summaryrefslogtreecommitdiff
path: root/source3/winbindd/idmap_ad.c
AgeCommit message (Collapse)AuthorFilesLines
2020-10-23winbindd/idmap: apply const to struct idmap_methods pointersStefan Metzmacher1-1/+1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-10idmap_ad: Honor "client ldap sasl wrapping" config settingChristof Schmitt1-1/+26
Instead of hard-coding SIGN and SEAL for the connections from this idmap module, query the desired wrapping from "client ldap sasl wrapping". Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Sep 10 23:19:56 UTC 2020 on sn-devel-184
2020-08-31Fix clang 9 format-nonliteral warningGary Lockyer1-4/+5
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-21idmap_ad: Pass tldap debug messages on to DEBUG()Stefan Metzmacher1-0/+36
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2020-07-02s3:winbind:idmap_ad - make failure to get attrnames for schema mode fatalAndrew1-0/+8
Add check for failure to resolve the OID array for the schema mode into names. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14425 Signed-off-by: Andrew <awalker@ixsystems.com> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-12-20winbindd: Use dom_sid_str_bufVolker Lendecke1-2/+3
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-09idmap: Use dom_sid_str_bufVolker Lendecke1-1/+3
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-09idmap: Use dom_sid_str_bufVolker Lendecke1-2/+5
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-04-11libsmb: Give namequery.c its own headerVolker Lendecke1-0/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-02-23winbind: make sure we don't contact trusted domains via LDAP as AD DCStefan Metzmacher1-0/+11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2017-07-12idmap_ad: Retry query_user exactly once if we get TLDAP_SERVER_DOWNDustin L. Howett via samba-technical1-1/+18
All other ldap-querying methods in idmap_ad make a single retry attempt if they get TLDAP_SERVER_DOWN. This patch brings idmap_ad_query_user in line with that design. This fixes the symptom described in 12720 at the cost of an additional reconnect per failed lookup. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12720 Signed-off-by: Dustin L. Howett <dustin@howett.net> Reviewed-by: Ralph Boehme <slow@samba.org>
2017-04-22lib: modules: Change XXX_init interface from XXX_init(void) to ↵Jeremy Allison1-2/+2
XXX_init(TALLOC_CTX *) Not currently used - no logic changes inside. This will make it possible to pass down a long-lived talloc context from the loading function for modules to use instead of having them internally all use talloc_autofree_context() which is a hidden global. Updated all known module interface numbers, and added a WHATSNEW. Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
2017-03-20idmap_ad: Use idmap_config_boolVolker Lendecke1-14/+4
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2017-03-20idmap_ad: Use idmap_config_const_stringVolker Lendecke1-2/+3
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2017-02-24s3:idmap_ad: make use of pdb_get_trust_credentials() to get the machine ↵Stefan Metzmacher1-23/+13
account creds This is mostly a cosmetic change currently. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Feb 24 22:34:48 CET 2017 on sn-devel-144
2017-01-02idmap_ad: Restore querying SFU nss infoVolker Lendecke1-0/+110
With the last commit the getpwsid call did not look at the winbind nss info parameter anymore. This restores it for the idmap ad backend with slightly different semantics and configuration: We now have the unix_primary_group and unix_nss_info domain-specific parameters for idmap config. This enables overriding the Windows primary group with the unix one. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2016-09-29idmap_ad: Fix retrieving credentials from clustered secrets.tdbChristof Schmitt1-1/+10
cli_credentials_set_machine_account only reads from a local tdb. Change that call to cli_credentials_set_machine_account_db_ctx to fix this for clustered Samba. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12295 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2016-04-15winbind: Base idmap_ad on tldapVolker Lendecke1-405/+654
The main reason for this is to do proper connection management. I tried hard, but I failed trying to slowly migrate the ads_struct based code to something saner. So I polished tldap, which thanks to metze does proper sasl. This patch is pretty much a complete rewrite, so looking at it in diff -u format does not really make sense. Look at the final output. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Apr 15 19:13:39 CEST 2016 on sn-devel-144
2016-04-15idmap_ad: Separate out the nss functionsVolker Lendecke1-420/+5
The nss functions technically right now are part of the idmap modules. However, there is no intrinsic reason for this mixture of concerns. I would like to heavily modify the idmap_ad idmapping functions without modifying the nss functions (yet!!). So as a first step this patch moves the nss functions textually out of the way. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-16idmap_ad: Fix a copy&paste errorVolker Lendecke1-1/+2
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Feb 16 14:14:21 CET 2016 on sn-devel-144
2016-02-16winbind: Fix a type errorVolker Lendecke1-4/+13
