summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_util.c
AgeCommit message (Collapse)AuthorFilesLines
2012-07-23s3-winbind: Fix bug #9052 resolving our own "Domain Local" groups.Andreas Schneider1-3/+9
We don't resolve our own "Domain Local" groups since bug #7843 has been fixed. So we need to add the add resource groups to the sid list too. Before bug #7843 the "Domain Local" groups were added with a lookupuseraliases call, but this isn't done anymore for our domain so we need to resolve resource groups here. When to use Resource Groups: http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Jul 23 22:12:30 CEST 2012 on sn-devel-104
2012-07-18source3/winbindd/winbindd_util.c: fix stackframe leakRusty Russell1-2/+4
winbindd_can_contact_domain() doesn't always free its stackframe. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-07-12s3: rename sid_check_is_in_our_domain() to sid_check_is_in_our_sam()Michael Adam1-1/+1
This does not check whether the given sid is in our domain, but but whether it belongs to the local sam, which is a different thing on a domain member server. Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Jul 12 18:36:02 CEST 2012 on sn-devel-104
2012-07-12s3: rename sid_check_is_domain() to sid_check_is_our_sam()Michael Adam1-1/+1
This does not check whether the given sid is the domain sid, but whether it is the sid of the local sam, which is different for a domain member server.
2011-06-09s3-talloc Change TALLOC_ZERO_P() to talloc_zero()Andrew Bartlett1-1/+1
Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_P isn't standard talloc.
2011-06-08s3-winbind: always use samlogon cache for wbinfo -r, even when caching isGünther Deschner1-4/+0
disabled. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Jun 8 17:45:56 CEST 2011 on sn-devel-104
2011-06-08s3-winbindd: make sure we obey the -n switch also for samlogon cache access.Günther Deschner1-0/+4
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Jun 8 14:44:31 CEST 2011 on sn-devel-104
2011-05-04Remove unused function parse_add_domuser().Jeremy Allison1-25/+0
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed May 4 20:05:42 CEST 2011 on sn-devel-104
2011-04-13s3: Add is_domain_onlineVolker Lendecke1-0/+5
Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-13s3: Make parse_sidlist publicVolker Lendecke1-0/+31
Signed-off-by: Jeremy Allison <jra@samba.org>
2011-03-30s3-passdb: use passdb headers where needed.Günther Deschner1-0/+1
Guenther
2011-02-08pam: share pam errors in a common location.Günther Deschner1-0/+1
Guenther
2011-01-21s3:winbind: Fork multiple children per domainVolker Lendecke1-0/+10
This makes us scale better with many simultaneous winbind requests, some of which might be slow. This implementation breaks offline logons, as the cached credentials are maintained in a child (this needs fixing). So, if the offline logons are active, only allow one DC connection. Probably the offline logon and the scalable file server cases are separate enough so that this patch is useful even with the restriction.
2010-11-19s3: Remove some unused codeVolker Lendecke1-43/+0
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Nov 19 11:21:00 CET 2010 on sn-devel-104
2010-10-14libcli/auth Merge source4/libcli/security and util_sid.c into the common codeAndrew Bartlett1-1/+1
This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-1/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-09-20s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.Günther Deschner1-3/+4
Guenther
2010-09-11s3-auth Change type of num_sids to uint32_tAndrew Bartlett1-2/+2
size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-05s3-secrets: only include secrets.h when needed.Günther Deschner1-0/+1
Guenther
2010-07-06s3-winbind: Fixed the winbind caching.Günther Deschner1-5/+2
2010-05-31s3:winbind tidy up connecting the winbind sockets.Andrew Bartlett1-43/+0
By putting this code inline in winbindd_setup_listeners() we remove 2 static variables and simplify the code. By putting the get_winbind_priv_pipe_dir() in the same file, we allow it to be reimplemented in s3compat. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-05-28s3:winbind Kill amusing but un-used winbindd_kill_all_clientsAndrew Bartlett1-17/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-12/+12
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-04-25s3: Convert add_trusted_domains() to wb_domain_request_send()Volker Lendecke1-22/+19
2010-04-25s3: Simplify trustdom_stateVolker Lendecke1-10/+5
Don't store information explicitly as boolean flags that can be easily retrieved from the domain when it's actually needed.
