summaryrefslogtreecommitdiffstats
path: root/source/nsswitch
Commit message (Collapse)AuthorAgeFilesLines
* Attempt to fix bug #6099. According to MicrosoftJeremy Allison2009-07-301-19/+63
| | | | | | | | | | | Windows 7 looks at the negotiate_flags returned in this structure *even if the call fails with access denied ! So in order to allow Win7 to connect to a Samba NT style PDC we set the flags before we know if it's an error or not. Jeremy. (cherry picked from commit 194fdee65f91e8ea88196d2cff1c678f868bb3df)
* Fix bug #5906 - Winbindd crash on 'getent group' (INTERNAL ERROR: Signal 11).Jeremy Allison2009-07-301-2/+2
| | | | | | Was missed in the last maintenence release. Jeremy. (cherry picked from commit db4a435d235bedf48d668a0f4418dd46f38044ed)
* Fix logic bug introduce in backport of ccache_regain_all_now, sync withJeremy Allison2009-01-121-16/+23
| | | | | | 3.3 implementation. Jeremy. (cherry picked from commit ab29d6c6d349352db017d3046aeaee59e33745f4)
* Backport of the clean event context after fork andBo Yang2009-01-123-127/+409
| | | | | krb5 refresh chain fixes. (cherry picked from commit 194425f8074e2cfd5893499099614666f8d8ecd9)
* Don't set child->requests to NULL in parent after forkBo Yang2009-01-121-1/+0
| | | | (cherry picked from commit a4438df44621ae37c13e5c5064cc3dc5e1371457)
* winbindd: make all winbind rpc-methods static.Michael Adam2009-01-121-30/+31
| | | | | | | | Now that the methods are no longer needed in winbindd_ads, we can make them static again. Michael (cherry picked from commit a2329ec0eea66108f44dae3853e578dbbf835f96)
* winbindd_ads: use the reconnect methods instead of the rpc methods directlyMichael Adam2009-01-121-6/+74
| | | | | | | | | | | Some of the ads methods just point to the rpc methods. This makes winbindd_ads use the reconnect methods instead of calling the rpc methods directly in order to prevent negative cache entries for e.g. name_to_sid, when the dc has closed the connection without sending a reset. Michael (cherry picked from commit 06f19e52489b3253ea4292795e4c73fa94cfd392)
* Fix memory leak in error path, spotted by Martin Zielinski <mz@seh.de>.Jeremy Allison2009-01-121-0/+1
| | | | | Jeremy. (cherry picked from commit ba12ab479b3764e0d251d74401dc5fa31a48f83d)
* ntlm_auth: Put huge NTLMv2 blobs into extra_data on CRAP authKai Blin2009-01-122-7/+18
| | | | | This fixes bug #5865 (cherry picked from commit 1941f42b04dd20763449ba57e4543aca41ca2155)
* winbindd: Reformat the WBFLAGS defines to prepare for adding a new flag.Kai Blin2009-01-121-15/+15
| | | | (cherry picked from commit 1f3eba80c8df79f31757bc2075f5730cd261806c)
* winbind: fix smbd hanging on Solaris when winbindd closes socket.Michael Adam2009-01-121-1/+6
| | | | | | | | | | | | | | | | | | On some versions of Solaris, we observed a strange effect of close(2) on a socket: After the server (here winbindd) called close, the client fd was not marked as readable for select. And a write call to the fd did not produce an error EPIPE but just returned as if successful. So while winbindd had called remove_client(), the corresponding smbd still thought that it was connected, but failed to retrieve answers for its queries. This patch works around the problem by forcing the client fd to the readable state: Just write one byte into the socket before closing. Michael (cherry picked from commit 559ba0215cada4093efd22f165b608c41913d935)
* Fix the build of pam_winbind.Andreas Schneider2009-01-121-1/+1
| | | | (cherry picked from commit 90651d77f1f7fc6d29629d3a0dd566d07c090609)
* Delete the krb5 ccname variable from the PAM environment if set.Andreas Schneider2009-01-121-0/+8
| | | | | | If winbind sets the KRB5CCNAME variable it should unset it when the cache gets destroyed. (cherry picked from commit 98f3369e08f4d5bc759e93d36f3d67a3c057f40d)
* Fix bug #5814 - Winbindd dumping core in a strange manner while doing ↵Jeremy Allison2009-01-121-0/+23
