summaryrefslogtreecommitdiffstats
path: root/source3/winbindd
Commit message (Collapse)AuthorAgeFilesLines
...
* s3-winbind Move winbind privileged socket dir into state_path()Andrew Bartlett2011-06-201-1/+1
| | | | | | | | | On default installs, this will be the same as the old lock_path(), but lock_path() is now a directory that can safely be mapped to /var/locks and removed by the OS on reboot. It is important that the directory permissions of this directory be preserved, as they may be customised. Andrew Bartlett
* s3:wb_lookupsids: add some paranoia checks to wb_lookupsids_recv()Stefan Metzmacher2011-06-161-0/+18
| | | | | | | | | This hopefully catches future bugs. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jun 16 19:50:16 CEST 2011 on sn-devel-104
* s3:wb_lookupsids: don't ignore 'result' and check if we got useable valuesStefan Metzmacher2011-06-161-4/+48
| | | | | | | The wrong fix for bug #8215 discovered this bug, as it caused sam_rids_to_names() to always return NT_STATUS_NONE_MAPPED. metze
* Revert "s3-winbind: Fix paranoia checks in winbindd_samr.c."Stefan Metzmacher2011-06-161-2/+2
| | | | | | | | This reverts commit 207a84d725b905c2b119d2ef0f4f4d4eb391140d. This is the wrong fix for the problem, see bug #8215. metze
* s3-winbind: Fix paranoia checks in winbindd_samr.c.Andreas Schneider2011-06-151-2/+2
| | | | | | | | | | | This fixes looking up the correct unix user instead of allocation a new uid and creating it. Fix bug #8215 (winbind unix username lookup doesn't work correctly). (cherry picked from commit 531edfdd1924bfb2ef486820f7f5787098bd953a) Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Wed Jun 15 09:56:01 CEST 2011 on sn-devel-104
* s3: Remove "struct ip_service" from resolve_winsVolker Lendecke2011-06-121-15/+3
|
* Revert "s3:idmap_autorid: add a talloc_stackframe() to ↵Michael Adam2011-06-111-6/+5
| | | | | | | | | | | idmap_autorid_initialize()" This reverts commit 65490ea4e67bf82cf8fb0b8e4e74047c3f63c509. This sequence of patches needs to be done differently. Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Sat Jun 11 12:55:11 CEST 2011 on sn-devel-104
* Revert "s3:idmap_autorid: use "idmap config <DOMAIN> : rangesize" instead of ↵Michael Adam2011-06-111-9/+1
| | | | | | | | "autorid:rangesize"" This reverts commit b0b0b625b588057c8c97371934bf21eb1fd985d8. This sequence of patches needs to be done differently.
* Revert "s3:idmap_autorid: fail initialization if the domain is not "*""Michael Adam2011-06-111-9/+1
| | | | | | This reverts commit cd8dc47bf17d2cdb1558dc6ab49320ba12af8f34. This sequence of patches needs to be done differently.
* bug in source3/winbindd/winbindd_sids_to_xids.cHerb Lewis2011-06-101-1/+4
| | | | | | | | | | | | | | | | I'm having trouble getting my system setup to do submits right now but I discovered a bug in the subject file that causes winbindd lookup sids command to assign incorrect unix ids. The change to sid_peek_rid fixes the case where you call lookup sids with sids s1 s2 s3 which cause them to be cached. then call with s1 s2 s4 and s4 will get the unix id of s1. The other change fixes the case where a sid that was not translated gets a value returned instead of being listed as unmapped. Could someone review this and push to master and 3.6 for me? Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Jun 10 14:35:21 CEST 2011 on sn-devel-104
* s3-param Remove special case for global_myname(), rename to lp_netbios_name()Andrew Bartlett2011-06-095-10/+10
| | | | | | | | There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett
* s3-talloc Change TALLOC_ZERO_ARRAY() to talloc_zero_array()Andrew Bartlett2011-06-096-17/+17
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_ARRAY isn't standard talloc.
