summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2011-02-27s3: Use strndup in parse_nss_paramVolker Lendecke1-13/+2
2011-02-27s3: properly find our standard nss_info backendsVolker Lendecke1-0/+13
Right now, the nss_info backends are tied to the idmap backends (which is wrong IMHO). In the domain child we don't load the idmap backend anymore, so we don't have the nss info modules. This needs fixing properly.
2011-02-27s3: Fix a debug messageVolker Lendecke1-2/+3
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Feb 27 16:59:19 CET 2011 on sn-devel-104
2011-02-23s3: Fix 64-bit errorsVolker Lendecke1-4/+8
Casting those variables will lead to sscanf believing that it sees pointers to unsigned longs. These might be 64 bit long, thus sscanf will overwrite memory it should not overwrite. Assigning the vars later is okay, there we get automatic type conversion. C can be nasty ... Christian, please check!
2011-02-23s3: Fix an uninitialized variable useVolker Lendecke1-1/+2
The "goto error;" lead to the invalid talloc_free. Christian, please check!
2011-02-23s3:idmap:autorid prevent fatal configuration changesChristian Ambach1-2/+112
as the autorid module relies on a stable minimum uid/gid value and rangesize, it now saves the values used at first successful start and refuses to work if these values get changed in smb.conf later. Changing the values after the first mapping was done will result in unpredictable behaviour. Another check covers the maximum uid value. If this gets decreased later and domain range mappings already exist that would result in uid values higher than the new uid value, initialization will be aborted
2011-02-23s3-proto: remove some prototypes of non-existing functions.Günther Deschner3-6/+0
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Feb 23 15:42:35 CET 2011 on sn-devel-104
2011-02-22s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_infoAndrew Bartlett1-8/+8
These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-20s3: Convert init_system_info to NTSTATUSVolker Lendecke1-2/+4
2011-02-18s3-waf: use SAMBA3_*() build rules in source3/buildAndrew Tridgell1-21/+21
this brings the s3 waf build much closer to the proposed s3build top level build, using the same bld.SAMBA3_*() rules There are a few renames of subsystems in here, with a 3 suffix where it would create a conflict. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-17nsswitch: make wb_reqtrans a common subsystem.Günther Deschner2-2/+2
Guenther
2011-02-13s3: Fix some nonempty blank linesVolker Lendecke1-4/+4
2011-02-11s3-waf: use bld.env.HAVE_LDAP in some more places, hopefully fixes the ↵Günther Deschner1-9/+11
builds w/o ldap. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Feb 11 13:08:38 CET 2011 on sn-devel-104
2011-02-10s3: give ../librpc/ndr/util.c its own header.Günther Deschner1-0/+1
Guenther
2011-02-09s3: Fix some nonempty blank lines and some typosVolker Lendecke1-1/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Feb 9 00:01:45 CET 2011 on sn-devel-104
2011-02-08pam: share pam errors in a common location.Günther Deschner1-0/+1
Guenther
2011-02-04s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945)Günther Deschner3-2/+59
The benefit of this that it makes us more robust to secure channel resets triggered from tools outside the winbind process. Long term we need to have a shared tdb secure channel store though as well. Guenther Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Feb 4 18:11:04 CET 2011 on sn-devel-104
2011-02-04s3:winbindd: fix segfaults on addrchange errors and make DEBUG() statements ↵Stefan Metzmacher1-3/+6
more usefull metze
2011-02-03Fix value overflow (one too many 'f's ).Jeremy Allison1-1/+1
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Feb 3 03:35:32 CET 2011 on sn-devel-104
2011-02-02s3-winbind: prefer dcerpc_lsa_X functions in winbindd/winbindd_rpc.c.Günther Deschner1-7/+12
Guenther
2011-02-02s3-winbind: prefer dcerpc_lsa_X functions in winbindd/winbindd_samr.c.Günther Deschner1-13/+25
Guenther
2011-02-02s3-winbind: prefer dcerpc_lsa_X functions in winbindd/winbind_cm.cGünther Deschner1-29/+35
Guenther
2011-02-02s3: Fix a typoVolker Lendecke1-1/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Feb 2 18:10:45 CET 2011 on sn-devel-104
2011-02-02s3:winbindd: catch lookup_names/sids schannel errors over ncacn_ip_tcp (bug ↵Stefan Metzmacher1-0/+28
#7944) If winbindd connects to a domain controller it doesn't establish the lsa connection over ncacn_ip_tcp direct. This happens only on demand. If someone does a 'net rpc testjoin' and then a wbinfo -n DOMAIN\\administrator, we'll get DCERPC faults with ACCESS_DENIED/SEC_PKG_ERROR, because winbindd's in memory copy of the schannel session key is invalidated. This problem can also happen on other calls, but the lookup_names/sids calls on thet lsa ncacn_ip_tcp connection are the most important ones. The long term fix is to store the schannel client state in a tdb, but for now it's enough to catch the error and invalidate the all connections to the dc and reestablish the schannel session key. The fix for bug 7568 (commit be396411a4e1f3a174f8a44b6c062d834135e70a) made this worse, as it assumes winbindd's in memory session key is always the current one. metze
