summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2007-12-20Only retrieve password policies in pam_auth when WBFLAG_PAM_GET_PWD_POLICY ↵Michael Adam1-6/+9
is set. This essentially re-establishes r14496 (2155bb0535656f294bd054d6a0a7d16a9a71c31b) which was undone in r17723 (43bd8c00abb38eb23a1497a255d194fb1bbffffb) for reasons that are unclear to me. Maybe I am being too naive. Now we do again only retrieve the password policy when called from the pam_winbind module. This fixes logons delegated to AD trusted domain controllers: We need to connect to the sam to retrieve the password policy. But auhtenticated session setup is not possible when contacting the trusted domain dc and afterwards, SamrConnect also fails with whatever credentials and method used. Michael (This used to be commit 6d765e0de523211a2d0b43a2c4c4117f5f0c662f)
2007-12-19Remove Get_Pwnam and its associated static variableVolker Lendecke1-4/+6
All callers are replaced by Get_Pwnam_alloc (This used to be commit 735f59315497113aebadcf9ad387e3dbfffa284a)
2007-12-18Fix logic error in cm_connect_sam().Michael Adam1-1/+0
Don't fall back to schannel when trust creds could be obtained. This is still not complete, but I am getting closer. Michael (This used to be commit 7c9fa597d684a25822b4db6615f28336f2d64ef3)
2007-12-17Fix a segv in winbindd caused by trying to free an fstring.Gerald (Jerry) Carter1-2/+6
Make a copy of the machine_password and machine_account strings in all conditional paths so that SAFE_FREE() will always be valid. (This used to be commit 194c4640b158457a6d0d5ea91e28d41d619c77de)
2007-12-15s/sid_to_string/sid_to_fstring/Volker Lendecke10-45/+50
least surprise for callers (This used to be commit eb523ba77697346a365589101aac379febecd546)
2007-12-15Replace sid_string_static with sid_to_stringVolker Lendecke5-19/+43
This adds 28 fstrings on the stack, but I think an fstring on the stack is still far better than a static one. (This used to be commit c7c885078be8fd3024c186044ac28275d7609679)
2007-12-15Use sid_to_string directlyVolker Lendecke3-9/+6
It seems a bit pointless to do a fstrcpy(dst, sid_string_static(src)) (This used to be commit c221c246b10e2dbbd54a9af2dc45de2eae237380)
2007-12-15Use sid_string_talloc where we have a tmp talloc ctxVolker Lendecke1-23/+24
(This used to be commit 0a911d38b8f4be382a9df60f9c6de0c500464b3a)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke15-91/+86
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-12-15Use sid_string_talloc where we have a tmp talloc ctxVolker Lendecke1-3/+4
(This used to be commit f00ab810d2540679bec109498ac89e1eafe18f03)
2007-12-14winbindd: move domain child specific stuff into its own fileStefan Metzmacher6-114/+132
metze (This used to be commit 075d315e0f72d506b70040da10940e4af131b4e2)
2007-12-13Make cm_connect_sam() try harder to connect autheticated.Michael Adam1-9/+26
Even if the session setup was anonymous, try and collect trust creds with get_trust_creds() and use these before falling back to schannel. This is the first attempt to fix interdomain trusts. (get password policy and stuff) Michael (This used to be commit e180bbd45452435e981192028a0ad90078c04236)
2007-12-13Refactor out assembling of trust creds (pw, account name, principal).Michael Adam1-17/+38
Michael (This used to be commit 481f18b20d6d5ee12c62120a3559bb16cc98e465)
2007-12-13Streamline and fix logic of cm_prepare_connection().Michael Adam1-25/+37
Do not attempt to do a session setup when in a trusted domain situation (this gives STATUS_NOLOGON_TRUSTED_DOMAIN_ACCOUNT). Use get_trust_pw_clear to get machine trust account. Only call this when the results is really used. Use the proper domain and account name for session setup. Michael (This used to be commit 18c66a364e0ddc4960769871ca190944f7fe5c44)
2007-12-13Rename get_trust_pw() to get_trust_pw_hash().Michael Adam1-2/+2
Michael (This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
2007-12-13Let get_trust_pw() determine the machine_account_name to use.Michael Adam1-19/+3
