Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
According to the GNU libc nss guide, we should always set
errno to ENOENT when returning NSS_UNAVAIL.
http://www.gnu.org/software/libtool/manual/libc/NSS-Modules-Interface.html#NSS-Modules-Interface
At least the MQ Series message queing service that runs
on WebSphere will fail if you return any other errno in this case.
(This used to be commit ee26664602445fa7798e2061f6bcbef0756d6528)
|
|
metze
(This used to be commit 5f623f54a919cc687d0ff16c16038c05a501008d)
|
|
Jeremy.
(This used to be commit 331c0d6216e1a1607a49ed7eb4078e10138ec16a)
|
|
allow overwritting the location of the WINBINDD_SOCKET_DIR
via an environment variable
metze
(This used to be commit 93bdd2724cc711005a5f2f223b499199394e78e7)
|
|
init_request => winbindd_init_request
free_response => winbindd_free_response
read_reply => winbindd_read_reply
write_sock => winbind_write_sock
read_sock => winbind_read_sock
close_sock => winbind_close_sock(void)
metze
(This used to be commit 8a95d7a7edcfa5e45bccc6eda5c45d9c308cb95d)
|
|
in winbind client and nss/pam stuff
metze
(This used to be commit 2e13e05fa91788bd128e6940bccc0d2cc7140986)
|
|
request
specfic and generic flags in a winbindd_request.
It turns out that the WBFLAG_RECURSE flag is the only non-PAM specific flag we
put into the "flags" field of a winbind request anyway. Now each request
command can use the entire space of the "flags" field.
Guenther
(This used to be commit 18b29763d1ea0e9198f45bafa460dd68cb69a3d5)
|
|
Guenther
(This used to be commit a30549bbf4521232158262e117219b0fa8f5eb74)
|
|
Guenther
(This used to be commit f62292c5a1bcae2bfa10632014c5ac06dd1f50bb)
|
|
of the number of bytes read in the last of possibly several
read calls.
This was noted by Metze.
Michael
(This used to be commit 0193a49223c6314e2834c89fff9920ae7edc4f8a)
|
|
not GNU Library General Public License
(This used to be commit 727a6cf2cba8da6b40610409b264e86e6908eb0c)
|
|
(This used to be commit f3df6cd87e1927f41e95af51d750a71278282e15)
|
|
We can talk about this later if you still feel that strongly
but I need to fix the build for now.
(This used to be commit c7df0cad8257333c6a8dfd98818269a783ba7a26)
|
|
I am afraid I was basically off the net for the day
(This used to be commit 08c29abc03267b0dfb41cec3734653a536027a10)
|
|
decides smbd
to be idle it might happen that smbd needs to do a winbind operation (for
example sid2name) as non-root. This then fails to get the privileged
pipe. When later on on the same connection another authentication request
comes in, we try to do the CRAP auth via the non-privileged pipe.
This adds a winbindd_priv_request_response() request that kills the existing
winbind pipe connection if it's not privileged.
Volker
(This used to be commit e5741e27c4c22702c9f8b07877641fecc7eef39c)
|
|
(This used to be commit 9fe5f7885771e68b11c7794653d0e4771eeac403)
|
|
allow detection of libbiconv if all others fail - need for FreeBSD
(This used to be commit 7acc9421b0643cb04bff1f1d98ecb899f9b09601)
|
|
(This used to be commit 509ae5ffa17be340c41fecaaace75816c18316c6)
|
|
more no previous prototype warnings
(This used to be commit 41be182f78762372ae13759ede5d2bd40a71d7f5)
|
|
make the change before theprevious commit.
(This used to be commit 815388c4c8be1274359679077a120fec4cc39b0f)
|
|
winbindd and fail to disable the _NO_WINBIND environment.
(This used to be commit a6366b40b3967853c20ca5399021108f09ffd505)
|
|
(This used to be commit 21c8fa2fc8bfd35d203b089ff61efc7c292b4dc0)
|
|
winbindd server
(This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
|
|
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
...
Fix my brain dead inverted logic for turning winbindd on and off
when run on a DC or when calling pdb functions from within winbindd.
