summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2011-10-24idl: Improve MS-PAC IDLSimo Sorce1-7/+7
Change some misleading variable names to reflect the actual function. Add missing field name/types previously marked as unkown. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
2011-10-21s3:idmap_autorid: add an allocation range to autoridChristian Ambach1-1/+96
this is needed to allocate gids for BUILTIN\Users and BUILTIN\Administrators and for local users/group that admins might want to create autorid will now allocate one range for this purpose and can so give out as many uids and gids as the configured rangesize allows
2011-10-21s3:idmap_autorid: move HWM initialization into a functionChristian Ambach1-17/+27
we will need some more HWM soon, so move out initialization and optimize the logic using the new interface of dbwrap_fetch_uint32
2011-10-21s3:idmap_autorid: use strings as parameter for range allocatorChristian Ambach1-14/+14
this prepares for allocation of non-domain ranges that cannot be expressed by a SID (e.g. an allocation pool)
2011-10-21s3:winbindd/idmap make idmap modules loadable againChristian Ambach6-6/+6
commit 355b5e3a831415d9bef97 changed the module system to expect 'samba_init_module' as fixed initializer function
2011-10-21Revert "s3:idmap/autorid add a small alloc pool to autorid"Christian Ambach1-61/+0
This reverts commit 0aa558718ad7427ee8b02046da73eea1838a5a32. just having 500 uid/gids values is not good enough for users using local users and groups in the order of thousands better solution which will use a complete range for allocated uids/gids will come next.
2011-10-18pdb-interface: Do not use unid_t hereSimo Sorce1-4/+5
This interface needs to be publicly available, unid_t here is not really useful and makes it harder to use it as unid_t is not a public union. Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Tue Oct 18 20:57:16 CEST 2011 on sn-devel-104
2011-10-18ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett1-1/+1
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-12Fix bug #8521 - winbindd cache timeout expiry test was reversedJeremy Allison1-1/+1
Found and fix reported by Micha Lenk <micha@lenk.info>. Thanks !
2011-10-11s3:dbwrap: change dbwrap_store_uint32() to NTSTATUS return typeMichael Adam1-7/+6
for consistency and better error propagation Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Tue Oct 11 15:51:00 CEST 2011 on sn-devel-104
2011-10-11s3:dbwrap: change dbwrap_store_int32() to NTSTATUS return typeMichael Adam1-6/+12
for consistency and better error propagation
2011-10-11s3:dbwrap: change dbwrap_fetch_uint32() to NTSTATUS return type (instead of ↵Michael Adam3-21/+23
bool) for consistency and better error propagation
2011-10-11s3:dbwrap: convert dbwrap_fetch_int32() to NTSTATUS return codeMichael Adam2-8/+35
Return the int32 value retrieved from the db by reference. Before this, return value "-1" was used as a error indication, but it could also be a valid value from the database.
2011-10-11s3:idmap_tdb2: fix hwm-handling to use uint32 consistentlyMichael Adam1-10/+12
The initialization code user int32, later writes used uint32...
2011-10-11s3:idmap_tdb: fix hwm-handling to use uint32 consistentlyMichael Adam1-8/+10
The initialization code user int32, later writes used uint32...
2011-10-11s3:idmap_autorid: make a debug message more preciseMichael Adam1-1/+1
2011-10-11s3:idmap_autorid: untangle function from check and log status in ↵Michael Adam1-6/+7
idmap_autorid_db_init()
2011-10-11s3:idmap: convert idmap_tdb to use dbwrap wrapper functions.Michael Adam1-22/+34
Avoid direct use of the db_record and db_context structs.
2011-10-11s3:dbwrap: convert dbwrap_fetch(), dbwrap_fetch_bystring() and ↵Michael Adam3-14/+16
dbwrap_fetch_bystring_upper() to NTSTATUS
2011-09-23s3-winbindd: add support for idmap type WBC_ID_TYPE_BOTHAndrew Tridgell1-0/+6
this allows the s3 code to understand and cache responses from the s4 winbindd which may include a single SID mapped to both a uid and a gid Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Fri Sep 23 01:47:54 CEST 2011 on sn-devel-104
2011-09-15s3:libsmb: pass max_protocol to cli_negprot()Stefan Metzmacher1-1/+1
metze
2011-09-15Finish commit 8745c70d by Michael Adam.Jeremy Allison1-5/+5
If you're going to move winbindd_cache.tdb to the state_path, do it *everywhere*. Found by Ira Cooper <ira@wakeful.net>. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Sep 15 00:43:04 CEST 2011 on sn-devel-104
2011-09-14s3:winbindd: let wbint handles return NT_STATUS_CONNECTION_DISCONNECTEDStefan Metzmacher1-2/+2
We should return the same in all places. metze
2011-09-13s3:winbindd_cm: make use of cli_state_security_mode()Stefan Metzmacher1-1/+3
metze
2011-09-08Fix bug #8203 - winbindd needs to reset the DC connection if an RPC times out.Jeremy Allison1-15/+66
Based on Volker's original code. (cherry picked from commit 5b5ef7f20d34f4c6c1d3d02530ac7b13e051c960) Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Sep 8 21:29:53 CEST 2011 on sn-devel-104
2011-09-08s3: Fix a debug messageVolker Lendecke1-2/+2
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu Sep 8 15:08:43 CEST 2011 on sn-devel-104
2011-09-08s3: Fix a typoVolker Lendecke1-1/+1
2011-09-08s3:libsmb: pass CLI_FULL_CONNECTION_* flags to cli_state_create()Stefan Metzmacher1-3/+4
metze
2011-09-07s3:winbind: put winbindd_cache into the state dir, not the cache dirMichael Adam1-1/+1
