpe
704592c14d Last lot of convert uint32 to uint32_t in winbindd, I promise.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May  6 07:03:27 CEST 2015 on sn-devel-104
2015-05-06 07:03:27 +02:00
Michael Adam
81955ebd40 s3:winbind: add wb_query_group_list module - async query group list
Modeled after wb_query_user_list.c

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-16 20:26:51 +01:00
Michael Adam
b3023c7e83 s3:winbind:pwent: move wb_next_domain() to winbindd_util.c for re-use
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-16 20:26:51 +01:00
Stefan Metzmacher
1623992105 s3:winbindd: make open_internal_lsa_conn() non static
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-12 17:13:43 +01:00
Volker Lendecke
5ba377f3df winbind: Make wb_sids2xids_recv work on an array
The trigger for this is that Coverity got confused by the dual use of &xid
as an array with the implicit length equality between wb_sids2xids_send
and the array passed in to wb_sids2xids_recv for the result.

I don't want to start doing things just for the Coverity scan, but this
makes the code clearer to me by removing this implicit expected array
length equality.

Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Mar  7 15:28:59 CET 2015 on sn-devel-104
2015-03-07 15:28:59 +01:00
Andrew Bartlett
91d6f603b1 s3-winbindd: Pass the whole winbindd_domain to invalidate_cm_connection()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-10-08 01:09:50 +02:00
Christof Schmitt
15840955cb windbindd: Make cm_connect_lsa_tcp static
It is only used in winbindd_cm.c

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct  4 02:34:49 CEST 2014 on sn-devel-104
2014-10-04 02:34:48 +02:00
Christof Schmitt
0e3ea71c21 s3-winbindd: Make wcache_sid_to_name static
It is only used in winbindd_cache.c

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-04 00:11:21 +02:00
Günther Deschner
cf0ae511eb s3-winbindd: add wcache_query_user_fullname().
This helper function is used to query the full name of a cached user object (for
further gecos processing).

Thanks to Matt Rogers <mrogers@redhat.com>.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10440

Guenther

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-07-15 16:00:40 +02:00
Andrew Bartlett
af7f88721a winbindd: Use a remote RPC server when we are an RODC when needed
This allows us to operate against the local cache where possible, but
to forward some operations to the read-write DC.

Andrew Bartlett

Change-Id: Idc78ae379a402969381758919fcede17568f094e
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
2014-07-04 02:52:35 +02:00
Andrew Bartlett
ba4467ca65 s3-winbindd: Implement SamLogon IRPC call
We do this by lifting parts of the winbindd_dual_pam_auth_crap() code
into a new helper function winbind_dual_SamLogon().  This allows us to
implement the semantics we need for IRPC, without the artifacts of the
winbindd pipe protocol.

Change-Id: Idb169217e6d68d387c99765d0af7ed394cb5b93a
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 11 12:43:58 CEST 2014 on sn-devel-104
2014-06-11 12:43:58 +02:00
Andrew Bartlett
faa4452df7 s3-winbind rename winbindd_update_rodc_dns to be for more generic irpc
Change-Id: I385ef8bd766848becc42e58694207dc94cd07a89
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-11 10:18:26 +02:00
Andrew Bartlett
223fbdaf38 s3-winbindd: Listen on IRPC and do forwarded DNS updates on an RODC
Change-Id: Ib87933c318f510d95f7008e122216d73803ede68
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-11 10:18:26 +02:00
Andrew Bartlett
cb79cc342e s3-winbindd: Register winbindd with irpc
Change-Id: Ie3c7109fef6982d95e8cad06870334565352e329
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-11 10:18:26 +02:00
Andrew Bartlett
2e961bf598 winbindd: Call set_dc_type_and_flags on the internal domain
This allows the AD DC to be picked up correctly and gives the correct DNS name.

To ensure no confusion, we also always init it with the full DNS name.

It also means that, aside from the BUILTIN domain the initialized
flag is set only in one place, which will help when we add more details
to the domain structure in the future.

