Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
|
|
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
|
|
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE
(This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
|
|
(This used to be commit 25caa7c6279aca249e3554b61bbc3175b66883d3)
|
|
(This used to be commit 7c3da9b4db94add8c3cf93d8f8d1ae0e907b5b99)
|
|
(This used to be commit 71f6fb16ba9c75b96aea9b0b18f4b73b0d11a5ac)
|
|
(This used to be commit d31509fe88da8727521586dced1da2c73bfee2bc)
|
|
(This used to be commit 367a5cad1edf6a49783806d5a8b59a62d8856706)
|
|
(This used to be commit 568feee8977ee1be210344c8ab1896512894cba2)
|
|
change idmap_init call
removed ldap backend for winbind idmap, seem it had problems anyway and it
have to be reworked to work with idmap without calling winbind code.
simo
(This used to be commit 9d7d007443fc75264b2764b90f272ffc40c9be6c)
|
|
(This used to be commit 5f1fe04a87a407297eb9d4ad0e5c6bb35b33c067)
|
|
(This used to be commit 1d7400e679df136f03daf79788ea998c5a787f89)
|
|
(This changes the location of the winbindd privileged pipe)
(This used to be commit f111f10076c7797e5fd39edcc0aad7d860bb5ac5)
|
|
same functionality exists as "pool-usage".
Move initialisation of this and dmalloc messages inside message_init().
(This used to be commit af6ecafcbbf65dbedc49b3a86da39ce608bdadac)
|
|
Remove some useless arguments
(This used to be commit 8df30059ef100a4d5e21501d7746427b4d312589)
|
|
some double options and broke some parameters.
(This used to be commit d5f9b0275c91512e1926504f22aaeec2d104430d)
|
|
(This used to be commit 2ddfed298d7f0b6e690275725a39c3ef107077ae)
|
|
(This used to be commit 18d52ce914715d188966be95f9e4466666a04f74)
|
|
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
|
|
reason, during a Win2003 installation, when you select 'domain join' it sends
one machine name in the name exchange, and litraly 'machinename' during the
NTLMSSP login.
Also fix up winbindd's logfile handling, so that it matches smbd and nmbd.
(This helps me, by seperating the logs by pid).
Andrew Bartlett
(This used to be commit afe5a3832f79131fb74461577f1db0e5e8bf4b6d)
|
|
the unix domain sockets used by winbindd (also solves FD_SETSIZE problem
in winbindd to boot !). Adds a "last_access" field to winbindd connections,
and will close the oldest idle connection once the number of open connections
goes over WINBINDD_MAX_SIMULTANEOUS_CLIENTS (defined in local.h as 200
currently).
Jeremy.
(This used to be commit a82caefda49396641e8650db8a7ef51752ba6c41)
|
|
replace.c function).
(This used to be commit adad4c66fcfe756277de8c325ac9f8010f9d6f9c)
|
|
(Sorry - I should have checked this in yesterday but forgot)
(This used to be commit 7420ddcda8e7189cedacb2c60f5ea265b8c35bda)
|
|
of the SWAT code, and adding a base64 encoder.
The main purpose of this patch is to add NTLMSSP support to 'ntlm_auth', for
use with Squid. Unfortunetly the squid side doesn't quite support what we need
yet.
Changes to winbind to get us the info we need, and a couple of consequential
changes/cleanups in the rest of the code.
Andrew Bartlett
(This used to be commit fe50ca8f54ded2e119bde08831785fbe0db2ee99)
|
|
simpler as the rescanning of trusted domains helps us out a bit.
(This used to be commit 089729c02cb2088e85f0e7f8ec79afb58fe98be7)
|
|
(This used to be commit 4c48c475a28450ad4fd8dcc8263e841c0c39a80e)
|
|
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
(This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
|
|
named. Ensure we can query them.
Jeremy.
(This used to be commit 842e08e52a665ae678eea239759bb2de1a0d7b33)
|
|
can't create the socket.
Andrew Bartlett
(This used to be commit 13b9af53bff8e42126a38f93c3bdd5b4d9b20aba)
|
|
variable hack, the feild on the pipe, and the server-side.
It only controlled some enum operations in any case.
