summaryrefslogtreecommitdiffstats
path: root/source3/winbindd
Commit message (Collapse)AuthorAgeFilesLines
...
* autorid: initialize: store config directly before allocating well knowns.Michael Adam2014-04-031-7/+6
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: split idmap_autorid_db_open and idmap_autorid_init_hwms out of ↵Michael Adam2014-04-031-9/+38
| | | | | | | | | idmap_autorid_db_init These will be used separately in the full initialization function. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: in idmap_autorid_saveconfig, add a debug msg when loading gives errorMichael Adam2014-04-031-0/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: improve the precision of the DEBUG at the end of add_rangeMichael Adam2014-04-031-2/+5
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: add a DEBUG upon talloc fail in the add_range function.Michael Adam2014-04-031-0/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: when storing a new range, always check it does not exist.Michael Adam2014-04-031-15/+22
| | | | | | | | | | | Also check for existence when the range is >= the HWM, typically the "acquire" case where we bump the HWM. In case of external modification, we would previously simply overwrite an an existing range mapping. Now we check and throw INTERNAL_DB_CORRUPTION in this case. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: fix a potential for data corruption.Michael Adam2014-04-031-1/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The initialization of the HWM values in autorid.tdb was racy: It did: 1. fetch the HWM value 2. if it did not exist, store 0 in a transaction. This can be racy if two processes at the same time try to run the initialization code, especially in a cluster, when winbindd and smbd are started simultaneously on all nodes. The race is that the HWM is not re-fetched inside the transaction. Assume both processes see that the HWM does not exist. Both try to start a transaction. Process 1 gets the lock and process 2 blocks. After Process 1 has stored the HWM, it proceeds and manages to start subsequent transactions which also bump the HWM value (e.g. a range allocation, which is also triggered from allocation code). When process 2 finally manages to start the transaction, the HWM value is aready > 0. But process 2 does not look again and simply overwrites the HWM with 0. So the next allocation will overwrite an existing mapping, at least partially. This patch changes the mechanism to: 1. fetch the hwm value 2. if it does not exist start a transaction 3. fetch the hwm value 4. if it does not exist, store 0 5. commit the transaction. Note: this is not theoretical. Corruptions have been seen in cluster environments. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: print debug message when a HWM key has been createdMichael Adam2014-04-031-0/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: reverse logic flow in idmap_autorid_init_hwm(), decreasing indentation.Michael Adam2014-04-031-9/+13
| | | | | | | I.e. move writing case to the end. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: store hwm as uint32_t in idmap_autorid_init_hwm()Michael Adam2014-04-031-1/+1
| | | | | | | | The HWM is treated as uint32_t all the times. This was just a leftover from old code. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* winbindd: Ensure we do not look at rid_array before checking if it was returnedAndrew Bartlett2014-04-021-3/+3
| | | | | | | | We no longer return early if there are no members, we just return an empty array. Change-Id: I7b0949e0c0b9277426a8007514a8658615f6c709 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* s3-auth: Finally change make_user_info_*() use a parent talloc contextAndrew Bartlett2014-04-021-3/+6
| | | | | | Change-Id: Iedf516e8c24e0d18064aeedd8e287ed692d3c5b4 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* s3:winbindd: avoid argv related const warningsStefan Metzmacher2014-04-022-3/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Rename module init functions from samba_init_moduleChristof Schmitt2014-04-025-5/+5
| | | | | | | | | | | | | | | Some modules use samba_init_module as the name for the init functions, others use a name based on the module name. Rename the init functions from samba_init_module, to be consistent across all modules. This change also allows to build idmap_tdb2 and perfcount_test statically. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Apr 2 08:50:04 CEST 2014 on sn-devel-104
* auth/gensec: remove tevent_context argument from gensec_update()Stefan Metzmacher2014-03-271-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-kerberos: let kerberos_return_pac() return a PAC container.Günther Deschner2014-03-121-1/+7
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-kerberos: return a full PAC in kerberos_return_pac().Günther Deschner2014-03-121-1/+21
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-libads: pass down local_service to kerberos_return_pac().Günther Deschner2014-03-121-0/+9
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-kerberos: remove unused kdc_name from ↵Günther Deschner2014-03-071-4/+2
| | | | | | | | | | | | create_local_private_krb5_conf_for_domain(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Mar 7 18:43:57 CET 2014 on sn-devel-104
* rpc: fix name-normalization in rpc_sid_to_name()Michael Adam2014-02-251-1/+1
| | | | | | | | | | | | | Hand the *input* name as input into the normalize call, not the (potentially uninitialized...) *output* name... Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463 Change-Id: I4f3fc25882c22d96329e252d0a53bbe13d533472 Pair-Programmed-With: Gregor Beck <gbeck@sernet.de> Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* rpc: correctly tread domain-only requests in rpc_sid_to_name()Michael Adam2014-02-251-1/+1
| | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463 Change-Id: I6a8a8c272b9cf7dbce4f9a99012209c29c31e839 Pair-Programmed-With: Gregor Beck <gbeck@sernet.de> Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* samr: don't block the sam sid or the builtin domain sid in sid_to_nameStefan Metzmacher2014-02-251-0/+2
| | | | | | | | | | | | | Previously only members of these domains were handled. But we also need to handle the domain itself. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463 Change-Id: I44f85267eda243d586fffd24a799e153de0ff982 Pair-Programmed-With: Gregor Beck <gbeck@sernet.de> Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@sernet.de> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:winbindd: avoid directly asking a trusted domain in wb_lookupsids*()Gregor Beck2014-02-211-1/+1
