summaryrefslogtreecommitdiffstats
path: root/source3/winbindd
Commit message (Collapse)AuthorAgeFilesLines
* s3:idmap_ldap: filter out of range mappings in default idmap configMichael Adam2009-05-291-16/+55
| | | | | | | | This fixes bug #6417 Michael (cherry picked from commit e381c13b023f2b512b3f6aec133db9f323bc8132) (cherry picked from commit 4ca03e3bb96518665c296ba2cf5aa1d91916897e)
* s3:idmap: fix a comment typoMichael Adam2009-05-291-1/+1
| | | | | | Michael (cherry picked from commit 3fe9859342c28fe9da7011fb18a5fb5de8b29fa6) (cherry picked from commit df4a0fabff06ea31149aac45d6477564cf96179b)
* s3:idmap_tdb2: filter out of range mappings in default idmap configMichael Adam2009-05-291-12/+49
| | | | | | | | This fixes bug #6416 Michael (cherry picked from commit e12670a1053edf57af137026bd3fdb9fc7dfb0b2) (cherry picked from commit b369902cddd55fab74ca6e0743e15e0f8cbfc4cc)
* s3:idmap_tdb: filter out of range mappings in default idmap configMichael Adam2009-05-291-16/+57
| | | | | | | | This fixes bug #6415 Michael (cherry picked from commit 3d3f39838261ddc401053dadcc5bd8e6317a3a8e) (cherry picked from commit 34500d59b6f35de2c3d273d3523708ec22df59ce)
* s3: Allow child processes to exit gracefully if we are out of fdsMarc VanHeyningen2009-05-292-4/+6
| | | | | | | | | | | When we run out of file descriptors for some reason, every new connection forks a child that immediately panics causing smbd to coredump. This seems unnecessarily harsh; with this code change we now catch that error and merely log a message about it and exit without the core dump. Signed-off-by: Tim Prouty <tprouty@samba.org> (cherry picked from commit 1c8f9892010ce8cc754089b25313c6bc8e622165)
* s3:winbind:idmap_ldap: warn about duplicate SID->XID mappings (bug #6387)Michael Adam2009-05-261-2/+11
| | | | | | | | | | With the current infrastructure, we should not return error on duplicate mappings but just warn instead (because an error would trigger the attempt to create yet another mapping). Michael (cherry picked from commit 3111d78001f458cfcaf81123a1d1c23d5927a6c2) (cherry picked from commit 5328f600bbc6535d8880b1b0c74bcfbd9b7a162a)
* s3:winbind:idmap_ldap: warn about duplicate XID->SID mappings (bug #6387)Michael Adam2009-05-261-0/+8
| | | | | | | | | | With the current infrastructure, we should not return error on duplicate mappings but just warn instead (because an error would trigger the attempt to create yet another mapping). Michael (cherry picked from commit 35c3f4162d15f9846a645444e623178b78c52994) (cherry picked from commit 751b6b07c5ea25809b1766a01fc859d580304ae9)
* Fix a race condition in winbind leading to a panicVolker Lendecke2009-05-261-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | In winbind, we do multiple events in one select round. This needs fixing, but as long as we're still using it, for efficiency reasons we need to do that. What can happen is the following: We have outgoing data pending for a client, thus state->fd_event.flags == EVENT_FD_WRITE Now a new client comes in, we go through the list of clients to find an idle one. The detection for idle clients in remove_idle_client does not take the pending data into account. We close the socket that has pending outgoing data, the accept(2) one syscall later gives us the same socket. In new_connection(), we do a setup_async_read, setting up a read fde. The select from before however had found the socket (that we had already closed!!) to be writable. In rw_callback we only want to see a readable flag, and we panic in the SMB_ASSERT(flags == EVENT_FD_READ). Found using bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient Volker (cherry picked from commit bfeab3a0f621dbea50f43c98ba70b0ccd8323bff)
* s3:winbind:idmap_ldap: fix a crash bug in idmap_ldap_unixids_to_sids (#6387)Michael Adam2009-05-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | This fixes a crash bug hit when multiple mappings were found by the ldap search. This crash was caused by an ldap asssertion in ldap_next_entry because was set to NULL in each iteration. The corresponding fix was applied to the idmap_ldap_sids_to_unixids() by Jerry in 2007 (b066668b74768d9ed547f16bf7b6ba6aea5df20a). This fixes the crash part of bug #6387. There is a logic part, too: The problem currently only occurs when multiple mappings are found for one given unixid. Now winbindd does not crash any more but it does not correctly handle this situation. It just returns the last mapping from the ldap search results. This needs fixing. Michael (cherry picked from commit e9010fa366746ec1ae948dbcf3493d446e23b14c) Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit 2b6dbddb9cc723fcbd2e4e22a9404d6b4ff805d7)
