summaryrefslogtreecommitdiff
path: root/source3/passdb/lookup_sid.c
AgeCommit message (Collapse)AuthorFilesLines
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-26/+26
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18s3: Remove use of iconv_convenience.Jelmer Vernooij1-8/+8
2010-04-28s3: Make a debug msg more readableVolker Lendecke1-1/+1
2010-01-10s3: Use sid_check_is_in_our_domain instead of a direct sid_peek_check_ridVolker Lendecke1-4/+2
2010-01-10s3: Replace most calls to sid_append_rid() by sid_compose()Volker Lendecke1-10/+5
2009-11-14s3:passdb: remove the uid_to_rid method - we only need uid_to_sidMichael Adam1-4/+1
Michael
2009-10-20s3-lsa: allow to lookup BUILTIN\ in lsa_LookupNames.Günther Deschner1-0/+8
Found by RPC-LSA-LOOKUPNAMES torture test. Guenther
2009-07-31Rename LOOKUP_NAME_EXPLICIT to LOOKUP_NAME_NO_NSSVolker Lendecke1-4/+8
It took me a bit to understand what this flag does. I hope this is a bit clearer, at least it is to me.
2009-06-26s3:passdb: fix bug #6509: use gid (not uid) cache in fetch_gid_from_cache().Michael Adam1-1/+1
With the previous code, the cache can never have been hit at all. Michael
2009-05-27s3: zero an uninitialized arrayMarc VanHeyningen1-1/+4
Invalid pointers were being dereferenced in lookup_sids causing occasional seg faults. Signed-off-by: Tim Prouty <tprouty@samba.org>
2009-05-12s3: Fallback to the legacy sid_to_(uid|gid) instead of returning NULL.Aravind Srinivasan1-9/+4
This is very similar to be1dfff02d562e42a7847bd02fed8538630d3f41
2009-05-11Fix a bunch of compiler warnings about wrong format types.Jeremy Allison1-2/+2
Should make Solaris 10 builds look cleaner. Jeremy.
2009-03-24Fix bug 6097Volker Lendecke1-1/+1
A client sent a SID with authority 0 and 0 sub-authorities. W2k3 replies with NT_STATUS_INVALID_SID, even if other SIDs in the list are valid. Thanks to Pavel <wylda@volny.cz> for the bug report!
2009-03-03s3 passdb: Add back some useful debug statementsTim Prouty1-18/+24
Originally removed in be1dfff02d562e42a7847bd02fed8538630d3f41
2009-03-02It appears that the first time we see a uid/gid that winbind can't map,Dan Sledz1-14/+22
we end up returning the null sid instead of falling back to the legacy code. Next time through the code we'll hit the negative cache and do the right thing, but we still fail the first time. If we fail the winbind id to sid mapping, call the legacy version. This catches the case where we don't have a negative cache entry for the mapping. This is better than returning the NULL sid to the caller.
2009-01-01Add iconv_convenience argument to size functions.Jelmer Vernooij1-8/+8
2008-10-27s4-lsa: merge lsa_LookupSids/{2,3} from s3 lsa idl.Günther Deschner1-4/+4
Guenther
2008-09-03Revert "Split lookup_name() and create a new functiong called"Simo Sorce1-93/+78
This reverts commit 8594edf666c29fd4ddf1780da842683dd81483b6. (This used to be commit ad462e2e2d025a7fc23e7dea32b2b442b528970b)
2008-09-03Merge branch 'v3-devel' of ssh://git.samba.org/data/git/samba into v3-develSimo Sorce1-4/+38
(This used to be commit 8e4dca3b9416d9b5e535bda5e4befc073bfc1641)
2008-08-26Fix bug spotted by Simo - don't use legacy if expired entry.Jeremy Allison1-4/+4
Jeremy. (This used to be commit a7bbd33139c5835cf32efdbe0ef187117699e3e4)
2008-08-26Don't ask winbindd if we got a -ve cache entry.Jeremy Allison1-4/+38
Jeremy. (This used to be commit 91f85d0dcaa917b7a90a77852f3a778a0ad99c4d)
2008-08-26Merge branch 'v3-devel' of ssh://git.samba.org/data/git/samba into v3-develSimo Sorce1-33/+63
(This used to be commit e038f1cf9fb305fc1e7a4189208e451d30aaa1f0)
2008-08-26Fix the build :-(. Ask winbindd if we find a negative cache entry (or shouldJeremy Allison1-5/+17
we just call the legacy function ?). Jeremy. (This used to be commit 566d3b6e76afeca8e862cb36202a5283b86920e4)
2008-08-26Get smbd to look (read-only) into the winbindd cache for uid/gid <--> sid ↵Jeremy Allison1-33/+51
mappings. Jeremy. (This used to be commit 31ba955d6950420096b9141454aa95b2510a3d9a)
2008-08-17Split lookup_name() and create a new functiong calledSimo Sorce1-78/+93
lookup_domain_name(). This new function accept separated strings for domain and name. (This used to be commit 8594edf666c29fd4ddf1780da842683dd81483b6)
2008-07-11Revert "Make use of sid_check_is_in_unix_users/groups"Volker Lendecke1-16/+11
This reverts commit cd8e63b2b45402091d6d328b3c6ca593fc19ac92. (This used to be commit 061e55d4f48d269dc45fad6739e0872501b9433d)
2008-07-11Revert "Don't scream, better explain a bit in comments"Volker Lendecke1-8/+10
This reverts commit dcc39ed00453a075b23daece2844ca4817bfbfaf. (This used to be commit 26ca09a3570a0df051d042bef586ea57ad9f198c)
2008-07-11Revert "Remove an unused variable"Volker Lendecke1-0/+1
This reverts commit 454cb852e06fa3d8bdd0eebb3ebdb24b3d74ecd0. (This used to be commit cae8ec3199d5b0ffe0bfb6f15adaa5a12343c763)
2008-07-03Remove an unused variableVolker Lendecke1-1/+0
(This used to be commit 454cb852e06fa3d8bdd0eebb3ebdb24b3d74ecd0)