This in turn allows kerberos authentication against winbindd on the AD DC.

Andrew Bartlett

Change-Id: Idc829cfe5f2e867c87107b49275b17f294821dcd
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-11 10:18:26 +02:00
Stefan Metzmacher
c3699d1c44 s3:winbindd: avoid argv related const warnings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-04-02 09:03:43 +02:00
Christof Schmitt
f77195ace7 winbind: Make centry_start static
centry_start is only used in winbindd_cache.c

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Fri Nov 15 18:05:41 CET 2013 on sn-devel-104
2013-11-15 18:05:41 +01:00
Andrew Bartlett
e512491552 s3-winbindd: Remove undocumented winbindd:socket dir parameter
This uses the documeted "winbindd socket directory" parameter instead.

This came about due to the merge of the two smb.conf tables in s3 and
s4 for the Samba 4.0 release.  The s4 code used a real parameter,
which caused this to be documented, whereas no automatic procedure
existed to notice the parametric option and the need to document that.
The fact that this was not used consistently in both codebases is one
of the many areas of technical debt we still need to pay off here.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-10-15 10:58:45 +13:00
Andreas Schneider
447ec17a6b s3-winbind: Add functions for domain online/offline handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-11 11:50:08 +02:00
Christof Schmitt
ad1fbe29fb s3-winbindd: Move connection to AD server from idmap_ad
Having this in a common place allows reuse by other idmap modules.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09 06:30:22 +01:00
Christof Schmitt
baf9b78d47 s3-winbindd: Use common helper function for connecting to ADS
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09 06:30:22 +01:00
Christof Schmitt
0c4e467c1c s3-winbindd: Move code for verifying ADS connection to common helper function
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09 06:30:22 +01:00
Michael Adam
729e2c3630 s3:winbindd: factor add_wbint_Principal_to_dict() out of wb_group_members_done()
for later reuse

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-29 21:48:01 +01:00
Volker Lendecke
3e830e44d3 winbind: Use standard tevent_context_init
This makes winbind use epoll instead of poll

Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-18 09:16:58 -08:00
Michael Adam
de2cf94719 s3:winbindd: remove now unused wb_sid2uid and wb_sid2gid modules
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03 08:48:26 +01:00
Michael Adam
4210e08109 s3:winbindd: make idmap_find_domain() static.
idmap_find_domain_with_sid() should be used instead

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03 08:48:24 +01:00
Michael Adam
370d62578d s3:winbindd: add idmap_find_domain_with_sid()
This will return the passdb domain if the given sid is in our sam or builtin
or is the domain sid of those domains. Otherwise it returns the idmap domain
that results from the idmap configuration.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03 08:48:23 +01:00
Michael Adam
8e5ce1e2d5 s3:winbindd: factor winbindd_sids_to_xids into external and internal part
- external part takes winbindd request/reponse structs (with sid strings)
- internal part takes sid lists

The new internal part implements functions wb_sids2xids_* that are
moved into the new module wb_sids2xids.c.

The purpose of this change is to use wb_sids2xids in winbindd_sid_to_uid
and winbindd_sid_to_gid instead of the currently used wb_sid2uid and wb_sid2gid.
We should just have one code path into id mapping and not several that behave
differently.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03 08:48:21 +01:00
Günther Deschner
7bd9a3b86f s3-winbindd: add cm_connect_lsat().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-30 11:49:34 +01:00
Volker Lendecke
cf1d69ae0b s3: Make winbindd_register_handlers static 2012-10-19 21:29:13 +02:00
Christof Schmitt
1bc2f28b94 winbind: Extend wbcAuthenticateUserEx to provide PAC
With this new interface, external applications that have authenticated
to an ADS can pass the PAC from the Kerberos ticket to
wbcAuthenticateUserEx. winbindd decodes and extracts the info3
information for the external application. If winbindd can verify the PAC
signature, the info3 from the PACis also added to the netsamlogon_cache.

