summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2013-09-23build: fix spacing in definition of "idmap_ldap" moduleMichael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-23build: fix spacing in the definition of the "idmap_autorid" targetMichael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Sep 23 10:11:51 CEST 2013 on sn-devel-104
2013-09-23build: remove vars=locals() from the nss_info library: there is no need for thisMichael Adam1-1/+0
Might have been a copy'n'paste. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-23build: remove vars=locals() from the IDMAP_HASH subsystem: there is no need ↵Michael Adam1-2/+1
for this Might have been a copy'n'paste. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-23build: clean the idmap sybsystems/modules definitionsMichael Adam1-33/+13
Directly list the sources in the definitions of subsystems/modules/libraries Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-23build: remove vars=locals() from the IDMAP_AD subsystem: there is no need ↵Michael Adam1-1/+0
for this Might have been a copy'n'paste. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-23build: reorganize idmap_rw and idmap_tdb int subsystems with proper dependenciesMichael Adam1-7/+13
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-10s3-winbind: Add support for the kernel krb5 keyring buffer.Andreas Schneider1-0/+4
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2013-09-10s3-winbind: Don't set a default directory for DIR.Andreas Schneider1-4/+0
There is not default so you should always have to specify a directory in the config file. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2013-09-05lib: Use "mem_ctx" arg in gencache_getVolker Lendecke1-1/+2
Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Sep 5 20:09:21 CEST 2013 on sn-devel-104
2013-09-05Add a talloc context to sitename_fetch().Jeremy Allison1-4/+4
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-09-05Add a talloc context to saf_fetch().Jeremy Allison2-7/+9
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-09-05lib: Add a "mem_ctx" arg to gencache_get (unused so far)Volker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-29s3:winbind: fail ads_cached_connection_connect() if realm == NULLMichael Adam1-0/+4
This prevents segfaults when e.g. a previous SMB_STRDUP failed.. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Aug 29 18:54:28 CEST 2013 on sn-devel-104
2013-08-29s3-winbindd: remove unneded include of secrets.h from idmap_ad.cGünther Deschner1-1/+0
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-08-29s3-winbindd: use get_trust_pw_clear() wrapper for AD connection code.Günther Deschner1-7/+4
This avoids calling secrets functions directly. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-08-29s3-winbindd: make sure also the idmap code can deal with trusted domains.Günther Deschner1-9/+31
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-08-29s3-winbindd: use find_domain_from_name() instead of ↵Günther Deschner1-2/+2
find_domain_from_name_no_init(). Otherwise there is a good chance the domain has not been connected and we don't know the realm name yet. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-08-29s3-winbindd: Fix winbind on DC crash with trusted AD domains.Günther Deschner1-1/+1
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-08-29s3-winbindd: Fix memory leak in ads_cached_connection().Günther Deschner1-1/+1
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-08-29s3-winbindd: remove pointless variable assigment, see the strdup below.Günther Deschner1-1/+0
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-08-15s3:winbindd: make use of lp_cli_{min,max}protocol()Stefan Metzmacher1-2/+3
This changes winbindd back to use NT1 as defeault. https://bugzilla.samba.org/show_bug.cgi?id=9514 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-15Followup patch for BUG: https://bugzilla.samba.org/show_bug.cgi?id=10082Andreas Schneider1-1/+1
Thanks to Jim Brown <jim.brown@rsmas.miami.edu> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Aug 15 03:46:20 CEST 2013 on sn-devel-104
2013-08-14winbind3: Fix an invalid freeVolker Lendecke1-1/+1
This fixes a warning I've never seen before :-) ../source3/winbindd/winbindd_cm.c:781:59: warning: attempt to free a non-heap object ‘machine_krb5_principal’ [-Wfree-nonheap-object] Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Aug 14 14:04:16 CEST 2013 on sn-devel-104
2013-08-13s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat().Günther Deschner1-2/+7
Fallback to lsa named-pipe connection when tcp connection has failed twice (it could be a trusted domain connection where we cannot setup a secure channel). Guenther BUG: https://bugzilla.samba.org/show_bug.cgi?id=9615 BUG: https://bugzilla.samba.org/show_bug.cgi?id=9899 Signed-off-by: Günther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Tested-by: Christof Schmitt <christof.schmitt@us.ibm.com> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Aug 13 20:55:33 CEST 2013 on sn-devel-104
2013-08-13s3-winbind: Fix a segfault passing NULL to a fstring argument.Andreas Schneider1-2/+11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10082 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Aug 13 13:58:26 CEST 2013 on sn-devel-104
2013-08-05s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth().Günther Deschner1-5/+5
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05s3-rpc_cli: pass down ndr_interface_table to ↵Günther Deschner1-4/+4
