summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2008-01-25Always trust the domain flags in the wcache trusted domain cache.Gerald W. Carter1-13/+33
Use the flags stored in the tdb when determining if a domain can be contacted. The tdb should be considered authoratative anyways unless you know the flags in the winbindd_domain are correct (such as when first enumerating trusts). Original suggestion and patch from Steven Danneman <steven.danneman@isilon.com>. Manually rewritten by me for 3.2. (This used to be commit f53658a20de07a29abbe2e90917b328d00fc0024)
2008-01-25Use the correct domain name when looking up the trust password.Gerald W. Carter1-1/+15
On a DC, we always use the domain name given. On a domain member, we use lp_workgroup(). This fixes a bug supporting trusted domains. (This used to be commit 8b063a414149bdf401a8f854d55ed7dc6f94cb60)
2008-01-25Fix winbindd_can_contact_domain() on a samba DC.Michael Adam1-3/+6
The check for inbound trusts is invalid when samba is a DC and has a trust with an active directory domain. This effectively prevented tusts with an AD domain on a samba DC from working (unless using "winbindd rpc only"), because an ads_connect() was never performed. Only the rpc-based winbindd methods were working properly. Jerry: Please check! Michael (This used to be commit dcd42a1e0642c69348adfaeecef7f7f2f074ac30)
2008-01-25Use generated DSSETUP client & server rpc functions and remove the ↵Günther Deschner1-15/+16
hand-written ones. Guenther (This used to be commit d5ebfccebb1f1b56b45673a506fcdb414103c43b)
2008-01-25Add debug message: show which domain_child is being forked.Michael Adam1-0/+7
Michael (This used to be commit 373a00ae0d667d257fa93ab14c773e841f2c4f1a)
2008-01-25Add a debug message winbindd_can_contact_domain()Michael Adam1-0/+2
explaining the reason for failure. Michael (This used to be commit ba5373ed7f74d560a9de8620039b596b8938d1dc)
2008-01-25Fix assignment to request->data.init_conn.is_primary in init_child_connection().Michael Adam1-1/+1
The present assignment "request->data.init_conn.is_primary = domain->internal ? False : True" simply feels wrong. This seems to be the thing right to do: "request->data.init_conn.is_primary = domain->primary ? true : false". The question is: Does this have any purpose at all? data.init_conn.is_primary seems to be used nowhere in the whole code at all. Is it (still) needed? Michael (This used to be commit 8bb21b8b3802e7b093a3c4fb41b8550033388878)
2008-01-24Fix winbindd build w/o ADS.Günther Deschner1-3/+7
Guenther (This used to be commit 40daef4c3d822a28467ff521efca6a55a0370050)
2008-01-24Add winbind_msg_dump_domain_list to winbindd.Günther Deschner2-0/+88
Guenther (This used to be commit 54ad97bd8364c393de2c9471a4c14ca5b880b318)
2008-01-24Add winbindd debugging ndr_print helpers.Günther Deschner1-0/+149
Guenther (This used to be commit 4389e4dadbf07c176d9102b74c06e62ecfc242be)
2008-01-23Windows 2008 (Longhorn) auth2 flag fixes.Andreas Schneider1-1/+1
Interop fixes for AD specific flags. Original patch from Todd Stetcher. (This used to be commit 5aadfcdaacd6f136eab9e107a88b8544e6d2105f)
2008-01-23Fix panic: Don't free the logfilename in winbind_child_died().Michael Adam1-1/+0
The child struct is immediately reused, and this results in a panic when child->logfilename == NULL. Michael (This used to be commit da131d089db98017632103aa9bbe38c98f7a3fc1)
2008-01-23Initialize _domain_list to NULL.Michael Adam1-1/+1
Just to be sure the "if (!_domain_list)" in domain_list() test always works. Michael (This used to be commit 1f49065d44dd7570d5a9928359751bd36f287952)
2008-01-23Fix get_trust_creds() to return always an upper-cased krb5 principal (thisGünther Deschner1-4/+8
fixes winbind krb5 session at least with heimdal). Guenther (This used to be commit 9cf3a98eacea2dd07f89245f147e002b3f49482e)
2008-01-21winbindd: remove useless strcpyStefan Metzmacher1-4/+1
