summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2008-01-20Fix a segfaultVolker Lendecke1-3/+10
Pointed out by Steven Danneman on irc, thanks! Jerry, Günther, please check! (This used to be commit 9e71c89ac648040739ef2161a2e6c4299be1e35b)
2008-01-17Finally enable pidl generated SAMR & NETLOGON headers and clients.Günther Deschner2-4/+4
Guenther (This used to be commit f7100156a7df7ac3ae84e45a47153b38d9375215)
2008-01-16Convert old sid-string handling in idmap_tdb2 to a new oneAlexander Bokovoy1-4/+7
(This used to be commit ee851730cef1eb506b47faf57e25789ad3c6aafa)
2008-01-16idmap TDB2 backend, used for clustered Samba setups.Alexander Bokovoy1-0/+1014
This uses 2 tdb files. One is permanent, and is in shared storage on the cluster (using "tdb:idmap2.tdb =" in smb.conf). The other is a temporary cache tdb on local storage. Signed-off-by: Alexander Bokovoy <ab@samba.org>(This used to be commit b6df7e7709365fb620867ad8954bc5bf24496775)
2008-01-15Apply const to rpccli_lsa_query_info_policy() and ↵Günther Deschner1-3/+3
rpccli_lsa_query_info_policy2(). Guenther (This used to be commit 7a3fe68bef7acde9d9f8a7a44ce7e9432f3c5a95)
2008-01-11Ensure we don't access an uninitialized variableJeremy Allison1-1/+1
(CID 535 - actually false but easy to shut up :-). Jeremy. (This used to be commit 4038bb3a9485943db58d9fe30947e11522ce283d)
2008-01-11As long as DsGetDcName is not part of libnetapi, lowercase the fn name.Günther Deschner1-3/+3
Guenther (This used to be commit 19a980f52044a170618629e5b0484c1f6b586e5f)
2008-01-09Convert add_sid_to_array() add_sid_to_array_unique() to return NTSTATUS.Michael Adam5-46/+58
Michael (This used to be commit 6b2b9a60ef857ec31da5fea631535205fbdede4a)
2008-01-09Fix prototype: Add a void to an empty function parameter list.Michael Adam1-1/+1
Michael (This used to be commit 3f89aea8e4df3a2de8c5e4c6f4e417567adb2d67)
2008-01-07Fix build warning.Günther Deschner1-16/+18
Guenther (This used to be commit 73233a06d6f0f1346c48b465750af4b532cd7306)
2008-01-07Use the proper boolean constants.Michael Adam1-93/+93
Michael (This used to be commit 6f673b7f10c145d88e6a6d3072b5f8cd98837304)
2008-01-07Fix a comment.Michael Adam1-1/+2
Michael (This used to be commit 62d6d4fff2edcce04e793d2a2f877cb3f4fedbdb)
2008-01-07Make wcache_invalidate_cache() return bool, not int.Michael Adam2-4/+4
Michael (This used to be commit dba24ceae78ffc49200b647838b6bf3657275add)
2008-01-07Add some braces to if statement.Michael Adam1-1/+2
Michael (This used to be commit 66fc1db1d19d11792d9506b06ad914d88b7e0663)
2008-01-07Prevent winbindd from segfaulting due to corrupted cache tdb.Andreas Schneider2-4/+36
If we try to flush the caches and due to a corrupted tdb we and have no tdb context close the tdb and validate it. Initialize the cache afterwards again. (This used to be commit d0c0f91fb9f3438a18c6f47ed894f525beb75cbf)
2008-01-04Fix the inherited trust flags when spidering the trust heirarchy.Gerald (Jerry) Carter2-3/+19
Also *do not* clear the trust list when rescanning or else it is possible to suffer from a race condition where no trusted domains can be found. (This used to be commit e7164a252bf213a74d6eeac5aa04645eed5be241)
2008-01-04Add a missing check for dealing with a one-way trust in query_user().Gerald (Jerry) Carter1-0/+6
(This used to be commit f89e356bdaa203ef0a3ce6b8bd52170afa68a2c9)
2008-01-04Ensure that winbindd_getgroups() can deal with a UPN name.Gerald (Jerry) Carter1-1/+10
A user logging in via GDM was not getting a complete list of supplementary groups in his/her token. This is because getgroup() was not able to find the winbindd_domain* using the DNS name. Fallback to matching the DNS name is the short name match failes. (This used to be commit 2030a8de19a2c7c735a8aa367dd953e4a5c447b8)
2008-01-04When connecting to an AD DC, use the DsGetDCName variant.Gerald (Jerry) Carter1-2/+36
