sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-13 13:18:06 +03:00
Code
70,966 Commits 60 Branches 1,145 Tags 452 MiB
e9f552925d
Commit Graph

1343 Commits

Author SHA1 Message Date
Michael Adam
ac63c50684 s3:idmap_rid: use range from idmap_domain in idmap_rid_sid_to_id() 2010-08-14 02:10:55 +02:00
Michael Adam
cda44b9e8e s3:idmap_rid: use ranges from idmap_domain struct in idmap_rid_id_to_sid() 2010-08-14 02:10:55 +02:00
Michael Adam
a6f58b76cc s3:idmap_rid: remove unused talloc context var from idmap_rid_sids_to_unixids() 2010-08-14 02:10:55 +02:00
Michael Adam
376e2bcc6e s3:idmap_rid: remove unused talloc context arg from idmap_rid_sid_to_id() 2010-08-14 02:10:54 +02:00
Michael Adam
597292a819 s3:idmap_rid: remove unused talloc context var from idmap_rid_unixids_to_sids() 2010-08-14 02:10:54 +02:00
Michael Adam
62833871bc s3:idmap_rid: remove unused talloc ctx argument from idmap_rid_id_to_sid() 2010-08-14 02:10:54 +02:00
Michael Adam
622bda8a67 s3:idmap_rid: untangle assignment from check in idmap_rid_initialize() 2010-08-14 02:10:54 +02:00
Michael Adam
a896ba07bb s3:idmap_ldap: add my (C) 2010-08-14 02:10:54 +02:00
Michael Adam
58cb5163f2 s3:idmap_ldap: create mappings for unmapped sids in idmap_ldap_sids_to_unixids() 2010-08-14 02:10:54 +02:00
Michael Adam
26c82596d9 s3:idmap_ldap: add a idmap_ldap_new_mapping(). 
High level function to create a new mapping for an unmapped sid.
This builds logic that used to reside in the top level idmap code
in the backend.
 2010-08-14 02:10:54 +02:00
Michael Adam
4ed6f315d9 s3:idmap_ldap: add idmap_ldap_get_new_id() to allocate a new id given a domain 
Currently this only works with the default domain, calling out
to idmap_ldap_allocate_id(). In the future this will be extended
to also work for non-default domains.
 2010-08-14 02:10:54 +02:00
Michael Adam
5f77570bb6 s3:idmap_ldap: move idmap_ldap_set_mapping() further up. 2010-08-14 02:10:53 +02:00
Michael Adam
3e71eaeca0 s3:idmap_ldap: make idmap_ldap_alloc_context a member of idmap_ldap_context 
this hides this beneath the idmap structure and removes a global variable
 2010-08-14 02:10:53 +02:00
Michael Adam
523b94f180 s3:idmap_ldap: call idmap_ldap_alloc_init from idmap_ldap_init. 
The alloc subsystem is now subordinate to the idmap system.
 2010-08-14 02:10:53 +02:00
Michael Adam
c854261867 s3:idmap_ldap: remove the (now unused) range from idmap_ldap_alloc_context 2010-08-14 02:10:53 +02:00
Michael Adam
3f39921e7e s3:idmap_ldap: use ranges from idmap domain in idmap_ldap_allocate_id() 
Second step in removing the idmap range from the idmap_ldap_alloc_context.
 2010-08-14 02:10:53 +02:00
Michael Adam
5518bcb840 s3:idmap_ldap: add idmap_domain arg to idmap_ldap_alloc_init and verify_idpool 
First step in removing idmap ranges from the idmap_ldap_alloc_context.
The range from the domain is to be used now.
 2010-08-14 02:10:53 +02:00
Michael Adam
1cf27374ab s3:idmap_ldap: remove unused filter range from struct idmap_ldap_context 2010-08-14 02:10:53 +02:00
Michael Adam
5bb4a94c6c s3:idmap_ldap: don't load ranges - they have been loaded into struct idmap_domain 2010-08-14 02:10:52 +02:00
Michael Adam
634cd2e045 s3:idmap_ldap: use filter range from idmap domain, not idmap_ldap_context 2010-08-14 02:10:52 +02:00
Michael Adam
3a5f86216b s3:idmap_ldap: re-implement allocate_id in idmap methods. 2010-08-14 02:10:52 +02:00
Michael Adam
5bb5b69b0f s3:idmap_tdb: add my (C) 2010-08-14 02:10:52 +02:00
Michael Adam
78979c6420 s3:idmap_tdb: properly initialize the idmap_tdb context with zero 2010-08-14 02:10:52 +02:00
Michael Adam
9c3d4dff82 s3:idmap_tdb: prevent opening the idmap db more than once. 2010-08-14 02:10:52 +02:00
Michael Adam
66a38d8612 s3:idmap_tdb: rewrite sids_to_unixids to create mappings for unmapped sids. 2010-08-14 02:10:52 +02:00
Michael Adam
4f2bb1a259 s3:idmap_tdb: add a idmap_tdb_new_mapping(). 
High level function to create a new mapping for an unmapped sid.
This builds logic that used to reside in the top level idmap code
in the backend. To be called inside a transaction to guarantee
atomicity of the operation.
 2010-08-14 02:10:51 +02:00
Michael Adam
47387b3ebb s3:idmap_tdb: move the set_mapping code up 2010-08-14 02:10:51 +02:00
Michael Adam
2b2a8f9b3b s3:idmap_tdb: use transaction wrapper for idmap_tdb_set_mapping(). 2010-08-14 02:10:51 +02:00
Michael Adam
b0615e4757 s3:idmap_tdb: remove unused struct idmap_tdb_state. 2010-08-14 02:10:51 +02:00
Michael Adam
28535349bd s3:idmap_tdb: remove unused idmap_alloc_db 2010-08-14 02:10:51 +02:00
Michael Adam
9010194972 s3:idmap_tdb: remove unused idmap_tdb_alloc_close(). 2010-08-14 02:10:51 +02:00
Michael Adam
2e4a0382f5 s3:idmap_tdb: give idmap_domain arg to idmap_tdb_allocate_id and use ctx->db 
instead of alloc_db
 2010-08-14 02:10:50 +02:00
Michael Adam
4301a81c99 s3:idmap_tdb: call idmap_tdb_init_hwm() from idmap_tdb_open_db(). 2010-08-14 02:10:50 +02:00
Michael Adam
1039506493 s3:idmap_tdb: move idmap_tdb_init_hwm up. 2010-08-14 02:10:50 +02:00
Michael Adam
f739ccb1b9 s3:idmap_tdb: remove unused idmap_tdb_load_ranges() 
The idmap_tdb_state (which should actually be called idmap_tdb_alloc_context)
is being removed since the alloc part is combined with the id mapping part.
 2010-08-14 02:10:50 +02:00
Michael Adam
b1285a5cb3 s3:idmap_tdb: have idmap_tdb_open_db take an idmap_domain struct as argument 
the other arguments are not needed any more and are removed.
 2010-08-14 02:10:49 +02:00
Michael Adam
53856fc8b0 s3:idmap_tdb: rename idmap_tdb_alloc_init->idmap_tdb_init_hwm and use db from idmap_tdb_context 
instead of the special idmap_alloc_db
 2010-08-14 02:10:49 +02:00
Michael Adam
384e35f8a7 s3:idmap_tdb: move definition of struct idmap_tdb_context up. 2010-08-14 02:10:47 +02:00
Michael Adam
db38972583 s3:idmap_tdb: remove filter_low_id,filter_high_id from idmap_tdb_context 
These are now taken from the idmap_domain struct.
 2010-08-14 02:10:47 +02:00
Michael Adam
