summaryrefslogtreecommitdiff
path: root/source3/passdb/lookup_sid.c
AgeCommit message (Collapse)AuthorFilesLines
2008-01-25Fix lookup_sids to detect unix_groups and unix_users domain sids.Michael Adam1-0/+10
This fixes panics in wbcLookupRids when 1-2-22 was passed as a domain sid. Michael (This used to be commit c0d9732cf4482b0db02c75f316ff2b41f3336425)
2008-01-25Add a debug message: show the sid lookup_sid() was called for.Michael Adam1-0/+2
Michael (This used to be commit 6c7c6c3f85a4bd171c62031b2b8e59d3f7054061)
2008-01-25Add a debug message to lookup_rids() printing the domain SID.Michael Adam1-0/+3
This is to ease debugging. I sporadically get panics that are apparently due to NULL domain sid passed to lookup_rids somewhere. Michael (This used to be commit 723e877c241dd5a0c8addb89507c9eda75b88ea4)
2007-12-23Convert the [gu]id_sid cache to memcacheVolker Lendecke1-134/+62
(This used to be commit 4baf36784f6496121a6863af0283821785eb0cf1)
2007-12-17Remove direct caller of secrets_fetch_trusted_domain_password().Michael Adam1-1/+1
This is a regession introduced by f7efc0eca9426e63b751c07a90265a12bb39cf95. This calls pdb_get_trusteddom_pw() instead, again. Michael (This used to be commit 91be824d2ba0b8dccf42ba2b8555a204aa1fa56c)
2007-12-17Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames.Michael Adam1-13/+32
This patch is still incomplete in that winbindd does not walk the the trusted domains to lookup unqualified names here. Apart from that this fix should be pretty much complete. Michael (This used to be commit f7efc0eca9426e63b751c07a90265a12bb39cf95)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke1-33/+34
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-12-14Revert "Fix for bug #4801: Correctly implement lsa lookup levels for ↵Stefan Metzmacher1-32/+13
lookupnames." As it breaks all tests which try to join a new machine account. So more testing is needed... metze This reverts commit dd320c0924ce393a89b1cab020fd5cffc5b80380. (This used to be commit cccb80b7b7980fbe1298ce266375e51bacb4a425)
2007-12-13Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames.Michael Adam1-13/+32
This is a first patch aimed at fixing bug #4801. It is still incomplete in that winbindd does not walk the the trusted domains to lookup unqualified names here. Apart from that this fix should be pretty much complete. Michael (This used to be commit dd320c0924ce393a89b1cab020fd5cffc5b80380)
2007-11-27Use the proper boolean constants - the type has beenMichael Adam1-76/+76
changed from BOOL to bool. Michael (This used to be commit 03673f2cd614526e7720275a5ba0869c68429f4d)
2007-10-26Ensure temporary memory is freed - pointed out by "Li, Ying (ESG)" ↵Jeremy Allison1-0/+1
<ying.li2@hp.com>. We aren't currently leaking memory, but are leaving it around for longer than we need to. Jeremy. (This used to be commit 25bbc9a6613bef0f3f73ecf634a38a9d56020f40)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-21/+21
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23630: Found out what LSA_LOOKUP_NAMES level 5 means:Günther Deschner1-1/+1
only query transitive forest trusts. Guenther (This used to be commit e744efa1ee33fb150132f0b7f46ee1711681afc6)
2007-10-10r23244: Fix loop with nscd and NSS recusive calls.Gerald Carter1-4/+4
