summaryrefslogtreecommitdiffstats
path: root/source/winbindd
Commit message (Collapse)AuthorAgeFilesLines
* Revert "Fix winbindd crash in an unusual failure mode. Bug #5737. Based on ↵Karolin Seeger2008-11-171-9/+5
| | | | | | original patch from shargagan@novell.com" This reverts commit 9a38a8454cfbd0011d804b3ab88c16e5d4f1c4bd.
* Revert "fixed segv on startup with trusted domains"Karolin Seeger2008-11-171-21/+1
| | | | This reverts commit 8b41be0c7080edaf9fb33e583c66f2ef50a91643.
* Revert "re-added "winbind:ignore domains" patch"Karolin Seeger2008-11-171-21/+3
| | | | This reverts commit 37d4e792bfd72e4b12811e0fbdb75cec2eda8f2a.
* Revert "Fix use of DLIST_REMOVE as spotted by Constantine Vetoshev ↵Karolin Seeger2008-11-171-1/+2
| | | | | | <gepardcv@gmail.com>." This reverts commit 8443b4859f64aa5459976ce37ca96a90daae889a.
* Revert "Log in the parent winbind log where a request is going"Karolin Seeger2008-11-171-4/+0
| | | | This reverts commit b1bcaf45ce14108b7e2b429b96908e30bf6eb90d.
* Revert "Fix bug #5814 - Winbindd dumping core in a strange manner while ↵Karolin Seeger2008-11-171-23/+0
| | | | | | doing "rescan_trusted_domain"." This reverts commit 15b2f1d8744d157b131a0441e8738d8519de37c7.
* Fix bug #5814 - Winbindd dumping core in a strange manner while doing ↵Jeremy Allison2008-10-151-0/+23
| | | | | | | | | | | | | | | | | "rescan_trusted_domain". From analysis by hargagan <shargagan@novell.com> : "The winbindd_child_died() is also getting called from process_loop() in case of SIGCHLD signal. In this case it doesn't make the timeout_handler to NULL for the first request. It then initiate a new request using schedule_async_request() which installs a new timeout handler for the same request. In such a case, for a badly unresponsive system both the timeout handler can be called. For the first call the "private_data" will be cleared and for another call the timeout handler will be detecting the double free. So, for such a case as well, the winbindd_child_died() should make the timeout_handler to NULL." Jeremy. (cherry picked from commit ce8de496ec139b7a56db20c5ffbcbdc2f4db0a51)
* Log in the parent winbind log where a request is goingVolker Lendecke2008-10-151-0/+4
| | | | (cherry picked from commit f63bac521f0595ccbcf687678e325649f3e0e5e3)
* Fix use of DLIST_REMOVE as spotted by Constantine Vetoshev <gepardcv@gmail.com>.Jeremy Allison2008-10-061-2/+1
| | | | | | | | | | | | | | | | | | This API is unusual in that if used to remove a non-list head it nulls out the next and prev pointers. This is what you want for debugging (don't want an entry removed from the list to be still virtually linked into it) but means there is no consistent idiom for use as the next and prev pointers get trashed on removal from the list, meaning you must save them yourself. You can use it one way when deleting everything via the head pointer, as this preserves the next pointer, but you *must* use it another way when not deleting everything via the head pointer. Fix all known uses of this (the main one is in conn_free_internal() and would not free all the private data entries for vfs modules. The other changes in web/statuspage.c and winbindd_util.c are not strictly neccessary, as the head pointer is being used, but I've done them for consistency. Long term we must revisit this as this API is too hard to use correctly. Jeremy. (cherry picked from commit 347fc4ed725083f2c520afc39f7c81db0dd60324)
* re-added "winbind:ignore domains" patchAndrew Tridgell2008-10-061-3/+21
| | | | | | | | | | | | | This option really is essential, as we discover again and again at customer sites. Due to bugs in winbind some domains are toxic. When you are installing at a site and a particular domain in a complex setup causes winbind to segfault or hang then you need a way to disable that domain and continue. In an ideal world winbind could handle arbitrarily complex ADS domains, but we are nowhere near that yet. If we ever get to that stage then we won't need this option. (cherry picked from commit 41898a42c1ad7d382088799a6e3f712583808d20)
