summaryrefslogtreecommitdiffstats
path: root/source3/winbindd
Commit message (Collapse)AuthorAgeFilesLines
* s3:winbindd fix a compiler warningChristian Ambach2012-09-241-1/+1
| | | | | | | about type potentially being used uninitialized Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Mon Sep 24 03:49:53 CEST 2012 on sn-devel-104
* s3:winbindd fix a compiler warningChristian Ambach2012-09-221-1/+1
| | | | about result being potentially uninitialized
* build: Fix enabled handling for HAVE_LDAP, we need to use bld.CONFIG_SETAndrew Bartlett2012-09-221-6/+6
| | | | | Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Sep 22 09:09:17 CEST 2012 on sn-devel-104
* winbind: Extend wbcAuthenticateUserEx to provide PACChristof Schmitt2012-09-203-6/+153
| | | | | | | | | | | | | | With this new interface, external applications that have authenticated to an ADS can pass the PAC from the Kerberos ticket to wbcAuthenticateUserEx. winbindd decodes and extracts the info3 information for the external application. If winbindd can verify the PAC signature, the info3 from the PACis also added to the netsamlogon_cache. The info3 data can be used by the external application to get the uid and primary gid. The data in netsamlogon_cache allows to retrieve the complete group list through the NSS function getgrouplist. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbind:idmap_tdb_common: improve readability of assignment by adding an "if"Michael Adam2012-09-201-3/+5
| | | | in idmap_tdb_common_sids_to_unixids()
* s3:winbind:idmap_tdb_common: improve readability of assignment by adding an "if"Michael Adam2012-09-201-3/+5
| | | | in idmap_tdb_common_unixids_to_sids()
* s3: Fix idmap_hashVolker Lendecke2012-09-201-1/+1
| | | | | | | | | Calling be_init with NULL safely crashes, because we dereference NULL. We don't need to call it here, this is called in all workers anyway. Thanks to Jiri Sasek <jiri.sasek@oracle.com> for finding this. Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Sep 20 05:03:54 CEST 2012 on sn-devel-104
* s3: make smbldaphelper subsystem an internal libraryAlexander Bokovoy2012-09-141-1/+1
| | | | | | | | | | | | | | | | | Break pdb_ldap -> smbldaphelper -> pdb -> pdb_ldap loop by making smbldaphelp intentionally underlinked internal library. It means that libsmbldaphelp is not usable unless its user is also linked to libpdb (that is the case for both its users, idmap_ldap and pdb_ldap, already) but gives us a break of the circular dependency in case pdb_ldap statically linked into pdb (default). This should solve case when idmap_ldap and pdb_ldap are dynamically loaded modules Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Fri Sep 14 01:02:21 CEST 2012 on sn-devel-104
* s3: make ldapsam-related functions a smbldaphelper subsystemAlexander Bokovoy2012-09-131-1/+1
| | | | | | | | | | | | | | | Since these functions are used in pdb_ldap and idmap_ldap, and pdb_ldap might be statically linked to libpdb (default), it is better to keep them as separate subsystem to avoid polluting libpdb namespace. This is first step in refactoring libpdb. Right now I cannot move these functions into proper libsmbldaphelper as it uses more of libpdb-included functions and linking pdb_ldap against libsmbldaphelper library would have created a loop if pdb_ldap is included into libpdb. Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Thu Sep 13 17:36:07 CEST 2012 on sn-devel-104
* Avoid overriding default ccache for ads operations.Simo Sorce2012-09-121-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Avoid overriding default ccache for ads operations. Nowadays various samba components may need to use GSSAPI and a default cred cache to perform their tasks. This code was completely overriding the whole process default ccache name, thus altering the current credentials and sometimes hijacking them (or getting preemptively hijaked). By using gss_krb5_import_cred we can instead use a private ccache (necessary sometimes to use a different set of credentials fromt he default cifs/fqdn@realm one, for example when contacting foreign DCs using trust credentials) that does not affect the rest of the process. For the kerberos versions which don't have gss_krb5_import_cred we fallback to temp override of KRB5CCNAME and gss_acquire_cred. Signed-off-by: Alexander Bokovoy <ab@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Wed Sep 12 21:18:09 CEST 2012 on sn-devel-104