3315f2cf9b s3:idmap_tdb: add idmap domain arg to idmap_tdb_upgrade and use domain range 2010-08-14 02:10:47 +02:00
Michael Adam
6d66018187 s3:idmap_tdb: use filter from idmap_domain rather than from idmap_tdb_context 2010-08-14 02:10:47 +02:00
Michael Adam
053e4510cd s3:idmap_tdb: give idmap domain argument to idmap_tdb_sid_to_id 
instead of idmap_tdb_context. This is in preparation of using the
filter from the idmap_domain struct.
 2010-08-14 02:10:47 +02:00
Michael Adam
f7a5f0987c s3:idmap_tdb: give idmap domain argument to idmap_tdb_id_to_sid 
instead of idmap_tdb_context. This is in preparation of using the
filter from the idmap_domain struct.
 2010-08-14 02:10:47 +02:00
Michael Adam
0f248169d9 s3:idmap_tdb: implement allocate_id in idmap methods for tdb backend 2010-08-14 02:10:46 +02:00
Michael Adam
2b9ad09ae7 s3:idmap_tdb: add idmap_tdb_get_new_id() to allocate a new id given a domain 
Currently this only works with the default domain, calling out
to idmap_tdb_allocate_id(). In the future this will be extended
to also work for non-default domains.
 2010-08-14 02:10:46 +02:00
Michael Adam
9e8df7403a s3:idmap_tdb: convert idmap_tdb_allocate_id() to use transaction wrappers 2010-08-14 02:10:46 +02:00
Michael Adam
85e9b35993 s3:idmap_tdb: remove an extra blank line 2010-08-14 02:10:46 +02:00
Michael Adam
aad8756dae s3:idmap_tdb2: add my (C) 2010-08-14 02:10:46 +02:00
Michael Adam
dac9f73ccd s3:idmap_tdb2: move idmap_tdb2_new_mapping() up. spare a prototype. 2010-08-14 02:10:46 +02:00
Michael Adam
627b9aa4b7 s3:idmap_tdb2: get rid of an extra variable in idmap_tdb2_db_init(). 2010-08-14 02:10:46 +02:00
Michael Adam
d27992e708 s3:idmap_tdb2: move idmap_tdb2_set_mapping() up to its _action callback. 2010-08-14 02:10:45 +02:00
Michael Adam
3bc40a0979 s3:idmap_tdb2: use the right talloc context for db_open in idmap_tdb2_open_db() 2010-08-14 02:10:45 +02:00
Michael Adam
39079acc57 s3:idmap_tdb2: don't check whether sid is already mapped in idmap_tdb2_new_mapping(). 
idmap_tdb2_new_mapping() is called from inside a transaction only
with sids, that have been verified not to be mapped directly before
that in the same transaction.
 2010-08-14 02:10:45 +02:00
Michael Adam
1a52e0d25b s3:idmap_tdb2: add the db_context to the idmap_tdb2_context 
this removes the idmap_tdb2 global variable
 2010-08-14 02:10:45 +02:00
Michael Adam
83ad3cdf69 s3:idmap_tdb2: talloc_zero (instead of talloc) the idmap_tdb2_context 2010-08-14 02:10:45 +02:00
Michael Adam
c08a45ebd9 s3:idmap_tdb2: rename idmap_tdb2_alloc_load -> idmap_tdb2_init_hwm 2010-08-14 02:10:45 +02:00
Michael Adam
41cead6a31 s3:idmap_tdb2: move idmap_tdb2_alloc_load() up to reduce need for prototype 2010-08-14 02:10:45 +02:00
Michael Adam
2c549be359 s3:idmap_tdb2: remove unused idmap_tdb2_state and idmap_tdb2_load_ranges 2010-08-14 02:10:44 +02:00
Michael Adam
fd81228ed8 s3:idmap_tdb2: give idmap_tdb2_alloc_load() and idmap domain arguemnt 
and use the ranges from the idmap domain for checking the HWM values
 2010-08-14 02:10:44 +02:00
Michael Adam
bd4cc44c7d s3:idmap_tdb2: add an idmap_domain struct argument to idmap_tdb2_open_db() 2010-08-14 02:10:44 +02:00
Michael Adam
871945ae19 s3:idmap_tdb2: remove filter_low_id and filter_high_id from idmap_tdb2_context 
Now these are taken from the idmap_domain struct.
 2010-08-14 02:10:44 +02:00
Michael Adam
2842389e55 s3:idmap_tdb2: don't parse config and fill filter_low_id and filter_high_id 
into idmap_tdb2_context in idmap_tdb2_db_init().
Now these are taken from the idmap_domain struct instead.
 2010-08-14 02:10:44 +02:00
Michael Adam
6a70e7da58 s3:idmap_tdb2: honour the "idmap read only" flag in the tdb2 module. 
Note that this will not prevent the idmap script from writing its
mappings to the database, but no new unix ids will be allocated via
the allocator and hence no new mappings will be autogenerated.
 2010-08-14 02:10:43 +02:00
Michael Adam
d5c3cb5a8a s3:idmap_tdb2: use range from idmap_domain in idmap_tdb2_allocate_id 2010-08-14 02:10:43 +02:00
Michael Adam
4b10036da8 s3:idmap_tdb2: use filter from idmap_domain rather than from idmap_tdb2_context 2010-08-14 02:10:43 +02:00
Michael Adam
77096b9a26 s3:idmap_tdb2: pass idmap_domain (not idmap_tdb2_context) to idmap_tdb2_sid_to_id 2010-08-14 02:10:43 +02:00
Michael Adam
863212ad0e s3:idmap_tdb2: pass idmap_domain instead of idmap_tdb2_context to idmap_tdb2_unixids_to_sids 
The reason for this will become apparent later: The ranges are being moved to
the idmap_domain: They are universal.
 2010-08-14 02:10:43 +02:00
Michael Adam
bb8a4415c8 s3:idmap_tdb2: also support idmap script for named domains 
this can be configured via "idmap config DOMAIN : script = foobar"
 2010-08-14 02:10:43 +02:00
Michael Adam
f27858548e s3:idmap_tdb2: move the idmap script from idmap_tdb2_state to idmap_tdb2_context 
The state (aka idmap_tdb2_alloc_context) is being removed.
The (global) idmap script was wrong there anyways.
It belongs to the per-domain context.
 2010-08-14 02:10:43 +02:00
Michael Adam
834008c2cd s3:idmap_tdb2: remove use of idmap_tdb2_state from idmap_tdb2_allocate_id 
idmap_tdb2_state should actually be called idmap_tdb2_alloc_context.
This is being removed as the idmap and allocation is moved together.
We use the idmap_tdb2_context * that is sitting in dom->private_data.
This contains the same ranges as those in the state anyways.
Later, when we can also allocate for named domains, this will become
necessary anyways.
 2010-08-14 02:10:43 +02:00
Michael Adam
1dfb20d029 s3:idmap_tdb2: move definition of struct idmap_tdb2_context up. 2010-08-14 02:10:42 +02:00
Michael Adam
5b264561e7 s3:idmap_tdb2: open the db after loading the ranges in idmap_tdb2_db_init(). 2010-08-14 02:10:42 +02:00
Michael Adam
8da3d7c39b s3:idmap_tdb2: add allocation of new mappings to idmap_tdb2_sids_to_unixids 
This moves the new_mapping feature inside the tdb2 backend to make creations
of mappings atomic.

