summaryrefslogtreecommitdiffstats
path: root/source3/winbindd
Commit message (Collapse)AuthorAgeFilesLines
...
* s3-winbindd: Always map the LDAP error code to an NTSTATUSAndrew Bartlett2012-05-261-4/+20
| | | | | | | | | We do this so that we catch LDAP_TIMELIMIT_EXCEEDED as NT_STATUS_IO_TIMEOUT, which has special handling in winbindd_cache.c Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>
* Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy2012-05-231-2/+2
| | | | | | | | | | | | | | | | | System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
* Second part of fix for bug 8953 - winbind can hang as nbt_getdc() has no ↵Herb Lewis2012-05-231-0/+1
| | | | | | | | | | | | | timeout. If we're running with SEC_ADS and we don't get a cldap response from the server when querying its name, don't fall back to NetBIOS requests as they're unlikely to succeed. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed May 23 03:49:36 CEST 2012 on sn-devel-104
* Fix bug #8953 - winbind can hang as nbt_getdc() has no timeout.Jeremy Allison2012-05-221-1/+1
| | | | | Add a timeout_in_seconds parameter to nbt_getdc() to make it fail after that time with NT_STATUS_IO_TIMEOUT.
* s3-auth: Rename to init_system_session_info().Andreas Schneider2012-05-151-1/+1
| | | | | Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Tue May 15 13:56:00 CEST 2012 on sn-devel-104
* s3: Fix Coverity ID 241320 Array compared against 0Volker Lendecke2012-05-141-1/+1
| | | | | | | domain->alt_name is an array, not a pointer Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Mon May 14 15:11:47 CEST 2012 on sn-devel-104
* s3: Fix Coverity ID 242184 Dereference after null checkVolker Lendecke2012-05-101-5/+3
| | | | rpc_query_user unconditionally dereferences user_info if successfull
* s3:winbindd:autorid check that transaction start did workChristian Ambach2012-05-091-1/+5
| | | | | | | this fixes Coverity #700172 CHECKED_RETURN Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Wed May 9 00:27:08 CEST 2012 on sn-devel-104
* s3:winbindd/autorid add ignore builtin parameterChristian Ambach2012-05-081-0/+13
| | | | | | | BUILTIN should be handled by passdb, however if passdb does not know about a SID, autorid creates a range for BUILTIN and does deterministic mapping make it possible to turn off this behavior
* s3:winbindd/autorid add support for read-only modeChristian Ambach2012-05-081-6/+38
| | | | | | | make it possible to set read-only = yes for the backend so users can replicate an autorid.tdb to another server to use the same mappings without risking that updates are done on both sides
* s3:winbindd/autorid preallocate well-known SIDsChristian Ambach2012-05-081-0/+42
| | | | | | | | preallocate the list of well-known SIDs that Win2008R2 reports to be groups and that are on the list in KB243330 This will allow for deterministic mapping of these SIDs, even if they are stored in the allocation pool as this is the first thing that autorid will allocate from the pool during module initialization
* s3-idmap: convert most idmap_cache callers to unixid APIAndrew Bartlett2012-05-022-36/+23
| | | | | | | | | This will eventually allow the struct unixid to be passed all the way up and down the stack. Andrew Bartlett Signed-off-by: Michael Adam <obnox@samba.org>
* s3-winbindd: Do not use WBC_ types internally in winbinddAndrew Bartlett2012-05-021-3/+5
| | | | | | Use the types from idmap.idl instead Signed-off-by: Michael Adam <obnox@samba.org>
* s3-passdb: Change pdb_sid_to_id() to return struct unixidAndrew Bartlett2012-05-021-25/+2
| | | | | | | | | This will make it easier to consistantly pass a struct unixid all the way up and down the idmap stack, and allow ID_TYPE_BOTH to be handled correctly. Andrew Bartlett Signed-off-by: Michael Adam <obnox@samba.org>
* s3:winbindd/idmap_tdb: use idmap_tdb_common codeChristian Ambach2012-05-011-558/+18
|
* s3:winbindd/idmap_tdb2: fix logic error in set_mapping_actionChristian Ambach2012-05-011-1/+1
| | | | fix an endless loop
* s3:winbindd/idmap_tdb2: use idmap_tdb_common codeChristian Ambach2012-05-011-357/+91
|
* s3:winbindd/autorid use idmap_tdb_common code in autoridChristian Ambach2012-05-011-86/+227
| | | | | | - use common logic for the allocation pool - add a idmap_tdb style 1on1 mapping for non-domain SIDs like Everyone (S-1-1-0)
* s3:winbindd add idmap_tdb_common file to store common code of TDB idmap backendsChristian Ambach2012-05-013-1/+792
|
* s3: Remove a SMB_ASSERTVolker Lendecke2012-04-281-1/+5
| | | | | Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Sat Apr 28 23:38:45 CEST 2012 on sn-devel-104
* s3: Fix bug 8904 -- wbinfo --lookup-sids "" crashes winbindVolker Lendecke2012-04-281-5/+5
| | | | | | Much of the code further down and up the call chain expects the structures wb_lookupsids returns to be allocated. Do that despite we have nothing to look up.
