summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r24879: Activate the winbindd cache-validation message handler.Michael Adam1-4/+38
Now the winbindd cache can be checked at runtime by calling "smbcontrol winbindd validate-cache". For the execution of the validation code, I fork a child and in the child restore the default SIGCHLD handler in order for the fork/waitpid mechanism of tdb_validate to work. Michael (This used to be commit f379a5c47d5004a5a66b6c12ec119c739b9e146d)
2007-10-10r24843: Add a "validate-cache" control message to winbindd.Michael Adam1-0/+26
So there is a new subcommand "smbcontrol winbindd validate-cache" now. This change provides the infrastructure: The function currently returns "true" unconditionally. The call of a real cache validation function will be incorporated in subsequent changes. Michael (This used to be commit ef92d505c04397614cb0dd5ede967e9017a5e302)
2007-10-10r24809: Consolidate the use of temporary talloc contexts.Volker Lendecke1-5/+3
This adds the two functions talloc_stackframe() and talloc_tos(). * When a new talloc stackframe is allocated with talloc_stackframe(), then * the TALLOC_CTX returned with talloc_tos() is reset to that new * frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse * happens: The previous talloc_tos() is restored. * * This API is designed to be robust in the sense that if someone forgets to * TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and * resets the talloc_tos(). The original motivation for this patch was to get rid of the sid_string_static & friends buffers. Explicitly passing talloc context everywhere clutters code too much for my taste, so an implicit talloc_tos() is introduced here. Many of these static buffers are replaced by a single static pointer. The intended use would thus be that low-level functions can rather freely push stuff to talloc_tos, the upper layers clean up by freeing the stackframe. The more of these stackframes are used and correctly freed the more exact the memory cleanup happens. This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and lp_talloc_ctx (did I forget any?) So, never do a tmp_ctx = talloc_init("foo"); anymore, instead, use tmp_ctx = talloc_stackframe() :-) Volker (This used to be commit 6585ea2cb7f417e14540495b9c7380fe9c8c717b)
2007-10-10r24778: Make sure krb5 locator requests go to a separate locator winbind child.Günther Deschner1-0/+1
Guenther (This used to be commit fb9228b8d167552f0a046ab674f66d4e5b73f5b6)
2007-10-10r24747: Add WINBINDD_DSGETDCNAME call.Günther Deschner1-0/+1
Guenther (This used to be commit 429496a4ccb5c4f4eda11f1b522629889b972c71)
2007-10-10r24625: add '-D' option to winbinddStefan Metzmacher1-0/+1
TODO: don't allow '-i -D' and '-D -i' on all server binaries in the SAMBA_3_2 branch! The &server_mode patch makes this difficult to check... metze (This used to be commit 102bb0fc17d6dec102d628f1051675a1ae5a9c27)
2007-10-10r24621: - deferr calling build_options();exit(0);Stefan Metzmacher1-3/+4
- use poptPrintUsage() to give the user more info metze (This used to be commit a95d9d1ef99d6a2f77a289f8d2011cae482821b1)
2007-10-10r24599: patch from Karolin Seeger <ks@sernet.de>:Stefan Metzmacher1-4/+10
smbd, nmbd and winbindd can be started with invalid options currently. The first patch attached would be a possible solution. It contains an exit if an invalid option has been used. The main problem is, that existing setups with wrong options or missing arguments in start scripts will break (which is the right behaviour from my point of view). metze (This used to be commit 8532e3182ab44d4ac84823e9798293f156192aaf)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23564: Handle MSG_DUMP_EVENT_LIST only in winbindd for now.Günther Deschner1-0/+3
Guenther (This used to be commit 2592e68a43a73474e1bb53f83642c864fd159b45)
