summaryrefslogtreecommitdiff
path: root/source3/nsswitch/idmap.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r22713: Offline logon fixes for idmap manager:Gerald Carter1-1/+23
(a) Ignore the negative cache when the domain is offline (b) don't delete expired entries from the cache as these can be used when offline (same model as thw wcache entries) (c) Delay idmap backend initialization when offline as the backend routines will not be called until we go online anyways. This prevents idmap_init() from failing when a backend's init() function fails becuase of lack of network connectivity (This used to be commit 4086ef15b395f1a536fb669af2103a33ecc14de4)
2007-10-10r22675: Simo's patch for 0 size allocation. Still needJeremy Allison1-9/+8
to examine parse_misc.c fix. Jeremy. (This used to be commit 80d981265cd3bc9d73c5da3c514ec736e2dfa73a)
2007-10-10r22590: Make TALLOC_ARRAY consistent across all uses.Jeremy Allison1-3/+9
That should be it.... Jeremy. (This used to be commit 603233a98bbf65467c8b4f04719d771c70b3b4c9)
2007-10-10r22542: Move over to using the _strict varients of the tallocJeremy Allison1-8/+8
calls. No functional changes. Looks bigger than it is :-). Jeremy. (This used to be commit f6fa3080fee1b20df9f1968500840a88cf0ee592)
2007-10-10r22473: Correct fix for setting a default compat tdb idmap backend.Gerald Carter1-29/+30
Previous code would always fill in "idmap backend = tdb" even if you defined idmap domains. My fault. I should have tested the original patch more before committing. (This used to be commit a60c3f6a5a92722552197f7ab133f2ec3af377f9)
2007-10-10r22447: Patch from Ying Li <ying.li2@hp.com> to default tdb idmapGerald Carter1-0/+8
plugin when neither idmap domains nor idmap backend have been defined. (This used to be commit 2fa12753da22551c9d5e6ca1bea95884e02ef7b2)
2007-10-10r22390: Patchset sent to samba-technical to address the winbindGerald Carter1-77/+34
loop when allocating a new id for a SID: auth_util.patch Revert create_local_token() to the 3.0.24 codebase idmap_type.patch Have the caller fillin the id_map.xid.type field when resolving a SID so that if we allocate a new id, we know what type to use winbindd_api.patch Remove the WINBINDD_SIDS_TO_XIDS calls from the public winbindd interface for the 3.0.25 release idmap_rid.patch Cleanup the idmap_rid backend to not call back into winbindd to resolve the SID in order to verify it's type. (This used to be commit 3b24dae9e73b244540a68b631b428a4d0f57440b)
2007-10-10r22343: Commit to 3_0 as well after adapting the patch.Simo Sorce1-100/+144
(tdb_delete_bystring instead of tdb_delete is used here) (This used to be commit ee40cead097ed2c005f5f80b24c9f681e054849a)
2007-10-10r22230: Let's just cast here, the 2 calls have different allocation mechanisms.Simo Sorce1-7/+9
We just let domname and name hang on the mem ctx until the call returns, and the context will be destroyed. Simo. (This used to be commit c38d8396c513d4c418f64b27a9f7c25757388674)
2007-10-10r22214: Fix incompatible pointer type warnings. Simo, please check and merge ↵Volker Lendecke1-1/+5
to 3_0_25 if appropriate. Volker (This used to be commit 6a4f6c5177b4837fe7a238f067abbc5739ab0812)
2007-10-10r22204: Workaround to quickly close bug #4508Simo Sorce1-6/+30
This hack makes thing work, but we will need to try again to make the getpw* calls fully async, that's the real fix. (This used to be commit 2552859b3d9e28d5f25b339f5d24a8d2dc36b46b)
2007-10-10r22173: BUG 4491, 4501: Additional fixes for protecting againstGerald Carter1-33/+47
crashes in allocate_id(). BUG 4501: Fix segv in idmap_ad caused by resetting the entry iterator when parsing search results. (This used to be commit bd6ebbfb9fb9d95bdf41eab1fd134170fcf6b6bf)
2007-10-10r22159: BUG 4501 (second half of fix): Just disable theGerald Carter1-8/+8
uid/gid allocation if no idmap alloca backend has been defined and we are not using a 3.0.24 idmap backend compatible configuration. (This used to be commit 0b700456f45d2bdfe8538bcfd0fce8ec2b9c3adb)
2007-10-10r22109: Readonly is automatically set in the generic init code, let's just ↵Simo Sorce1-0/+1
log the fact there and remove the specific, but redundant, code in idmap_ad.c (This used to be commit f127803734f9ae16e400b8a91e1e1910fd49b7f3)
2007-10-10r22066: Ensure that winbind can resolve SIDs in the S-1-22-{1,2}Gerald Carter1-1/+3