metze (This used to be commit df08708fc1e8fc8e15b36db29faf35ae5ae64b65)
2008-01-20Fix a segfaultVolker Lendecke1-3/+10
Pointed out by Steven Danneman on irc, thanks! Jerry, Günther, please check! (This used to be commit 9e71c89ac648040739ef2161a2e6c4299be1e35b)
2008-01-17Finally enable pidl generated SAMR & NETLOGON headers and clients.Günther Deschner2-4/+4
Guenther (This used to be commit f7100156a7df7ac3ae84e45a47153b38d9375215)
2008-01-16Convert old sid-string handling in idmap_tdb2 to a new oneAlexander Bokovoy1-4/+7
(This used to be commit ee851730cef1eb506b47faf57e25789ad3c6aafa)
2008-01-16idmap TDB2 backend, used for clustered Samba setups.Alexander Bokovoy1-0/+1014
This uses 2 tdb files. One is permanent, and is in shared storage on the cluster (using "tdb:idmap2.tdb =" in smb.conf). The other is a temporary cache tdb on local storage. Signed-off-by: Alexander Bokovoy <ab@samba.org>(This used to be commit b6df7e7709365fb620867ad8954bc5bf24496775)
2008-01-15Apply const to rpccli_lsa_query_info_policy() and ↵Günther Deschner1-3/+3
rpccli_lsa_query_info_policy2(). Guenther (This used to be commit 7a3fe68bef7acde9d9f8a7a44ce7e9432f3c5a95)
2008-01-11Ensure we don't access an uninitialized variableJeremy Allison1-1/+1
(CID 535 - actually false but easy to shut up :-). Jeremy. (This used to be commit 4038bb3a9485943db58d9fe30947e11522ce283d)
2008-01-11As long as DsGetDcName is not part of libnetapi, lowercase the fn name.Günther Deschner1-3/+3
Guenther (This used to be commit 19a980f52044a170618629e5b0484c1f6b586e5f)
2008-01-09Convert add_sid_to_array() add_sid_to_array_unique() to return NTSTATUS.Michael Adam5-46/+58
Michael (This used to be commit 6b2b9a60ef857ec31da5fea631535205fbdede4a)
2008-01-09Fix prototype: Add a void to an empty function parameter list.Michael Adam1-1/+1
Michael (This used to be commit 3f89aea8e4df3a2de8c5e4c6f4e417567adb2d67)
2008-01-07Fix build warning.Günther Deschner1-16/+18
Guenther (This used to be commit 73233a06d6f0f1346c48b465750af4b532cd7306)
2008-01-07Use the proper boolean constants.Michael Adam1-93/+93
Michael (This used to be commit 6f673b7f10c145d88e6a6d3072b5f8cd98837304)
2008-01-07Fix a comment.Michael Adam1-1/+2
Michael (This used to be commit 62d6d4fff2edcce04e793d2a2f877cb3f4fedbdb)
2008-01-07Make wcache_invalidate_cache() return bool, not int.Michael Adam2-4/+4
Michael (This used to be commit dba24ceae78ffc49200b647838b6bf3657275add)
2008-01-07Add some braces to if statement.Michael Adam1-1/+2
Michael (This used to be commit 66fc1db1d19d11792d9506b06ad914d88b7e0663)
2008-01-07Prevent winbindd from segfaulting due to corrupted cache tdb.Andreas Schneider2-4/+36
If we try to flush the caches and due to a corrupted tdb we and have no tdb context close the tdb and validate it. Initialize the cache afterwards again. (This used to be commit d0c0f91fb9f3438a18c6f47ed894f525beb75cbf)
2008-01-04Fix the inherited trust flags when spidering the trust heirarchy.Gerald (Jerry) Carter2-3/+19
Also *do not* clear the trust list when rescanning or else it is possible to suffer from a race condition where no trusted domains can be found. (This used to be commit e7164a252bf213a74d6eeac5aa04645eed5be241)
2008-01-04Add a missing check for dealing with a one-way trust in query_user().Gerald (Jerry) Carter1-0/+6
(This used to be commit f89e356bdaa203ef0a3ce6b8bd52170afa68a2c9)
2008-01-04Ensure that winbindd_getgroups() can deal with a UPN name.Gerald (Jerry) Carter1-1/+10
A user logging in via GDM was not getting a complete list of supplementary groups in his/her token. This is because getgroup() was not able to find the winbindd_domain* using the DNS name. Fallback to matching the DNS name is the short name match failes. (This used to be commit 2030a8de19a2c7c735a8aa367dd953e4a5c447b8)
2008-01-04When connecting to an AD DC, use the DsGetDCName variant.Gerald (Jerry) Carter1-2/+36