This allows us to deal with child domains in transitive forest trusts. It also allows us to fill in the forest name to the target domain to the struct winbindd_domain *. (This used to be commit ed30516bb0f55f9ba466debf91b6e33d1c28a484)
2007-12-29Use correct size value for linearize call.Jeremy Allison1-1/+1
Jeremy. (This used to be commit a5df44f5b7887d10c1e1a0b7a3dd05bcf31015e1)
2007-12-29Remove tiny code duplicationVolker Lendecke1-4/+7
sid_size did the same as ndr_size_dom_sid (This used to be commit 8aec5d09ba023413bd8ecbdfbc7d23904df94389)
2007-12-21Add NT error to debug to try and track this down.Jeremy Allison1-1/+4
Jermey. (This used to be commit a1482b09150f4d292965c77bc73d47fb14f5eb85)
2007-12-21Kill fstring in getdcname & getanydcname return.Günther Deschner2-5/+5
Guenther (This used to be commit b7383818168863a7ba43c2456f8c44e96e76707a)
2007-12-20Only retrieve password policies in pam_auth when WBFLAG_PAM_GET_PWD_POLICY ↵Michael Adam1-6/+9
is set. This essentially re-establishes r14496 (2155bb0535656f294bd054d6a0a7d16a9a71c31b) which was undone in r17723 (43bd8c00abb38eb23a1497a255d194fb1bbffffb) for reasons that are unclear to me. Maybe I am being too naive. Now we do again only retrieve the password policy when called from the pam_winbind module. This fixes logons delegated to AD trusted domain controllers: We need to connect to the sam to retrieve the password policy. But auhtenticated session setup is not possible when contacting the trusted domain dc and afterwards, SamrConnect also fails with whatever credentials and method used. Michael (This used to be commit 6d765e0de523211a2d0b43a2c4c4117f5f0c662f)
2007-12-19Remove Get_Pwnam and its associated static variableVolker Lendecke1-4/+6
All callers are replaced by Get_Pwnam_alloc (This used to be commit 735f59315497113aebadcf9ad387e3dbfffa284a)
2007-12-18Fix logic error in cm_connect_sam().Michael Adam1-1/+0
Don't fall back to schannel when trust creds could be obtained. This is still not complete, but I am getting closer. Michael (This used to be commit 7c9fa597d684a25822b4db6615f28336f2d64ef3)
2007-12-17Fix a segv in winbindd caused by trying to free an fstring.Gerald (Jerry) Carter1-2/+6
Make a copy of the machine_password and machine_account strings in all conditional paths so that SAFE_FREE() will always be valid. (This used to be commit 194c4640b158457a6d0d5ea91e28d41d619c77de)
2007-12-15s/sid_to_string/sid_to_fstring/Volker Lendecke10-45/+50
least surprise for callers (This used to be commit eb523ba77697346a365589101aac379febecd546)
2007-12-15Replace sid_string_static with sid_to_stringVolker Lendecke5-19/+43
This adds 28 fstrings on the stack, but I think an fstring on the stack is still far better than a static one. (This used to be commit c7c885078be8fd3024c186044ac28275d7609679)
2007-12-15Use sid_to_string directlyVolker Lendecke3-9/+6
It seems a bit pointless to do a fstrcpy(dst, sid_string_static(src)) (This used to be commit c221c246b10e2dbbd54a9af2dc45de2eae237380)
2007-12-15Use sid_string_talloc where we have a tmp talloc ctxVolker Lendecke1-23/+24
(This used to be commit 0a911d38b8f4be382a9df60f9c6de0c500464b3a)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke15-91/+86
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-12-15Use sid_string_talloc where we have a tmp talloc ctxVolker Lendecke1-3/+4
(This used to be commit f00ab810d2540679bec109498ac89e1eafe18f03)
2007-12-14winbindd: move domain child specific stuff into its own fileStefan Metzmacher6-114/+132
metze (This used to be commit 075d315e0f72d506b70040da10940e4af131b4e2)
2007-12-13Make cm_connect_sam() try harder to connect autheticated.Michael Adam1-9/+26
Even if the session setup was anonymous, try and collect trust creds with get_trust_creds() and use these before falling back to schannel. This is the first attempt to fix interdomain trusts. (get password policy and stuff) Michael (This used to be commit e180bbd45452435e981192028a0ad90078c04236)