The info3 data can be used by the external application to get the uid
and primary gid. The data in netsamlogon_cache allows to retrieve the
complete group list through the NSS function getgrouplist.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-09-20 19:49:32 -07:00
Jeremy Allison
c84e6aebc2 Fix bug #9098 - winbind does not refresh kerberos tickets.
Based on work from Ian Gordon <ian.gordon@strath.ac.uk>.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 21 22:01:15 CEST 2012 on sn-devel-104
2012-08-21 22:01:15 +02:00
Andrew Bartlett
769cee44a2 s3-winbindd: Add stdin handler for winbind
This will help avoid runaway processes in the test env, particularly when
the whole selftest.pl is killed.

Andrew Bartlett
2012-03-04 10:14:34 +01:00
Volker Lendecke
fd65e5eb8c s3: Make winbindd_lookup_names static
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Sep  6 20:03:56 CEST 2011 on sn-devel-104
2011-09-06 20:03:56 +02:00
Volker Lendecke
729d17e725 s3: Convert WINBINDD_WINS_BYNAME to the async API 2011-06-21 14:25:12 +02:00
Volker Lendecke
5a6368f1e2 s3:winbind: Convert WINBINDD_WINS_BYIP to the async API 2011-06-05 12:10:15 +02:00
Jeremy Allison
54727f9316 Remove unused function parse_add_domuser().
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed May  4 20:05:42 CEST 2011 on sn-devel-104
2011-05-04 20:05:42 +02:00
Volker Lendecke
aa5abcaf7e s3: Make winbindd_reinit_after_fork return NTSTATUS 2011-04-29 16:57:37 +02:00
Volker Lendecke
0757688eb3 s3: In winbind, close parent/child sockets
This should further reduce fd load in winbind children
2011-04-29 16:57:36 +02:00
Volker Lendecke
44f7fc4fdf s3: Export WINBINDD_SIDS_TO_XIDS via the winbind pipe
Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-13 14:13:25 -07:00
Volker Lendecke
80f873853f s3: Make idmap_find_domain public
Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-13 14:13:25 -07:00
Volker Lendecke
74ea52e351 s3: Add is_domain_online
Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-13 14:13:25 -07:00
Volker Lendecke
63446c2c2a s3: Add winbindd_lookupsids
Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-13 14:13:24 -07:00
Volker Lendecke
490c52c9fc s3: Add wb_lookupsids
Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-13 14:13:24 -07:00
Volker Lendecke
091fd0f0f7 s3: Add wbint_LookupSids
This will be called from wb_lookupsids to query remote DCs via lsa

Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-13 14:13:24 -07:00
Volker Lendecke
ef9d2b15e0 s3: Make parse_sidlist public
Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-13 14:13:24 -07:00
Günther Deschner
9c6f78aae1 s3: add some forward declarations.
Guenther
2011-04-12 12:20:43 +02:00
Volker Lendecke
d3ba16a500 s3: Remove unused args from nss_get_info_cached 2011-03-06 12:51:01 +01:00
Günther Deschner
ab64634a20 s3-proto: remove some prototypes of non-existing functions.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb 23 15:42:35 CET 2011 on sn-devel-104
2011-02-23 15:42:35 +01:00
Volker Lendecke
9c2fcb689b s3:winbind: Fork multiple children per domain
This makes us scale better with many simultaneous winbind requests,
some of which might be slow.

This implementation breaks offline logons, as the cached credentials are
maintained in a child (this needs fixing). So, if the offline logons are
active, only allow one DC connection.

Probably the offline logon and the scalable file server cases are
separate enough so that this patch is useful even with the restriction.
2011-01-21 13:51:27 +01:00
Volker Lendecke
7f87d58900 s3: Add wbinfo --dc-info
wbinfo --dc-info prints the current DC name and IP address. This helps
diagnosing problems that might happen when a later wbinfo --ping-dc fails.

This patch started out by using the SAF and NBT cache entires, but those are
relatively short-lived. So I decided to invent a new gencache entry with a very
long timeout. We need to go via the gencache because when for some reason a
winbind child process is stuck, we can't query it for the current DC it's
connected to. This must eventually go away again when we have a fully async
winbind.

