summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_cache.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r19399: Now Guenther discovered one crash dereferencing domain->backends,Jeremy Allison1-1/+1
get paranoid. I don't think this can really happen, but let's be sure. Jeremy. (This used to be commit be4709984b8548abf10a5e9fabba21d53440c42a)
2007-10-10r19391: Fix crash bug within the winbind caching method.Günther Deschner1-0/+5
That one was hard to find: when coming from offline mode and switching to online, a refresh sequence number call (using the default MS-RPC mechanism) may reset domain->backend to NULL (by the set_domain_online event). We need to make sure to reidentify the remote domain in that case. Guenther (This used to be commit 4d6503d1377a262ba8b87f344be7daf04e011ef2)
2007-10-10r19371: Add two missing refresh_sequence_number calls where they are missingGünther Deschner1-0/+3
just before writing to the winbind cache tdb. Guenther (This used to be commit bd8548998b06a84c2e66acbcb68542a4b5d8b8df)
2007-10-10r19206: Jeremy, for some reason storing a value-less entry in TDB does not workGünther Deschner1-9/+3
anymore in 3_0. I'm just adding a time(NULL) as value for the WINBINDD_OFFLINE key. Guenther (This used to be commit 2bdf9f140f76d6eb73b34148c47f7d3447e2e563)
2007-10-10r19148: Finish last nights patch - make offlineJeremy Allison1-1/+1
work again. Still under test. Jeremy. (This used to be commit 40a455db78f805daa6bfeb9e78fb78dcc12fd9a7)
2007-10-10r18543: Fix Coverity ID#312Volker Lendecke1-0/+1
(This used to be commit 763cbe924b78b206985db6552e20cb4830446d35)
2007-10-10r18511: Ops, fix the build.Günther Deschner1-1/+1
Guenther (This used to be commit 20de0b4823abb59518b7ffb495120494e705df7a)
2007-10-10r18510: Protect against storing null-sids in the winbind cache.Günther Deschner1-0/+8
Guenther (This used to be commit b04c8d46efc67e013b976e0ba1be558b70a1f899)
2007-10-10r18476: Protect ourselves from bad cached creds a littleJeremy Allison1-2/+30
better - don't just panic - delete them. Jeremy. (This used to be commit 4c54b75076442d239ae374b236c6f33aafece981)
2007-10-10r18271: Big change:Gerald Carter1-14/+14
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r18191: Fix the online/offline state handling of winbindd.Jeremy Allison1-5/+3
Instead of trying to do this in the winbindd_cache entries, add a timed even handler to probe every 5 mins when disconnected. Fix events to run all pending events, rather than only one. Jeremy. (This used to be commit 7bfbe1b4fb9a91c6678035f220bbf0b4f5afdcac)
2007-10-10r18188: merge 3.0-libndr branchJelmer Vernooij1-4/+4
(This used to be commit 1115745caed3093c25d6be01ffee21819fb0a675)
2007-10-10r18167: Adding DEBUG() to winbinds refresh seqnum to track down a failure.Günther Deschner1-0/+1
Guenther (This used to be commit 8bf197ee1658616448dcb752f51743365070901a)
2007-10-10r17618: Not using a cache version number (yet). We really should...Jeremy Allison1-1/+0
Jeremy (This used to be commit b711587f6e33bc5781b15da7bc49b31db4653073)
2007-10-10r17617: Take Andrew Bartletts excellent advice and don't storeJeremy Allison1-6/+38
the nt hash directly in the winbindd cache, store a salted version (MD5 of salt + nt_hash). This is what we do in the LDAP password history code. We store this salted cache entry under the same name as an old entry (CRED/<sid>) but detect it on read by checking if there are 17 bytes of data after the first stored hash (1 byte len, 16 bytes hash). GD PLEASE CHECK. Jeremy. (This used to be commit 89d0163a97edaa46049406ea3e2152bee4e0d1b2)
