summaryrefslogtreecommitdiffstats
path: root/source4/winbind
Commit message (Collapse)AuthorAgeFilesLines
* winbind: Fix template homedir to match source3Andrew Bartlett2014-06-042-4/+4
| | | | | | | | | | | | Fix provided by Andy Igoshin <ai@vsu.ru> BUG: https://bugzilla.samba.org/show_bug.cgi?id=10324 Andrew Bartlett Change-Id: Ie94d207fed91e9dfd85ee3c3339c376b25ac5fa4 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* winbind: Allow winbindd to be run from inside "samba"Andrew Bartlett2014-04-292-0/+102
| | | | | | | | | Change-Id: I6b90a9b62ba5821e0feedb23cd20642078ba0ca6 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Apr 29 05:28:39 CEST 2014 on sn-devel-104
* winbind4: Remove unused winbind_get_idmap irpc operationVolker Lendecke2014-03-051-72/+0
| | | | | | | Change-Id: Ia5e62d30b277f8a7074d451cfb8675eee8e9d21f Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Revert "winbind4: Remove unused winbind_get_idmap irpc operation"Volker Lendecke2014-02-181-0/+72
| | | | | | | This reverts commit 41ff0f4454ef23d0ac3e31560d78a2b966769fea. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:winbind: make use of dcerpc_binding_[g|s]et_flags()Stefan Metzmacher2014-02-131-9/+31
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:winbind: don't access dcerpc_binding internals in init_domain_binding()Stefan Metzmacher2014-02-131-7/+9
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* winbind4: Remove unused winbind_get_idmap irpc operationVolker Lendecke2014-02-101-72/+0
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Kai Blin <kai@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Feb 10 13:24:09 CET 2014 on sn-devel-104
* log winbind version (when requested) in winbindd logNoel Power2014-01-221-0/+2
| | | | | | | | | | | | | winbindd currently only logs the INTERFACE version request, it would be useful to additionally have the version returned in the log also. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jim McDonough <jmcd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Jan 22 21:57:04 CET 2014 on sn-devel-104
* s4:winbind: let wb_samr_userdomgroups_send() take ↵Stefan Metzmacher2014-01-162-9/+11
| | | | | | | | | tevent_context/dcerpc_binding_handle This avoids usage/dereferencing 'struct dcerpc_pipe'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:winbind: let wb_lsa_lookupnames_send() take ↵Stefan Metzmacher2014-01-162-6/+7
| | | | | | | | | tevent_context/dcerpc_binding_handle This avoids usage/dereferencing 'struct dcerpc_pipe'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:winbind: let wb_lsa_lookupsids_send() take ↵Stefan Metzmacher2014-01-163-6/+8
| | | | | | | | | tevent_context/dcerpc_binding_handle This avoids usage/dereferencing 'struct dcerpc_pipe'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:winbind: make clear that we use the global tevent_contextStefan Metzmacher2014-01-164-2/+8
| | | | | | | | | We should avoid using the tevent_context pointer on a dcecli_connection, it's the same as the global per task one anyway. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:winbind: correctly fill the libnet_context lsa and samr binding handlesStefan Metzmacher2014-01-161-0/+6
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.Jeremy Allison2013-12-091-1/+12
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.Jeremy Allison2013-12-091-1/+12
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
* s4-winbindd: Do not terminate a connection that is still pending (bug #9820)Andrew Bartlett2013-07-103-2/+64
| | | | | | | | | | | | | | | Instead, wait until the call attempts to reply, and let it terminate then (often this happens in the attempt to then write to the broken pipe). Andrew Bartlett Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-winbind: Add special case for BUILTIN domainAndrew Bartlett2013-06-203-20/+37
