1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/source3/winbindd
Simo Sorce 893b213876 Avoid overriding default ccache for ads operations.
Avoid overriding default ccache for ads operations.

Nowadays various samba components may need to use GSSAPI and a default cred
cache to perform their tasks.
This code was completely overriding the whole process default ccache name, thus
altering the current credentials and sometimes hijacking them (or getting
preemptively hijaked).

By using gss_krb5_import_cred we can instead use a private ccache (necessary
sometimes to use a different set of credentials fromt he default
cifs/fqdn@realm one, for example when contacting foreign DCs using trust
credentials) that does not affect the rest of the process.

For the kerberos versions which don't have gss_krb5_import_cred
we fallback to temp override of KRB5CCNAME and gss_acquire_cred.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Sep 12 21:18:09 CEST 2012 on sn-devel-104
2012-09-12 21:18:09 +02:00
..
idmap_hash idmap-hash: Attempt to fix Coverity ID 709116 Overflowed array index write 2012-06-20 12:53:59 +02:00
idmap_ad.c s3-winbind: Remove unused bool "local" 2012-02-06 23:27:48 +01:00
idmap_autorid.c dbwrap: dbwrap_trans_store_int32->dbwrap_trans_store_int32_bystring 2012-06-15 12:14:29 +02:00
idmap_ldap.c s3-smbldap: use smbldap_ prefixed functions 2012-09-07 12:31:42 +02:00
idmap_nss.c s3-includes: only include system/passwd.h when needed. 2011-03-30 01:13:07 +02:00
idmap_passdb.c s3-passdb: Change pdb_sid_to_id() to return struct unixid 2012-05-02 12:45:29 +02:00
idmap_proto.h s3:winbindd/idmap_proto.h: add _WINBINDD_IDMAP_PROTO_H_ guard 2011-05-31 01:44:27 +02:00
idmap_rid.c Revert making public of the samba-module library. 2011-12-03 08:36:30 +01:00
idmap_rw.c s3:idmap: add abstract idmap_rw new_mapping mechanism without registering backends 2010-08-14 02:10:56 +02:00
idmap_rw.h s3:idmap: add abstract idmap_rw new_mapping mechanism without registering backends 2010-08-14 02:10:56 +02:00
idmap_tdb2.c s3:idmap_tdb: fix miss in rename of dbwrap_trans_store_uint32() to dbwrap_trans_store_uint32_bystring() 2012-06-18 11:44:50 +02:00
idmap_tdb_common.c source3/winbindd/idmap_tdb_common.c: fix stackframe leak 2012-07-18 05:05:31 +09:30
idmap_tdb_common.h s3:winbindd add idmap_tdb_common file to store common code of TDB idmap backends 2012-05-01 09:32:11 +02:00
idmap_tdb.c dbwrap: remove get_flags(). 2012-06-22 07:35:17 +02:00
idmap_util.c s3-idmap: convert most idmap_cache callers to unixid API 2012-05-02 13:18:03 +02:00
idmap.c s3-winbind: Fix idmap initialization debug message. 2012-07-23 18:19:00 +02:00
nss_info_template.c s3: Remove unused args from get_nss_info 2011-03-06 12:51:01 +01:00
nss_info.c s3-winbind: Fix idmap initialization debug message. 2012-07-23 18:19:00 +02:00
wb_dsgetdcname.c s3:winbind: Fork multiple children per domain 2011-01-21 13:51:27 +01:00
wb_fill_pwent.c Correctly check for errors in strlower_m() returns. 2012-08-09 12:08:18 -07:00
wb_getgrsid.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
wb_getpwsid.c s3: Use tevent_req_simple_recv_ntstatus 2011-11-28 17:14:27 +01:00
wb_gettoken.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
wb_gid2sid.c s3:winbindd: use ndr_wbint_c.h instead of cli_wbint.h 2011-01-11 15:40:21 +01:00
wb_group_members.c Fix a bunch of "unused variable" warnings. 2012-02-18 06:22:40 +01:00
wb_lookupname.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
