summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_cache.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r22855: fix the buildMichael Adam1-7/+5
(#if inside DEBUG macro not allowed...) Michael (This used to be commit f0570dc3d9e07475764e466901d4abfe939590f8)
2007-10-10r22848: Fix brace alignment.Michael Adam1-1/+1
(This used to be commit d909a6064159bc746bd558238e81d57cc274a162)
2007-10-10r22847: The new validate_panic function calls exit (instead of settingMichael Adam1-19/+0
a global error flag an returning), so cleanups and returns subsequent to calls of smb_panic_fn have become unnecessary. (This used to be commit 9d2db8c70f10a9285abd4a61fa66ee8aff2e7e6b)
2007-10-10r22845: Modified and extended the winbindd cache validation code:Michael Adam1-137/+283
* Replaced signal catching/longjmp magic by a fork: Let the child do the actual validation of the entries. Exit code and signals are intercepted by waitpid. * Fix logic so that also encounter of an unknown key in the tdb leads to an error. * Extended status of validation is kept in a (as yet simple) stuct and communicated over a pipe from child to parent. * Added two validation_ functions for two new keys. The call of winbindd_validate_cache is still commented out in the winbindd main loop. But I am currently testing it and so far it seems to work fine. The next step in my plan is to generalize the validation mechanism to a tdb_open_log_validate function in lib/util_tdb.c. There ist nothing very special about the cache tdb here, and this might be useful elsewhere... Michael (This used to be commit 417325b9e6f9ac0afe1f2f3b552527788f6a7cee)
2007-10-10r22747: Fix some C++ warningsVolker Lendecke1-2/+2
(This used to be commit a66a04e9f11f6c4462f2b56b447bae4eca7b177c)
2007-10-10r22726: When performing an offline logon for a user in a trusted domain,Gerald Carter1-0/+8
take care not to expire the name2sid cache entry just because that child does not know that the primary domain is offline. (This used to be commit 0399f52a1cdbb1acf8d41afddf498529ff4923cf)
2007-10-10r22725: * Don't try to update the sequence_number when offlineGerald Carter1-3/+11
* Log the NTSTATUS when saving name/sid cache entry * Allow the backend loolkup_usergroups() call in winbindd_{rpc,ads}.c to inform the wcache manager that the group list should not be cached (needed for one-way trusts). (This used to be commit 693ab48408dbb775b57dcc5140e27ad9221852a1)
2007-10-10r22710: Support one-way trusts.Gerald Carter1-3/+11
* Rely on the fact that name2sid will work for any name in a trusted domain will work against our primary domain (even in the absense of an incoming trust path) * Only logons will reliably work and the idmap backend is responsible for being able to manage id's without contacting the trusted domain * "getent passwd" and "getent group" for trusted users and groups will work but we cannot get the group membership of a user in any fashion without the user first logging on (via NTLM or krb5) and the netsamlogon_cache being updated. (This used to be commit dee2bce2af6aab8308dcef4109cc5248cfba5ef5)
2007-10-10r22708: disable saving the trusted domain list as we want to the parent ↵Gerald Carter1-0/+6
daemon to manage the complete trusted domain cache (This used to be commit 3a9152a2acfc7b615a5c6b8764ea9462443f00d1)
2007-10-10r22700: Add a simple wcache TRUSTDOM api for maintaing a completeGerald Carter1-1/+463
list of trusted domains without requiring each winbindd process to aquire this on its own. This is needed for various idmap plugins and for dealing with different trust topoligies. list_trusted_domain() patches coming next. (This used to be commit 2da62a3d965a9701e16e644fd6bc728b43f28489)
2007-10-10r22643: Don't clear cached U/SID and UG/SID entries when we want to logon ↵Günther Deschner1-1/+8
offline. Guenther (This used to be commit 37f9f466fd05bb06d8539bdb2cb72a730c2af4f4)
2007-10-10r22636: Fix logic bug.Günther Deschner1-6/+6
We certainly don't want to crash winbind on each sucessfull centry_uint{8,16,32,64} read. Jeremy, please check :-) Guenther (This used to be commit bfcd10766bcac1d50f7624bbe5a72eca57b5e278)
2007-10-10r22589: Make TALLOC_ARRAY consistent across all uses.Jeremy Allison1-12/+22
