summaryrefslogtreecommitdiffstats
path: root/source/winbindd
Commit message (Collapse)AuthorAgeFilesLines
* s3:winbindd: raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds.Stefan Metzmacher2009-08-112-1/+57
| | | | | | | metze (similar to commit 1e1445bc7672b17a1d689fa0f0732b05b6e04da5) Fixes bug #6627.
* s3:winbind:idmap_ldap: fix a crash bug in idmap_ldap_unixids_to_sids (#6387)Michael Adam2009-08-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | This fixes a crash bug hit when multiple mappings were found by the ldap search. This crash was caused by an ldap asssertion in ldap_next_entry because was set to NULL in each iteration. The corresponding fix was applied to the idmap_ldap_sids_to_unixids() by Jerry in 2007 (b066668b74768d9ed547f16bf7b6ba6aea5df20a). This fixes the crash part of bug #6387. There is a logic part, too: The problem currently only occurs when multiple mappings are found for one given unixid. Now winbindd does not crash any more but it does not correctly handle this situation. It just returns the last mapping from the ldap search results. This needs fixing. Michael (cherry picked from commit e9010fa366746ec1ae948dbcf3493d446e23b14c) Signed-off-by: Michael Adam <obnox@samba.org>
* handling upn nameBo Yang2009-07-272-1/+6
| | | | | | | | | lookupname failed, cannot find domain when attempt to change password. This addresses bug #6560. Signed-off-by: Bo Yang <boyang@samba.org>
* s3/idmap: Fix out of memory error with Winbind idmap.Sébastien Prud'homme2009-06-121-2/+6
| | | | This fixes bug #5945.
* Fix a race condition in winbind leading to a panicVolker Lendecke2009-05-271-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In winbind, we do multiple events in one select round. This needs fixing, but as long as we're still using it, for efficiency reasons we need to do that. What can happen is the following: We have outgoing data pending for a client, thus state->fd_event.flags == EVENT_FD_WRITE Now a new client comes in, we go through the list of clients to find an idle one. The detection for idle clients in remove_idle_client does not take the pending data into account. We close the socket that has pending outgoing data, the accept(2) one syscall later gives us the same socket. In new_connection(), we do a setup_async_read, setting up a read fde. The select from before however had found the socket (that we had already closed!!) to be writable. In rw_callback we only want to see a readable flag, and we panic in the SMB_ASSERT(flags == EVENT_FD_READ). Found using bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient Volker (commit 68c5c6df in master)
* winbind_pam: fix gcc 4.4 compile warningVolker Lendecke2009-03-241-1/+1
|
* Merge branch 'v3-2-test' of ssh://jra@git.samba.org/data/git/samba into ↵Jeremy Allison2009-03-171-7/+8
|\ | | | | | | v3-2-test
| * Fix #6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped membersVolker Lendecke2009-03-171-7/+8
| | | | | | | | Thanks to François Legal <devel@thom.fr.eu.org> for reporting this bug
* | Fix a valgrind errorVolker Lendecke2009-03-171-1/+1
|/ | | | Found in "make test" -- if we can't connect at all, "cli" is uninitialized
* Initialize the id_map status in idmap_ldap to avoid surpriseBo Yang2009-02-271-0/+8
|
* Fix bug in get_dc_name_via_netlogon(), null pointer refrence.Bo Yang2009-01-141-1/+1
|
* Don't send message to any other child in child process.Bo Yang2009-01-141-1/+33
|
* From boyang - ensure we never "return" from a forked child, always _exit().Jeremy Allison2009-01-132-5/+5
| | | | Jeremy.
* Fix logic bug introduce in backport of ccache_regain_all_now, sync withJeremy Allison2009-01-101-13/+20
| | | | | 3.3 implementation. Jeremy.
* Backport of the clean event context after fork andBo Yang2009-01-104-153/+423
| | | | krb5 refresh chain fixes.
* Don't set child->requests to NULL in parent after forkBo Yang2009-01-101-1/+0
|
* refresh sequence number as soon as possible when domain->sequence_number == ↵boyang2009-01-071-3/+8
| | | | -1 or domain->last_status is not ok.