Up to now each caller used its own logic. This eliminates code paths where there was a special treatment of the following situation: the domain given is not our workgroup (i.e. our own domain) and we are not a DC (i.e. it is not a typical trusted domain situation). In situation the given domain name was previously used as the machine account name, resulting in an account name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me. get_trust_pw would not have obtained a password in this situation anyways. I hope I have not missed an important point here! Michael (This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
2007-12-13Streamline logic in cm_connect_netlogon()Michael Adam1-5/+6
by retrieving trust password only, when it will be used. Michael (This used to be commit cdc60d8ae8c0ef804206b20b451e9557f97d4439)
2007-12-13In cm_prepare_connection(), only get auth user creds if we need to.Michael Adam1-2/+2
Michael (This used to be commit 164bfb25d7b5cfeffeb4d81958b7629a11ca5d5e)
2007-12-12Don't restart winbind if a corrupted tdb is found during initialization.Andreas Schneider2-17/+10
The tdb is validated before it gets initialized. Since then sighandlers changed a restart isn't needed anymore. (This used to be commit aabe9b33fcaed8af98b1ed6b736253e196d87d48)
2007-12-12winbindd: remove unused WINBINDD_DUMP_MAPS supportStefan Metzmacher4-157/+0
Also the design of this function was really bad, instead do the dump into a file, the client should get back the list of mappings. metze (This used to be commit ce7fe8acf41e90553431c7cda6823700701835c7)
2007-12-12winbindd: remove unused WINBINDD_DUAL_NAME2*ID and WINBINDD_DUAL_*ID2NAME callsStefan Metzmacher1-255/+0
WINBINDD_DUAL_UID2NAME WINBINDD_DUAL_NAME2UID WINBINDD_DUAL_GID2NAME WINBINDD_DUAL_NAME2GID metze (This used to be commit fd4499ee438e4947990200db529363d51bd2c956)
2007-12-11winbindd: pass const char *logfile to winbindd_dump_maps_async()Stefan Metzmacher2-7/+15
metze (This used to be commit a52237e3a10aa4ac15cd9e7b859a54c46bfa9cdf)
2007-12-11winbindd: rename child table struct elementsStefan Metzmacher4-57/+150
Add struct_ prefix to struct based protocol specific elemetens struct winbindd_child_dispatch_table. metze (This used to be commit 4ab9a8aab72a8406659a72e87b2d2a1ec2a2eabf)
2007-12-11idmap: add a const to idmap_dump_maps()Stefan Metzmacher1-1/+1
metze (This used to be commit de31913f0a4fd407d935ec4e27a6123ab7847ab5)
2007-12-10Remove the char[1024] strings from dynconfig. ReplaceJeremy Allison4-8/+8
them with malloc'ing accessor functions. Should save a lot of static space :-). Jeremy. (This used to be commit 52dc5eaef2106015b3a8b659e818bdb15ad94b05)
2007-12-07Remove next_token - all uses must now be next_token_talloc.Jeremy Allison1-5/+11
No more temptations to use static length strings. Jeremy. (This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de)
2007-12-07Don't build rpctorture anymore - not maintained. Just remove.Jeremy Allison1-1/+1
Remove all vestiges of pstring (except for smbctool as noted in previous commit). Jeremy (This used to be commit 4c32a22ac50ada3275d2ffba3c1aa08bee7d1549)
2007-12-06Improve a debug message.Michael Adam1-1/+1
Michael (This used to be commit 1ea3ec9271f56f7aec8a01681f5eb4adcbfe0588)
2007-12-05Fix a debug message (missing newline).Michael Adam1-1/+1
Michael (This used to be commit 2a1755327f6cef6c969308e9ebcb238048535533)
2007-12-05Remove some globalsVolker Lendecke1-4/+4
(This used to be commit 31d0a846db08d845e6cdfd85def4ac1c34031e02)
2007-12-03Remove more pstrings, from the winbindd protocol def andJeremy Allison2-8/+13
inside winbindd. Remove unused pstring types. Jeremy. (This used to be commit 9ccac8abb0420393569dbca73e7daf2742aa1099)
2007-12-03Last pstring here.Jeremy Allison1-4/+6
Jeremy. (This used to be commit 98d86dcbd898f48748bbfbe1066a7014d25392d1)
2007-11-29Remove the explicit TALLOC_CTX * from cli_struct.Jeremy Allison1-11/+12
Make us very explicit about how long a talloc ctx should last. Jeremy. (This used to be commit ba9e2be2b5a59684e854609f9d82ea1633448c62)
2007-11-27Remove pstrings from everything except srv_spoolss_nt.c.Jeremy Allison3-8/+8
Jeremy. (This used to be commit 0002a9e96b0ef78316295a6eb94ff29b64e2f988)
2007-11-21Add set_sockaddr_port function for winbindd.Jeremy Allison1-0/+2
