summaryrefslogtreecommitdiff
path: root/source4/winbind
AgeCommit message (Collapse)AuthorFilesLines
2022-07-27CVE-2022-32746 ldb: Make use of functions for appending to an ldb_messageJoseph Sutton1-8/+2
This aims to minimise usage of the error-prone pattern of searching for a just-added message element in order to make modifications to it (and potentially finding the wrong element). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2021-04-29s3: Remove --log-stdout from daemonsAndreas Schneider1-1/+1
The common cmdline parser provides --debug-stdout. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-04-28s3:winbind: Pass the 'samba' daemon config file to winbinddAndreas Schneider1-0/+11
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-04-28s4:winbind: Add a missing no memory checkAndreas Schneider1-0/+3
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-27s4: rename source4/smbd/ to source4/samba/Ralph Boehme1-2/+2
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Nov 27 10:07:18 UTC 2020 on sn-devel-184
2020-07-06s4/winbind/idmap: check the right variable (CID 1272950)Douglas Bagnall1-1/+1
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2019-09-26s4/winbind: clang: Fixes 'Value stored during its initialization is never read'Noel Power1-2/+2
Fixes: source4/winbind/idmap.c:214:11: warning: Value stored to 'status' during its initialization is never read <--[clang] NTSTATUS status = NT_STATUS_NONE_MAPPED; source4/winbind/idmap.c:397:11: warning: Value stored to 'status' during its initialization is never read <--[clang] NTSTATUS status = NT_STATUS_NONE_MAPPED; ^~~~~~ ~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2019-09-01Spelling fixes s/noone/no one/Mathieu Parent1-1/+1
Skipping source4/torture/winbind/struct_based.c Signed-off-by: Mathieu Parent <math.parent@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-05-06s4-winbindd: Removed unused wb_utils.cAndrew Bartlett2-58/+0
Garming noticed this was untested code in the lcov report, and it turns out to be unused. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-01-08winbind4: Use dom_sid_str_bufVolker Lendecke1-14/+16
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-01source4 smdb: Add a post fork hook to the service APIGary Lockyer1-6/+7
Add a post fork hook to the service API this will be called: - standard process model immediately after the task_init. - single process model immediately after the task_init - prefork process model, inhibit_pre_fork = true immediately after the task_init - prefork process model, inhibit_pre_fork = false after each service worker has forked. It is not run on the service master process. The post fork hook is not called in the standard model if a new process is forked on a new connection. It is instead called immediately after the task_init. The task_init hook has been changed to return an error code. This ensures the post_fork code is only run if the task_init code completed successfully. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-01source4 smbd: Make the service_details structure constant.Gary Lockyer1-1/+1
Make the service_details structure a static const. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2018-05-10samdb: Add remote address to connectGary Lockyer1-1/+6
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-19Remove dead codeSimo Sorce1-1/+0
Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User(master): Simo Sorce <idra@samba.org> Autobuild-Date(master): Mon Mar 19 20:29:28 CET 2018 on sn-devel-144
2017-10-19 source4/smbd: refactor the process model for preforkGary Lockyer1-2/+9
Refactor the process model code to allow the addition of a prefork process model. - Add a process context to contain process model specific state - Add a service details structure to allow service to indicate which process model options they can support. In the new code the services advertise the features they support to the process model. The process model context is plumbed through to allow the process model to keep track of the supported options, and any state the process model may require. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-11s4: Add TALLOC_CTX * to register_server_service().Jeremy Allison1-2/+2
Use the passed in context from callers. Remove one talloc_autofree_context(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-04-22lib: modules: Change XXX_init interface from XXX_init(void) to ↵Jeremy Allison1-2/+2