2010-04-25s3: Make "struct trustdom_state" its own talloc contextVolker Lendecke1-14/+9
2010-04-23s3-winbind: fix setup_domain_child() callers.Günther Deschner1-2/+2
Volker, please check. Guenther
2010-04-23s3: Fix a winbind crash when scanning trustsVolker Lendecke1-0/+6
add_trusted_domain() for a new domain always needs to be followed by a setup_domain_child(). This was not always done, in particular not when walking to the forest root for additional trusts. This is a minimal patch, we need to fix add_trusted_domain().
2010-04-08s3: Remove the separate "child" argument from setup_domain_child()Volker Lendecke1-10/+5
2010-01-02s3: simplify find_root_domain, find_our_domain() never failsVolker Lendecke1-4/+2
2010-01-02s3: Use global_sid_Builtin in find_builtin_domainVolker Lendecke1-4/+1
2010-01-02s3: Avoid adding a domain twiceVolker Lendecke1-6/+7
If we found a match with sid==NULL, we ended up adding the domain twice
2010-01-02s3: Make free_domain_list() staticVolker Lendecke1-1/+1
2010-01-02s3: Introduce domain_is_forest_root() helper functionVolker Lendecke1-3/+9
Hopefully this makes the flag tests a bit more understandable
2009-12-26s3: Replace IS_DOMAIN_OFFLINE by a functionVolker Lendecke1-0/+11
2009-12-26s3: winbindd_cli_state->getgrent_state is no longer usedVolker Lendecke1-23/+0
2009-12-23s3: Remove some unused codeVolker Lendecke1-66/+0
2009-08-26s3/winbindd: Remove unnecessary check for NULL SIDSteven Danneman1-7/+2
There's a known bug in some Windows implementations of DsEnumerateDomainTrusts() where domain SIDs are not returned for transitively trusted domains within the same forest. Jerry originally worked around this in the winbindd parent by checking for S-0-0 and converting it to S-1-0 in 8b0fce0b. Guenter later moved these checks into the child process in commit 3bdfcbac making the initial patch unecessary. I've removed it and added a clarifying comment to the child process. If ever this SID is needed we could add an extra DsEnumerateDomainTrusts() call in trusted_domains() as suggested by the Microsoft KB.
2009-08-23s3:winbind: Even on a domain controller, "our" domain is internalVolker Lendecke1-6/+0
It happens to be what we also share out via NETLOGON/SAMR, but winbind has direct access to it via the passdb domain methods
2009-08-23s3:winbind: For internal domains it is pointless to connect to a DCVolker Lendecke1-1/+5
2009-08-16s3:winbind: Add const to normalize_name_mapVolker Lendecke1-1/+1
2009-08-02Refactor 9b78af1f: Fix lookupname recursionVolker Lendecke1-3/+8
Pass a "flags" argument instead of the original winbind command down the name_to_sid chain. This way we are independent of the winbind commands and can take the decision at a much higher level
2009-08-01Place a comment correctlyVolker Lendecke1-1/+4
2009-07-18s3: compile warning and upn handlingBo Yang1-1/+2
Signed-off-by: Bo Yang <boyang@samba.org>
2009-06-14Make winbindd_cli_state->response a pointer instead of a struct memberVolker Lendecke1-6/+6
Same comment as in baa6084378e530b: This is just a preparatory checkin. Volker
2009-06-14Make rescan_trusted_domains a timed eventVolker Lendecke1-21/+10
2009-06-14Remove unused init_child_connection()Volker Lendecke1-135/+0
2009-06-14Convert the winbind parent->child communication to wb_reqtransVolker Lendecke1-2/+0
2009-06-14Make winbindd_cli_state->request a pointer instead of a struct memberVolker Lendecke1-6/+6
In itself, this is pretty pointless. But in the next steps I'll convert the winbind internal communication to wb_reqtrans which allocates the request properly. This minimizes the later diff. Volker
2009-05-25s3:winbind_util: remove trailing spacesMichael Adam1-56/+56
Michael