Note: The new internal function idmap_tdb2_get_new_id() that is used to allocate
a new unix id is prepared to function for multiple explicitly configured idmap
domains, but currently it does only work for the default domain. The extended
allocation support requires extension of the data base format to store multiple
counters (per domain). This will be added in a later step (TODO!).
 2010-08-14 02:10:42 +02:00
Michael Adam
36017ecebf s3:idmap_tdb2: re-implement allocated_id in idmap methods. 2010-08-14 02:10:42 +02:00
Michael Adam
1cd1dff756 s3:idmap: add idmap_unix_id_is_in_range() for checking an id against an idmap range 2010-08-14 02:10:42 +02:00
Michael Adam
212627e9c0 s3:idmap: don't check range for passdb idmap domain 2010-08-14 02:10:42 +02:00
Michael Adam
24ff45ff4d s3:idmap: parse ranges and "read only" in idmap_init_domain(). 2010-08-14 02:10:42 +02:00
Michael Adam
3a2487e66b s3:idmap: remove idmap_alloc_context from idmap.c 
The registering of alloc backends is being removed.
The idmap backends are responsible for initializing
their alloc code on their own if necessary.

No list of alloc backends is maintained any more in the top level.
 2010-08-14 02:10:40 +02:00
Michael Adam
12a0ab3c96 s3:idmap: remove the alloc methods list from idmap.c 
The registering of alloc backends is being removed.
The idmap backends are responsible for initializing
their alloc code on their own if necessary.

