summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2008-08-25winbindd: use set_auth_errors() in winbindd_dual_check_machine_acct as well.Günther Deschner1-4/+1
Guenther (This used to be commit bb9c59e892cc9d3047bde89a15cc341e2bd21bc5)
2008-08-25winbindd: move set_auth_errors to util functions.Günther Deschner3-12/+13
Guenther (This used to be commit ae3fa60c4546c7420722d8f422c22bbfd623ff5b)
2008-08-25winbindd: only create machine pwd change event when in primary domain child.Günther Deschner1-1/+1
Guenther (This used to be commit 543dfdc1cf6baf60bffc23c6aebc542fd58d2d2e)
2008-08-23Fix some nonempty blank linesVolker Lendecke1-26/+26
(This used to be commit 541e088656773d2b3b56a5a8bdc8dea6c9edec86)
2008-08-23Use talloc_stackframe() in machine_password_change_handlerVolker Lendecke1-9/+5
(This used to be commit 79103000b13c95325534db749a0da638a3eb1807)
2008-08-23Fix a memleak in calculate_next_machine_pwd_changeVolker Lendecke1-2/+7
(This used to be commit 5314f06dcdf14ce5e038a03a3e4dfded227bd00c)
2008-08-23winbindd: add event based machine password change.Günther Deschner2-0/+120
Guenther (This used to be commit 15b72d44cbde0b8a375d8ed3d045c40ae97ec05a)
2008-08-22Don't re-initialize a token when we already have one. This fixes the build ↵Jeremy Allison1-0/+3
farm failures when winbindd connects as guest. This one took a *lot* of tracking down :-). Jeremy. (This used to be commit dca827791276906436452c650062164eb819dfe0)
2008-08-22idmap_gid_to_sid: Fix a cut-a-npaste error.Gerald (Jerry) Carter1-1/+1
The call was looking up a uid and not gid in the cache. (This used to be commit 25293ba1507f8f8fa7e33c302200184e980bb123)
2008-08-22winbindd: Fix crash in cm_connect_sam()Gerald (Jerry) Carter1-2/+7
Fix segv when talking to parent DC (joined to child domain). The root cause was (a) storing the parent domain in the cli_state struct caused the NTLMSSP pipe bind to fail which made us fallover to the schannel code path (b) the dcinfo pointer in cm_get_schannel_dcinfo() was returning NULL even though the function indicated success. (This used to be commit 5ce4a2ae6697970ea37d0078a506615b4b7a9a9c)
2008-08-20Here is a re-working of the winbinddJeremy Allison3-9/+33
reconnect code to cope with rebooting a DC. This replaces the code I asked Volker to revert. The logic is pretty simple. It adds a new parameter, "winbind reconnect delay", set to 30 seconds by default, which determines how long to wait between connection attempts. To avoid overwhelming the box with DC-probe forked children, the code now keeps track of the DC probe child per winbindd_domain struct and only starts a new one if the existing one has died. I also added a little logic to make sure the dc probe child always sends a message whatever the reason for exit so we will always reschedule another connect attempt. Also added documentation. Jeremy. (This used to be commit 8027197635b988b3dcf9d3d00126a024e768fa62)
2008-08-19winbindd: consistently use false/true.Günther Deschner1-27/+27
Guenther (This used to be commit e8619121d16d086f1ab186051d0ecdc83c02e5b5)
2008-08-19winbindd: use set_auth_errors (avoid code duplication).Günther Deschner1-28/+6
Guenther (This used to be commit ae35a5110ea03d8ff27f320cdc685e5623715a2a)
2008-08-19winbindd: fill_in_password_policy (to avoid redundant code).Günther Deschner1-20/+18
Guenther (This used to be commit dbfa7ba14c9f1a4d7a1e7205dd0b3ea2fc2e6131)
2008-08-19winbindd: kill some trailing/leading whitespace.Günther Deschner1-159/+159
Guenther (This used to be commit b5bb7844952a87b123551b478b60bfe232afc308)
2008-08-16Fix bug 5696. The problem was when smbdJeremy Allison1-2/+18
was asking for a winbindd name to SID lookup of "Unix Group\name" where "name" was also a valid username, the winbindd passdb lookup of that name was losing the domain string info before calling lookup name (ie. lookup_name() was being called with just the string "name", not the full string "Unix Group\name"). The passdb backend of winbindd has to cope with not only names from it's own global SAM domain, but it does lookups for BUILTIN and "Unix User" and "Unix Group" also, so making it guess by losing the domain string is "A Bad Idea" (tm) :-). Note that as winbind globally calls winbind_off() at startup, it's safe for winbind to call sys_getgrnam() to do the "Unix Group" lookup from inside lookup_name(). Jeremy. (This used to be commit 5293af6c3cbfdde340e6add47b914b6ee6fd7b6f)