| | | | | | | | | | | | | | As a domain member we should always use a DC of our own domain. It would be possible to pass all sids in one single dcerpc_wbint_LookupSids() call. For now we just fix bug. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=10458 Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:winbindd: fix _wbint_LookupSids() on errorGregor Beck2014-02-211-1/+7
| | | | | | | | | | | | | | | We need to make sure that r->out.domains remains valid, otherwise we're not able to marshall the response. Note that wbint_LookupSids() has [out,ref] lsa_RefDomainList *domains, while lsa_LookupSids() has [out,ref] lsa_RefDomainList **domains. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=10458 Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* winbindd: Avoid using deallocated memorySantosh Kumar Pradhan2014-02-201-1/+1
| | | | | | | | | | | Failure in ads_search_retry() deallocates the memory occupied by "ads" which should not be used after. CID: 242096 Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* winbindd: Use the right flags in dsgetdcnameVolker Lendecke2014-02-141-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Feb 14 21:59:22 CET 2014 on sn-devel-104
* param: No longer have a special case for lp_configfileAndrew Bartlett2014-02-121-1/+1
| | | | | | | | | | | | | | This parameter is renamed because it does not normally return the current smb.conf file, but instead returns the next one, as found in a config file = directive, to be loaded. This avoids a conflict with the lpcfg_configfile from lib/param, which does refer to the current smb.conf path. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Michael Adam <obnox@samba.org>
* param: rename lp function and variable from "cli_minprotocol" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "client_min_protocol" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "cli_maxprotocol" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "client_max_protocol" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from 'piddir' to 'pid_directory'Garming Sam2014-02-071-4/+4
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from 'lockdir' to 'lock_directory'Garming Sam2014-02-071-2/+2
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dbwrap: add a dbwrap_flags argument to db_open()Michael Adam2014-02-073-3/+3
| | | | | | | | | | This is in preparation to support handing flags to backends, in particular activating read only record support for ctdb databases. For a start, this does nothing but adding the parameter, and all databases use DBWRAP_FLAG_NONE. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* winbind3: Simplify fillup_pw_fieldVolker Lendecke2014-02-051-15/+14
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Feb 5 13:47:52 CET 2014 on sn-devel-104
* winbind3: Use fstrcpyVolker Lendecke2014-02-051-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* winbind3: Fix a comment typoVolker Lendecke2014-02-051-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* log winbind version (when requested) in winbindd logNoel Power2014-01-221-2/+2
| | | | | | | | | | | | | winbindd currently only logs the INTERFACE version request, it would be useful to additionally have the version returned in the log also. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jim McDonough <jmcd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Jan 22 21:57:04 CET 2014 on sn-devel-104
* s3-winbind: separate child response sock writeDavid Disseldorp2014-01-201-20/+27
| | | | | | | | | | For consistency with request read side. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Jan 20 14:23:10 CET 2014 on sn-devel-104
* s3-winbind: only pass needed args to child_read_requestDavid Disseldorp2014-01-201-18/+10
| | | | | | | | | | The socket and request are the only arguments required, the entire winbind child state structure is not needed. This allows for the separation of the request and response structures, which is useful for asynchronous conversion. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done().Volker Lendecke2014-01-161-1/+1
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jan 16 20:17:24 CET 2014 on sn-devel-104
* s3: winbindd: Move calling setup_domain_child() into add_trusted_domain().Jeremy Allison2014-01-081-32/+14
| | | | | | | | | | | | | | | | | Ensure it only gets called when a new domain is allocated and added to the list. This should fix problems with the previous logic where setup_domain_child() was called in places where an existing domain was returned. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jan 8 20:46:55 CET 2014 on sn-devel-104
* s3: winbindd: Move the logic of whether to set 'domain->primary' into ↵Jeremy Allison2014-01-081-4/+10
| | | | | | | | | add_trusted_domain(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3:winbindd: make use of rpccli_netlogon_network_logon()Stefan Metzmacher2014-01-071-13/+15
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of trust_pw_change() in _wbint_ChangeMachineAccount()Stefan Metzmacher2014-01-071-28/+7
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of trust_pw_change() for periodic password changesStefan Metzmacher2014-01-071-8/+8
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: use invalidate_cm_connection() to kill the netlogon connectionStefan Metzmacher2014-01-071-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of rpccli_{create,setup}_netlogon_creds()Stefan Metzmacher2014-01-073-52/+77
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: call rpccli_pre_open_netlogon_creds() in the parentStefan Metzmacher2014-01-071-0/+8
| | | | | | | This opens the CLEAR_IF_FIRST tdb in the long living parent. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: use netlogon_creds_cli_auth_level() in ↵Stefan Metzmacher2014-01-071-4/+1
| | | | | | | | | | cli_rpc_pipe_open_schannel_with_key() This means the auth level is now based on the "winbindd sealed pipes" option, defaulting to "yes" and DCERPC_AUTH_LEVEL_PRIVACY. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: make use of the new netlogon_creds_cli_contextStefan Metzmacher2014-01-073-144/+37
| | | | | | | | | | | | | | | This exchanges rpc_pipe_client->dc with rpc_pipe_client->netlogon_creds and lets the secure channel session state be stored in node local database. This is the proper fix for a large number of bugs: https://bugzilla.samba.org/show_bug.cgi?id=6563 https://bugzilla.samba.org/show_bug.cgi?id=7944 https://bugzilla.samba.org/show_bug.cgi?id=7945 https://bugzilla.samba.org/show_bug.cgi?id=7568 https://bugzilla.samba.org/show_bug.cgi?id=8599 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of the "winbind sealed pipes" option for all connectionsStefan Metzmacher2014-01-072-3/+20
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit (git 2.34.1) at 2024-06-24 06:45:44 +0000