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Jan 19 08:40:28 CET 2011 on sn-devel-104
2011-01-19 08:40:28 +01:00
Volker Lendecke
a159958065 s3: wcache_invalidate_samlogon only needs the SID 2010-12-19 23:25:06 +01:00
Volker Lendecke
d50829a812 s3: Remove some unused code
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Nov 19 11:21:00 CET 2010 on sn-devel-104
2010-11-19 11:21:00 +01:00
Volker Lendecke
0a19617c97 s3: Move parse_sidlist to the only calling file 2010-11-17 12:17:21 +01:00
Volker Lendecke
705d93d2ad s3: Remove some unused code 2010-11-17 12:17:21 +01:00
Christian Ambach
51ddddfa9f s3:winbind add wcache_tdc_fetch_domainbysid
add a function to lookup a domain in the winbind cache by domain SID
2010-11-08 13:39:51 +01:00
Volker Lendecke
5915d4a0b6 s3: Remove some duplicate prototypes 2010-11-05 15:54:05 +01:00
Andrew Bartlett
170b345e0c s3-auth Use security_token_debug() from common code
This prints the security token including the privileges as strings
instead of just a bitmap.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:04 +00:00
Volker Lendecke
bad98e37e7 s3: Add "smbcontrol winbindd ip-dropped <local-ip>"
This is supposed to improve the winbind reconnect time after an ip address
has been moved away from a box. Any kind of HA scenario will benefit from
this, because winbindd does not have to wait for the TCP timeout to kick in
when a local IP address has been dropped and DC replies are not received
anymore.
2010-09-30 14:30:33 +02:00
Günther Deschner
bf38287c76 s3-winbindd: another attempt to fix the non-ldap build.
Guenther
2010-09-21 00:20:00 -07:00
Björn Jacke
1c82ca01c3 s3/winbind: remove unused winbindd_check_cache_size 2010-09-19 22:58:33 -07:00
Andrew Bartlett
d1bb21b0d5 s3:auth Remove NT_USER_TOKEN
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Andrew Bartlett
4bfc8d3b1a s3-auth Change struct nt_user_token -> struct security_token
This common structure is defined in security.idl

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Andrew Bartlett
4bf783d4d6 s3-auth Change type of num_sids to uint32_t
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.

This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Volker Lendecke
eedf476c24 s3: Remove "mem_ctx" from a few functions 2010-09-09 06:19:25 +02:00
Volker Lendecke
eaf778593f s3: Remove "mem_ctx" from wcache_save_creds() 2010-09-09 06:19:24 +02:00
Volker Lendecke
d38e1d13ea s3: Remove "mem_ctx" from lookup_cached_name() 2010-09-09 06:19:24 +02:00
Volker Lendecke
4e4228bd5d s3: Remove unused arg "user_sid" from winbindd_store_creds
All callers have passed in NULL
2010-09-09 06:19:23 +02:00
Volker Lendecke
7372a50a03 s3: Remove unused winbindd_update_creds_by_sid 2010-09-09 06:19:23 +02:00
Volker Lendecke
a0de3fc690 s3: Remove unused winbindd_dual_show_sequence() 2010-09-09 06:19:23 +02:00
Volker Lendecke
e2b63996e8 s3: Make winbind_add_failed_connection_entry static 2010-09-08 21:10:18 +02:00
Stefan Metzmacher
760948a5d4 s3:winbindd: remove rpc_pipe_client references from winbind_dual_ndr code
metze
2010-08-16 14:30:21 +02:00
Michael Adam
3b56f7f6b5 s3:winbind: remove the method REMOVE_MAPPING from winbind's API
Michael
2010-08-14 02:10:34 +02:00
Michael Adam
474020b1ae s3:winbind: remove the method SET_MAPPING from winbind's API
Michael
2010-08-14 02:10:33 +02:00
Michael Adam
66e67c1bad s3:winbind: remove SET_HWM from winbind's API. 2010-08-14 02:10:31 +02:00
Günther Deschner
e7a6a3ec0d s3: avoid global include of ads.h.
Guenther
2010-08-05 00:32:02 +02:00
Günther Deschner
0da5e15378 s3-winbindd: route samr chgpwd ops for own domain over internal samr pipe as well.
Guenther
2010-07-07 16:49:26 +02:00
Simo Sorce
cbda0369a8 s3:winbindd use common server context functions 2010-06-10 17:30:45 -04:00
Andrew Bartlett
61eb56be4e s3:winbind tidy up connecting the winbind sockets.
By putting this code inline in winbindd_setup_listeners() we remove 2
static variables and simplify the code.

