summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2010-05-18s3-crypto: only include crypto headers when crypto is done.Günther Deschner1-0/+1
Guenther
2010-05-18s3-rpc_misc: clean out include/rpc_misc.h.Günther Deschner4-4/+4
Well known rids don't really belong into an rpc header, just use the ones defined in security.idl. Guenther
2010-05-17s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().Günther Deschner1-2/+4
Guenther
2010-05-17s3-winbind: make the getpeername() checks in cm_prepare_connection IPv6 aware.Günther Deschner1-5/+25
Note that this failure was hard to track, as winbind did only log a super helpful "cm_prepare_connection: Success" debug message. IPv6 gurus, please check Successfully tested in two independent IPv6 networks now. Guenther
2010-05-17s3:winbind:idmap_tdb: don't check ranges when an invalid entry was found.Michael Adam1-0/+1
There is no point in checking the ranges this if the record found had an invalid/unknown type: the mapping is not filled in. If it were initialized to some defaults before, the check just might replace the status NT_STATUS_INTERNAL_DB_ERROR with a NT_STATUS_NONE_MAPPED, which is not as precise.
2010-05-13s3:winbindd Provide a winbindd_register_handlers() helper function for s3compatAndrew Bartlett2-95/+102
This function provides a useful entry point for s3compat to set things up in winbindd. Andrew Bartlett
2010-05-13s3:winbindd Split helper functions to allow s3compat to call themAndrew Bartlett2-22/+30
This provides a more useful entry point for s3compat. Andrew Bartlett
2010-05-13s3:Winbindd Move winbindd_event_context to a different fileAndrew Bartlett3-12/+40
This allows this function to be easily replaced in s3compat Andrew Bartlett
2010-05-13s3:winbindd Rename 'children' to 'winbindd_children' and make staticAndrew Bartlett1-9/+9
2010-05-13s3:winbindd Remove call to namecache_enable().Andrew Bartlett1-4/+0
This call only prints a DEBUG() Andrew Bartlett
2010-05-11s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATAAndrew Bartlett1-14/+15
All the callers just want the PAC_LOGON_INFO, so search for that in ads_verify_ticket(), and don't bother the callers with the rest of the PAC. This change makes sense on it's own (removing boilerplate wrappers that just confuse the code), but it also makes it much easier to implement a matching ads_verify_ticket() function in Samba4 for the s3compat proposal. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-06s3: only include gen_ndr headers where needed.Günther Deschner5-0/+5
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time as follows: ccache build w/o patch real 4m21.529s ccache build with patch real 3m6.402s pch build w/o patch real 4m26.318s pch build with patch real 3m6.932s Guenther
2010-05-02s3: Unify DEBUG_KRB5_TKT_REGAIN and DEBUG_KRB5_TKT_RENEWALVolker Lendecke1-1/+1
I don't think it makes sense to #ifdef this one case separately. Metze, Bo Yang, please check!
2010-05-02s3: Fix a typoVolker Lendecke1-1/+1
2010-05-02s3: Fix the code order in append_auth_dataVolker Lendecke1-7/+7
This is to comply with the comment "currently, anything from here on potentially overwrites extra_data." Günther, please check!
2010-04-29s3: range-check idmap script outputVolker Lendecke1-0/+13
Not doing so results in the id mapping succeeding once unchecked and later on being refused, because when reading from the tdb we do the checks.
2010-04-29s3: Fix an uninitialized variable in idmap_tdb2_sid_to_id()Volker Lendecke1-0/+1
When we find an invalid record in the database, there's no point in checking the non-existing value against the range limits.
2010-04-29s3: Fix some nonempty blank linesVolker Lendecke1-14/+14
2010-04-25s3: async_domain_request is no longer usedVolker Lendecke2-67/+0
2010-04-25s3: Convert add_trusted_domains() to wb_domain_request_send()Volker Lendecke1-22/+19
2010-04-25s3: Simplify trustdom_stateVolker Lendecke1-10/+5
Don't store information explicitly as boolean flags that can be easily retrieved from the domain when it's actually needed.
