Age | Commit message (Collapse) | Author | Files | Lines |
|
* Log the NTSTATUS when saving name/sid cache entry
* Allow the backend loolkup_usergroups() call in winbindd_{rpc,ads}.c
to inform the wcache manager that the group list should not be cached
(needed for one-way trusts).
(This used to be commit 693ab48408dbb775b57dcc5140e27ad9221852a1)
|
|
previous call was unsuccessful. needed for offline
logons.
(This used to be commit c3a8dc5d136e33b66849c38bfa910cd044cd521f)
|
|
Assume that "NO_DOMAIN_CONTROLLERS_FOUND" means that the domain
is offline.
(This used to be commit 30f9cc52bf8270652624c79691d147e05e476583)
|
|
settings from one trusted domain with no incoming trust path.
Guenther, I think this is ok as we only need the pw policy
to give feedback on upcoming expiration times.
(This used to be commit c79ae57388d087496777129d6936cd51aab38d5b)
|
|
for use by the require-membership-of pam_winbind option.
(This used to be commit 11f81c5997a014cca9d98c474e7870ebb07c4642)
|
|
(This used to be commit 32fd8558bd4531a745a04810a1cb6392dfab16a5)
|
|
to the idmap child.
Also remove the check for the global offline state in child_msg_offline()
as this means we cannot mark domains offline due to network outages.
(This used to be commit 1b99e8b521eae3e9fa775577de01116bb20fb8b3)
|
|
Helps when transitioning from offline to online mode.
Note that this is a quick hack and a better solution
would be to start the DNS server's state between processes
(similar to the namecache entries).
(This used to be commit 4f05c6fe26f4abd7ca71eac339fee2ef5e254369)
|
|
(a) Ignore the negative cache when the domain is offline
(b) don't delete expired entries from the cache as these
can be used when offline (same model as thw wcache entries)
(c) Delay idmap backend initialization when offline
as the backend routines will not be called until we go
online anyways. This prevents idmap_init() from failing
when a backend's init() function fails becuase of lack of
network connectivity
(This used to be commit 4086ef15b395f1a536fb669af2103a33ecc14de4)
|
|
and the krb5 tkt cache could not be created due to clock skew.
(This used to be commit 24616f7d6be40b090dc74851b1ea7d09d6976811)
|
|
is initialized.
(This used to be commit ef0304268284df7166ecd1b17328076e7ce40de9)
|
|
* Rely on the fact that name2sid will work for any name
in a trusted domain will work against our primary domain
(even in the absense of an incoming trust path)
* Only logons will reliably work and the idmap backend
is responsible for being able to manage id's without contacting
the trusted domain
* "getent passwd" and "getent group" for trusted users and groups
will work but we cannot get the group membership of a user in any
fashion without the user first logging on (via NTLM or krb5)
and the netsamlogon_cache being updated.
(This used to be commit dee2bce2af6aab8308dcef4109cc5248cfba5ef5)
|
|
need some fixing here for a Samba DC)
(This used to be commit 3d2123383d9dab6f0c8832e0f04238aa9a972c70)
|
|
daemon to manage the complete trusted domain cache
(This used to be commit 3a9152a2acfc7b615a5c6b8764ea9462443f00d1)
|
|
when calling the async lookupsid() routine
(This used to be commit 3d814862af7382a9ea56b2c8d3cc9a31dca4bdb6)
|
|
(This used to be commit aa2ac5a1944884586c9f7e97c3a0b1b6c418b554)
|
|
information return from our DC in the DsEnumerateDomainTrusts()
call. If the fails, we callback ot the older
connect-to-the-remote-domain method.
Note that this means we can only reliably expect the native_mode
flag to be set for our own domain as this information in not
available outside our primary domain from the trusted information.
This is ok as we only really need the flag when trying to
determine to enumerate domain local groups via RPC.
Use the AD flag rather than the native_mode flag when using
ldap to obtain the seq_num for a domain.
(This used to be commit 4b4148a9642f03b8f27dda2132708bcc0cbb3b8e)
|
|
(a) Query our primary domain for trusts
(b) Query all tree roots in our forest
(c) Query all forest roots in trusted forests.
This will give us a complete trust topology including
domains via transitive Krb5 trusts. We also store the
trust type, flags, and attributes so we can determine
one-way trusted domains (outgoing only trust path).
Patch for one-way trusts coming in a later check-in.
"wbinfo -m" now lists all domains in the domain_list() as held
by the main winbindd process.
(This used to be commit 9cf6068f1e0a1063d331af17aa493140497b96ef)
|
|
to use the same code path after we resolve the name/gid to
a SID. Use the async lookupname/lookupsid interface.