Jeremy. (This used to be commit 4b47052694285a1d1d313dfd61bd17011d62948d)
2007-11-20More pstring elimination.Jeremy Allison1-9/+13
Jeremy. (This used to be commit 15074de938539e7a9c527d9a6d81792adc2ac3d0)
2007-11-20Prevent segv in winbindd running on a DC using the "idmap backend" syntax.Gerald (Jerry) Carter1-7/+8
The number of domains should be counted as they are added and not assumed to match the loop counter. manually cherry-picked 8ad2826c48a0d4d26abc3bb209860c776f55822f (This used to be commit 99b75cada2c4caaec5d30c8351080f0a41e44bd1)
2007-11-15More pstring removal. This one was tricky. I had to addJeremy Allison1-1/+3
one horror (pstring_clean_name()) which will have to remain until I've removed all pstrings from the client code. Jeremy. (This used to be commit 1ea3ac80146b83c2522b69e7747c823366a2b47d)
2007-11-05Remove the horror that was the global smb_rw_error.Jeremy Allison1-2/+2
Each cli struct has it's own local copy of this variable, so use that in client code. In the smbd server, add one static to smbd/proccess.c and use that inside smbd. Fix a bunch of places where smb_rw_error could be set by calling read_data() in places where we weren't reading from the SMB client socket (ie. winbindd). Jeremy. (This used to be commit 255c2adf7b6ef30932b5bb9f142ccef4a5d3d0db)
2007-11-01Patch 2 of 3 from Debian Samba packagers:Gerald (Jerry) Carter1-1/+1
The point is doing the following associations: - non discardable state data (all TDB files that may need to be backed up) go to statedir - shared data (codepage stuff) go to codepagedir The patch *does not change* the default location for these directories. So, there is no behaviour change when applying it. The main change is for samba developers who have to think when dealing with files that previously pertained to libdir whether they: - go in statedir - go in codepagedir - stay in libdir (This used to be commit d6cdbfd875bb2653e831d314726c3240beb0a96b)
2007-10-30start smbd, nmbd and winbindd with the same startup messageStefan Metzmacher1-3/+2
at debug level 0. metze (This used to be commit 95f76ae7a52c6b22db22d03fed6b0848d2a61bee)
2007-10-27Two patchesVolker Lendecke1-1/+1
Hi! Can you check and push them? Thanks, Volker From b488af5905e2dee12a1a72a3b40801ae5c26f24f Mon Sep 17 00:00:00 2001 From: Volker Lendecke <vl@sernet.de> Date: Sat, 27 Oct 2007 14:20:09 +0200 Subject: [PATCH] Fix some warnings and errors (This used to be commit e17d3e10e860c96b6d5208e5fe51e43b8e58c174)
2007-10-24This is a large patch (sorry). Migrate from struct in_addrJeremy Allison6-113/+172
to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
2007-10-24handle wellknown sids in winbindd_passwd.cStefan Metzmacher1-1/+2
metze (This used to be commit 251bd4ea4cdd0a751ed3b91562272221af148e37)
2007-10-22r25573: Add my (C) as wellSimo Sorce1-0/+1
(cherry picked from commit a024e27e7136deb87aeed995348a1c494a850ce6) (This used to be commit 37ee6f498b175b8f3b7e75eba8dd7c709327384c)
2007-10-22r25571: split up child_dispatch_table into domain, idmap and locator tablesStefan Metzmacher5-41/+87
metze (cherry picked from commit abbb36a37c1dba2218a6c7ec31739eba5f250127) (This used to be commit 5af1b45ed31043f952ec141d0f5f2973aec69d1a)
2007-10-22r25570: move code of the locator child into its own fileStefan Metzmacher2-64/+90
metze (This used to be commit 56640908a6367acfdfd53568a0d329c13330e5eb)
2007-10-22r25569: move more idmap stuff into winbindd_idmap.cStefan Metzmacher2-12/+12
metze (cherry picked from commit 953229f040580071f6ee09413f67f7edd3227728) (This used to be commit 590954407b5badfb9d6b8fb55077dc6a520fb816)
2007-10-22r25568: move idmap related functions into their own file.Stefan Metzmacher2-741/+778
the final goal is to have 3 child dispatch tables 'domain', 'idmap' and 'locator' instead of one. metze (cherry picked from commit 97c63f1b95190f3bcc1d9f34765934c97ffb720c) (This used to be commit a1c354866c04a305aa28a287dc6c72db1aa845a9)
2007-10-22r25567: make do_async() non staticStefan Metzmacher1-6/+6
metze (cherry picked from commit badc714d7f82f8d7c21ecfeab137efb57e970210) (This used to be commit d623b2fa710cfe7ef85b7e9dd84b274b081841ae)