* s3-talloc Change TALLOC_ZERO_P() to talloc_zero()Andrew Bartlett2011-06-0915-20/+20
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_P isn't standard talloc.
* s3-talloc Change TALLOC_P() to talloc()Andrew Bartlett2011-06-092-3/+3
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_P isn't standard talloc.
* s3-talloc Change TALLOC_ARRAY() to talloc_array()Andrew Bartlett2011-06-098-24/+24
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_ARRAY isn't standard talloc.
* s3-talloc Change TALLOC_REALLOC_ARRAY() to talloc_realloc()Andrew Bartlett2011-06-096-14/+14
| | | | | | | Using the standard macro makes it easier to move code into common, as TALLOC_REALLOC_ARRAY isn't standard talloc. Andrew Bartlett
* s3-winbind: always use samlogon cache for wbinfo -r, even when caching isGünther Deschner2011-06-081-4/+0
| | | | | | | | | disabled. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Jun 8 17:45:56 CEST 2011 on sn-devel-104
* s3-winbindd: make sure we obey the -n switch also for samlogon cache access.Günther Deschner2011-06-085-3/+17
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Jun 8 14:44:31 CEST 2011 on sn-devel-104
* s3:idmap_autorid: fail initialization if the domain is not "*"Michael Adam2011-06-071-0/+8
| | | | | | | autorid can only be used as a backend for the default idmap configuration. Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Tue Jun 7 19:13:18 CEST 2011 on sn-devel-104
* s3:idmap_autorid: use "idmap config <DOMAIN> : rangesize" instead of ↵Michael Adam2011-06-071-1/+9
| | | | "autorid:rangesize"
* s3:idmap_autorid: add a talloc_stackframe() to idmap_autorid_initialize()Michael Adam2011-06-071-5/+6
|
* s3:winbind: Convert WINBINDD_WINS_BYIP to the async APIVolker Lendecke2011-06-054-73/+143
|
* s3:idmap_ldap: allow creation of ldap stored mappings for explicitly ↵Michael Adam2011-06-011-1/+1
| | | | | | | configured domains. After the preparations, this is achieved by using idmap_ldap_allocate_id_internal() as get_new_id rw method instead of idmap_ldap_allocate_id().
* s3:idmap_ldap: rename idmap_ldap_get_new_id to idmap_ldap_allocate_idMichael Adam2011-06-011-6/+6
| | | | This is in preparation of allowing allocating ldap based domain-specific configs.
* s3:idmap_ldap: rename idmap_ldap_allocate_id to idmap_ldap_allocate_id_internalMichael Adam2011-06-011-3/+3
| | | | This is in preparation of allowing allocating ldap based domain-specific configs.
* s3:winbindd_nrd: include ../librpc/ndr/libndr.h instead of librpc/ndr/util.hMichael Adam2011-05-311-1/+1
|
* s3:winbindd/idmap_proto.h: add _WINBINDD_IDMAP_PROTO_H_ guardMichael Adam2011-05-311-0/+4
|
* s3:winbindd/idmap_proto.h: add GPL/Copyright headerMichael Adam2011-05-311-0/+25
|
* Fix numerous missing dependencies in WAF build scriptsSean Finney2011-05-251-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the recent consolidation of code between s3 and s4, a number of new dependencies have been implicitly introduced. For example, previous s3 code gained an implicit dependency on talloc after the charset related consolidation (lib/util/charset/charset.h now includes talloc.h). When building against the embedded version of talloc this isn't a problem since the paths are automatically added to the search path, but when building against the external libraries build failures will occur for all components that don't directly or indirectly include talloc as a dependency. Since charset.h is included from util.h, which in turn is included from includes.h, this means most of the codebase (s3 and