summaryrefslogtreecommitdiff
path: root/source4/winbind
AgeCommit message (Collapse)AuthorFilesLines
2013-06-04s4:winbind: don't leak libnet_context into the main event contextStefan Metzmacher1-0/+2
This needs to be a talloc child of struct wbsrv_domain otherwise the cleanup of a broken connection doesn't work. The following command can trigger the leak on a domain controller. root@dc:~/samba# ls -l /var/lib/samba/sysvol/samba.private/ total 16 drwxrwx---+ 5 root 3000000 4096 May 14 14:46 Policies drwxrwx---+ 2 root 3000000 4096 May 14 11:45 scripts gid 3000000 belongs to Builtin\Administrators. The code triggers a ncacn_np: connection to the local smbd and complains that domain BUILTIN is not available: [2013/05/29 17:28:03, 2] ../source4/winbind/wb_init_domain.c:376(init_domain_recv_queryinfo) Expected domain name BUILTIN, DC dc.samba.private said SAMBA In that case the connection was not closed, which is fixed by this commit. Using ncalrpc: for all local SIDs and serving the BUILTIN domain is a project for another day... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Jun 4 11:05:09 CEST 2013 on sn-devel-104
2013-05-27s4:idmap: break account_type check lines for readability in idmap_sid_to_xid()Michael Adam1-2/+7
Also makes code obey README.Coding, regarding line-length. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon May 27 00:05:19 CEST 2013 on sn-devel-104
2013-05-16winbind4: Fix bug 9832 -- talloc use after freeVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu May 16 13:37:41 CEST 2013 on sn-devel-104
2013-05-16source4/winbind/wb_samba3_cmd.c: Fix typo in comment.Karolin Seeger1-1/+1
Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu May 16 07:49:24 CEST 2013 on sn-devel-104
2013-04-30winbind4: Fix bug 9832 -- talloc use after freeVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-02-28s4:winbindd: fix spacing and line length in cmd_getpwnam_recv_domain()Michael Adam1-1/+2
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Feb 28 03:54:41 CET 2013 on sn-devel-104
2013-02-27s4:winbindd: do not drop the workgroup name in the getgrgid callMichael Adam1-1/+11
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Feb 27 05:44:39 CET 2013 on sn-devel-104
2013-02-27s4:winbindd: do not drop the workgroup name in the getgrnam and getgrent calls.Michael Adam1-1/+11
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-02-18wb_samba3_cmd.c: Fix typo in comment.Karolin Seeger1-1/+1
redundent -> redundant Signed-off-by: Karolin Seeger <kseeger@samba.org>
2013-01-10s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307Andrew Bartlett1-6/+3
This change matches the source3/idmap/idmap_ad.c code, and allows this feature to work with only the setting of the UID/GID in Active Directory Users and Computers. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-09Use the new directory_create_or_exist_strict() function.Andreas Schneider1-2/+7
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-12-15libcli/auth: rename netlogon_creds_decrypt_samlogon() to ↵Günther Deschner1-3/+3
netlogon_creds_decrypt_samlogon_validation(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-09-10Set trans to a value that is not LDB_SUCCESS (all LDB_ constants areMichele Baldessari1-1/+1
positive) so that any "goto failed:" call does not end up calling ldb_transaction_cancel() if trans is initialized to 0 (LDB_SUCCESS) by chance. Signed-off-by: Jeremy Allison <jra@samba.org>
2012-08-25s4:winbind: let wb_update_rodc_dns_send/recv use netlogon_queue (bug #9097)Stefan Metzmacher1-3/+30
metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Aug 25 05:06:18 CEST 2012 on sn-devel-104
2012-08-25s4:winbind: let wb_sam_logon_send/recv() use the netlogon_queue (bug #9097)Stefan Metzmacher1-3/+30
metze
2012-08-25s4:winbind: add a netlogon_queue (tevent_queue)Stefan Metzmacher2-0/+12
This will protect the netlogon_creds later. metze
2012-08-25s4:winbind: convert wb_update_rodc_dns_send/recv to tevent_reqStefan Metzmacher2-78/+122
metze
2012-08-25s4:winbind: convert wb_sam_logon_send/recv to tevent_reqStefan Metzmacher3-93/+140
metze
2012-08-25s4:winbind: convert wb_sid2domain to tevent_req internallyStefan Metzmacher1-74/+174
The public wrapper still uses composite_context, because I don't have time to fix all the callers... metze
2012-07-22s4 rfc2307 gids mapping fixSergey Urushkin1-7/+8
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-07-19s4-param: Remove unused "idmap trusted only"Andrew Bartlett1-6/+0
When we revamp the idmap layer, we will end up just following the s3 options, and this option is not used there either. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2012-06-20s4-idmap: Add parameter 'idmap_ldb:use rfc2307' and correct implementation ↵Andrew Bartlett1-20/+45
errors
2012-06-16s4-idmap: Add mapping using uidNumber and gidNumber like idmap_adAndrew Bartlett2-2/+123
This is a solution for users who are upgrading from Samba 3.x in particuar, or have clients that will be using idmap_ad. This avoids needing to have duplicate values in idmap.ldb and in the directory. No check for conflicts is made with the idmap.ldb - the AD store always wins. Andrew Bartlett
2012-06-15lib/param: Create a seperate server role for "active directory domain ↵Andrew Bartlett2-3/+6
controller" This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett
2012-04-23s4-libnet Always return after composite_error()Andrew Bartlett2-0/+4
These instances should not cause a problem, but make it easier to audit for this kind of problem in the future with grep. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Apr 23 14:29:45 CEST 2012 on sn-devel-104
2012-02-29s4:winbind: use ncalrpc for connections to ourselfStefan Metzmacher2-7/+38
That avoids recursion if "smbd" is used as file server. metze
2012-02-29s4-winbindd: Do not ask for a tree that we will not useAndrew Bartlett1-4/+0
2011-12-14s4-librpc: Fix NETLOGON credential chain with Windows 2008.Andreas Schneider1-2/+2
Windows Server 2008 returns NT_STATUS_DOWNGRADE_DETECTED if you call netrServerAuthenticate2 during a domain join without setting the strong keys flag (128bit crypto). Only for NT4 we need to do a downgrade to the returned negotiate flags. See also 0970369ca0cb9ae465cff40e5c75739824daf1d0.