2007-10-10r23510: Tidy calls to smb_panic by removing trailing newlines. Print theJames Peach1-2/+2
failed expression in SMB_ASSERT. (This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713)
2007-10-10r23348: Fix connection reporting on SIGUSR2 (noticed byJeremy Allison1-0/+3
Herb). Jeremy. (This used to be commit dcb617e550c98de8a4bdcb9b1f7f78ba008fc138)
2007-10-10r23075: more duplicate code blocks from bad mergeGerald Carter1-4/+0
(This used to be commit 86b6a41d5784a0214810c9cbc52ca5e99952898d)
2007-10-10r23055: Rewrite messages.c to use auto-generated marshalling in the tdb. I'mVolker Lendecke1-1/+1
doing this because for the clustering the marshalling is needed in more than one place, so I wanted a decent routine to marshall a message_rec struct which was not there before. Tridge, this seems about the same speed as it used to be before, the librpc/ndr overhead in my tests was under the noise. Volker (This used to be commit eaefd00563173dfabb7716c5695ac0a2f7139bb6)
2007-10-10r23046: Few missing merges from cleaning out the Centeris winbindd tree.Gerald Carter1-0/+4
Nothing of major interest. Will fix a few problems with one way trusts. (This used to be commit 3d48a7e72d9268fd495e0ca4b6e73bed5bb57214)
2007-10-10r23040: Activate the winbindd cache validation code in theMichael Adam1-2/+0
winbindd main function. I have tested and somewhat extended the code, and it seems to do a good job. I have possibly not caught all error conditions though. Michael (This used to be commit 8c517f9aacef300e4280896e36ff71dc9aa35dc3)
2007-10-10r22943: More message_register -> messaging_registerVolker Lendecke1-11/+23
(This used to be commit caece8975b0c2bad56d6a6a576bf8ce54626183f)
2007-10-10r22908: All callers of message_init now also call messaging_init. Unify those.Volker Lendecke1-1/+1
(This used to be commit 330946ad2307ca34f0a8d068a0193fcb8a0d6036)
2007-10-10r22895: Convert some more calls from message_send_buf to messaging_send_bufVolker Lendecke1-0/+11
(This used to be commit c8b98273406242a89a7e5d1fb5d79120ebe5822a)
2007-10-10r22736: Start to merge the low-hanging fruit from the now 7000-line cluster ↵Volker Lendecke1-2/+2
patch. This changes "struct process_id" to "struct server_id", keeping both is just too much hassle. No functional change (I hope ;-)) Volker (This used to be commit 0ad4b1226c9d91b72136310d3bbb640d2c5d67b8)
2007-10-10r22704: Implement three step method for enumerating domain trusts.Gerald Carter1-0/+4
(a) Query our primary domain for trusts (b) Query all tree roots in our forest (c) Query all forest roots in trusted forests. This will give us a complete trust topology including domains via transitive Krb5 trusts. We also store the trust type, flags, and attributes so we can determine one-way trusted domains (outgoing only trust path). Patch for one-way trusts coming in a later check-in. "wbinfo -m" now lists all domains in the domain_list() as held by the main winbindd process. (This used to be commit 9cf6068f1e0a1063d331af17aa493140497b96ef)
2007-10-10r22507: Wrap the method of obtaining sockets to listen on.James Peach1-47/+1
(This used to be commit e027322b769b896184484155fef7c2ba247412a4)
2007-10-10r22418: Support running under launchd. We abstract the method of obtainingJames Peach1-17/+97
sockets to listen on a little, because in the launchd case these are provided for us. We also add an idle timeout so that a daemon can exit after a period of inactivity. (This used to be commit fc8589a3371d396197fae508e563f814899c2beb)
2007-10-10r22417: Refactor the various daemon run-mode options to make the semanticsJames Peach1-20/+23
of the various flags explicit. (This used to be commit 19c929c6330a50f278ac322ac5fcb83d03734ea2)
2007-10-10r22390: Patchset sent to samba-technical to address the winbindGerald Carter1-3/+2