2008-07-03Don't scream, better explain a bit in commentsVolker Lendecke1-10/+8
(This used to be commit dcc39ed00453a075b23daece2844ca4817bfbfaf)
2008-07-03Make use of sid_check_is_in_unix_users/groupsVolker Lendecke1-11/+16
Don't replicate code unnecessarily (This used to be commit cd8e63b2b45402091d6d328b3c6ca593fc19ac92)
2008-05-06Fix a panic in the [ug]id2sid valgrind bug fixVolker Lendecke1-4/+6
Always, always run "make test" before pushing stuff :-) (This used to be commit 1444db8be1de00a3e9c805f1accd8f1f4670d729)
2008-05-06Fix a valgrind bug in the new [ug]id2sid cacheVolker Lendecke1-6/+6
When we're given a SID, it is not always padded with zeros. Only look at the initialized parts in the SID. (This used to be commit 8717085dba832cfe6d7b807a10f779e495adc326)
2008-02-05Don't return true on talloc fail.Jeremy Allison1-0/+12
Jeremy. (This used to be commit 21594cb34c683262ed4f743b68c35e586676ff75)
2008-01-25Fix lookup_sids to detect unix_groups and unix_users domain sids.Michael Adam1-0/+10
This fixes panics in wbcLookupRids when 1-2-22 was passed as a domain sid. Michael (This used to be commit c0d9732cf4482b0db02c75f316ff2b41f3336425)
2008-01-25Add a debug message: show the sid lookup_sid() was called for.Michael Adam1-0/+2
Michael (This used to be commit 6c7c6c3f85a4bd171c62031b2b8e59d3f7054061)
2008-01-25Add a debug message to lookup_rids() printing the domain SID.Michael Adam1-0/+3
This is to ease debugging. I sporadically get panics that are apparently due to NULL domain sid passed to lookup_rids somewhere. Michael (This used to be commit 723e877c241dd5a0c8addb89507c9eda75b88ea4)
2007-12-23Convert the [gu]id_sid cache to memcacheVolker Lendecke1-134/+62
(This used to be commit 4baf36784f6496121a6863af0283821785eb0cf1)
2007-12-17Remove direct caller of secrets_fetch_trusted_domain_password().Michael Adam1-1/+1
This is a regession introduced by f7efc0eca9426e63b751c07a90265a12bb39cf95. This calls pdb_get_trusteddom_pw() instead, again. Michael (This used to be commit 91be824d2ba0b8dccf42ba2b8555a204aa1fa56c)
2007-12-17Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames.Michael Adam1-13/+32
This patch is still incomplete in that winbindd does not walk the the trusted domains to lookup unqualified names here. Apart from that this fix should be pretty much complete. Michael (This used to be commit f7efc0eca9426e63b751c07a90265a12bb39cf95)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke1-33/+34
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-12-14Revert "Fix for bug #4801: Correctly implement lsa lookup levels for ↵Stefan Metzmacher1-32/+13
lookupnames." As it breaks all tests which try to join a new machine account. So more testing is needed... metze This reverts commit dd320c0924ce393a89b1cab020fd5cffc5b80380. (This used to be commit cccb80b7b7980fbe1298ce266375e51bacb4a425)
2007-12-13Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames.Michael Adam1-13/+32
This is a first patch aimed at fixing bug #4801. It is still incomplete in that winbindd does not walk the the trusted domains to lookup unqualified names here. Apart from that this fix should be pretty much complete. Michael (This used to be commit dd320c0924ce393a89b1cab020fd5cffc5b80380)
2007-11-27Use the proper boolean constants - the type has beenMichael Adam1-76/+76
changed from BOOL to bool. Michael (This used to be commit 03673f2cd614526e7720275a5ba0869c68429f4d)
2007-10-26Ensure temporary memory is freed - pointed out by "Li, Ying (ESG)" ↵Jeremy Allison1-0/+1
<ying.li2@hp.com>. We aren't currently leaking memory, but are leaving it around for longer than we need to. Jeremy. (This used to be commit 25bbc9a6613bef0f3f73ecf634a38a9d56020f40)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-21/+21
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23630: Found out what LSA_LOOKUP_NAMES level 5 means:Günther Deschner1-1/+1
only query transitive forest trusts. Guenther (This used to be commit e744efa1ee33fb150132f0b7f46ee1711681afc6)
2007-10-10r23244: Fix loop with nscd and NSS recusive calls.Gerald Carter1-4/+4
> Here's the problem I hit: > > getgrnam("foo") -> nscd -> NSS -> winbindd -> > winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() -> > getgrnam("foo") -> nscd -> .... > > This is in the SAMBA_3_0 specifically but in theory could happen > SAMBA_3_0_25 (or 26) for an unknown group. > > The attached patch passes down enough state for the > name_to_sid() call to be able to determine the originating > winbindd cmd that came into the parent. So we can avoid > making more NSS calls if the original call came in trough NSS > so we don't deadlock ? But you should still service > lookupname() calls which are needed for example when > doing the token access checks for a "valid groups" from > smb.conf. > > I've got this in testing now. The problem has shown up with the > DsProvider on OS X and with nscd on SOlaris and Linux. (This used to be commit bcc8a3290aaa0d2620e9d391ffbbf65541f6d742)