| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* check negative connection cache before ads_try_connect()
in ads_find_dc()
(This used to be commit 2a76101a3a31f5fca2f444b25e3f0486f7ef406f)
|
|
(This used to be commit ef978bd851431da373e005177504dbef2611cf4f)
|
|
*) consolidates the dc location routines again (dns
and netbios) get_dc_list() or get_sorted_dc_list()
is the authoritative means of locating DC's again.
(also inludes a flag to get_dc_list() to define
if this should be a DNS only lookup or not)
(however, if you set "name resolve order = hosts wins"
you could still get DNS queries for domain name IFF
ldap_domain2hostlist() fails. The answer? Fix your DNS
setup)
*) enabled DOMAIN<0x1c> lookups to be funneled through
resolve_hosts resulting in a call to ldap_domain2hostlist()
if lp_security() == SEC_ADS
*) enables name cache for winbind ADS backend
*) enable the negative connection cache for winbind
ADS backend
*) removes some old dead code
*) consolidates some duplicate code
*) moves the internal_name_resolve() to use an IP/port pair
to deal with SRV RR dns replies. The namecache code
also supports the IP:port syntax now as well.
*) removes 'ads server' and moves the functionality back
into 'password server' (which can support "hostname:port"
syntax now but works fine with defaults depending on
the value of lp_security())
(This used to be commit d7f7fcda425bef380441509734eca33da943c091)
|
|
The functions are unchanged. Next step is to make idmap_ldap use them.
Andrew Bartlett
(This used to be commit 57617a0f8c84f9ced4df2901811ce5a5a5ae005e)
|
|
I think the lesson to take away here is that refactoring configure.in
is a hazardous task and should only be attempted if you have a lot
of time and patience!
(This used to be commit 5ba121ac9d75de72261521cb1066ed585b68c307)
|
|
Clean up the init a little bit, less nested if-statements.
Agreed upon with Simo.
Volker
(This used to be commit fdcfefd7f1be55307ccd59290efd249981198e1e)
|
|
Set back 3.0 to use only winbindd_idmap.tdb as idmap database as told on
samba-technical.
Tested and working so far.
(This used to be commit e154e50fed8968567f75fcd581de2b41914ea2c1)
|
|
I think we are done with MIT Kerberos for the moment. The Heimdal detection
looks like it has been broken for ages so it's next on the list.
(This used to be commit 7690a722f99485f717215787db168f6878422f2f)
|
|
detection. On Solaris 9 extra libraries -lber and -lresolv are
required for Kerberos tests. We used to have an extra check for
-lresolv only but I think the correct solution is not to forget about it
in the first place.
This should fix bug #125 although I don't have access to a
system to test it out on.
(This used to be commit 4ddfab4a572782cd83588eff4fbb599f6c4e770c)
|
|
Jeremy.
(This used to be commit a118648d9505d54850ffad1e9ce7a2c3d279df9f)
|
|
Jeremy.
(This used to be commit 705915d9f71504f8ae04444352c80811c5a6f1ac)
|
|
causes mapping to dissapear...
Jeremy.
(This used to be commit bdffc81c9d1eeab26e4dba017a99bb9cc9131493)
|
|
branch.
Jeremy.
(This used to be commit 19629b41cb9b5e5f9e0d4a6d52af983a4d05c8cb)
|
|
Jeremy.
(This used to be commit a411923aa2eba9dac49efb68ed31650c11b5c33d)
|
|
Reviewed by vl, metze.
Andrew Bartlett
(This used to be commit 9804ad458ad35c9ea7de3e2e86bf8b2f85ae6533)
|
|
(This used to be commit 73e13b9bafa070a1dceaf21a0e098dda207ba7fd)
|
|
pre-2.2.4 tdb database format.
tx volker for your work on this
(This used to be commit 2bdbeb9e97a59ecd16f74fbb04ab5ca57b28a757)
|
|
when we have already decided that we can't do it.
(This used to be commit db792ed530da4e040084d4b42b716ffdcdd13bd3)
|
|
explicitly
configured using --with-ads then give an error, otherwise fall back to compiling
without ADS.
Tested on redhat 8.0 with and without MIT kerberos packages installed. Metze,
let me know if this is working OK for you now!
(This used to be commit 7ea81535b8180314acbf0873104a8c942ce4ec14)
|
|
the requested parts of the ACL.
Jeremy.
(This used to be commit c35a88201c619f0ebbaf38adbd0ec2af77e23981)
|
|
Jeremy.
(This used to be commit 076d9a3c9bc264d9456a67da9366bd73d3ce69d5)
|
|
Jeremy.
(This used to be commit a97f25c78591db3f6326610ea62b183fa3b9434d)
|
|
Hopefully will fix jcmd bugs :-).
Jeremy.
(This used to be commit 482e6c79edefc8aaacbb37f807d2076e59b40e26)
|
|
* move back to qsort() for sorting IP address in get_dc_list()
* remove dc_name_cache in cm_get_dc_name() since it slowed
things down more than it helped. I've made a note of where
to add in the negative connection cache in the ads code.
Will come back to that.
