summaryrefslogtreecommitdiff
path: root/source3/nsswitch/wb_client.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r18271: Big change:Gerald Carter1-7/+7
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r17345: Some C++ warningsVolker Lendecke1-1/+1
(This used to be commit 21c8fa2fc8bfd35d203b089ff61efc7c292b4dc0)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-0/+110
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit ↵Gerald Carter1-1/+1
winbindd server (This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
2007-10-10r13915: Fixed a very interesting class of realloc() bugs found by Coverity.Jeremy Allison1-5/+3
realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-8/+8
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r12170: Fix a segfault -- this is post-3.0.21 codeVolker Lendecke1-1/+2
(This used to be commit 8b30cf8e09944cd97e4ab959f730bf81591c2541)
2007-10-10r12163: Change lookup_sid and lookup_name to return const char * instead of ↵Volker Lendecke1-1/+1
char *, use a temporary talloc_ctx for clarity. Volker (This used to be commit b15815c804bf3e558ed6357b5e9a6e3e0fac777f)
2007-10-10r12051: Merge across the lookup_name and lookup_sid work. Lets see how the ↵Volker Lendecke1-14/+27
build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2007-10-10r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison1-12/+12
safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter1-0/+26
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r7243: Don't look at gencache.tdb for the trusted domains if winbind is around.Volker Lendecke1-0/+31
Volker (This used to be commit 94acb93f57b963bf137c6ddd644a147f4d0b5175)
2007-10-10r7130: remove 'winbind enable local accounts' code from the 3.0 treeGerald Carter1-299/+0
(This used to be commit 318c3db4cb1c85be40b2f812f781bcf5f1da5c19)
2007-10-10r6263: Get rid of generate_wellknown_sids, they are const static and ↵Volker Lendecke1-2/+0
initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-1/+1
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r565: Uninitialized data fixes from kawasa_r@itg.hitachi.co.jp.Jeremy Allison1-0/+1
Jeremy. (This used to be commit c23a73324b335e42877551283b274f6d12f2c1a7)
2007-10-10r197: mistaken merge from trunkGerald Carter1-0/+4
(This used to be commit 6b18012dc8fe92a296c46a12214622d56e1f3fd8)
2007-10-10r195: adding files to ignore listGerald Carter1-4/+0
(This used to be commit 1501d58b8e23d0c9ae51514773d0429886fa9d58)
2007-10-10r116: volker's patch for local group and group nestingGerald Carter1-0/+24
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
2004-03-14When trying to remove a user from a group, winbind should be informedVolker Lendecke1-0/+3
about the user and group... Volker (This used to be commit 9fa2c4045252f07cc0518457d8ef8b81d8402327)
2003-08-09fix for BUG #267 (problem with supplementary groups).Gerald Carter1-0/+74
Use winbindd to get the group list if possible since we already know it from netsamlogon_cache.tdb. More effecient than letting libc call getgrent() to get seconary groups. Tested by Ken Cross. (This used to be commit 3c537c906f29a08e75895c8c8e3ed5c5abaaa940)
2003-07-16fixes for 'net rpc vampire'. I can now take a blank Samba hostGerald Carter1-14/+21
and migrate an NT4 domain and still logon from domain members (tested logon scripts, system policies, profiles, & home directories) (passdb backend = tdbsam) removed call to idmap_init_wellknown_sids() from winbindd.c since the local domain should be handled by the guest passdb backend (and you don't really always want the Administrator account to be root) ...and we didn't pay attention to this anyways now. (This used to be commit 837d7c54d3ca780160aa0d6a2f0a109bb691948e)
2003-07-11fix sid_to_[uid|gid] (spotted by Volker).Gerald Carter1-70/+76
Still testing this, but I'm checking it in so Volker can test it as well. Should be right. (This used to be commit 8edf193722f699cc33baed410917a78a5e28d0a4)
2003-07-11moving more code around.Gerald Carter1-2/+72
* move rid allocation into IDMAP. See comments in _api_samr_create_user() * add winbind delete user/group functions I'm checking this in to sync up with everyone. But I'm going to split the add a separate winbindd_allocate_rid() function for systems that have an 'add user script' but need idmap to give them a RID. Life would be so much simplier without 'enable rid algorithm'. The current RID allocation is horrible due to this one fact. Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow. Nothing has changed in the way a samba domain is represented, stored, or search in the directory so things should be ok with previous installations. going to bed now. (This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
2003-07-09Large set of changes to add UNIX account/group managementGerald Carter1-0/+144
to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
2003-07-07and so it begins....Gerald Carter1-0/+70
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-07-01* fix the trustdom_cache to work when winbindd is not running.Gerald Carter1-0/+14
smbd will update the trustdom_cache periodically after locking the timestamp key (This used to be commit 7bc4b65b91f98271089335cc301146d5f0c76c3a)
2003-06-21merge of the netsamlogon caching code from APPLIANCE_HEADGerald Carter1-24/+2
