summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_msrpc.c
Commit message (Collapse)AuthorAgeFilesLines
* winbind: Return queried domain name from name_to_sidChristof Schmitt2019-05-141-0/+12
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 640e0ef4fd338ddf03b813a8d45cce67c7ec7a01)
* winbind: Query domain from msrpc name_to_sidChristof Schmitt2019-05-141-1/+2
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 60b0e91237179b8782c4bd83b9579f51d5af2928)
* winbindd: Use dom_sid_str_bufVolker Lendecke2018-12-201-4/+9
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* winbindd: don't force using LSA_LOOKUP_NAMES_ALL for non workstation trusts.Stefan Metzmacher2018-02-101-1/+60
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13236 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3:rpc_client: pass down lsa_LookupNamesLevel to ↵Stefan Metzmacher2018-02-101-0/+2
| | | | | | | | | dcerpc_lsa_lookup_sids_generic() Bug: https://bugzilla.samba.org/show_bug.cgi?id=13236 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* winbindd: let normalize_name_map() call find_domain_from_name_noinit()Ralph Boehme2017-11-291-2/+2
| | | | | | | | | | | | Let normalize_name_map fetch the domain itself with find_domain_from_name_noinit(). This removes two calls to find_domain_from_name_noinit() in the default configuration of "winbind normalize names = no". The domain is only need in normalize_name_map if "winbind normalize names" is enabled. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* winbind_msrpc: Use any_nt_status_not_okVolker Lendecke2017-04-121-25/+6
| | | | | | | | | | Less lines, less bytes .text Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Apr 12 05:40:36 CEST 2017 on sn-devel-144
* Revert "winbind: Remove "lookup_usergroups" winbind method"Volker Lendecke2017-03-061-0/+72
| | | | | | | | | | This reverts commit b231814c6b0ad17255139bc8934f269610348b2b. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3/winbindd: fix invalid freeAurelien Aptel2017-01-181-1/+1
| | | | | | | | | | | | | | | coverity fix. TALLOC_FREE() might be called on uninitialized 'rids' at the end of the function in case of an early error. Initialize it to NULL to turn the TALLOC_FREE() to a noop in this case. Signed-off-by: Aurelien Aptel <aaptel@suse.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Jan 18 17:19:39 CET 2017 on sn-devel-144
* winbind: Fix CID 1398533 Resource leakVolker Lendecke2017-01-111-0/+1
| | | | | | | Not really a leak due to talloc, but this way it's clear Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* winbind: Simplify query_user_list to only return ridsVolker Lendecke2017-01-041-16/+5
| | | | | | | | | | | Unfortunately this is a pretty large patch, because many functions implement this API. The alternative would have been to create a new backend function, add the new one piece by piece and then remove the original function. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* winbind: Remove "lookup_usergroups" winbind methodVolker Lendecke2017-01-041-72/+0
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* winbind: Remove "query_user" backend functionVolker Lendecke2017-01-041-79/+0
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* winbind: lookup_usergroups_cached doesn't use the "domain" parameterVolker Lendecke2016-12-041-2/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* lib: Add samlogon_cache.hVolker Lendecke2016-12-021-0/+1
| | | | | | | Move prototypes into its own header file Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Fix various spelling errorsMathieu Parent2015-11-061-1/+1
| | | | | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Nov 6 13:43:45 CET 2015 on sn-devel-104
* winbind: Fix CID 1035544 Uninitialized scalar variableVolker Lendecke2015-05-061-1/+1
| | | | | | | In rpc_sequence_number() we always look at *pseq Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* Change all uint32/16/8 to 32_t/16_t/8_t in winbindd.Richard Sharpe2015-04-291-11/+11
| | | | | Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:winbindd: avoid invalid pointer type warningsStefan Metzmacher2014-11-251-1/+4
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-winbindd: Pass the whole winbindd_domain to invalidate_cm_connection()Andrew Bartlett2014-10-081-2/+2
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-winbindd: use wcache_query_user_fullname after inspecting samlogon cache.Günther Deschner2014-07-151-0/+8
| | | | | | | | | | | | | | | | | | | | The reason for this followup query is that very often the samlogon cache only contains a info3 netlogon user structure that has been retrieved during a netlogon samlogon authentication using "network" logon level. With that logon level only a few info3 fields are filled in; the user's fullname is never filled in that case. This is problematic when the cache is used to fill in the user's gecos field (for NSS queries). When we have retrieved the user's fullname during other queries, reuse it from the other caches. Thanks to Matt Rogers <mrogers@redhat.com>. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10440 Guenther Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* winbindd: Use a remote RPC server when we are an RODC when neededAndrew Bartlett2014-07-041-10/+10
| | | | | | | | | | | | | This allows us to operate against the local cache where possible, but to forward some operations to the read-write DC. Andrew Bartlett Change-Id: Idc78ae379a402969381758919fcede17568f094e Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
* CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked.Jeremy Allison2013-12-091-2/+8
| | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Mon Dec 9 09:00:41 CET 2013 on sn-devel-104
* Fix bug #10187 - Missing talloc_free can leak stackframe in error path.Jeremy Allison2013-10-091-2/+3
| | | | | | | | | | Fix error path. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Oct 9 03:50:56 CEST 2013 on sn-devel-104
* s3-winbindd: rework reconnect logic in winbindd_lookup_names().Günther Deschner2012-11-301-12/+13
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-winbindd: rework reconnect logic in winbindd_lookup_sids().Günther Deschner2012-11-301-12/+14
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-winbindd: remove lookup_sids_fn_t.Günther Deschner2012-11-301-21/+12
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-winbindd: remove lookup_names_fn_t.Günther Deschner2012-11-301-23/+13
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Revert "s3-winbindd: make sure we obey the -n switch also for samlogon cache ↵David Disseldorp2012-11-091-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | access." This reverts commit ae6a779bf9f816680e724ede37324b7f5355996b. Bug 9125 analysis from Volker: The problem is that there are no network calls possible at all that would do what the samlogon cache does for us. There is just no way to retrieve the group membership in a complex trusted environment. If you have just a single domain with Samba as domain controller it might be possible, but even within a single domain it is not possible to correctly retrieve all group memberships using LDAP calls due to ACLs on directory objects. The call to get that is called NetSamLogon on the NETLOGON pipe. But this call requires user credentials and might trigger updating counts on the server. So to correctly implement wbinfo -r after a user has logged in, you have two alternatives: Save the info3 struct or the PAC in the netsamlogon cache. If you insist on doing network calls, you need to cache the user credentials somewhere to re-do the NetSamLogon call every time the wbinfo -r is requested. Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-smbldap: move ldap_open_with_timeout out of smb_ldap.h to ads where it lives.Günther Deschner2011-11-171-1/+1
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Thu Nov 17 03:47:53 CET 2011 on sn-devel-104
* s3-winbindd: no need to globally include ldap headers in winbindd.Günther Deschner2011-11-171-1/+1
| | | | Guenther
* s3: Fix a typoVolker Lendecke2011-09-081-1/+1
|
* s3: Make winbindd_lookup_names staticVolker Lendecke2011-09-061-7/+14
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Sep 6 20:03:56 CEST 2011 on sn-devel-104
* s3-talloc Change TALLOC_ZERO_ARRAY() to talloc_zero_array()Andrew Bartlett2011-06-091-3/+3
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_ARRAY isn't standard talloc.
