summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2013-10-02idmap_autorid: improve idmap_autorid_saveconfig() by adding a talloc stackframeMichael Adam1-9/+8
Pair-Programmed-With: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-02idmap_autorid: move the checks from idmap_autorid_initialize to ↵Atul Kulkarni2-56/+61
idmap_autorid_saveconfig() Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: change idmap_autorid_loadconfig() to return NTSTATUSMichael Adam2-8/+21
for better error propagation. Pair-Programmed-With: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: refactor idmap_autorid_parse_configstr() out of ↵Michael Adam1-11/+25
idmap_autorid_loadconfig() This will be used for other purposes as well. Pair-Programmed-with: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: rename TALLOC_CTX argument of idmap_autorid_loadconfig() to ↵Michael Adam1-3/+3
mem_ctx Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: refactor idmap_autorid_loadconfig to use ↵Michael Adam1-6/+3
idmap_config_getconfigstr Pair-Programmed-with: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid_tdb: add idmap_autorid_getconfigstr()Michael Adam1-0/+54
Pair-Programmed-With: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: extract common code to separate fileAtul Kulkarni3-278/+282
This is in preparation of adding "net idmap autorid" functionality. Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: remove the ignore_builtin bool from the global_config structMichael Adam1-4/+5
The ignore_builtin flag is used only to change the bahaviour of the daemon code, not in the database. Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: add path, and db parameters to idmap_autorid_db_init()Atul Kulkarni1-12/+14
In preparation of calling this from net for different dbs. Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: add a db_context argument to idmap_autorid_init_hwm()Michael Adam1-7/+7
Pair-Programmed-With: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: add a db_context argument to idmap_autorid_saveconfig()Michael Adam1-4/+4
Pair-Programmed-with: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: add a db_context argument to idmap_autorid_loadconfig()Michael Adam1-3/+4
Pair-Programmed-with: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-01idmap_autorid: add a db_context argument to idmap_autorid_get_domainrange()Michael Adam1-5/+7
Pair-Programmed-with: Atul Kulkarni <atul.kulkarni@in.ibm.com> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-09-23build: fix spacing in definition of "idmap_ldap" moduleMichael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-23build: fix spacing in the definition of the "idmap_autorid" targetMichael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Sep 23 10:11:51 CEST 2013 on sn-devel-104
2013-09-23build: remove vars=locals() from the nss_info library: there is no need for thisMichael Adam1-1/+0
Might have been a copy'n'paste. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-23build: remove vars=locals() from the IDMAP_HASH subsystem: there is no need ↵Michael Adam1-2/+1
for this Might have been a copy'n'paste. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-23build: clean the idmap sybsystems/modules definitionsMichael Adam1-33/+13
Directly list the sources in the definitions of subsystems/modules/libraries Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-23build: remove vars=locals() from the IDMAP_AD subsystem: there is no need ↵Michael Adam1-1/+0
for this Might have been a copy'n'paste. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-23build: reorganize idmap_rw and idmap_tdb int subsystems with proper dependenciesMichael Adam1-7/+13
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-10s3-winbind: Add support for the kernel krb5 keyring buffer.Andreas Schneider1-0/+4
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2013-09-10s3-winbind: Don't set a default directory for DIR.Andreas Schneider1-4/+0
There is not default so you should always have to specify a directory in the config file. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2013-09-05lib: Use "mem_ctx" arg in gencache_getVolker Lendecke1-1/+2
Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Sep 5 20:09:21 CEST 2013 on sn-devel-104
2013-09-05Add a talloc context to sitename_fetch().Jeremy Allison1-4/+4
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-09-05Add a talloc context to saf_fetch().Jeremy Allison2-7/+9
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-09-05lib: Add a "mem_ctx" arg to gencache_get (unused so far)Volker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-29s3:winbind: fail ads_cached_connection_connect() if realm == NULLMichael Adam1-0/+4
This prevents segfaults when e.g. a previous SMB_STRDUP failed.. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Aug 29 18:54:28 CEST 2013 on sn-devel-104
