summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2011-09-08Fix bug #8203 - winbindd needs to reset the DC connection if an RPC times out.Jeremy Allison1-15/+66
Based on Volker's original code. (cherry picked from commit 5b5ef7f20d34f4c6c1d3d02530ac7b13e051c960) Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Sep 8 21:29:53 CEST 2011 on sn-devel-104
2011-09-08s3: Fix a debug messageVolker Lendecke1-2/+2
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu Sep 8 15:08:43 CEST 2011 on sn-devel-104
2011-09-08s3: Fix a typoVolker Lendecke1-1/+1
2011-09-08s3:libsmb: pass CLI_FULL_CONNECTION_* flags to cli_state_create()Stefan Metzmacher1-3/+4
metze
2011-09-07s3:winbind: put winbindd_cache into the state dir, not the cache dirMichael Adam1-1/+1
Despite the name, in winbind offline logon mode, this is a database that contains valuable information and should not be cleared. Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Wed Sep 7 21:17:37 CEST 2011 on sn-devel-104
2011-09-07s3:idmap/autorid add a small alloc pool to autoridChristian Ambach1-0/+52
this is needed to allocate gids for BUILTIN\Users and BUILTIN\Administrators gids are stored at the start of the first domain as RIDs start with values over 500, we have some room there so we do not need to allocate a range Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Wed Sep 7 15:15:09 CEST 2011 on sn-devel-104
2011-09-06s3: Make winbindd_lookup_names staticVolker Lendecke2-14/+14
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Sep 6 20:03:56 CEST 2011 on sn-devel-104
2011-08-31s3-waf: allow undefined symbols in idmap_rid module.Günther Deschner1-0/+1
Guenther
2011-08-31s3-waf: allow unresolved symbols in some idmap and nss_info modules.Günther Deschner1-0/+7
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Aug 31 14:27:31 CEST 2011 on sn-devel-104
2011-08-31s3-waf: add missing tdb dependency to idmap_tdb2 module.Günther Deschner1-1/+1
Guenther
2011-08-31s3-waf: convert nss_info subsystem into a private library.Günther Deschner1-4/+5
Guenther
2011-08-29s3: Fix getent group if trusted domains are not reachableVolker Lendecke1-2/+7
2011-08-29s3-lib: If we create a pipe socket, don't start to listen.Andreas Schneider1-0/+9
The create_pipe_sock() function should only create the socket as the name states and not start to listen on it too. We should start to listen on in the individual places as we need different backlog values. Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Mon Aug 29 13:21:43 CEST 2011 on sn-devel-104
2011-08-26s3: Fix a winbind race leading to 100% CPUVolker Lendecke1-2/+3
This fixes a race condition that leads to the winbindd_children list becoming corrupted. It happens when on a busy winbind SIGCHLD is a bit late. Imagine a winbind with multiple requests in the queue for a single child. Child dies, and before the SIGCHLD handler is called we find the socket to be dead. wb_child_request_done is called, receiving an error from wb_simple_trans_recv. It closes the socket. Then immediately the wb_child_request_trigger will do another fork_domain_child before the signal handler is called. This means that we do another fork_domain_child, we have child->sock==-1 at this point. fork_domain_child will do a DLIST_ADD(winbindd_children, child) a second time where the child is already part of that list. This corrupts the list. Then the signal handler kicks in, spinning in for (child = winbindd_children; child != NULL; child = child->next) { forever. Not good. This patch makes sure that both conditions (sock==-1 and not part of the list) for a winbindd_child struct match up. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Aug 26 18:51:24 CEST 2011 on sn-devel-104
2011-08-26s3: Fix two int/enum mixupsVolker Lendecke1-2/+2
2011-08-26s3: Use sys_write in fork_domain_childVolker Lendecke1-1/+1
Counterpart for last checkin. A lot less likely, but not impossible in a child. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Aug 26 13:14:27 CEST 2011 on sn-devel-104
2011-08-26s3: Use sys_read in fork_domain_childVolker Lendecke1-1/+1
I've seen [2011/08/26 01:44:10.872057, 1] winbindd/winbindd_dual.c:1336(fork_domain_child) fork_domain_child: Could not read child status: nread=-1, error=Interrupted system call on a customer box. Not good.
