summaryrefslogtreecommitdiffstats
path: root/source3/winbindd/winbindd_ads.c
Commit message (Collapse)AuthorAgeFilesLines
* winbindd: Avoid using deallocated memorySantosh Kumar Pradhan2014-02-201-1/+1
| | | | | | | | | | | Failure in ads_search_retry() deallocates the memory occupied by "ads" which should not be used after. CID: 242096 Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* Add a talloc context to saf_fetch().Jeremy Allison2013-09-051-1/+3
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3:winbind: fail ads_cached_connection_connect() if realm == NULLMichael Adam2013-08-291-0/+4
| | | | | | | | | | This prevents segfaults when e.g. a previous SMB_STRDUP failed.. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Aug 29 18:54:28 CEST 2013 on sn-devel-104
* s3-winbindd: use get_trust_pw_clear() wrapper for AD connection code.Günther Deschner2013-08-291-7/+4
| | | | | | | | | This avoids calling secrets functions directly. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3-winbindd: make sure also the idmap code can deal with trusted domains.Günther Deschner2013-08-291-9/+31
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3-winbindd: use find_domain_from_name() instead of ↵Günther Deschner2013-08-291-2/+2
| | | | | | | | | | | | find_domain_from_name_no_init(). Otherwise there is a good chance the domain has not been connected and we don't know the realm name yet. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3-winbindd: Fix winbind on DC crash with trusted AD domains.Günther Deschner2013-08-291-1/+1
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3-winbindd: Fix memory leak in ads_cached_connection().Günther Deschner2013-08-291-1/+1
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3-winbindd: remove pointless variable assigment, see the strdup below.Günther Deschner2013-08-291-1/+0
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3-winbindd: Move connection to AD server from idmap_adChristof Schmitt2013-03-091-8/+47
| | | | | | Having this in a common place allows reuse by other idmap modules. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-winbindd: Use common helper function for connecting to ADSChristof Schmitt2013-03-091-50/+75
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-winbindd: Move code for verifying ADS connection to common helper functionChristof Schmitt2013-03-091-21/+33
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* winbind: Correctly use names in the domain struct.Andreas Schneider2013-03-051-1/+1
| | | | Reviewed-by: David Disseldorp <ddiss@samba.org>
* winbind: Use talloc for allocating domain, dns, forest and dc name.Andreas Schneider2013-03-051-2/+3
| | | | Reviewed-by: David Disseldorp <ddiss@samba.org>
* Revert "s3-winbindd: make sure we obey the -n switch also for samlogon cache ↵David Disseldorp2012-11-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | access." This reverts commit ae6a779bf9f816680e724ede37324b7f5355996b. Bug 9125 analysis from Volker: The problem is that there are no network calls possible at all that would do what the samlogon cache does for us. There is just no way to retrieve the group membership in a complex trusted environment. If you have just a single domain with Samba as domain controller it might be possible, but even within a single domain it is not possible to correctly retrieve all group memberships using LDAP calls due to ACLs on directory objects. The call to get that is called NetSamLogon on the NETLOGON pipe. But this call requires user credentials and might trigger updating counts on the server. So to correctly implement wbinfo -r after a user has logged in, you have two alternatives: Save the info3 struct or the PAC in the netsamlogon cache. If you insist on doing network calls, you need to cache the user credentials somewhere to re-do the NetSamLogon call every time the wbinfo -r is requested. Reviewed-by: Andreas Schneider <asn@samba.org>
* Avoid overriding default ccache for ads operations.Simo Sorce2012-09-121-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Avoid overriding default ccache for ads operations. Nowadays various samba components may need to use GSSAPI and a default cred cache to perform their tasks. This code was completely overriding the whole process default ccache name, thus altering the current credentials and sometimes hijacking them (or getting preemptively hijaked). By using gss_krb5_import_cred we can instead use a private ccache (necessary sometimes to use a different set of credentials fromt he default cifs/fqdn@realm one, for example when contacting foreign DCs using trust credentials) that does not affect the rest of the process. For the kerberos versions which don't have gss_krb5_import_cred we fallback to temp override of KRB5CCNAME and gss_acquire_cred. Signed-off-by: Alexander Bokovoy <ab@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Wed Sep 12 21:18:09 CEST 2012 on sn-devel-104
* Check error returns from strupper_m() (in all reasonable places).Jeremy Allison2012-08-091-2/+8
|
* s3-winbindd: Always map the LDAP error code to an NTSTATUSAndrew Bartlett2012-05-261-4/+20
| | | | | | | | | We do this so that we catch LDAP_TIMELIMIT_EXCEEDED as NT_STATUS_IO_TIMEOUT, which has special handling in winbindd_cache.c Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>
* s3-talloc Change TALLOC_ZERO_ARRAY() to talloc_zero_array()Andrew Bartlett2011-06-091-7/+7
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_ARRAY isn't standard talloc.