* fix rpcclient to use PRINTER_ALL_ACCESS for set printer (instead
of MAX_ALLOWED)
* only enumerate domain local groups in our domain
* simplify ldap search for seqnum in winbindd's rpc backend
(This used to be commit f8cab8635b02b205b4031279cedd804c1fb22c5b)
|
|
(This used to be commit 3918fffc7f07202f4c0b940f877184eea7561135)
|
|
(This used to be commit d376b67de9ff7a43c9c03c8640d9fe1671d223cb)
|
|
(This used to be commit 944480b89a829f159cabff100d83a72400aa6b6c)
|
|
(This used to be commit 71907f32ba9c8700ba185b565a50c55a3a451758)
|
|
until I repair my destroyed development system and check in a proper
fix for this.
(This used to be commit efad5dab522c466ae9e6bc114d0a0e6d1a7ed06d)
|
|
failure
* Fix code to use winbind_rpc methods for trusted mixed mode or NT4 domains
( does no one ever test this? )
* add in LDAP code to get the sequence number for rpc based seqnum update.
( this is needed if the DC is upgraded and samba is not reconfigured
to use security = ads; it's not pretty but it works (from app_head) )
* fix bug that caused us to enumerate domain local groups in domains
other than our own
(This used to be commit 14f2cd139a22454571cea8475d3b7c5c2787d378)
|
|
have krb5.h
Should fix bug 152.
(This used to be commit 82d3dd757be5c56fdeb97e66f64ec25d5e202614)
|
|
make it easier to understand/debug.
(This used to be commit 86b6ff134c2631be1346cea1cd7a17ae815a3759)
|
|
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK
This patch will cure the problem.
Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is
used correctly, but I'm not 100% sure, coders should check the use of
NT_STATUS_IS_ERR() in samba is ok now.
Simo.
(This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
|
|
This isn't C++ - start your code *after* all the variables are declared...
Andrew Bartlett
(This used to be commit b7760faedc2181538ffc325e727808e6df8f943f)
|
|
Volker
(This used to be commit 2ec8d1ff88d3984a317a4a53ca3a299e8a68a9d7)
|
|
groupmap'. The correct way to implement this stuff is via a function
table, as exampled in all the other parts of 'net'.
This also moves the idmap code into a new file. Volker, is this your
code? You might want to put your name on it.
Andrew Bartlett
(This used to be commit 477f2d9e390bb18d4f08d1cac9c981b73d628c4f)
|
|
The idea here is to eliminate the need to *set* the 'HWM' (High Water
Mark) in the tdb. Instead, each caller wanting to add an item to the
TDB uses the fact that an insert will *fail* if entry already exists.
More importantly, this means that we don't need to know the value of the
idmap uid/gid values when setting arbitrary entries, which can occur on
an smb.conf without such values specified.
Then all we need to do is loop until we get an id that will insert.
This means that the HWM does not need to be accurate, and we can have
IDs allocates safely above the HWM.
Setting the HWM to an arbitrary value was racy in the past - now we
don't even do it.
This patch also adds paranoia in reading the tdb - both the entry, and
it's reverse entry must be present. This means that we don't need to
'clean up' after an abnormal failure (which would probably fail too),
instead we rely on readers to ignore the half-completed entry. The way
this is done will allow SIDs to then allocated an ID when things are
normal again.
Andrew Bartlett
(This used to be commit 74709e159cdcd4dbcf138428a85067b38c4ebe64)
|
|
(This used to be commit 75081860af5ace873f53c361ec34d029b7864ff7)
|
|
This replaces the universal group caching code (was originally
based on that code). Only applies to the the RPC code.
One comment: domain local groups don't show up in 'getent group'
that's easy to fix.
Code has been tested against 2k domain but doesn't change anything
with respect to NT4 domains.
netsamlogon caching works pretty much like the universal group
caching code did but has had much more testing and puts winbind
mostly back in sync between branches.
(This used to be commit aac01dc7bc95c20ee21c93f3581e2375d9a894e1)
|
|
and pdb_ldap.
So far, it's just a function rename, so that the next patch can be a very
simple matter of copying functions, without worrying about what changed
in the process.
Also removes the 'static' pointers for the rebind procedures, replacing them
with a linked list of value/key lookups. (Only needed on older LDAP client
libs)
Andrew Bartlett
(This used to be commit f93167a7e1c56157481a934d2225fe19786a3bff)
|
|
Jeremy.
(This used to be commit fa8ca20ed440673d02ac5669f8d4c6623c1fdb6d)
|
|
(This used to be commit 897125a9dbbd3f921d944e7bb7c5694a130c5173)
|
|
Instead, spit out an error message.
(This used to be commit 22f083b227a6f03ae42b985e45e9c384982c6ed2)
|
|
(This used to be commit 7e7cf0dd98ec8e28c02cb9e36064eaf098339801)
|
|
when we are traversing a readonly dababase we should not try to
cleanup the pending-delete records
(This used to be commit f327c06108cd1a9146f4c24aa4274997be0b4fb4)
|
|
(This used to be commit 81abfec7faf8675391d017c2e4160cd77a1ab157)
|
|
(This used to be commit 7eea35ba9f02f465403c21f5c33461035ad56176)
|
|
this doesn't need to be done explicitly in the Kerberos checks.
Also there was a duplicate AC_CHECK_LIB(resolv, dn_expand) which is done
early on in the configure process.
(This used to be commit fa66e2e1e1186d8c8965e1a13d49f4af2e71a442)
|
|
dereference bugfixes but left out the gethostbyname (wins) tests pending
a nicer way to integrate it.
(This used to be commit a7e67aaffe13b2828861046013b51d62aa1db057)
|
|
Jeremy.
(This used to be commit 036a551b10f1cb436ea36acbb40983249de8310d)
|