* s3:winbindd: also try SMB2 when connecting to "IPC$"Stefan Metzmacher2012-04-271-7/+20
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Apr 27 13:10:15 CEST 2012 on sn-devel-104
* s3: Fix Coverity ID 2727 to 2740 -- UNINITVolker Lendecke2012-04-191-2/+2
|
* lib/util: Remove obsolete sys_getpid() and sys_fork().Jelmer Vernooij2012-03-243-6/+6
| | | | | | | | | The performance of these is minimal (these days) and they can return invalid results when used as part of applications that do not use sys_fork(). Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Mar 24 21:55:41 CET 2012 on sn-devel-104
* libreplace: Add getpeereid implementation.Jelmer Vernooij2012-03-242-2/+4
|
* s3-winbindd Only use SamLogonEx when we can get unencrypted session keysAndrew Bartlett2012-03-191-2/+2
| | | | | | | | | | | | | | | | | This ensures that we have some check on the session keys being returned as the RC4 cipher is not checksumed. The check comes from the fact that the credentials chain is tied to the session key, and so if the credentials check passes then the netlogon session key will be correct, and so the user session key will be correctly decrypted. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Mar 19 21:31:46 CET 2012 on sn-devel-104
* s3:smbd: let smbd/nmbd/winbindd child processes terminate if the parent ↵Michael Adam2012-03-151-0/+11
| | | | | | | | | | | process died. This applies to all child processes making use of reinit_after_fork(). It is implemented by establishing a pipe between parent and child. The child watches for EOF on the read end of the pipe, indidcating an exited parent. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
* s3: piddir creation fix part 2.Ira Cooper2012-03-071-0/+4
| | | | | | | Since the piddir got moved from the lockdir by default, the default piddir wasn't getting created, stopping some configurations from running. Signed-off-by: Jeremy Allison <jra@samba.org>
* s3-winbindd: Add stdin handler for winbindAndrew Bartlett2012-03-042-3/+48
| | | | | | | This will help avoid runaway processes in the test env, particularly when the whole selftest.pl is killed. Andrew Bartlett
* s3-winbindd: Close netlogon connection if the status returned by the ↵Matthieu Patou2012-02-271-1/+20
| | | | | | | | | | | | | NetrSamLogonEx call is timeout in the pam_auth_crap path If not the child process would hang for quite a long time up to the moment when the connection is cleaned by the kernel (took ~ 20 minutes) in my tests. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Feb 27 23:10:03 CET 2012 on sn-devel-104
* s3: Use the correct enum valuesVolker Lendecke2012-02-251-3/+3
| | | | | | | wbcIdType and id_type have the same values, but different names Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Sat Feb 25 23:46:36 CET 2012 on sn-devel-104
* s3-winbindd: pass logon parmeters down to check_sam_security()Andrew Bartlett2012-02-201-2/+6
| | | | | | | This allows ntlm_auth --diagnostics to work against the local DC, just as it works against a member server. Andrew Bartlett
* Fix a bunch of "unused variable" warnings.Jeremy Allison2012-02-183-7/+2
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Feb 18 06:22:40 CET 2012 on sn-devel-104
* lib/util: Remove sys_poll as it is no longer neededAndrew Bartlett2012-02-161-1/+1
| | | | | | | | | | | sys_poll() is only needed if the signal pipe is set up and used, but as no signal handler ever writes to the pipe, this can all be removed. signal based events are now handled via tevent. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>
* Rename obscure defined constants.Christopher R. Hertel (crh)2012-02-161-1/+1
| | | | | | | | | | | | | | | Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT. Also replaced several hard-coded references to the well-known port numbers (139 and 445, respectively) as appropriate. Small changes to clarify some comments regarding the two transport types. Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
* s3-winbindd: set the can_do_validation6 also for trusted domainMatthieu Patou2012-02-101-0/+2
| | | | | | | The flag can_do_validation6 was only set for the domain to which winbindd is the member. Setting this flag in other domains (trusted domain) if it's active directory domain is a good idea as it allow to do level 6 validation also when winbindd is querying them directly.
