Age | Commit message (Collapse) | Author | Files | Lines |
|
to be able to handle SIDs in the S-1-22-{1,2} domain in order
for winbindd_sid_to_uid(), et. al. to succeed. For 3.0.25a,
we will short circuit in the sid_to_uid() family of functions
so that smbd is ok.
For 3.0.26, we need to allow winbindd to handle all types of SIDs.
(This used to be commit d70cec31965de41d3296c9b585ff0aea4f2bcffe)
|
|
(a) Ignore the negative cache when the domain is offline
(b) don't delete expired entries from the cache as these
can be used when offline (same model as thw wcache entries)
(c) Delay idmap backend initialization when offline
as the backend routines will not be called until we go
online anyways. This prevents idmap_init() from failing
when a backend's init() function fails becuase of lack of
network connectivity
(This used to be commit 4086ef15b395f1a536fb669af2103a33ecc14de4)
|
|
to examine parse_misc.c fix.
Jeremy.
(This used to be commit 80d981265cd3bc9d73c5da3c514ec736e2dfa73a)
|
|
That should be it....
Jeremy.
(This used to be commit 603233a98bbf65467c8b4f04719d771c70b3b4c9)
|
|
calls. No functional changes. Looks bigger than it is :-).
Jeremy.
(This used to be commit f6fa3080fee1b20df9f1968500840a88cf0ee592)
|
|
Previous code would always fill in "idmap backend = tdb"
even if you defined idmap domains. My fault. I should
have tested the original patch more before committing.
(This used to be commit a60c3f6a5a92722552197f7ab133f2ec3af377f9)
|
|
plugin when neither idmap domains nor idmap backend have
been defined.
(This used to be commit 2fa12753da22551c9d5e6ca1bea95884e02ef7b2)
|
|
loop when allocating a new id for a SID:
auth_util.patch Revert create_local_token() to
the 3.0.24 codebase
idmap_type.patch Have the caller fillin the
id_map.xid.type field when
resolving a SID so that if we allocate
a new id, we know what type to use
winbindd_api.patch Remove the WINBINDD_SIDS_TO_XIDS calls
from the public winbindd interface
for the 3.0.25 release
idmap_rid.patch Cleanup the idmap_rid backend to not
call back into winbindd to resolve
the SID in order to verify it's type.
(This used to be commit 3b24dae9e73b244540a68b631b428a4d0f57440b)
|
|
(tdb_delete_bystring instead of tdb_delete is used here)
(This used to be commit ee40cead097ed2c005f5f80b24c9f681e054849a)
|
|
We just let domname and name hang on the mem ctx until the call returns,
and the context will be destroyed.
Simo.
(This used to be commit c38d8396c513d4c418f64b27a9f7c25757388674)
|
|
to 3_0_25
if appropriate.
Volker
(This used to be commit 6a4f6c5177b4837fe7a238f067abbc5739ab0812)
|
|
This hack makes thing work, but we will need to try again to
make the getpw* calls fully async, that's the real fix.
(This used to be commit 2552859b3d9e28d5f25b339f5d24a8d2dc36b46b)
|
|
crashes in allocate_id().
BUG 4501: Fix segv in idmap_ad caused by resetting the
entry iterator when parsing search results.
(This used to be commit bd6ebbfb9fb9d95bdf41eab1fd134170fcf6b6bf)
|
|
uid/gid allocation if no idmap alloca backend has been
defined and we are not using a 3.0.24 idmap backend
compatible configuration.
(This used to be commit 0b700456f45d2bdfe8538bcfd0fce8ec2b9c3adb)
|
|
log the fact there
and remove the specific, but redundant, code in idmap_ad.c
(This used to be commit f127803734f9ae16e400b8a91e1e1910fd49b7f3)
|
|
domain to a uid.gid using the idmap_passdb backend.
(This used to be commit fc1aeee52d8cb6c8d5d306dbbec18127bd2674bc)
|
|
idmap domains as these should only be handled by the
winbindd_passdb.c backend
* Allow the alloc init to fail for backwards compatible
configurations like
idmap backend = ad
idmap uid = 1000-100000
....
* Remove the deprecated flags from idmap backend, et. al.
These are mutually exclusive with the new configuration
options (idmap domains). Logging annoying messages
about deprecated parameters is confusing. So we'll try
this apprpach for now.
(This used to be commit 5e30807b4e9c0211c9e2c02deee94543e8f0d855)
|
|
so they can honor the offline logon state.
(This used to be commit 15b13dfe81e861b94077c94b80117a85a5ffb999)
|
|
(This used to be commit b5fd72282da85f50a040fd949752bc71023ff055)
|
|
(This used to be commit 5c3edad86098c5271cb141b8f7885ca7f5b48072)
|
|
from both idmap_ldap_{alloc,db}_init()
* Fix the backwards compat support in idmap_ldap.c
* Fix a spelling error in the idmap_fetch_secret() function name
(This used to be commit 615a10435618abb89852910a0d36c1d9ff35647f)
|
|
(This used to be commit 01af19cc9d8e282ffd6ff6b52699ed2d0369ff69)
|
|
domain SID lookups through the struct winbindd_domain *domain_list
by searching by name.
Refactor the order lookup when searching for the correct idmap_domain
to a single function and remove the requirement that the default
domain be listed first in the config file.
I would still like to make the idmap_domain array a linked list and
remove the existing code which makes use of indexes into the list.
Basic testing with tdb pans out ok.
(This used to be commit e6c300829ff08dd354f6e9460d396261681e4809)
|
|
This change is needed to make it possible to not expire
caches in disconnected mode.
Jerry, please can you look at this and confirm it is ok?
Simo.
(This used to be commit 9e8715e4e15d9cede8f4aa9652642995392617e6)
|
|
Make sure we route all request to remote DCs via the main process
so that IDMAP can correctly reuse DC connections and use the
async interface.
This fixes also idmap_nss so that it is able to resolve local
group names (requires patch on the samba dc earlier committed
to SAMBA_3_0 to make it resolve both the mapped and the unmapped
name).
Simo.
(This used to be commit 4297510f22c3fd60afd062e3c5eb142be2122b16)
|
|
A reversed check made it impossile to fallback to the Unix Domain mapping code.
Also fix a potential use of a freed array.
Jerry,
my tests shows that this code now correctly handle the fallback to Unix Domain
when our Domain member is asked for a mapped group that has a unix name different
from the Windows name against a Samba DC and we do not use winbindd but share
users/groups by other means (ldap / sync of passwd and group files)
Immediate Fix would be to discuss if we should answer back when DOMAIN\unixgroup -> SID
is asked for, in the case the unixgroup name is mapped to a different name.
IE: DOMAIN\Domain Admins -> ntadmins
Currently if we are asked for "DOMAIN\Domain Admins" we return the dom admins SID
If we are asked for "DOMAIN\ntadmins we return "not found", but we may consider to
return the Domain admins SID in this case too.
Comments are welcome on this point!
Long term fix I think is the unixinfo pipe and of course an idmap_unixinfo moudle.
Simo.
(This used to be commit 07bdbb4c215461a721f9b608bd375387b96ababb)
|
|
Simo.
(This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)
|