This replaces the universal group caching code (was originally based on that code). Only applies to the the RPC code. One comment: domain local groups don't show up in 'getent group' that's easy to fix. Code has been tested against 2k domain but doesn't change anything with respect to NT4 domains. netsamlogon caching works pretty much like the universal group caching code did but has had much more testing and puts winbind mostly back in sync between branches. (This used to be commit aac01dc7bc95c20ee21c93f3581e2375d9a894e1)
2003-04-02Merge of winbind nss library cleanup from HEAD.Tim Potter1-1/+1
(This used to be commit a4b5f2c01bae049edc4f385cb0441bbde4fb443b)
2003-02-18Check return code of string_to_sid. (Merge from HEAD)Martin Pool1-3/+6
(This used to be commit 606bb47f241d2916d039b38f48b50474a3e0dadc)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-3/+3
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-0/+5
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-27Some more 'winbind default domain' support patches from Alexander BokovoyAndrew Bartlett1-81/+1
<a.bokovoy@sam-solutions.net>. This patch is designed to remove the 'special cases' required for this support. In particular this now kills off winbind_initgroups, as it appears no longer to be required. Andrew Bartlett (This used to be commit f1d8d509766e9169d39332559162cfec249bfc70)
2002-01-26Change the winbind interface to use seperate 'domain' and 'username' feilds forAndrew Bartlett1-131/+7
the sid->uid and uid->sid conversions. Remove some duplicate arguments from these funcitons, and update the request/response structures for this and the 'winbind domain name' feature. As such 'winbindd_lookup_name' now takes both a domain and username. (This used to be commit ce1b4d4c309e4a60bec5a53224585bd504264672)
2002-01-18This is the 'winbind default domain' patch from Alexander BokovoyAndrew Bartlett1-19/+51
<a.bokovoy@sam-solutions.net>. The idea is the domain\username is rather harsh for unix systems - people don't expect to have to FTP, SSH and (in particular) e-mail with a username like that. This 'corrects' that - but is not without its own problems. As you can see from the changes to files like username.c and wb_client.c (smbd's winbind client code) a lot of assumptions are made in a lot of places about lp_winbind_seperator determining a users's status as a domain or local user. The main change I will shortly be making is to investigate and kill off winbind_initgroups() - as far as I know it was a workaround for an old bug in winbind itself (and a bug in RH 5.2) and should no longer be relevent. I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters to determine a user/groups's 'local' status, rather than the presence of the seperator. As such, this functionality is recommended for servers providing unix services, but is currently less than optimal for windows clients. (TODO: remove all references to lp_winbind_seperator() and lp_winbind_use_default_domain() from smbd) Andrew Bartlett (This used to be commit 07a21fcd2311d2d9b430b99303e3532a8c1159e4)
2001-12-13make sure we find NSS_STATUS structAndrew Tridgell1-0/+1
(This used to be commit 7db718d44a62aee9610a9dfd9e671345a0ea7737)
2001-12-05Fixed parse_domain_user to be bool.Jeremy Allison1-11/+9
Jeremy. (This used to be commit 9563de2ef8c1197f4941671d2fdade7d933c32d0)
2001-12-03added name_to_sid to the backendAndrew Tridgell1-1/+1
(This used to be commit 816e40a51af80a7f703c0451304de406deab3dd8)
2001-11-13Fix winbind client code so that winbind calls are not made if theJeremy Allison1-15/+22
requested name does not have a winbind separator character. This makes the intent explicit. Tim, contact me if this is not what you indended. Jeremy. (This used to be commit 86b7cf7f85840316052ff29115bf55c04dc17486)
2001-10-29This commit is number 4 of 4.Andrew Bartlett1-4/+4
In particular this commit focuses on: Actually adding the 'const' to the passdb interface, and the flow-on changes. Also kill off the 'disp_info' stuff, as its no longer used. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes introduces a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username --- This finishes this line of commits off, your tree should now compile again :-) Andrew Bartlett (This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
2001-09-17move to SAFE_FREE()Simo Sorce1-2/+2
(This used to be commit 03dc67788f68c9e01b5a82fdf43f837cb19f4608)
2001-08-24get rid of compiler warningsHerb Lewis1-2/+3
(This used to be commit 0768991d04ea03e774ca8662c9cae5e1951b88e0)
2001-08-18More Realloc fixes.Jeremy Allison1-1/+1
Jeremy. (This used to be commit b4fa49fe13cb93d578b1714d5863a9f50395bf65)
2001-08-13Fixed up 'orrible formatting.Tim Potter1-21/+21
(This used to be commit 73addddb2e038946e38a6a15f46f61148a49ac08)
2001-08-12this is a big global fix for the ptr = Realloc(ptr, size) bug.Simo Sorce1-3/+4
many possible mem leaks, and segfaults fixed. someone should port this fix to 2.2 also. (This used to be commit fa8e55b8b465114ce209344965c1ca0333b84db9)
2001-07-18the nss and pam modules in winbind don't have strchr_m() yet, so useAndrew Tridgell1-3/+3
strchr() for the moment (This used to be commit c2c1f2027e6e623bba59610e3aa41618773e6361)
2001-07-04strchr and strrchr are macros when compiling with optimisation in gcc, so we ↵Andrew Tridgell1-3/+3
can't redefine them. damn. (This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf)
2001-06-07Fixed bug in winbind_sid_to_gid() function.Tim Potter1-1/+1
(This used to be commit 9a77f8530f58852f07d523facc61ea1daf6184d7)
2001-06-06Indent dodgy function prototype to avoid make proto picking it up andTim Potter1-1/+1
causing mayhem throughout the tree. (This used to be commit 369c911b446c311d4a5c8b4fddfe7fbffffefeba)