* docs: Move idmap manpage to there old location.Andreas Schneider2012-09-118-891/+0
| | | | | | | This wasn't planned and slipped trough, sorry. Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Sep 11 14:28:53 CEST 2012 on sn-devel-104
* s3-smbldap: use smbldap_ prefixed functionsAlexander Bokovoy2012-09-071-1/+1
|
* wafsamba: Add support for manpages in SAMBA_MODULE.Andreas Schneider2012-09-078-0/+891
|
* s3-winbind: DON'T PANIC if we couldn't find the domain.Andreas Schneider2012-09-041-1/+9
| | | | | | | | If we don't have a connection to a trusted domain but still try to do a lookup we shouldn't segfault. Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Sep 4 18:16:06 CEST 2012 on sn-devel-104
* param: Add startup checks for valid server role/binary combinationsAndrew Bartlett2012-08-231-0/+6
| | | | | | | This should eliminate confusion from our users about what they can expect to successfully run. Andrew Bartlett
* Fix bug #9098 - winbind does not refresh kerberos tickets.Jeremy Allison2012-08-213-0/+39
| | | | | | | Based on work from Ian Gordon <ian.gordon@strath.ac.uk>. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Aug 21 22:01:15 CEST 2012 on sn-devel-104
* Fix bug #9104 - winbindd can mis-identify idle clients - can cause crashes ↵Herb Lewis2012-08-211-1/+2
| | | | | | | | | | | | | and NDR parsing errors. A connection is idle when both struct winbindd_cli_state->request AND struct winbindd_cli_state->response are NULL. Otherwise we can flag as idle a connection in the state of having sent the request to the winbindd child (request != NULL) but not yet received a reply (response == NULL). Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Aug 21 01:31:46 CEST 2012 on sn-devel-104
* s3-winbind: Return the DC name from DC_PINGChristof Schmitt2012-08-152-1/+13
| | | | | | | The DC that was attempted to ping is useful for troubleshooting. Return the DC name in the response to the wbclient. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3-winbind: Pass ping-dc result to clientChristof Schmitt2012-08-151-1/+9
| | | | | | | The client checks for an error code in response.data.auth.nt_status, make sure the result is stored there. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* Ensure we update last_access on the winbindd child struct on each request.Jeremy Allison2012-08-131-0/+1
|
* Correctly check for errors in strlower_m() returns.Jeremy Allison2012-08-094-5/+13
|
* Check error returns from strupper_m() (in all reasonable places).Jeremy Allison2012-08-096-15/+39
|
* lib/param: Move all enum declarations to lib/paramAndrew Bartlett2012-07-242-0/+2
| | | | | | | | This is in preperation for the parameter table being made common. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
* s3-winbind: Fix bug #9052 resolving our own "Domain Local" groups.Andreas Schneider2012-07-232-4/+10
| | | | | | | | | | | | | | | | | We don't resolve our own "Domain Local" groups since bug #7843 has been fixed. So we need to add the add resource groups to the sid list too. Before bug #7843 the "Domain Local" groups were added with a lookupuseraliases call, but this isn't done anymore for our domain so we need to resolve resource groups here. When to use Resource Groups: http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Jul 23 22:12:30 CEST 2012 on sn-devel-104
* s3-winbind: Fix idmap initialization debug message.Guenther Deschner2012-07-232-2/+2
| | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jul 23 18:19:00 CEST 2012 on sn-devel-104
* Move everything to use the common pidfile functions.Jeremy Allison2012-07-191-2/+3
| | | | The extra code in source3/lib/pidfile.c is no longer needed.