* Fix a bunch of compiler warnings about wrong format types.Jeremy Allison2009-05-265-11/+14
| | | | | | Should make Solaris 10 builds look cleaner. Jeremy. (cherry picked from commit b5947b876f3c777e075879d305b6672a6c8d8abd)
* s3-idmap: Fix bug #6286: Call init function for builtin idmap modules before ↵Günther Deschner2009-04-281-0/+2
| | | | | | | | | | probing for them as shared modules. idmap-gurus of the world, please check. Guenther (cherry picked from commit 67588ca80d654183b8b7b062b9660a506a825f94) (cherry picked from commit 76e2e56e256695c1d52bd67d1b07bce0c7e0f37c)
* s3-secdesc: use SEC_FLAG_MAXIMUM_ALLOWED instead of SEC_RIGHTS_MAXIMUM_ALLOWED.Günther Deschner2009-04-282-12/+12
| | | | | | Guenther (cherry picked from commit b5bec1a6d73f5939b306e157937d027a7286163c) (cherry picked from commit c7d5e0a19057b6ad7301a390fc766bb438967eb2)
* s3-libads: avoid NULL talloc context with ads_get_dn().Günther Deschner2009-04-152-2/+2
| | | | | | Guenther (cherry picked from commit d71dec9259366e99beca69fcd9397bd38ed82c71) (cherry picked from commit 4e32c424a00bc29e63176af9773f9ffa7aa09bc2)
* s3:libads Make ads_get_dn() take a talloc contextAndrew Bartlett2009-04-154-11/+11
| | | | | | | | | | | | | | Also remove ads_memfree(), which was only ever a wrapper around SAFE_FREE, used only to free the DN from ads_get_ds(). This actually makes libgpo more consistant, as it mixed a talloc and a malloc based string on the same element. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 20501876735fc4656083747ba8aa0de9da8fb820) (cherry picked from commit 6673ad24d48ad44fa76497f0327b13e82721d0a1)
* ѕ3/winbind_pam: fix gcc 4.4 compile warningBjörn Jacke2009-04-151-1/+1
| | | | | (cherry picked from commit f4aec7b5907065a2f48d1b19065c6673aff6a190) (cherry picked from commit 11b3f0d8deb629489de4de29cedf518adc86d196)
* s3: remove POLICY_HND.Günther Deschner2009-04-156-25/+25
| | | | | | Guenther (cherry picked from commit 531af136f9dd5c6050f78948837294aed02de440) (cherry picked from commit 91216ffa95b4ed53e54b11665e96b911cb4e4ab5)
* s3:winbindd: accept new connections via fd eventsStefan Metzmacher2009-04-151-52/+100
| | | | | | metze (cherry picked from commit 93c2057c8b5a3976cda65a9d27dc4dbb9c5c550a) (cherry picked from commit 00b65cc6ebcb4c67259e7fa618f6d961f7117396)
* s3:winbindd: move non event related code out of process_loop() in the the callerStefan Metzmacher2009-04-151-22/+21
| | | | | | metze (cherry picked from commit 3b8dd79f2bc775ed94130565ec2c4383a4864348) (cherry picked from commit ca31920af281ba9ea8f466ed0264118737a1b055)
* s3:winbindd: remove unused close_winbindd_socket() functionStefan Metzmacher2009-04-152-19/+0
| | | | | | metze (cherry picked from commit 0685031ccfc09feb0ad070df1c1a1d0cef5874f2) (cherry picked from commit e270b4f0f62699469cbaad024c893fe84142a256)
* Fix #6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped membersVolker Lendecke2009-04-151-7/+8
| | | | | Thanks to François Legal <devel@thom.fr.eu.org> for reporting this bug (cherry picked from commit a1cf98a2458a7f7a08531832bd29da3962ddafc9)
* Fix a valgrind errorVolker Lendecke2009-04-151-1/+1
| | | | | | Found in "make test" -- if we can't connect at all, "cli" is uninitialized (cherry picked from commit 7735650f2ed74a72ddee272baf281e3fd9e7c42b) (cherry picked from commit a6b0963d718d792f7b4cb218f6a070715ec7a091)
* Remove pwd_cache.c, it was doing nothing. Make user_name, domain, andJeremy Allison2009-04-151-14/+25
| | | | | | password talloc'ed strings within the cli_struct. Jeremy. (cherry picked from commit 6be4bf17de47d1b468389de1225a72daa94e0119)
* Fix #6167: winbindd -n should disable the winbind idmap cacheVolker Lendecke2009-03-121-20/+50
|
* Make opt_nocache static to winbindd.cVolker Lendecke2009-03-124-7/+17
|
* Shape up pdb_search a bit by making it a talloc ctx with a destructorVolker Lendecke2009-03-071-6/+6
|
* s3:winbindd_cm: remove useless cli_setup_signing_state(*cli, Undefined) callStefan Metzmacher2009-03-061-2/+0
| | | | | | cli_setup_signing_state() with Undefined is a noop. metze
* Fix careless mistake in winbindd_setup_sig_usr2_handlerBo Yang2009-03-041-1/+1
|
* More fix to initialize idmap statusesBo Yang2009-03-027-0/+70
|
* Initialize the id_map status in idmap_ldap to avoid surpriseBo Yang2009-02-271-0/+8
|
* More warning fixes for Solaris.Jeremy Allison2009-02-233-11/+11
| | | | Jeremy.