2011-10-24idl: Improve MS-PAC IDLSimo Sorce2-7/+7
Change some misleading variable names to reflect the actual function. Add missing field name/types previously marked as unkown. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
2011-10-08build: build wbinfo only once in the waf buildAndrew Bartlett1-4/+0
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Oct 8 04:52:03 CEST 2011 on sn-devel-104
2011-09-24s4 winbind: Don't drop workgroup name for getpw*Kai Blin2-2/+16
Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Sat Sep 24 22:49:50 CEST 2011 on sn-devel-104
2011-09-08s4-winbindd: implement WINBINDD_SIDS_TO_XIDSAndrew Tridgell2-1/+97
this fixes wbinfo --sids-to-unix-ids Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-09-08s4-winbindd: fixed handling of extra_data in s3 requestsAndrew Tridgell1-1/+37
extra_data in s3 winbind requests is appended to the end of the request, but does not change the length header of the packet. Instead you need to get it from the extra_len element of the request structure. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-09-08s4-winbind: added count argument to wb_sids2xids_recv()Andrew Tridgell4-4/+7
this allows callers to know how many SIDs were mapped Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-08build: provide tevent-util as a public libraryAndrew Bartlett1-1/+1
This is needed so that OpenChange can get at _tevent_req_nterr(), which is referenced by generated PIDL output. Andrew Bartlett
2011-07-14s4-winbind handle all values for server roleAndrew Bartlett1-0/+1
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Jul 14 08:20:13 CEST 2011 on sn-devel-104
2011-06-22s4:winbind/wb_init_domain: use DCERPC_SCHANNEL_128 in order to work against ↵Stefan Metzmacher1-1/+1
w2k8r2 metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jun 22 19:40:47 CEST 2011 on sn-devel-104
2011-06-16s4:winbind/wb_samba3_protocol.c - rework it using concrete enum valuesMatthias Dieter Wallnöfer1-3/+27
This changes commit 49352cafb4259503e6afb44d38db9bfd525d5e0d to comply with kblin's plans. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Jun 16 10:14:52 CEST 2011 on sn-devel-104
2011-06-09s4:winbind/wb_samba3_protocol.c - quiet enum warningMatthias Dieter Wallnöfer1-22/+3
Don't enumerate all unimplemented types of call which simply leads to incompleteness. Reviewed-by: Tridge
2011-06-06s4-param Remove 'idmap database'Andrew Bartlett1-1/+1
This is now just idmap.ldb in the private dir, which remains.
2011-05-04Fix simple uses of safe_strcpy -> strlcpy. Easy ones where we just remove -1.Jeremy Allison1-1/+1
2011-03-19source4/winbind: Fix prototypes for all functions.Jelmer Vernooij3-0/+7
2011-02-17s4-waf: move wbinfo buildrule to winbind.Günther Deschner1-0/+4
Will be moved back later, once we have a more common samba-util.so Guenther
2011-02-10ldb: use #include <ldb.h> for ldbAndrew Tridgell1-1/+1
thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-08pam: share pam errors in a common location.Günther Deschner1-1/+1
Guenther
2011-01-12s4:winbind/idmap.c - we cannot use "failed" until we are in a transactionMatthias Dieter Wallnöfer1-8/+14
We've to wait until "trans" is initialised.
2011-01-12Add some debug in s4's winbind serverMatthieu Patou3-2/+3
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Wed Jan 12 01:43:11 CET 2011 on sn-devel-104
2010-12-12s4:libcli/finddc.h - fix header dependanciesMatthias Dieter Wallnöfer1-2/+0
And optimise includes
2010-11-15s4-server: make server sockets a child of the task contextAndrew Tridgell1-2/+2
We previously allocated sockets as direct children of the event context. That led to crashes if a service called task_server_terminate(), as it left the socket open and handling events for a dead protocol. Making them a child of the task allows the task to terminate and take all its sockets with it. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-14winbind: Build as shared module.Jelmer Vernooij1-2/+3