summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2026-04-07s3:idmap_tdb2: make idmap2.tdb non readable for othersShwetha Acharya1-1/+1
Signed-off-by: Shwetha Acharya <Shwetha.K.Acharya@ibm.com> Reviewed-by: Xavi Hernandez <xhernandez@redhat.com> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Anoop C S <anoopcs@samba.org>
2026-04-07s3:idmap: make idmap.tdb non readable for othersShwetha Acharya1-1/+1
Signed-off-by: Shwetha Acharya <Shwetha.K.Acharya@ibm.com> Reviewed-by: Xavi Hernandez <xhernandez@redhat.com> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Anoop C S <anoopcs@samba.org>
2026-04-07s3:idmap_autorid: make autorid.tdb none readable for othersRalph Wuerthner1-1/+1
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com> Reviewed-by: Xavi Hernandez <xhernandez@redhat.com> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Anoop C S <anoopcs@samba.org>
2026-03-26s3:winbind: Add support for krb5_ccache_type = DEFAULTAndreas Schneider1-0/+37
This will use the ccache_type defined in the krb5.conf. Pair-Programmed-With: Pavel Filipenský <pfilipen@samba.org> Signed-off-by: Pavel Filipenský <pfilipen@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2026-03-26s3:winbind: Also support %{uid} substitution for krb5_ccache_typeAndreas Schneider1-3/+12
Pair-Programmed-With: Pavel Filipenský <pfilipen@redhat.com> Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2026-03-26s3:winbind: Improve generate_krb5_ccache()Andreas Schneider1-55/+85
Signed-off-by: Andreas Schneider <asn@samba.org> Pair-Programmed-With: Alexander Bokovoy <ab@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2026-02-25winbindd: Avoid casts in idmap_ad_unixids_to_sids()Volker Lendecke1-4/+4
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
2026-02-25winbindd: Avoid a few NULL checks in idmap_ad_unixids_to_sids()Volker Lendecke1-34/+23
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
2026-02-25winbindd: Simplify winbindd_lookuprids_recv()Volker Lendecke1-8/+8
Only check for NULL once with talloc_asprintf_addbuf() Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
2026-02-25winbindd: Simplify wcache_make_sidlist()Volker Lendecke1-10/+3
Rely on talloc_asprintf_addbuf's NULL checks Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
2026-02-25winbindd: Align integer typesVolker Lendecke1-2/+2
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
2026-02-25winbindd: Add a missing NULL check in winbindd_list_trusted_domains()Volker Lendecke1-14/+14
We did not check the result of talloc_asprintf_append_buffer() Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
2026-02-25winbindd: Modernize a DEBUGVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
2026-02-25winbindd: Simplify collect_onlinestatus()Volker Lendecke1-12/+9
Only check for NULL once with talloc_asprintf_addbuf() Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
2026-02-25winbindd: Simplify append_info3_as_txt()Volker Lendecke1-20/+14
Only check for NULL once with talloc_asprintf_addbuf() Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
2026-02-25winbindd: Simplify winbindd_getuserdomgroups_recv()Volker Lendecke1-7/+4
Only check for NULL once with talloc_asprintf_addbuf() Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
2026-02-25winbindd: Call dom_sid_str_buf() only onceVolker Lendecke1-5/+3
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
2026-02-25winbindd: dom_sid_str_buf() returns "buf"Volker Lendecke1-2/+1
Save a line Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
2026-02-25winbind: Simplify winbindd_xids_to_sids_recv() with talloc_asprintf_addbufVolker Lendecke1-8/+6
Only check for NULL once Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
2026-01-22s3:libads: Separate use of ads->config.flags for NBT_* and DS_* valuesPavel Filipenský1-3/+3
Use of ads->config.flags is overloaded. It is used to: - pass DS_* flags down to cldap_netlogon() - store the server_type from NETLOGON_SAM_LOGON_RESPONSE Both cases use different values and cannot be combined. E.g. flags mess up with value 0x00000080 NBT_SERVER_CLOSEST 0x00000080 DS_PDC_REQUIRED 0x00000080 Let's create two separate flags nbt_server_type server_flags; /* NBT_* cldap flags identifying the services. */ uint32 required_flags; /* DS_* - Netlogon flags */ BUG: https://bugzilla.samba.org/show_bug.cgi?id=15972 Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org> Autobuild-Date(master): Thu Jan 22 09:14:25 UTC 2026 on atb-devel-224
2026-01-13s3:libsmb: Rework check_negative_conn_cache()Andreas Schneider1-6/+9
The name and results are confusing. Rename the function and use a bool that it is easier to understand. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Jan 13 17:00:06 UTC 2026 on atb-devel-224
