summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_async.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r23244: Fix loop with nscd and NSS recusive calls.Gerald Carter1-2/+4
> Here's the problem I hit: > > getgrnam("foo") -> nscd -> NSS -> winbindd -> > winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() -> > getgrnam("foo") -> nscd -> .... > > This is in the SAMBA_3_0 specifically but in theory could happen > SAMBA_3_0_25 (or 26) for an unknown group. > > The attached patch passes down enough state for the > name_to_sid() call to be able to determine the originating > winbindd cmd that came into the parent. So we can avoid > making more NSS calls if the original call came in trough NSS > so we don't deadlock ? But you should still service > lookupname() calls which are needed for example when > doing the token access checks for a "valid groups" from > smb.conf. > > I've got this in testing now. The problem has shown up with the > DsProvider on OS X and with nscd on SOlaris and Linux. (This used to be commit bcc8a3290aaa0d2620e9d391ffbbf65541f6d742)
2007-10-10r22710: Support one-way trusts.Gerald Carter1-0/+6
* Rely on the fact that name2sid will work for any name in a trusted domain will work against our primary domain (even in the absense of an incoming trust path) * Only logons will reliably work and the idmap backend is responsible for being able to manage id's without contacting the trusted domain * "getent passwd" and "getent group" for trusted users and groups will work but we cannot get the group membership of a user in any fashion without the user first logging on (via NTLM or krb5) and the netsamlogon_cache being updated. (This used to be commit dee2bce2af6aab8308dcef4109cc5248cfba5ef5)
2007-10-10r22707: missed merge from local tree: pass the correct state to the domain ↵Gerald Carter1-1/+1
when calling the async lookupsid() routine (This used to be commit 3d814862af7382a9ea56b2c8d3cc9a31dca4bdb6)
2007-10-10r22702: Convert both lookup name and lookup sid to follow theGerald Carter1-23/+104
same heuristic. First try our DC and then try a DC in the root of our forest. Use a temporary state since winbindd_lookupXXX_async() is called from various winbindd API entry points. Note this will break the compile. That will be fixed in the next commit. (This used to be commit b442644bac2a7d5853440254257ca34a8e7c25de)
2007-10-10r22677: One line fix to make net idmap restore work againSimo Sorce1-0/+1
Jerry, please add this for 3.0.25 final (This used to be commit e04ca2d7f8ea2d4c70c2a35201a98c5ecd672d59)
2007-10-10r22675: Simo's patch for 0 size allocation. Still needJeremy Allison1-0/+5
to examine parse_misc.c fix. Jeremy. (This used to be commit 80d981265cd3bc9d73c5da3c514ec736e2dfa73a)
2007-10-10r22542: Move over to using the _strict varients of the tallocJeremy Allison1-2/+2
calls. No functional changes. Looks bigger than it is :-). Jeremy. (This used to be commit f6fa3080fee1b20df9f1968500840a88cf0ee592)
2007-10-10r21616: Delay initialization of idmap and nss_info backends until necessaryGerald Carter1-1/+1
so they can honor the offline logon state. (This used to be commit 15b13dfe81e861b94077c94b80117a85a5ffb999)
2007-10-10r21450: No need to TALLOC_FREE twice here.Günther Deschner1-2/+0
Guenther (This used to be commit ad063d9a944e923777e538c2cb050d47f9f8bea0)
2007-10-10r21308: Fix some typos and ensure to null terminate the correct strings.Günther Deschner1-4/+4
Guenther (This used to be commit 16c90f30b93f32c4f8fed00a6cc154c596e4244d)
2007-10-10r20986: Commit the prototype of the nss_info plugin interface.Gerald Carter1-3/+7
This allows a provider to supply the homedirectory, etc... attributes for a user without requiring support in core winbindd code. The idmap_ad.c module has been modified to provide the idmap 'ad' library as well as the rfc2307 and sfu "winbind nss info" support. The SID/id mapping is working in idmap_ad but the nss_info still has a few quirks that I'm in the process of resolving. (This used to be commit aaec0115e2c96935499052d9a637a20c6445986e)
2007-10-10r20774: I thought I committed this before Xmas holidays ...Simo Sorce1-1/+1
This change is needed to make it possible to not expire caches in disconnected mode. Jerry, please can you look at this and confirm it is ok? Simo. (This used to be commit 9e8715e4e15d9cede8f4aa9652642995392617e6)
2007-10-10r20488: When joined to a child domain in a multi-domain/single domain tree,Gerald Carter1-6/+71
the child domain cannot always resolve SIDs in sibling domains. Windows tries to contact a DC in its own domain and then the root domain in the forest. This async changes makes winbindd's name2sid() call do the same. (This used to be commit 7b2bf0e5a6b8d4119657c7a34aa53c9a0c1d5723)
2007-10-10r20355: Fix some C++ warningsVolker Lendecke1-2/+2
(This used to be commit f103c301b18f2eeb5203634cb6b50fa79f57a93b)
2007-10-10r20279: Fix winbind segfault in winbindd_getsidaliases.Günther Deschner1-4/+15