* s3-winbindd: make sure we obey the -n switch also for samlogon cache access.Günther Deschner2011-06-081-1/+1
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Jun 8 14:44:31 CEST 2011 on sn-devel-104
* s3-rpc_client: add and use rpc_client/rpc_client.h.Günther Deschner2011-04-131-0/+1
| | | | Guenther
* s3-passdb: use passdb headers where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-winbindd: copy acct_info to wb_acct_info so we dont need passdb for it.Günther Deschner2011-03-301-3/+3
| | | | Guenther
* s3: Remove an obsolete commentVolker Lendecke2011-03-061-5/+0
|
* s3: Remove unused args from nss_get_info_cachedVolker Lendecke2011-03-061-5/+4
|
* s3-libds: use already existing ../libds/common/flag_mapping.h header.Günther Deschner2011-03-021-0/+1
| | | | Guenther
* s3-winbind: prefer dcerpc_netr_X functions.Günther Deschner2011-01-131-3/+11
| | | | | | Guenther Signed-off-by: Andreas Schneider <asn@samba.org>
* libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett2010-10-121-0/+1
| | | | | | | | | | | | | | This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
* s3: Replace sid_binstring and sid_guidstring with PIDL-based alternativesAndrew Bartlett2010-09-201-2/+3
| | | | | | | | | This reduces the manual marshalling of these structures by removing the duplication here. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
* s3-auth Change type of num_sids to uint32_tAndrew Bartlett2010-09-111-7/+7
| | | | | | | | | | | | | | size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-secrets: only include secrets.h when needed.Günther Deschner2010-08-051-0/+1
| | | | Guenther
* s3: avoid global include of ads.h.Günther Deschner2010-08-051-0/+1
| | | | Guenther
* s3: Fix another winbind crashVolker Lendecke2010-07-061-35/+48
| | | | | | This is similar to 09a9cc3, this re-arranges winbindd_ads.c:query_user_list() so that "ads" is not accessed anymore across a call to nss_get_info_cached() call which can destroy it behind the scenes.
* s3-libads: only include libds flags where needed.Günther Deschner2010-07-011-0/+1
| | | | Guenther
* s3: More cleanup in winbindd_ads.c:query_userVolker Lendecke2010-06-281-13/+10
| | | | We can't ads_msgfree after the ads struct has been killed. Do early returns.
* s3: Fix a valgrind errorVolker Lendecke2010-06-281-2/+1
| | | | nss_get_info_cached does not necessarily fill in gid
* s3: Re-arrange winbindd_ads.c:query_userVolker Lendecke2010-06-281-23/+24
| | | | | We can't access the LDAP message after nss_get_info_cached has potentially destroyed the ads_struct
* s3: free -> SAFE_FREEVolker Lendecke2010-06-281-1/+1
|
* s3: Do an early TALLOC_FREEVolker Lendecke2010-06-281-2/+5
|
* s3: Fix a winbind crashVolker Lendecke2010-06-251-0/+10
| | | | | nss_get_info_cached might deep inside sequence_number() invalidate the ads_struct without telling its callers.
* s3: Fix a winbind crashVolker Lendecke2010-06-251-1/+6
| | | | nss_get_info_cached might have invalidated "ads" deep inside.
* s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett2010-05-211-24/+24
| | | | | | | | | | This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
* s3-rpc_misc: clean out include/rpc_misc.h.Günther Deschner2010-05-181-1/+1
| | | | | | | Well known rids don't really belong into an rpc header, just use the ones defined in security.idl. Guenther
* s3: Replace most calls to sid_append_rid() by sid_compose()Volker Lendecke2010-01-101-2/+1
|
* s3: Introduce domain_is_forest_root() helper functionVolker Lendecke2010-01-021-5/+2
| | | | Hopefully this makes the flag tests a bit more understandable
* s3: Pass netr_DomainTrustList instead of names and sids through ↵Volker Lendecke2009-12-281-62/+21
| | | | (*trusted_domains)
* s3: Simplify winbindd_ads.c:trusted_domains()Volker Lendecke2009-12-281-110/+123
| | | | | | | | | | | | | | | No real code change, this just removes an indentation by turning if ( NT_STATUS_IS_OK(result) && trusts.count) { into if (!NT_STATUS_IS_OK(result)) { return result; } if (trusts.count == 0) { return NT_STATUS_OK; }
* s3-rpc: Avoid including every pipe's client and server stubs everywhere in ↵Günther Deschner2009-11-261-0/+1
| | | | | | samba. Guenther
* s3-passdb: cleanup some callers of pdb_get_trusteddom_pw().Günther Deschner2009-11-031-3/+1
| | | | Guenther
* s3-winbindd: add and use winbindd_lookup_sids().Günther Deschner2009-09-171-50/+14
| | | | Guenther
generated by cgit (git 2.34.1) at 2025-09-27 01:43:38 +0000