Age | Commit message (Collapse) | Author | Files | Lines |
|
(Sorry - I should have checked this in yesterday but forgot)
(This used to be commit 7420ddcda8e7189cedacb2c60f5ea265b8c35bda)
|
|
of the SWAT code, and adding a base64 encoder.
The main purpose of this patch is to add NTLMSSP support to 'ntlm_auth', for
use with Squid. Unfortunetly the squid side doesn't quite support what we need
yet.
Changes to winbind to get us the info we need, and a couple of consequential
changes/cleanups in the rest of the code.
Andrew Bartlett
(This used to be commit fe50ca8f54ded2e119bde08831785fbe0db2ee99)
|
|
simpler as the rescanning of trusted domains helps us out a bit.
(This used to be commit 089729c02cb2088e85f0e7f8ec79afb58fe98be7)
|
|
(This used to be commit 4c48c475a28450ad4fd8dcc8263e841c0c39a80e)
|
|
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
(This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
|
|
named. Ensure we can query them.
Jeremy.
(This used to be commit 842e08e52a665ae678eea239759bb2de1a0d7b33)
|
|
can't create the socket.
Andrew Bartlett
(This used to be commit 13b9af53bff8e42126a38f93c3bdd5b4d9b20aba)
|
|
variable hack, the feild on the pipe, and the server-side.
It only controlled some enum operations in any case.
This is to try and have less 'magic' environment variables.
Andrew Bartlett
(This used to be commit e4be82e4e2c7cdf15f3e20f73fe9f281f6384423)
|
|
cache code.
This uses gencache, mimir's new caching code that stores at text-based cache
of various data.
Mimir has done a *lot* of work on this patch, and it is finally time to
get it in CVS.
Andrew Bartlett
(This used to be commit 47f3bfe9564e7f3aff60cefaefd599e0abb30a31)
|
|
before reading smb.conf parameters, not after.
(This used to be commit 2beebe252f8fc76366d38024b0578f83d8542d1d)
|
|
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
|
|
append writes.
(blessed by jra)
Andrew Bartlett
(This used to be commit 81633064dd196c40541ecece8def51745f514646)
|
|
the holding pattern when started up when security = user or security = ads.
Clean up return value of winbindd_common_init() - what a mess!
(This used to be commit 8a6d37752182e0de7fd04b2c31f90e145dde783b)
|
|
- move winbindd client handling into accessor functions in
winbindd_util.c
- move some winbindd socket routines into accessor functions in
winbindd_utils.c
(The deadlock situation mentioned in the appliance branch is probably
not applicable since we don't clear the connection cache on SIGHUP.
Perhaps we should?)
(This used to be commit 846b5494942c73e68616e7eae0d2fd5ae4b2bc05)
|
|
transitive trusts, and trusts that are added while winbindd is running
- removed an unnecessary call to time()
(This used to be commit 14489ff30bb9eca2c55d36a69c0b45a2db339061)
|
|
Jeremy.
(This used to be commit 042890056d5d4128eaaca346e7898ccda860dbe2)
|
|
pidfile before doing secrets_init().
Jeremy.
(This used to be commit f8a0e6ad8b25d405ff2bcb492974d2f0bef81036)
|
|
This allows external programs to correctly synchronise with us.
Jeremy.
(This used to be commit ffb7632d05191342ecfc5f78fbfd7beacfe257ad)
|
|
(This used to be commit e63afabf98350353fac79ffc2ae2ddf88d61260f)
|
|
(This used to be commit 86433a3492a3b70a051257940ae28ada8788a650)
|
|
Tridge suggested a generic caching mechanism for Samba to avoid the
proliferation of little cache files hanging around limpet like in the
locks directory. Someone should probably implement this at some
stage.
(This used to be commit dad31483b3bd1790356ef1e40ac62624a403bce8)
|
|
This updates the 'winbind' authentication module and winbind's 'PAM' (actually
netlogon) code to allow smbd to cache connections to the DC.