No list of alloc backends is maintained any more in the top level.
 2010-08-14 02:10:39 +02:00
Michael Adam
a423f5151d s3:idmap: remove unused get_alloc_methods(). 2010-08-14 02:10:39 +02:00
Michael Adam
75a6c24459 s3:idmap: remove unused smb_register_idmap_alloc(). 
The registering of alloc backends is being removed.
The idmap backends are responsible for initializing
their alloc code on their own if necessary.
 2010-08-14 02:10:39 +02:00
Michael Adam
f96575d6db s3:idmap_ldap: remove unused idmap_ldap_alloc_methods. 2010-08-14 02:10:39 +02:00
Michael Adam
0369eb5555 s3:idmap_ldap: remoce unused idmap_alloc_ldap_init 2010-08-14 02:10:39 +02:00
Michael Adam
0dfe400d64 s3:idmap_ldap: don't call idmap_alloc_ldap_init in idmap_ldap_init 
The registering of alloc backends is being removed.
The idmap backends are responsible for initializing
their alloc code on their own if necessary.
 2010-08-14 02:10:39 +02:00
Michael Adam
bc59660fc1 s3:idmap_tdb: remove unused idmap_alloc_methods 2010-08-14 02:10:39 +02:00
Michael Adam
5e317beadb s3:idmap_tdb: remove unused idmap_alloc_tdb_init() 2010-08-14 02:10:38 +02:00
Michael Adam
dd4adc1721 s3:idmap_tdb: don't call idmap_alloc_tdb_init in idmap_tdb_init 
The registering of alloc backends is being removed.
The idmap backends are responsible for initializing
their alloc code on their own if necessary.
 2010-08-14 02:10:38 +02:00
Michael Adam
77e41c0ad4 s3:idmap_tdb2: remove unused idmap_tdb2_alloc_init(). 2010-08-14 02:10:38 +02:00
Michael Adam
261663389b s3:idmap_tdb2: remove unused idmap_tdb2_alloc_close(). 2010-08-14 02:10:38 +02:00
Michael Adam
39fced2f33 s3:idmap_tdb2: remove unused idmap_alloc_methods. 2010-08-14 02:10:38 +02:00
Michael Adam
8a13c95931 s3:idmap_tdb2: don't call smb_register_idmap_alloc() in idmap_tdb2_init 
The registering of alloc backends is being removed.
The idmap backends are responsible for initializing
their alloc code on their own if necessary.
 2010-08-14 02:10:38 +02:00
Michael Adam
7b4c6f7e89 s3:idmap_tdb: make idmap_alloc_tdb_init() static. 2010-08-14 02:10:37 +02:00
Michael Adam
fe8b1588b4 s3:idmap: remove unused idmap_alloc_init(). 2010-08-14 02:10:37 +02:00
Michael Adam
212468bc6e s3:idmap: use allocate_id() from the idmap_methods in idmap_allocate_unixid() 
The idmap alloc methods are being removed.
 2010-08-14 02:10:37 +02:00
Michael Adam
0d369271c5 s3:idmap: factor out common code of idmap_allocate_uid|gid() 
into new idmap_allocate_unixid().
 2010-08-14 02:10:37 +02:00
Michael Adam
0d0032e744 s3:idmap: remove the set_mapping method from the idmap API 2010-08-14 02:10:36 +02:00
Michael Adam
95617a03db s3:idmap: remove idmap_new_mapping() - now implemented in the backends 2010-08-14 02:10:36 +02:00
Michael Adam
e2968160a4 s3:idmap: add a debug message to idmap_sid_to_gid 2010-08-14 02:10:36 +02:00
Michael Adam
a08e60dd2c s3:idmap: add a debug message to idmap_sid_to_uid 2010-08-14 02:10:36 +02:00
Michael Adam
9ee3134691 s3:idmap: don't call idmap_new_mapping idmap_sid_to_gid 
The setting of a new mapping is moved into the backend code
to achieve atomicity and greater flexibility.

Michael
 2010-08-14 02:10:36 +02:00
Michael Adam
f301ea5977 s3:idmap: don't call idmap_new_mapping idmap_sid_to_unixid. 
The setting of a new mapping is moved into the backend code
to achieve atomicity and greater flexibility.

Michael
 2010-08-14 02:10:36 +02:00
Michael Adam
95b840cbf1 s3:idmap: remove unused method set_id_hwm from idmap API 
Michael
 2010-08-14 02:10:35 +02:00
Michael Adam
3715a1687f s3:idmap: remove unused alloc method get_id_hwm from idmap API 
Michael
 2010-08-14 02:10:35 +02:00
Michael Adam
672ab10ee7 s3:idmap: remove unused method dump_data() from the idmap API 
Michael
 2010-08-14 02:10:35 +02:00
Michael Adam
0f91373156 s3:idmap: remove the remove_mapping method from API and backends 
Michael
 2010-08-14 02:10:34 +02:00
Michael Adam
d888e726a9 s3:idmap: remove unused idmap_remove_mapping(). 
Michael
 2010-08-14 02:10:34 +02:00
Michael Adam
3b56f7f6b5 s3:winbind: remove the method REMOVE_MAPPING from winbind's API 
Michael
 2010-08-14 02:10:34 +02:00
Michael Adam
6740c180e6 s3:idmap: remove unused idmap_set_mapping(). 
Michael
 2010-08-14 02:10:34 +02:00
Michael Adam
474020b1ae s3:winbind: remove the method SET_MAPPING from winbind's API 
Michael
 2010-08-14 02:10:33 +02:00
Michael Adam
806e006288 s3:idmap: remove unused idmap_set_gid_hwm() 
Michael
 2010-08-14 02:10:32 +02:00
Michael Adam
002fe91768 s3:idmap: remove unused idmap_set_uid_hwm() 
Michael
 2010-08-14 02:10:32 +02:00
Michael Adam
66e67c1bad s3:winbind: remove SET_HWM from winbind's API. 2010-08-14 02:10:31 +02:00
Michael Adam
b28371b9a4 s3:idmap_tdb2: fix a debug message 2010-08-14 02:10:29 +02:00
Stefan Metzmacher
7e24d1dd57 s3:winbindd: add wbint dcerpc_binding_handle backend 
metze
 2010-08-12 14:31:22 +02:00
Günther Deschner
be396411a4 s3-winbind: Fix Bug #7568: Make sure cm_connect_lsa_tcp does not reset the secure channel. 
This is an important fix as the following could and is happening:

* winbind authenticates a user via schannel secured netlogon samlogonex call,
current secure channel cred state is stored in winbind state, winbind
sucessfully decrypts session key from the info3

* winbind sets up a new schannel ncacn_ip_tcp lsa pipe (and thereby resets the
secure channel on the dc)

* subsequent samlogonex calls use the new secure channel creds on the dc to
encrypt info3 session key, while winbind tries to use old schannel creds for
decryption