| | | | | | | | | | | | | | | | | "rescan_trusted_domain". From analysis by hargagan <shargagan@novell.com> : "The winbindd_child_died() is also getting called from process_loop() in case of SIGCHLD signal. In this case it doesn't make the timeout_handler to NULL for the first request. It then initiate a new request using schedule_async_request() which installs a new timeout handler for the same request. In such a case, for a badly unresponsive system both the timeout handler can be called. For the first call the "private_data" will be cleared and for another call the timeout handler will be detecting the double free. So, for such a case as well, the winbindd_child_died() should make the timeout_handler to NULL." Jeremy. (cherry picked from commit cfa9d20db78875969ea8065161f8efdf5281d003)
* Fix use of DLIST_REMOVE as spotted by Constantine Vetoshev <gepardcv@gmail.com>.Jeremy Allison2009-01-121-2/+1
| | | | | | | | | | | | | | | | | | This API is unusual in that if used to remove a non-list head it nulls out the next and prev pointers. This is what you want for debugging (don't want an entry removed from the list to be still virtually linked into it) but means there is no consistent idiom for use as the next and prev pointers get trashed on removal from the list, meaning you must save them yourself. You can use it one way when deleting everything via the head pointer, as this preserves the next pointer, but you *must* use it another way when not deleting everything via the head pointer. Fix all known uses of this (the main one is in conn_free_internal() and would not free all the private data entries for vfs modules. The other changes in web/statuspage.c and winbindd_util.c are not strictly neccessary, as the head pointer is being used, but I've done them for consistency. Long term we must revisit this as this API is too hard to use correctly. Jeremy. (cherry picked from commit 45514fc5d85221339a4ee55b9f9f78c917b2fd19)
* Fix winbindd crash in an unusual failure mode. Bug #5737. Based on original ↵Jeremy Allison2009-01-121-5/+9
| | | | | | | patch from shargagan@novell.com Jeremy. (cherry picked from commit 2f230176a19788e659522c7ccccb19b289412166)
* Fix a memleakQiao Yang2009-01-121-1/+2
| | | | | | | request.extra_data is not freed if there is no extra_data in response or when there is some error happens in processing. This patch will free the buffer right after processing a request before sending back a response. (cherry picked from commit 05a80132ea95f40fdc8d4cfa6f90d8ba472a0272)
* Fix bug 4516, no IPv6 on Solaris 2.6.David Leonard2009-01-121-3/+22
| | | | (cherry picked from commit e05cf6e9337f949d369c915d8eec20dc58aa614e)
* nss_winbind: When returning NSS_UNAVAIL, squash errno to ENOENTGerald (Jerry) Carter2008-08-201-0/+14
| | | | | | | | | | | According to the GNU libc nss guide, we should always set errno to ENOENT when returning NSS_UNAVAIL. http://www.gnu.org/software/libtool/manual/libc/NSS-Modules-Interface.html#NSS-Modules-Interface At least the MQ Series message queing service that runs on WebSphere will fail if you return any other errno in this case. (cherry picked from commit ee26664602445fa7798e2061f6bcbef0756d6528)
* Back-port of Volkers fix.Jeremy Allison2008-07-251-4/+3
| | | | | | | | | | | | | | | | | | Fix a race condition in winbind leading to a crash When SIGCHLD handling is delayed for some reason, sending a request to a child can fail early because the child has died already. In this case async_main_request_sent() directly called the continuation function without properly removing the malfunctioning child process and the requests in the queue. The next request would then crash in the DLIST_ADD_END() in async_request() because the request pending for the child had been talloc_free()'ed and yet still was referenced in the list. This one is *old*... Volker Jeremy.
* In the "log file = " case, don't overwrite theJim McDonough2008-07-172-7/+13
| | | | log.wb-<domain> logfile name on smb.conf reload.
* Allow authentication and memory credential refresh after password change ↵Jeremy Allison2008-07-072-11/+38
| | | | | | from gdm/xdm. Patch from boyang <boyang@novell.com>. Jeremy.
