summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2009-05-27s3:idmap_tdb: filter out of range mappings in default idmap configMichael Adam1-16/+57
This fixes bug #6415 Michael
2009-05-25s3:winbind_util: remove trailing spacesMichael Adam1-56/+56
Michael
2009-05-25s3:winbind:idmap_ldap: warn about duplicate SID->XID mappings (bug #6387)Michael Adam1-2/+11
With the current infrastructure, we should not return error on duplicate mappings but just warn instead (because an error would trigger the attempt to create yet another mapping). Michael
2009-05-25s3:winbind:idmap_ldap: warn about duplicate XID->SID mappings (bug #6387)Michael Adam1-0/+8
With the current infrastructure, we should not return error on duplicate mappings but just warn instead (because an error would trigger the attempt to create yet another mapping). Michael
2009-05-24Fix a race condition in winbind leading to a panicVolker Lendecke1-0/+1
In winbind, we do multiple events in one select round. This needs fixing, but as long as we're still using it, for efficiency reasons we need to do that. What can happen is the following: We have outgoing data pending for a client, thus state->fd_event.flags == EVENT_FD_WRITE Now a new client comes in, we go through the list of clients to find an idle one. The detection for idle clients in remove_idle_client does not take the pending data into account. We close the socket that has pending outgoing data, the accept(2) one syscall later gives us the same socket. In new_connection(), we do a setup_async_read, setting up a read fde. The select from before however had found the socket (that we had already closed!!) to be writable. In rw_callback we only want to see a readable flag, and we panic in the SMB_ASSERT(flags == EVENT_FD_READ). Found using bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient Volker
2009-05-22s3:winbind:idmap_ldap: fix a crash bug in idmap_ldap_unixids_to_sids (#6387)Michael Adam1-1/+1
This fixes a crash bug hit when multiple mappings were found by the ldap search. This crash was caused by an ldap asssertion in ldap_next_entry because was set to NULL in each iteration. The corresponding fix was applied to the idmap_ldap_sids_to_unixids() by Jerry in 2007 (b066668b74768d9ed547f16bf7b6ba6aea5df20a). This fixes the crash part of bug #6387. There is a logic part, too: The problem currently only occurs when multiple mappings are found for one given unixid. Now winbindd does not crash any more but it does not correctly handle this situation. It just returns the last mapping from the ldap search results. This needs fixing. Michael
2009-05-22s3: ignore EPIPE error when winbind finally writes to wb client because ↵Bo Yang1-2/+8
client might have already closed the socket Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-22s3: Fix onlinestatus msg to return status of all domain instead of omitting ↵Bo Yang1-78/+51
trusted domains Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-16Fix a typoVolker Lendecke1-1/+1
2009-05-12Convert response.extra_data.data from malloc to tallocVolker Lendecke8-98/+47
2009-05-11Fix a bunch of compiler warnings about wrong format types.Jeremy Allison5-11/+14
Should make Solaris 10 builds look cleaner. Jeremy.
2009-05-11Fix some nonempty blank linesVolker Lendecke1-37/+37
2009-05-07Fix some type-punned warningsVolker Lendecke3-7/+13
2009-05-07Remove a misleading commentVolker Lendecke1-2/+0
2009-05-07Fix some nonempty blank linesVolker Lendecke1-11/+10
2009-04-24s3-idmap: Fix bug #6286: Call init function for builtin idmap modules before ↵Günther Deschner1-0/+2
probing for them as shared modules. idmap-gurus of the world, please check. Guenther
2009-04-21s3-secdesc: use SEC_FLAG_MAXIMUM_ALLOWED instead of SEC_RIGHTS_MAXIMUM_ALLOWED.Günther Deschner2-12/+12
Guenther
2009-04-20Fix to use modified cli_rpc_pipe_open_schannel_with_key APIAndrew Bartlett1-2/+2
2009-04-20Remove use of talloc_reference in cli_rpc_pipe_open_schannel_with_key()Andrew Bartlett1-1/+1
2009-04-14s3: Fix ntlm_auth and winbindd to use new common libcli/auth APIsAndrew Bartlett1-9/+9
2009-04-14Rework Samba3 to use new libcli/auth code (partial)Andrew Bartlett5-3/+8
This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
2009-04-07s3-libads: avoid NULL talloc context with ads_get_dn().Günther Deschner2-2/+2
Guenther
2009-04-06s3:libads Make ads_get_dn() take a talloc contextAndrew Bartlett4-11/+11
Also remove ads_memfree(), which was only ever a wrapper around SAFE_FREE, used only to free the DN from ads_get_ds(). This actually makes libgpo more consistant, as it mixed a talloc and a malloc based string on the same element. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2009-03-23ѕ3/winbind_pam: fix gcc 4.4 compile warningBjörn Jacke1-1/+1
2009-03-18s3: remove POLICY_HND.Günther Deschner6-25/+25
Guenther
2009-03-18s3:winbindd: accept new connections via fd eventsStefan Metzmacher1-52/+100
metze
2009-03-18s3:winbindd: move non event related code out of process_loop() in the the callerStefan Metzmacher1-22/+21
metze
2009-03-18s3:winbindd: remove unused close_winbindd_socket() functionStefan Metzmacher2-19/+0
metze
2009-03-17Fix #6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped membersVolker Lendecke1-7/+8
Thanks to François Legal <devel@thom.fr.eu.org> for reporting this bug
2009-03-17Fix a valgrind errorVolker Lendecke1-1/+1
Found in "make test" -- if we can't connect at all, "cli" is uninitialized
2009-03-13Remove pwd_cache.c, it was doing nothing. Make user_name, domain, andJeremy Allison1-14/+25
password talloc'ed strings within the cli_struct. Jeremy.
