summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2008-02-05Small whitespace cleanup + check for null returns on talloc_strdup.Jeremy Allison1-8/+12
Jeremy. (This used to be commit 654484b9a2d8d2be20f02d228d53a23936d1703b)
2008-02-05Use rpccli_samr_QueryGroupMember() all over the place.Günther Deschner1-3/+7
Guenther (This used to be commit 1793ed10df7f403b85a4e52c67cbfb277b23b30b)
2008-02-05Use rpccli_samr_GetAliasMembership() in winbindd and rpcclient.Günther Deschner1-16/+21
Guenther (This used to be commit 5c167162856fd1e13a3e04423cfc0cc936ae26b0)
2008-02-04Use rpccli_samr_Connect2() all over the place.Günther Deschner1-12/+15
Guenther (This used to be commit bdf8d562621e1a09bf83e2009dec24966e7fdf22)
2008-02-04Fix a typo in a debug message.Michael Adam1-1/+1
Michael (This used to be commit 3865a7e6a19630f8a90140accf4a6e93d4f70e6c)
2008-02-02Convert read_data() to NTSTATUSVolker Lendecke1-9/+11
(This used to be commit af40b71023f8c4a2133d996ea698c72b97624043)
2008-02-01Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-testSimo Sorce17-315/+1767
(This used to be commit 7dbfc7bdc65314466a83e8121b35c9bcb24b2631)
2008-02-01Fix winbindd running on a Samba DC,Simo Sorce2-6/+11
This patch make sure we do not try to contact smbd in the main dameon to avoid deadlocks. All the operations that require connecting to smbd are performed in the domain child anyway. (This used to be commit 9347d34b502bef70cdae8f3e8acd9796dba49581)
2008-02-01Use rpccli_samr_OpenUser() all over the place.Günther Deschner2-9/+15
Guenther (This used to be commit da90eb7653554d242da83ed98adae35ced3a2938)
2008-02-01Use rpccli_samr_OpenGroup() all over the place.Günther Deschner1-2/+5
Guenther (This used to be commit d019fc69a986937880121c2587d3fe37f995edae)
2008-02-01Use rpccli_samr_OpenDomain() all over the place.Günther Deschner1-6/+6
Guenther (This used to be commit e4e9d72724d547e1405b2ed4cec509d50ec88c8d)
2008-01-31Remove rpccli_samr_close and use pidl generated function instead.Günther Deschner2-6/+6
Guenther (This used to be commit 64f0889401855ab76953bfae5db4fe4df19ad8a5)
2008-01-29Remove include/rpc_ds.h and all references to it completly.Günther Deschner5-27/+27
Jerry, please have a look if you're fine with that. Guenther (This used to be commit beae25c808a3a03d645f247e9befcd05e3ecca2c)
2008-01-29Use another pidl generated call to enumerate ds trusted domains in winbindd.Günther Deschner1-26/+23
Guenther (This used to be commit f6397fbeae6668c6d0470f968cb1506b3ce34e4a)
2008-01-29Use pidl generated call to enumerate ds trusted domains in winbindd.Günther Deschner1-12/+19
Guenther (This used to be commit 3a3c1aed9bfc681457aa06f706fc6fe2d9b2e903)
2008-01-29Eliminate remote tree of dsgetdcname (which will happen in libnetapi then).Günther Deschner1-1/+1
Guenther (This used to be commit fd490d236b1fb73a75c457b75128c9b98719418f)
2008-01-25Always trust the domain flags in the wcache trusted domain cache.Gerald W. Carter1-13/+33
Use the flags stored in the tdb when determining if a domain can be contacted. The tdb should be considered authoratative anyways unless you know the flags in the winbindd_domain are correct (such as when first enumerating trusts). Original suggestion and patch from Steven Danneman <steven.danneman@isilon.com>. Manually rewritten by me for 3.2. (This used to be commit f53658a20de07a29abbe2e90917b328d00fc0024)
2008-01-25Use the correct domain name when looking up the trust password.Gerald W. Carter1-1/+15
On a DC, we always use the domain name given. On a domain member, we use lp_workgroup(). This fixes a bug supporting trusted domains. (This used to be commit 8b063a414149bdf401a8f854d55ed7dc6f94cb60)
