summaryrefslogtreecommitdiffstats
path: root/source3/winbindd
Commit message (Collapse)AuthorAgeFilesLines
...
* autorid: factor idmap_autorid_sid_to_id() out of idmap_autorid_sids_to_unixids()Michael Adam2014-04-251-95/+76
| | | | | | | | | - reduces indentation - unifies error code paths and bumping counters - makes the code more easy to read Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: make the checks for bumping num_mapped identical for alloc and rid caseMichael Adam2014-04-251-2/+2
| | | | | | | in idmap_autorid_sids_to_unixids() Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: explicitly return NTSTATUS_OK in idmap_autorid_sid_to_id_alloc().Michael Adam2014-04-251-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: more explicitly and reasonably set map->state in ↵Michael Adam2014-04-251-3/+5
| | | | | | | idmap_autorid_sid_to_id_alloc Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: rename idmap_autorid_sid_to_id() -> idmap_autorid_sid_to_id_rid()Michael Adam2014-04-251-2/+3
| | | | | | | | For consistency. This is the function that does the calculation if the sid is treated by a rid range. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: rename idmap_autorid_map_sid_to_id() -> idmap_autorid_sid_to_id_alloc()Michael Adam2014-04-251-5/+5
| | | | | | | for consistency. this is the sid->id function for the alloc range. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: rename idmap_autorid_map_id_to_sid() -> idmap_autorid_id_to_sid_alloc()Michael Adam2014-04-251-3/+3
| | | | | | | | for consistency. This is the function that maps id to sid for the alloc range. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: factor idmap_autorid_get_alloc_range() out of ↵Michael Adam2014-04-251-6/+17
| | | | | | | idmap_autorid_allocate_id() Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: fix discard-const warning in idmap_autorid_init_hwm()Michael Adam2014-04-251-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: fix uninitialized return code for successful autorid.tdb ↵Michael Adam2014-04-251-3/+1
| | | | | | | creation/opening Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: improve a debug message in idmap_autorid_map_sid_to_id()Michael Adam2014-04-251-2/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: add debug messages to idmap_autorid_get_domainrange()Michael Adam2014-04-251-0/+4
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: improve wording in a debug messageMichael Adam2014-04-251-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: remove a legacy comment from sid_to_idMichael Adam2014-04-251-5/+0
| | | | | | | | | | | With the introduction of the ID_TYPE_BOTH mapping to idmap_autorid, it is not a deficiency but a virtue of the autorid backend that it does not care about the existence or type of the sid to be mapped. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* idmap_rid: remove a legacy comment from sid_to_idMichael Adam2014-04-251-4/+0
| | | | | | | | | | | With the introduction of the ID_TYPE_BOTH mapping to idmap_rid, it is not a deficiency but a virtue of the rid backend that it does not care about the existence or type of the sid to be mapped. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* idmap_tdb_common: remove legacy comment.Michael Adam2014-04-251-5/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* idmap_tdb_common: fix a debug message in idmap_tdb_common_set_mapping()Michael Adam2014-04-251-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* idmap_tdb_common: fix a debug message in idmap_tdb_common_unixid_to_sid()Michael Adam2014-04-251-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3: winbindd: Call dgram cleanup init background setup.Jeremy Allison2014-04-231-0/+4
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* winbindd: use exit_daemon() to pass startup status to systemdAlexander Bokovoy2014-04-231-9/+4
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10517 Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* add systemd integrationAlexander Bokovoy2014-04-231-0/+5
| | | | | | | | | | | | | | | Add --with-systemd / --without-systemd options to check whether libsystemd-daemon library is available and use it to report service startup status to systemd for smbd/winbindd/nmbd and AD DC. The problem it solves is correct reporting of the Samba services at the point when they are ready to serve clients, important for high availability software integration. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10517 Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib-util: rename memdup to smb_memdup and fix all callersBjörn Baumbach2014-04-161-1/+1
| | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Volker Lendecke <vl@samba.org>
* autorid: use the db argument in the initialize traverse action.Michael Adam2014-04-031-2/+2
| | | | | | | | | | | | | | By a copy and paste error, the global autorid_db was used. This was not currently a problem in behaviour, because this autorid_db is passed as the argument. This change fixes the callback function for consistency. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Apr 3 08:36:55 CEST 2014 on sn-devel-104
* autorid: make the whole initialization atomic with one transaction.Michael Adam2014-04-031-10/+38
| | | | | | | | | | | | | | | | | | | | | | | | Originally, there were several writing operations: - store the range HWM - store the alloc uid HWM - store the alloc gid HWM - store the config - create mappings for a whole list of wellknown sids Each of these consisted of its own transaction, the wellknown preallocation even of one transaction per sid. This change wrapps all of these in one big transaction. Thereby making the whole initialization atomic, and with respect to the creation of the wellknown mappings also more deterministic. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Apr 3 02:41:25 CEST 2014 on sn-devel-104
* autorid: initialize: fix typo in and further improve a debug message.Michael Adam2014-04-031-2/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: initialize: use the split db_open and init_hwms function instead of ↵Michael Adam2014-04-031-1/+6
| | | | | | | | | db_init This way, we can later put all of the storing functions inside one transaction. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: initialize: open the autorid db as late as possible.Michael Adam2014-04-031-8/+9