2011-02-02s3: Remove superfluous ;Günther Deschner1-1/+1
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Feb 2 15:44:21 CET 2011 on sn-devel-104
2011-02-02s3-winbind: prefer dcerpc_samr_X functions in winbindd/winbindd_msrpc.c.Günther Deschner1-24/+59
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Feb 2 14:14:43 CET 2011 on sn-devel-104
2011-02-02s3-winbind: prefer dcerpc_samr_X functions in winbindd/winbindd_pam.c.Günther Deschner1-13/+37
Guenther
2011-02-02s3-winbind: prefer dcerpc_samr_X functions in winbindd/winbindd_rpc.c.Günther Deschner1-58/+134
Guenther
2011-02-02s3-winbind: prefer dcerpc_samr_X functions in winbindd/winbindd_samr.c.Günther Deschner1-43/+92
Guenther
2011-02-02s3-winbind: prefer dcerpc_samr_X functions in invalidate_cm_connection.Günther Deschner1-3/+6
Guenther
2011-02-02s3-winbind: prefer dcerpc_samr_X functions in cm_connect_sam.Günther Deschner1-13/+35
Guenther
2011-02-02s3-winbind: use status variable name in cm_connect_sam.Günther Deschner1-33/+33
Guenther
2011-02-01s3: Send a dropped_ip message if we lose an IPVolker Lendecke1-0/+85
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Feb 1 15:59:17 CET 2011 on sn-devel-104
2011-01-31Revert "s3:events: Call all ready fd event handlers on each iteration of the ↵Stefan Metzmacher1-3/+3
main loop" This reverts commit 455fccf86b6544cd17a2571c63a88f8aebff3f74. I'll add a more generic fix for this problem. metze
2011-01-28s3: inline get_uid_from_stateVolker Lendecke1-6/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Jan 28 23:38:16 CET 2011 on sn-devel-104
2011-01-28s3: Lift winbindd_cli_state from fillup_password_policyVolker Lendecke1-4/+6
2011-01-28s3: Do not use state->mem_ctx in fillup_password_policyVolker Lendecke1-4/+8
2011-01-28s3: Lift winbindd_cli_state from winbindd_dual_pam_auth_samlogonVolker Lendecke1-21/+27
2011-01-28s3: Lift winbindd_cli_state from winbindd_raw_kerberos_loginVolker Lendecke1-18/+26
2011-01-26s3-winbind: share a common winbind_samlogon_retry_loop().Günther Deschner1-168/+147
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Jan 26 12:41:14 CET 2011 on sn-devel-104
2011-01-26Revert "s3: These assignments are overwritten immediately"Günther Deschner1-0/+4
This reverts commit 18962ea3852d0d0fc7371e99813bebd54fae0a19.
2011-01-26Revert "s3-winbind: fix winbindd_dual_pam_auth_samlogon() for NT4 domains."Günther Deschner1-1/+0
This reverts commit cea36aeacf8778493463f31e6afc3f58384639e2.
2011-01-24s3-winbind: fix winbindd_dual_pam_auth_samlogon() for NT4 domains.Günther Deschner1-0/+1
After failing the netr_LogonSamLogonEx, we failed to retry with netr_LogonSamLogon. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Jan 24 12:35:42 CET 2011 on sn-devel-104
2011-01-21s3-rpc_client: Rename get_query_dispinfo_params.Andreas Schneider1-3/+3
2011-01-21s3:winbind: Fork multiple children per domainVolker Lendecke22-28/+92
This makes us scale better with many simultaneous winbind requests, some of which might be slow. This implementation breaks offline logons, as the cached credentials are maintained in a child (this needs fixing). So, if the offline logons are active, only allow one DC connection. Probably the offline logon and the scalable file server cases are separate enough so that this patch is useful even with the restriction.
2011-01-21s3:winbind: Protect against invalid winbindd_cache entries in lookupridsVolker Lendecke1-1/+2
2011-01-19s3: Add wbinfo --dc-infoVolker Lendecke4-0/+148
wbinfo --dc-info prints the current DC name and IP address. This helps diagnosing problems that might happen when a later wbinfo --ping-dc fails. This patch started out by using the SAF and NBT cache entires, but those are relatively short-lived. So I decided to invent a new gencache entry with a very long timeout. We need to go via the gencache because when for some reason a winbind child process is stuck, we can't query it for the current DC it's connected to. This must eventually go away again when we have a fully async winbind. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Jan 19 08:40:28 CET 2011 on sn-devel-104
2011-01-19s3-winbind: no need to include ../librpc/gen_ndr/cli_lsa.h inGünther Deschner1-1/+0
winbindd/winbindd_msrpc.c. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Jan 19 00:37:46 CET 2011 on sn-devel-104
2011-01-13s3-winbind: prefer dcerpc_netr_X functions.Günther Deschner4-28/+61
Guenther Signed-off-by: Andreas Schneider <asn@samba.org>
2011-01-11s3:winbindd: use ndr_wbint_c.h instead of cli_wbint.hStefan Metzmacher30-30/+30
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jan 11 15:40:22 CET 2011 on sn-devel-104