summaryrefslogtreecommitdiffstats
path: root/source3/winbindd
Commit message (Collapse)AuthorAgeFilesLines
...
* samr: don't block the sam sid or the builtin domain sid in sid_to_nameStefan Metzmacher2014-02-251-0/+2
| | | | | | | | | | | | | Previously only members of these domains were handled. But we also need to handle the domain itself. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463 Change-Id: I44f85267eda243d586fffd24a799e153de0ff982 Pair-Programmed-With: Gregor Beck <gbeck@sernet.de> Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@sernet.de> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:winbindd: avoid directly asking a trusted domain in wb_lookupsids*()Gregor Beck2014-02-211-1/+1
| | | | | | | | | | | | | | As a domain member we should always use a DC of our own domain. It would be possible to pass all sids in one single dcerpc_wbint_LookupSids() call. For now we just fix bug. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=10458 Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:winbindd: fix _wbint_LookupSids() on errorGregor Beck2014-02-211-1/+7
| | | | | | | | | | | | | | | We need to make sure that r->out.domains remains valid, otherwise we're not able to marshall the response. Note that wbint_LookupSids() has [out,ref] lsa_RefDomainList *domains, while lsa_LookupSids() has [out,ref] lsa_RefDomainList **domains. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=10458 Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* winbindd: Avoid using deallocated memorySantosh Kumar Pradhan2014-02-201-1/+1
| | | | | | | | | | | Failure in ads_search_retry() deallocates the memory occupied by "ads" which should not be used after. CID: 242096 Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* winbindd: Use the right flags in dsgetdcnameVolker Lendecke2014-02-141-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Feb 14 21:59:22 CET 2014 on sn-devel-104
* param: No longer have a special case for lp_configfileAndrew Bartlett2014-02-121-1/+1
| | | | | | | | | | | | | | This parameter is renamed because it does not normally return the current smb.conf file, but instead returns the next one, as found in a config file = directive, to be loaded. This avoids a conflict with the lpcfg_configfile from lib/param, which does refer to the current smb.conf path. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Michael Adam <obnox@samba.org>
* param: rename lp function and variable from "cli_minprotocol" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "client_min_protocol" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "cli_maxprotocol" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "client_max_protocol" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from 'piddir' to 'pid_directory'Garming Sam2014-02-071-4/+4
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from 'lockdir' to 'lock_directory'Garming Sam2014-02-071-2/+2
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dbwrap: add a dbwrap_flags argument to db_open()Michael Adam2014-02-073-3/+3
| | | | | | | | | | This is in preparation to support handing flags to backends, in particular activating read only record support for ctdb databases. For a start, this does nothing but adding the parameter, and all databases use DBWRAP_FLAG_NONE. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* winbind3: Simplify fillup_pw_fieldVolker Lendecke2014-02-051-15/+14
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Feb 5 13:47:52 CET 2014 on sn-devel-104
* winbind3: Use fstrcpyVolker Lendecke2014-02-051-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* winbind3: Fix a comment typoVolker Lendecke2014-02-051-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* log winbind version (when requested) in winbindd logNoel Power2014-01-221-2/+2
| | | | | | | | | | | | | winbindd currently only logs the INTERFACE version request, it would be useful to additionally have the version returned in the log also. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jim McDonough <jmcd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Jan 22 21:57:04 CET 2014 on sn-devel-104
* s3-winbind: separate child response sock writeDavid Disseldorp2014-01-201-20/+27
| | | | | | | | | | For consistency with request read side. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Jan 20 14:23:10 CET 2014 on sn-devel-104
* s3-winbind: only pass needed args to child_read_requestDavid Disseldorp2014-01-201-18/+10
| | | | | | | | | | The socket and request are the only arguments required, the entire winbind child state structure is not needed. This allows for the separation of the request and response structures, which is useful for asynchronous conversion. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done().Volker Lendecke2014-01-161-1/+1
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jan 16 20:17:24 CET 2014 on sn-devel-104
* s3: winbindd: Move calling setup_domain_child() into add_trusted_domain().Jeremy Allison2014-01-081-32/+14
| | | | | | | | | | | | | | | | | Ensure it only gets called when a new domain is allocated and added to the list. This should fix problems with the previous logic where setup_domain_child() was called in places where an existing domain was returned. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jan 8 20:46:55 CET 2014 on sn-devel-104
* s3: winbindd: Move the logic of whether to set 'domain->primary' into ↵Jeremy Allison2014-01-081-4/+10
| | | | | | | | | add_trusted_domain(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3:winbindd: make use of rpccli_netlogon_network_logon()Stefan Metzmacher2014-01-071-13/+15
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of trust_pw_change() in _wbint_ChangeMachineAccount()Stefan Metzmacher2014-01-071-28/+7
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of trust_pw_change() for periodic password changesStefan Metzmacher2014-01-071-8/+8
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: use invalidate_cm_connection() to kill the netlogon connectionStefan Metzmacher2014-01-071-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of rpccli_{create,setup}_netlogon_creds()Stefan Metzmacher2014-01-073-52/+77
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: call rpccli_pre_open_netlogon_creds() in the parentStefan Metzmacher2014-01-071-0/+8
| | | | | | | This opens the CLEAR_IF_FIRST tdb in the long living parent. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: use netlogon_creds_cli_auth_level() in ↵Stefan Metzmacher2014-01-071-4/+1
| | | | | | | | | | cli_rpc_pipe_open_schannel_with_key() This means the auth level is now based on the "winbindd sealed pipes" option, defaulting to "yes" and DCERPC_AUTH_LEVEL_PRIVACY. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: make use of the new netlogon_creds_cli_contextStefan Metzmacher2014-01-073-144/+37
