summaryrefslogtreecommitdiffstats
path: root/source3/winbindd/winbindd_ads.c
Commit message (Collapse)AuthorAgeFilesLines
* s3-talloc Change TALLOC_ZERO_ARRAY() to talloc_zero_array()Andrew Bartlett2011-06-091-7/+7
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_ARRAY isn't standard talloc.
* s3-winbindd: make sure we obey the -n switch also for samlogon cache access.Günther Deschner2011-06-081-1/+1
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Jun 8 14:44:31 CEST 2011 on sn-devel-104
* s3-rpc_client: add and use rpc_client/rpc_client.h.Günther Deschner2011-04-131-0/+1
| | | | Guenther
* s3-passdb: use passdb headers where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-winbindd: copy acct_info to wb_acct_info so we dont need passdb for it.Günther Deschner2011-03-301-3/+3
| | | | Guenther
* s3: Remove an obsolete commentVolker Lendecke2011-03-061-5/+0
|
* s3: Remove unused args from nss_get_info_cachedVolker Lendecke2011-03-061-5/+4
|
* s3-libds: use already existing ../libds/common/flag_mapping.h header.Günther Deschner2011-03-021-0/+1
| | | | Guenther
* s3-winbind: prefer dcerpc_netr_X functions.Günther Deschner2011-01-131-3/+11
| | | | | | Guenther Signed-off-by: Andreas Schneider <asn@samba.org>
* libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett2010-10-121-0/+1
| | | | | | | | | | | | | | This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
* s3: Replace sid_binstring and sid_guidstring with PIDL-based alternativesAndrew Bartlett2010-09-201-2/+3
| | | | | | | | | This reduces the manual marshalling of these structures by removing the duplication here. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
* s3-auth Change type of num_sids to uint32_tAndrew Bartlett2010-09-111-7/+7
| | | | | | | | | | | | | | size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-secrets: only include secrets.h when needed.Günther Deschner2010-08-051-0/+1
| | | | Guenther
* s3: avoid global include of ads.h.Günther Deschner2010-08-051-0/+1
| | | | Guenther
* s3: Fix another winbind crashVolker Lendecke2010-07-061-35/+48
| | | | | | This is similar to 09a9cc3, this re-arranges winbindd_ads.c:query_user_list() so that "ads" is not accessed anymore across a call to nss_get_info_cached() call which can destroy it behind the scenes.
* s3-libads: only include libds flags where needed.Günther Deschner2010-07-011-0/+1
| | | | Guenther
* s3: More cleanup in winbindd_ads.c:query_userVolker Lendecke2010-06-281-13/+10
| | | | We can't ads_msgfree after the ads struct has been killed. Do early returns.
* s3: Fix a valgrind errorVolker Lendecke2010-06-281-2/+1
| | | | nss_get_info_cached does not necessarily fill in gid
* s3: Re-arrange winbindd_ads.c:query_userVolker Lendecke2010-06-281-23/+24
| | | | | We can't access the LDAP message after nss_get_info_cached has potentially destroyed the ads_struct
* s3: free -> SAFE_FREEVolker Lendecke2010-06-281-1/+1
|
* s3: Do an early TALLOC_FREEVolker Lendecke2010-06-281-2/+5
|
* s3: Fix a winbind crashVolker Lendecke2010-06-251-0/+10
| | | | | nss_get_info_cached might deep inside sequence_number() invalidate the ads_struct without telling its callers.
* s3: Fix a winbind crashVolker Lendecke2010-06-251-1/+6
| | | | nss_get_info_cached might have invalidated "ads" deep inside.