Guenther
 2010-08-09 16:36:22 +02:00
Volker Lendecke
2d3623529f s3: Lift the smbd_messaging_context from rpc_pipe_open_internal 2010-08-08 16:03:15 +02:00
Günther Deschner
257a1f1097 s3-krb5: include krb5pac.h where needed. 
Guenther
 2010-08-06 15:43:37 +02:00
Andreas Schneider
ce2a086119 s3-popt: Only include popt-common.h when needed. 2010-08-05 12:08:31 +02:00
Günther Deschner
c136b84f0d s3-secrets: only include secrets.h when needed. 
Guenther
 2010-08-05 10:12:25 +02:00
Günther Deschner
e7a6a3ec0d s3: avoid global include of ads.h. 
Guenther
 2010-08-05 00:32:02 +02:00
Jeremy Allison
b7f029016a We should be using the winbindd separator in this case, not hardcoding a \\ value. 
Jeremy.
 2010-07-29 13:54:22 -07:00
Jeremy Allison
4f43030482 Fix bug #7589 - ntlm_auth fails to use cached credentials. 
In handling the WINBINDD_PAM_AUTH message winbindd canonicalizes a *copy*
of the mapped username, but fails to canonicalize the actual username
sent to the backend domain process. When "winbind default domain"
is set this can lead to credentials being cached with an index of
user: user, not DOMAIN\user. All other code paths that use
canonicalize_username() (WINBINDD_PAM_CHAUTHTOK, WINBINDD_PAM_LOGOFF)
correctly canonicalize the data sent to the backend. All calls
the can cause credentials to be looked up (PAM_CHAUTHTOK etc.)
correctly call canonicalize_username() to create the credential
lookup key.

Jeremy.
 2010-07-29 12:44:00 -07:00
Andreas Schneider
97dba0c0d9 s3-winbind: Use struct pipes_struct. 2010-07-28 10:39:25 +02:00
Jeremy Allison
cc43f985d1 Second part of fix for bug 7578 - 'net idmap restore' fails to set HWM, causing duplicates. 
Jeremy.
 2010-07-27 00:23:37 -07:00
Justin Maggard
4f01159a31 s3: Fix bug 7578 
Uninitialized variable read in _wbint_SetHWM
 2010-07-27 08:44:25 +02:00
Andreas Schneider
5cefbfef26 s3-rpc_server: Added callbacks for init and shutdown of a rpc service. 
This adds two callback function for each rpc service. One is for
initialisation and the other for shutdown. rpc_<service>_unregister()
needs to be called to execute the shutdown function.
 2010-07-19 12:59:18 +02:00
Simo Sorce
cdcdaaa6dd s3-ntlmssp: Remove ntlmssp_end and let the talloc hierarchy handle it. 
All the members are children of ntlmssp_state anyway.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-19 14:19:47 +10:00
Volker Lendecke
7ac58281ae s3: Remove a direct use of procid_self() 2010-07-18 21:22:41 +02:00
Simo Sorce
100d37fc46 s3-dcerpc: Use DATA_BLOB for pipes_struct input data 
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-07-16 01:51:18 +02:00
Simo Sorce
31b59bbf99 s3-dcerpc: Convert rdata from prs_struct to a simple DATA_BLOB 
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-07-16 01:51:16 +02:00
Andreas Schneider
f85167a161 s3-winbind: Don't cache queries to builtin and own sam domain. 2010-07-13 19:17:41 +02:00
Andreas Schneider
57ebc8af80 s3-winbind: Set status before we leave in some msrpc functions. 2010-07-13 19:17:41 +02:00
Günther Deschner
690ed0c5e2 s3-rpc: when using rpc_pipe_open_internal, make sure to go through NDR. 
Otherwise a lot of information that is usually generated in the ndr_push remains
in an uninitialized state.

Guenther
 2010-07-08 16:35:26 +02:00
Simo Sorce
f0b918473d s3:winbindd_samr Do not use static contexts 
It is a very bad idea to use a static context within the open function.
Use the memory hierarchy to keep track of a client connection.
 2010-07-07 23:45:50 -04:00
Günther Deschner
76a084feee s3-winbindd: Fix child logfile handling which broke with c67cff0372. 
Andreas, please check.