loop when allocating a new id for a SID: auth_util.patch Revert create_local_token() to the 3.0.24 codebase idmap_type.patch Have the caller fillin the id_map.xid.type field when resolving a SID so that if we allocate a new id, we know what type to use winbindd_api.patch Remove the WINBINDD_SIDS_TO_XIDS calls from the public winbindd interface for the 3.0.25 release idmap_rid.patch Cleanup the idmap_rid backend to not call back into winbindd to resolve the SID in order to verify it's type. (This used to be commit 3b24dae9e73b244540a68b631b428a4d0f57440b)
2007-10-10r22209: Fix the storage of time_t -> make it 64 bits (use theJeremy Allison1-0/+5
same load/store function as NTTIME). Add a version number string to the winbindd cache so we can tell if it needs upgrading. THIS WILL DELETE ANY EXISTING winbindd_cache.tdb on first startup regardless of offline auth status. Once this is done we're in good shape though. Jeremy. (This used to be commit c52c7f91af80d5fbb2574b5acf10e6afef3b0c7e)
2007-10-10r22204: Workaround to quickly close bug #4508Simo Sorce1-0/+3
This hack makes thing work, but we will need to try again to make the getpw* calls fully async, that's the real fix. (This used to be commit 2552859b3d9e28d5f25b339f5d24a8d2dc36b46b)
2007-10-10r21704: open sockets immediately in process_loopHerb Lewis1-8/+9
(This used to be commit 51b96ba79c9e7ca7a4cdf777fe160152ab35236e)
2007-10-10r21616: Delay initialization of idmap and nss_info backends until necessaryGerald Carter1-6/+4
so they can honor the offline logon state. (This used to be commit 15b13dfe81e861b94077c94b80117a85a5ffb999)
2007-10-10r21474: Ensure trustdom_cache_shutdown() gets calledJeremy Allison1-4/+4
on terminate. Pointed out by Herb. Jeremy. (This used to be commit 08998b74a51acd55eb6cbe095e682e2a79334736)
2007-10-10r21228: Fix for fd leak on error path. Thanks toJeremy Allison1-1/+3
dleonard@vintela.com for this fix ! Jeremy. (This used to be commit 70b5db7d8c6aa324ad98436fe3fafe715c04c5a8)
2007-10-10r21064: The core of this patch isVolker Lendecke1-8/+11
void message_register(int msg_type, void (*fn)(int msg_type, struct process_id pid, - void *buf, size_t len)) + void *buf, size_t len, + void *private_data), + void *private_data) { struct dispatch_fns *dfn; So this adds a (so far unused) private pointer that is passed from message_register to the message handler. A prerequisite to implement a tiny samba4-API compatible wrapper around our messaging system. That itself is necessary for the Samba4 notify system. Yes, I know, I could import the whole Samba4 messaging system, but I want to do it step by step and I think getting notify in is more important in this step. Volker (This used to be commit c8ae60ed65dcce9660ee39c75488f2838cf9a28b)
2007-10-10r20992: another attempt at fixing the build breakageGerald Carter1-0/+2
(This used to be commit 7011a1b5abc7d56da5beba904e3328014f315f0d)
2007-10-10r20986: Commit the prototype of the nss_info plugin interface.Gerald Carter1-0/+2
This allows a provider to supply the homedirectory, etc... attributes for a user without requiring support in core winbindd code. The idmap_ad.c module has been modified to provide the idmap 'ad' library as well as the rfc2307 and sfu "winbind nss info" support. The SID/id mapping is working in idmap_ad but the nss_info still has a few quirks that I'm in the process of resolving. (This used to be commit aaec0115e2c96935499052d9a637a20c6445986e)
2007-10-10r20911: Fix copyright message in winbindd to use the macro from smb.hGerald Carter1-2/+3
(This used to be commit e635bad00ecf083c34da339e3616c945a140e478)
2007-10-10r20848: Minor typo.Günther Deschner1-1/+1
Guenther (This used to be commit fb730e1e7bb83d7dcf8a78302268e384fb9676ee)
2007-10-10r20846: Before this gets out of control...Volker Lendecke1-2/+12
