summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_sid.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r23244: Fix loop with nscd and NSS recusive calls.Gerald Carter1-1/+2
> Here's the problem I hit: > > getgrnam("foo") -> nscd -> NSS -> winbindd -> > winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() -> > getgrnam("foo") -> nscd -> .... > > This is in the SAMBA_3_0 specifically but in theory could happen > SAMBA_3_0_25 (or 26) for an unknown group. > > The attached patch passes down enough state for the > name_to_sid() call to be able to determine the originating > winbindd cmd that came into the parent. So we can avoid > making more NSS calls if the original call came in trough NSS > so we don't deadlock ? But you should still service > lookupname() calls which are needed for example when > doing the token access checks for a "valid groups" from > smb.conf. > > I've got this in testing now. The problem has shown up with the > DsProvider on OS X and with nscd on SOlaris and Linux. (This used to be commit bcc8a3290aaa0d2620e9d391ffbbf65541f6d742)
2007-10-10r22633: Fix typo in debug message.James Peach1-1/+1
(This used to be commit 4c58b6b1946bf61b24cbdb3c331fee3d48a6b7d2)
2007-10-10r22444: * Validate a SID before trying to convert it to a uid/gid via the publicGerald Carter1-3/+3
winbindd interface * Add nss_info/*so files to the RHEL/Fedora packaging (This used to be commit 1787fcb8c1199215fcec74472c727b8c8fbf5473)
2007-10-10r22430: Add SID validate to sid2uid() and sid2gid() public entry points in ↵Gerald Carter1-4/+81
winbindd (This used to be commit 0890cb941ed5d87a919edb5a896f331e900af007)
2007-10-10r20116: Start merging in the work done to create the new idmap subsystem.Simo Sorce1-275/+134
Simo. (This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)
2007-10-10r18271: Big change:Gerald Carter1-10/+10
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r17605: Some C++ warningsVolker Lendecke1-3/+6
(This used to be commit 05268d7a731861b10ce8556fd32a004808383923)
2007-10-10r17469: remove unused variableSimo Sorce1-1/+0
(This used to be commit c7d115a7d08ecebe2ba70b3f0efae39a1fd8e42a)
2007-10-10r17459: As by Jerry's word commit this without his review.Simo Sorce1-4/+42
This patch add some missing async functions to solve UID/GID -> SID requests not just out of the cache, but down the remote idmap if necessary. This patch solves the problem of servers not showing users/groups names for allocated UID/GIDs when joined to a group of servers that share a prepopulated idmap backend. Also correctly resolve UID/GIDs to SIDs when looking ACLs from the windows security tab on teh same situation. Simo. (This used to be commit b8578bfab6a04fcd65a2e65f507067459e326077)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-6/+34
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16800: correct a probable cut&paste errorSimo Sorce1-1/+1
(This used to be commit c139a2293bfb66554e1be09c6824d04381de58e1)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-34/+16
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r12273: Fix copy paste error.Günther Deschner1-2/+2
Guenther (This used to be commit 266f5fc9af6a07bc1f1432e716e6c528e9048533)
2007-10-10r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison1-30/+30
safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10r7785: This looks much larger than it is. It changes the top-level functions ↵Volker Lendecke1-69/+62
of the parent winbind not to return winbindd_result. This is to hopefully fix all the problems where a result has been scheduled for write twice. The problematic ones have been the functions that might have been delayed as well as under other circumstances immediately gets answered from the cache. Now a request needs to be explicitly replied to with a request_error() or request_ok(). Volker (This used to be commit 7365c9accf98ec1dd78a59dd7f62462bbb8528d4)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter1-310/+387
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r2691: Increase a debug level for a quite frequent operation.Volker Lendecke1-2/+2
Optimization for 'idmap backend = ldap': When asking sid2id for the wrong type, don't ask ldap when we have the opposite mapping in the local tdb. Volker (This used to be commit c91cff3bd38c1a8e23628b032f09829f9abf792d)
2007-10-10r2566: Fix creation of aliases via usrmgr. Winbind was too strict checking ↵Volker Lendecke1-2/+10
the type of sids. Volker (This used to be commit d3b2921a8fd86beb77eae45ef9cf1a846a93b199)
2007-10-10r2340: Solve the problem of user sids ending up with gid's and vice versa: ThisVolker Lendecke1-19/+59
belongs into winbind itself, not into wbinfo. Volker (This used to be commit 75e5c13d5d4c1da9bbb60f4e93183995c05a89ac)
2007-10-10r294: checking in volker's winbindd patches; tested on domain members (Samba ↵Gerald Carter1-4/+4
and AD) as well as on a Samba DC (This used to be commit 157d53782d6a7d0b7e30676a674ff2a25a15369c)
2007-10-10r116: volker's patch for local group and group nestingGerald Carter1-12/+21
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
2004-01-08Move more of winbind to use 'find_our_domain()' rather than the dangerousAndrew Bartlett1-4/+4
find_domain_from_name(lp_workgroup()). (as find_domain_from_name() can change the data in lp_workgroup()) Andrew Bartlett (This used to be commit 2e6eaad9ce6a0ad6923b5952ef6cf1c3688b7cfa)
2003-11-19as discussed on irc, this is a small patch that allows a few moreAndrew Tridgell1-6/+13
winbind functions to be accessed via NSS. This provides a much cleaner way for applications that need (for example) to provide name->sid mappings to do this via NSS rather than having to know the winbindd pipe protocol (as this might change). This patch also adds a varient of the winbindd_getgroups() call called winbindd_getusersids() that provides direct SID->SIDs listing of a users supplementary groups. This is enough to allow non-Samba applications to do ACL checking. A test program for the new functionality will be committed shortly. I also added the 'wbinfo --user-sids' option to expose the new function in wbinfo. (This used to be commit 702b35da0ac7c73aa5a6603f871d865565bbe278)