> Here's the problem I hit: > > getgrnam("foo") -> nscd -> NSS -> winbindd -> > winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() -> > getgrnam("foo") -> nscd -> .... > > This is in the SAMBA_3_0 specifically but in theory could happen > SAMBA_3_0_25 (or 26) for an unknown group. > > The attached patch passes down enough state for the > name_to_sid() call to be able to determine the originating > winbindd cmd that came into the parent. So we can avoid > making more NSS calls if the original call came in trough NSS > so we don't deadlock ? But you should still service > lookupname() calls which are needed for example when > doing the token access checks for a "valid groups" from > smb.conf. > > I've got this in testing now. The problem has shown up with the > DsProvider on OS X and with nscd on SOlaris and Linux. (This used to be commit bcc8a3290aaa0d2620e9d391ffbbf65541f6d742)
2007-10-10r23194: cherry pick two fixes from SAMBA_3_0_26Gerald Carter1-4/+4
* strptime() failure check * make legcacy sid/uid/gid calls static (This used to be commit 3c9fb1c6f3263c0ce6edbf2a8824c153317a84a3)
2007-10-10r23051: sid_to_[ug]id fixes for smbdSimo Sorce1-12/+26
(This used to be commit 2d636ad2a33d0ca61bf6022feceed47dd68ef855)
2007-10-10r22977: Trim noise by removing redundant WARNING log message thatGerald Carter1-4/+0
would flood at log level 2. We know when we're using the legacy mapping code anyways since it will log an informative msg. (This used to be commit 51aac0fcb4528df790aa3ae078f9ef639cc01363)
2007-10-10r22613: Fix an uninitialized variable warningVolker Lendecke1-1/+1
(This used to be commit d4c5d5ffb30fe50abb828067b047d5eb61038ddf)
2007-10-10r22589: Make TALLOC_ARRAY consistent across all uses.Jeremy Allison1-9/+27
Jeremy. (This used to be commit 8968808c3b5b0208cbad9ac92eaf948f2c546dd9)
2007-10-10r22096: become_root_uid_only() is unneeded - it's only used inJeremy Allison1-12/+12
messages.c. Refactor to use become_root() instead and make it local to messages.c Jeremy. (This used to be commit f3ffb3f98472b69b476b702dfe5c0575b32da018)
2007-10-10r21853: Fix a valgrind errorVolker Lendecke1-0/+5
(This used to be commit d0d16cc55ab830dcfd4f8c6c7bf64d2b9b6dd55b)
2007-10-10r21782: Fix a memleakVolker Lendecke1-0/+1
(This used to be commit a2dc1f62fdf7683cfb2ca71499dbe7efddc4aa9b)
2007-10-10r20824: Send access to the trusted domain passwords through the pdb backend, ↵Volker Lendecke1-5/+4
so that in the next step we can store them in LDAP to be replicated across DCs. Thanks to Michael Adam <ma@sernet.de> Volker (This used to be commit 3c879745cfc39be6128b63a88ecdbfa3d9ce6c2d)
2007-10-10r20212: Attempt to fix the Solaris buildVolker Lendecke1-2/+4
(This used to be commit 902d81becbd5eac7251e88457be7efc5e951614f)
2007-10-10r20169: Support for fallback to legacy mapping code was not completely tested.Simo Sorce1-12/+18
Add necessary fixes. (This used to be commit 4a81ee9608d45f95eaaccc78a080e717cb7d4682)
2007-10-10r20116: Start merging in the work done to create the new idmap subsystem.Simo Sorce1-92/+131
Simo. (This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)
2007-10-10r19945: Fix a segfault -- lookup_rids needs to init the names even on failureVolker Lendecke1-0/+2
(This used to be commit eba404e668c270f2d31e3a8ab0721064eda39b40)
2007-10-10r19579: BUG 4075: patch from Dmitry Butskoy <dmitry@butskoy.name>.Gerald Carter1-2/+4
Allow smbd to use winbindd to lookup uids/gids outside the idmap range if 'winbind trusted domains only = yes' (This used to be commit 5b3ac400a7d51dfc818563189bdf6649b2dc3a52)
2007-10-10r18527: Janitor for Jeremy ;-)Volker Lendecke1-12/+12
(This used to be commit d72ba9ed1288e7f498a64c96dd6aa04bda59c8b2)
2007-10-10r18483: Ensure all pdb_XXX calls are wrapped in become_root()/unbecome_root()Jeremy Allison1-5/+32
pairs. Should fix bug #4097. Jeremy. (This used to be commit f787b9d156992e0069860cb1ab829970cb69eb81)
2007-10-10r18271: Big change:Gerald Carter1-15/+15
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r17971: Disable storing SIDs in the S-1-22-1 and S-1-22-2 domain to the ↵Gerald Carter1-0/+10