* fixed segv on startup with trusted domainsAndrew Tridgell2008-10-061-1/+21
| | | | | | | With some setups, idmap_tdb2_allocate_id can be called before the allocate backend is initialised, leading to a segv. This change ensures that the db is opened in all paths that use it (cherry picked from commit 3a2a70996919a7ee08fea40b8e5f1cf2e3bd7caf)
* Fix winbindd crash in an unusual failure mode. Bug #5737. Based on original ↵Jeremy Allison2008-10-061-5/+9
| | | | | | | patch from shargagan@novell.com Jeremy. (cherry picked from commit 0a0426650e596453b4b8aa6536f4fe8b1d890451)
* idmap_ad: Fix a segfault when calling nss_get_info() with a NULL ads structure.Gerald W. Carter2008-09-171-12/+69
| | | | (cherry picked from commit 30a660ea41faa3b84afa8819c7673b3fe334e79b)
* Fix for bug 5571Simo Sorce2008-09-112-2/+28
| | | | | | Make sure that usernames are parsed using the correct separator. Otherwise group memeberships in winbind may be result broken. (cherry picked from commit a2c313182135fc4f7596a595c5143b7bb71a0bdf)
* Fix a memleakQiao Yang2008-09-081-1/+2
| | | | | | | | request.extra_data is not freed if there is no extra_data in response or when there is some error happens in processing. This patch will free the buffer right after processing a request before sending back a response. (cherry picked from commit be6f12273f171a3eb1967d2299064e57d737f6a4) (cherry picked from commit 72865f5e4ff30861d58b928baaf7be3373301f37)
* Fix winbindd crash bug with trusted domains. Bug #5736James Ding2008-09-081-0/+2
| | | | (cherry picked from commit 2d84b9a1024f68657f75aa7e0c4091b8c7afd194)
* get rid of unneeded argument for get_alloc_methods as wellHerb Lewis2008-09-081-9/+5
| | | | (cherry picked from commit 59415cb8b3ce7981dbf576086e13675f343581a4)
* get rid of unneeded argument for get_methodsHerb Lewis2008-09-081-14/+10
| | | | (cherry picked from commit 2a085d5343ab954e1bd60c11033506dc7c9040e3)
* Cleanup of DC enumeration in get_dcs()Steven Danneman2008-09-081-24/+74
| | | | | | | | | | | | This is a fix for a few small inefficiencies/bugs in the get_dcs() path. * because the third add_one_dc_unique() loop was outside the ADS check all DCs returned from the non-sitename lookup were being tacked onto the dc_name_ip list twice. * add_one_dc_unique() now checks if the given IP address already exists before adding it to the list, making the returned list actually unique * added more thorough doxygen comment headers (cherry picked from commit edd234e7a22dab105256f90df36d86f168dcea4c)
* winbindd: fix invalid sid copy (hit when enumerating sibling domains).Günther Deschner2008-08-281-1/+1
| | | | | | Guenther (cherry picked from commit 5eee7423351ffd05486e33ff8eb905babcbc9422) (cherry picked from commit 9f0bc4ff17b5a11dc412d0b5bc136476f3209a0c)
* Fix the wcache_invalidate_samlogon calls.Jeremy Allison2008-08-282-3/+24
| | | | | Jeremy. (cherry picked from commit 0a0795fd0310cc44dac0df312325df6d08e38cdb)
* Don't re-initialize a token when we already have one. This fixes the build ↵Jeremy Allison2008-08-281-0/+3
| | | | | | | | farm failures when winbindd connects as guest. This one took a *lot* of tracking down :-). Jeremy. (cherry picked from commit f845c95dcfa0b1630a0057c62941bb8a72ebdd83)
* winbindd: Fix crash in cm_connect_sam()Gerald (Jerry) Carter2008-08-281-2/+7
| | | | | | | | | | | | | | Fix segv when talking to parent DC (joined to child domain). The root cause was (a) storing the parent domain in the cli_state struct caused the NTLMSSP pipe bind to fail which made us fallover to the schannel code path (b) the dcinfo pointer in cm_get_schannel_dcinfo() was returning NULL even though the function indicated success. (cherry picked from commit 5ce4a2ae6697970ea37d0078a506615b4b7a9a9c) (cherry picked from commit 72d138adc200ab36e324721900af1a06d0879318)
* Revert "winbindd: Fix crash in cm_connect_sam()"Karolin Seeger2008-08-271-7/+2
| | | | This reverts commit 9bbd6ee5db03747499bd263bb1365c8cd352076d.