2003-11-12a small include file rearrangement that doesn't affect normalAndrew Tridgell1-0/+1
compilation, but that allows Samba3 to take advantage of pre-compiled headers in gcc if available. (This used to be commit b3e024ce1da7c7e24fcacd8a2964dd2e4562ba39)
2003-11-07fix for bug 680 (heads up). This gist is to map theGerald Carter1-25/+215
UNIX entity foo to DOMAIN\foo instead of SERVER\foo on members of a Samba domain when all UNIX accounts are shared via NIS, et. al. * allow winbindd to match local accounts to domain SID when 'winbind trusted domains only = yes' * remove code in idmap_ldap that searches the user suffix and group suffix. It's not needed and provides inconsistent functionality from the tdb backend. This has been tested. I'm still waiting on some more feedback but This needs to be in 3.0.1pre2 for widespread use. (This used to be commit ee272414e9965d7d550ba91d4e83997134dd51e6)
2003-08-132 fixesGerald Carter1-4/+14
* bug #280 (my fault) - initialize sambaNextUserRid and sambaNextGroupRid * Unix users shared vis LDAP or NIS between a samba domain member of a Samba domain are not seen as domain users on the member servers. not as local users. (This used to be commit a030fa373aefde8628def54ca8152f237a0467dc)
2003-07-22Another round of uid/gid/pid format string changes I missed theTim Potter1-3/+3
first time. (This used to be commit 6616485dbad74dab7506609c6bfd183fc9c1f93c)
2003-07-22Fixup a bunch of printf-style functions and debugs to use unsigned long whenTim Potter1-10/+10
displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings on some of the 64-bit build farm machines as well as help us out when 64-bit uid/gid/pid values come along. (This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a)
2003-07-07and so it begins....Gerald Carter1-13/+17
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-06-22Found out a good number of NT_STATUS_IS_ERR used the wrong way.Simo Sorce1-4/+4
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK This patch will cure the problem. Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is used correctly, but I'm not 100% sure, coders should check the use of NT_STATUS_IS_ERR() in samba is ok now. Simo. (This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-9/+4
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-04-29remove convert_smbpasswd and addtosmbpass from tree; people can get them ↵Gerald Carter1-0/+5
from 2.2. if they still need them (This used to be commit 237857a760974bb02000e5d3a776240ec73ca6b6)
2003-01-15winbindd merges from HEADGerald Carter1-1/+3
(This used to be commit 8bd91a50d4e743935196ca258d06a3e43392140d)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-0/+15
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-1/+3
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-22Make debug statment less confusing.Tim Potter1-2/+5
(This used to be commit 301a7f56dd3e7160147da656ff521671d04fe291)
2002-03-20Merge of Richard's lookupsid fix.Tim Potter1-1/+4
(This used to be commit 3c587384cbe5e10f7fa46f6996581b088dead7f5)
2002-02-27this allows us to support foreign SIDs in winbindd and smbdAndrew Tridgell1-53/+13
this means "xcopy /o" has a chance of working with ACLs that contain ACEs that use SIDs that the Samba server has no knowledge of. It's a bit hackish, Tim, can you look at my uid.c changes? (This used to be commit fe2db3148587937aa7b674c1c99036d42a3776b3)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-26Change the winbind interface to use seperate 'domain' and 'username' feilds forAndrew Bartlett1-7/+10
the sid->uid and uid->sid conversions. Remove some duplicate arguments from these funcitons, and update the request/response structures for this and the 'winbind domain name' feature. As such 'winbindd_lookup_name' now takes both a domain and username. (This used to be commit ce1b4d4c309e4a60bec5a53224585bd504264672)
2002-01-20This patch makes the 'winbind use default domain' code interact better withAndrew Bartlett1-7/+5
smbd, and also makes it much cleaner inside winbindd. It is mostly my code, with a few changes and testing performed by Alexander Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and security=ads, but more testing is always appricatiated. The idea is that we no longer cart around a 'domain\user' string, we keep them seperate until the last moment - when we push that string into a pwent on onto the socket. This removes the need to be constantly parsing that string - the domain prefix is almost always already provided, (only a couple of functions actually changed arguments in all this). Some consequential changes to the RPC client code, to stop it concatonating the two strings (it now passes them both back as params). I havn't changed the cache code, however the usernames will no longer have a double domain prefix in the key string. The actual structures are unchanged - but the meaning of 'username' in the 'rid' will have changed. (The cache is invalidated at startup, so on-disk formats are not an issue here). Andrew Bartlett (This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
2001-12-05Fixed parse_domain_user to be bool.Jeremy Allison1-1/+2
Jeremy. (This used to be commit 9563de2ef8c1197f4941671d2fdade7d933c32d0)
2001-12-03added name_to_sid to the backendAndrew Tridgell1-3/+8
(This used to be commit 816e40a51af80a7f703c0451304de406deab3dd8)
2001-05-14Compile fixes for dynamic samr_query_userinfo() stuff.Tim Potter1-2/+3
(This used to be commit a92a0d061bd322b9d3a1fe13c6ce2d2e1f070ef7)
2001-05-10Use sid_peek_rid() instead of sid_split_rid().Tim Potter1-3/+2
(This used to be commit 0e03209af6f70c3c0c52072fe904ba5750676b63)
2001-05-07iAdditional files for winbind merge.Tim Potter1-0/+244
(This used to be commit 38ab3b31b5dc39fb59f224b399bb9c2269f1c933)