| | | | | | | | | | | | | | This should mean that lookups for the BUILTIN domain cause less trouble then they have in the past, because they will no longer go via the trusted domain handler. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jun 20 15:30:00 CEST 2013 on sn-devel-104
* s4:winbind: don't leak libnet_context into the main event contextStefan Metzmacher2013-06-041-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This needs to be a talloc child of struct wbsrv_domain otherwise the cleanup of a broken connection doesn't work. The following command can trigger the leak on a domain controller. root@dc:~/samba# ls -l /var/lib/samba/sysvol/samba.private/ total 16 drwxrwx---+ 5 root 3000000 4096 May 14 14:46 Policies drwxrwx---+ 2 root 3000000 4096 May 14 11:45 scripts gid 3000000 belongs to Builtin\Administrators. The code triggers a ncacn_np: connection to the local smbd and complains that domain BUILTIN is not available: [2013/05/29 17:28:03, 2] ../source4/winbind/wb_init_domain.c:376(init_domain_recv_queryinfo) Expected domain name BUILTIN, DC dc.samba.private said SAMBA In that case the connection was not closed, which is fixed by this commit. Using ncalrpc: for all local SIDs and serving the BUILTIN domain is a project for another day... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Jun 4 11:05:09 CEST 2013 on sn-devel-104
* s4:idmap: break account_type check lines for readability in idmap_sid_to_xid()Michael Adam2013-05-271-2/+7
| | | | | | | | | | Also makes code obey README.Coding, regarding line-length. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon May 27 00:05:19 CEST 2013 on sn-devel-104
* winbind4: Fix bug 9832 -- talloc use after freeVolker Lendecke2013-05-161-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu May 16 13:37:41 CEST 2013 on sn-devel-104
* source4/winbind/wb_samba3_cmd.c: Fix typo in comment.Karolin Seeger2013-05-161-1/+1
| | | | | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu May 16 07:49:24 CEST 2013 on sn-devel-104
* winbind4: Fix bug 9832 -- talloc use after freeVolker Lendecke2013-04-301-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:winbindd: fix spacing and line length in cmd_getpwnam_recv_domain()Michael Adam2013-02-281-1/+2
| | | | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Feb 28 03:54:41 CET 2013 on sn-devel-104
* s4:winbindd: do not drop the workgroup name in the getgrgid callMichael Adam2013-02-271-1/+11
| | | | | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Feb 27 05:44:39 CET 2013 on sn-devel-104
* s4:winbindd: do not drop the workgroup name in the getgrnam and getgrent calls.Michael Adam2013-02-271-1/+11
| | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wb_samba3_cmd.c: Fix typo in comment.Karolin Seeger2013-02-181-1/+1
| | | | | | redundent -> redundant Signed-off-by: Karolin Seeger <kseeger@samba.org>
* s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307Andrew Bartlett2013-01-101-6/+3
| | | | | | | | | | This change matches the source3/idmap/idmap_ad.c code, and allows this feature to work with only the setting of the UID/GID in Active Directory Users and Computers. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Use the new directory_create_or_exist_strict() function.Andreas Schneider2013-01-091-2/+7
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth: rename netlogon_creds_decrypt_samlogon() to ↵Günther Deschner2012-12-151-3/+3
| | | | | | | | | netlogon_creds_decrypt_samlogon_validation(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Set trans to a value that is not LDB_SUCCESS (all LDB_ constants areMichele Baldessari2012-09-101-1/+1
| | | | | | | | positive) so that any "goto failed:" call does not end up calling ldb_transaction_cancel() if trans is initialized to 0 (LDB_SUCCESS) by chance. Signed-off-by: Jeremy Allison <jra@samba.org>
* s4:winbind: let wb_update_rodc_dns_send/recv use netlogon_queue (bug #9097)Stefan Metzmacher2012-08-251-3/+30
| | | | | | | metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Aug 25 05:06:18 CEST 2012 on sn-devel-104