2011-08-25s3-waf: fix some unresolved symbols in idmap ad modules.Günther Deschner1-0/+2
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Thu Aug 25 15:15:57 CEST 2011 on sn-devel-104
2011-08-24s3:winbindd fix a return code checkChristian Ambach1-2/+2
talloc_traverse_dict will return with -1 in case of an error and might return positive values that indicate the count of found entries Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Wed Aug 24 18:09:11 CEST 2011 on sn-devel-104
2011-08-21s3-winbind: We need to use internal rpc connections in winbind.Andreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-17s3: Next step to fix MIT trustsVolker Lendecke1-0/+4
aa3f10c was not complete in the sense that it did not fully cover some conditions that led to invalid domains in the winbind parent Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Aug 17 13:59:06 CEST 2011 on sn-devel-104
2011-08-17Replace calls to sid_equal with calls to dom_sid_equalVolker Lendecke2-2/+2
2011-08-11s3-messaging: Fix messaging classes.Simo Sorce1-1/+3
This has been broken since ff0ac5b0 (May 2007). Basically all messages were belonging to the General class except for CTDB messages. This fixed the message_send_all() function to correctly compute the class, and fixes registrations to include all they need to cope with the fact not all messages are of calss general (registrations rotted a bit because as long as FLAG_MSG_GENERAL was defined the process woould receive all messages). Signed-off-by: Andreas Schneider <asn@samba.org>
2011-08-10s3:idmap_tdb2: fix bug 8368 : correctly initialize "idmap config * : script" ↵Michael Adam1-1/+1
with NULL this fixes the fallback to the deprecated spelling idmap:script Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Wed Aug 10 14:59:32 CEST 2011 on sn-devel-104
2011-08-10s3:winbindd_cm: use cli_session_setup() instead of cli_session_setup_spnego()Stefan Metzmacher1-15/+18
metze
2011-08-10s3:libsmb: store the remote_realm on the cli_stateStefan Metzmacher1-1/+3
metze
2011-08-03s3:winbindd_cm: make use of cli_set_timeout()Stefan Metzmacher1-1/+1
metze
2011-08-02s3:winbindd_cm: make use of cli_state_protocol()Stefan Metzmacher1-1/+1
metze
2011-08-02s3:winbindd_cm: make use of cli_state_capabilities()Stefan Metzmacher1-1/+1
metze
2011-07-29s3:dbwrap: move all .c and .h files of dbwrap to lib/dbwrap/Michael Adam3-3/+3
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Fri Jul 29 13:34:22 CEST 2011 on sn-devel-104
2011-07-29s3:dbwrap: move db_open() to a file dbwrap_open.c of its own.Michael Adam3-0/+3
Also start new folder lib/dbwrap/ where dbwrap_open.c is stored and make the fallbacke implementation functoins non-static and create a dbwrap_private.h header file that contains their prototypes.
2011-07-28s3:winbindd: use lp_load_global() - winbindd does not need shares or IPC$Michael Adam1-1/+1
2011-07-28s3-waf: the passdb subsystem needs to be called pdbAndrew Tridgell1-1/+1
the 'pdb' name is builtin to the passdb module loading code as a fixed string. We need to call the subsystem pdb so that external passdb modules end up in bin/modules/pdb/ where they can be found by the Samba3 module loader Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-27s3:idmap_tdb2: remove the undocumented option of the silly name "tdb:idmap2.tdb"Michael Adam1-5/+1
In ancient times, when ctdb had not support for persistent databases and tdb2 was introduced as a two-layer solution and it was more important than today to be able to change the location of the permanent database file because it had to reside on shared storage. But these were times when idmap_tdb2 was not even officially released. Nowadays, with ctdb handling the persistent idmap2.tdb database, the path is stripped anyways, so this undocumented option has become unnecessary and is hence removed. Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Wed Jul 27 05:37:57 CEST 2011 on sn-devel-104
2011-07-27s3:idmap_tdb2: remove a legacy commentMichael Adam1-1/+0
2011-07-27s3:idmap_tdb2: remove legacy commentMichael Adam1-2/+0
2011-07-27s3:idmap_tdb2: remove superfluous initialization with bogus commentMichael Adam1-3/+0
2011-07-27s3:idmap_tdb2: fix a legacy comment that does not apply any moreMichael Adam1-2/+1
2011-07-27s3:idmap_tdb2: deprecate the idmap:script parameter and use "idmap config * ↵Michael Adam1-18/+21
: script" instead With this patch, "idmap config * : script" will override "idmap : script". If "idmap : script" is present, a deprecation warning will be printed in any case. If "idmap config * : script" is not set, then the value of "idmap :script" will be used for backwards compatibility.
2011-07-26s3: Fix MIT trustsVolker Lendecke1-0/+5
Winbind can't really cope with trusts that don't have a SID associated. This happens with external MIT trusts for example. This filters them out when sending the trust list from child to parent. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Jul 26 11:39:53 CEST 2011 on sn-devel-104
2011-07-22s3:winbindd_cm: use controller instead of cli->desthostStefan Metzmacher1-2/+2
The should have the same value. metze
2011-07-22s3:winbindd_cm: use cli_state_[local|remote]_sockaddr()Stefan Metzmacher1-14/+4
metze
2011-07-21s3:winbindd_cm: remove unused checks for address familyStefan Metzmacher1-37/+0
If we got a connection, we don't need to check what address family it uses. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jul 21 23:33:48 CEST 2011 on sn-devel-104
2011-07-21s3:libsmb: replace cli_initialise[_ex]() by cli_state_create()Stefan Metzmacher1-7/+2
This makes sure cli_state->src_ss and cli_state->dest_ss are always initialized. metze
2011-07-21s3:winbindd remove an unused variableChristian Ambach1-2/+0
fixes a compiler warning
2011-07-20s3-auth Use the common auth_session_infoAndrew Bartlett1-4/+4
This patch finally has the same structure being used to describe the authorization data of a user across the whole codebase. This will allow of our session handling to be accomplished with common code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use struct auth3_session_info outside the auth subsystemAndrew Bartlett1-4/+4
This seperation between the structure used inside the auth modules and in the wider codebase allows for a gradual migration from struct auth_serversupplied_info -> struct auth_session_info (from auth.idl) The idea here is that we keep a clear seperation between the structure before and after the local groups, local user lookup and the session key modifications have been processed, as the lack of this seperation has caused issues in the past. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20debug: log early messages to stdout, and keep it openAndrew Bartlett1-0/+3
The --log-stdout option was compromised by the log file descriptors being closed once the file process forked. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-11s3:winbindd_cm: make use of cli->src_ss instead of calling getsockname()Stefan Metzmacher1-2/+8
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Jul 11 19:31:14 CEST 2011 on sn-devel-104
2011-07-11s3:winbindd_cm: make use of cli->dest_ss instead calling getpeername()Stefan Metzmacher1-1/+7
metze