2008-01-25Fix winbindd_can_contact_domain() on a samba DC.Michael Adam1-3/+6
The check for inbound trusts is invalid when samba is a DC and has a trust with an active directory domain. This effectively prevented tusts with an AD domain on a samba DC from working (unless using "winbindd rpc only"), because an ads_connect() was never performed. Only the rpc-based winbindd methods were working properly. Jerry: Please check! Michael (This used to be commit dcd42a1e0642c69348adfaeecef7f7f2f074ac30)
2008-01-25Use generated DSSETUP client & server rpc functions and remove the ↵Günther Deschner1-15/+16
hand-written ones. Guenther (This used to be commit d5ebfccebb1f1b56b45673a506fcdb414103c43b)
2008-01-25Add debug message: show which domain_child is being forked.Michael Adam1-0/+7
Michael (This used to be commit 373a00ae0d667d257fa93ab14c773e841f2c4f1a)
2008-01-25Add a debug message winbindd_can_contact_domain()Michael Adam1-0/+2
explaining the reason for failure. Michael (This used to be commit ba5373ed7f74d560a9de8620039b596b8938d1dc)
2008-01-25Fix assignment to request->data.init_conn.is_primary in init_child_connection().Michael Adam1-1/+1
The present assignment "request->data.init_conn.is_primary = domain->internal ? False : True" simply feels wrong. This seems to be the thing right to do: "request->data.init_conn.is_primary = domain->primary ? true : false". The question is: Does this have any purpose at all? data.init_conn.is_primary seems to be used nowhere in the whole code at all. Is it (still) needed? Michael (This used to be commit 8bb21b8b3802e7b093a3c4fb41b8550033388878)
2008-01-24Fix winbindd build w/o ADS.Günther Deschner1-3/+7
Guenther (This used to be commit 40daef4c3d822a28467ff521efca6a55a0370050)
2008-01-24Add winbind_msg_dump_domain_list to winbindd.Günther Deschner2-0/+88
Guenther (This used to be commit 54ad97bd8364c393de2c9471a4c14ca5b880b318)
2008-01-24Add winbindd debugging ndr_print helpers.Günther Deschner1-0/+149
Guenther (This used to be commit 4389e4dadbf07c176d9102b74c06e62ecfc242be)
2008-01-23Windows 2008 (Longhorn) auth2 flag fixes.Andreas Schneider1-1/+1
Interop fixes for AD specific flags. Original patch from Todd Stetcher. (This used to be commit 5aadfcdaacd6f136eab9e107a88b8544e6d2105f)
2008-01-23Fix panic: Don't free the logfilename in winbind_child_died().Michael Adam1-1/+0
The child struct is immediately reused, and this results in a panic when child->logfilename == NULL. Michael (This used to be commit da131d089db98017632103aa9bbe38c98f7a3fc1)
2008-01-23Initialize _domain_list to NULL.Michael Adam1-1/+1
Just to be sure the "if (!_domain_list)" in domain_list() test always works. Michael (This used to be commit 1f49065d44dd7570d5a9928359751bd36f287952)
2008-01-23Fix get_trust_creds() to return always an upper-cased krb5 principal (thisGünther Deschner1-4/+8
fixes winbind krb5 session at least with heimdal). Guenther (This used to be commit 9cf3a98eacea2dd07f89245f147e002b3f49482e)
2008-01-21winbindd: remove useless strcpyStefan Metzmacher1-4/+1
metze (This used to be commit df08708fc1e8fc8e15b36db29faf35ae5ae64b65)
2008-01-20Fix a segfaultVolker Lendecke1-3/+10
Pointed out by Steven Danneman on irc, thanks! Jerry, Günther, please check! (This used to be commit 9e71c89ac648040739ef2161a2e6c4299be1e35b)
2008-01-17Finally enable pidl generated SAMR & NETLOGON headers and clients.Günther Deschner2-4/+4
Guenther (This used to be commit f7100156a7df7ac3ae84e45a47153b38d9375215)
2008-01-16Convert old sid-string handling in idmap_tdb2 to a new oneAlexander Bokovoy1-4/+7