SID<->uid/gid cache. FIxes a bug in token creation (This used to be commit fa05708789654a8a34cb4a4068514a0b3d950653)
2007-10-10r17709: Fix cut-n-paste error with the name of gid_to_unix_group_sid().Gerald Carter1-1/+1
(This used to be commit dda0b8bce6b7e0146badd8aeb52b5cce6289de21)
2007-10-10r17669: Remove RID algorithm support from unmapped users and groupsGerald Carter1-90/+11
when using smbpasswd (This used to be commit dde552336c732ddd6076a6a32575a37cb51aa94c)
2007-10-10r17554: CleanupVolker Lendecke1-2/+2
(This used to be commit 761cbd52f0cff6b864c506ec03c94039b6101ef9)
2007-10-10r17463: A bit of cleanup work:Volker Lendecke1-2/+2
Remove some unused code: pdb_find_alias is not used anymore, and nobody I think has ever used the pdb_nop operations for group mapping. smbpasswd and tdb use the default ones and ldap has its own. Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right now really makes use of it, but it feels wrong to throw away information so early. Volker (This used to be commit f9856f6490fe44fdba97ea86062237d8c74d4bdc)
2007-10-10r17451: Change pdb_getgrsid not to take a DOM_SID but a const DOM_SID * as anVolker Lendecke1-1/+1
argument. Volker (This used to be commit 873a5a1211d185fd50e7167d88cbc869f70dfd3f)
2007-10-10r17407: Don't do strchr_m twice when once will do.Jeremy Allison1-5/+4
Jeremy. (This used to be commit b5f0b1b6447ac3c77558b32d97ce96d357ce15c0)
2007-10-10r17406: We need to do a translation of winbind separator -> '\\' inVolker Lendecke1-1/+18
lookup_name_smbconf, otherwise force user = domain+administrator can not work. Also attempt to fix the 'valid users = domain+group' bug at the same time. Volker (This used to be commit 255475901c13fde29b1b476560d969cc99712767)
2007-10-10r17404: Is this XP (extreme programming)? :-)Volker Lendecke1-3/+3
With lp_workgroup we end up with remote names again... Volker (This used to be commit 250b9f353118bee4c080655f57d09011679deaf7)
2007-10-10r17403: add a helpful debug msgGerald Carter1-0/+3
(This used to be commit 63325b36872c92d9f9fe04a185d7bd3ac525d84c)
2007-10-10r17402: Added lookup_name_smbconf() to be called when lookingJeremy Allison1-0/+50
up names from smb.conf. If the name is unqualified it causes the lookup to be done in WORKGROUP\name, then "Unix [users|groups]"\name rather than searching the domain. Should fix the problems with "force user" selecting a domain user by preference. Jeremy. (This used to be commit 1e1fcb5eb2ac4bd360461b29f85c07dbf460025d)
2007-10-10r17075: Even without talloc_steal you can still create memory problems.... ;-)Volker Lendecke1-1/+1
(This used to be commit 03e9924f5c82537ca72c03e3b0f70ea002e76934)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-68/+116
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16866: No idea why I did not see the warning, sorry....Volker Lendecke1-1/+1
(This used to be commit 84913caebdb461fed2c94fadfa0039b32a83cb6d)
2007-10-10r16865: This is a proposal to fix bug 3915. Before sending patches around, ↵Volker Lendecke1-2/+1
this is what svn is for. The idea is that we fall back to a pure unix user with S-1-22 SIDs in the token in case anything weird is going on with the 'force user'. Volker (This used to be commit 9ec5ccfe851ac8a1f88b88c8c8461a5cf75b4c57)
2007-10-10r16678: Fix bug #3898 reported by jason@ncac.gwu.edu.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 5c5ea3152f8dbdfd7717b65e035191ffed3ec548)
2007-10-10r16064: Bug fix for another one Tom Bork has reported:Volker Lendecke1-3/+23
'valid users = +unixgroup' failed with smbpasswd if 'unixgroup' has a (non-algorithmic) group mapping. Thanks a lot! People out there listening, please test current code, this release is **BIG** :-) Volker (This used to be commit 8f9ba5f96c9b506623ef97b7ed3d84f39d914a3c)