* Revert "Don't re-initialize a token when we already have one. This fixes the ↵Karolin Seeger2008-08-271-3/+0
| | | | | | build farm failures when winbindd connects as guest." This reverts commit a90648e905aebc98c78897adf76729bea269cedf.
* Don't re-initialize a token when we already have one. This fixes the build ↵Jeremy Allison2008-08-221-0/+3
| | | | | | | | farm failures when winbindd connects as guest. This one took a *lot* of tracking down :-). Jeremy. (cherry picked from commit f845c95dcfa0b1630a0057c62941bb8a72ebdd83)
* winbindd: Fix crash in cm_connect_sam()Gerald (Jerry) Carter2008-08-221-2/+7
| | | | | | | | | | | | | | Fix segv when talking to parent DC (joined to child domain). The root cause was (a) storing the parent domain in the cli_state struct caused the NTLMSSP pipe bind to fail which made us fallover to the schannel code path (b) the dcinfo pointer in cm_get_schannel_dcinfo() was returning NULL even though the function indicated success. (cherry picked from commit 5ce4a2ae6697970ea37d0078a506615b4b7a9a9c) (cherry picked from commit 72d138adc200ab36e324721900af1a06d0879318)
* Fix bug 5696. The problem was when smbdJeremy Allison2008-08-181-2/+18
| | | | | | | | | | | | | | | | | | | | | | was asking for a winbindd name to SID lookup of "Unix Group\name" where "name" was also a valid username, the winbindd passdb lookup of that name was losing the domain string info before calling lookup name (ie. lookup_name() was being called with just the string "name", not the full string "Unix Group\name"). The passdb backend of winbindd has to cope with not only names from it's own global SAM domain, but it does lookups for BUILTIN and "Unix User" and "Unix Group" also, so making it guess by losing the domain string is "A Bad Idea" (tm) :-). Note that as winbind globally calls winbind_off() at startup, it's safe for winbind to call sys_getgrnam() to do the "Unix Group" lookup from inside lookup_name(). Jeremy. (cherry picked from commit 780a4ff80dfd03a2c422920dbd101e8f58f7136e)
* Attempt to fix Coverity ID 596Volker Lendecke2008-08-181-1/+1
| | | | | Jeremy, please check & push if it's ok. (cherry picked from commit 7e9b24a12d91fc558864e91852028adb9a381838)
* I think the problem with these functions is that lookup_usergroupsHerb Lewis2008-08-181-1/+1
| | | | | | | | | should never include the user SID. The comment for the function in winbindd/winbindd_ads.c says /* Lookup groups a user is a member of. */ The following patch makes the wbinfo calls return the correct data before and after a login. (cherry picked from commit ecf96a26bfe18899133d68032b0cda00177d57d0)
* fixed a fd leak when trying to regain contact to a domain controllerAndrew Tridgell2008-08-111-0/+1
| | | | | | | | | | | | | in winbind When a w2k3 DC is rebooted the 139/445 ports come up before the udp/389 cldap port. During this brief period, winbind manages to connect to 139/445 but not to udp 389. It then enters a tight loop where it leaks one fd each time. In a couple of seconds it runs out of file descriptors, and leaves winbind crippled after the DC does finally come up (cherry picked from commit 57187cafbcc053e75bb54750494df9feabe3a738) (cherry picked from commit 892e41d60469e1e8adccd2b1ff860210db58dcb0)
* winbindd: handle trusted domains without sid.Günther Deschner2008-07-312-4/+17
| | | | | | Guenther (cherry picked from commit 0c1efc6c89b1a51a94d10971bf0fc515416709b3) (cherry picked from commit 4f5255d1e5025c4c9ebb0b1f22d800e26bcdfb7f)
* Fix an incompatible pointer warningVolker Lendecke2008-07-281-2/+2
| | | | (cherry picked from commit 3282f7289b7b33beeaa1ca649651cca6537a69af)
