summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_ads.c
AgeCommit message (Collapse)AuthorFilesLines
2003-06-23* set domain->last_status = NT_STATUS_SERVER_DISABLED on an ads_connect() ↵Gerald Carter1-14/+63
failure * Fix code to use winbind_rpc methods for trusted mixed mode or NT4 domains ( does no one ever test this? ) * add in LDAP code to get the sequence number for rpc based seqnum update. ( this is needed if the DC is upgraded and samba is not reconfigured to use security = ads; it's not pretty but it works (from app_head) ) * fix bug that caused us to enumerate domain local groups in domains other than our own (This used to be commit 14f2cd139a22454571cea8475d3b7c5c2787d378)
2003-06-10- fixed the bug that forced us not to use the winbindd cache when weAndrew Tridgell1-2/+6
have a primary ADS domain and a secondary (trusted) NT4 domain. This caused winbindd to be *really* slow for that setup. - fixed winbindd_getgrgid(), which was calling uid_to_sid instead of gid_to_sid(). When you make changes to winbind *PLEASE* test using nsstest. (This used to be commit cdd9b60a078b63e22f543d4c8d0956ff536f4d89)
2003-06-10More instrumentation for winbindd.Jeremy Allison1-0/+14
Jeremy. (This used to be commit 4161a122b74b75b0ed1758e3491e69bb9f1e8390)
2003-04-23Merge HEAD's winbind into 3.0.Andrew Bartlett1-72/+190
This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code, the winbind_idmap abstraction (not idmap proper, but the stuff that held up the winbind LDAP backend in HEAD). Andrew Bartlett (This used to be commit d4d5e6c2ee6383c6cceb5d449aa2ba6c83eb0666)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett1-1/+1
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-02-24Merge from HEAD client-side authentication changes:Andrew Bartlett1-1/+0
- new kerberos code, allowing the account to change it's own password without special SD settings required - NTLMSSP client code, now seperated from cliconnect.c - NTLMv2 client code - SMB signing fixes Andrew Bartlett (This used to be commit 837680ca517982f2e5944730581a83012d4181ae)
2003-02-19Merge some random looking setenv related kerberos stuff that makesTim Potter1-4/+9
winbindd build again. (This used to be commit c4f46890fe7f0dc16520cd5ed0fd06dcd7682703)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison1-1/+1
named. Ensure we can query them. Jeremy. (This used to be commit 09a218a9f6fb0bd922940467bf8500eb4f1bcf84)
2002-11-15enable enumeration of domain local groups using LDAP (and in a native mode ↵Gerald Carter1-5/+30
domain) (This used to be commit ff4b2411d146b72f5f578b2e78701f125fec8f08)
2002-10-18NULL enum_local_groups for ads winbindd (temporary workaround).Gerald Carter1-0/+1
(This used to be commit 5a2f1edb5848dc054cfaa71b0fb3b473ad930b7d)
2002-10-01syncing up with HEAD. Seems to be a lot of differences creeping inGerald Carter1-186/+11
(i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-4/+4
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-70/+49
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-50/+133
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-04-11possibly fix the 15000 user problemAndrew Tridgell1-6/+6
I think its caused by a rpc operation failing and us giving invalid data back to the cache layer. Using talloc_zero() should solve this. (This used to be commit dfa990170bb9a665ba48443258e2a87f50baa75c)
2002-03-21fixed the secondary group mappings for ADS usersAndrew Tridgell1-8/+56
(This used to be commit be399f5823bb8dfe6cc28d58aaeceb51f1b7382b)
2002-03-19updated winbindd to used paged ldap searches for all ldap queriesAndrew Tridgell1-1/+1
(This used to be commit 41e1560798b7eb19575b0d97a5e489eb170bcfd5)
2002-03-12fixed 2 reconnection bugs in the ADS backend supportAndrew Tridgell1-7/+11
(This used to be commit 1aaa2091d54e7e50cf75927d658e57776792d6ae)