domain to a uid.gid using the idmap_passdb backend. (This used to be commit fc1aeee52d8cb6c8d5d306dbbec18127bd2674bc)
2007-10-10r21884: * Blacklist BUILTIN and MACHINE domains from theGerald Carter1-13/+26
idmap domains as these should only be handled by the winbindd_passdb.c backend * Allow the alloc init to fail for backwards compatible configurations like idmap backend = ad idmap uid = 1000-100000 .... * Remove the deprecated flags from idmap backend, et. al. These are mutually exclusive with the new configuration options (idmap domains). Logging annoying messages about deprecated parameters is confusing. So we'll try this apprpach for now. (This used to be commit 5e30807b4e9c0211c9e2c02deee94543e8f0d855)
2007-10-10r21616: Delay initialization of idmap and nss_info backends until necessaryGerald Carter1-8/+65
so they can honor the offline logon state. (This used to be commit 15b13dfe81e861b94077c94b80117a85a5ffb999)
2007-10-10r21548: prevent segv (reference to -1 element of array)Herb Lewis1-1/+2
(This used to be commit b5fd72282da85f50a040fd949752bc71023ff055)
2007-10-10r21284: Fix some unitilized variable warnings pointed out by Volker.Gerald Carter1-4/+6
(This used to be commit 5c3edad86098c5271cb141b8f7885ca7f5b48072)
2007-10-10r21182: * Refactor the code to obtain the LDAP connection credentialsGerald Carter1-4/+6
from both idmap_ldap_{alloc,db}_init() * Fix the backwards compat support in idmap_ldap.c * Fix a spelling error in the idmap_fetch_secret() function name (This used to be commit 615a10435618abb89852910a0d36c1d9ff35647f)
2007-10-10r21180: fix backwards compatible idmap backends parameter parsingGerald Carter1-6/+17
(This used to be commit 01af19cc9d8e282ffd6ff6b52699ed2d0369ff69)
2007-10-10r20951: Remove the DOM_SID field in the struct idmap_domain and bounceGerald Carter1-130/+109
domain SID lookups through the struct winbindd_domain *domain_list by searching by name. Refactor the order lookup when searching for the correct idmap_domain to a single function and remove the requirement that the default domain be listed first in the config file. I would still like to make the idmap_domain array a linked list and remove the existing code which makes use of indexes into the list. Basic testing with tdb pans out ok. (This used to be commit e6c300829ff08dd354f6e9460d396261681e4809)
2007-10-10r20774: I thought I committed this before Xmas holidays ...Simo Sorce1-23/+30
This change is needed to make it possible to not expire caches in disconnected mode. Jerry, please can you look at this and confirm it is ok? Simo. (This used to be commit 9e8715e4e15d9cede8f4aa9652642995392617e6)
2007-10-10r20289: IDMAP is part of winbind but not the main process.Simo Sorce1-2/+9
Make sure we route all request to remote DCs via the main process so that IDMAP can correctly reuse DC connections and use the async interface. This fixes also idmap_nss so that it is able to resolve local group names (requires patch on the samba dc earlier committed to SAMBA_3_0 to make it resolve both the mapped and the unmapped name). Simo. (This used to be commit 4297510f22c3fd60afd062e3c5eb142be2122b16)
2007-10-10r20216: Fix fallback code.Simo Sorce1-11/+13
A reversed check made it impossile to fallback to the Unix Domain mapping code. Also fix a potential use of a freed array. Jerry, my tests shows that this code now correctly handle the fallback to Unix Domain when our Domain member is asked for a mapped group that has a unix name different from the Windows name against a Samba DC and we do not use winbindd but share users/groups by other means (ldap / sync of passwd and group files) Immediate Fix would be to discuss if we should answer back when DOMAIN\unixgroup -> SID is asked for, in the case the unixgroup name is mapped to a different name. IE: DOMAIN\Domain Admins -> ntadmins Currently if we are asked for "DOMAIN\Domain Admins" we return the dom admins SID If we are asked for "DOMAIN\ntadmins we return "not found", but we may consider to return the Domain admins SID in this case too. Comments are welcome on this point! Long term fix I think is the unixinfo pipe and of course an idmap_unixinfo moudle. Simo. (This used to be commit 07bdbb4c215461a721f9b608bd375387b96ababb)
2007-10-10r20116: Start merging in the work done to create the new idmap subsystem.Simo Sorce1-0/+1299
Simo. (This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)