* Part of fix for #5551. Split out the group enumeration functions to a ↵Jeremy Allison2008-06-251-15/+27
| | | | | | | BUILTIN and a Domain specific version. Stops the domain groups appearing twice. Jeremy.
* Final (hopefully :-) part of fix for bug #5551. Allow passdb backend to ↵Jeremy Allison2008-06-251-23/+45
| | | | | | enumerate domain groups. Jeremy.
* Fix bug #5533. Winbindd fails to cope correctly with a workgroup name ↵Jeremy Allison2008-06-201-9/+3
| | | | | | containing a '.'. Jeremy.
* We should use set_domain_offline(domain) function instead of just set staus ↵Jeremy Allison2008-06-131-1/+5
| | | | | | | | to offline. Otherwise, domain will never goes online again. From Bo Yang <boyang@novell.com> Jeremy.
* pam_winbind: Update cached creds during password change.Günther Deschner2008-06-111-0/+4
| | | | | | Fix is from Bo Yang @ Novell. Thanks!
* Bugfix noticed by Herb. On using the again: tag as aJeremy Allison2008-06-081-0/+15
| | | | | | | | | | | | | | | | | | | | | goto target we were not reinitializing the array counts. From Herb: This is in the file nsswitch/winbindd_cm.c (samba-3.0.30) line 1236 We have a label again: where we keep trying to find the name of the DC from the list of IPs returned by get_dcs. If we fail to figure out the name we do a goto again at the end of the function. The problem is we don't reset the num_dcs, num_addrs, etc and free the memory in the various arrays. This seems wrong to me. I have a winbindd core where I have 9 IPs returned for the DCs but at the time of the crash num_dcs is 87 and if I look through the array dcs it keeps repeating entries from the same group of 9 Jerry, Volker and Guenther please check. Jeremy.
* pam_winbind: fix pam_sm_chauthtok for storing modified cached creds.Günther Deschner2008-06-061-1/+16
| | | | | | Thanks to Bo Yang for pointing this out. Guenther
* Fix by Bo Yang <boyang@novell.com> for bug with winbindd trusted domain chilJeremy Allison2008-06-031-2/+20
| | | | | not keeping primary domain online status up to date. Jeremy.
* Don't let winbind getgroups crash when we have no gids in the token.Günther Deschner2008-06-021-2/+5
| | | | Guenther
* Split the winbindd_passdb backend into a 'builtin' and a 'sam'Jeremy Allison2008-05-303-111/+329
| | | | | | | | backend. This allows winbindd when running on a Samba PDC to correctly answer wbinfo -u lists and other queries. I will forward port this to 3.2 and 3.3 over the weekend. Passes running under valgrind. Jeremy.
* Fix valgrind bug in debug statement. Don't reference uninitialized memory.Jeremy Allison2008-05-301-3/+2
| | | | Jeremy.
* Fix bug #5504. winbindd children and parent were handing SIGTERM in the same ↵Jeremy Allison2008-05-302-11/+18
| | | | | | way - deleting the socket ! Jeremy.
* Fix winbindd on a PDC by reverting : ↵Jeremy Allison2008-05-292-10/+6
| | | | | | | | 83b04c60fac76ccd2d5aecb14f8896a07d488b1f..6e66512d5beb256a44c6703cdb8c7fa7e0fd8537. We still need to address https://bugzilla.redhat.com/show_bug.cgi?id=429024, but this will come later. Jeremy.
* spnego SPN fix when contacting trusted domainsSteven Danneman2008-05-231-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | cli_session_setup_spnego() was not taking into consideration the situation where we're connecting to a trusted domain, specifically one (like W2K8) which doesn't return a SPN in the NegTokenInit. This caused two problems: 1) When guessing the SPN using kerberos_get_default_realm_from_ccache() we were always using our default realm, not the realm of the domain we're connecting to. 2) When falling back on NTLMSSP for authentication we were passing the name of the domain we're connecting to for use in our credentials when we should be passing our own workgroup name. The fix for both was to split the single "domain" parameter into "user_domain" and "dest_realm" parameters. We use the "user_domain" parameter to pass into the NTLM call, and we used "dest_realm" to create an SPN if none was returned in the NegTokenInit2 packet. If no "dest_realm" is provided we assume we're connecting to our own domain and use the credentials cache to build the SPN. Since we have a reasonable guess at the SPN, I removed the check that defaults us directly to NTLM when negHint is empty.
