summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2009-02-11s3: Implement wbcGetSidAliasesDan Sledz5-88/+126
* Adds wbcGetSidAliases that calls the lookup_useraliases function. * Updates wbinfo and winbind_util.c to call the new function. * Also added winbind_get_groups helper function.
2009-02-11s3: Implement wbcGetpwsidDan Sledz3-4/+26
* Adds the plumbing required to lookup users by sid into winbind, wbinfo and smbd helper lib (winbind_util.c). * Removes some double declarations of winbind_util.c functions. * Bumps the winbind protocol version to 21 and the minor version of wbclient to 3.
2009-02-09Revert "s3:winbindd_user: create domain connection in winbindd_fill_pwent if ↵Michael Adam1-1/+1
necessary." This reverts commit 487f5e7b4768cfe9e511b0ba56f16c411e21f702. I was confused about the real meaning of find_domain_from_name_noinit() vs. find_domain_from_name(). We don't need the connection established here, just the domain struct which gets initialized by rescan_trusted_domains(). Sorry for the noise. Michael
2009-02-09s3:winbindd_user: create domain connection in winbindd_fill_pwent if necessary.Michael Adam1-1/+1
Calling find_domain_from_name_noinit() might not be enough here. This makes winbindd_getpwent() behave the same as winbindd_getgrent(). Michael
2009-02-09s3:winbindd_user: fix a debug message.Michael Adam1-2/+2
find_domain_from_name_noinit() is no longer called only for name alias support. Michael
2009-02-09async_sock: Use unix errnos instead of NTSTATUSKai Blin1-21/+0
This also switches wb_reqtrans to use wbcErr instead of NTSTATUS as it would be pointless to convert to errno first and to wbcErr later.
2009-02-07Fix coverity ID 876 (FORWARD_NULL)Volker Lendecke1-0/+1
Michael, please check!
2009-02-06s3:idmap_tdb2: untangle assignment and check in idmap_tdb2_alloc_load()Michael Adam1-6/+4
Michael
2009-02-06s3:idmap_tdb2: factor lodaing of ranges out into idmap_tdb2_load_ranges()Michael Adam1-25/+41
Michael
2009-02-06s3:idmap_tdb2: move together code that belongs together in idmap_tdb2_alloc_loadMichael Adam1-7/+8
Michael
2009-02-06s3:idmap_tdb2: streamline idmap_tdb2_sid_to_id,Michael Adam1-6/+7
adding tmp talloc ctx and removing a variable Michael
2009-02-06s3:idmap_tdb: simplify talloc usage with temp context from talloc_stackframeMichael Adam1-6/+2
Michael
2009-02-06s3:idmap_tdb: refactor out new function idmap_tdb_load_ranges()Michael Adam1-22/+30
Michael
2009-02-06s3:idmap_tdb: use transactions in idmap_tdb_allocate_id()Michael Adam1-1/+18
Michael
2009-02-06s3:idmap_tdb: add tmp talloc ctx to idmap_tdb_sid_to_id and remove an fstringMichael Adam1-7/+5
Michael
2009-02-02s3 build: Fix "assignment discards qualifiers from pointer target type" warningsTim Prouty2-13/+6
2009-02-01Add two new parameters to control how we verify kerberos tickets. Removes ↵Dan Sledz1-1/+1
lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket.