This is particulary relevent when we need mutex locks already - there is no
parallelism to be gained anyway.
The winbind code authenticates the user, and if successful, passes back the
'info3' struct describing the user. smbd then interprets that in exactly the
same way as an 'ntdomain' logon.
Also, add parinoia to winbind about null termination.
Andrew Bartlett
(This used to be commit 167f122b670d4ef67d78e6f79a2bae3f6e8d67df)
|
|
(This used to be commit 897cc4a610932e596f8a9807213166e380ef0203)
|
|
a getgr*() function that lists groups without numerating all the
group members. Instead of definiing a new nss method (which might
cause problems) I added an environment variable WINBIND_GETGRLST
that tells winbind not to fill in the group members in a gergrent()
request. This can speed up group listing by a factor of 20 or more
(on my test system with 50000 groups it reduces the time from an hour
to 2 minutes)
(This used to be commit e3f73256d31ab9914daae49f41e984a534996870)
|
|
Jeremy.
(This used to be commit 2c1e78702423ba17993975eb7f158058cc7f229f)
|
|
(This used to be commit 1c3c0d7cb64caa6be7ee6d786fe400a1d6944a72)
|
|
prototype
(This used to be commit fdfde9b84cf825d84316344fea5af43a9b8ebcc9)
|
|
this mode improves the response time of winbindd by having a
background process update the cache while the forground process
responds to queries from cache.
You can enable this mode using the -B command line option. It is quite
experimental, which is why it is not the default.
(This used to be commit c0feff97eefdf5a70e5973e247b395dbdf5d2ef2)
|
|
Jeremy.
(This used to be commit a9895fcb30cdcb572cd254b0d370d79f95c7214d)
|
|
Added time based cache size check (#ifdef'ed out by default, just didn't
want to lose the code).
Jeremy.
(This used to be commit b2350ed36c42827c417ea4a3dd0668a4a631a090)
|
|
(This used to be commit 205399dc17e464360b0152538329b9e111b0e7f4)
|
|
(This used to be commit f1cb5ff6c41cabc02da84d56c1a6d95fa434d484)
|
|
ping, debug and pool-usage messages.
(This used to be commit 144f0481c8b05956bdc96461a82d530fa85e3c72)
|
|
(This used to be commit d6a4a10f58accd6ad158ba60eb1508f00c9a4dd3)
|
|
Jeremy.
(This used to be commit cad82926a8baf7605cef81f0e0d4daa8e527e6ee)
|
|
(This used to be commit e84c7400175c86c4c79922182115ea1f0948186c)
|
|
processing work correctly in winbindd. This is a really good patch
that gives full select semantics to the Samba modified select.
Jeremy.
(This used to be commit 3af16ade173cac24c1ac5eff4a36b439f16ac036)
|
|
(This used to be commit bcd234a3dad2cd3d1c57780f4a7a3833ea611764)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
the sid->uid and uid->sid conversions.
Remove some duplicate arguments from these funcitons, and update the
request/response structures for this and the 'winbind domain name' feature.
As such 'winbindd_lookup_name' now takes both a domain and username.
(This used to be commit ce1b4d4c309e4a60bec5a53224585bd504264672)
|
|
(This used to be commit fa05a7de6d2311293242825dc98596d8e42c6249)
|
|
Jeremy.
(This used to be commit 1bd96b3094b530c3426b22b6f891c7fc055e7033)
|
|
to move this from being a static to matching its mate in lib/util_sock.c.
In any case, this should discorage anybody from using the 'wrong' version of
this function. (ie the one from TNG, which needs a bit more error checking
depending on use).
Andrew Bartlett
(This used to be commit e6a3a01f795a85d908180ff19469ce09a2803512)
|
|
This work was sponsored by Optifacio Software Services, Inc.