2007-10-10r17464: Ensure we use a hash16 data type, not a string,Jeremy Allison1-3/+45
for storing offline hashes. Jeremy. (This used to be commit c8e6f7e41c9db436b34dd127d77940d7b43bf13b)
2007-10-10r17461: Ensure we never save a NULL SID mapping. || should be &&.Jeremy Allison1-1/+1
Found by Whitfield school. Jeremy. (This used to be commit f8584a475853bd8937fb0cf1b304c98f96fbd872)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-6/+130
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16939: Still clear the winbind_cache.tdb when offline logons are not enabled.Günther Deschner1-2/+4
Guenther (This used to be commit 4121ccfc3e39001d5b7b8288e3bc27d919f79167)
2007-10-10r16790: Fix memleak.Günther Deschner1-0/+1
Guenther (This used to be commit 48ab7f46814dfbd777f142cdd8f59e6c1962eb15)
2007-10-10r16361: Fix Klocwork ID 1731 1770 1771 1775 1796Volker Lendecke1-1/+2
Volker (This used to be commit 8a5cebc19e4709399976efe9e3ba3bf29249620a)
2007-10-10r16284: Start fixing up gcc4 -O6 warnings on an x86_64 box. size_t != unsignedJeremy Allison1-2/+2
int in a format string. Jeremy. (This used to be commit face01ef01e1a3c96eae17c56cadf01020d4cb46)
2007-10-10r16222: Fix DEBUG statements.Günther Deschner1-1/+1
Guenther (This used to be commit 5ecfaf7d505e6acc23a06dd64d00f5e6fb8efe6f)
2007-10-10r16221: No need for friednly error messages at log level 10.Günther Deschner1-27/+26
Guenther (This used to be commit 58a7c0900325065cc969eb4f2f4c85d41e27bc89)
2007-10-10r16196: A bit of defensive programming:Volker Lendecke1-1/+1
Klocwork ID 1773 complained about oldest being dereferenced in line 2275 where it could be NULL. I think you can construct extreme racy conditions where this actually could happen. Volker (This used to be commit b5602cc4f1d77ed48ddca0f7f42b28706160c923)
2007-10-10r15632: Remove length limitation from the winbind cache cleanup traversal.Günther Deschner1-7/+2
Guenther (This used to be commit 181fa02497e353a36e311f94f5bec2e9cfd1b56e)
2007-10-10r15428: Add "smbcontrol winbind onlinestatus" for debugging purpose.Günther Deschner1-0/+5
Guenther (This used to be commit 9e15b1659c105b0be846e8f71c27b20eab961bd2)
2007-10-10r15228: Fix -n winbind option which has become meaningless with the persistentGünther Deschner1-0/+6
cache. Guenther (This used to be commit e85558f4a457609f3661446dad8134e80f10bbe6)
2007-10-10r15132: Fix some shadowed variable warningsVolker Lendecke1-22/+22
(This used to be commit 97d2c20b0b37ac07b6e37e9614ff41ab7e131c98)
2007-10-10r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit ↵Gerald Carter1-3/+3
winbindd server (This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
2007-10-10r14675: Protect against null sids and rids in the cached credentials functions.Günther Deschner1-2/+28
Guenther (This used to be commit e162253a32119a31dd652b00f942d4c1a16fab83)
2007-10-10r14674: Further cleanup for cached logins, only dump hashes with DEBUG_PASSWORD.Günther Deschner1-1/+5
Guenther (This used to be commit 24afdda2ae7626b8c0b378d158ede391924d1274)
2007-10-10r14393: Fix a couple of AIX warnings.Jeremy Allison1-0/+2
Jeremy. (This used to be commit 8444c997bd3e18b1d04ebe85f06c8c6e34d7373f)
2007-10-10r14282: Change centry_string to only use talloc. ShouldJeremy Allison1-16/+12
quieten coverity bug #194 (which I think is a false positive). Jeremy. (This used to be commit 07d8b02d3dddf7322e096f3f0a7cc1c8fa709fa3)