This is to try and have less 'magic' environment variables.
Andrew Bartlett
(This used to be commit e4be82e4e2c7cdf15f3e20f73fe9f281f6384423)
|
|
cache code.
This uses gencache, mimir's new caching code that stores at text-based cache
of various data.
Mimir has done a *lot* of work on this patch, and it is finally time to
get it in CVS.
Andrew Bartlett
(This used to be commit 47f3bfe9564e7f3aff60cefaefd599e0abb30a31)
|
|
before reading smb.conf parameters, not after.
(This used to be commit 2beebe252f8fc76366d38024b0578f83d8542d1d)
|
|
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
|
|
append writes.
(blessed by jra)
Andrew Bartlett
(This used to be commit 81633064dd196c40541ecece8def51745f514646)
|
|
the holding pattern when started up when security = user or security = ads.
Clean up return value of winbindd_common_init() - what a mess!
(This used to be commit 8a6d37752182e0de7fd04b2c31f90e145dde783b)
|
|
- move winbindd client handling into accessor functions in
winbindd_util.c
- move some winbindd socket routines into accessor functions in
winbindd_utils.c
(The deadlock situation mentioned in the appliance branch is probably
not applicable since we don't clear the connection cache on SIGHUP.
Perhaps we should?)
(This used to be commit 846b5494942c73e68616e7eae0d2fd5ae4b2bc05)
|
|
transitive trusts, and trusts that are added while winbindd is running
- removed an unnecessary call to time()
(This used to be commit 14489ff30bb9eca2c55d36a69c0b45a2db339061)
|
|
Jeremy.
(This used to be commit 042890056d5d4128eaaca346e7898ccda860dbe2)
|
|
pidfile before doing secrets_init().
Jeremy.
(This used to be commit f8a0e6ad8b25d405ff2bcb492974d2f0bef81036)
|
|
This allows external programs to correctly synchronise with us.
Jeremy.
(This used to be commit ffb7632d05191342ecfc5f78fbfd7beacfe257ad)
|
|
(This used to be commit e63afabf98350353fac79ffc2ae2ddf88d61260f)
|
|
(This used to be commit 86433a3492a3b70a051257940ae28ada8788a650)
|
|
Tridge suggested a generic caching mechanism for Samba to avoid the
proliferation of little cache files hanging around limpet like in the
locks directory. Someone should probably implement this at some
stage.
(This used to be commit dad31483b3bd1790356ef1e40ac62624a403bce8)
|
|
This updates the 'winbind' authentication module and winbind's 'PAM' (actually
netlogon) code to allow smbd to cache connections to the DC.
This is particulary relevent when we need mutex locks already - there is no
parallelism to be gained anyway.
The winbind code authenticates the user, and if successful, passes back the
'info3' struct describing the user. smbd then interprets that in exactly the
same way as an 'ntdomain' logon.
Also, add parinoia to winbind about null termination.
Andrew Bartlett
(This used to be commit 167f122b670d4ef67d78e6f79a2bae3f6e8d67df)
|
|
(This used to be commit 897cc4a610932e596f8a9807213166e380ef0203)
|
|
a getgr*() function that lists groups without numerating all the
group members. Instead of definiing a new nss method (which might
cause problems) I added an environment variable WINBIND_GETGRLST
that tells winbind not to fill in the group members in a gergrent()
request. This can speed up group listing by a factor of 20 or more
(on my test system with 50000 groups it reduces the time from an hour
to 2 minutes)
(This used to be commit e3f73256d31ab9914daae49f41e984a534996870)
|
|
Jeremy.
(This used to be commit 2c1e78702423ba17993975eb7f158058cc7f229f)
|
|
(This used to be commit 1c3c0d7cb64caa6be7ee6d786fe400a1d6944a72)
|
|
prototype
(This used to be commit fdfde9b84cf825d84316344fea5af43a9b8ebcc9)
|
|
this mode improves the response time of winbindd by having a
background process update the cache while the forground process
responds to queries from cache.
You can enable this mode using the -B command line option. It is quite
experimental, which is why it is not the default.
(This used to be commit c0feff97eefdf5a70e5973e247b395dbdf5d2ef2)
|