summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_util.c
AgeCommit message (Collapse)AuthorFilesLines
2011-01-21s3:winbind: Fork multiple children per domainVolker Lendecke1-0/+10
This makes us scale better with many simultaneous winbind requests, some of which might be slow. This implementation breaks offline logons, as the cached credentials are maintained in a child (this needs fixing). So, if the offline logons are active, only allow one DC connection. Probably the offline logon and the scalable file server cases are separate enough so that this patch is useful even with the restriction.
2010-11-19s3: Remove some unused codeVolker Lendecke1-43/+0
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Nov 19 11:21:00 CET 2010 on sn-devel-104
2010-10-14libcli/auth Merge source4/libcli/security and util_sid.c into the common codeAndrew Bartlett1-1/+1
This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-1/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-09-20s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.Günther Deschner1-3/+4
Guenther
2010-09-11s3-auth Change type of num_sids to uint32_tAndrew Bartlett1-2/+2
size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-05s3-secrets: only include secrets.h when needed.Günther Deschner1-0/+1
Guenther
2010-07-06s3-winbind: Fixed the winbind caching.Günther Deschner1-5/+2
2010-05-31s3:winbind tidy up connecting the winbind sockets.Andrew Bartlett1-43/+0
By putting this code inline in winbindd_setup_listeners() we remove 2 static variables and simplify the code. By putting the get_winbind_priv_pipe_dir() in the same file, we allow it to be reimplemented in s3compat. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-05-28s3:winbind Kill amusing but un-used winbindd_kill_all_clientsAndrew Bartlett1-17/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-12/+12
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-04-25s3: Convert add_trusted_domains() to wb_domain_request_send()Volker Lendecke1-22/+19
2010-04-25s3: Simplify trustdom_stateVolker Lendecke1-10/+5
Don't store information explicitly as boolean flags that can be easily retrieved from the domain when it's actually needed.
2010-04-25s3: Make "struct trustdom_state" its own talloc contextVolker Lendecke1-14/+9
2010-04-23s3-winbind: fix setup_domain_child() callers.Günther Deschner1-2/+2
Volker, please check. Guenther
2010-04-23s3: Fix a winbind crash when scanning trustsVolker Lendecke1-0/+6
add_trusted_domain() for a new domain always needs to be followed by a setup_domain_child(). This was not always done, in particular not when walking to the forest root for additional trusts. This is a minimal patch, we need to fix add_trusted_domain().
2010-04-08s3: Remove the separate "child" argument from setup_domain_child()Volker Lendecke1-10/+5
2010-01-02s3: simplify find_root_domain, find_our_domain() never failsVolker Lendecke1-4/+2
2010-01-02s3: Use global_sid_Builtin in find_builtin_domainVolker Lendecke1-4/+1
2010-01-02s3: Avoid adding a domain twiceVolker Lendecke1-6/+7
If we found a match with sid==NULL, we ended up adding the domain twice
2010-01-02s3: Make free_domain_list() staticVolker Lendecke1-1/+1
2010-01-02s3: Introduce domain_is_forest_root() helper functionVolker Lendecke1-3/+9
Hopefully this makes the flag tests a bit more understandable
2009-12-26s3: Replace IS_DOMAIN_OFFLINE by a functionVolker Lendecke1-0/+11
2009-12-26s3: winbindd_cli_state->getgrent_state is no longer usedVolker Lendecke1-23/+0
2009-12-23s3: Remove some unused codeVolker Lendecke1-66/+0
2009-08-26s3/winbindd: Remove unnecessary check for NULL SIDSteven Danneman1-7/+2
There's a known bug in some Windows implementations of DsEnumerateDomainTrusts() where domain SIDs are not returned for transitively trusted domains within the same forest. Jerry originally worked around this in the winbindd parent by checking for S-0-0 and converting it to S-1-0 in 8b0fce0b. Guenter later moved these checks into the child process in commit 3bdfcbac making the initial patch unecessary. I've removed it and added a clarifying comment to the child process. If ever this SID is needed we could add an extra DsEnumerateDomainTrusts() call in trusted_domains() as suggested by the Microsoft KB.
