summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2010-03-22s3: Fix a bad memleak in winbindVolker Lendecke1-1/+2
2010-03-10s3: Fix a long-standing problem with recycled PIDsVolker Lendecke2-9/+6
When a samba server process dies hard, it has no chance to clean up its entries in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb. For locking.tdb and brlock.tdb Samba is robust by checking every time we read an entry from the database if the corresponding process still exists. If it does not exist anymore, the entry is deleted. This is not 100% failsafe though: On systems with a limited PID space there is a non-zero chance that between the smbd's death and the fresh access, the PID is recycled by another long-running process. This renders all files that had been locked by the killed smbd potentially unusable until the new process also dies. This patch is supposed to fix the problem the following way: Every process ID in every database is augmented by a random 64-bit number that is stored in a serverid.tdb. Whenever we need to check if a process still exists we know its PID and the 64-bit number. We look up the PID in serverid.tdb and compare the 64-bit number. If it's the same, the process still is a valid smbd holding the lock. If it is different, a new smbd has taken over. I believe this is safe against an smbd that has died hard and the PID has been taken over by a non-samba process. This process would not have registered itself with a fresh 64-bit number in serverid.tdb, so the old one still exists in serverid.tdb. We protect against this case by the parent smbd taking care of deregistering PIDs from serverid.tdb and the fact that serverid.tdb is CLEAR_IF_FIRST. CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not work when all smbds are restarted. For this, "net serverid wipe" has to be run before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up sessionid.tdb and connections.tdb. While there, this also cleans up overloading connections.tdb with all the process entries just for messaging_send_all(). Volker
2010-03-05s3:winbindd: add DEBUG(10,...) for the end of each top levelStefan Metzmacher2-6/+25
That will hopefully make debugging a bit easier (at least for me). metze
2010-03-06s3: Fix unnecessary traversing winbindd_cache.tdb in SIGHUP handler.Bo Yang1-0/+6
Signed-off-by: Bo Yang <boyang@samba.org>
2010-02-28s3: Remove unused count_all_current_connections()Volker Lendecke1-1/+0
2010-02-28s3: Fix but 7145 -- duplicate sam and unix accountsVolker Lendecke2-0/+22
For me this survives the TESTS=posix_s3 POSIX_SUBTESTS="RPC-SAMR-LARGE-DC LOCAL-NSS-WRAPPER" make test reproducer. Günther, please check! Volker
2010-02-26Fix one of the valgrind warnings from bug #6814 - Fixes for problems ↵Roel van Meer1-0/+8
reported by valgrind The timeval passed to event_add_to_select_args() must be initialized as event_add_to_select_args() uses a timeval_min() on this and next_event.
2010-02-23s3 move the sitename cache in its own fileSimo Sorce1-0/+1
2010-02-23s3: Consolidate server_id_self into the equivalent procid_self()Volker Lendecke1-1/+1
2010-02-23s3:winbindd: never mark external domains as internal!Stefan Metzmacher1-4/+1
This way we can endup with silently using builtin_passdb_methods for an ad domain without an inbound trust. This fixes bug #7170. metze
2010-02-17s3: go straight to winbindd_dual_pam_auth() in case of !NT_STATUS_OKLars Müller1-1/+1
At the formerly used process_result statement we have alone one NT_STATUS_IS_OK() which never could be hit in our case as we only go here if NT_STATUS_EQUAL is not ok.
2010-02-09s3: Don't invalidate cache for uninitialized domains.Bo Yang3-1/+52
Signed-off-by: Bo Yang <boyang@samba.org>
2010-01-28s3/winbind_ccache: Fix typo in debug message.Karolin Seeger1-1/+1
Karolin
2010-01-24s3: Add the session key to the ccache_ntlm_auth responseVolker Lendecke1-4/+18
2010-01-24s3: Add wbinfo --ccache-saveVolker Lendecke4-0/+80
With this command you can give winbind your password for later use by the automatic ntlm_auth
2010-01-14s3 winbindd: Return number of groups in data.num_entries for ↵Kai Blin1-1/+3
WINBINDD_LIST_GROUPS This allows to test if there's something wrong with the group list in extra_data or if there's simply no groups in the database. Volker, please check.
2010-01-14s3 winbindd: Get WINBINDD_CHECK_MACHACC torture test to work again.Kai Blin1-1/+4
WINBINDD_CHECK_MACHACC used to report an NTSTATUS error and appropriate error strings. Make this work again.