* s3:winbindd: make do_async_domain() static.Michael Adam2009-02-172-12/+6
| | | | Michael
* s3: Implement wbcGetSidAliasesDan Sledz2009-02-115-88/+126
| | | | | | * Adds wbcGetSidAliases that calls the lookup_useraliases function. * Updates wbinfo and winbind_util.c to call the new function. * Also added winbind_get_groups helper function.
* s3: Implement wbcGetpwsidDan Sledz2009-02-113-4/+26
| | | | | | | | * Adds the plumbing required to lookup users by sid into winbind, wbinfo and smbd helper lib (winbind_util.c). * Removes some double declarations of winbind_util.c functions. * Bumps the winbind protocol version to 21 and the minor version of wbclient to 3.
* Revert "s3:winbindd_user: create domain connection in winbindd_fill_pwent if ↵Michael Adam2009-02-091-1/+1
| | | | | | | | | | | | | | necessary." This reverts commit 487f5e7b4768cfe9e511b0ba56f16c411e21f702. I was confused about the real meaning of find_domain_from_name_noinit() vs. find_domain_from_name(). We don't need the connection established here, just the domain struct which gets initialized by rescan_trusted_domains(). Sorry for the noise. Michael
* s3:winbindd_user: create domain connection in winbindd_fill_pwent if necessary.Michael Adam2009-02-091-1/+1
| | | | | | | Calling find_domain_from_name_noinit() might not be enough here. This makes winbindd_getpwent() behave the same as winbindd_getgrent(). Michael
* s3:winbindd_user: fix a debug message.Michael Adam2009-02-091-2/+2
| | | | | | | find_domain_from_name_noinit() is no longer called only for name alias support. Michael
* async_sock: Use unix errnos instead of NTSTATUSKai Blin2009-02-091-21/+0
| | | | | This also switches wb_reqtrans to use wbcErr instead of NTSTATUS as it would be pointless to convert to errno first and to wbcErr later.
* Fix coverity ID 876 (FORWARD_NULL)Volker Lendecke2009-02-071-0/+1
| | | | Michael, please check!
* s3:idmap_tdb2: untangle assignment and check in idmap_tdb2_alloc_load()Michael Adam2009-02-061-6/+4
| | | | Michael
* s3:idmap_tdb2: factor lodaing of ranges out into idmap_tdb2_load_ranges()Michael Adam2009-02-061-25/+41
| | | | Michael
* s3:idmap_tdb2: move together code that belongs together in idmap_tdb2_alloc_loadMichael Adam2009-02-061-7/+8
| | | | Michael
* s3:idmap_tdb2: streamline idmap_tdb2_sid_to_id,Michael Adam2009-02-061-6/+7
| | | | | | adding tmp talloc ctx and removing a variable Michael
* s3:idmap_tdb: simplify talloc usage with temp context from talloc_stackframeMichael Adam2009-02-061-6/+2
| | | | Michael
* s3:idmap_tdb: refactor out new function idmap_tdb_load_ranges()Michael Adam2009-02-061-22/+30
| | | | Michael
* s3:idmap_tdb: use transactions in idmap_tdb_allocate_id()Michael Adam2009-02-061-1/+18
| | | | Michael
* s3:idmap_tdb: add tmp talloc ctx to idmap_tdb_sid_to_id and remove an fstringMichael Adam2009-02-061-7/+5
| | | | Michael
* s3 build: Fix "assignment discards qualifiers from pointer target type" warningsTim Prouty2009-02-022-13/+6
|
* Add two new parameters to control how we verify kerberos tickets. Removes ↵Dan Sledz2009-02-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket.
* s3:winbind_group: fix "getent group" to allocate new gids.Michael Adam2009-02-021-2/+8
| | | | | | | | | | | | | | | | | | "getent group" used to fill the idmap cache with negative cache entries for unmapped group sids. Don't pass domain name unconditionally to idmap_sid_to_gid(). idmap_sid_to_gid() only creates new mappings (allocating idmap backends tdb, tdb2, ldap...) when the domain name passed in is "". Note that it is _wrong_ to directly call the idmap_sid_to_gid() functions here, in the main winbindd. The correct fix would be to send a sid_to_gid request to winbindd itself, but this needs more work to prepare the async mechanisms, and we nee a quick fix for getent passwd now. Michael
* s3:winbind_user: fix "getent passwd" to allocate new uids.Michael Adam2009-02-021-2/+7
| | | | | | | | | | | | | | | | | | "getent passwd" used to fill the idmap cache with negative cache entries for unmapped user sids. Don't pass domain name unconditionally to idmap_sid_to_[ug]id(). idmap_sid_to_[ug]id() only creates new mappings (allocating idmap backends tdb, tdb2, ldap...) when the domain name passed in is "". Note that it is _wrong_ to directly call the idmap_sid_to_[ug]id() functions here, in the main winbindd. The correct fix would be to send a sid_to_[ug]id request to winbindd itself, but this needs more work to prepare the async mechanisms, and we nee a quick fix for getent passwd now. Michael
generated by cgit (git 2.34.1) at 2025-09-02 18:19:09 +0000