2009-03-12Fix #6167: winbindd -n should disable the winbind idmap cacheVolker Lendecke1-20/+50
2009-03-12Make opt_nocache static to winbindd.cVolker Lendecke4-7/+17
2009-03-07Shape up pdb_search a bit by making it a talloc ctx with a destructorVolker Lendecke1-6/+6
2009-03-06s3:winbindd_cm: remove useless cli_setup_signing_state(*cli, Undefined) callStefan Metzmacher1-2/+0
cli_setup_signing_state() with Undefined is a noop. metze
2009-03-04Fix careless mistake in winbindd_setup_sig_usr2_handlerBo Yang1-1/+1
2009-03-02More fix to initialize idmap statusesBo Yang7-0/+70
2009-02-27Initialize the id_map status in idmap_ldap to avoid surpriseBo Yang1-0/+8
2009-02-23More warning fixes for Solaris.Jeremy Allison3-11/+11
Jeremy.
2009-02-17s3:winbindd: make do_async_domain() static.Michael Adam2-12/+6
Michael
2009-02-11s3: Implement wbcGetSidAliasesDan Sledz5-88/+126
* Adds wbcGetSidAliases that calls the lookup_useraliases function. * Updates wbinfo and winbind_util.c to call the new function. * Also added winbind_get_groups helper function.
2009-02-11s3: Implement wbcGetpwsidDan Sledz3-4/+26
* Adds the plumbing required to lookup users by sid into winbind, wbinfo and smbd helper lib (winbind_util.c). * Removes some double declarations of winbind_util.c functions. * Bumps the winbind protocol version to 21 and the minor version of wbclient to 3.
2009-02-09Revert "s3:winbindd_user: create domain connection in winbindd_fill_pwent if ↵Michael Adam1-1/+1
necessary." This reverts commit 487f5e7b4768cfe9e511b0ba56f16c411e21f702. I was confused about the real meaning of find_domain_from_name_noinit() vs. find_domain_from_name(). We don't need the connection established here, just the domain struct which gets initialized by rescan_trusted_domains(). Sorry for the noise. Michael
2009-02-09s3:winbindd_user: create domain connection in winbindd_fill_pwent if necessary.Michael Adam1-1/+1
Calling find_domain_from_name_noinit() might not be enough here. This makes winbindd_getpwent() behave the same as winbindd_getgrent(). Michael
2009-02-09s3:winbindd_user: fix a debug message.Michael Adam1-2/+2
find_domain_from_name_noinit() is no longer called only for name alias support. Michael
2009-02-09async_sock: Use unix errnos instead of NTSTATUSKai Blin1-21/+0
This also switches wb_reqtrans to use wbcErr instead of NTSTATUS as it would be pointless to convert to errno first and to wbcErr later.
2009-02-07Fix coverity ID 876 (FORWARD_NULL)Volker Lendecke1-0/+1
Michael, please check!
2009-02-06s3:idmap_tdb2: untangle assignment and check in idmap_tdb2_alloc_load()Michael Adam1-6/+4
Michael
2009-02-06s3:idmap_tdb2: factor lodaing of ranges out into idmap_tdb2_load_ranges()Michael Adam1-25/+41
Michael
2009-02-06s3:idmap_tdb2: move together code that belongs together in idmap_tdb2_alloc_loadMichael Adam1-7/+8
Michael