2010-01-13s3: Fix a winbind segfault in "trusted_domains"Volker Lendecke1-3/+4
We have to initialize domain->backend by calling "get_cache" before doing a query Thanks to Christian Ambach to find this :-)
2010-01-10s3: Fix some nonempty blank linesVolker Lendecke2-6/+6
2010-01-10s3: Replace most calls to sid_append_rid() by sid_compose()Volker Lendecke6-13/+8
2010-01-09s3: Remove a pointless "else" branch from add_ccache_to_list()Volker Lendecke1-4/+3
2010-01-09s3: Slightly simplify winbindd_store_credsVolker Lendecke1-4/+2
2010-01-09s3: Fix a segfault in winbindd_dual_ccache_ntlm_auth()Volker Lendecke1-1/+1
ntlmssp_update allocates the reply_blob as a child of ntlmssp_state. This means with ntlmss_end() it will be gone. winbindd_dual_ccache_ntlm_auth used the blob after the ntlmssp_end().
2010-01-06s3: List trusted domains from wcache when domain is offline.Bo Yang1-24/+139
Signed-off-by: Bo Yang <boyang@samba.org>
2010-01-06s3: Make winbindd_cache.c aware of domain offline to avoid unnecessary ↵Bo Yang2-4/+265
backend query. Signed-off-by: Bo Yang <boyang@samba.org>
2010-01-06s3: Fix infinite loop in NCACN_IP_TCP asa there is no timeout. Assume ↵Bo Yang2-9/+4
lsa_pipe_tcp is ok but network is down, then send request is ok, but select() on writeable fds loops forever since there is no response. Signed-off-by: Bo Yang <boyang@samba.org>
2010-01-03s3: Slightly simplify winbindd_dual_ccache_ntlm_authVolker Lendecke1-15/+9
data_blob_const can't fail
2010-01-02s3: Fix a typoVolker Lendecke1-1/+1
2010-01-02s3: simplify find_root_domain, find_our_domain() never failsVolker Lendecke1-4/+2
2010-01-02s3: Use global_sid_Builtin in find_builtin_domainVolker Lendecke1-4/+1
2010-01-02s3: Avoid adding a domain twiceVolker Lendecke1-6/+7
If we found a match with sid==NULL, we ended up adding the domain twice
2010-01-02s3: Make free_domain_list() staticVolker Lendecke2-2/+1
2010-01-02s3: Introduce domain_is_forest_root() helper functionVolker Lendecke3-8/+12
Hopefully this makes the flag tests a bit more understandable
2009-12-30Prevent NULL dereference if group has no membersJim McDonough1-4/+4
2009-12-28s3: Check for lp_winbind_trusted_domains_only in wb_gettoken()Volker Lendecke2-24/+7
This avoids one walk of the domain list
2009-12-28s3: Move a lp_winbind_trusted_domains_only() check to wb_getgrsid()Volker Lendecke2-22/+12
winbindd_getgrgid was not protected by this.
2009-12-28s3: Pass netr_DomainTrustList instead of names and sids through ↵Volker Lendecke7-182/+98
(*trusted_domains)
2009-12-28s3: Simplify winbindd_ads.c:trusted_domains()Volker Lendecke1-110/+123
No real code change, this just removes an indentation by turning if ( NT_STATUS_IS_OK(result) && trusts.count) { into if (!NT_STATUS_IS_OK(result)) { return result; } if (trusts.count == 0) { return NT_STATUS_OK; }
2009-12-28s3: Remove some unused codeVolker Lendecke1-101/+0
Watch the #if 0 -- we never stored this in the cache anymore
2009-12-28s3: Simplify winbindd_list_trusted_domains() slightlyVolker Lendecke1-31/+23
2009-12-28s3: Simplify "setup_domain_child" slightlyVolker Lendecke2-3/+1
2009-12-26s3:winbind Make the normal client exit message a bit more understandableVolker Lendecke1-2/+7
2009-12-26s3: Fix a typo found by Matthias Dieter Wallnöfer <mdw@samba.org> -- thanks :-)Volker Lendecke1-1/+1
2009-12-26s3: Fix a bogus uninitialized variable warningVolker Lendecke1-1/+1
2009-12-26s3: Replace IS_DOMAIN_OFFLINE by a functionVolker Lendecke6-9/+16
2009-12-26s3: Fix some nonempty blank linesVolker Lendecke1-2/+2
2009-12-26s3: winbindd_cli_state->getgrent_state is no longer usedVolker Lendecke4-39/+0
2009-12-26s3: getgrent_state has been replaced by grent_stateVolker Lendecke1-1/+1
2009-12-23s3: wbinfo --ping-dc is not cacheableVolker Lendecke1-0/+1
2009-12-23s3: Remove some unused codeVolker Lendecke4-164/+0