2026-01-13s3:winbindd fix race condition in terminate_childGary Lockyer1-1/+1
Fixes: winbindd[306061]: Bad talloc magic value - unknown value winbindd[306061]: ========================================================= winbindd[306061]: INTERNAL ERROR: Bad talloc magic value - unknown value in winbindd () () pid A race condition in source3/windbindd/winbindd_util.c::terminate_child between the child socket closing, and the destructor de-registering the child socket from epoll. If the socket closes before it is de-registered from epoll, the event is added to the epoll rdllink and will be retrieved when epoll_wait is next called. However monitor_fde has been deallocated and we get the observed failure. Moving the TALLOC_FREE before the kill ensures that the child socket has been de-registered from epoll before it closes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15937 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 13 14:50:20 UTC 2026 on atb-devel-224
2025-12-08s3-winbindd: make sure we always have WINBINDD_CACHE_VERSION in ↵Günther Deschner1-0/+7
winbindd_cache.tdb Guenther BUG: https://bugzilla.samba.org/show_bug.cgi?id=15963 Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Dec 8 09:59:58 UTC 2025 on atb-devel-224
2025-12-08s3-winbindd: provide one wcache_open() function for all tdb opensGünther Deschner1-35/+27
Guenther BUG: https://bugzilla.samba.org/show_bug.cgi?id=15963 Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-12-08s3-winbindd: make initialize_winbindd_cache() staticGünther Deschner2-2/+1
Guenther BUG: https://bugzilla.samba.org/show_bug.cgi?id=15963 Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-12-08s3-winbind: make wcache_store_seqnum staticGünther Deschner2-4/+2
Guenther BUG: https://bugzilla.samba.org/show_bug.cgi?id=15963 Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-12-08s3-winbindd: Fix winbind NDR caching.Günther Deschner1-0/+7
All of winbindd's core caching relies on NDR entries. Those entries can not be stored in winbindd_cache.tdb via wcache_store_ndr() as long as there is no SEQNUM entry present in the cache. Guenther BUG: https://bugzilla.samba.org/show_bug.cgi?id=15963 Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-11-10s3: talloc_destroy() -> TALLOC_FREE()Volker Lendecke6-17/+15
Sweeping change, I know. Should not change compiled code in most cases, the compiler should be smart enough to elide the assignment right before a return. In the cases where this is not right before the return, TALLOC_FREE() is safer as it makes use-after-free crash. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
2025-11-07s3:winbind: Improve logging for query_user_list()Andreas Schneider1-3/+10
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Nov 7 16:06:50 UTC 2025 on atb-devel-224
2025-09-13winbind: Initialize idmap in winbindd_getgroupsVolker Lendecke1-2/+27
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15914 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Sat Sep 13 05:44:20 UTC 2025 on atb-devel-224
2025-09-10winbindd: Fixing CID 1508950 for time_t in DEBUG statementRabinarayan Panigrahi1-4/+4
Fix: typecast changing from (uint32_t)domain->last_seq_check to (intmax_t)domain->last_seq_check as intmax_t can hold epoch seconds after 2038 year Signed-off-by: Rabinarayan Panigrahi <rapanigr@redhat.com> Reviewed-by: Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-09-02winbindd: Simplify parse_domain_user()Volker Lendecke1-3/+1
We have talloc_strndup() for this. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Sep 2 09:08:59 UTC 2025 on atb-devel-224
2025-08-26winbindd:migrate_secrets_tdb_to_ldb() handles no client passwordDouglas Bagnall1-2/+9
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-08-26winbindd: CID 1508963 Fixing print statement for time_tRabinarayan Panigrahi1-2/+2
Fixing DEBUG output for time_t to uintmax_t Signed-off-by: Rabinarayan Panigrahi <rapanigr@redhat.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Vinit Agnihotri <vagnihot@redhat.com> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Aug 26 15:40:41 UTC 2025 on atb-devel-224
2025-08-13idmap_ad: add and use ldap_timeout and fix LDAP server failoverRalph Boehme6-12/+106
The key parts are: 1. If an LDAP search fails with the hardcoded fatal error, remove the retry. That would only retry the query against the same server, taken from the DCINFO cache key. Instead, force a DC rediscovery. 2. Set a default ldap_timeout and pass it to tldap_search(). This avoids tldap_search() hanging forever on a stale TCP connection. 3. The LDAP server idmap_ad is using is not necessarily the same DC we're using for RPC, so in case we learn about a dead DC, put it in the negative-conn-cache. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15844 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2025-08-13winbindd: use find_domain_from_name_noinit() in find_dns_domain_name()Ralph Boehme1-1/+1
