1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

25 Commits

Author SHA1 Message Date
Andreas Schneider
83b58255ed s3:winbindd: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-07-19 09:58:37 +00:00
Samuel Cabrero
3250de22ed s3:winbind: Move imessaging context init function to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-08 20:13:37 +00:00
Stefan Metzmacher
0558736149 CVE-2020-25717: s3:winbindd: make sure we default to r->out.authoritative = true
We need to make sure that temporary failures don't trigger a fallback
to the local SAM that silently ignores the domain name part for users.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-11-09 19:45:32 +00:00
Volker Lendecke
d82acf7685 lib: give global_contexts.c its own header file
It's a bit shocking how many references we have to global
contexts. Make this a bit more obvious.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-08 20:31:33 +00:00
Stefan Metzmacher
2f2da0966b winbindd_irpc: remove unused winbind_DsrUpdateReadOnlyServerDnsRecords from wb_irpc_forward_state
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-14 02:18:28 +01:00
Volker Lendecke
58f76ab137 winbindd: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-12-20 23:40:25 +01:00
Christof Schmitt
ae7db3e543 s3: Rename server_event_context() to global_event_context()
This reflects that the event context is also used outside of the server
processes.

The command used for the rename:
find . -name '*.[hc]' -print0 | xargs -0 sed -i 's/server_event_context/global_event_context/'

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-09-07 17:26:17 +02:00
Stefan Metzmacher
789c89e6ec winbind: Pass upn unmodified to lookup names
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
2018-05-11 09:07:36 +02:00
Garming Sam
7d23177cea winbindd_irpc: Add an IRPC call to trigger a DC locate
Calling the top level winbindd API would probably be more appropriate,
but we lack certain structures. We introduce this call in order to
return the result to NETLOGON (in order to give site-aware and domain
aware DC location).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13365

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-04 06:12:10 +02:00
Stefan Metzmacher
3ffebee3de winbindd: implement wb_irpc_lsa_{LookupNames4,LookupSids3}()
This will be used by the LSA Server on an AD DC to request remote views
from trusts.

In future we should implement wb_lookupnames_send/recv similar to
wb_lookupsids_send/recv, but for now using wb_lookupname_send/recv in a loop
works as a first step.

We also need to make use of req->in.level and req->in.client_revision
once we want to support more than one domain within our own forest.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-21 14:19:19 +01:00
Stefan Metzmacher
4b0641bf10 winbindd: use find_trust_from_name_noinit when we require a direct trust
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-01-13 12:55:07 +01:00
Volker Lendecke
7e83d14894 winbind: Replace winbind_event_context with server_event_context
There's no point in having two global event contexts

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-18 00:09:16 +01:00
Stefan Metzmacher
ccc8c1a45d winbindd: give an IRPC error if wb_irpc_SamLogon() is called without useful routing information
The caller should have checked this already!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07 15:20:04 +02:00
Stefan Metzmacher
615b0d83d0 winbindd: as DC we should try to get the target_domain from @SOMETHING part of the username in wb_irpc_SamLogon()
We still need a full routing table including all upn suffixes,
but this is a start to support NTLM authentication using user@REALM
against structed domains.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07 15:20:04 +02:00
Stefan Metzmacher
0ed6ad45ad winbindd: Print debug if we don't know how to route a wb_irpc_SamLogon() request
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07 15:20:04 +02:00
Stefan Metzmacher
039ad5c9ad winbindd: allow all possible logon levels in wb_irpc_SamLogon()
We should just try to find the correct domain to forward the
request, all logic of not implementing serveral logon levels
belongs to the _winbind_SamLogon() implementation.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-08-07 15:20:03 +02:00
Garming Sam
fd29e28d52 netlogon: Implement SendToSam along with its winbind forwarding
This allows you to forward bad password count resets to 0. Currently,
there is a missing access check for the RODC to ensure it only applies
to cached users (msDS-Allowed-Password-Replication-Group).

(further patches still need to address forcing a RWDC contact)

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-30 08:06:07 +02:00
Volker Lendecke
b7966221c7 winbind: Correcly pass !authoritative from wb_irpc_SamLogon
Returning an error at this level gives a RPC level error without the chance to
provide !authoritative flag to the caller. At the RPC level we're fine, but not
finding the domain to authenticate means that we don't know the domain and thus
have to return !authoritative.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar  7 13:16:00 CET 2017 on sn-devel-144
2017-03-07 13:16:00 +01:00
Günther Deschner
ead4e90edb werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/winbindd/
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:19 +02:00
Stefan Metzmacher
c123274423 s3:winbindd: add wb_irpc_GetForestTrustInformation()
This allows the netlogon server to forward netr_DrsGetForestTrustInformation()
to winbindd in order to do the work.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-07-08 18:38:22 +02:00
Stefan Metzmacher
6f859f40b8 s3:winbindd: add wb_irpc_LogonControl()
This can be called by the netlogon server to pass netr_LogonControl*()
to a winbindd child process in order to do the real work.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-07-08 18:38:22 +02:00
Andrew Bartlett
c01ee4614a winbindd-irpc: Ensure not to call irpc_send_reply twice on error
As found during investigation of the previous commit, when the RPC
call fails totally, we must only try and send one error reply.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug  1 12:11:29 CEST 2014 on sn-devel-104
2014-08-01 12:11:28 +02:00
Andrew Bartlett
ba4467ca65 s3-winbindd: Implement SamLogon IRPC call
We do this by lifting parts of the winbindd_dual_pam_auth_crap() code
into a new helper function winbind_dual_SamLogon().  This allows us to
implement the semantics we need for IRPC, without the artifacts of the
winbindd pipe protocol.

Change-Id: Idb169217e6d68d387c99765d0af7ed394cb5b93a
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 11 12:43:58 CEST 2014 on sn-devel-104
2014-06-11 12:43:58 +02:00
Andrew Bartlett
eabe7d732e s3-winbind: Transparently forward IRPC messages to the winbind_dual child
Change-Id: I8b336e2365e10ef9ea04d0957eb0829d3766b11e
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-11 10:18:26 +02:00
Andrew Bartlett
faa4452df7 s3-winbind rename winbindd_update_rodc_dns to be for more generic irpc
Change-Id: I385ef8bd766848becc42e58694207dc94cd07a89
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-11 10:18:26 +02:00