2008-08-16Attempt to fix Coverity ID 596Volker Lendecke1-1/+1
Jeremy, please check & push if it's ok. (This used to be commit f06070c188d6d2efed3205bbc9c3c290718397b1)
2008-08-15I think the problem with these functions is that lookup_usergroupsHerb Lewis1-1/+1
should never include the user SID. The comment for the function in winbindd/winbindd_ads.c says /* Lookup groups a user is a member of. */ The following patch makes the wbinfo calls return the correct data before and after a login. wbinfo --user-domgroups and --user-sids (This used to be commit 7849938906a9c859805cbaeca66fae9d3c515aad)
2008-08-14Revert "Add winbind:online check timeout parameter"Volker Lendecke1-16/+0
This reverts commit 9920473cc165e75ee9aa5cbb9e568eb5fb67e9e6. (This used to be commit 34a32db9060e7b60455774f923f61b7367ee3fcf)
2008-08-13use transactions in idmap_tdb2Andrew Tridgell1-18/+42
(This used to be commit 32b8db27652a66a2ade547a6d27f34d0816f7296)
2008-08-13first cut at adding full transactions for ctdb to samba3Andrew Tridgell1-4/+0
(This used to be commit f91a3e0f7b7737c1d0667cd961ea950e2b93e592)
2008-08-13got rid of the redundent cache databaseAndrew Tridgell1-134/+28
(This used to be commit 126f4ac8e85458ee4693b89a184b99420f1b6bee)
2008-08-13idmap tdb2: fix inconsistent mappings by checking for race and retrying to ↵Michael Adam2-57/+22
fetch mapping. Michael (This used to be commit cb4c74c9c206e5a445ca636fa6562ce721ea5839)
2008-08-13idmap tdb2: fix broken logic in tdb2_delete_bystring().Michael Adam1-5/+8
1. use the return value that idmap_tdb2_open_perm_db() gives us 2. don't delete frep the local db if deleting from the perm db failed. 3. fix wrong interpretation of return value of the local delete Michael (This used to be commit 147573d7f6faab0ad90258b6a28c4b9575ccb6ea)
2008-08-13idmap tdb2: fix broken logic in tdb2_store_bystring().Michael Adam1-5/+8
1. use the return value that idmap_tdb2_open_perm_db() gives us 2. don't write to the local db if writing to the perm db failed. 3. fix wrong interpretation of return value of the local store Michael (This used to be commit be8c6b4f2f40014313899b5cbc1da9d390d94fee)
2008-08-13Add winbind:online check timeout parameterVolker Lendecke1-0/+16
This is a band-aid for the rather convoluted offline/online mess in winbind right now. Winbind re-uses the offline functionality that is targeted at domain client installations on laptops to not overload disfunctional DCs. It uses the winbind cache timeout as the retry timeout after a DC reboot. I am using a parametric options because when this mess is cleaned up, that parameter needs to go away again. I'd recommend to use something like winbind:online check timeout = 30 in typical LAN environments. This means a reconnect is attempted every 30 seconds. Volker (This used to be commit 9920473cc165e75ee9aa5cbb9e568eb5fb67e9e6)
2008-08-13Attempt to fix the build on Irix CCVolker Lendecke1-1/+3
(cherry picked from commit 666bf8456ac44cbbbd5524af2bf4fd89e18ddf62) (This used to be commit 8819c51809cabe6ad0843f3838de53e785a10b47)
2008-08-12Remove two unused variablesVolker Lendecke1-2/+1
(This used to be commit 257b0401ee675b6b7eddf2b46a0f8115940e6640)
2008-08-12Do not create a new mapping if a domain with an explicit config failsVolker Lendecke1-0/+18
(This used to be commit 2c27de44269198e22c323191dd4762d1aab81b22)
2008-08-12Some doxygen comments for idmapVolker Lendecke2-15/+157
(This used to be commit adecc6d91338e7e34afd0672aada5d0e47247a33)
2008-08-12Fix prototypesVolker Lendecke1-2/+2
(This used to be commit 8b9d12714679745b98755e6805e71b75828ce227)
2008-08-12Remove "idmap alloc config : range" parameterVolker Lendecke3-135/+76
This was overwritten by "idmap uid/gid" anyway. These are now the range parameters for the alloc backend. (This used to be commit d563a7b80dc3e759069db2cd54d596a1b8c55191)
2008-08-12idmap rewriteVolker Lendecke18-1031/+650