s4) has such an undeclared dependency. Therefore, samba-util-common and samba-util have been added as dependencies to the s3 and s4 code respectively, for all cases where the source would otherwise fail to build. Additionally, a few other dependencies are added in specific wscript_build files to address similar dependency-related problems. https://bugzilla.samba.org/show_bug.cgi?id=8128 Signed-off-by: Sean Finney <seanius@seanius.net> Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed May 25 19:22:13 CEST 2011 on sn-devel-104
* s3-winbind: BUG 8166 - Don't lockout users when offline.Jim McDonough2011-05-251-1/+4
| | | | | | | Windows does not track bad password attempts when offline. We were locking users out but not honoring the lockout duration. Autobuild-User: Jim McDonough <jmcd@samba.org> Autobuild-Date: Wed May 25 18:11:10 CEST 2011 on sn-devel-104
* s3-lib Replace StrnCaseCmp() with strncasecmp_m()Andrew Bartlett2011-05-182-3/+3
| | | | | | | strncasecmp_m() never needs to call to talloc, and via next_codepoint() still has an ASCII fast-path bypassing iconv() calls. Andrew Bartlett
* s3: Use tevent_req_ntstatus properly in a few placesVolker Lendecke2011-05-1030-98/+49
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue May 10 13:11:10 CEST 2011 on sn-devel-104
* s3-libsmb: move protos to libsmb/proto.hGünther Deschner2011-05-061-0/+1
| | | | Guenther
* s3: only include tdb headers where needed.Günther Deschner2011-05-064-0/+4
| | | | Guenther
* s3-winbind: another strlcpy()/fstring fixAndrew Tridgell2011-05-061-2/+2
| | | | | Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri May 6 07:50:33 CEST 2011 on sn-devel-104
* More const fixes. Remove CONST_DISCARD.Jeremy Allison2011-05-063-3/+3
|
* More simple const fixups.Jeremy Allison2011-05-054-8/+8
|
* Fix warning messages caused by addition of null check in fstrcpy macro.Jeremy Allison2011-05-044-10/+16
|
* Fix simple uses of safe_strcpy -> strlcpy. Easy ones where we just remove -1.Jeremy Allison2011-05-043-5/+5
|
* Remove unused function parse_add_domuser().Jeremy Allison2011-05-042-26/+0
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed May 4 20:05:42 CEST 2011 on sn-devel-104
* s3: Properly deal with exited winbind childrenVolker Lendecke2011-05-041-0/+5
| | | | | | | | | | | | When a winbind child exits, we need to immediately close the socket. If not, the next request to that child will be sent to a socket without a listener, leading to a failed request. This failed request will then trigger a proper re-init. This patch avoids the one failed request. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed May 4 13:32:16 CEST 2011 on sn-devel-104
* s3: include ntdomain.h before including generated srv_ headers.Günther Deschner2011-05-023-2/+3
| | | | Guenther
* s3-winbindd: remove unused headers.Günther Deschner2011-05-022-6/+0
| | | | Guenther
* s3: remove various references to server side dcerpc structs (which are not ↵Günther Deschner2011-05-023-3/+0
| | | | | | needed). Guenther
* s3: Avoid a potential 100% CPU loop in winbinddVolker Lendecke2011-04-291-0/+27