2007-10-10r14076: When the backends trusted_domains call comes back with no trusts theGünther Deschner1-1/+9
NTSTATUS code will be NT_STATUS_NO_MORE_ENTRIES. In that case store NT_STATUS_OK in the centry so that the entry does not automatically deleted upon startup or invalidated upon next query. Guenther (This used to be commit 200d4566619c58951e22d9543420407b3baf878f)
2007-10-10r13984: Fix Coverity bug # 98Volker Lendecke1-1/+3
(This used to be commit 0a2aa3a48bd5fd7e5a9aa06068ddd621b19c1dbe)
2007-10-10r13915: Fixed a very interesting class of realloc() bugs found by Coverity.Jeremy Allison1-4/+2
realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2007-10-10r13409: No functional changes, just some DEBUG cleanup.Günther Deschner1-4/+2
Guenther (This used to be commit 286f6fc2339cf4ef232c16466b8dffdcddbe343f)
2007-10-10r13377: Fix from Volker: Make offline authentication work with NT4 as wellGünther Deschner1-0/+8
(handle no ACB_NORMAL flag and save name2sid as early as possible). Guenther (This used to be commit a04a5e40b774b7fe535e9cbbabddf94ee5578005)
2007-10-10r13371: Remove an unused functionVolker Lendecke1-8/+0
(This used to be commit dde8322b5c26b04222eefd3c1d450852f849079f)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-72/+786
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13309: If the sid in the winbind name2sid cache is not valid ↵Volker Lendecke1-1/+3
(NT_STATUS_NONE_MAPPED), we have S-0-0 as a SID in the cache. This leads to ugly level 0 messages from string_to_sid. Avoid them. Volker (This used to be commit d62da3e9875592af91469bf75ca32be77a40ea59)
2007-10-10r12788: Since we have agreed on the case of winbindd names, we can store aGünther Deschner1-2/+5
sid_to_name lookup result already after doing a sucessfull name_to_sid lookup. Guenther (This used to be commit 2456832a6d9ad2590dc02e147cc2c2e87d5a3a7a)
2007-10-10r12787: Revert last commit that removed our logic of memorizing negativeGünther Deschner1-3/+1
name_to_sid lookups in the cache. Guenther (This used to be commit 348d309688260d17d9cdbf11fc54ad30829ceae5)
2007-10-10r12742: Don't write null sid mappings into the winbindd_cache.tdb.Günther Deschner1-1/+3
Guenther (This used to be commit 1e0124efc54810125bbfae6dce536b2c4fff62c1)
2007-10-10r12341: add DEBUG statement.Günther Deschner1-1/+3
Guenther (This used to be commit d50098518d77f9559457f558df7d11d3f026833e)
2007-10-10r12193: Fix some typos.Günther Deschner1-1/+1
Guenther (This used to be commit 499224f02a8722eea0d4644ca81ca55da0e9a86b)
2007-10-10r11704: methods->alternate_name is not used anymore -- remove itVolker Lendecke1-13/+0
(This used to be commit 4a4f85f0ef8545b7062e9a49392d4488aa108036)
2007-10-10r11652: Reinstate the netsamlogon_cache in order to workGerald Carter1-0/+38
around failed query_user calls. This fixes logons to a member of a Samba domain as a user from a trusted AD domain. As per comments on samba-technical, I still need to add (a) cache the PAC info as werll as NTLM net_user_info_3 (b) expire the cache when the SMB session goes away Both Jeremy and Guenther have signed off on the idea. (This used to be commit 0c2bb5ba7b92d9210e7fa9f7b70aa67dfe9faaf4)
2007-10-10r11651: After talking to Jeremy, commit my winbindd "Do the Right Thing" patch.Gerald Carter1-24/+33
Still needs some more testing ni domains with multiple DCs. Coming next.... (This used to be commit aaed605206a8549cec575dab31e56bf6d32f26a6)