2002-03-09better detection of dead ADS connections, so we have some chance ofAndrew Tridgell1-0/+6
reconnecting (This used to be commit 58b79c0dc882fa402423e44a594e30c27177f490)
2002-01-30Removed version number from file header.Tim Potter1-1/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-20This patch makes the 'winbind use default domain' code interact better withAndrew Bartlett1-10/+2
smbd, and also makes it much cleaner inside winbindd. It is mostly my code, with a few changes and testing performed by Alexander Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and security=ads, but more testing is always appricatiated. The idea is that we no longer cart around a 'domain\user' string, we keep them seperate until the last moment - when we push that string into a pwent on onto the socket. This removes the need to be constantly parsing that string - the domain prefix is almost always already provided, (only a couple of functions actually changed arguments in all this). Some consequential changes to the RPC client code, to stop it concatonating the two strings (it now passes them both back as params). I havn't changed the cache code, however the usernames will no longer have a double domain prefix in the key string. The actual structures are unchanged - but the meaning of 'username' in the 'rid' will have changed. (The cache is invalidated at startup, so on-disk formats are not an issue here). Andrew Bartlett (This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
2001-12-20added ads_domain_sid() functionAndrew Tridgell1-15/+5
(This used to be commit ff002a458afa6ca378f0c6d2ec9fb74233c839a7)
2001-12-19use "ads server" option if set for primary domainAndrew Tridgell1-4/+10
(This used to be commit 1bf5c1a46f4c3f44054ce8fcbc551cdb72683f2b)
2001-12-19add support for mixtures of ADS/NT4 domains, as long as the primaryAndrew Tridgell1-0/+9
domain is ADS (This used to be commit e97b40e09427c2c5f0a497f9432af08d6d6762f2)
2001-12-19much better ADS error handling systemAndrew Tridgell1-63/+59
(This used to be commit 05a90a28843e0d69183a49a76617c5f32817df16)
2001-12-19added trusted realm support to ADS authenticationAndrew Tridgell1-0/+2
the method used for checking if a domain is a trusted domain is very crude, we should really call a backend fn of some sort. For now I'm using winbindd to do the dirty work. (This used to be commit adf44a9bd0d997ba4dcfadc564a29149531525af)
2001-12-19- added initial support for trusted domains in winbindd_adsAndrew Tridgell1-10/+47
- gss error code patch from a.bokovoy@sam-solutions.net - better sid dumping in ads_dump - fixed help in wbinfo (This used to be commit ee1c3e1f044b4ef62169ad74c5cac40eef81bfda)
2001-12-11Replace backslash with winbind separator before calling parse_domain_user(). ↵Jim McDonough1-2/+4
Winbind separators other than backslash didn't work. (This used to be commit 6688781331e046adc77783792fc009cda7c8b5b8)
2001-12-11handle systems without setenv()Andrew Tridgell1-1/+1
(This used to be commit 87090652460e57703b40f21e9ed08c18770b61c3)
2001-12-11removed the start_ndx parameter from group enumerationAndrew Tridgell1-7/+1
I tried testing this by lowering the buffer size in cli_samr_enum_dom_groups() but that didn't work - I think this needs more looking into (This used to be commit 34328e30315e4b42087d0ee11ed0c3fb715bc250)
2001-12-11got rid of start_ndx from query_user_list()Andrew Tridgell1-7/+1
(This used to be commit 1c909afe76566807fb576c965eb869f98e72f2bd)
2001-12-10robustness fixes and moved ccache location into winbindd_ads codeAndrew Tridgell1-0/+12
(This used to be commit 24aa09ff3dd128c6f12b4cb072943ff668a29a67)
2001-12-10use objectCategory instead of objectClass for faster searchingAndrew Tridgell1-3/+3
(This used to be commit 4d3b827e5ac1ac20ec31acdc1e2a0264f1c18e43)