By putting the get_winbind_priv_pipe_dir() in the same file, we allow
it to be reimplemented in s3compat.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-05-31 21:36:55 +02:00
Andrew Bartlett
e5ebc52e9f Revert "s3:winbindd Split helper functions to allow s3compat to call them"
I'm experimenting with a different entry point

This reverts commit f5c0f90da5.
2010-05-31 21:36:55 +02:00
Andrew Bartlett
8d6f88b469 s3:winbind Kill amusing but un-used winbindd_kill_all_clients
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-05-28 18:08:28 +02:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 10:39:59 +02:00
Andrew Bartlett
72e65a0521 s3:winbindd Provide a winbindd_register_handlers() helper function for s3compat
This function provides a useful entry point for s3compat to set things
up in winbindd.

Andrew Bartlett
2010-05-13 10:12:27 +10:00
Andrew Bartlett
f5c0f90da5 s3:winbindd Split helper functions to allow s3compat to call them
This provides a more useful entry point for s3compat.

Andrew Bartlett
2010-05-13 10:12:27 +10:00
Andrew Bartlett
7f70b53dd6 s3:Winbindd Move winbindd_event_context to a different file
This allows this function to be easily replaced in s3compat

Andrew Bartlett
2010-05-13 10:12:26 +10:00
Volker Lendecke
fd3eeb3878 s3: async_domain_request is no longer used 2010-04-25 12:32:02 +02:00
Volker Lendecke
dbb7db6c25 s3: sendto_domain() is lo longer used 2010-04-24 11:12:19 +02:00
Volker Lendecke
f2f0fed8aa s3: Convert WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP to the new async API 2010-04-23 23:41:04 +02:00
Volker Lendecke
56b4aa3266 s3: Move the in-memory ccache to the parent
None of this blocks, so there is no reason to keep this in
a winbind child process
2010-04-19 14:27:24 +02:00
Volker Lendecke
45eeed2893 s3: Convert WINBINDD_PAM_LOGOFF to the new async API 2010-04-19 14:27:20 +02:00
Volker Lendecke
518a4f5423 s3: Convert WINBINDD_PAM_CHAUTHTOK to the new async API 2010-04-19 14:27:20 +02:00
Volker Lendecke
d869e7a0d8 s3: Convert WINBINDD_PAM_AUTH_CRAP to the new async API 2010-04-19 14:27:19 +02:00
Volker Lendecke
61ec0f571a s3: Convert WINBINDD_PAM_AUTH to the new async API 2010-04-19 14:27:19 +02:00
Volker Lendecke
3d5732fc13 s3: Remove the separate "child" argument from setup_domain_child() 2010-04-08 15:12:42 +02:00
Volker Lendecke
6d9b2e62cb s3: Make check_info3_in_group static 2010-03-31 21:03:07 +02:00
Volker Lendecke
cf4a8f7639 s3-winbind: Make append_auth_data() static 2010-03-31 21:03:06 +02:00
Volker Lendecke
89c785c47a s3: Fix a long-standing problem with recycled PIDs
When a samba server process dies hard, it has no chance to clean up its entries
in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb.