* Fix a race condition in winbind leading to a crashVolker Lendecke2008-07-251-4/+3
| | | | | | | | | | | | | | | When SIGCHLD handling is delayed for some reason, sending a request to a child can fail early because the child has died already. In this case async_main_request_sent() directly called the continuation function without properly removing the malfunctioning child process and the requests in the queue. The next request would then crash in the DLIST_ADD_END() in async_request() because the request pending for the child had been talloc_free()'ed and yet still was referenced in the list. This one is *old*... Volker (cherry picked from commit 8691709626b0d461de91b8fc9d10c730d1f183dd)
* From Jim McDonoughJeremy Allison2008-07-182-7/+14
| | | | | | | | | In reloading the smb.conf, if a "log file" is specified in smb.conf, winbind children will overwrite the logfile name to be the same as the parent. Jeremy. (cherry picked from commit 147dc45cfb0da3677e381bec3873b9645b320f60)
* Fix regression introduced with 4086ef15b395f1a536fb669af2103a33ecc14de4Simo Sorce2008-07-161-15/+15
| | | | | | | We must not return an error here just because we are offline. We must instead fix the mappings to the best of our knowledge (ie mark as mapped, expired ones, and as unmapped, unknown ones) (cherry picked from commit c17b125e1fdb9b71877200b2419d7f682bb52e87)
* fix comment typo and change some uint32 to uint32_tHerb Lewis2008-07-101-4/+4
| | | | (cherry picked from commit 8272dace64f39286e4255e9f5bc8d04fb47f2c51)
* Allow authentication and memory credential refresh after password change ↵Jeremy Allison2008-07-101-2/+23
| | | | | | | from gdm/xdm. Patch from boyang <boyang@novell.com>. Jeremy. (cherry picked from commit 63316efeeb330d2cb7fa0906824c97da2c7b0074)
* MSG_DEBUG now forwarded to all the winbindd children by parent.Jeremy Allison2008-07-062-0/+39
| | | | | | | | | | | | | smbcontrol winbindd debug level would only set the debug level of the parent winbindd process and not the child processes. This patch adds the functionality of broadcasting the debug message to all winbindd children. Now the debug level message is propagated to all the winbindd processes that includes parent and children. From Darshan Purandare <dpurandare@isilon.com> - had to patch separately due to proto.h not being under git control in 3.2.x. Jeremy. (cherry picked from commit f6d4f487332baf74acec8f50e31bcfea44775570)
* Attempt to fix the build on Irix CCsamba-3.2.0Volker Lendecke2008-07-011-1/+3
| | | | (cherry picked from commit 666bf8456ac44cbbbd5524af2bf4fd89e18ddf62)
* After technical consultation, add Steven Danneman's ↵Jeremy Allison2008-06-308-180/+305
| | | | | | | | <steven.danneman@isilon.com> patch to make winbindd enum users and groups async. We need this for 3.2.0 official. Jeremy. (cherry picked from commit d05451c2c256e04870ebe6467f38585dad72f3a9)
* Fix from Atte Peltomäki - atte.peltomaki@f-secure.com to correctly checkJeremy Allison2008-06-301-1/+1
| | | | | | error code in winbindd group expansion. Jeremy. (cherry picked from commit c622c997c513d02f929beaaf8ce2e5aa249fcc47)
* Part of fix for #5551. Split out the group enumeration functions to a ↵Jeremy Allison2008-06-261-15/+27
| | | | | | | | BUILTIN and a Domain specific version. Stops the domain groups appearing twice. Jeremy. (cherry picked from commit ee7af33ec6e752b1b1898b50aebc96e66ea423db)
* Final (hopefully :-) part of fix for bug #5551. Allow passdb backend to ↵Jeremy Allison2008-06-261-23/+45
| | | | | | | enumerate domain groups. Jeremy (cherry picked from commit 269521ee08b962040afe63ea74130ba27f29e092)
