summaryrefslogtreecommitdiffstats
path: root/source3/winbindd
Commit message (Collapse)AuthorAgeFilesLines
* s3-winbindd: Honour pdb_is_responsible_for_everything_else()Andrew Bartlett2014-06-161-8/+11
| | | | | | | | | | | This allows us to avoid running idmap_init_default_domain() which gives an error in the default AD DC config. Andrew Bartlett Change-Id: I923bd941951f6a907e6fa1ad167e5218a01040ff Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
* s3-winbindd: Implement SamLogon IRPC callAndrew Bartlett2014-06-114-51/+150
| | | | | | | | | | | | | | We do this by lifting parts of the winbindd_dual_pam_auth_crap() code into a new helper function winbind_dual_SamLogon(). This allows us to implement the semantics we need for IRPC, without the artifacts of the winbindd pipe protocol. Change-Id: Idb169217e6d68d387c99765d0af7ed394cb5b93a Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 11 12:43:58 CEST 2014 on sn-devel-104
* s3-winbind: Transparently forward IRPC messages to the winbind_dual childAndrew Bartlett2014-06-111-37/+80
| | | | | | Change-Id: I8b336e2365e10ef9ea04d0957eb0829d3766b11e Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-winbind rename winbindd_update_rodc_dns to be for more generic irpcAndrew Bartlett2014-06-113-10/+16
| | | | | | Change-Id: I385ef8bd766848becc42e58694207dc94cd07a89 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* librpc/idl: Merge wbint.idl with winbind.idl so we can forward IRPC requests ↵Andrew Bartlett2014-06-1138-44/+50
| | | | | | | | to internal winbind calls Change-Id: Iba3913d5a1c7f851b93f37e9beb6dbb20fbf7e55 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-winbindd: Listen on IRPC and do forwarded DNS updates on an RODCAndrew Bartlett2014-06-114-0/+137
| | | | | | Change-Id: Ib87933c318f510d95f7008e122216d73803ede68 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-winbindd: Register winbindd with irpcAndrew Bartlett2014-06-112-0/+33
| | | | | | Change-Id: Ie3c7109fef6982d95e8cad06870334565352e329 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth: Provide a way to use the auth stack for winbindd authenticationAndrew Bartlett2014-06-111-3/+42
| | | | | | | | | | | | | | This adds in flags that allow winbindd to request authentication without directly calling into the auth_sam module. That in turn will allow winbindd to call auth_samba4 and so permit winbindd operation in the AD DC. Andrew Bartlett Change-Id: I27d11075eb8e1a54f034ee2fdcb05360b4203567 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* winbindd: Call set_dc_type_and_flags on the internal domainAndrew Bartlett2014-06-115-113/+87
| | | | | | | | | | | | | | | | | | This allows the AD DC to be picked up correctly and gives the correct DNS name. To ensure no confusion, we also always init it with the full DNS name. It also means that, aside from the BUILTIN domain the initialized flag is set only in one place, which will help when we add more details to the domain structure in the future. This in turn allows kerberos authentication against winbindd on the AD DC. Andrew Bartlett Change-Id: Idc829cfe5f2e867c87107b49275b17f294821dcd Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:lib/afs move afs.c to common lib dirChristian Ambach2014-06-041-0/+1
| | | | | | | | | | some of the code in afs.c is needed by wbinfo that lives in the toplevel nsswitch directory, so move the afs.c file to a new top-level lib/afs directory. Use the name afs_funcs to avoid collisions with the afs.h header from OpenAFS Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-winbind: Use strlcpy to avoid log entry.Andreas Schneider2014-06-041-1/+4
| | | | | | | | | | | | | | The full_name from Windows can be longer than 255 chars which results in a warning on log level 0 that we have a string overflow. This will avoid the warning. However we should fix this sooner or later on the protocol level to have no limit. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jun 4 16:49:11 CEST 2014 on sn-devel-104
* winbindd: Use rpc_pipe_open_interface() so that winbindd uses the correct ↵Andrew Bartlett2014-06-041-12/+31
| | | | | | | | | | | | | rpc servers This means that in the AD DC, we use the AD DC servers, while in the classic DC or file server we continue to use the built-in SAMR and LSA servers. Andrew Bartlett Change-Id: I63b1443f5665016f7fcbed35907ec29d4424ab18 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* winbindd: Remove pointless if statementAndrew Bartlett2014-06-041-14/+10