Guenther
 2010-07-07 17:01:09 +02:00
Günther Deschner
0da5e15378 s3-winbindd: route samr chgpwd ops for own domain over internal samr pipe as well. 
Guenther
 2010-07-07 16:49:26 +02:00
Andreas Schneider
44d8c8dbb7 s3-winbind: Handle aliases in rpc_lookup_groupmem(). 2010-07-06 18:38:14 +02:00
Günther Deschner
11ae9aff97 s3-winbind: Fixed the winbind caching. 2010-07-06 18:38:14 +02:00
Andreas Schneider
66fc77e886 s3-winbind: Use same format for all msrpc debug messages. 2010-07-06 18:38:14 +02:00
Andreas Schneider
2794c5ad24 s3-winbind: Fixed debug messages of open_internal_lsa_pipe(). 2010-07-06 18:38:14 +02:00
Andreas Schneider
9d23f8fbc5 s3-winbind: Make sure that the policy handles are closed. 2010-07-06 18:38:13 +02:00
Andreas Schneider
c5cd35658b s3-winbind: Make sure we close all policy handles in sam. 2010-07-06 18:38:13 +02:00
Andreas Schneider
c67cff0372 s3-winbind: Create all logfiles in the same directory. 
If log file is set in the config file, we should create the log files of
the winbind child processes in the same directory.
 2010-07-06 18:38:13 +02:00
Volker Lendecke
60a3cc850a s3: Fix another winbind crash 
This is similar to 09a9cc3, this re-arranges winbindd_ads.c:query_user_list()
so that "ads" is not accessed anymore across a call to nss_get_info_cached()
call which can destroy it behind the scenes.
 2010-07-06 14:21:41 +02:00
Andreas Schneider
3323e88f74 s3-winbind: Rename lookup_groupmem to msrpc_lookup_groupmem. 2010-07-05 15:59:15 +02:00
Andreas Schneider
973ef399e3 s3-winbind: Use rpc_trusted_domains in msrpc. 2010-07-05 15:59:15 +02:00
Andreas Schneider
b4160af736 s3-winbind: Use rpc_trusted_domains in samr. 2010-07-05 15:59:14 +02:00
Andreas Schneider
9c372a145d s3-winbind: Added a common rpc_trusted_domains function. 2010-07-05 15:59:14 +02:00
Andreas Schneider
b8a0b95e74 s3-winbind: Rename common_password_policy to sam_password_policy. 2010-07-05 15:59:14 +02:00
Andreas Schneider
3f2c2c7c70 s3-winbind: Rename common_lockout_policy to sam_lockout_policy. 2010-07-05 15:59:14 +02:00
Andreas Schneider
49dc713957 s3-winbind: Use rpc_sequence_number in msrpc. 2010-07-05 15:59:14 +02:00
Andreas Schneider
eba6ff0c1a s3-winbind: Use rpc_sequence_number in samr. 2010-07-05 15:59:14 +02:00
Andreas Schneider
c4a5fc72c7 s3-winbind: Added a common rpc_sequence_number function. 2010-07-05 15:59:13 +02:00
Andreas Schneider
62038010e0 s3-winbind: Use rpc_lookup_groupmem in samr. 2010-07-05 15:59:13 +02:00
Andreas Schneider
3c06d42bec s3-winbind: Added a common rpc_lookup_groupmem function. 2010-07-05 15:59:13 +02:00
Andreas Schneider
1f2fe8dee9 s3-winbind: Use rpc_lookup_useraliases in msrpc. 2010-07-05 15:59:13 +02:00
Andreas Schneider
aa831374b8 s3-winbind: Use rpc_lookup_useraliases in samr. 2010-07-05 15:59:13 +02:00
Andreas Schneider
73b2f60f6d s3-winbind: Added a common rpc_lookup_useraliases function. 2010-07-05 15:59:12 +02:00
Andreas Schneider
ad8c912563 s3-winbind: Use rpc_lookup_usergroups in msrpc. 2010-07-05 15:59:12 +02:00
Andreas Schneider
c1a6a24a76 s3-winbind: Use rpc_lookup_usergroups in samr. 2010-07-05 15:59:12 +02:00
Andreas Schneider
473d1f1086 s3-winbind: Added a common rpc_lookup_usergroups function. 2010-07-05 15:59:12 +02:00
Andreas Schneider
a3f8bbf3da s3-winbind: Use rpc_query_user in samr. 2010-07-05 15:59:12 +02:00
Andreas Schneider
64f1052c7f s3-winbind: Use rpc_query_user in msrpc. 2010-07-05 15:59:12 +02:00
Andreas Schneider
7d304d7e99 s3-winbind: Added a common rpc_query_user function. 2010-07-05 15:59:11 +02:00
Andreas Schneider
c48d850265 s3-winbind: Use rpc_rids_to_names in samr. 2010-07-05 15:59:11 +02:00
Andreas Schneider
fd79bc9a58 s3-winbind: Added a common rpc_rids_to_names function. 2010-07-05 15:59:11 +02:00
Andreas Schneider
aa745bedd3 s3-winbind: Use rpc_sid_to_name in samr. 2010-07-05 15:59:11 +02:00
Andreas Schneider
506dc899b2 s3-winbind: Added a common rpc_sid_to_name function. 2010-07-05 15:59:11 +02:00
Andreas Schneider
22c9ced119 s3-winbind: Use rpc_name_to_sid in samr. 2010-07-05 15:59:10 +02:00
Andreas Schneider
37dbfaebc7 s3-winbind: Added a common rpc_name_to_sid function. 2010-07-05 15:59:10 +02:00
Andreas Schneider
01730e4b47 s3-winbind: Use rpc_enum_local_groups in samr. 2010-07-05 15:59:10 +02:00
Andreas Schneider
44c6432d64 s3-winbind: Use rpc_enum_local_groups in msrpc. 2010-07-05 15:59:10 +02:00
Andreas Schneider
89c8ef97c4 s3-winbind: Added a common rpc_enum_local_groups function. 2010-07-05 15:59:10 +02:00
Andreas Schneider
8159b1281b s3-winbind: Use rpc_query_user_list in samr. 2010-07-05 15:59:09 +02:00
Andreas Schneider
e44d7e1582 s3-winbind: Use rpc_query_user_list in msrpc. 2010-07-05 15:59:09 +02:00
Andreas Schneider
c83e8cbe4a s3-winbind: Added a common rpc_query_user_list function. 2010-07-05 15:59:09 +02:00
Andreas Schneider
b3f4e18859 s3-winbind: Use rpc_enum_dom_groups in samr. 2010-07-05 15:59:09 +02:00
Andreas Schneider