* s3-winbind: Remove unused bool "local"Christof Schmitt2012-02-061-5/+2
| | | | | | | | | | "local" is always False, so simply remove it and the if statement checking its value. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Feb 6 23:27:48 CET 2012 on sn-devel-104
* s3-winbind: don't try to do clever thing if the username is not found while ↵Matthieu Patou2012-01-301-1/+2
| | | | | | | | | | | | | authenticating through winbind This could cause that we authenticate a user with a bogus domain to winbind's domain if the password supplied for the PAM_AUTH match. The problem was reported by Jeff Venable (jvenable@juniper.net). Patch from Andrew Bartlett (abartlett@samba.org). Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Mon Jan 30 18:58:12 CET 2012 on sn-devel-104
* s3-librpc: pass struct ndr_interface_table down to ↵Andrew Bartlett2012-01-181-2/+2
| | | | | | | | | | | cli_pipe_open_generic/spnego() This allows the target service (as determined from the IDL) to be passed to GSSAPI (rather than the current, incorrect, "cifs"). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-librpc Make cli_rpc_pipe_open_spnego_ntlmssp() genericAndrew Bartlett2012-01-181-9/+14
| | | | | | | | | This also avoids passing NULL as the server to gensec_set_target_hostname() in spnego_generic_init_client(). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3: Add a "lock_order" argument to db_openVolker Lendecke2012-01-183-3/+6
| | | | | | | This will be used to enforce a lock hierarchy between the databases. We have seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb. These should be fixed by refusing a dbwrap_fetch_locked that does not follow a defined lock hierarchy.
* s3-winbindd: convert cached credentials to use auth_generic/gensec for NTLMSSPAndrew Bartlett2012-01-061-33/+46
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3: Remove some redundant codeVolker Lendecke2012-01-051-5/+0
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu Jan 5 17:16:45 CET 2012 on sn-devel-104
* s3-winbind: Fix segfault if we can't map the last user.Andreas Schneider2012-01-041-0/+18
| | | | | | | | | This fixes bug #8678. The issue is caused by bug #8608. Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Wed Jan 4 18:30:53 CET 2012 on sn-devel-104
* s3-winbind: Move finding the domain to it's own function.Andreas Schneider2012-01-041-11/+21
| | | | This the first part to fix bug #8678.
* s3: Fix some False/NULL hickupsVolker Lendecke2011-12-201-2/+2
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Dec 20 13:13:17 CET 2011 on sn-devel-104
* s3:idmap_autorid: use less transactionsChristian Ambach2011-12-161-55/+76
| | | | | | | | reduce the amount of transactions that are mostly unnecessary because no updates were done, only reads Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Fri Dec 16 20:18:37 CET 2011 on sn-devel-104
* s3: Remove a bunch of calls to procid_self()Volker Lendecke2011-12-122-2/+1
| | | | All callers to messaging_[re]init only used procid_self()
* Revert making public of the samba-module library.Jelmer Vernooij2011-12-036-6/+6
| | | | | | | | | | | | | | | This library was tiny - containing just two public functions than were themselves trivial. The amount of overhead this causes isn't really worth the benefits of sharing the code with other projects like OpenChange. In addition, this code isn't really generically useful anyway, as it can only load from the module path set for Samba at configure time. Adding a new library was breaking the API/ABI anyway, so OpenChange had to be updated to cope with the new situation one way or another. I've added a simpler (compatible) routine for loading modules to OpenChange, which is less than 100 lines of code. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
* s3-winbind: Add an update function for winbind cache.Andreas Schneider2011-12-031-2/+94
| | | | | | | | | | With 57b3d32 we changed the format for the winbind cache database and the code deleted the database for the upgrade. As this database holds also cached credentials, removing it is not an option. We need to update from version 1 to version 2. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Dec 3 03:47:58 CET 2011 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-09-29 10:02:42 +0000