This allows us to deal with child domains in transitive forest trusts. It also allows us to fill in the forest name to the target domain to the struct winbindd_domain *. (This used to be commit ed30516bb0f55f9ba466debf91b6e33d1c28a484)
2007-12-29Use correct size value for linearize call.Jeremy Allison1-1/+1
Jeremy. (This used to be commit a5df44f5b7887d10c1e1a0b7a3dd05bcf31015e1)
2007-12-29Remove tiny code duplicationVolker Lendecke1-4/+7
sid_size did the same as ndr_size_dom_sid (This used to be commit 8aec5d09ba023413bd8ecbdfbc7d23904df94389)
2007-12-21Add NT error to debug to try and track this down.Jeremy Allison1-1/+4
Jermey. (This used to be commit a1482b09150f4d292965c77bc73d47fb14f5eb85)
2007-12-21Kill fstring in getdcname & getanydcname return.Günther Deschner2-5/+5
Guenther (This used to be commit b7383818168863a7ba43c2456f8c44e96e76707a)
2007-12-20Only retrieve password policies in pam_auth when WBFLAG_PAM_GET_PWD_POLICY ↵Michael Adam1-6/+9
is set. This essentially re-establishes r14496 (2155bb0535656f294bd054d6a0a7d16a9a71c31b) which was undone in r17723 (43bd8c00abb38eb23a1497a255d194fb1bbffffb) for reasons that are unclear to me. Maybe I am being too naive. Now we do again only retrieve the password policy when called from the pam_winbind module. This fixes logons delegated to AD trusted domain controllers: We need to connect to the sam to retrieve the password policy. But auhtenticated session setup is not possible when contacting the trusted domain dc and afterwards, SamrConnect also fails with whatever credentials and method used. Michael (This used to be commit 6d765e0de523211a2d0b43a2c4c4117f5f0c662f)
2007-12-19Remove Get_Pwnam and its associated static variableVolker Lendecke1-4/+6
All callers are replaced by Get_Pwnam_alloc (This used to be commit 735f59315497113aebadcf9ad387e3dbfffa284a)
2007-12-18Fix logic error in cm_connect_sam().Michael Adam1-1/+0
Don't fall back to schannel when trust creds could be obtained. This is still not complete, but I am getting closer. Michael (This used to be commit 7c9fa597d684a25822b4db6615f28336f2d64ef3)
2007-12-17Fix a segv in winbindd caused by trying to free an fstring.Gerald (Jerry) Carter1-2/+6
Make a copy of the machine_password and machine_account strings in all conditional paths so that SAFE_FREE() will always be valid. (This used to be commit 194c4640b158457a6d0d5ea91e28d41d619c77de)
2007-12-15s/sid_to_string/sid_to_fstring/Volker Lendecke10-45/+50
least surprise for callers (This used to be commit eb523ba77697346a365589101aac379febecd546)
2007-12-15Replace sid_string_static with sid_to_stringVolker Lendecke5-19/+43
This adds 28 fstrings on the stack, but I think an fstring on the stack is still far better than a static one. (This used to be commit c7c885078be8fd3024c186044ac28275d7609679)
2007-12-15Use sid_to_string directlyVolker Lendecke3-9/+6
It seems a bit pointless to do a fstrcpy(dst, sid_string_static(src)) (This used to be commit c221c246b10e2dbbd54a9af2dc45de2eae237380)
2007-12-15Use sid_string_talloc where we have a tmp talloc ctxVolker Lendecke1-23/+24
(This used to be commit 0a911d38b8f4be382a9df60f9c6de0c500464b3a)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke15-91/+86
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-12-15Use sid_string_talloc where we have a tmp talloc ctxVolker Lendecke1-3/+4
(This used to be commit f00ab810d2540679bec109498ac89e1eafe18f03)
2007-12-14winbindd: move domain child specific stuff into its own fileStefan Metzmacher6-114/+132
metze (This used to be commit 075d315e0f72d506b70040da10940e4af131b4e2)
2007-12-13Make cm_connect_sam() try harder to connect autheticated.Michael Adam1-9/+26
Even if the session setup was anonymous, try and collect trust creds with get_trust_creds() and use these before falling back to schannel. This is the first attempt to fix interdomain trusts. (get password policy and stuff) Michael (This used to be commit e180bbd45452435e981192028a0ad90078c04236)