2001-12-10winbindd backends can now be marked "consistent" or "inconsistent"Andrew Tridgell1-0/+1
consistent backends (like ADS) always give correct primary group info, so we can play cache tricks to speed things up a lot inconsistent backends (like MSRPC) need to fetch stuff more often (This used to be commit 217c39f23282e20f96a61a0d5a2434b3f5f66a86)
2001-12-10moved the domain sid lookup and enumeration of trusted domains intoAndrew Tridgell1-1/+38
the backends at startup, loop until we get the domain sid for our primary domain, trying every 10 seconds. This makes winbindd handle a room-wide power failure better (This used to be commit 7c60ae59378be1b2af2e57ee3927966a29a797a5)
2001-12-10make sid_binstring available without HAVE_ADSAndrew Tridgell1-4/+4
(This used to be commit 4a6d29768665f71b72cf48ee34ee9a9c451232f6)
2001-12-09completely new winbindd cache infrastructureAndrew Tridgell1-5/+8
this one looks like just another winbind backend, and has the following properties: - does -ve and +ve cacheing of all queries - can be disabled with -n switch to winbindd - stores all records packed, so even huge domains are not a problem for a complete cache - handles the server being down - uses sequence numbers for all entries This fixes a lot of problems with winbindd. Serving from cache is now *very* fast. (This used to be commit fddb4f4c04473a60a97212c0c8e143d6a4d68380)
2001-12-09- use accountype not accountcontrolAndrew Tridgell1-8/+26
- better debug code (This used to be commit 01f63b9c92137e6de906412952c7a2c8da21dfbe)
2001-12-09fixed type passed to ads_searchAndrew Tridgell1-2/+1
(This used to be commit 0ff30848f3ef4f38e9bc80dc96be4f37bb2dcb0e)
2001-12-08added internal sasl/gssapi code. This means we are no longer dependent on ↵Andrew Tridgell1-11/+69
cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm (This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b)
2001-12-05fixed a memory leakAndrew Tridgell1-1/+4
(This used to be commit 45c328800e42ba01c8d6113c0691546804137677)
2001-12-05added a REALLY gross hack into kerberos_kinit_password so thatAndrew Tridgell1-1/+1
winbindd can do a kinit this will be removed once we have code that gets a tgt and puts it in a place where cyrus-sasl can see it (This used to be commit 7d94f1b7365215a020d3678d03d820a7d086174f)
2001-12-05moved the sequence number fetch into the backend, and fetch theAndrew Tridgell1-1/+16
sequence number via ldap when using ads (This used to be commit 9a084f0bb91883224ad44e2b76417d10c15cce42)
2001-12-05don't double free ldap message listsAndrew Tridgell1-3/+0
(This used to be commit f64612b89bae1148d73555cac00f6019a01f9304)
2001-12-05fixed another leak - memory usage now seems to be quite smallAndrew Tridgell1-0/+2
(This used to be commit a45e3968590a021c1b464db5265a09ba48cb5797)
2001-12-05added very basic ads connection cacheingAndrew Tridgell1-84/+45
(This used to be commit 7de670cd15c1a87dd01ab22d74a7e6cbf5ae6673)
2001-12-05plugged most of the memory leaksAndrew Tridgell1-74/+120
(This used to be commit 60b5d4432abd905ee61fe381487ed87139134685)
2001-12-05added the last winbindd/ads backend functionAndrew Tridgell1-1/+66
winbindd is now fully functional with a native mode w2k server now for the memory leaks and speed ... (This used to be commit fad564c177049eb47e5bf48c98b62281c6348ffc)
2001-12-05finally worked out how to do ldap lookups by binary blobs, so I canAndrew Tridgell1-35/+112
now do searches on SID. This allows me to do a true ldap sid_to_name() function one one function to go! (This used to be commit 7d44aa3915bc88fd2b2f8454f190b11677cbb848)
2001-12-05Fixed parse_domain_user to be bool.Jeremy Allison1-2/+4
Jeremy. (This used to be commit 9563de2ef8c1197f4941671d2fdade7d933c32d0)
generated by cgit (git 2.34.1) at 2024-07-20 17:41:03 +0000