Avoid triggering a connection to a DC of a trusted domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15876 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2025-08-12nsswitch: support all known DS lookup flags in wbclient's ↵Günther Deschner1-0/+8
wbcLookupDomainController() Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Tue Aug 12 08:26:55 UTC 2025 on atb-devel-224
2025-08-05s3:winbindd: Resolve dc name using CLDAP also for ROLE_IPA_DCPavel Filipenský1-1/+3
server role ROLE_IPA_DC (introduced in e2d5b4d) needs special handling in dcip_check_name(). We should resolve the DC name using: - CLDAP in dcip_check_name_ads() instead of: - NETBIOS in nbt_getdc() that fails if Windows is not providing netbios. The impacted environment has: domain->alt_name = example.com domain->active_directory = 1 security = USER server role = ROLE_IPA_DC BUG: https://bugzilla.samba.org/show_bug.cgi?id=15891 Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Pair-programmed-with: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2025-07-30winbindd: blacklist servers returning ACCESS_DENIED/authoritative=0Stefan Metzmacher1-0/+93
https://bugzilla.samba.org/show_bug.cgi?id=14981 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2025-07-30winbindd: always use winbind_add_failed_connection_entry() wrapperStefan Metzmacher3-3/+6
We should not use add_failed_connection_entry() directly. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2025-07-08s3:winbind: Initialize and setup idmap child in winbindd_getgrnam()Samuel Cabrero1-3/+26
Make sure the idmap child is initialized before delegating the name unmapping. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15882 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Samuel Cabrero <scabrero@samba.org> Autobuild-Date(master): Tue Jul 8 07:21:26 UTC 2025 on atb-devel-224
2025-07-08s3:winbind: Initialize and setup idmap child in winbindd_getpwnam()Samuel Cabrero1-5/+28
Make sure the idmap child is initialized before delegating the name unmapping. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15882 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-07-07s3-winbindd: Fix internal winbind dsgetdcname calls w.r.t. domain nameGünther Deschner6-12/+60
when winbind calls to dsgetdcname internally, make sure to prefer the DNS domain name if we have it. Makes DNS lookups much more likely to succeed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15876 Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Mon Jul 7 10:44:37 UTC 2025 on atb-devel-224
2025-07-07s3:winbindd: avoid using any netlogon call to get a dc nameStefan Metzmacher2-250/+5
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15876 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-06-28s3:winbind: Correct spelling in debug messages related to ADSDaniel Widrick1-2/+2
Corrected spelling of 'security' from 'secuirity' in debug messages related to ADS Signed-off-by: Daniel Widrick <daniel@widrick.net> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org> Autobuild-User(master): Anoop C S <anoopcs@samba.org> Autobuild-Date(master): Sat Jun 28 09:04:56 UTC 2025 on atb-devel-224
2025-06-24s3:winbind: Delegate normalize_name_unmap to the idmap child in ↵Samuel Cabrero1-15/+47
winbindd_getgroups Delegate name unmapping to the idmap child to avoid blocking the parent while querying the LDAP server, depending on the idmap configuration. Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Jun 24 08:51:39 UTC 2025 on atb-devel-224
2025-06-24s3:winbind: Delegate normalize_name_unmap to the idmap child in ↵Samuel Cabrero1-17/+48
winbindd_getpwnam Delegate name unmapping to the idmap child to avoid blocking the parent while querying the LDAP server, depending on the idmap configuration. Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-06-24s3:winbind: Delegate normalize_name_unmap to the idmap child in ↵Samuel Cabrero1-20/+51
winbindd_getgrnam Delegate name unmapping to the idmap child to avoid blocking the parent while querying the LDAP server, depending on the idmap configuration. Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-06-24s3:winbind: Remove unused fill_grent()Samuel Cabrero2-47/+0
This function is no longer used. Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-06-24s3:winbind: Delegate normalize_name_map to the idmap child in winbindd_getgrgidSamuel Cabrero1-5/+55
Delegate mapping to the idmap child to avoid blocking the parent while querying the LDAP server, depending on the idmap configuration. Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-07 00:13:36 +0000