summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_util.c
AgeCommit message (Collapse)AuthorFilesLines
2009-08-26s3/winbindd: Remove unnecessary check for NULL SIDSteven Danneman1-7/+2
There's a known bug in some Windows implementations of DsEnumerateDomainTrusts() where domain SIDs are not returned for transitively trusted domains within the same forest. Jerry originally worked around this in the winbindd parent by checking for S-0-0 and converting it to S-1-0 in 8b0fce0b. Guenter later moved these checks into the child process in commit 3bdfcbac making the initial patch unecessary. I've removed it and added a clarifying comment to the child process. If ever this SID is needed we could add an extra DsEnumerateDomainTrusts() call in trusted_domains() as suggested by the Microsoft KB.
2009-08-23s3:winbind: Even on a domain controller, "our" domain is internalVolker Lendecke1-6/+0
It happens to be what we also share out via NETLOGON/SAMR, but winbind has direct access to it via the passdb domain methods
2009-08-23s3:winbind: For internal domains it is pointless to connect to a DCVolker Lendecke1-1/+5
2009-08-16s3:winbind: Add const to normalize_name_mapVolker Lendecke1-1/+1
2009-08-02Refactor 9b78af1f: Fix lookupname recursionVolker Lendecke1-3/+8
Pass a "flags" argument instead of the original winbind command down the name_to_sid chain. This way we are independent of the winbind commands and can take the decision at a much higher level
2009-08-01Place a comment correctlyVolker Lendecke1-1/+4
2009-07-18s3: compile warning and upn handlingBo Yang1-1/+2
Signed-off-by: Bo Yang <boyang@samba.org>
2009-06-14Make winbindd_cli_state->response a pointer instead of a struct memberVolker Lendecke1-6/+6
Same comment as in baa6084378e530b: This is just a preparatory checkin. Volker
2009-06-14Make rescan_trusted_domains a timed eventVolker Lendecke1-21/+10
2009-06-14Remove unused init_child_connection()Volker Lendecke1-135/+0
2009-06-14Convert the winbind parent->child communication to wb_reqtransVolker Lendecke1-2/+0
2009-06-14Make winbindd_cli_state->request a pointer instead of a struct memberVolker Lendecke1-6/+6
In itself, this is pretty pointless. But in the next steps I'll convert the winbind internal communication to wb_reqtrans which allocates the request properly. This minimizes the later diff. Volker
2009-05-25s3:winbind_util: remove trailing spacesMichael Adam1-56/+56
Michael
2009-05-11Fix some nonempty blank linesVolker Lendecke1-37/+37
2009-03-18s3:winbindd: remove unused close_winbindd_socket() functionStefan Metzmacher1-18/+0
metze
2009-01-21Memory leaks and other fixes found by Coveritytodd stecher1-2/+10
2008-12-22Fix "allow trusted domain" so it disables trusted domains.Gerald (Jerry) Carter1-2/+11
2008-10-01Fix use of DLIST_REMOVE as spotted by Constantine Vetoshev <gepardcv@gmail.com>.Jeremy Allison1-2/+1
This API is unusual in that if used to remove a non-list head it nulls out the next and prev pointers. This is what you want for debugging (don't want an entry removed from the list to be still virtually linked into it) but means there is no consistent idiom for use as the next and prev pointers get trashed on removal from the list, meaning you must save them yourself. You can use it one way when deleting everything via the head pointer, as this preserves the next pointer, but you *must* use it another way when not deleting everything via the head pointer. Fix all known uses of this (the main one is in conn_free_internal() and would not free all the private data entries for vfs modules. The other changes in web/statuspage.c and winbindd_util.c are not strictly neccessary, as the head pointer is being used, but I've done them for consistency. Long term we must revisit this as this API is too hard to use correctly. Jeremy.
2008-09-29re-added "winbind:ignore domains" patchAndrew Tridgell1-0/+17
This option really is essential, as we discover again and again at customer sites. Due to bugs in winbind some domains are toxic. When you are installing at a site and a particular domain in a complex setup causes winbind to segfault or hang then you need a way to disable that domain and continue. In an ideal world winbind could handle arbitrarily complex ADS domains, but we are nowhere near that yet. If we ever get to that stage then we won't need this option.