* s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett2010-05-211-24/+24
| | | | | | | | | | This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
* s3-rpc_misc: clean out include/rpc_misc.h.Günther Deschner2010-05-181-1/+1
| | | | | | | Well known rids don't really belong into an rpc header, just use the ones defined in security.idl. Guenther
* s3: Replace most calls to sid_append_rid() by sid_compose()Volker Lendecke2010-01-101-2/+1
|
* s3: Introduce domain_is_forest_root() helper functionVolker Lendecke2010-01-021-5/+2
| | | | Hopefully this makes the flag tests a bit more understandable
* s3: Pass netr_DomainTrustList instead of names and sids through ↵Volker Lendecke2009-12-281-62/+21
| | | | (*trusted_domains)
* s3: Simplify winbindd_ads.c:trusted_domains()Volker Lendecke2009-12-281-110/+123
| | | | | | | | | | | | | | | No real code change, this just removes an indentation by turning if ( NT_STATUS_IS_OK(result) && trusts.count) { into if (!NT_STATUS_IS_OK(result)) { return result; } if (trusts.count == 0) { return NT_STATUS_OK; }
* s3-rpc: Avoid including every pipe's client and server stubs everywhere in ↵Günther Deschner2009-11-261-0/+1
| | | | | | samba. Guenther
* s3-passdb: cleanup some callers of pdb_get_trusteddom_pw().Günther Deschner2009-11-031-3/+1
| | | | Guenther
* s3-winbindd: add and use winbindd_lookup_sids().Günther Deschner2009-09-171-50/+14
| | | | Guenther
* s3:winbind: Fix a bug found by RPC-SAMRVolker Lendecke2009-08-291-1/+3
| | | | | | We need to enumerate passdb alias members Thanks to gd for bugging me :-)
* s3/winbindd: Remove unnecessary check for NULL SIDSteven Danneman2009-08-261-1/+5
| | | | | | | | | | | | | | | | There's a known bug in some Windows implementations of DsEnumerateDomainTrusts() where domain SIDs are not returned for transitively trusted domains within the same forest. Jerry originally worked around this in the winbindd parent by checking for S-0-0 and converting it to S-1-0 in 8b0fce0b. Guenter later moved these checks into the child process in commit 3bdfcbac making the initial patch unecessary. I've removed it and added a clarifying comment to the child process. If ever this SID is needed we could add an extra DsEnumerateDomainTrusts() call in trusted_domains() as suggested by the Microsoft KB.
* s3:winbind: WINBIND_USERINFO -> wbint_userinfoVolker Lendecke2009-08-161-7/+10
|
* s3:winbindd: raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds.Stefan Metzmacher2009-08-111-0/+21
| | | | metze
* Add some const to winbind_userinfoVolker Lendecke2009-08-031-3/+4
|
* Fix some nonempty blank linesVolker Lendecke2009-08-021-28/+28
|
* Refactor 9b78af1f: Fix lookupname recursionVolker Lendecke2009-08-021-3/+3
| | | | | | Pass a "flags" argument instead of the original winbind command down the name_to_sid chain. This way we are independent of the winbind commands and can take the decision at a much higher level
* libds: merge the UF<->ACB flag mapping functions.Günther Deschner2009-07-131-1/+1
| | | | Guenther
* Make escape_ldap_string take a talloc contextVolker Lendecke2009-07-091-3/+3
|
* Make sid_binstring & friends take a talloc contextVolker Lendecke2009-05-281-8/+6
|
* s3:libads Make ads_get_dn() take a talloc contextAndrew Bartlett2009-04-061-2/+2
| | | | | | | | | | | | Also remove ads_memfree(), which was only ever a wrapper around SAFE_FREE, used only to free the DN from ads_get_ds(). This actually makes libgpo more consistant, as it mixed a talloc and a malloc based string on the same element. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
* s3: remove POLICY_HND.Günther Deschner2009-03-181-1/+1
| | | | Guenther
* Fix more asprintf and "ignoring return code" warnings from gcc 4.3.Jeremy Allison2008-12-311-1/+4
| | | | Jeremy.
* s3-winbindd_ads: use the reconnect methods instead of the rpc methods directlyMichael Adam2008-11-211-6/+75
| | | | | | | | | | Some of the ads methods just point to the rpc methods. This makes winbindd_ads use the reconnect methods instead of calling the rpc methods directly in order to prevent negative cache entries for e.g. name_to_sid, when the dc has closed the connection without sending a reset. Michael
* s3-winbindd_ads: prevent negative GM/ cache entries due to broken connectionsMichael Adam2008-11-211-0/+23
| | | | | | | | | | | | | | The ads lookup_groupmem() function calls lda_lookupsids to resolve sids to names. This is tried only once. So in case the connection was broken, e.g. closed by the server (without a reset packet), there will be an empty GM/ cache entry for the requested group which will prevent proper working of access checks among other checks for the expiry period. This patch works around this problem by retrying once if the lsa_lookupsids call fails, re-establishing the dc-connection, as we already do in many other places (e.g. the winbindd retry methods for the rpc layer). Michael
* Fix extended DN parse error when AD object does not have a SID.Steven Danneman2008-11-181-18/+37
| | | | | | | | | | | Some AD objects, like Exchange Public Folders, can be members of Security Groups but do not have a SID attribute. This patch adds more granular return errors to ads_get_sid_from_extended_dn(). Callers can now determine if a parse error occured because of bad input, or the DN was valid but contained no SID. I updated all callers to ignore SIDless objects when appropriate. Also did some cleanup to the out paths of lookup_usergroups_memberof()
* Whitespace and >80 column cleanups.Steven Danneman2008-11-181-37/+39
|
* [s3]winbindd_ads: honour "winbind use default domain" in lookup_groupmem().Michael Adam2008-09-231-9/+11
| | | | | | | This fixes the output of "getent group" when "winbind use default domain = yes" with security = ads. Michael
generated by cgit (git 2.34.1) at 2025-09-26 06:27:02 +0000