* clean event context after child is forked.Bo Yang2009-01-053-14/+29
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* Fix "allow trusted domain" so it disables trusted domains.Gerald (Jerry) Carter2008-12-221-2/+11
|
* Fix a "ignoring function call result" warningVolker Lendecke2008-12-191-1/+6
|
* winbindd: vars for signals must be volatile sig_atomic_tSATOH Fumiyasu2008-12-121-12/+12
|
* winbindd: fix more horrible brace mis-indentations in winbindd_groupMichael Adam2008-12-041-2/+2
| | | | | | | | | | Sorry, but I can't bear this. And while my vim is smart enough to cope with this, it confuses _me_, and I have seen an emacs confused as well. (Which comes as no surprise, almost human as it is...) Michael
* winbindd: fix more misindentations of top level braces in winbindd_groupMichael Adam2008-12-041-2/+2
| | | | Michael
* winbindd: fix horrible mis-indentation of toplvl braces in getgrsid_sid2gid_recvMichael Adam2008-12-041-2/+2
| | | | | | to make code more readable Michael
* winbindd: don't open a new dc connection in winbindd_getpwnam (main winbindd)Michael Adam2008-12-041-1/+1
| | | | | | | This is just to find the corresponding domain struct. Actual connection is handled by the domain child. Michael
* winbindd: don't open a new dc connection in winbindd_getgrnam (main winbindd)Michael Adam2008-12-041-1/+1
| | | | | | | This is just to find the corresponding domain struct. Actual connection is handled by the domain child. Michael
* Change sockaddr util function names for consistency and to eliminate name ↵Tim Prouty2008-12-031-1/+1
| | | | conflicts
* winbindd_group: don't list the domain twice when expanding internal aliasesMichael Adam2008-11-221-1/+1
| | | | | | | Before this, "getent group builtin\\administrators" expanded domain group members in the form DOMAIN\domain\user. Michael
* winbindd_group: sanely handle NULL domain in add_member().Michael Adam2008-11-221-1/+5
| | | | Michael
* winbindd_ads: honour "winbind use default domain" in lookup_groupmem().Michael Adam2008-11-221-9/+11
| | | | | | | This fixes the output of "getent group" when "winbind use default domain = yes" with security = ads. Michael
* winbindd_rpc: add domain prefix to username in lookup_groupmem().Michael Adam2008-11-221-1/+4
| | | | | | | This makes the output of "getent group" of a domain group show the domain prefix with "security = domain". Michael
* winbindd_util: add fill_domain_username_talloc().Michael Adam2008-11-221-0/+27
| | | | | | A talloc version of fill_domain_username(). Michael
* winbindd: fix a comment typoMichael Adam2008-11-221-1/+1
| | | | Michael
* winbind_util: fix an implicit cast compile warning.Michael Adam2008-11-221-1/+1
| | | | Michael
* winbindd: make all winbind rpc-methods static.Michael Adam2008-11-211-31/+32
| | | | | | | Now that the methods are no longer needed in winbindd_ads, we can make them static again. Michael
* winbindd_ads: use the reconnect methods instead of the rpc methods directlyMichael Adam2008-11-211-6/+75
| | | | | | | | | | Some of the ads methods just point to the rpc methods. This makes winbindd_ads use the reconnect methods instead of calling the rpc methods directly in order to prevent negative cache entries for e.g. name_to_sid, when the dc has closed the connection without sending a reset. Michael
* winbindd_ads: prevent negative GM/ cache entries due to broken connectionsMichael Adam2008-11-211-0/+23
| | | | | | | | | | | | | | The ads lookup_groupmem() function calls lda_lookupsids to resolve sids to names. This is tried only once. So in case the connection was broken, e.g. closed by the server (without a reset packet), there will be an empty GM/ cache entry for the requested group which will prevent proper working of access checks among other checks for the expiry period. This patch works around this problem by retrying once if the lsa_lookupsids call fails, re-establishing the dc-connection, as we already do in many other places (e.g. the winbindd retry methods for the rpc layer). Michael
* Fix extended DN parse error when AD object does not have a SID.Steven Danneman2008-11-181-18/+37
| | | | | | | | | | | Some AD objects, like Exchange Public Folders, can be members of Security Groups but do not have a SID attribute. This patch adds more granular return errors to ads_get_sid_from_extended_dn(). Callers can now determine if a parse error occured because of bad input, or the DN was valid but contained no SID. I updated all callers to ignore SIDless objects when appropriate. Also did some cleanup to the out paths of lookup_usergroups_memberof()
* Whitespace and >80 column cleanups.Steven Danneman2008-11-182-38/+40
|
* Fix bug #5906 when running winbindd on a Samba PDC. Winbindd crash on ↵Davide Sfriso2008-11-171-2/+2
| | | | 'getent group'.