| | | | | | | But make sure to link the db context to commonconfig afterwards. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: initialize: link config to commonconfig as soon as it is allocated.Michael Adam2014-04-031-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: initialize: link commonconfig to dom as soon as it is allocatedMichael Adam2014-04-031-2/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: initialize: store config directly before allocating well knowns.Michael Adam2014-04-031-7/+6
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: split idmap_autorid_db_open and idmap_autorid_init_hwms out of ↵Michael Adam2014-04-031-9/+38
| | | | | | | | | idmap_autorid_db_init These will be used separately in the full initialization function. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: in idmap_autorid_saveconfig, add a debug msg when loading gives errorMichael Adam2014-04-031-0/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: improve the precision of the DEBUG at the end of add_rangeMichael Adam2014-04-031-2/+5
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: add a DEBUG upon talloc fail in the add_range function.Michael Adam2014-04-031-0/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: when storing a new range, always check it does not exist.Michael Adam2014-04-031-15/+22
| | | | | | | | | | | Also check for existence when the range is >= the HWM, typically the "acquire" case where we bump the HWM. In case of external modification, we would previously simply overwrite an an existing range mapping. Now we check and throw INTERNAL_DB_CORRUPTION in this case. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: fix a potential for data corruption.Michael Adam2014-04-031-1/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The initialization of the HWM values in autorid.tdb was racy: It did: 1. fetch the HWM value 2. if it did not exist, store 0 in a transaction. This can be racy if two processes at the same time try to run the initialization code, especially in a cluster, when winbindd and smbd are started simultaneously on all nodes. The race is that the HWM is not re-fetched inside the transaction. Assume both processes see that the HWM does not exist. Both try to start a transaction. Process 1 gets the lock and process 2 blocks. After Process 1 has stored the HWM, it proceeds and manages to start subsequent transactions which also bump the HWM value (e.g. a range allocation, which is also triggered from allocation code). When process 2 finally manages to start the transaction, the HWM value is aready > 0. But process 2 does not look again and simply overwrites the HWM with 0. So the next allocation will overwrite an existing mapping, at least partially. This patch changes the mechanism to: 1. fetch the hwm value 2. if it does not exist start a transaction 3. fetch the hwm value 4. if it does not exist, store 0 5. commit the transaction. Note: this is not theoretical. Corruptions have been seen in cluster environments. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: print debug message when a HWM key has been createdMichael Adam2014-04-031-0/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: reverse logic flow in idmap_autorid_init_hwm(), decreasing indentation.Michael Adam2014-04-031-9/+13
| | | | | | | I.e. move writing case to the end. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: store hwm as uint32_t in idmap_autorid_init_hwm()Michael Adam2014-04-031-1/+1
| | | | | | | | The HWM is treated as uint32_t all the times. This was just a leftover from old code. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* winbindd: Ensure we do not look at rid_array before checking if it was returnedAndrew Bartlett2014-04-021-3/+3
| | | | | | | | We no longer return early if there are no members, we just return an empty array. Change-Id: I7b0949e0c0b9277426a8007514a8658615f6c709 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* s3-auth: Finally change make_user_info_*() use a parent talloc contextAndrew Bartlett2014-04-021-3/+6
| | | | | | Change-Id: Iedf516e8c24e0d18064aeedd8e287ed692d3c5b4 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* s3:winbindd: avoid argv related const warningsStefan Metzmacher2014-04-022-3/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Rename module init functions from samba_init_moduleChristof Schmitt2014-04-025-5/+5
| | | | | | | | | | | | | | | Some modules use samba_init_module as the name for the init functions, others use a name based on the module name. Rename the init functions from samba_init_module, to be consistent across all modules. This change also allows to build idmap_tdb2 and perfcount_test statically. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Apr 2 08:50:04 CEST 2014 on sn-devel-104
* auth/gensec: remove tevent_context argument from gensec_update()Stefan Metzmacher2014-03-271-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-kerberos: let kerberos_return_pac() return a PAC container.Günther Deschner2014-03-121-1/+7
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-kerberos: return a full PAC in kerberos_return_pac().Günther Deschner2014-03-121-1/+21
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-libads: pass down local_service to kerberos_return_pac().Günther Deschner2014-03-121-0/+9
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-kerberos: remove unused kdc_name from ↵Günther Deschner2014-03-071-4/+2
| | | | | | | | | | | | create_local_private_krb5_conf_for_domain(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Mar 7 18:43:57 CET 2014 on sn-devel-104
* rpc: fix name-normalization in rpc_sid_to_name()Michael Adam2014-02-251-1/+1
| | | | | | | | | | | | | Hand the *input* name as input into the normalize call, not the (potentially uninitialized...) *output* name... Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463 Change-Id: I4f3fc25882c22d96329e252d0a53bbe13d533472 Pair-Programmed-With: Gregor Beck <gbeck@sernet.de> Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* rpc: correctly tread domain-only requests in rpc_sid_to_name()Michael Adam2014-02-251-1/+1
| | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463 Change-Id: I6a8a8c272b9cf7dbce4f9a99012209c29c31e839 Pair-Programmed-With: Gregor Beck <gbeck@sernet.de> Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
generated by cgit (git 2.34.1) at 2025-09-02 04:07:12 +0000