11610a4e99 s3-winbind: Use rpc_enum_dom_groups in msrpc. 2010-07-05 15:59:09 +02:00
Andreas Schneider
bec184048e s3-winbind: Added a common rpc_enum_dom_groups function. 2010-07-05 15:59:09 +02:00
Andreas Schneider
692cc06f0c s3-winbind: Rename winbindd_rpc.c to winbindd_msrpc.c. 2010-07-05 15:59:08 +02:00
Andreas Schneider
e1c4b5bbe9 s3-winbind: Replace the passdb backend with a samr/lsa based backend. 2010-07-05 15:59:08 +02:00
Andreas Schneider
488badb8ac s3-winbind: Implemented samr backend function common_sequence_number. 2010-07-05 15:59:08 +02:00
Andreas Schneider
645ce68e35 s3-winbind: Implemented samr backend function common_lookup_useraliases. 2010-07-05 15:59:08 +02:00
Andreas Schneider
d92cb43b77 s3-winbind: Implemented samr backend function common_lookup_usergroups. 2010-07-05 15:59:07 +02:00
Andreas Schneider
c60a9e8077 s3-winbind: Implemented samr backend function common_password_policy. 2010-07-05 15:59:07 +02:00
Andreas Schneider
54e8f8bd57 s3-winbind: Implemented samr backend function common_lockout_policy. 2010-07-05 15:59:07 +02:00
Andreas Schneider
de7990bca1 s3-winbind: Implemented samr backend function common_rids_to_names. 2010-07-05 15:59:07 +02:00
Andreas Schneider
79700e690e s3-winbind: Implemented samr backend function common_sid_to_name. 2010-07-05 15:59:07 +02:00
Andreas Schneider
f11648bfd7 s3-winbind: Implemented samr backend function common_name_to_sid. 2010-07-05 15:59:07 +02:00
Andreas Schneider
483d4528d9 s3-winbind: Implemented samr backend function common_enum_local_groups. 2010-07-05 15:59:06 +02:00
Andreas Schneider
47447809c8 s3-winbind: Implemented samr backend function sam_lookup_groupmem. 2010-07-05 15:59:06 +02:00
Andreas Schneider
41939ce32f s3-winbind: Implemented samr backend function sam_trusted_domains. 2010-07-05 15:59:06 +02:00
Andreas Schneider
48147555d2 s3-winbind: Implemented samr backend function sam_query_user. 2010-07-05 15:59:06 +02:00
Andreas Schneider
7ee0ebe406 s3-winbind: Implemented samr backend function sam_enum_dom_groups. 2010-07-05 15:59:05 +02:00
Andreas Schneider
9d0d6ed66f s3-winbind: Implemented samr backend function sam_query_user_list. 2010-07-05 15:59:05 +02:00
Andreas Schneider
cc3d9dd042 s3-winbind: Added a skeleton for samr based functions. 
The goal is to replace the passdb backend later.
 2010-07-05 15:59:05 +02:00
Andreas Schneider
9fa7239907 s3-winbind: Initialize the server_info on winbindd start. 2010-07-05 15:59:05 +02:00
Andreas Schneider
7d013f4065 s3-winbind: Free some memory which isn't needed anymore. 2010-07-05 15:59:04 +02:00
Volker Lendecke
7f0e6df883 s3: Pass the new server_id through reinit_after_fork 2010-07-04 17:29:23 +02:00
Volker Lendecke
b01958b0bd s3: Remove serverid_[de]register_self 
This removes some deep references to procid_self()
 2010-07-04 16:41:14 +02:00
Günther Deschner
d1538add73 s3-nss_info: only include nss_info.h where needed. 
Guenther
 2010-07-01 23:20:40 +02:00
Günther Deschner
04641abb33 s3-libads: move ldap posix schema defines to their own header file. 
Guenther
 2010-07-01 23:20:40 +02:00
Günther Deschner
dff7be8ccb s3-libads: only include libds flags where needed. 
Guenther
 2010-07-01 23:20:40 +02:00
Volker Lendecke
121214df91 s3: More cleanup in winbindd_ads.c:query_user 
We can't ads_msgfree after the ads struct has been killed. Do early returns.
 2010-06-28 14:09:58 +02:00
Volker Lendecke
8707be6d75 s3: Fix a valgrind error 
nss_get_info_cached does not necessarily fill in gid
 2010-06-28 13:54:45 +02:00
Volker Lendecke
09a9cc32ee s3: Re-arrange winbindd_ads.c:query_user 
We can't access the LDAP message after nss_get_info_cached has potentially
destroyed the ads_struct
 2010-06-28 13:54:45 +02:00
Volker Lendecke
a670804579 s3: free -> SAFE_FREE 2010-06-28 13:54:44 +02:00
Volker Lendecke
c79e0c0ce4 s3: Do an early TALLOC_FREE 2010-06-28 13:54:44 +02:00
Volker Lendecke
7cf0443159 s3: Fix a winbind crash 
nss_get_info_cached might deep inside sequence_number() invalidate the
ads_struct without telling its callers.
 2010-06-25 12:54:15 +02:00
Volker Lendecke
a9523f17ea s3: Fix a winbind crash 
nss_get_info_cached might have invalidated "ads" deep inside.
 2010-06-25 12:54:15 +02:00
Volker Lendecke
acf54c37a8 s3-winbind: Make KRB5_EVENT_REFRESH_TIME a function 2010-06-21 17:44:23 +02:00
Michael Adam
3f99ff104a s3:idmap_ldap: remove unreached code (and explicit error return code) 2010-06-21 12:38:25 +02:00
Jeremy Allison
be31b2ba62 Use #defined constant instead of "false" to be clearer about intent. 2010-06-17 12:34:15 -07:00
Simo Sorce
cbda0369a8 s3:winbindd use common server context functions 2010-06-10 17:30:45 -04:00
Andreas Schneider
95047bc717 s3-winbind: Fixed setting default sequence number. 2010-06-09 16:17:46 +02:00
Günther Deschner
bcd4077be6 s3: remove unused librpc/ndr/sid.c. 
Guenther
 2010-06-03 01:07:17 +02:00
Stefan Metzmacher
3f14d03adb s3:winbindd: make sure we only call static_init_idmap once 
metze