wb_lookupsid.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
wb_lookupsids.c s3: rename sid_check_is_in_our_domain() to sid_check_is_in_our_sam() 2012-07-12 18:36:02 +02:00
wb_lookupuseraliases.c More simple const fixups. 2011-05-05 23:56:08 +02:00
wb_lookupusergroups.c s3:winbind: Fork multiple children per domain 2011-01-21 13:51:27 +01:00
wb_next_grent.c s3: rename sid_check_is_domain() to sid_check_is_our_sam() 2012-07-12 16:43:51 +02:00
wb_next_pwent.c s3: rename sid_check_is_domain() to sid_check_is_our_sam() 2012-07-12 16:43:51 +02:00
wb_ping.c
wb_query_user_list.c s3:winbind: Fork multiple children per domain 2011-01-21 13:51:27 +01:00
wb_queryuser.c s3:winbind: Fork multiple children per domain 2011-01-21 13:51:27 +01:00
wb_seqnum.c s3:winbind: Fork multiple children per domain 2011-01-21 13:51:27 +01:00
wb_seqnums.c s3:winbindd: use ndr_wbint_c.h instead of cli_wbint.h 2011-01-11 15:40:21 +01:00
wb_sid2gid.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
wb_sid2uid.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
wb_uid2sid.c s3:winbindd: use ndr_wbint_c.h instead of cli_wbint.h 2011-01-11 15:40:21 +01:00
winbindd_ads.c Avoid overriding default ccache for ads operations. 2012-09-12 21:18:09 +02:00
winbindd_allocate_gid.c s3:winbindd: use ndr_wbint_c.h instead of cli_wbint.h 2011-01-11 15:40:21 +01:00
winbindd_allocate_uid.c s3:winbindd: use ndr_wbint_c.h instead of cli_wbint.h 2011-01-11 15:40:21 +01:00
winbindd_async.c s3: Move parse_sidlist to the only calling file 2010-11-17 12:17:21 +01:00
winbindd_cache.c Correctly check for errors in strlower_m() returns. 2012-08-09 12:08:18 -07:00
winbindd_ccache_access.c libreplace: Add getpeereid implementation. 2012-03-24 16:00:36 +01:00
winbindd_change_machine_acct.c s3:winbind: Fork multiple children per domain 2011-01-21 13:51:27 +01:00
winbindd_check_machine_acct.c s3:winbind: Fork multiple children per domain 2011-01-21 13:51:27 +01:00
winbindd_cm.c Check error returns from strupper_m() (in all reasonable places). 2012-08-09 12:06:54 -07:00
winbindd_cred_cache.c Fix bug #9098 - winbind does not refresh kerberos tickets. 2012-08-21 22:01:15 +02:00
winbindd_creds.c s3-winbindd: make sure we obey the -n switch also for samlogon cache access. 2011-06-08 14:44:31 +02:00
winbindd_domain.c s3:winbind: Fork multiple children per domain 2011-01-21 13:51:27 +01:00
winbindd_dsgetdcname.c s3:winbindd: use ndr_wbint_c.h instead of cli_wbint.h 2011-01-11 15:40:21 +01:00
winbindd_dual_ndr.c s3:winbindd: let wbint handles return NT_STATUS_CONNECTION_DISCONNECTED 2011-09-14 18:03:18 +02:00
winbindd_dual_srv.c s3-winbind: Return the DC name from DC_PING 2012-08-15 11:44:42 +10:00
winbindd_dual.c lib/param: Move all enum declarations to lib/param 2012-07-24 11:01:17 +02:00
winbindd_endgrent.c
winbindd_endpwent.c
winbindd_getdcname.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
winbindd_getgrent.c s3: Fix a getgrent crash with many groups 2010-11-03 12:58:49 +00:00
winbindd_getgrgid.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
winbindd_getgrnam.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
winbindd_getgroups.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
winbindd_getpwent.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
winbindd_getpwnam.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
winbindd_getpwsid.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
winbindd_getpwuid.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