XXX_init(TALLOC_CTX *) Not currently used - no logic changes inside. This will make it possible to pass down a long-lived talloc context from the loading function for modules to use instead of having them internally all use talloc_autofree_context() which is a hidden global. Updated all known module interface numbers, and added a WHATSNEW. Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
2017-01-02winbind4: Remove unused codeVolker Lendecke4-533/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-29idmap4: Use sid_check_is_in_unix_groups()Volker Lendecke2-8/+1
This avoids the need for the special unix groups sid Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Autobuild-User(master): Uri Simchoni <uri@samba.org> Autobuild-Date(master): Thu Dec 29 00:05:25 CET 2016 on sn-devel-144
2016-12-28idmap4: Use sid_check_is_in_unix_users()Volker Lendecke2-8/+2
This avoids the need for the special unix users sid Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
2016-12-28idmap4: Slightly simplify idmap_xid_to_sidVolker Lendecke1-7/+4
No need to parse "S-1-22-1", we have global_sid_Unix_Users Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
2016-12-28idmap4: Fix error path memleaks in idmap_initVolker Lendecke1-4/+7
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
2016-12-28idmap4: Fix idmap_ctx talloc hierarchyVolker Lendecke1-3/+5
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
2015-06-24s4-winbindd: Remove the winbind rewrite from the samba4 effortAndrew Bartlett40-8701/+5
This winbind implementation is undermaintained, out of date and not the future of even the AD DC, let alone any other purpose. Removing it will reduce our security and bug exposure on this off by default subsystem Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 24 22:34:57 CEST 2015 on sn-devel-104
2015-05-06winbindd4: Force home directory in internal winbind to use a lower-case usernameAndrew Bartlett2-4/+16
This is a BEHAVIOUR CHANGE from Samba 4.0 and 4.1, if mixed-case usernames were in use. However, it matches the behaviour in winbindd in all other use cases. Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-05-06s4-winbind: Correctly reject the unsupported WBFLAG_PAM_AUTH_PAC flagAndrew Bartlett1-0/+4
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-03-20s3-winbind: Correct debug message for starting winbind.Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-02-25Fix the developer O3 buildVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Wed Feb 25 16:32:29 CET 2015 on sn-devel-104
2014-12-03idmap: return the correct id type to *id_to_sid methodsGarming Sam1-1/+19
We have a pointer to a unixid which is sent down instead of a uid or gid. We can use this as an in-out variable so that pdb_samba_dsdb can be returned ID_TYPE_BOTH to cache correctly instead of leaving it as ID_TYPE_UID or ID_TYPE_GID. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10720 Change-Id: I0cef2e419cbb337531244b7b41c708cf2ab883e3 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-09-08winbindd: Do not use group_list->out.resume_index after freeAndrew Bartlett1-2/+3
Found by AddressSanitizer Change-Id: I59009144b28c390ddb80b7b3fbb4007dfd16db0e Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
2014-09-08winbindd: Do not use user_list->out.resume_index after freeAndrew Bartlett1-2/+5
Found by AddressSanitizer Change-Id: I9f8b95b65de788994a7404fa8889fce45ccb3a30 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
2014-06-04winbind: Fix template homedir to match source3Andrew Bartlett2-4/+4
Fix provided by Andy Igoshin <ai@vsu.ru> BUG: https://bugzilla.samba.org/show_bug.cgi?id=10324 Andrew Bartlett Change-Id: Ie94d207fed91e9dfd85ee3c3339c376b25ac5fa4 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2014-04-29winbind: Allow winbindd to be run from inside "samba"Andrew Bartlett2-0/+102
Change-Id: I6b90a9b62ba5821e0feedb23cd20642078ba0ca6 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Apr 29 05:28:39 CEST 2014 on sn-devel-104
2014-03-05winbind4: Remove unused winbind_get_idmap irpc operationVolker Lendecke1-72/+0
Change-Id: Ia5e62d30b277f8a7074d451cfb8675eee8e9d21f Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2014-02-18Revert "winbind4: Remove unused winbind_get_idmap irpc operation"Volker Lendecke1-0/+72