Signed-off-by: Michael Adam <obnox@samba.org>
 2010-06-01 10:33:13 +02:00
Andrew Bartlett
e67b0cf603 s3:winbind Ensure we always init idmap_passdb before we use it 
It seems that it is possible for idmap_init_passdb_domain() to be run
before idmap_init_domain(), so ensure we run the static init functions
in both.

Andrew Bartlett

Signed-off-by: Michael Adam <obnox@samba.org>
 2010-06-01 10:33:13 +02:00
Andrew Bartlett
d33c41fbf5 s3:winbindd move reinit_after_fork() back out of winbindd_register_handlers 
This particular init function needs to be done in a native Samba3
build, but it turns out to be difficult for s3compat, which has other
code listening on the sockets.

Andrew Bartlett
 2010-05-31 21:36:56 +02:00
Andrew Bartlett
19f4229fff s3:winbind Make state->mem_ctx a talloc child of state 
This way everything is destoryed at the conclusion of
the connection correctly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2010-05-31 21:36:55 +02:00
Andrew Bartlett
61eb56be4e s3:winbind tidy up connecting the winbind sockets. 
By putting this code inline in winbindd_setup_listeners() we remove 2
static variables and simplify the code.

By putting the get_winbind_priv_pipe_dir() in the same file, we allow
it to be reimplemented in s3compat.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2010-05-31 21:36:55 +02:00
Andrew Bartlett
e5ebc52e9f Revert "s3:winbindd Split helper functions to allow s3compat to call them" 
I'm experimenting with a different entry point

This reverts commit f5c0f90da5.
 2010-05-31 21:36:55 +02:00
Andrew Bartlett
ebae21f023 ntlmssp: Make the ntlmssp.h from source3/ a common header 
The code is not yet in common, but I hope to fix that soon.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-31 15:10:56 +02:00
Günther Deschner
fbb7814f91 s3: only use netlogon/nbt header when needed. 
Guenther
 2010-05-31 11:32:37 +02:00
Günther Deschner
f9f8007361 s3-build: only use ndr_security.h where needed. 
Guenther
 2010-05-31 11:32:37 +02:00
Andrew Bartlett
8d6f88b469 s3:winbind Kill amusing but un-used winbindd_kill_all_clients 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2010-05-28 18:08:28 +02:00
Günther Deschner
2807ab358e s3-samr: move chgpasswd.c out of smbd and into the samr server. 
Guenther
 2010-05-26 22:17:02 +02:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid 
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-21 10:39:59 +02:00
Michael Adam
612a333d65 s3:winbind:idmap_tdb2_set_mapping: untangle assignment from check 2010-05-20 09:18:59 +02:00
Günther Deschner
230b880d14 s3-rpc_client: move protos to cli_lsarpc.h 
Guenther
 2010-05-18 21:42:41 +02:00
Günther Deschner
5ed3654112 s3-rpc_client: move protos to cli_netlogon.h 
Guenther
 2010-05-18 21:42:37 +02:00
Günther Deschner
3f2719c202 s3-rpc_client: move protos to cli_samr.h 
Guenther
 2010-05-18 21:42:32 +02:00
Andrew Bartlett
864a95fd9c s3:winbind use no_srv_register to avoid needing rpc_srv_register 
This pidl attribute avoids the need for this dummy function, which
helps s3compat.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-18 17:17:43 +02:00
Jelmer Vernooij
b8268cf7b0 s3: Remove use of iconv_convenience. 2010-05-18 11:45:31 +02:00
Günther Deschner
1d2dd47d31 s3-crypto: only include crypto headers when crypto is done. 
Guenther
 2010-05-18 00:44:27 +02:00
Günther Deschner
3b529d50be s3-rpc_misc: clean out include/rpc_misc.h. 
Well known rids don't really belong into an rpc header, just use the ones
defined in security.idl.

Guenther
 2010-05-18 00:44:26 +02:00
Günther Deschner
e3bdff3d67 s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain(). 
Guenther
 2010-05-17 12:47:50 +02:00
Günther Deschner
14ac2bb36e s3-winbind: make the getpeername() checks in cm_prepare_connection IPv6 aware. 
Note that this failure was hard to track, as winbind did only log a super helpful
"cm_prepare_connection: Success" debug message.

IPv6 gurus, please check

Successfully tested in two independent IPv6 networks now.

Guenther
 2010-05-17 12:47:34 +02:00
Michael Adam
a15b666438 s3:winbind:idmap_tdb: don't check ranges when an invalid entry was found. 
There is no point in checking the ranges this if the record found had an
invalid/unknown type: the mapping is not filled in. If it were initialized
to some defaults before, the check just might replace the status
NT_STATUS_INTERNAL_DB_ERROR with a NT_STATUS_NONE_MAPPED, which is not
as precise.
 2010-05-17 11:45:31 +02:00
Andrew Bartlett
72e65a0521 s3:winbindd Provide a winbindd_register_handlers() helper function for s3compat 
This function provides a useful entry point for s3compat to set things
up in winbindd.

Andrew Bartlett
 2010-05-13 10:12:27 +10:00
Andrew Bartlett
f5c0f90da5 s3:winbindd Split helper functions to allow s3compat to call them 
This provides a more useful entry point for s3compat.

Andrew Bartlett
 2010-05-13 10:12:27 +10:00
Andrew Bartlett
7f70b53dd6 s3:Winbindd Move winbindd_event_context to a different file 
This allows this function to be easily replaced in s3compat

Andrew Bartlett
 2010-05-13 10:12:26 +10:00
Andrew Bartlett
cdf0704272 s3:winbindd Rename 'children' to 'winbindd_children' and make static 2010-05-13 10:12:26 +10:00
Andrew Bartlett
82fb4ebca7 s3:winbindd Remove call to namecache_enable(). 
This call only prints a DEBUG()

Andrew Bartlett
 2010-05-13 10:12:26 +10:00
Andrew Bartlett
454b0b3f20 s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATA 
All the callers just want the PAC_LOGON_INFO, so search for that in
ads_verify_ticket(), and don't bother the callers with the rest of the
PAC.

This change makes sense on it's own (removing boilerplate wrappers
that just confuse the code), but it also makes it much easier to
implement a matching ads_verify_ticket() function in Samba4 for the
s3compat proposal.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-11 22:52:37 +02:00
Günther Deschner
c6ebab846d s3: only include gen_ndr headers where needed. 
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time
as follows:

ccache build w/o patch
real    4m21.529s
ccache build with patch
real    3m6.402s

pch build w/o patch
real    4m26.318s
pch build with patch
real    3m6.932s

Guenther
 2010-05-06 00:22:59 +02:00
Volker Lendecke
668e28b80e s3: Unify DEBUG_KRB5_TKT_REGAIN and DEBUG_KRB5_TKT_RENEWAL 
I don't think it makes sense to #ifdef this one case separately.

Metze, Bo Yang, please check!
 2010-05-02 15:16:14 +02:00
Volker Lendecke
ef0adbff93 s3: Fix a typo 2010-05-02 15:16:14 +02:00
Volker Lendecke
685b4625bc s3: Fix the code order in append_auth_data 
This is to comply with the comment

"currently, anything from here on potentially overwrites extra_data."

Günther, please check!
 2010-05-02 15:15:56 +02:00
Volker Lendecke
ca860e4279 s3: range-check idmap script output 
Not doing so results in the id mapping succeeding once unchecked and later on
being refused, because when reading from the tdb we do the checks.
 2010-04-29 14:33:08 +02:00