* Make the s3 pidfile use the common code inside lib/util/pidfile.cJeremy Allison2012-07-191-1/+1
|
* Move source4/smbd/pidfile into lib/util in preparation for making it in common.Jeremy Allison2012-07-191-2/+2
|
* loadparm: make the source3/ lp_ functions take an explicit TALLOC_CTX *.Rusty Russell2012-07-183-7/+7
| | | | | | | | | | They use talloc_tos() internally: hoist that up to the callers, some of whom don't want to us talloc_tos(). A simple patch, but hits a lot of files. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* source3/winbindd/winbindd_pam.c: fix stackframe leakRusty Russell2012-07-181-0/+1
| | | | | | | check_info3_in_group() doesn't always free its stackframe. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* source3/winbindd/idmap_tdb_common.c: fix stackframe leakRusty Russell2012-07-181-0/+1
| | | | | | | idmap_tdb_common_sid_to_unixid() doesn't always free its stackframe. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* source3/winbindd/winbindd_util.c: fix stackframe leakRusty Russell2012-07-181-2/+4
| | | | | | | winbindd_can_contact_domain() doesn't always free its stackframe. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* Enable AES in winbind.Andreas Schneider2012-07-171-1/+1
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* Fix bug #9016 - Connection to outbound trusted domain goes offline.Jeremy Allison2012-07-141-6/+0
| | | | | | | | | | | | By the time we've gotten to init_dc_connection_network() we shouldn't be second guessing the caller by calling winbindd_can_contact_domain(). If for some reason we do need to restrict the contact list here we can add a condition to only contact the primary domain or domains listed in the tdc cache, but I don't think that's neccessary. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Jul 14 03:17:57 CEST 2012 on sn-devel-104
* s3: rename sid_check_is_in_our_domain() to sid_check_is_in_our_sam()Michael Adam2012-07-124-5/+5
| | | | | | | | | This does not check whether the given sid is in our domain, but but whether it belongs to the local sam, which is a different thing on a domain member server. Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Jul 12 18:36:02 CEST 2012 on sn-devel-104
* s3: rename sid_check_is_domain() to sid_check_is_our_sam()Michael Adam2012-07-127-10/+10
| | | | | | This does not check whether the given sid is the domain sid, but whether it is the sid of the local sam, which is different for a domain member server.
* s3-winbind: Remove obsolte idmap_adex.Andreas Schneider2012-07-038-3781/+0
|
* dbwrap: remove get_flags().Rusty Russell2012-06-221-17/+2
| | | | | | | | | | | | The flags returned were TDB-specific: this was only used for detecting the endianness of obsolete databases (the conversion code was put in in 2003, with reference to Samba 2.3). It's easier to remove it than to translate the NTDB flags to TDB flags, and it's a really weird thing to ask for anyway. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* s3:winbindd: do not expose negative cache idmap entries as valid mappings ↵Stefan Metzmacher2012-06-211-6/+19
| | | | | | (bug #9002) metze
* s3:winbindd: discard the expired gid cache if we're online (bug #9002)Stefan Metzmacher2012-06-211-1/+1
| | | | | | This matches the uid case... metze
* s3: Remove an unnecessary ()Volker Lendecke2012-06-211-1/+1
| | | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Jun 21 16:05:30 CEST 2012 on sn-devel-104
* idmap-hash: Attempt to fix Coverity ID 709116 Overflowed array index writeVolker Lendecke2012-06-201-1/+6
| | | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Wed Jun 20 12:53:59 CEST 2012 on sn-devel-104
* idmap-hash: Fix Coverity ID 709117 Dereference before null checkVolker Lendecke2012-06-201-5/+5
| | | | Signed-off-by: Michael Adam <obnox@samba.org>
* idmap-hash: Fix Coverity 709118 Dereference before null checkVolker Lendecke2012-06-201-5/+5
| | | | Signed-off-by: Michael Adam <obnox@samba.org>
* idmap-hash: Adapt mapfile_read_line to README.CodingVolker Lendecke2012-06-201-1/+2
| | | | Signed-off-by: Michael Adam <obnox@samba.org>
* idmap-hash: Fix Coverity ID 709119 Unused pointer valueVolker Lendecke2012-06-201-1/+1
| | | | | | "p" is overwritten further down again before it's first use Signed-off-by: Michael Adam <obnox@samba.org>
* Fix unused variable warnings.Jeremy Allison2012-06-191-5/+12
|
* Remove unused variables.Jeremy Allison2012-06-191-8/+0
|
* TDB2: make SAMBA use tdb1 again for the moment.Rusty Russell2012-06-191-4/+0
| | | | | | | Otherwise the following surgery will break the SAMBA build and testsuite. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* s3:idmap_tdb: fix miss in rename of dbwrap_trans_store_uint32() to ↵Michael Adam2012-06-181-4/+4
| | | | dbwrap_trans_store_uint32_bystring()