2010-04-25s3: Make "struct trustdom_state" its own talloc contextVolker Lendecke1-14/+9
2010-04-24s3: sendto_domain() is lo longer usedVolker Lendecke2-30/+0
2010-04-23s3: Allow pdb password change using WINBINDD_PAM_CHNG_PSWD_AUTH_CRAPVolker Lendecke1-0/+15
2010-04-23s3: init_dc_connection() can't init for internal domainsVolker Lendecke1-0/+4
This fixes a crash in winbindd_dual_pam_chng_pswd_auth_crap when given global_sam_name() in the domain field
2010-04-23s3: replace some data_blob_talloc by data_blob_constVolker Lendecke1-8/+4
2010-04-23s3: Convert WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP to the new async APIVolker Lendecke4-47/+132
2010-04-23s3-winbind: fix setup_domain_child() callers.Günther Deschner1-2/+2
Volker, please check. Guenther
2010-04-23s3: Fix a winbind crash when scanning trustsVolker Lendecke1-0/+6
add_trusted_domain() for a new domain always needs to be followed by a setup_domain_child(). This was not always done, in particular not when walking to the forest root for additional trusts. This is a minimal patch, we need to fix add_trusted_domain().
2010-04-19s3: Move the in-memory ccache to the parentVolker Lendecke7-95/+90
None of this blocks, so there is no reason to keep this in a winbind child process
2010-04-19s3-winbind: Allow changing the password for pdbVolker Lendecke1-0/+47
2010-04-19s3: Convert WINBINDD_PAM_LOGOFF to the new async APIVolker Lendecke4-68/+148
2010-04-19s3: Convert WINBINDD_PAM_CHAUTHTOK to the new async APIVolker Lendecke4-59/+131
2010-04-19s3: Convert WINBINDD_PAM_AUTH_CRAP to the new async APIVolker Lendecke4-73/+132
2010-04-19s3: Convert WINBINDD_PAM_AUTH to the new async APIVolker Lendecke4-66/+134
2010-04-19winbindd: Fill in num_entries where availableVolker Lendecke3-0/+6
The server implementation of WINBINDD_LIST_USERS, WINBINDD_LIST_GROUPS and WINBINDD_LIST_TRUSTDOM knows the number of entries returned. Bump up the version number so that a newer lib does not rely on something an older winbind does not do.
2010-04-19s3: Add some debug to GETSIDALIASESVolker Lendecke1-0/+9
2010-04-18s3: Fix indentation in remove_ccacheVolker Lendecke1-1/+1
2010-04-18s3: Fix a typo in winbindd_ccache_saveVolker Lendecke1-1/+1
2010-04-13s3-winbind: Authenticate SAM usersVolker Lendecke1-5/+71
2010-04-13s3-winbindd: Fix typo in comment.Karolin Seeger1-1/+1
Karolin
2010-04-11s3: Use sizeof(chal) instead of a constantVolker Lendecke1-1/+1
2010-04-11s3: Cosmetics -- I could not spot where "chal" was initializedVolker Lendecke1-1/+1
2010-04-10s3: Remove domain selection from dual_pam_authVolker Lendecke1-53/+13
We're in a child, the parent already has chosen the domain by picking the right child to connect to. Metze, you've done work on winbind lately, so it goes to you: Please check :-)
2010-04-10s3: Check 0 termination in GETALIASESVolker Lendecke1-7/+13
2010-04-08s3: Remove the separate "child" argument from setup_domain_child()Volker Lendecke3-15/+8
2010-04-08s3:winbindd: make "smbcontrol winbindd validate-cache" reliable againStefan Metzmacher1-0/+3
commit 73577205cf81644e7fe853eaf3e6459f7f443096 (s3:winbindd: fix problems with SIGCHLD handling (bug #7317)) broke this. metze
2010-04-05s3: Fix a cut&paste error in winbindd_list_groups_doneVolker Lendecke1-1/+1
2010-04-01s3:winbindd: remove unused variablesStefan Metzmacher1-2/+0
metze
2010-04-01s3:winbindd: fix problems with SIGCHLD handling (bug #7317)Stefan Metzmacher3-17/+6
The main problem is that we call CatchChild() within the parent winbindd, which overwrites the signal handler that was registered by winbindd_setup_sig_chld_handler(). That means winbindd_sig_chld_handler() and winbind_child_died() are never triggered when a winbindd domain child dies. As a result will get "broken pipe" for all requests to that domain. To reduce the risk of similar bugs in future we call CatchChild() in winbindd_reinit_after_fork() now. We also use a full winbindd_reinit_after_fork() in the cache validation child now instead instead of just resetting the SIGCHLD handler by hand. This will also fix possible tdb problems on systems without pread/pwrite and disabled mmap as we now correctly reopen the tdb handle for the child. metze