(This used to be commit 30a180f2fce8cf6a3e5548f6bba453272ba70b33)
2008-08-12Remove the multi-ID lookup code and the 3.2.0 version of idmap_cacheVolker Lendecke5-1069/+0
(This used to be commit 1bd98521dc3f16ad77ccccd3979288c58e03ebe8)
2008-08-12Directly call backends from idmap_[ugs]_to_[ugs]idVolker Lendecke2-22/+45
(This used to be commit f955407042e6d2384acccc399d72ff65ba0e721c)
2008-08-12Move the gid2sid cache to the parent winbind processVolker Lendecke2-19/+158
(This used to be commit a86a6835e2737fdbdf1f36bcd594d4b01a60acb9)
2008-08-12Move the uid2sid cache to the parent winbind processVolker Lendecke3-19/+160
(This used to be commit 6e885aeabba2265a06b726f567cb14dde12c8ccb)
2008-08-06fixed a fd leak when trying to regain contact to a domain controllerAndrew Tridgell1-0/+1
in winbind When a w2k3 DC is rebooted the 139/445 ports come up before the udp/389 cldap port. During this brief period, winbind manages to connect to 139/445 but not to udp 389. It then enters a tight loop where it leaks one fd each time. In a couple of seconds it runs out of file descriptors, and leaves winbind crippled after the DC does finally come up (This used to be commit 57187cafbcc053e75bb54750494df9feabe3a738)
2008-07-30winbindd: handle trusted domains without sid.Günther Deschner2-4/+17
Guenther (This used to be commit 0c1efc6c89b1a51a94d10971bf0fc515416709b3)
2008-07-25Fix an incompatible pointer warningVolker Lendecke1-2/+2
(cherry picked from commit 3282f7289b7b33beeaa1ca649651cca6537a69af) (This used to be commit fc8641443951dc852dc9cf1e73626df452b815f7)
2008-07-25Fix a race condition in winbind leading to a crashVolker Lendecke1-4/+3
When SIGCHLD handling is delayed for some reason, sending a request to a child can fail early because the child has died already. In this case async_main_request_sent() directly called the continuation function without properly removing the malfunctioning child process and the requests in the queue. The next request would then crash in the DLIST_ADD_END() in async_request() because the request pending for the child had been talloc_free()'ed and yet still was referenced in the list. This one is *old*... Volker (cherry picked from commit 8691709626b0d461de91b8fc9d10c730d1f183dd) (This used to be commit c70e2b6476d2d99c79624e15a4a3cfcdc850fc7c)
2008-07-24Remove unused request_finished_cont()Volker Lendecke2-13/+0
(This used to be commit 865ea6fcbc089a03e453709fa54ff2a39c0c168e)
2008-07-24Make use of TALLOC_FREE when freeing the per-winbindrequest memory contextVolker Lendecke1-12/+3
(This used to be commit 9e49d390f79c6afc8b0efd9664e60602aebaa4f2)
2008-07-22Fix various build warningsZach Loafman1-22/+14
This fixes various build warnings on our platform. I'm sure I haven't caught them all, but it's a start. (This used to be commit 6b73f259cb67d9dda9127907d706f9244a871fa3)
2008-07-20Refactoring: Change calling conventions for cli_rpc_pipe_open_schannel_with_keyVolker Lendecke1-16/+14
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 78e9c937ff2d2e1b70cfed4121e17feb6efafda1)
2008-07-20Refactoring: Change calling conventions for cli_rpc_pipe_open_ntlmsspVolker Lendecke1-11/+14
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit a13f0599551609394904b99e4014d580ec65c506)
2008-07-20Refactoring: Change calling conventions for cli_rpc_pipe_open_noauthVolker Lendecke1-15/+18
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779)
2008-07-17From Jim McDonoughJeremy Allison3-8/+15
In reloading the smb.conf, if a "log file" is specified in smb.conf, winbind children will overwrite the logfile name to be the same as the parent. Jeremy. (This used to be commit 62d319cc1a2ef891866b2ddbd22f3ed0944356af)
2008-07-12Fix regression introduced with 4086ef15b395f1a536fb669af2103a33ecc14de4Simo Sorce1-15/+15
We must not return an error here just because we are offline. We must instead fix the mappings to the best of our knowledge (ie mark as mapped, expired ones, and as unmapped, unknown ones) (This used to be commit 4436272dd4d6cdd223b1dc3d217a97cbe3bc887b)
2008-07-12Remove one nested level by reversing if conditionSimo Sorce1-58/+54
(This used to be commit 657a2f20dd4d422d45d7e054f463641cdff16816)