| | | | | | | | | | | | | | | This exchanges rpc_pipe_client->dc with rpc_pipe_client->netlogon_creds and lets the secure channel session state be stored in node local database. This is the proper fix for a large number of bugs: https://bugzilla.samba.org/show_bug.cgi?id=6563 https://bugzilla.samba.org/show_bug.cgi?id=7944 https://bugzilla.samba.org/show_bug.cgi?id=7945 https://bugzilla.samba.org/show_bug.cgi?id=7568 https://bugzilla.samba.org/show_bug.cgi?id=8599 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of the "winbind sealed pipes" option for all connectionsStefan Metzmacher2014-01-072-3/+20
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd fix a compiler warningChristian Ambach2013-12-121-2/+2
| | | | | | | about a potentially uninitialized variable Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:winbindd fix use of uninitialized variablesChristian Ambach2013-12-101-0/+13
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10280 Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-winbindd: Fix DEBUG statement in winbind_msg_offline().Jan Brummer2013-12-091-1/+1
| | | | | | | | | | | | Guenther BUG: https://bugzilla.samba.org/show_bug.cgi?id=10285 Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Mon Dec 9 17:28:37 CET 2013 on sn-devel-104
* CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked.Jeremy Allison2013-12-092-4/+16
| | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Mon Dec 9 09:00:41 CET 2013 on sn-devel-104
* CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.Jeremy Allison2013-12-091-12/+2
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.Jeremy Allison2013-12-092-0/+35
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
* s3-winbind: Pass the group name to fillup_pw_field().Andreas Schneider2013-11-221-30/+43
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Nov 22 02:04:54 CET 2013 on sn-devel-104
* s3-lib: Add grpname to talloc_sub_specified().Andreas Schneider2013-11-211-2/+2
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* winbind: Make centry_start staticChristof Schmitt2013-11-152-2/+2
| | | | | | | | | | centry_start is only used in winbindd_cache.c Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Christof Schmitt <cs@samba.org> Autobuild-Date(master): Fri Nov 15 18:05:41 CET 2013 on sn-devel-104
* s3-winbindd: Fix #10264, cache_traverse_validate_fn failure for NDR cache ↵Günther Deschner2013-11-131-1/+2
| | | | | | | | | | | | | | | | entries. We need to increase the keysize limit for NDR queries. A wbint_LookupSids query for just 20 sids already hits the older limit. Guenther https://bugzilla.samba.org/show_bug.cgi?id=10264 Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Wed Nov 13 19:33:46 CET 2013 on sn-devel-104
* idmap_autorid: fix failure in reverse lookup if ID is from domain range index #0Abhidnya Joshi2013-11-071-1/+1
| | | | | | | | | Domain range index #0 is not included in the database record. So in this special case we only have the SID, not SID#IDX... Signed-off-by: Abhidnya Joshi <achirmul@in.ibm.com> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* idmap_autorid: fix status code when trying to load range for an invalid inputMichael Adam2013-11-071-0/+6
| | | | | | | | | | | | | | The "sid" input needs to be verified (it can currently be a SID or "ALLOC"). When handing in string that is valid for other kinds of records, but not for the SID[#IDX]-->RANGE direction of mappings, like for instance a range number, then we get "NT_STATUS_INTERNAL_DB_CORRUPTION" because parse records finds the record, but it does not have the expected size... This patch fixes this problem by pre-validating the input before fetching the record from the database. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* idmap_autorid: add space between two words in a debug messageAtul Kulkarni2013-11-071-2/+2
| | | | | | Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* winbind3: Fix CID 241468 Resource leakVolker Lendecke2013-10-211-0/+1
| | | | | | | We were leaking centry in this error case Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* idmap_autorid: fix traversal of ranges to correctly exclude mapping records.Michael Adam2013-10-211-0/+8
| | | | | | | | | | | | | | | When listing all ranges with "net idmap get ranges", the database records of the form "S-1-5-10" --> "GID 100016" were treated here as rangee mapings, resulting in an faulty printout like this: "RANGE 541346119: S-1-5-10". This patch fixes this by adding a filter that checks the size of the value datablob. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Oct 21 19:48:40 CEST 2013 on sn-devel-104
* winbind3: Fix CID 1107229 Uninitialized pointer readVolker Lendecke2013-10-191-1/+2
| | | | | | | | | | The first "goto done" would TALLOC_FREE the uninitialized "value" Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Oct 19 03:43:04 CEST 2013 on sn-devel-104
* s3:winbindd: use cluster_probe_ok()Michael Adam2013-10-171-10/+3
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* smbd/winbindd: Do an early check if ctdbd is functionalVolker Lendecke2013-10-171-0/+12
| | | | | | | | | This will avoid panic calls when smbd and winbind is started in cluster mode before ctdb is functional. It still logs something sane at debug level 0, but it does not panic and core anymore. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:winbindd: don't hide the error in cm_connect_lsa()Stefan Metzmacher2013-10-171-1/+0
| | | | | | | | We should not overwrite the error with NT_STATUS_PIPE_NOT_AVAILABLE. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-winbindd: Remove undocumented winbindd:socket dir parameterAndrew Bartlett2013-10-152-8/+2
| | | | | | | | | | | | | | | | This uses the documeted "winbindd socket directory" parameter instead. This came about due to the merge of the two smb.conf tables in s3 and s4 for the Samba 4.0 release. The s4 code used a real parameter, which caused this to be documented, whereas no automatic procedure existed to notice the parametric option and the need to document that. The fact that this was not used consistently in both codebases is one of the many areas of technical debt we still need to pay off here. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-winbind: Send online/offline message of the domain to the parent.Andreas Schneider2013-10-111-0/+22
| | | | | | | | | | https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Oct 11 13:37:56 CEST 2013 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-09-02 14:15:07 +0000