2013-08-29s3-winbindd: remove unneded include of secrets.h from idmap_ad.cGünther Deschner1-1/+0
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-08-29s3-winbindd: use get_trust_pw_clear() wrapper for AD connection code.Günther Deschner1-7/+4
This avoids calling secrets functions directly. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-08-29s3-winbindd: make sure also the idmap code can deal with trusted domains.Günther Deschner1-9/+31
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-08-29s3-winbindd: use find_domain_from_name() instead of ↵Günther Deschner1-2/+2
find_domain_from_name_no_init(). Otherwise there is a good chance the domain has not been connected and we don't know the realm name yet. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-08-29s3-winbindd: Fix winbind on DC crash with trusted AD domains.Günther Deschner1-1/+1
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-08-29s3-winbindd: Fix memory leak in ads_cached_connection().Günther Deschner1-1/+1
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-08-29s3-winbindd: remove pointless variable assigment, see the strdup below.Günther Deschner1-1/+0
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-08-15s3:winbindd: make use of lp_cli_{min,max}protocol()Stefan Metzmacher1-2/+3
This changes winbindd back to use NT1 as defeault. https://bugzilla.samba.org/show_bug.cgi?id=9514 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-15Followup patch for BUG: https://bugzilla.samba.org/show_bug.cgi?id=10082Andreas Schneider1-1/+1
Thanks to Jim Brown <jim.brown@rsmas.miami.edu> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Aug 15 03:46:20 CEST 2013 on sn-devel-104
2013-08-14winbind3: Fix an invalid freeVolker Lendecke1-1/+1
This fixes a warning I've never seen before :-) ../source3/winbindd/winbindd_cm.c:781:59: warning: attempt to free a non-heap object ‘machine_krb5_principal’ [-Wfree-nonheap-object] Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Aug 14 14:04:16 CEST 2013 on sn-devel-104
2013-08-13s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat().Günther Deschner1-2/+7
Fallback to lsa named-pipe connection when tcp connection has failed twice (it could be a trusted domain connection where we cannot setup a secure channel). Guenther BUG: https://bugzilla.samba.org/show_bug.cgi?id=9615 BUG: https://bugzilla.samba.org/show_bug.cgi?id=9899 Signed-off-by: Günther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Tested-by: Christof Schmitt <christof.schmitt@us.ibm.com> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Aug 13 20:55:33 CEST 2013 on sn-devel-104
2013-08-13s3-winbind: Fix a segfault passing NULL to a fstring argument.Andreas Schneider1-2/+11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10082 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Aug 13 13:58:26 CEST 2013 on sn-devel-104
2013-08-05s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth().Günther Deschner1-5/+5
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05s3-rpc_cli: pass down ndr_interface_table to ↵Günther Deschner1-4/+4
cli_rpc_pipe_open_schannel_with_key(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-07-29s3:winbind: add a warning DEBUG message when skipping a sid from the mapped ↵Michael Adam1-0/+18
GID list This presents a potential security problem when ACLs contain DENY ACEs. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Jul 29 14:42:27 CEST 2013 on sn-devel-104
2013-07-29s3:winbind: change getgroups to only do one sids2xids call instead of manyMichael Adam1-26/+42
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-07-29s3:winbind: fix the getgroups implementation to include the user sid's GID ↵Michael Adam1-3/+5
in case of ID_TYPE_BOTH This is important for acl checks on the unix level where only a group ace has been added to the ACL for the user sid, e.g. when accessing Files with nfs or local unix processes. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-07-29s3:winbind: fix gid counting and error handling in the getgroups implementationMichael Adam1-6/+10
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-07-23s3-winbindd: support the DIR pragma for raw kerberos user pam authentication.Günther Deschner1-0/+23
It is currently only available in MIT. In addition, allow to define custom filepaths for FILE, WRFILE and DIR pragmas and substitute one occurence of the %u pattern. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-08s3:idmap_autorid: Add a NULL check in idmap_autorid_preallocate_wellknownVolker Lendecke1-0/+4
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-07-08s3:idmap_autorid: Don't zero in idmap_autorid_preallocate_wellknownVolker Lendecke1-1/+1
We initialize everything later anyway Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-07-08s3:idmap_autorid: Use ARRAY_SIZE where appropriateVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>