Despite the name, in winbind offline logon mode, this is a database that contains valuable information and should not be cleared. Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Wed Sep 7 21:17:37 CEST 2011 on sn-devel-104
2011-09-07s3:idmap/autorid add a small alloc pool to autoridChristian Ambach1-0/+52
this is needed to allocate gids for BUILTIN\Users and BUILTIN\Administrators gids are stored at the start of the first domain as RIDs start with values over 500, we have some room there so we do not need to allocate a range Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Wed Sep 7 15:15:09 CEST 2011 on sn-devel-104
2011-09-06s3: Make winbindd_lookup_names staticVolker Lendecke2-14/+14
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Sep 6 20:03:56 CEST 2011 on sn-devel-104
2011-08-31s3-waf: allow undefined symbols in idmap_rid module.Günther Deschner1-0/+1
Guenther
2011-08-31s3-waf: allow unresolved symbols in some idmap and nss_info modules.Günther Deschner1-0/+7
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Aug 31 14:27:31 CEST 2011 on sn-devel-104
2011-08-31s3-waf: add missing tdb dependency to idmap_tdb2 module.Günther Deschner1-1/+1
Guenther
2011-08-31s3-waf: convert nss_info subsystem into a private library.Günther Deschner1-4/+5
Guenther
2011-08-29s3: Fix getent group if trusted domains are not reachableVolker Lendecke1-2/+7
2011-08-29s3-lib: If we create a pipe socket, don't start to listen.Andreas Schneider1-0/+9
The create_pipe_sock() function should only create the socket as the name states and not start to listen on it too. We should start to listen on in the individual places as we need different backlog values. Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Mon Aug 29 13:21:43 CEST 2011 on sn-devel-104
2011-08-26s3: Fix a winbind race leading to 100% CPUVolker Lendecke1-2/+3
This fixes a race condition that leads to the winbindd_children list becoming corrupted. It happens when on a busy winbind SIGCHLD is a bit late. Imagine a winbind with multiple requests in the queue for a single child. Child dies, and before the SIGCHLD handler is called we find the socket to be dead. wb_child_request_done is called, receiving an error from wb_simple_trans_recv. It closes the socket. Then immediately the wb_child_request_trigger will do another fork_domain_child before the signal handler is called. This means that we do another fork_domain_child, we have child->sock==-1 at this point. fork_domain_child will do a DLIST_ADD(winbindd_children, child) a second time where the child is already part of that list. This corrupts the list. Then the signal handler kicks in, spinning in for (child = winbindd_children; child != NULL; child = child->next) { forever. Not good. This patch makes sure that both conditions (sock==-1 and not part of the list) for a winbindd_child struct match up. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Aug 26 18:51:24 CEST 2011 on sn-devel-104
2011-08-26s3: Fix two int/enum mixupsVolker Lendecke1-2/+2
2011-08-26s3: Use sys_write in fork_domain_childVolker Lendecke1-1/+1
Counterpart for last checkin. A lot less likely, but not impossible in a child. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Aug 26 13:14:27 CEST 2011 on sn-devel-104
2011-08-26s3: Use sys_read in fork_domain_childVolker Lendecke1-1/+1
I've seen [2011/08/26 01:44:10.872057, 1] winbindd/winbindd_dual.c:1336(fork_domain_child) fork_domain_child: Could not read child status: nread=-1, error=Interrupted system call on a customer box. Not good.
2011-08-25s3-waf: fix some unresolved symbols in idmap ad modules.Günther Deschner1-0/+2
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Thu Aug 25 15:15:57 CEST 2011 on sn-devel-104
2011-08-24s3:winbindd fix a return code checkChristian Ambach1-2/+2
talloc_traverse_dict will return with -1 in case of an error and might return positive values that indicate the count of found entries Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Wed Aug 24 18:09:11 CEST 2011 on sn-devel-104
2011-08-21s3-winbind: We need to use internal rpc connections in winbind.Andreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Simo Sorce <idra@samba.org>
2011-08-17s3: Next step to fix MIT trustsVolker Lendecke1-0/+4
aa3f10c was not complete in the sense that it did not fully cover some conditions that led to invalid domains in the winbind parent Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Aug 17 13:59:06 CEST 2011 on sn-devel-104
2011-08-17Replace calls to sid_equal with calls to dom_sid_equalVolker Lendecke2-2/+2
2011-08-11s3-messaging: Fix messaging classes.Simo Sorce1-1/+3
This has been broken since ff0ac5b0 (May 2007). Basically all messages were belonging to the General class except for CTDB messages. This fixed the message_send_all() function to correctly compute the class, and fixes registrations to include all they need to cope with the fact not all messages are of calss general (registrations rotted a bit because as long as FLAG_MSG_GENERAL was defined the process woould receive all messages). Signed-off-by: Andreas Schneider <asn@samba.org>
2011-08-10s3:idmap_tdb2: fix bug 8368 : correctly initialize "idmap config * : script" ↵Michael Adam1-1/+1
with NULL this fixes the fallback to the deprecated spelling idmap:script Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Wed Aug 10 14:59:32 CEST 2011 on sn-devel-104
2011-08-10s3:winbindd_cm: use cli_session_setup() instead of cli_session_setup_spnego()Stefan Metzmacher1-15/+18
metze
2011-08-10s3:libsmb: store the remote_realm on the cli_stateStefan Metzmacher1-1/+3
metze