| | | | | | Change-Id: I7d2646078f6e7ba596b92da7d37c285d10ad38c0 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* winbindd: explain that this check protects the AD DC machine account ↵Andrew Bartlett2014-06-041-0/+4
| | | | | | | | password (for now at least) Change-Id: I2e2eb2e7fc4a12f27025f42e4cc41560311ce6c8 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* winbind: Allow winbindd to be run from inside "samba"Andrew Bartlett2014-04-291-1/+2
| | | | | | | | | Change-Id: I6b90a9b62ba5821e0feedb23cd20642078ba0ca6 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Apr 29 05:28:39 CEST 2014 on sn-devel-104
* autorid: Add allocation from above in alloc range for well known sidsMichael Adam2014-04-251-0/+86
| | | | | | | | | | | This way, we achieve a better determinism for the id mappings of the well knowns without wasting a separate range. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Apr 25 17:52:10 CEST 2014 on sn-devel-104
* autorid: use dbwrap_trans_do() in idmap_autorid_sid_to_id_alloc()Michael Adam2014-04-251-22/+26
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: add high_id to range config and fill it where we also fill ↵Michael Adam2014-04-251-0/+2
| | | | | | | | | | range->low_id. This corresponds to low_id for convenience and allows for computations without going back to the global config. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: reserve 500 IDs at the top of the ALLOC range.Michael Adam2014-04-251-1/+4
| | | | | | | The wellknowns are now allocated into this sub-range. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: reverse order of arguments of idmap_autorid_sid_to_id_alloc()Michael Adam2014-04-251-4/+5
| | | | | | | for consistency Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: introduce idmap_autorid_domsid_is_for_alloc()Michael Adam2014-04-251-2/+14
| | | | | | | | | Currently, this checks if the sid is a wellknown domain sid. But the code reads more nicely and more domains might be added in the future. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: factor idmap_autorid_sid_to_id() out of idmap_autorid_sids_to_unixids()Michael Adam2014-04-251-95/+76
| | | | | | | | | - reduces indentation - unifies error code paths and bumping counters - makes the code more easy to read Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: make the checks for bumping num_mapped identical for alloc and rid caseMichael Adam2014-04-251-2/+2
| | | | | | | in idmap_autorid_sids_to_unixids() Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: explicitly return NTSTATUS_OK in idmap_autorid_sid_to_id_alloc().Michael Adam2014-04-251-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: more explicitly and reasonably set map->state in ↵Michael Adam2014-04-251-3/+5
| | | | | | | idmap_autorid_sid_to_id_alloc Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: rename idmap_autorid_sid_to_id() -> idmap_autorid_sid_to_id_rid()Michael Adam2014-04-251-2/+3
| | | | | | | | For consistency. This is the function that does the calculation if the sid is treated by a rid range. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: rename idmap_autorid_map_sid_to_id() -> idmap_autorid_sid_to_id_alloc()Michael Adam2014-04-251-5/+5
| | | | | | | for consistency. this is the sid->id function for the alloc range. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: rename idmap_autorid_map_id_to_sid() -> idmap_autorid_id_to_sid_alloc()Michael Adam2014-04-251-3/+3
| | | | | | | | for consistency. This is the function that maps id to sid for the alloc range. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: factor idmap_autorid_get_alloc_range() out of ↵Michael Adam2014-04-251-6/+17
| | | | | | | idmap_autorid_allocate_id() Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: fix discard-const warning in idmap_autorid_init_hwm()Michael Adam2014-04-251-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: fix uninitialized return code for successful autorid.tdb ↵Michael Adam2014-04-251-3/+1
| | | | | | | creation/opening Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: improve a debug message in idmap_autorid_map_sid_to_id()Michael Adam2014-04-251-2/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: add debug messages to idmap_autorid_get_domainrange()Michael Adam2014-04-251-0/+4