(This used to be commit d12b8147d6bd34fad680cb8705dc6d7bbea1db12)
|
|
same heuristic. First try our DC and then try a DC in the
root of our forest. Use a temporary state since
winbindd_lookupXXX_async() is called from various winbindd
API entry points.
Note this will break the compile. That will be fixed in the
next commit.
(This used to be commit b442644bac2a7d5853440254257ca34a8e7c25de)
|
|
(This used to be commit 2ab617fbbffbd6bf98ee02150f62b87a2610531f)
|
|
list of trusted domains without requiring each winbindd process
to aquire this on its own. This is needed for various idmap
plugins and for dealing with different trust topoligies.
list_trusted_domain() patches coming next.
(This used to be commit 2da62a3d965a9701e16e644fd6bc728b43f28489)
|
|
(This used to be commit cd55ccef6a1d0c95836feeb5efb5abcaedb35df2)
|
|
laptop :-)
(This used to be commit 7460511c4e92f6fdde430d0c56bbb72377e80b4b)
|
|
Thanks to Tom Bork for reporting this!
Volker
(This used to be commit 3f956d345143f64f57c02419eb8494c6ed51ce59)
|
|
(This used to be commit 3a2ca1b1b85e268928587287f61d26f992b303a5)
|
|
lock_struct *
(This used to be commit 8e0e278961ebf2fa4301874d522636699ace1b9b)
|
|
Jerry, please add this for 3.0.25 final
(This used to be commit e04ca2d7f8ea2d4c70c2a35201a98c5ecd672d59)
|
|
Jeremy.
(This used to be commit c73963a60ad2d35d69d1ac4c02e24f3272efdd87)
|
|
to examine parse_misc.c fix.
Jeremy.
(This used to be commit 80d981265cd3bc9d73c5da3c514ec736e2dfa73a)
|
|
before talloc.
Jeremy.
(This used to be commit 9e4c6ab7392b2dbaccfaced88d3bc7502ff073ee)
|
|
winbindd's kerberized pam_auth use that.
Guenther
(This used to be commit 0f436eab5b2e5891c341c27cb22db52a72bf1af7)
|
|
NTSTATUS
codes directly out of the krb5_error edata.
Guenther
(This used to be commit dcd902f24a59288bbb7400d59c0afc0c8303ed69)
|
|
Guenther
(This used to be commit 997ded4e3f0dc2199b9a66a9485c919c16fbabc6)
|
|
- add AC_GNU_SOURCE macro for systems which don't have it
(sles8)
- fix compiler warning on some systems
metze
(This used to be commit cb785d9bed23fdf930bbd059eeeba5bde04af829)
|
|
Forgot those
in the previous commit.
Guenther
(This used to be commit fce2fe9903417f4ee58a1ddc03ad0083109b7c50)
|
|
(This used to be commit 435a6e5e82b5910acc116f211f1dfc3fe32a43ca)
|
|
(This used to be commit e93d33b4631e634499b2e74c31d483d306d10367)
|
|
by making
netsamlogon_cache_get() return a talloc'ed structure.
Guenther
(This used to be commit 5b149967cc3ab68057db015e67b688c9b9577f0d)
|
|
(This used to be commit 565d7d0b18f18ba11f186667df95bc608a179efa)
|
|
Guenther
(This used to be commit 65a2701f36439db37e8cd6067be69e8ffdc4615b)
|
|
offline.
Guenther
(This used to be commit 37f9f466fd05bb06d8539bdb2cb72a730c2af4f4)
|
|
(This used to be commit 232c5c65578e3cddffe7e6ed996de7fc42b32f48)
|
|
We certainly don't want to crash winbind on each sucessfull
centry_uint{8,16,32,64} read.
Jeremy, please check :-)
Guenther
(This used to be commit bfcd10766bcac1d50f7624bbe5a72eca57b5e278)
|
|
(This used to be commit 4c58b6b1946bf61b24cbdb3c331fee3d48a6b7d2)
|
|
sid_check_is_in_our_domain getting out of sync.
(This used to be commit bbc102172abcb5f7c5c9e777536d7c17afe8b355)
|
|
was correct
(This used to be commit cf11b4314987d4d429d09e073c5294d3a9977c52)
|
|
(This used to be commit 6999d578aebab4e3216200be1d884caa3578ecc2)
|
|
make we found is what will be run when the user invokes "make".
(This used to be commit e3802961c1895f260f04a7955a2a182d657248a0)
|
|
(This used to be commit d4c5d5ffb30fe50abb828067b047d5eb61038ddf)
|