summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2010-04-10s3: Check 0 termination in GETALIASESVolker Lendecke1-7/+13
2010-04-08s3: Remove the separate "child" argument from setup_domain_child()Volker Lendecke3-15/+8
2010-04-08s3:winbindd: make "smbcontrol winbindd validate-cache" reliable againStefan Metzmacher1-0/+3
commit 73577205cf81644e7fe853eaf3e6459f7f443096 (s3:winbindd: fix problems with SIGCHLD handling (bug #7317)) broke this. metze
2010-04-05s3: Fix a cut&paste error in winbindd_list_groups_doneVolker Lendecke1-1/+1
2010-04-01s3:winbindd: remove unused variablesStefan Metzmacher1-2/+0
metze
2010-04-01s3:winbindd: fix problems with SIGCHLD handling (bug #7317)Stefan Metzmacher3-17/+6
The main problem is that we call CatchChild() within the parent winbindd, which overwrites the signal handler that was registered by winbindd_setup_sig_chld_handler(). That means winbindd_sig_chld_handler() and winbind_child_died() are never triggered when a winbindd domain child dies. As a result will get "broken pipe" for all requests to that domain. To reduce the risk of similar bugs in future we call CatchChild() in winbindd_reinit_after_fork() now. We also use a full winbindd_reinit_after_fork() in the cache validation child now instead instead of just resetting the SIGCHLD handler by hand. This will also fix possible tdb problems on systems without pread/pwrite and disabled mmap as we now correctly reopen the tdb handle for the child. metze
2010-04-01s3: Ensure NULL termination before printing in winbindd_pam_logoffVolker Lendecke1-3/+3
2010-04-01s3: Fix a typo in winbindd_pam_logoffVolker Lendecke1-1/+1
2010-04-01s3:winbindd: correctly invalidate the cached connectionStefan Metzmacher1-6/+11
There're maybe additional TCP connection for ncacn_ip_tcp. metze
2010-04-01s3:winbindd: only set child_domain in the childStefan Metzmacher1-1/+1
metze
2010-04-01s3:winbindd: make sure we don't try rpc requests against unaccessable domainsStefan Metzmacher1-5/+28
This makes sure we don't crash while trying to dereference domain->conn.cli->foo while trying to establish a rpc connection to the server. metze
2010-04-01s3: fix a typo in winbind_client_response_writtenVolker Lendecke1-2/+2
2010-03-31s3: Fix an error message in winbindd_pam_chauthtok()Volker Lendecke1-1/+1
2010-03-31s3: Ensure null termination in winbindd_pam_chauthtok()Volker Lendecke1-0/+4
2010-03-31s3: Make check_info3_in_group staticVolker Lendecke2-4/+2
2010-03-31s3-winbind: Make append_auth_data() staticVolker Lendecke2-8/+4
2010-03-29s3:winbindd: correctly retry if the netlogon pipe gets disconnected during a ↵Stefan Metzmacher1-2/+2
logon call This fixes hopefully the last part of bug #7295. metze
2010-03-29s3:winbindd_reconnect: don't only reconnect on NT_STATUS_UNSUCCESSFULStefan Metzmacher1-14/+59
metze
2010-03-29s3:winbindd_cm: invalidate connection if cm_connect_netlogon() failsStefan Metzmacher1-2/+2
metze
2010-03-29s3:winbindd: consistently use TALLOC_FREE(conn->foo_pipe) is we create a new ↵Stefan Metzmacher1-0/+5
connection metze
2010-03-29s3:winbindd_cm: use rpccli_is_connected() helper functionStefan Metzmacher1-4/+4
metze
2010-03-29s3:winbindd_cm: use cli_state_is_connected() helper functionStefan Metzmacher1-14/+4
metze
2010-03-29s3: Fix bug 7212, "getent group does not return group members"Volker Lendecke1-0/+1
2010-03-26s3-smbd: Don't close stdout if we want to log to stdout.Andreas Schneider1-1/+1
2010-03-24s3:ntlmssp: pass names and use_ntlmv2 to ntlmssp_client_start() and store themStefan Metzmacher1-1/+5
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-22s3: Fix a bad memleak in winbindVolker Lendecke1-1/+2
2010-03-10s3: Fix a long-standing problem with recycled PIDsVolker Lendecke2-9/+6
When a samba server process dies hard, it has no chance to clean up its entries in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb. For locking.tdb and brlock.tdb Samba is robust by checking every time we read an entry from the database if the corresponding process still exists. If it does not exist anymore, the entry is deleted. This is not 100% failsafe though: On systems with a limited PID space there is a non-zero chance that between the smbd's death and the fresh access, the PID is recycled by another long-running process. This renders all files that had been locked by the killed smbd potentially unusable until the new process also dies. This patch is supposed to fix the problem the following way: Every process ID in every database is augmented by a random 64-bit number that is stored in a