Context Navigation

← Previous Change
Next Change →

winbindd

Timestamp:

Nov 12, 2012, 7:10:02 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server 3.5: update branche to 3.5.18

Location:

branches/samba-3.5.x/source3/winbindd

Files:

: 6 edited

idmap.c (modified) (3 diffs)
winbindd.c (modified) (2 diffs)
winbindd_cred_cache.c (modified) (3 diffs)
winbindd_pam.c (modified) (4 diffs)
winbindd_proto.h (modified) (1 diff)
winbindd_util.c (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

branches/samba-3.5.x/source3/winbindd/idmap.c

-              r596
+              r738
 static_decl_idmap;
+static void idmap_init(void)
+{
+        static bool initialized;
+        if (initialized) {
+                return;
+        }
+        DEBUG(10, ("idmap_init(): calling static_init_idmap\n"));
+        static_init_idmap;
+        initialized = true;
+}
 /**
 …
         char *params;
+        DEBUG(10, ("idmap_init_default_domain: calling static_init_idmap\n"));
+        static_init_idmap;
+        idmap_init();
         if (!parse_idmap_module(talloc_tos(), lp_idmap_backend(), &modulename,
 …
         NTSTATUS ret = NT_STATUS_NO_MEMORY;;
         static_init_idmap;
+        idmap_init();
         if (idmap_alloc_ctx != NULL) {

branches/samba-3.5.x/source3/winbindd/winbindd.c

-              r736
+              r738
         state->cmd_name = "unknown request";
         state->recv_fn = NULL;
+        state->last_access = time(NULL);
         /* Process command */
 …
         for (state = winbindd_client_list(); state; state = state->next) {
+                if (state->response == NULL &&
+                if (state->request == NULL &&
+                    state->response == NULL &&
                     !state->pwent_state && !state->grent_state) {
                         nidle++;

branches/samba-3.5.x/source3/winbindd/winbindd_cred_cache.c

-              r414
+              r738
                             const char *service,
                             const char *username,
+                            const char *pass,
                             const char *realm,
                             uid_t uid,
 …
                         DEBUG(10,("add_ccache_to_list: added krb5_ticket handler\n"));
+                }
+                /*
+                 * If we're set up to renew our krb5 tickets, we must
+                 * cache the credentials in memory for the ticket
+                 * renew function (or increase the reference count
+                 * if we're logging in more than once). Fix inspired
+                 * by patch from Ian Gordon <ian.gordon@strath.ac.uk>
+                 * for bugid #9098.
+                 */
+                ntret = winbindd_add_memory_creds(username, uid, pass);
+                DEBUG(10, ("winbindd_add_memory_creds returned: %s\n",
+                        nt_errstr(ntret)));
                 return NT_STATUS_OK;
+        }
 …
                 "added ccache [%s] for user [%s] to the list\n",
                 ccname, username));
+        if (entry->event) {
+                /*
+                 * If we're set up to renew our krb5 tickets, we must
+                 * cache the credentials in memory for the ticket
+                 * renew function. Fix inspired by patch from
+                 * Ian Gordon <ian.gordon@strath.ac.uk> for
+                 * bugid #9098.
+                 */
+                ntret = winbindd_add_memory_creds(username, uid, pass);
+                DEBUG(10, ("winbindd_add_memory_creds returned: %s\n",
+                        nt_errstr(ntret)));
+        }
         return NT_STATUS_OK;

branches/samba-3.5.x/source3/winbindd/winbindd_pam.c

-              r736
+              r738
                                       &token->user_sids,
                                       &token->num_sids,
                                       true, false);
+                                      true);
         if (!NT_STATUS_IS_OK(status)) {
                 TALLOC_FREE(frame);
 …
                                             service,
                                             state->request->data.auth.user,
+                                            state->request->data.auth.pass,
                                             realm,
                                             uid,
 …
                                                             service,
                                                             state->request->data.auth.user,
+                                                            state->request->data.auth.pass,
                                                             domain->alt_name,
                                                             uid,
 …
+        }
+        /*
+         * Remove any mlock'ed memory creds in the child
+         * we might be using for krb5 ticket renewal.
+         */
+        winbindd_delete_memory_creds(state->request->data.logoff.user);
 #else
         result = NT_STATUS_NOT_SUPPORTED;

branches/samba-3.5.x/source3/winbindd/winbindd_proto.h

r414	r738
217	217	const char *service,
218	218	const char *username,
	219	const char *password,
219	220	const char *realm,
220	221	uid_t uid,

branches/samba-3.5.x/source3/winbindd/winbindd_util.c

-              r480
+              r738
+        }
+        /* Skip Domain local groups outside our domain.
+           We'll get these from the getsidaliases() RPC call. */
+        /*
+         * Before bug #7843 the "Domain Local" groups were added with a
+         * lookupuseraliases call, but this isn't done anymore for our domain
+         * so we need to resolve resource groups here.
+         *
+         * When to use Resource Groups:
+         * http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx
+        */
         status = sid_array_from_info3(mem_ctx, info3,
                                       user_sids,
                                       &num_groups,
                                       false, true);
+                                      false);
         if (!NT_STATUS_IS_OK(status)) {

Note: See TracChangeset for help on using the changeset viewer.