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: improve wording in a debug messageMichael Adam2014-04-251-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* autorid: remove a legacy comment from sid_to_idMichael Adam2014-04-251-5/+0
| | | | | | | | | | | With the introduction of the ID_TYPE_BOTH mapping to idmap_autorid, it is not a deficiency but a virtue of the autorid backend that it does not care about the existence or type of the sid to be mapped. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* idmap_rid: remove a legacy comment from sid_to_idMichael Adam2014-04-251-4/+0
| | | | | | | | | | | With the introduction of the ID_TYPE_BOTH mapping to idmap_rid, it is not a deficiency but a virtue of the rid backend that it does not care about the existence or type of the sid to be mapped. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* idmap_tdb_common: remove legacy comment.Michael Adam2014-04-251-5/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* idmap_tdb_common: fix a debug message in idmap_tdb_common_set_mapping()Michael Adam2014-04-251-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* idmap_tdb_common: fix a debug message in idmap_tdb_common_unixid_to_sid()Michael Adam2014-04-251-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3: winbindd: Call dgram cleanup init background setup.Jeremy Allison2014-04-231-0/+4
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* winbindd: use exit_daemon() to pass startup status to systemdAlexander Bokovoy2014-04-231-9/+4
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10517 Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* add systemd integrationAlexander Bokovoy2014-04-231-0/+5
| | | | | | | | | | | | | | | Add --with-systemd / --without-systemd options to check whether libsystemd-daemon library is available and use it to report service startup status to systemd for smbd/winbindd/nmbd and AD DC. The problem it solves is correct reporting of the Samba services at the point when they are ready to serve clients, important for high availability software integration. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10517 Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib-util: rename memdup to smb_memdup and fix all callersBjörn Baumbach2014-04-161-1/+1
| | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Volker Lendecke <vl@samba.org>
* autorid: use the db argument in the initialize traverse action.Michael Adam2014-04-031-2/+2
| | | | | | | | | | | | | | By a copy and paste error, the global autorid_db was used. This was not currently a problem in behaviour, because this autorid_db is passed as the argument. This change fixes the callback function for consistency. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Apr 3 08:36:55 CEST 2014 on sn-devel-104
* autorid: make the whole initialization atomic with one transaction.Michael Adam2014-04-031-10/+38
| | | | | | | | | | | | | | | | | | | | | | | | Originally, there were several writing operations: - store the range HWM - store the alloc uid HWM - store the alloc gid HWM - store the config - create mappings for a whole list of wellknown sids Each of these consisted of its own transaction, the wellknown preallocation even of one transaction per sid. This change wrapps all of these in one big transaction. Thereby making the whole initialization atomic, and with respect to the creation of the wellknown mappings also more deterministic. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Apr 3 02:41:25 CEST 2014 on sn-devel-104
* autorid: initialize: fix typo in and further improve a debug message.Michael Adam2014-04-031-2/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: initialize: use the split db_open and init_hwms function instead of ↵Michael Adam2014-04-031-1/+6
| | | | | | | | | db_init This way, we can later put all of the storing functions inside one transaction. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: initialize: open the autorid db as late as possible.Michael Adam2014-04-031-8/+9
| | | | | | | But make sure to link the db context to commonconfig afterwards. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: initialize: link config to commonconfig as soon as it is allocated.Michael Adam2014-04-031-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* autorid: initialize: link commonconfig to dom as soon as it is allocatedMichael Adam2014-04-031-2/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
generated by cgit (git 2.34.1) at 2024-05-26 08:41:00 +0000