serverid.tdb. Whenever we need to check if a process still exists we know its PID and the 64-bit number. We look up the PID in serverid.tdb and compare the 64-bit number. If it's the same, the process still is a valid smbd holding the lock. If it is different, a new smbd has taken over. I believe this is safe against an smbd that has died hard and the PID has been taken over by a non-samba process. This process would not have registered itself with a fresh 64-bit number in serverid.tdb, so the old one still exists in serverid.tdb. We protect against this case by the parent smbd taking care of deregistering PIDs from serverid.tdb and the fact that serverid.tdb is CLEAR_IF_FIRST. CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not work when all smbds are restarted. For this, "net serverid wipe" has to be run before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up sessionid.tdb and connections.tdb. While there, this also cleans up overloading connections.tdb with all the process entries just for messaging_send_all(). Volker
2010-03-05s3:winbindd: add DEBUG(10,...) for the end of each top levelStefan Metzmacher2-6/+25
That will hopefully make debugging a bit easier (at least for me). metze
2010-03-06s3: Fix unnecessary traversing winbindd_cache.tdb in SIGHUP handler.Bo Yang1-0/+6
Signed-off-by: Bo Yang <boyang@samba.org>
2010-02-28s3: Remove unused count_all_current_connections()Volker Lendecke1-1/+0
2010-02-28s3: Fix but 7145 -- duplicate sam and unix accountsVolker Lendecke2-0/+22
For me this survives the TESTS=posix_s3 POSIX_SUBTESTS="RPC-SAMR-LARGE-DC LOCAL-NSS-WRAPPER" make test reproducer. Günther, please check! Volker
2010-02-26Fix one of the valgrind warnings from bug #6814 - Fixes for problems ↵Roel van Meer1-0/+8
reported by valgrind The timeval passed to event_add_to_select_args() must be initialized as event_add_to_select_args() uses a timeval_min() on this and next_event.
2010-02-23s3 move the sitename cache in its own fileSimo Sorce1-0/+1
2010-02-23s3: Consolidate server_id_self into the equivalent procid_self()Volker Lendecke1-1/+1
2010-02-23s3:winbindd: never mark external domains as internal!Stefan Metzmacher1-4/+1
This way we can endup with silently using builtin_passdb_methods for an ad domain without an inbound trust. This fixes bug #7170. metze
2010-02-17s3: go straight to winbindd_dual_pam_auth() in case of !NT_STATUS_OKLars Müller1-1/+1
At the formerly used process_result statement we have alone one NT_STATUS_IS_OK() which never could be hit in our case as we only go here if NT_STATUS_EQUAL is not ok.
2010-02-09s3: Don't invalidate cache for uninitialized domains.Bo Yang3-1/+52
Signed-off-by: Bo Yang <boyang@samba.org>
2010-01-28s3/winbind_ccache: Fix typo in debug message.Karolin Seeger1-1/+1
Karolin
2010-01-24s3: Add the session key to the ccache_ntlm_auth responseVolker Lendecke1-4/+18
2010-01-24s3: Add wbinfo --ccache-saveVolker Lendecke4-0/+80
With this command you can give winbind your password for later use by the automatic ntlm_auth
2010-01-14s3 winbindd: Return number of groups in data.num_entries for ↵Kai Blin1-1/+3
WINBINDD_LIST_GROUPS This allows to test if there's something wrong with the group list in extra_data or if there's simply no groups in the database. Volker, please check.
2010-01-14s3 winbindd: Get WINBINDD_CHECK_MACHACC torture test to work again.Kai Blin1-1/+4
WINBINDD_CHECK_MACHACC used to report an NTSTATUS error and appropriate error strings. Make this work again.
2010-01-13s3: Fix a winbind segfault in "trusted_domains"Volker Lendecke1-3/+4
We have to initialize domain->backend by calling "get_cache" before doing a query Thanks to Christian Ambach to find this :-)
2010-01-10s3: Fix some nonempty blank linesVolker Lendecke2-6/+6
2010-01-10s3: Replace most calls to sid_append_rid() by sid_compose()Volker Lendecke6-13/+8
2010-01-09s3: Remove a pointless "else" branch from add_ccache_to_list()Volker Lendecke1-4/+3
2010-01-09s3: Slightly simplify winbindd_store_credsVolker Lendecke1-4/+2
2010-01-09s3: Fix a segfault in winbindd_dual_ccache_ntlm_auth()Volker Lendecke1-1/+1
ntlmssp_update allocates the reply_blob as a child of ntlmssp_state. This means with ntlmss_end() it will be gone. winbindd_dual_ccache_ntlm_auth used the blob after the ntlmssp_end().
2010-01-06s3: List trusted domains from wcache when domain is offline.Bo Yang1-24/+139
Signed-off-by: Bo Yang <boyang@samba.org>
2010-01-06s3: Make winbindd_cache.c aware of domain offline to avoid unnecessary ↵Bo Yang2-4/+265
backend query. Signed-off-by: Bo Yang <boyang@samba.org>