This reverts commit 41ff0f4454ef23d0ac3e31560d78a2b966769fea. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2014-02-13s4:winbind: make use of dcerpc_binding_[g|s]et_flags()Stefan Metzmacher1-9/+31
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13s4:winbind: don't access dcerpc_binding internals in init_domain_binding()Stefan Metzmacher1-7/+9
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-10winbind4: Remove unused winbind_get_idmap irpc operationVolker Lendecke1-72/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Kai Blin <kai@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Feb 10 13:24:09 CET 2014 on sn-devel-104
2014-01-22log winbind version (when requested) in winbindd logNoel Power1-0/+2
winbindd currently only logs the INTERFACE version request, it would be useful to additionally have the version returned in the log also. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jim McDonough <jmcd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Jan 22 21:57:04 CET 2014 on sn-devel-104
2014-01-16s4:winbind: let wb_samr_userdomgroups_send() take ↵Stefan Metzmacher2-9/+11
tevent_context/dcerpc_binding_handle This avoids usage/dereferencing 'struct dcerpc_pipe'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16s4:winbind: let wb_lsa_lookupnames_send() take ↵Stefan Metzmacher2-6/+7
tevent_context/dcerpc_binding_handle This avoids usage/dereferencing 'struct dcerpc_pipe'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16s4:winbind: let wb_lsa_lookupsids_send() take ↵Stefan Metzmacher3-6/+8
tevent_context/dcerpc_binding_handle This avoids usage/dereferencing 'struct dcerpc_pipe'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16s4:winbind: make clear that we use the global tevent_contextStefan Metzmacher4-2/+8
We should avoid using the tevent_context pointer on a dcecli_connection, it's the same as the global per task one anyway. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16s4:winbind: correctly fill the libnet_context lsa and samr binding handlesStefan Metzmacher1-0/+6
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2013-12-09CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.Jeremy Allison1-1/+12
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
2013-12-09CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.Jeremy Allison1-1/+12
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
2013-07-10s4-winbindd: Do not terminate a connection that is still pending (bug #9820)Andrew Bartlett3-2/+64
Instead, wait until the call attempts to reply, and let it terminate then (often this happens in the attempt to then write to the broken pipe). Andrew Bartlett Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-20s4-winbind: Add special case for BUILTIN domainAndrew Bartlett3-20/+37
This should mean that lookups for the BUILTIN domain cause less trouble then they have in the past, because they will no longer go via the trusted domain handler. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jun 20 15:30:00 CEST 2013 on sn-devel-104
2013-06-04s4:winbind: don't leak libnet_context into the main event contextStefan Metzmacher1-0/+2
This needs to be a talloc child of struct wbsrv_domain otherwise the cleanup of a broken connection doesn't work. The following command can trigger the leak on a domain controller. root@dc:~/samba# ls -l /var/lib/samba/sysvol/samba.private/ total 16 drwxrwx---+ 5 root 3000000 4096 May 14 14:46 Policies drwxrwx---+ 2 root 3000000 4096 May 14 11:45 scripts gid 3000000 belongs to Builtin\Administrators. The code triggers a ncacn_np: connection to the local smbd and complains that domain BUILTIN is not available: [2013/05/29 17:28:03, 2] ../source4/winbind/wb_init_domain.c:376(init_domain_recv_queryinfo) Expected domain name BUILTIN, DC dc.samba.private said SAMBA In that case the connection was not closed, which is fixed by this commit. Using ncalrpc: for all local SIDs and serving the BUILTIN domain is a project for another day... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Jun 4 11:05:09 CEST 2013 on sn-devel-104
2013-05-27s4:idmap: break account_type check lines for readability in idmap_sid_to_xid()Michael Adam1-2/+7
Also makes code obey README.Coding, regarding line-length. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon May 27 00:05:19 CEST 2013 on sn-devel-104
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-07 00:54:31 +0000