2007-12-13Refactor out assembling of trust creds (pw, account name, principal).Michael Adam1-17/+38
Michael (This used to be commit 481f18b20d6d5ee12c62120a3559bb16cc98e465)
2007-12-13Streamline and fix logic of cm_prepare_connection().Michael Adam1-25/+37
Do not attempt to do a session setup when in a trusted domain situation (this gives STATUS_NOLOGON_TRUSTED_DOMAIN_ACCOUNT). Use get_trust_pw_clear to get machine trust account. Only call this when the results is really used. Use the proper domain and account name for session setup. Michael (This used to be commit 18c66a364e0ddc4960769871ca190944f7fe5c44)
2007-12-13Rename get_trust_pw() to get_trust_pw_hash().Michael Adam1-2/+2
Michael (This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
2007-12-13Let get_trust_pw() determine the machine_account_name to use.Michael Adam1-19/+3
Up to now each caller used its own logic. This eliminates code paths where there was a special treatment of the following situation: the domain given is not our workgroup (i.e. our own domain) and we are not a DC (i.e. it is not a typical trusted domain situation). In situation the given domain name was previously used as the machine account name, resulting in an account name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me. get_trust_pw would not have obtained a password in this situation anyways. I hope I have not missed an important point here! Michael (This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
2007-12-13Streamline logic in cm_connect_netlogon()Michael Adam1-5/+6
by retrieving trust password only, when it will be used. Michael (This used to be commit cdc60d8ae8c0ef804206b20b451e9557f97d4439)
2007-12-13In cm_prepare_connection(), only get auth user creds if we need to.Michael Adam1-2/+2
Michael (This used to be commit 164bfb25d7b5cfeffeb4d81958b7629a11ca5d5e)
2007-12-12Don't restart winbind if a corrupted tdb is found during initialization.Andreas Schneider2-17/+10
The tdb is validated before it gets initialized. Since then sighandlers changed a restart isn't needed anymore. (This used to be commit aabe9b33fcaed8af98b1ed6b736253e196d87d48)
2007-12-12winbindd: remove unused WINBINDD_DUMP_MAPS supportStefan Metzmacher4-157/+0
Also the design of this function was really bad, instead do the dump into a file, the client should get back the list of mappings. metze (This used to be commit ce7fe8acf41e90553431c7cda6823700701835c7)
2007-12-12winbindd: remove unused WINBINDD_DUAL_NAME2*ID and WINBINDD_DUAL_*ID2NAME callsStefan Metzmacher1-255/+0
WINBINDD_DUAL_UID2NAME WINBINDD_DUAL_NAME2UID WINBINDD_DUAL_GID2NAME WINBINDD_DUAL_NAME2GID metze (This used to be commit fd4499ee438e4947990200db529363d51bd2c956)
2007-12-11winbindd: pass const char *logfile to winbindd_dump_maps_async()Stefan Metzmacher2-7/+15
metze (This used to be commit a52237e3a10aa4ac15cd9e7b859a54c46bfa9cdf)
2007-12-11winbindd: rename child table struct elementsStefan Metzmacher4-57/+150
Add struct_ prefix to struct based protocol specific elemetens struct winbindd_child_dispatch_table. metze (This used to be commit 4ab9a8aab72a8406659a72e87b2d2a1ec2a2eabf)
2007-12-11idmap: add a const to idmap_dump_maps()Stefan Metzmacher1-1/+1
metze (This used to be commit de31913f0a4fd407d935ec4e27a6123ab7847ab5)
2007-12-10Remove the char[1024] strings from dynconfig. ReplaceJeremy Allison4-8/+8
them with malloc'ing accessor functions. Should save a lot of static space :-). Jeremy. (This used to be commit 52dc5eaef2106015b3a8b659e818bdb15ad94b05)
2007-12-07Remove next_token - all uses must now be next_token_talloc.Jeremy Allison1-5/+11
No more temptations to use static length strings. Jeremy. (This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de)
2007-12-07Don't build rpctorture anymore - not maintained. Just remove.Jeremy Allison1-1/+1
Remove all vestiges of pstring (except for smbctool as noted in previous commit). Jeremy (This used to be commit 4c32a22ac50ada3275d2ffba3c1aa08bee7d1549)