2008-09-23[s3]winbindd_util: add fill_domain_username_talloc().Michael Adam1-0/+27
A talloc version of fill_domain_username(). Michael
2008-09-23[s3]winbind_util: fix an implicit cast compile warning.Michael Adam1-1/+1
Michael
2008-09-16winbindd: Add support for name aliasing.Gerald (Jerry) Carter1-17/+90
* Add support user and group name aliasing by expanding the ws_name_replace() and ws_name_return() functions. The lookup path is aliases -> qualified name -> SID SID -> fully qualified name -> alias In other words, the name aliasing support is a thin layer built on top of SID/NAME translation. * Rename the ws_name_XX() functions to normalize_name_map() and normalize_name_unmap(). Chaneg interface to return NTSTATUS rather than char *. * Add associated cache validation functions.
2008-09-11Fix for bug 5571Simo Sorce1-0/+25
Make sure that usernames are parsed using the correct separator. Otherwise group memeberships in winbind may be result broken. (This used to be commit 20b9c0aa7b4e6d6be5bb6e4e96bd8a1cbb6edd37)
2008-08-25winbindd: move set_auth_errors to util functions.Günther Deschner1-0/+12
Guenther (This used to be commit ae3fa60c4546c7420722d8f422c22bbfd623ff5b)
2008-08-20Here is a re-working of the winbinddJeremy Allison1-1/+1
reconnect code to cope with rebooting a DC. This replaces the code I asked Volker to revert. The logic is pretty simple. It adds a new parameter, "winbind reconnect delay", set to 30 seconds by default, which determines how long to wait between connection attempts. To avoid overwhelming the box with DC-probe forked children, the code now keeps track of the DC probe child per winbindd_domain struct and only starts a new one if the existing one has died. I also added a little logic to make sure the dc probe child always sends a message whatever the reason for exit so we will always reschedule another connect attempt. Also added documentation. Jeremy. (This used to be commit 8027197635b988b3dcf9d3d00126a024e768fa62)
2008-08-15I think the problem with these functions is that lookup_usergroupsHerb Lewis1-1/+1
should never include the user SID. The comment for the function in winbindd/winbindd_ads.c says /* Lookup groups a user is a member of. */ The following patch makes the wbinfo calls return the correct data before and after a login. wbinfo --user-domgroups and --user-sids (This used to be commit 7849938906a9c859805cbaeca66fae9d3c515aad)
2008-08-12idmap rewriteVolker Lendecke1-0/+34
(This used to be commit 30a180f2fce8cf6a3e5548f6bba453272ba70b33)
2008-06-20Fix bug #5533. Winbindd fails to cope correctly with a workgroup name ↵Jeremy Allison1-9/+3
containing a '.'. Jeremy. (This used to be commit 96325ff44dc404a68d4ebd423cf78210ec3ff902)
2008-05-30Split the winbindd_passdb backend into a 'builtin' and a 'sam'Jeremy Allison1-3/+5
backend. This allows winbindd when running on a Samba PDC to correctly answer wbinfo -u lists and other queries. Jeremy. (This used to be commit e61ad0c1586733ae1d3518ce56d95094d1ac5ef9)
2008-05-29Fix winbindd on a PDC by reverting : ↵Jeremy Allison1-0/+6
83b04c60fac76ccd2d5aecb14f8896a07d488b1f..6e66512d5beb256a44c6703cdb8c7fa7e0fd8537. We still need to address https://bugzilla.redhat.com/show_bug.cgi?id=429024, but this will come later. Jeremy. (This used to be commit 41e20becf3b976656f60aaec9175df329803b012)
2008-04-04Use sid_array_from_info3 in lookup_usergroups_cached().Günther Deschner1-40/+10
Guenther (This used to be commit 65b4cb20ea3fb806cfd50281e08f32bea70fafce)
2008-03-31Forest root trust flags won't overwrite child trust flagsSteven Danneman1-3/+3
* changed the behavior of winbind_ads.c:trusted_domains() to not overwrite existing trust information if we're joined to a child domain, and querying the forest root domain. Previously if we were joined to a child domain, we'd request all known trust information from this child domain (our primary domain) and store it in the tdc. We'd then request all trust information from our tree root (to get the forests we transitively trust) and overwrite the existing trust information we already had from the perspective of the tree root. * updated several comments and fixed typos (This used to be commit 6aac972d790ad5ca65096cb2e85e6819b60a5413)
2008-02-17Use netr_SamInfo3 everywhere in winbindd.Günther Deschner1-9/+9