(This used to be commit 021b3dc2db9fb422ede4657a1f27ef7ef2d22cee)
|
|
* depreacte 'acl group control' after discussion with Jeremy
and implement functionality as part of 'dos filemode'
* fix winbindd on a non-member server to expand local groups
* prevent code previously only used by smbd from blindly
turning _NO_WINBINDD back on
(This used to be commit 4ab372f4cab22225716b5c9a9a08f0c1dbc9928d)
|
|
Jeremy.
(This used to be commit 6ae15544ccfc3ff5d97565ad41ba7f57c7d29b0f)
|
|
x86_64 box.
Jeremy.
(This used to be commit d720867a788c735e56d53d63265255830ec21208)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
<steuwer@univention.de>.
Jeremy.
(This used to be commit 6795c818a3d63737d5b40faffa3a0b91c71b427b)
|
|
(This used to be commit 623d2e69319ffead31a780a4d6156dae45f386d7)
|
|
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
|
|
winbind idle connection closing logic is getting invoked under high loads for
clients which may already have commands in the pipe. This race condition
causes clients to fail with NSS_STATUS_UNAVAIL sometimes. We now retry several
times hoping (still not guaranteed, though) it will work.
(This used to be commit 05c04cfd2526b8b9a82916b5dffc18bf27c3f198)
|
|
(This used to be commit 8f78ee6abab9c1dd3e8b15ea3d1d96a651ee0426)
|
|
1. using smbc_getxattr() et al, one may now request all access control
entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
provided by smbc_getxattr() et al, when requesting all attributes,
all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
compiler flags are in use. removed -Wcast-qual flag from list, as that
is specifically to force warnings in the case of casting away qualifiers.
Note: In the process of eliminating compiler warnings, a few nasties were
discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces
are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
kerberos interfaces are being used. Someone who knows kerberos
should look at these and determine if there is an alternate method
of accomplishing the task.
(This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)
|
|
Jeremy.
(This used to be commit 3399727864f3aa8981f022254dfed622fcb50c49)
|
|
pipe in non-blocking mode to prevent process hang.
Jeremy.
(This used to be commit dece22de8e0bd18ee5a152dea7f682ae04e5cba0)
|
|
functions.
(This used to be commit 7710232ba21305a1e3c9523ace82a5a419526b50)
|
|
platforms don't have setenv().
(This used to be commit a8b487c4cb5d181e59755f49063512b2729bccb5)
|
|
(This used to be commit 1482933089bd1e6114ad29d77ce229482f2d161b)
|
|
DEBUG() should not be called in winbind client code as it's actually
dynamically linked by glibc into programs that use the nsswitch
database functions.
(This used to be commit 90380a684af244175d216344101e734c85220a7b)
|
|
socket and add a comment to winbindd.c to explain the fancy calculation of
buffer offset.
(This used to be commit 7c7ef9680b7378e12ffdd0bf95ee7ad673bea2f5)
|
|
we might leak the extra_data somewhere else as well.
Volker
(This used to be commit 5d379345fa06f4253f67b40cb8127b70072db561)
|
|
* remove idmap_XX_to_XX calls from smbd. Move back to the
the winbind_XXX and local_XXX calls used in 2.2
* all uid/gid allocation must involve winbindd now
* move flags field around in winbindd_request struct
* add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id()
to prevent automatic allocation for unknown SIDs
* add 'winbind trusted domains only' parameter to force a domain member
server to use matching users names from /etc/passwd for its domain
(needed for domain member of a Samba domain)
* rename 'idmap only' to 'enable rid algorithm' for better clarity
(defaults to "yes")
code has been tested on
* domain member of native mode 2k domain
* ads domain member of native mode 2k domain
* domain member of NT4 domain
* domain member of Samba domain
* Samba PDC running winbindd with trusts
Logons tested using 2k clients and smbclient as domain users
and trusted users. Tested both 'winbind trusted domains only = [yes|no]'
This will be a long week of changes. The next item on the list is
winbindd_passdb.c & machine trust accounts not in /etc/passwd (done
via winbindd_passdb)
(This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
|
|
we now have to check the value for _NO_WINBINDD.
"1" enables, and != "1" disables (use "0" by convention).
(This used to be commit 11eccaef1dc61d80a7db8d0fb4bc5a47d71a4390)
|
|
NTLM Authentication:
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit ec071ca3dcbd3881dc08e6a8d7ac2ff0bcd57664)
|
|
(This used to be commit 0637f582fe1d41f8ef247e5989f84caa72162f05)
|
|
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
|
|
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|