This add a struct event_context and infrastructure for fd events to smbd. This is step zero to import lib/events. Jeremy, I rely on you to watch the change in receive_message_or_smb() closely. For the normal code path this should be the only relevant change. The rest is either not yet used or is cosmetic. Volker (This used to be commit cd07f93a8aecb24c056e33b1ad3447a41959810f)
2007-10-10r20270: Even with the dual daemon mode the parent winbinddJeremy Allison1-2/+9
still needs to contact the DC's for non async requests like enumerate users/groups etc. Now that online DC detection is tied to async events we must enable the processing of events in the main loop of winbindd. Finally got rid of the last hard coded domain->initialized = 1 code in init_child_recv() - now all domain->initialized = True gets done only in the connection manager code when either we're online and have spoken to the DC or are offline and we know we can't talk to the DC. Jeremy. (This used to be commit b3c98057fbad182f6c05c5daec6cd258dd491064)
2007-10-10r20116: Start merging in the work done to create the new idmap subsystem.Simo Sorce1-10/+7
Simo. (This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)
2007-10-10r19958: Add check for WINBIND_OFFLINE key.Jeremy Allison1-3/+3
Jeremy. (This used to be commit 270e84db6de66b4f20dc0a564f706dae4c00b0b2)
2007-10-10r19957: Initial framework to make winbindd robustJeremy Allison1-1/+15
against tdb corruption. Needs fleshing out (and I forgot one record type) and needs helpful suggestion from Volker to validate freelist, but should give an idea of how this will look. Jeremy. (This used to be commit 8eb53f74e414483afde7b1e38ea2a3f56ae3ec66)
2007-10-10r19626: Coalesce usage of DUMP_CORE. Fix formatting on chdir error messageJames Peach1-2/+0
in core dump path. (This used to be commit 9a51fba71c5fa7082c331e1a78a98638d9aa06cf)
2007-10-10r19065: No functional change, just a trivial simplificationVolker Lendecke1-19/+19
(This used to be commit 45628f71cfc770b1ba67abf38aac53ac40773cd0)
2007-10-10r18703: Fix the annoying effect that happens when nscd is running:Günther Deschner1-1/+2
We usually do not get the results from user/group script modifications immediately. A lot of users do add nscd restart/refresh commands into their scripts to workaround that while we could flush the nscd caches directly using libnscd. Guenther (This used to be commit 7db6ce295afbedfada7b207ad56566d2195a0d21)
2007-10-10r17997: Ensure lockdir exists for winbindd. Store tmpJeremy Allison1-0/+4
krb5.conf files under lockdir, not privatedir. Jeremy. (This used to be commit c59eff3e53f5bfae3a9fb136e8566628339863ad)
2007-10-10r17610: Added the ability for firefox to drive the winbinddJeremy Allison1-0/+3
ntlm_auth module to allow it to use winbindd cached credentials.The credentials are currently only stored in a krb5 MIT environment - we need to add an option to winbindd to allow passwords to be stored even in an NTLM-only environment. Patch from Robert O'Callahan, modified with some fixes by me. Jeremy. (This used to be commit ae7cc298a113d8984557684bd6ad216cbb27cff3)
2007-10-10r17005: Add a new helper mode to ntlm_auth: ntlm-change-password-1Andrew Bartlett1-0/+1
This mode proxies pre-calculated blobs from a remote (probably VPN) client into the domain. This allows clients to change their password over a PPTP connection (where they would not be able to connect to SAMR directly). The precalculated blobs do not reveal the plaintext password. Original patch by Alexey Kobozev <cobedump@gmail.com> (This used to be commit 967292b7136c5100c0b9a2783c34b1948b16dad4)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-0/+1
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16154: Fix winbind function table typo.Günther Deschner1-1/+1
Guenther (This used to be commit aeff1f0c47992ce3941e27e63f9b1516c4918963)