Jeremy. (This used to be commit 8968808c3b5b0208cbad9ac92eaf948f2c546dd9)
2007-10-10r22466: Fix build warning.Günther Deschner1-1/+1
Guenther (This used to be commit d6f259e91862df043f14430a60e9d646e30fe632)
2007-10-10r22211: Don't return a value from void functions !Jeremy Allison1-1/+1
Jeremy. (This used to be commit 1dd8d3a723ac2262a45fcd717daef79bffbf30d5)
2007-10-10r22210: Fix typo in testing for non-centry entries.Jeremy Allison1-1/+1
Jeremy. (This used to be commit b89ecbcac651034d818a41d8a1d0c5e7313f37b8)
2007-10-10r22209: Fix the storage of time_t -> make it 64 bits (use theJeremy Allison1-14/+112
same load/store function as NTTIME). Add a version number string to the winbindd cache so we can tell if it needs upgrading. THIS WILL DELETE ANY EXISTING winbindd_cache.tdb on first startup regardless of offline auth status. Once this is done we're in good shape though. Jeremy. (This used to be commit c52c7f91af80d5fbb2574b5acf10e6afef3b0c7e)
2007-10-10r22207: Fill in the validation functions. Now to test...Jeremy Allison1-28/+73
Jeremy. (This used to be commit fc2b9e860ef9512eb074622e0ad134ff3f30bfe7)
2007-10-10r22206: Added boilerplate to be filled in for other validation functions.Jeremy Allison1-0/+163
Jeremy. (This used to be commit 9be463eb0cb4d65c40e35c504059289696419486)
2007-10-10r22205: Add some flesh to the bones of the cache validation code.Jeremy Allison1-59/+209
Jeremy (This used to be commit b773ea2c8a107344fc524b41a2c81ecc723bd9ec)
2007-10-10r22202: Volker is clever :-). Use TDB_NOMMAP to prevent any wild pointerJeremy Allison1-1/+4
problems when validating the winbindd cache. Wish I'd have thought of that. Jeremy. (This used to be commit 6b0a8cbbb883b7041ed4b1f6c1ae90233921d154)
2007-10-10r22009: change TDB_DATA from char * to unsigned char *Stefan Metzmacher1-12/+12
and fix all compiler warnings in the users metze (This used to be commit 3a28443079c141a6ce8182c65b56ca210e34f37f)
2007-10-10r22001: change prototype of dump_data(), so that it takes unsigned char * now,Stefan Metzmacher1-6/+6
which matches what samba4 has. also fix all the callers to prevent compiler warnings metze (This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
2007-10-10r21985: make use of string_tdb_data()Stefan Metzmacher1-8/+5
to avoid creating the TDB_DATA struct from strings "by hand" metze (This used to be commit a8bc20d67f481a790524cad24e253436227af721)
2007-10-10r21146: Fix debug typos.Günther Deschner1-1/+1
Guenther (This used to be commit cdef1d00b89abd632281d428f1e1a6b322559af4)
2007-10-10r20986: Commit the prototype of the nss_info plugin interface.Gerald Carter1-1/+3
This allows a provider to supply the homedirectory, etc... attributes for a user without requiring support in core winbindd code. The idmap_ad.c module has been modified to provide the idmap 'ad' library as well as the rfc2307 and sfu "winbind nss info" support. The SID/id mapping is working in idmap_ad but the nss_info still has a few quirks that I'm in the process of resolving. (This used to be commit aaec0115e2c96935499052d9a637a20c6445986e)
2007-10-10r20124: clean up nested extern declaration warningsHerb Lewis1-7/+6
(This used to be commit ac3eb7813e33b9a2e78c9158433f7ed62c3b62bb)
2007-10-10r20057: Attempt to fix connect timeouts when connected onJeremy Allison1-2/+3
a network but not one on which any home DC's can be found (hotel network problem). Still testing but this is getting close. Jeremy. (This used to be commit 369c9e4138b93f7cfb6680f0beb541f58554e856)
2007-10-10r19975: Deal with 2 keytypes I messed previously (DR/DE).Jeremy Allison1-2/+25
Fix code that mistakenly assumed tdb_traverse returned 0 or -1, it actually returns -1 or the number of entries traversed. Add a static as another way to return the bad cache value. Jeremy. (This used to be commit 5266a70ae9971eb54fa769f89bec7c688285e811)
2007-10-10r19974: Add freelist check for cache. Fix testing of entryJeremy Allison1-19/+19
names (all except SEQNUM are *not* null terminated strings). Jeremy. (This used to be commit bcb68260ba4e6a1ae6b681603367008309b9bfde)
2007-10-10r19958: Add check for WINBIND_OFFLINE key.Jeremy Allison1-0/+6
Jeremy. (This used to be commit 270e84db6de66b4f20dc0a564f706dae4c00b0b2)
2007-10-10r19957: Initial framework to make winbindd robustJeremy Allison1-0/+230
