| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
about type potentially being used uninitialized
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Mon Sep 24 03:49:53 CEST 2012 on sn-devel-104
|
|
|
|
| |
about result being potentially uninitialized
|
|
|
|
|
| |
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Sep 22 09:09:17 CEST 2012 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With this new interface, external applications that have authenticated
to an ADS can pass the PAC from the Kerberos ticket to
wbcAuthenticateUserEx. winbindd decodes and extracts the info3
information for the external application. If winbindd can verify the PAC
signature, the info3 from the PACis also added to the netsamlogon_cache.
The info3 data can be used by the external application to get the uid
and primary gid. The data in netsamlogon_cache allows to retrieve the
complete group list through the NSS function getgrouplist.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
| |
in idmap_tdb_common_sids_to_unixids()
|
|
|
|
| |
in idmap_tdb_common_unixids_to_sids()
|
|
|
|
|
|
|
|
|
| |
Calling be_init with NULL safely crashes, because we dereference NULL. We
don't need to call it here, this is called in all workers anyway. Thanks
to Jiri Sasek <jiri.sasek@oracle.com> for finding this.
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Sep 20 05:03:54 CEST 2012 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Break pdb_ldap -> smbldaphelper -> pdb -> pdb_ldap loop by
making smbldaphelp intentionally underlinked internal library.
It means that libsmbldaphelp is not usable unless its user is
also linked to libpdb (that is the case for both its users,
idmap_ldap and pdb_ldap, already) but gives us a break of
the circular dependency in case pdb_ldap statically linked
into pdb (default).
This should solve case when idmap_ldap and pdb_ldap are dynamically
loaded modules
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Fri Sep 14 01:02:21 CEST 2012 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since these functions are used in pdb_ldap and idmap_ldap, and
pdb_ldap might be statically linked to libpdb (default), it is
better to keep them as separate subsystem to avoid polluting libpdb
namespace.
This is first step in refactoring libpdb. Right now I cannot move
these functions into proper libsmbldaphelper as it uses more of
libpdb-included functions and linking pdb_ldap against libsmbldaphelper
library would have created a loop if pdb_ldap is included into libpdb.
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Thu Sep 13 17:36:07 CEST 2012 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid overriding default ccache for ads operations.
Nowadays various samba components may need to use GSSAPI and a default cred
cache to perform their tasks.
This code was completely overriding the whole process default ccache name, thus
altering the current credentials and sometimes hijacking them (or getting
preemptively hijaked).
By using gss_krb5_import_cred we can instead use a private ccache (necessary
sometimes to use a different set of credentials fromt he default
cifs/fqdn@realm one, for example when contacting foreign DCs using trust
credentials) that does not affect the rest of the process.
For the kerberos versions which don't have gss_krb5_import_cred
we fallback to temp override of KRB5CCNAME and gss_acquire_cred.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Sep 12 21:18:09 CEST 2012 on sn-devel-104
|
|
|
|
|
|
|
| |
This wasn't planned and slipped trough, sorry.
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Sep 11 14:28:53 CEST 2012 on sn-devel-104
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
If we don't have a connection to a trusted domain but still try to do a
lookup we shouldn't segfault.
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Sep 4 18:16:06 CEST 2012 on sn-devel-104
|
|
|
|
|
|
|
| |
This should eliminate confusion from our users about what they can
expect to successfully run.
Andrew Bartlett
|
|
|
|
|
|
|
| |
Based on work from Ian Gordon <ian.gordon@strath.ac.uk>.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 21 22:01:15 CEST 2012 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and NDR parsing errors.
A connection is idle when both struct winbindd_cli_state->request AND
struct winbindd_cli_state->response are NULL. Otherwise we can flag
as idle a connection in the state of having sent the request to
the winbindd child (request != NULL) but not yet received a reply
(response == NULL).
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 21 01:31:46 CEST 2012 on sn-devel-104
|
|
|
|
|
|
|
| |
The DC that was attempted to ping is useful for troubleshooting. Return
the DC name in the response to the wbclient.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
| |
The client checks for an error code in response.data.auth.nt_status,
make sure the result is stored there.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This is in preperation for the parameter table being made common.
Andrew Bartlett
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't resolve our own "Domain Local" groups since bug #7843 has been
fixed. So we need to add the add resource groups to the sid list too.
Before bug #7843 the "Domain Local" groups were added with a
lookupuseraliases call, but this isn't done anymore for our domain
so we need to resolve resource groups here.
When to use Resource Groups:
http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 23 22:12:30 CEST 2012 on sn-devel-104
|
|
|
|
|
|
|
| |
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jul 23 18:19:00 CEST 2012 on sn-devel-104
|
|
|
|
| |
The extra code in source3/lib/pidfile.c is no longer needed.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
They use talloc_tos() internally: hoist that up to the callers, some
of whom don't want to us talloc_tos().
A simple patch, but hits a lot of files.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
|
|
|
|
|
| |
check_info3_in_group() doesn't always free its stackframe.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
|
|
|
|
|
| |
idmap_tdb_common_sid_to_unixid() doesn't always free its stackframe.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
|
|
|
|
|
| |
winbindd_can_contact_domain() doesn't always free its stackframe.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
|
|
| |
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
By the time we've gotten to init_dc_connection_network() we shouldn't
be second guessing the caller by calling winbindd_can_contact_domain().
If for some reason we do need to restrict the contact list here we
can add a condition to only contact the primary domain or domains
listed in the tdc cache, but I don't think that's neccessary.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jul 14 03:17:57 CEST 2012 on sn-devel-104
|
|
|
|
|
|
|
|
|
| |
This does not check whether the given sid is in our domain, but
but whether it belongs to the local sam, which is a different
thing on a domain member server.
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 12 18:36:02 CEST 2012 on sn-devel-104
|
|
|
|
|
|
| |
This does not check whether the given sid is the domain sid,
but whether it is the sid of the local sam, which is different
for a domain member server.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The flags returned were TDB-specific: this was only used for detecting
the endianness of obsolete databases (the conversion code was put in in
2003, with reference to Samba 2.3).
It's easier to remove it than to translate the NTDB flags to TDB flags,
and it's a really weird thing to ask for anyway.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
|
|
|
|
| |
(bug #9002)
metze
|
|
|
|
|
|
| |
This matches the uid case...
metze
|
|
|
|
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jun 21 16:05:30 CEST 2012 on sn-devel-104
|
|
|
|
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Jun 20 12:53:59 CEST 2012 on sn-devel-104
|
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
|
|
|
|
| |
"p" is overwritten further down again before it's first use
Signed-off-by: Michael Adam <obnox@samba.org>
|
| |
|
| |
|
|
|
|
|
|
|
| |
Otherwise the following surgery will break the SAMBA build and testsuite.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
|
|
| |
dbwrap_trans_store_uint32_bystring()
|