winbindd_getsidaliases.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
winbindd_getuserdomgroups.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
winbindd_getusersids.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
winbindd_gid_to_sid.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
winbindd_group.c s3-winbind: DON'T PANIC if we couldn't find the domain. 2012-09-04 18:16:06 +02:00
winbindd_idmap.c
winbindd_list_groups.c s3:winbind: Fork multiple children per domain 2011-01-21 13:51:27 +01:00
winbindd_list_users.c s3:winbind: Fork multiple children per domain 2011-01-21 13:51:27 +01:00
winbindd_locator.c
winbindd_lookupname.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
winbindd_lookuprids.c s3: explicitly pass domain_sid to wbint_LookupRids() (bug #7841) 2011-06-27 18:21:30 +02:00
winbindd_lookupsid.c s3: state->ev is not needed in winbindd_lookupsid 2011-03-07 20:52:53 +01:00
winbindd_lookupsids.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
winbindd_misc.c s3: Fix Coverity ID 241320 Array compared against 0 2012-05-14 15:11:47 +02:00
winbindd_msrpc.c s3-smbldap: move ldap_open_with_timeout out of smb_ldap.h to ads where it lives. 2011-11-17 03:47:53 +01:00
winbindd_ndr.c s3:winbindd_nrd: include ../librpc/ndr/libndr.h instead of librpc/ndr/util.h 2011-05-31 12:54:22 +02:00
winbindd_pam_auth_crap.c s3-param Remove special case for global_myname(), rename to lp_netbios_name() 2011-06-09 12:40:09 +02:00
winbindd_pam_auth.c Fix bug #7589 - ntlm_auth fails to use cached credentials. 2010-07-29 12:44:00 -07:00
winbindd_pam_chauthtok.c
winbindd_pam_chng_pswd_auth_crap.c
winbindd_pam_logoff.c libreplace: Add getpeereid implementation. 2012-03-24 16:00:36 +01:00
winbindd_pam.c Fix bug #9098 - winbind does not refresh kerberos tickets. 2012-08-21 22:01:15 +02:00
winbindd_ping_dc.c s3-winbind: Return the DC name from DC_PING 2012-08-15 11:44:42 +10:00
winbindd_proto.h Fix bug #9098 - winbind does not refresh kerberos tickets. 2012-08-21 22:01:15 +02:00
winbindd_reconnect.c s3-winbindd: copy acct_info to wb_acct_info so we dont need passdb for it. 2011-03-30 01:13:08 +02:00
winbindd_rpc.c Fix a bunch of "unused variable" warnings. 2012-02-18 06:22:40 +01:00
winbindd_rpc.h s3-winbindd: copy acct_info to wb_acct_info so we dont need passdb for it. 2011-03-30 01:13:08 +02:00
winbindd_samr.c s3: rename sid_check_is_in_our_domain() to sid_check_is_in_our_sam() 2012-07-12 18:36:02 +02:00
winbindd_setgrent.c
winbindd_setpwent.c
winbindd_show_sequence.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
winbindd_sid_to_gid.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
winbindd_sid_to_uid.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
winbindd_sids_to_xids.c s3:winbindd: do not expose negative cache idmap entries as valid mappings (bug #9002) 2012-06-21 16:07:15 +02:00
winbindd_uid_to_sid.c s3: Use tevent_req_ntstatus properly in a few places 2011-05-10 13:11:10 +02:00
winbindd_util.c Correctly check for errors in strlower_m() returns. 2012-08-09 12:08:18 -07:00
winbindd_wins_byip.c s3:winbind: Convert WINBINDD_WINS_BYIP to the async API 2011-06-05 12:10:15 +02:00
winbindd_wins_byname.c s3: Fix winbindd_wins_byname 2011-06-25 15:40:15 +02:00
winbindd.c param: Add startup checks for valid server role/binary combinations 2012-08-23 15:02:26 +02:00
winbindd.h s3-winbindd: no need to globally include ldap headers in winbindd. 2011-11-17 02:11:46 +01:00
wscript_build s3-winbind: Remove obsolte idmap_adex. 2012-07-03 21:56:48 +02:00