* Use machine account and machine password from our domain whenSteven Danneman2008-05-231-3/+3
| | | | contacting trusted domains.
* Fix bug #5464. Pointed out by Herb @ Connectathon. In fork_domain_child() we ↵Jeremy Allison2008-05-141-3/+3
| | | | | | | | | | | | | | call : CatchChild(); *before* we fork the domain child. This call establishes a signal handler that eats SIGCLD signals and doesn't call sys_select_signal() as the main daemon SIGCLD handler should do. This causes the parent to ignore dead children and time out, instead of calling winbind_child_died() on receipt of the signal. The correct fix is to move the CatchChild call into the child code after the fork. Jeremy.
* Enable winbind child processes to do something with signals,Jim McDonough2008-05-132-10/+25
| | | | in particular closing and reopening logs on SIGHUP.
* This code is the same in 3.0.x winbindd.Jeremy Allison2008-04-301-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | From commit commit 5a270bc99f52483f168d662d843672d05be74473 Author: Gerald W. Carter <jerry@samba.org> Winbind: Prevent cycle in children list when reaping dead child processes. Thanks to Glenn Curtis and Kyle Stemen @ Likewise. Their explanation is: In winbindd_dual.c, there is a list of children processes that is maintained using macros DTLIST_ADD and DTLIST_REMOVE. In the case when a scheduled_async_request fails, the particular child was located in the list, and its attributes were cleared out and it was reused for a subsequent async request. The bug was that the new request would queue the same node into the doubly-linked list and would result in list->next pointing to the same node as list itself. This would set up an infinite loop in the processing of the for loop when the list of children was referenced. Solution was to fully remove the child node from the list, such that it could be inserted without risk of being inserted twice. Note that the child is re-added to the list in fork_domain_child() again. Jeremy.
* Try anonymous session setupVolker Lendecke2008-04-091-1/+3
| | | | | | ... if there's no trust password Attempt to fix bug 5350
* Only cache password policy results that worked, otherwise weBo Yang2008-04-071-1/+3
| | | | | cannot login until the cache expires even if a connection to a DC has been restored.
* Fix NETLOGON credential chain with Windows 2008 all over the place.Günther Deschner2008-04-041-5/+1
| | | | | | | | | | | In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8 netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate flags everywhere (not only when running in security=ads). Only for NT4 we need to do a downgrade to the returned negotiate flags. Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6. Guenther
* Fix trusted users on a DC that uses the old idmap syntax. There was no ↵Simo Sorce2008-04-031-0/+70
| | | | default backend therefore on IDs were mapped by default.
* Fix wbinfo -a trusted\\user%password on a Samba DC with trustsVolker Lendecke2008-03-272-1/+5
| | | | Winbind can't be allowed to connect to the local smbd.
* Fix winbind NETLOGON cred chain on a samba dc for w2k8 trusts.Günther Deschner2008-03-261-1/+5
| | | | Guenther
* Fix possible uninitialized variable use.Jeremy Allison2008-02-281-1/+1
| | | | Jeremy.
* Back-ported fix from 3.2 (mainly from Bo Yang <boyang@novell.com>)Jeremy Allison2008-02-051-19/+38
| | | | | to fix bad private_data pointer in winbindd_lookupname_async(). Jeremy.
* Fix winbindd running on a Samba DC,Simo Sorce2008-02-012-6/+11
| | | | | | | This patch make sure we do not try to contact smbd in the main dameon to avoid deadlocks. All the operations that require connecting to smbd are performed in the domain child anyway.
* idmap: Fix an incompatible pointer type warning.Kai Blin2008-01-281-1/+1
| | | | Thanks to Simo for pointing me at the easier solution
generated by cgit (git 2.34.1) at 2025-08-28 23:47:06 +0000