Andrew Bartlett
(various e-mails announcements merged into some form of commit message below:)
This patch which adds basics of universal groups support
into Samba 3. Currently, only Winbind with RPC calls supports this, ADS
support requires additional (possibly huge) work on KRB5 PAC. However,
basic infrastructure is here.
This patch adds:
1. Storing of universal groups for particular user logged into Samba
software (smbd/ two winbind-pam methods) into netlogon_unigrp.tdb as array
of uint32 supplemental group rids keyed as DOMAIN_SID/USER_RID in tdb.
2. Fetching of unversal groups for given user rid and domain sid from
netlogon_unigrp.tdb.
Since this is used in both smbd and winbindd, main code is in
source/lib/netlogon_uingrp.c. Dependencies are added to AUTH_OBJ as
UNIGRP_OBJ and WINBINDD_OBJ as UNIGRP_OBJ.
This patch has had a few versions, the final version in particular:
Many thanks to Andrew Bartlett for critics and comments, and partly
rewritten code.
New:
- updated fetching code to changed byte order macros
- moved functions to proper namespace
- optimized memory usage by reusing caller's memory context
- enhanced code to more follow Samba coding rules
Todo:
- proper universal group expiration after timeout
(This used to be commit 80c2aefbe7c1aa363dd286a47d50c5d8b4595f43)
|
|
the list received at startup or we get an out of date list. I thought
there might be some sequence number that is incremented when a trusted
domain is added or removed - perhaps there is but I just haven't found it
yet.
- Renamed get_domain_info() to init_domain_list()
- Made an accessor function to return the list of trusted domains rather
than using a global so we don't have to remember to put a magic init
function
- The getent state can not keep a pointer to a winbind_domain structure as
it may be freed if init_domain_list() is called again so we keep the
domain name instead
(This used to be commit 37216c649a394b449eaaaa6644709eafb3bf37ff)
|
|
swedish" test to client calls. This is putting a length field at the
start of a request so we can disconnect clients talking with an out of date
libnss_winbind.so rather than deadlock them.
Misc cleanups:
- made some int values uint32
- moved WINBIND_INTERFACE_VERSION to start of cmd list
(This used to be commit a4af65b9b93671f13f277d49279a85042a8fd1d5)
|
|
smb.conf to get it right.
While wb_client needs its lp_load() for samba dependency reasons, it now uses
the new method both to example and test the new code.
Also add an interface version function, and return the winbind's samba version
string.
In preperation for default domains, its now up to winbindd to reject plaintext
auths that don't have a seperator, but NTLM (CRAP) auths now have two feilds,
hence need parsing.
Andrew Bartlett
(This used to be commit 2bd2a092ee3d49a74d896385688d7c7256aa297e)
|
|
It adds a 'ping' request, just to check winbind is in fact alive
It also changes winbindd_pam_auth_crap to take usernames and domain seperatly.
(backward incompatible change, needs merge to 2.2, but this is not yet released
code, so no workarounds)
Finally, it adds some debugs and fixes a few memory leaks (uses talloc to do
it).
Andrew Bartlett
(This used to be commit 6df29bfe335144a968f5367f624ef2b4cf9e69b0)
|
|
when they are added or removed on the PDC.
- renamed GETPWNAM_FROM_{UID,USER} constants and functions to GETPW{NAM,UID}
- renamed GETGRNAM_FROM_{GID,GROUP} constants and functions to GETGR{NAM,GID}
- use SIGUSR2 in winbindd for debugging/logging instead of SIGUSR1 in
preparation for moving to smbcontrol type messages (not sure whether to
ditch this altogether or not)
- tidy debugging messages in top level winbind user and group routines
- convert talloc_init() to talloc_init_named()
- make enumerations of the domain list use the same local variable names
(This used to be commit eeb8af9c1a66bfcd80823d7b406acbab79857a16)
|
|
signal management.
Jeremy.
(This used to be commit fffae94dd5699f44c0b1c8081587deafd89b3fc0)
|