* winbind: fix build warning.Günther Deschner2008-11-141-1/+0
| | | | Guenther
* Fix memory leak in error path, spotted by Martin Zielinski <mz@seh.de>.Jeremy Allison2008-11-121-0/+1
| | | | Jeremy.
* ntlm_auth: Put huge NTLMv2 blobs into extra_data on CRAP authKai Blin2008-11-101-7/+18
| | | | This fixes bug #5865
* winbindd: speed up fill_grent_mem (i.e. winbindd_getgrent) a lot.Michael Adam2008-11-021-14/+21
| | | | | | | | | | With large groups, getgrent ran into timeouts because after each single user that was added to the expanded group list, the list was sorted and made unique. Now the list is sorted just once after all members have been added. Michael
* Coverity fix CID: 592 - null deref (can't happen but doesn't hurt to be sure).Jeremy Allison2008-10-291-1/+1
| | | | Jeremy.
* winbind: fix smbd hanging on Solaris when winbindd closes socket.Michael Adam2008-10-271-1/+6
| | | | | | | | | | | | | | | | | On some versions of Solaris, we observed a strange effect of close(2) on a socket: After the server (here winbindd) called close, the client fd was not marked as readable for select. And a write call to the fd did not produce an error EPIPE but just returned as if successful. So while winbindd had called remove_client(), the corresponding smbd still thought that it was connected, but failed to retrieve answers for its queries. This patch works around the problem by forcing the client fd to the readable state: Just write one byte into the socket before closing. Michael
* Fix bug #5814 - Winbindd dumping core in a strange manner while doing ↵Jeremy Allison2008-10-081-0/+23
| | | | | | | | | | | | | | | | "rescan_trusted_domain". From analysis by hargagan <shargagan@novell.com> : "The winbindd_child_died() is also getting called from process_loop() in case of SIGCHLD signal. In this case it doesn't make the timeout_handler to NULL for the first request. It then initiate a new request using schedule_async_request() which installs a new timeout handler for the same request. In such a case, for a badly unresponsive system both the timeout handler can be called. For the first call the "private_data" will be cleared and for another call the timeout handler will be detecting the double free. So, for such a case as well, the winbindd_child_died() should make the timeout_handler to NULL." Jeremy.
* Log in the parent winbind log where a request is goingVolker Lendecke2008-10-061-0/+4
|
* Fix use of DLIST_REMOVE as spotted by Constantine Vetoshev <gepardcv@gmail.com>.Jeremy Allison2008-10-011-2/+1
| | | | | | | | | | | | | | | | | This API is unusual in that if used to remove a non-list head it nulls out the next and prev pointers. This is what you want for debugging (don't want an entry removed from the list to be still virtually linked into it) but means there is no consistent idiom for use as the next and prev pointers get trashed on removal from the list, meaning you must save them yourself. You can use it one way when deleting everything via the head pointer, as this preserves the next pointer, but you *must* use it another way when not deleting everything via the head pointer. Fix all known uses of this (the main one is in conn_free_internal() and would not free all the private data entries for vfs modules. The other changes in web/statuspage.c and winbindd_util.c are not strictly neccessary, as the head pointer is being used, but I've done them for consistency. Long term we must revisit this as this API is too hard to use correctly. Jeremy.
* re-added "winbind:ignore domains" patchAndrew Tridgell2008-09-291-3/+21
| | | | | | | | | | | | This option really is essential, as we discover again and again at customer sites. Due to bugs in winbind some domains are toxic. When you are installing at a site and a particular domain in a complex setup causes winbind to segfault or hang then you need a way to disable that domain and continue. In an ideal world winbind could handle arbitrarily complex ADS domains, but we are nowhere near that yet. If we ever get to that stage then we won't need this option.
generated by cgit (git 2.34.1) at 2025-08-30 18:22:57 +0000