For locking.tdb and brlock.tdb Samba is robust by checking every time we read
an entry from the database if the corresponding process still exists. If it
does not exist anymore, the entry is deleted. This is not 100% failsafe though:
On systems with a limited PID space there is a non-zero chance that between the
smbd's death and the fresh access, the PID is recycled by another long-running
process. This renders all files that had been locked by the killed smbd
potentially unusable until the new process also dies.

This patch is supposed to fix the problem the following way: Every process ID
in every database is augmented by a random 64-bit number that is stored in a
serverid.tdb. Whenever we need to check if a process still exists we know its
PID and the 64-bit number. We look up the PID in serverid.tdb and compare the
64-bit number. If it's the same, the process still is a valid smbd holding the
lock. If it is different, a new smbd has taken over.

I believe this is safe against an smbd that has died hard and the PID has been
taken over by a non-samba process. This process would not have registered
itself with a fresh 64-bit number in serverid.tdb, so the old one still exists
in serverid.tdb. We protect against this case by the parent smbd taking care of
deregistering PIDs from serverid.tdb and the fact that serverid.tdb is
CLEAR_IF_FIRST.

CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not
work when all smbds are restarted. For this, "net serverid wipe" has to be run
before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up
sessionid.tdb and connections.tdb.

While there, this also cleans up overloading connections.tdb with all the
process entries just for messaging_send_all().

Volker
2010-03-10 16:07:10 +01:00
Volker Lendecke
5c40aa59d7 s3: Remove unused count_all_current_connections() 2010-02-28 20:45:21 +01:00
Bo Yang
9fed9011ff s3: Don't invalidate cache for uninitialized domains.
Signed-off-by: Bo Yang <boyang@samba.org>
2010-02-09 17:06:14 +08:00
Volker Lendecke
7d18d058a1 s3: Add wbinfo --ccache-save
With this command you can give winbind your password for later use by
the automatic ntlm_auth
2010-01-24 20:32:16 +01:00
Volker Lendecke
22a4a000ce s3: Make free_domain_list() static 2010-01-02 12:09:05 +01:00
Volker Lendecke
d05e17f875 s3: Introduce domain_is_forest_root() helper function
Hopefully this makes the flag tests a bit more understandable
2010-01-02 12:09:05 +01:00
Volker Lendecke
634d084517 s3: Replace IS_DOMAIN_OFFLINE by a function 2009-12-26 12:26:07 +01:00
Volker Lendecke
03617df24d s3: winbindd_cli_state->getgrent_state is no longer used 2009-12-26 12:26:06 +01:00
Volker Lendecke
6dc924fcf3 s3: Remove some unused code 2009-12-23 12:02:19 +01:00
Volker Lendecke
40d4c31999 s3: Remove unused sendto_child() 2009-12-23 11:42:31 +01:00
Volker Lendecke
9b6b01aab6 s3:winbind: Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc
This just does a NULL RPC call through an existing NETLOGON connection. If
someone knows an operation that "just works" and does not return NOT_SUPPORTED,
please tell me :-)
2009-12-21 23:23:52 +01:00
Volker Lendecke
e7468fb129 s3: Shrink winbindd_proto.h a bit 2009-12-21 16:27:20 +01:00
Volker Lendecke
d534a5be49 s3: Remove unused get_sam_group_entries 2009-12-21 16:27:19 +01:00
Volker Lendecke
0a130daf74 s3: Remove unused winbindd_dual_getsidaliases 2009-12-21 16:27:19 +01:00
Volker Lendecke
9568c762ac s3: Remove unused winbindd_dual_getuserdomgroups 2009-12-21 16:27:19 +01:00
Volker Lendecke
958fdaf5c3 s3: Remove unused winbindd_dual_getdcname 2009-12-21 16:27:19 +01:00
Volker Lendecke
4f434e07e9 s3: Remove unused winbindd_dual_lookupname 2009-12-21 16:27:19 +01:00
Volker Lendecke
74b1a026d4 s3: Remove unused winbindd_dual_lookupsid 2009-12-21 16:27:19 +01:00