cli_rpc_pipe_open_schannel_with_key(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-07-29s3:winbind: add a warning DEBUG message when skipping a sid from the mapped ↵Michael Adam1-0/+18
GID list This presents a potential security problem when ACLs contain DENY ACEs. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Jul 29 14:42:27 CEST 2013 on sn-devel-104
2013-07-29s3:winbind: change getgroups to only do one sids2xids call instead of manyMichael Adam1-26/+42
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-07-29s3:winbind: fix the getgroups implementation to include the user sid's GID ↵Michael Adam1-3/+5
in case of ID_TYPE_BOTH This is important for acl checks on the unix level where only a group ace has been added to the ACL for the user sid, e.g. when accessing Files with nfs or local unix processes. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-07-29s3:winbind: fix gid counting and error handling in the getgroups implementationMichael Adam1-6/+10
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-07-23s3-winbindd: support the DIR pragma for raw kerberos user pam authentication.Günther Deschner1-0/+23
It is currently only available in MIT. In addition, allow to define custom filepaths for FILE, WRFILE and DIR pragmas and substitute one occurence of the %u pattern. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-08s3:idmap_autorid: Add a NULL check in idmap_autorid_preallocate_wellknownVolker Lendecke1-0/+4
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-07-08s3:idmap_autorid: Don't zero in idmap_autorid_preallocate_wellknownVolker Lendecke1-1/+1
We initialize everything later anyway Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-07-08s3:idmap_autorid: Use ARRAY_SIZE where appropriateVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-07-15s3-winbind: Do not delete an existing valid credential cache.Andreas Schneider1-0/+8
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9994 Thanks to David Woodhouse <dwmw2@infradead.org>. Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jul 15 12:48:46 CEST 2013 on sn-devel-104
2013-07-02s3-winbind: Allow sec_initial_uid() to store creds.Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jul 2 23:26:24 CEST 2013 on sn-devel-104
2013-06-27winbindd and nmbd don't set their umask to zero on startup like smbd does.Jeremy Allison1-0/+6
Fix this - we already control tightly what permissions are on the files we create. Ensure we don't get surprised. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Jun 27 02:02:24 CEST 2013 on sn-devel-104
2013-06-20Fix bug #9166 - Starting smbd or nmbd with stdin from /dev/null results in ↵Jeremy Allison1-1/+14
"EOF on stdin" Only install the stdin handler if it's a pipe or fifo. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-25winbind: Print error code on connection error in ping_dcChristof Schmitt1-1/+2
For debugging, it is useful to include the error code in the message. Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Sat May 25 23:11:23 CEST 2013 on sn-devel-104
2013-05-14winbind/idmap_ad: be verbose about the user that we fail to mapBjörn Jacke1-2/+3
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-07winbind: Fix bug 9854 -- NULL pointer dereferenceVolker Lendecke1-3/+3
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue May 7 14:49:07 CEST 2013 on sn-devel-104
2013-05-06s3:idmap:autorid: add a comment block explaining the calculationsMichael Adam1-0/+51
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: simplify the id->sid calculationMichael Adam1-7/+13
To make it more intutive. rid = reduced_rid + domain_range_index * range_size where reduced_rid = (id - id_low) % range_size Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: calculate the range's low_id in ↵Michael Adam1-8/+9
idmap_autorid_get_domainrange() This way, the calculation needs to be don only in one central place and the formulas get simpler. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: make calculation in idmap_autorid_sid_to_id much more obviousMichael Adam1-3/+6
This is my attempt to make the sid->unix-id calculation much more obvious. Especially with the introduction of the multi-range support an the originally named "multiplier", the calculation id = low_id + range_size * domain_number + rid - range_size * multiplier was rather opaque to me. What really happens here is this: The rid is split into a reduced_rid part that is < rangesize and a multiple of rangesize. This is given by the formula rid = rid % range_size + (rid / range_size) * range_size We define reduced_rid := rid % range_size and domain_range_index := rid / range_size ( == the original multiplier) and the original formula is equivalent to: id = reduced_rid + low_id + range_number * range_size; and reads id = reduced_rid + range_minvalue if we set range_minvalue := low_id + range_number * range_size. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: rename range.multiplier to domain_range_indexMichael Adam1-15/+17
The name multiplier is very confusing (at least for me). This is an index that is used to reference the various per-domain ranges. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: rename autorid_range_config.sid to domsid, along with ↵Michael Adam1-12/+12
instances Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: rename autorid_domain_config --> autorid_range_config and ↵Michael Adam1-37/+37
instances to "range" This describes it better with the new support for multiple ranges for domains. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
generated by cgit (git 2.34.1) at 2024-06-29 06:35:59 +0000