(This used to be commit ee851730cef1eb506b47faf57e25789ad3c6aafa)
2008-01-16idmap TDB2 backend, used for clustered Samba setups.Alexander Bokovoy1-0/+1014
This uses 2 tdb files. One is permanent, and is in shared storage on the cluster (using "tdb:idmap2.tdb =" in smb.conf). The other is a temporary cache tdb on local storage. Signed-off-by: Alexander Bokovoy <ab@samba.org>(This used to be commit b6df7e7709365fb620867ad8954bc5bf24496775)
2008-01-15Apply const to rpccli_lsa_query_info_policy() and ↵Günther Deschner1-3/+3
rpccli_lsa_query_info_policy2(). Guenther (This used to be commit 7a3fe68bef7acde9d9f8a7a44ce7e9432f3c5a95)
2008-01-11Ensure we don't access an uninitialized variableJeremy Allison1-1/+1
(CID 535 - actually false but easy to shut up :-). Jeremy. (This used to be commit 4038bb3a9485943db58d9fe30947e11522ce283d)
2008-01-11As long as DsGetDcName is not part of libnetapi, lowercase the fn name.Günther Deschner1-3/+3
Guenther (This used to be commit 19a980f52044a170618629e5b0484c1f6b586e5f)
2008-01-09Convert add_sid_to_array() add_sid_to_array_unique() to return NTSTATUS.Michael Adam5-46/+58
Michael (This used to be commit 6b2b9a60ef857ec31da5fea631535205fbdede4a)
2008-01-09Fix prototype: Add a void to an empty function parameter list.Michael Adam1-1/+1
Michael (This used to be commit 3f89aea8e4df3a2de8c5e4c6f4e417567adb2d67)
2008-01-07Fix build warning.Günther Deschner1-16/+18
Guenther (This used to be commit 73233a06d6f0f1346c48b465750af4b532cd7306)
2008-01-07Use the proper boolean constants.Michael Adam1-93/+93
Michael (This used to be commit 6f673b7f10c145d88e6a6d3072b5f8cd98837304)
2008-01-07Fix a comment.Michael Adam1-1/+2
Michael (This used to be commit 62d6d4fff2edcce04e793d2a2f877cb3f4fedbdb)
2008-01-07Make wcache_invalidate_cache() return bool, not int.Michael Adam2-4/+4
Michael (This used to be commit dba24ceae78ffc49200b647838b6bf3657275add)
2008-01-07Add some braces to if statement.Michael Adam1-1/+2
Michael (This used to be commit 66fc1db1d19d11792d9506b06ad914d88b7e0663)
2008-01-07Prevent winbindd from segfaulting due to corrupted cache tdb.Andreas Schneider2-4/+36
If we try to flush the caches and due to a corrupted tdb we and have no tdb context close the tdb and validate it. Initialize the cache afterwards again. (This used to be commit d0c0f91fb9f3438a18c6f47ed894f525beb75cbf)
2008-01-04Fix the inherited trust flags when spidering the trust heirarchy.Gerald (Jerry) Carter2-3/+19
Also *do not* clear the trust list when rescanning or else it is possible to suffer from a race condition where no trusted domains can be found. (This used to be commit e7164a252bf213a74d6eeac5aa04645eed5be241)
2008-01-04Add a missing check for dealing with a one-way trust in query_user().Gerald (Jerry) Carter1-0/+6
(This used to be commit f89e356bdaa203ef0a3ce6b8bd52170afa68a2c9)
2008-01-04Ensure that winbindd_getgroups() can deal with a UPN name.Gerald (Jerry) Carter1-1/+10
A user logging in via GDM was not getting a complete list of supplementary groups in his/her token. This is because getgroup() was not able to find the winbindd_domain* using the DNS name. Fallback to matching the DNS name is the short name match failes. (This used to be commit 2030a8de19a2c7c735a8aa367dd953e4a5c447b8)
2008-01-04When connecting to an AD DC, use the DsGetDCName variant.Gerald (Jerry) Carter1-2/+36
This allows us to deal with child domains in transitive forest trusts. It also allows us to fill in the forest name to the target domain to the struct winbindd_domain *. (This used to be commit ed30516bb0f55f9ba466debf91b6e33d1c28a484)