| | | | | | | | | | | | | | | | | | | | | In the clustering case if ctdb is unhappy, winbindd_reinit_after_fork fails. This can lead to an endless loop depending on the scheduling of the parent vs child. Parent forks, child is immediately scheduled and exits. Parent gets SIGCHLD, parent is then scheduled before it sends the request out to the child. Parent tries to fork again immediately. The code before this patch did not really take into account that reinit_after_fork can fail. The code now sends the result of winbindd_reinit_after_fork to the parent and the parent only considers the child alive when it got NT_STATUS_OK. This was seen in 3.4 winbind. winbind has changed significantly since then, so it might be possible that this does not happen anymore in exactly this way. But passing up the status of reinit_after_fork and only consider the child alive when that's ok is the correct thing to do anyway. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Apr 29 17:58:19 CEST 2011 on sn-devel-104
* s3: Make winbindd_reinit_after_fork return NTSTATUSVolker Lendecke2011-04-294-12/+23
|
* s3: In winbind, close parent/child socketsVolker Lendecke2011-04-294-5/+15
| | | | This should further reduce fd load in winbind children
* s3-tevent: only include ../lib/util/tevent wrappers where needed.Günther Deschner2011-04-292-0/+3
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Apr 29 14:00:30 CEST 2011 on sn-devel-104
* s3: Close the winbind client fds after forkingVolker Lendecke2011-04-281-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In an overload situation, the winbind helper child process inherits all those hundreds of fd's which it will never talk to. Close them. We (Christian Ambach and me) just saw a crash in libkrb5. Christian's analysis showed that libkrb5 also does select, probably exceeding FD_SETSIZE and crashing due to that reason. The parent winbind in theory does not do Kerberos at all, so this should fix that problem. The crash is interesting because the child process did not really crash. Somewhere in glibc backtrace() is called, probably due to an assert() or some explicit consistency check. This then somehow generates a signal probably due to corrupted memory structures. That signal triggers Samba to again call backtrace(). This blocks hard on a ptrace_once(). Sorry for the long backtrace here, but this *is* interesting. The child process blocking and not really crashing makes the situation worse: The parent process does not get told the child has crashed and more client sockets pile up. This patch is intended to put some relief on this problem by closing the majority of sockets the parent holds. (gdb) bt \#0 0x00002ad686a2b07b in pthread_once () from /lib64/libpthread.so.0 \#1 0x00002ad6867adf87 in backtrace () from /lib64/libc.so.6 \#2 0x00002ad683eab27c in log_stack_trace () at lib/util.c:1580 \#3 0x00002ad683eab34b in smb_panic (why=0x2ad6841c6ec3 "internal error") at lib/util.c:1481 \#4 0x00002ad683e9af3e in fault_report (sig=1) at lib/fault.c:52 \#5 sig_fault (sig=1) at lib/fault.c:75 #6 <signal handler called> \#7 0x00002ad68673b005 in _int_malloc () from /lib64/libc.so.6 \#8 0x00002ad68673c95d in calloc () from /lib64/libc.so.6 \#9 0x00002ad684503e25 in _dl_new_object () from /lib64/ld-linux-x86-64.so.2 \#10 0x00002ad6844ffadc in _dl_map_object_from_fd () from /lib64/ld-linux-x86-64.so.2 \#11 0x00002ad684501d43 in _dl_map_object () from /lib64/ld-linux-x86-64.so.2 \#12 0x00002ad68450ac8d in dl_open_worker () from /lib64/ld-linux-x86-64.so.2 \#13 0x00002ad684506ed6 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2 \#14 0x00002ad68450a68c in _dl_open () from /lib64/ld-linux-x86-64.so.2 \#15 0x00002ad6867d0ba0 in do_dlopen () from /lib64/libc.so.6 \#16 0x00002ad684506ed6 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2 \#17 0x00002ad6867d0d07 in __libc_dlopen_mode () from /lib64/libc.so.6 \#18 0x00002ad6867adeea in init () from /lib64/libc.so.6 \#19 0x00002ad686a2b083 in pthread_once () from /lib64/libpthread.so.0 \#20 0x00002ad6867adf87 in backtrace () from /lib64/libc.so.6 \#21 0x00002ad68673285f in __libc_message () from /lib64/libc.so.6 \#22 0x00002ad68673a30f in _int_free () from /lib64/libc.so.6 \#23 0x00002ad68673a76b in free () from /lib64/libc.so.6 \#24 0x00002ad6853fe346 in krb5int_sendto () from /usr/lib64/libkrb5.so.3 \#25 0x00002ad6853fe511 in krb5_sendto_kdc () from /usr/lib64/libkrb5.so.3 \#26 0x00002ad6853df7c4 in ?? () from /usr/lib64/libkrb5.so.3 \#27 0x00002ad6853e0919 in krb5_get_init_creds () from /usr/lib64/libkrb5.so.3 \#28 0x00002ad6853e2a94 in krb5_get_init_creds_password () from /usr/lib64/libkrb5.so.3 \#29 0x00002ad684169ff1 in kerberos_kinit_password_ext (principal=0x2ad684702180 "<sanitized>", password=0x2ad6844c5bb0 "<sanitized>", time_offset=0, expire_time=0x2ad6846bf380, renew_till_time=0x0, cache_name=0x2ad6843cb3e0 "MEMORY:winbind_ccache", request_pac=false, add_netbios_addr=false, renewable_time=<value optimized out>, ntstatus=0x0) at libads/kerberos.c:223 \#30 0x00002ad68416a223 in ads_kinit_password (ads=0x2ad6846bf330) at libads/kerberos.c:327 \#31 0x00002ad68415f725 in ads_sasl_spnego_bind (ads=0x2ad6846bf330) at libads/sasl.c:812 \#32 0x00002ad68415dbc1 in ads_sasl_bind (ads=0x2ad6846bf330) at libads/sasl.c:1114 \#33 0x00002ad68415c09b in ads_connect (ads=0x2ad6846bf330) at libads/ldap.c:711 \#34 0x00002ad683e1b8f7 in ads_cached_connection (domain=0x2ad6846b07c0) at winbindd/winbindd_ads.c:124 \#35 0x00002ad683e1bc85 in sequence_number (domain=0x2ad6846b07c0, seq=0x2ad6846b0cd8) at winbindd/winbindd_ads.c:1233 \#36 0x00002ad683dffdd7 in refresh_sequence_number (domain=0x2ad6846b07c0, force=128) at winbindd/winbindd_cache.c:510 \#37 0x00002ad683e00520 in wcache_fetch (cache=<value optimized out>, domain=0x2ad6846b07c0, format=0x2ad68419901e "U/%s") at winbindd/winbindd_cache.c:638 \#38 0x00002ad683e04ac8 in query_user (domain=0x2ad6846b07c0, mem_ctx=0x2ad6846bc920, user_sid=0x7fff1d0cb8c0, info=0x7fff1d0cb810) at winbindd/winbindd_cache.c:1910 \#39 0x00002ad683df2d38 in winbindd_dual_userinfo (domain=0x2ad6846b07c0, state=0x7fff1d0cc9c0) at winbindd/winbindd_user.c:173 \#40 0x00002ad683e232e0 in fork_domain_child (child=0x2ad6846c2440) at winbindd/winbindd_dual.c:485 \#41 schedule_async_request (child=0x2ad6846c2440) at winbindd/winbindd_dual.c:319 \#42 0x00002ad683e229f2 in async_request_fail (state=0x2ad6846c1d00) at winbindd/winbindd_dual.c:214 \#43 0x00002ad683ebabec in run_events (ev=0x2ad6846aebf0, selrtn=0, read_fds=0x7fff1d0ce910, write_fds=<value optimized out>) at lib/events.c:123 \#44 0x00002ad683df08cb in process_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at winbindd/winbindd.c:1113 \#45 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at winbindd/winbindd.c:1437 Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu Apr 28 12:06:12 CEST 2011 on sn-devel-104
* s3-libads: Use ldap_init_fd() to connect to AD server in socket_wrapperAndrew Bartlett2011-04-281-3/+3
| | | | | | | | | | | | | | | | This means that we control the connection setup, don't rely on signals for timeouts and the connection uses socket_wrapper where that is required in our test environment. According to bug reports, this method is also used by curl and other tools, so we are not the first to (ab)use the OpenLDAP libs in this way. It is ONLY enabled for socket_wrapper at this time, as this is the best way to get 'make test' working for S3 winbind tests in an S4 domain. Andrew Bartlett
generated by cgit (git 2.34.1) at 2025-09-25 17:33:54 +0000