2009-02-02s3:winbind_group: fix "getent group" to allocate new gids.Michael Adam1-2/+8
"getent group" used to fill the idmap cache with negative cache entries for unmapped group sids. Don't pass domain name unconditionally to idmap_sid_to_gid(). idmap_sid_to_gid() only creates new mappings (allocating idmap backends tdb, tdb2, ldap...) when the domain name passed in is "". Note that it is _wrong_ to directly call the idmap_sid_to_gid() functions here, in the main winbindd. The correct fix would be to send a sid_to_gid request to winbindd itself, but this needs more work to prepare the async mechanisms, and we nee a quick fix for getent passwd now. Michael
2009-02-02s3:winbind_user: fix "getent passwd" to allocate new uids.Michael Adam1-2/+7
"getent passwd" used to fill the idmap cache with negative cache entries for unmapped user sids. Don't pass domain name unconditionally to idmap_sid_to_[ug]id(). idmap_sid_to_[ug]id() only creates new mappings (allocating idmap backends tdb, tdb2, ldap...) when the domain name passed in is "". Note that it is _wrong_ to directly call the idmap_sid_to_[ug]id() functions here, in the main winbindd. The correct fix would be to send a sid_to_[ug]id request to winbindd itself, but this needs more work to prepare the async mechanisms, and we nee a quick fix for getent passwd now. Michael
2009-02-02s3:winbind_user: move initialization of domain up in winbindd_fill_pwent()Michael Adam1-11/+9
and streamline logic some Michael
2009-01-30Make cli_tcon_andx asyncVolker Lendecke1-7/+2
2009-01-30s3:idmap: move IDMAP_VERSION to the idmap tdb backend, where it belogns.Michael Adam1-0/+5
Michael
2009-01-28s3:winbind: remove prototype for non-existent function from winbind_proto.hMichael Adam1-1/+0
Michael
2009-01-28s3: separate tdb validation code out into its own source fileMichael Adam1-0/+1
So this gets now linked only into its single user: winbindd (needed by winbindd_cache.c) Michael
2009-01-27s3: Fix shadowed declarationTim Prouty1-1/+1
2009-01-27s3:winbindd: handle SIG_TERM, SIGHUP, SIGCHLD and SIGUSR2 via teventStefan Metzmacher3-77/+165
metze
2009-01-22s3:winbindd: we don't need to call message_dispatch() anymore it's event ↵Stefan Metzmacher2-10/+0
triggered now metze
2009-01-22s3: always call run_events() before and after sys_select()Stefan Metzmacher2-9/+26
And always setup the fd events. metze
2009-01-21Memory leaks and other fixes found by Coveritytodd stecher4-6/+32
2009-01-19s3:idmap_tdb: convert to the dbwrap apiStefan Metzmacher1-244/+223
metze
2009-01-19Fix the same bug as 8b618d0 fixes, this time in winbindd_passdb.cVolker Lendecke1-2/+4
2009-01-16s3:winbindd: put winbindd_cache.tdb into cache_dir, not lock_dir.Michael Adam1-6/+6
Michael
2009-01-15s3: make better use of ccache by not including version.h in every C-file.Michael Adam2-2/+2
version.h changes rather frequently. Since it is included via includes.h, this means each C file will be a cache miss. This applies to the following situations: * When building a new package with a new Samba version * building in a git branch after calling mkversion.sh after a new commit (i.e. virtually always) This patch improves the situation in the following way: * remove inlude "version.h" from includes.h * Use samba_version_string() instead of SAMBA_VERSION_STRING in files that use no other macro from version.h instead of SAMBA_VERSION_STRING. * explicitly include "version.h" in those files that use more macros from "version.h" than just SAMBA_VERSION_STRING. Michael
2009-01-14Fix bug in get_dc_name_via_netlogon(), null pointer refrence.Bo Yang1-1/+1
2009-01-14Clean up comments a little.Jeremy Allison1-11/+13
Jeremy.
2009-01-14Don't send message to any other child in child process.Bo Yang1-0/+30
Signed-off-by: Bo Yang <boyang@novell.com>
2009-01-13From boyang - ensure we never "return" from a forked child, always _exit().Jeremy Allison2-5/+5
Jeremy.
2009-01-10Don't set child->requests to NULL in parent after forkBo Yang1-1/+0
2009-01-07refresh sequence number as soon as possible when domain->sequence_number == ↵boyang1-3/+8
-1 or domain->last_status is not ok.
2009-01-07Remove unused struct CLI_POLICY_HNDVolker Lendecke1-7/+0
2009-01-06Make winbindd_cm.c use winbindd_reinit_after_fork().Jeremy Allison4-31/+37
Jeremy.
2009-01-06Add winbindd_reinit_after_fork(), cleaning out all possible eventsJeremy Allison1-52/+76
in a forked child. Jeremy.
2009-01-06Factor out lots of common code into a function.Jeremy Allison1-37/+27
Jeremy.
2009-01-06s3-samr: avoid all init_samr_Domain* functions.Günther Deschner1-18/+12
Guenther
2009-01-05set entry->refresh_time to make ccache_regain_all_now() work correctly.Bo Yang1-2/+11
2009-01-05s3:winbindd: also handle fd events from the winbind_event_context()Stefan Metzmacher1-0/+9
metze
2009-01-05s3:events: change event_add_timed() prototype to match samba4Stefan Metzmacher3-27/+8
metze
2009-01-05s3:winbindd: regain tickets for all ccache entries, when we go onlineStefan Metzmacher3-7/+52
set_event_dispatch_time() is stupid by design and only handles the first event with a given name. metze
2009-01-05s3:winbindd: cancel all ccache entry events and not just oneStefan Metzmacher3-6/+19
cancel_named_event() is stupid by design and also only cancels one single event. metze
2009-01-05s3:winbindd: recreate the per domain check_online_event without relying on ↵Stefan Metzmacher1-19/+20
global state set_event_dispatch_time() is stupid by design and just picks the first event with the given name. metze