Jeremy: sidstr formerly could be NULL (when num_aliases was 0), since we strdup here it needs to exist. Guenther (This used to be commit 29396a1bd8ebd6d951f35941b13c9c61593ae6d3)
2007-10-10r20207: Fix a couple more places where extra_data wasJeremy Allison1-2/+2
being talloc'ed off the NULL context instead of being malloced. Jeremy. (This used to be commit 47bdeb4efeaa5a441ad2d39bb3b94d72263e66e4)
2007-10-10r20206: Start cleaning up the talloc_ctx mess.Jeremy Allison1-0/+3
child->mem_ctx isn't actually used for anything, so remove it. Jeremy. (This used to be commit a7f294b59238826c11e579a7b1a4dca7284bb89d)
2007-10-10r20150: better memory handling for some functions, make sure we don'tSimo Sorce1-2/+2
leak memory by using the wrong(long lived) mem context (This used to be commit a28cdd6e742cb72a728bd337546ee95fd4160ed8)
2007-10-10r20117: 1st Error in the mergeSimo Sorce1-1/+1
(This used to be commit 5e46c43a2e4b9a3ee8f1f219c96a6b132bb09322)
2007-10-10r20116: Start merging in the work done to create the new idmap subsystem.Simo Sorce1-414/+274
Simo. (This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)
2007-10-10r20090: Fix a class of bugs found by James Peach. EnsureJeremy Allison1-7/+20
we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2007-10-10r19302: Use TALLOC_ZERO_P not TALLOC_P to ensure unusedJeremy Allison1-5/+5
fields are initialized to zero. Jeremy. (This used to be commit 8a0ff70e8e562db17b8d90dbde7aeb0314d270da)
2007-10-10r18271: Big change:Gerald Carter1-15/+15
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r18047: More C++ stuffVolker Lendecke1-4/+7
(This used to be commit 86f4ca84f2df2aa8977eb24828e3aa840dda7201)
2007-10-10r17605: Some C++ warningsVolker Lendecke1-2/+4
(This used to be commit 05268d7a731861b10ce8556fd32a004808383923)
2007-10-10r17462: Fix a cut&paste bug that caused us to return a null SID on some ↵Simo Sorce1-0/+6
error conditions (This used to be commit 954593bd41ff2475df5d37eae18be08ffa3002eb)
2007-10-10r17459: As by Jerry's word commit this without his review.Simo Sorce1-0/+110
This patch add some missing async functions to solve UID/GID -> SID requests not just out of the cache, but down the remote idmap if necessary. This patch solves the problem of servers not showing users/groups names for allocated UID/GIDs when joined to a group of servers that share a prepopulated idmap backend. Also correctly resolve UID/GIDs to SIDs when looking ACLs from the windows security tab on teh same situation. Simo. (This used to be commit b8578bfab6a04fcd65a2e65f507067459e326077)
2007-10-10r17021: remove unsupported smbwrapper codeGerald Carter1-1/+1
(This used to be commit 07c67fbfc0790169ee748c0e62da14c89d3add23)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-59/+114
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit ↵Gerald Carter1-9/+9
winbindd server (This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
2007-10-10r14698: Make sure we expand our own local groups and notGerald Carter1-1/+13
just the BUILTIN group when calling winbindd_getgroups. $ id foo uid=502(foo) gid=100(users) groups=100(users),10007(RHEL4\staff), 10001(BUILTIN\users) (This used to be commit 603b4b501a759510d2ec66cbe5ab1e9f5dc5dbc1)
2007-10-10r14421: This does two thingsGerald Carter1-4/+23
* Automatically creates the BUILTIN\Users group similar to how BUILTIN\Administrators is done. This code does need to be cleaned up considerably. I'll continue to work on this. * The important fix is for getusergroups() when dealing with a local user and nested groups. Now I can run the following successfully: $ su - jerry -c groups users BUILTIN\users (This used to be commit f54d911e686ffd68ddc6dbc073987b9d8eb2fa5b)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison1-20/+20
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-32/+65
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r7994: This adds support in Winbindd's "security = ads"-mode to retrieve the ↵Günther Deschner1-2/+7
POSIX homedirectory and the loginshell from Active Directory's "Services for Unix". Enable it with: winbind sfu support = yes User-Accounts without SFU-Unix-Attributes will be assigned template-based Shells and Homedirs as before. Note that it doesn't matter which version of Services for Unix you use (2.0, 2.2, 3.0 or 3.5). Samba should detect the correct attributes (msSFULoginShell, msSFU30LoginShell, etc.) automatically. If you also want to share the same uid/gid-space as SFU then also use PADL's ad-idmap-Plugin: idmap backend = ad When using the idmap-plugin only those accounts will appear in Name Service Switch that have those UNIX-attributes which avoids potential uid/gid-space clashes between SFU-ids and automatically assigned idmap-ids. Guenther (This used to be commit 28b59699425b1c954d191fc0e3bd357e4a4e4cd8)
2007-10-10r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison1-184/+183
safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter1-0/+1403
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)