2009-08-23s3:winbind: Even on a domain controller, "our" domain is internalVolker Lendecke1-6/+0
It happens to be what we also share out via NETLOGON/SAMR, but winbind has direct access to it via the passdb domain methods
2009-08-23s3:winbind: For internal domains it is pointless to connect to a DCVolker Lendecke1-1/+5
2009-08-16s3:winbind: Add const to normalize_name_mapVolker Lendecke1-1/+1
2009-08-02Refactor 9b78af1f: Fix lookupname recursionVolker Lendecke1-3/+8
Pass a "flags" argument instead of the original winbind command down the name_to_sid chain. This way we are independent of the winbind commands and can take the decision at a much higher level
2009-08-01Place a comment correctlyVolker Lendecke1-1/+4
2009-07-18s3: compile warning and upn handlingBo Yang1-1/+2
Signed-off-by: Bo Yang <boyang@samba.org>
2009-06-14Make winbindd_cli_state->response a pointer instead of a struct memberVolker Lendecke1-6/+6
Same comment as in baa6084378e530b: This is just a preparatory checkin. Volker
2009-06-14Make rescan_trusted_domains a timed eventVolker Lendecke1-21/+10
2009-06-14Remove unused init_child_connection()Volker Lendecke1-135/+0
2009-06-14Convert the winbind parent->child communication to wb_reqtransVolker Lendecke1-2/+0
2009-06-14Make winbindd_cli_state->request a pointer instead of a struct memberVolker Lendecke1-6/+6
In itself, this is pretty pointless. But in the next steps I'll convert the winbind internal communication to wb_reqtrans which allocates the request properly. This minimizes the later diff. Volker
2009-05-25s3:winbind_util: remove trailing spacesMichael Adam1-56/+56
Michael
2009-05-11Fix some nonempty blank linesVolker Lendecke1-37/+37
2009-03-18s3:winbindd: remove unused close_winbindd_socket() functionStefan Metzmacher1-18/+0
metze
2009-01-21Memory leaks and other fixes found by Coveritytodd stecher1-2/+10
2008-12-22Fix "allow trusted domain" so it disables trusted domains.Gerald (Jerry) Carter1-2/+11
2008-10-01Fix use of DLIST_REMOVE as spotted by Constantine Vetoshev <gepardcv@gmail.com>.Jeremy Allison1-2/+1
This API is unusual in that if used to remove a non-list head it nulls out the next and prev pointers. This is what you want for debugging (don't want an entry removed from the list to be still virtually linked into it) but means there is no consistent idiom for use as the next and prev pointers get trashed on removal from the list, meaning you must save them yourself. You can use it one way when deleting everything via the head pointer, as this preserves the next pointer, but you *must* use it another way when not deleting everything via the head pointer. Fix all known uses of this (the main one is in conn_free_internal() and would not free all the private data entries for vfs modules. The other changes in web/statuspage.c and winbindd_util.c are not strictly neccessary, as the head pointer is being used, but I've done them for consistency. Long term we must revisit this as this API is too hard to use correctly. Jeremy.
2008-09-29re-added "winbind:ignore domains" patchAndrew Tridgell1-0/+17
This option really is essential, as we discover again and again at customer sites. Due to bugs in winbind some domains are toxic. When you are installing at a site and a particular domain in a complex setup causes winbind to segfault or hang then you need a way to disable that domain and continue. In an ideal world winbind could handle arbitrarily complex ADS domains, but we are nowhere near that yet. If we ever get to that stage then we won't need this option.
2008-09-23[s3]winbindd_util: add fill_domain_username_talloc().Michael Adam1-0/+27
A talloc version of fill_domain_username(). Michael
2008-09-23[s3]winbind_util: fix an implicit cast compile warning.Michael Adam1-1/+1
Michael
2008-09-16winbindd: Add support for name aliasing.Gerald (Jerry) Carter1-17/+90
* Add support user and group name aliasing by expanding the ws_name_replace() and ws_name_return() functions. The lookup path is aliases -> qualified name -> SID SID -> fully qualified name -> alias In other words, the name aliasing support is a thin layer built on top of SID/NAME translation. * Rename the ws_name_XX() functions to normalize_name_map() and normalize_name_unmap(). Chaneg interface to return NTSTATUS rather than char *. * Add associated cache validation functions.
2008-09-11Fix for bug 5571Simo Sorce1-0/+25
Make sure that usernames are parsed using the correct separator. Otherwise group memeberships in winbind may be result broken. (This used to be commit 20b9c0aa7b4e6d6be5bb6e4e96bd8a1cbb6edd37)
2008-08-25winbindd: move set_auth_errors to util functions.Günther Deschner1-0/+12
Guenther (This used to be commit ae3fa60c4546c7420722d8f422c22bbfd623ff5b)
2008-08-20Here is a re-working of the winbinddJeremy Allison1-1/+1
reconnect code to cope with rebooting a DC. This replaces the code I asked Volker to revert. The logic is pretty simple. It adds a new parameter, "winbind reconnect delay", set to 30 seconds by default, which determines how long to wait between connection attempts. To avoid overwhelming the box with DC-probe forked children, the code now keeps track of the DC probe child per winbindd_domain struct and only starts a new one if the existing one has died. I also added a little logic to make sure the dc probe child always sends a message whatever the reason for exit so we will always reschedule another connect attempt. Also added documentation. Jeremy. (This used to be commit 8027197635b988b3dcf9d3d00126a024e768fa62)