Guenther (This used to be commit d9502eb75395131d5a8130ff2c4ebace106cb974)
2008-02-01Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-testSimo Sorce1-36/+68
(This used to be commit 7dbfc7bdc65314466a83e8121b35c9bcb24b2631)
2008-02-01Fix winbindd running on a Samba DC,Simo Sorce1-6/+0
This patch make sure we do not try to contact smbd in the main dameon to avoid deadlocks. All the operations that require connecting to smbd are performed in the domain child anyway. (This used to be commit 9347d34b502bef70cdae8f3e8acd9796dba49581)
2008-01-29Remove include/rpc_ds.h and all references to it completly.Günther Deschner1-11/+11
Jerry, please have a look if you're fine with that. Guenther (This used to be commit beae25c808a3a03d645f247e9befcd05e3ecca2c)
2008-01-25Always trust the domain flags in the wcache trusted domain cache.Gerald W. Carter1-13/+33
Use the flags stored in the tdb when determining if a domain can be contacted. The tdb should be considered authoratative anyways unless you know the flags in the winbindd_domain are correct (such as when first enumerating trusts). Original suggestion and patch from Steven Danneman <steven.danneman@isilon.com>. Manually rewritten by me for 3.2. (This used to be commit f53658a20de07a29abbe2e90917b328d00fc0024)
2008-01-25Fix winbindd_can_contact_domain() on a samba DC.Michael Adam1-3/+6
The check for inbound trusts is invalid when samba is a DC and has a trust with an active directory domain. This effectively prevented tusts with an AD domain on a samba DC from working (unless using "winbindd rpc only"), because an ads_connect() was never performed. Only the rpc-based winbindd methods were working properly. Jerry: Please check! Michael (This used to be commit dcd42a1e0642c69348adfaeecef7f7f2f074ac30)
2008-01-25Add a debug message winbindd_can_contact_domain()Michael Adam1-0/+2
explaining the reason for failure. Michael (This used to be commit ba5373ed7f74d560a9de8620039b596b8938d1dc)
2008-01-25Fix assignment to request->data.init_conn.is_primary in init_child_connection().Michael Adam1-1/+1
The present assignment "request->data.init_conn.is_primary = domain->internal ? False : True" simply feels wrong. This seems to be the thing right to do: "request->data.init_conn.is_primary = domain->primary ? true : false". The question is: Does this have any purpose at all? data.init_conn.is_primary seems to be used nowhere in the whole code at all. Is it (still) needed? Michael (This used to be commit 8bb21b8b3802e7b093a3c4fb41b8550033388878)
2008-01-23Initialize _domain_list to NULL.Michael Adam1-1/+1
Just to be sure the "if (!_domain_list)" in domain_list() test always works. Michael (This used to be commit 1f49065d44dd7570d5a9928359751bd36f287952)
2008-01-09Convert add_sid_to_array() add_sid_to_array_unique() to return NTSTATUS.Michael Adam1-9/+12
Michael (This used to be commit 6b2b9a60ef857ec31da5fea631535205fbdede4a)
2008-01-04Fix the inherited trust flags when spidering the trust heirarchy.Gerald (Jerry) Carter1-3/+7
Also *do not* clear the trust list when rescanning or else it is possible to suffer from a race condition where no trusted domains can be found. (This used to be commit e7164a252bf213a74d6eeac5aa04645eed5be241)
2007-12-15s/sid_to_string/sid_to_fstring/Volker Lendecke1-1/+1
least surprise for callers (This used to be commit eb523ba77697346a365589101aac379febecd546)
2007-12-15Use sid_to_string directlyVolker Lendecke1-2/+1
It seems a bit pointless to do a fstrcpy(dst, sid_string_static(src)) (This used to be commit c221c246b10e2dbbd54a9af2dc45de2eae237380)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke1-3/+2
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-12-14winbindd: move domain child specific stuff into its own fileStefan Metzmacher1-15/+5
metze (This used to be commit 075d315e0f72d506b70040da10940e4af131b4e2)
2007-12-05Remove some globalsVolker Lendecke1-4/+4
(This used to be commit 31d0a846db08d845e6cdfd85def4ac1c34031e02)
2007-10-24This is a large patch (sorry). Migrate from struct in_addrJeremy Allison1-2/+4
to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
2007-10-22r25571: split up child_dispatch_table into domain, idmap and locator tablesStefan Metzmacher1-6/+21
metze (cherry picked from commit abbb36a37c1dba2218a6c7ec31739eba5f250127) (This used to be commit 5af1b45ed31043f952ec141d0f5f2973aec69d1a)