nss_info_methods has "get_nss_info"'s p_gid parameter as gid_t *, not uint32_t *. Probably that did not hurt due to typedefs, but if we find a platform where gid_t is not uint32_t, this would be VERY hard to debug Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2015-08-20s3:winbindd/idmap_*: make function prototypes available via static_decl_idmap;Stefan Metzmacher1-0/+1
This allows the static build of the modules. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2015-04-29Change all uint32/16/8 to 32_t/16_t/8_t in winbindd.Richard Sharpe1-2/+2
Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-02Rename module init functions from samba_init_moduleChristof Schmitt1-1/+1
Some modules use samba_init_module as the name for the init functions, others use a name based on the module name. Rename the init functions from samba_init_module, to be consistent across all modules. This change also allows to build idmap_tdb2 and perfcount_test statically. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Apr 2 08:50:04 CEST 2014 on sn-devel-104
2013-08-29s3-winbindd: remove unneded include of secrets.h from idmap_ad.cGünther Deschner1-1/+0
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-05-14winbind/idmap_ad: be verbose about the user that we fail to mapBjörn Jacke1-2/+3
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-09s3-winbindd: Move connection to AD server from idmap_adChristof Schmitt1-45/+4
Having this in a common place allows reuse by other idmap modules. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09s3-winbindd: Use common helper function for connecting to ADSChristof Schmitt1-36/+5
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09s3-winbindd: Move code for verifying ADS connection to common helper functionChristof Schmitt1-24/+2
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09s3-winbindd: Move common code for LDAP id mapping to idmap_utilsChristof Schmitt1-39/+4
idmap_ad and idmap_ldap use the same helper functions and the same maximum query size. Move the code to idmap_utils so that it can be shared by every module issuing LDAP queries. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-02-06s3-winbind: Remove unused bool "local"Christof Schmitt1-5/+2
"local" is always False, so simply remove it and the if statement checking its value. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Feb 6 23:27:48 CET 2012 on sn-devel-104
2011-12-03Revert making public of the samba-module library.Jelmer Vernooij1-1/+1
This library was tiny - containing just two public functions than were themselves trivial. The amount of overhead this causes isn't really worth the benefits of sharing the code with other projects like OpenChange. In addition, this code isn't really generically useful anyway, as it can only load from the module path set for Samba at configure time. Adding a new library was breaking the API/ABI anyway, so OpenChange had to be updated to cope with the new situation one way or another. I've added a simpler (compatible) routine for loading modules to OpenChange, which is less than 100 lines of code. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
2011-11-14s3-modules: remove the last "init_module" traces.Günther Deschner1-2/+0
Guenther
2011-10-28lib/util Rename samba_init_module -> samba_module_initAndrew Bartlett1-1/+1
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-21s3:winbindd/idmap make idmap modules loadable againChristian Ambach1-1/+1
commit 355b5e3a831415d9bef97 changed the module system to expect 'samba_init_module' as fixed initializer function
2011-06-09s3-talloc Change TALLOC_ZERO_P() to talloc_zero()Andrew Bartlett1-3/+3
Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_P isn't standard talloc.
2011-03-22s3:idmap: remove the params argument from the init functionMichael Adam1-2/+1
2011-03-06s3: Remove close_fn from idmap_methodsVolker Lendecke1-23/+0
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Mar 6 13:37:13 CET 2011 on sn-devel-104
2011-03-06s3: Replace idmap_ad_close by a destructorVolker Lendecke1-11/+12
2011-03-06s3-idmap-ad: Make ad_schema properly tallocedVolker Lendecke1-4/+2
2011-03-06s3: Remove some unused codeVolker Lendecke1-21/+0
2011-03-06s3: Remove unused args from get_nss_infoVolker Lendecke1-2/+0
2011-02-27s3: Fix a typoVolker Lendecke1-1/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Feb 27 20:14:20 CET 2011 on sn-devel-104
2011-02-27s3: Fix some nonempty blank linesVolker Lendecke1-8/+8
2011-02-27s3: Fix a debug messageVolker Lendecke1-2/+3
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Feb 27 16:59:19 CET 2011 on sn-devel-104
2011-01-03s3:winbindd/idmap_ad.c: update my CMichael Adam1-1/+1
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Mon Jan 3 09:19:07 CET 2011 on sn-devel-104
2010-11-30s3: Fix bug 7832Volker Lendecke1-0/+2
Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Tue Nov 30 14:39:34 CET 2010 on sn-devel-104
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-1/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-09-20s3: Replace sid_binstring and sid_guidstring with PIDL-based alternativesAndrew Bartlett1-2/+3
This reduces the manual marshalling of these structures by removing the duplication here. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-20s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.Günther Deschner1-1/+2
Guenther
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-10 22:48:21 +0000