against tdb corruption. Needs fleshing out (and I forgot one record type) and needs helpful suggestion from Volker to validate freelist, but should give an idea of how this will look. Jeremy. (This used to be commit 8eb53f74e414483afde7b1e38ea2a3f56ae3ec66)
2007-10-10r19399: Now Guenther discovered one crash dereferencing domain->backends,Jeremy Allison1-1/+1
get paranoid. I don't think this can really happen, but let's be sure. Jeremy. (This used to be commit be4709984b8548abf10a5e9fabba21d53440c42a)
2007-10-10r19391: Fix crash bug within the winbind caching method.Günther Deschner1-0/+5
That one was hard to find: when coming from offline mode and switching to online, a refresh sequence number call (using the default MS-RPC mechanism) may reset domain->backend to NULL (by the set_domain_online event). We need to make sure to reidentify the remote domain in that case. Guenther (This used to be commit 4d6503d1377a262ba8b87f344be7daf04e011ef2)
2007-10-10r19371: Add two missing refresh_sequence_number calls where they are missingGünther Deschner1-0/+3
just before writing to the winbind cache tdb. Guenther (This used to be commit bd8548998b06a84c2e66acbcb68542a4b5d8b8df)
2007-10-10r19206: Jeremy, for some reason storing a value-less entry in TDB does not workGünther Deschner1-9/+3
anymore in 3_0. I'm just adding a time(NULL) as value for the WINBINDD_OFFLINE key. Guenther (This used to be commit 2bdf9f140f76d6eb73b34148c47f7d3447e2e563)
2007-10-10r19148: Finish last nights patch - make offlineJeremy Allison1-1/+1
work again. Still under test. Jeremy. (This used to be commit 40a455db78f805daa6bfeb9e78fb78dcc12fd9a7)
2007-10-10r18543: Fix Coverity ID#312Volker Lendecke1-0/+1
(This used to be commit 763cbe924b78b206985db6552e20cb4830446d35)
2007-10-10r18511: Ops, fix the build.Günther Deschner1-1/+1
Guenther (This used to be commit 20de0b4823abb59518b7ffb495120494e705df7a)
2007-10-10r18510: Protect against storing null-sids in the winbind cache.Günther Deschner1-0/+8
Guenther (This used to be commit b04c8d46efc67e013b976e0ba1be558b70a1f899)
2007-10-10r18476: Protect ourselves from bad cached creds a littleJeremy Allison1-2/+30
better - don't just panic - delete them. Jeremy. (This used to be commit 4c54b75076442d239ae374b236c6f33aafece981)
2007-10-10r18271: Big change:Gerald Carter1-14/+14
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r18191: Fix the online/offline state handling of winbindd.Jeremy Allison1-5/+3
Instead of trying to do this in the winbindd_cache entries, add a timed even handler to probe every 5 mins when disconnected. Fix events to run all pending events, rather than only one. Jeremy. (This used to be commit 7bfbe1b4fb9a91c6678035f220bbf0b4f5afdcac)
2007-10-10r18188: merge 3.0-libndr branchJelmer Vernooij1-4/+4
(This used to be commit 1115745caed3093c25d6be01ffee21819fb0a675)
2007-10-10r18167: Adding DEBUG() to winbinds refresh seqnum to track down a failure.Günther Deschner1-0/+1
Guenther (This used to be commit 8bf197ee1658616448dcb752f51743365070901a)
2007-10-10r17618: Not using a cache version number (yet). We really should...Jeremy Allison1-1/+0
Jeremy (This used to be commit b711587f6e33bc5781b15da7bc49b31db4653073)
2007-10-10r17617: Take Andrew Bartletts excellent advice and don't storeJeremy Allison1-6/+38
the nt hash directly in the winbindd cache, store a salted version (MD5 of salt + nt_hash). This is what we do in the LDAP password history code. We store this salted cache entry under the same name as an old entry (CRED/<sid>) but detect it on read by checking if there are 17 bytes of data after the first stored hash (1 byte len, 16 bytes hash). GD PLEASE CHECK. Jeremy. (This used to be commit 89d0163a97edaa46049406ea3e2152bee4e0d1b2)
2007-10-10r17464: Ensure we use a hash16 data type, not a string,Jeremy Allison1-3/+45
for storing offline hashes. Jeremy. (This used to be commit c8e6f7e41c9db436b34dd127d77940d7b43bf13b)
2007-10-10r17461: Ensure we never save a NULL SID mapping. || should be &&.Jeremy Allison1-1/+1
Found by Whitfield school. Jeremy. (This used to be commit f8584a475853bd8937fb0cf1b304c98f96fbd872)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-6/+130
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)