* s3-talloc Change TALLOC_ARRAY() to talloc_array()Andrew Bartlett2011-06-091-1/+1
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_ARRAY isn't standard talloc.
* s3-winbindd: make sure we obey the -n switch also for samlogon cache access.Günther Deschner2011-06-081-2/+4
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Jun 8 14:44:31 CEST 2011 on sn-devel-104
* More const fixes. Remove CONST_DISCARD.Jeremy Allison2011-05-061-1/+1
|
* s3-libads: Use ldap_init_fd() to connect to AD server in socket_wrapperAndrew Bartlett2011-04-281-3/+3
| | | | | | | | | | | | | | | | This means that we control the connection setup, don't rely on signals for timeouts and the connection uses socket_wrapper where that is required in our test environment. According to bug reports, this method is also used by curl and other tools, so we are not the first to (ab)use the OpenLDAP libs in this way. It is ONLY enabled for socket_wrapper at this time, as this is the best way to get 'make test' working for S3 winbind tests in an S4 domain. Andrew Bartlett
* s3:rpc_client: map fault codes to NTSTATUS with dcerpc_fault_to_nt_status()Stefan Metzmacher2011-04-241-4/+4
| | | | | | | | | | | | | Most fault codes have a NTSTATUS representation, so use that. This brings the fault handling in common with the source4/librpc/rpc code, which make it possible to share more highlevel code, between source3 and source4 as the error checking can be the same now. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sun Apr 24 10:44:53 CEST 2011 on sn-devel-104
* s3:winbindd: let winbindd_lookup_names() use dcerpc_binding_handle functionsStefan Metzmacher2011-04-241-11/+20
| | | | metze
* s3:winbindd: let winbindd_lookup_sids() dcerpc_binding_handle functionsStefan Metzmacher2011-04-241-9/+19
| | | | metze
* s3-winbindd: Use the correct enums for samr_QueryDomainInfo.Andreas Schneider2011-03-311-2/+2
|
* s3: Fix Coverity ID 2237: REVERSE_INULLVolker Lendecke2011-03-301-3/+1
|
* s3-winbindd: copy acct_info to wb_acct_info so we dont need passdb for it.Günther Deschner2011-03-301-4/+4
| | | | Guenther
* s3-rpc_client: Move client pipe functions to own header.Andreas Schneider2011-02-281-0/+1
|
* s3:winbindd: catch lookup_names/sids schannel errors over ncacn_ip_tcp (bug ↵Stefan Metzmacher2011-02-021-0/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | #7944) If winbindd connects to a domain controller it doesn't establish the lsa connection over ncacn_ip_tcp direct. This happens only on demand. If someone does a 'net rpc testjoin' and then a wbinfo -n DOMAIN\\administrator, we'll get DCERPC faults with ACCESS_DENIED/SEC_PKG_ERROR, because winbindd's in memory copy of the schannel session key is invalidated. This problem can also happen on other calls, but the lookup_names/sids calls on thet lsa ncacn_ip_tcp connection are the most important ones. The long term fix is to store the schannel client state in a tdb, but for now it's enough to catch the error and invalidate the all connections to the dc and reestablish the schannel session key. The fix for bug 7568 (commit be396411a4e1f3a174f8a44b6c062d834135e70a) made this worse, as it assumes winbindd's in memory session key is always the current one. metze
* s3-winbind: prefer dcerpc_samr_X functions in winbindd/winbindd_msrpc.c.Günther Deschner2011-02-021-24/+59
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Feb 2 14:14:43 CET 2011 on sn-devel-104
* s3-winbind: no need to include ../librpc/gen_ndr/cli_lsa.h inGünther Deschner2011-01-191-1/+0
| | | | | | | | | winbindd/winbindd_msrpc.c. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Jan 19 00:37:46 CET 2011 on sn-devel-104
* libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett2010-10-121-0/+1
| | | | | | | | | | | | | | This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
* samr: for correctness, rename samr_RidTypeArray to samr_RidAttrArray.Günther Deschner2010-10-071-1/+1
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Thu Oct 7 12:04:32 UTC 2010 on sn-devel-104
View Lorry Controller Status