* Fix bug #5533. Winbindd fails to cope correctly with a workgroup name ↵Jeremy Allison2008-06-201-9/+3
| | | | | | | containing a '.'. Jeremy. (cherry picked from commit fae027e937c2f0078193b8cc27af6db2d7c233f5)
* Revert "Fix a memleak caused by a crappy get_sorted_dc_list() API"Volker Lendecke2008-06-171-14/+1
| | | | | This reverts commit ba10b9c077272c521504b3a638bba73446efc61c. (cherry picked from commit 4b3690a730895f6a19b14ee09ca0a2a131c3ba21)
* Bugfix noticed by Herb. On using the again: tag as aJeremy Allison2008-06-091-0/+15
| | | | | | | | | | | | | | | | | | | | | | goto target we were not reinitializing the array counts. From Herb: This is in the file nsswitch/winbindd_cm.c (samba-3.0.30) line 1236 We have a label again: where we keep trying to find the name of the DC from the list of IPs returned by get_dcs. If we fail to figure out the name we do a goto again at the end of the function. The problem is we don't reset the num_dcs, num_addrs, etc and free the memory in the various arrays. This seems wrong to me. I have a winbindd core where I have 9 IPs returned for the DCs but at the time of the crash num_dcs is 87 and if I look through the array dcs it keeps repeating entries from the same group of 9 Jerry, Volker and Guenther please check. Jeremy. (cherry picked from commit 0b2062a499c69c86cc03130542aaf3e92265b65d)
* Manually port Steven Dannenman fix for using the correct machine domain whenGerald W. Carter2008-06-091-3/+3
| | | | | | | | | | | | | looking up trust credentials in our tdb. commit fd0ae47046d37ec8297396a2733209c4d999ea91 Author: Steven Danneman <sdanneman@isilon.com> Date: Thu May 8 13:34:49 2008 -0700 Use machine account and machine password from our domain when contacting trusted domains. (cherry picked from commit 69b37ae60757075a0712149c5f97f17ee22c2e41) (cherry picked from commit 8a64988fc45aff15359caf16f28ff1712bbe6d5f)
* Manually merge Steven Danneman's patch for SPNEGO auth to a trustedGerald W. Carter2008-06-091-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Win2008 domain (merged from v3-0-test). commit 8dc4e979776aae0ecaa74b51dc1eac78a7631405 Author: Steven Danneman <sdanneman@isilon.com> Date: Wed May 7 13:34:26 2008 -0700 spnego SPN fix when contacting trusted domains cli_session_setup_spnego() was not taking into consideration the situation where we're connecting to a trusted domain, specifically one (like W2K8) which doesn't return a SPN in the NegTokenInit. This caused two problems: 1) When guessing the SPN using kerberos_get_default_realm_from_ccache() we were always using our default realm, not the realm of the domain we're connecting to. 2) When falling back on NTLMSSP for authentication we were passing the name of the domain we're connecting to for use in our credentials when we should be passing our own workgroup name. The fix for both was to split the single "domain" parameter into "user_domain" and "dest_realm" parameters. We use the "user_domain" parameter to pass into the NTLM call, and we used "dest_realm" to create an SPN if none was returned in the NegTokenInit2 packet. If no "dest_realm" is provided we assume we're connecting to our own domain and use the credentials cache to build the SPN. Since we have a reasonable guess at the SPN, I removed the check that defaults us directly to NTLM when negHint is empty. (cherry picked from b78b14c88e8354aadf9ba7644bdb1c29245fe419) (cherry picked from commit f1e6b40bbc8ce249e2f2a85a1d57ed6b8141e3bb)
* Fix a memleak caused by a crappy get_sorted_dc_list() APIVolker Lendecke2008-06-051-1/+14
| | | | (cherry picked from commit ba10b9c077272c521504b3a638bba73446efc61c)
generated by cgit (git 2.34.1) at 2025-09-27 06:42:13 +0000