* s4:winbind: let wb_sam_logon_send/recv() use the netlogon_queue (bug #9097)Stefan Metzmacher2012-08-251-3/+30
| | | | metze
* s4:winbind: add a netlogon_queue (tevent_queue)Stefan Metzmacher2012-08-252-0/+12
| | | | | | This will protect the netlogon_creds later. metze
* s4:winbind: convert wb_update_rodc_dns_send/recv to tevent_reqStefan Metzmacher2012-08-252-78/+122
| | | | metze
* s4:winbind: convert wb_sam_logon_send/recv to tevent_reqStefan Metzmacher2012-08-253-93/+140
| | | | metze
* s4:winbind: convert wb_sid2domain to tevent_req internallyStefan Metzmacher2012-08-251-74/+174
| | | | | | | The public wrapper still uses composite_context, because I don't have time to fix all the callers... metze
* s4 rfc2307 gids mapping fixSergey Urushkin2012-07-221-7/+8
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-param: Remove unused "idmap trusted only"Andrew Bartlett2012-07-191-6/+0
| | | | | | | | | When we revamp the idmap layer, we will end up just following the s3 options, and this option is not used there either. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
* s4-idmap: Add parameter 'idmap_ldb:use rfc2307' and correct implementation ↵Andrew Bartlett2012-06-201-20/+45
| | | | errors
* s4-idmap: Add mapping using uidNumber and gidNumber like idmap_adAndrew Bartlett2012-06-162-2/+123
| | | | | | | | | | This is a solution for users who are upgrading from Samba 3.x in particuar, or have clients that will be using idmap_ad. This avoids needing to have duplicate values in idmap.ldb and in the directory. No check for conflicts is made with the idmap.ldb - the AD store always wins. Andrew Bartlett
* lib/param: Create a seperate server role for "active directory domain ↵Andrew Bartlett2012-06-152-3/+6
| | | | | | | | | | | | | | | controller" This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett
* s4-libnet Always return after composite_error()Andrew Bartlett2012-04-232-0/+4
| | | | | | | | | | These instances should not cause a problem, but make it easier to audit for this kind of problem in the future with grep. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Apr 23 14:29:45 CEST 2012 on sn-devel-104
* s4:winbind: use ncalrpc for connections to ourselfStefan Metzmacher2012-02-292-7/+38
| | | | | | That avoids recursion if "smbd" is used as file server. metze
* s4-winbindd: Do not ask for a tree that we will not useAndrew Bartlett2012-02-291-4/+0
|
* s4-librpc: Fix NETLOGON credential chain with Windows 2008.Andreas Schneider2011-12-141-2/+2
| | | | | | | | | | Windows Server 2008 returns NT_STATUS_DOWNGRADE_DETECTED if you call netrServerAuthenticate2 during a domain join without setting the strong keys flag (128bit crypto). Only for NT4 we need to do a downgrade to the returned negotiate flags. See also 0970369ca0cb9ae465cff40e5c75739824daf1d0.
* idl: Improve MS-PAC IDLSimo Sorce2011-10-242-7/+7
| | | | | | | | | | Change some misleading variable names to reflect the actual function. Add missing field name/types previously marked as unkown. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
* build: build wbinfo only once in the waf buildAndrew Bartlett2011-10-081-4/+0
| | | | | Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Oct 8 04:52:03 CEST 2011 on sn-devel-104
* s4 winbind: Don't drop workgroup name for getpw*Kai Blin2011-09-242-2/+16
| | | | | Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Sat Sep 24 22:49:50 CEST 2011 on sn-devel-104
* s4-winbindd: implement WINBINDD_SIDS_TO_XIDSAndrew Tridgell2011-09-082-1/+97
| | | | | | this fixes wbinfo --sids-to-unix-ids Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-winbindd: fixed handling of extra_data in s3 requestsAndrew Tridgell2011-09-081-1/+37
| | | | | | | | | extra_data in s3 winbind requests is appended to the end of the request, but does not change the length header of the packet. Instead you need to get it from the extra_len element of the request structure. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
generated by cgit (git 2.34.1) at 2024-06-20 10:03:56 +0000