summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_cache.c
AgeCommit message (Collapse)AuthorFilesLines
2004-01-14* Revert to using rpc for mixed mode AD domains.Gerald Carter1-3/+9
The reason for this are: (a) the set_dc_type_and_flags() cannot tell the different between connecting to an NT4 domain and an NT4 BDC of a mixed mode domain. (b) the connection management for the rpc backend only provides on named pipe per cli_state. So it is possible to connect to an NT4 BDC for netlogon and an AD mixed mode DC for lsarpc. RPC is the lowest common demonimator here. (c) Issue with the sequence number value between the highestCommittedUSN LDAP attribute and the seq_num returned via RPC. We will revisit this later, but the changes need to make this work right now are too broad and risky. (This used to be commit 1ed2e521536108229d153c2996f4757d89461166)
2004-01-08This merges in my 'always use ADS' patch. Tested on a mix of NT and ADSAndrew Bartlett1-1/+3
domains, this patch ensures that we always use the ADS backend when security=ADS, and the remote server is capable. The routines used for this behaviour have been upgraded to modern Samba codeing standards. This is a change in behaviour for mixed mode domains, and if the trusted domain cannot be reached with our current krb5.conf file, we will show that domain as disconnected. This is in line with existing behaviour for native mode domains, and for our primary domain. As a consequence of testing this patch, I found that our kerberos error handling was well below par - we would often throw away useful error values. These changes move more routines to ADS_STATUS to return kerberos errors. Also found when valgrinding the setup, fix a few memory leaks. While sniffing the resultant connections, I noticed we would query our list of trusted domains twice - so I have reworked some of the code to avoid that. Andrew Bartlett (This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
2004-01-08Move more of winbind to use 'find_our_domain()' rather than the dangerousAndrew Bartlett1-1/+1
find_domain_from_name(lp_workgroup()). (as find_domain_from_name() can change the data in lp_workgroup()) Andrew Bartlett (This used to be commit 2e6eaad9ce6a0ad6923b5952ef6cf1c3688b7cfa)
2004-01-05Add const.Andrew Bartlett1-3/+3
(This used to be commit aacb817e89d17349003159e1b7c28546babc8559)
2003-11-12a small include file rearrangement that doesn't affect normalAndrew Tridgell1-0/+1
compilation, but that allows Samba3 to take advantage of pre-compiled headers in gcc if available. (This used to be commit b3e024ce1da7c7e24fcacd8a2964dd2e4562ba39)
2003-08-15get rid of more compiler warningsHerb Lewis1-4/+4
(This used to be commit 398bd14fc6e2f8ab2f34211270e179b8928a6669)
2003-08-02make sure to initialize the backend methods when enumerating sequence ↵Gerald Carter1-0/+2
numbers; reported by Ken Cross (This used to be commit 10c7a1af67e556c17d4b3495934a2dad19728d77)
2003-07-31working on transtive trusts issue:Gerald Carter1-1/+1
* use DsEnumerateDomainTrusts() instead of LDAP search. wbinfo -m now lists all trusted downlevel domains and all domains in the forest. Thnigs to do: o Look at Krb5 connection trusted domains o make sure to initial the trusted domain cache as soon as possible (This used to be commit 0ab00ccaedf204b39c86a9e1c2fcac5f15d0e033)
2003-07-23convert snprintf() calls using pstrings & fstringsGerald Carter1-2/+2
to pstr_sprintf() and fstr_sprintf() to try to standardize. lots of snprintf() calls were using len-1; some were using len. At least this helps to be consistent. (This used to be commit 9f835b85dd38cbe655eb19021ff763f31886ac00)
2003-07-10i guess i'm the only one this ever annyoed...Gerald Carter1-1/+1
fix the confusion when we tdb_lock_bystring() but we retrieve an entry using tdb_fetch_by_string. It's now always tdb.*bystring() (This used to be commit 66359531b89368939f0e8f584a45844b5f2f99e7)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-2/+2
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-06-24Sequence number was not getting updated with ldap hack. Only a bug in thisJeremy Allison1-1/+1
branch. Jeremy. (This used to be commit 19629b41cb9b5e5f9e0d4a6d52af983a4d05c8cb)
2003-06-23* set domain->last_status = NT_STATUS_SERVER_DISABLED on an ads_connect() ↵Gerald Carter1-7/+13
failure * Fix code to use winbind_rpc methods for trusted mixed mode or NT4 domains ( does no one ever test this? ) * add in LDAP code to get the sequence number for rpc based seqnum update. ( this is needed if the DC is upgraded and samba is not reconfigured to use security = ads; it's not pretty but it works (from app_head) ) * fix bug that caused us to enumerate domain local groups in domains other than our own (This used to be commit 14f2cd139a22454571cea8475d3b7c5c2787d378)
2003-06-21merge of the netsamlogon caching code from APPLIANCE_HEADGerald Carter1-24/+116
This replaces the universal group caching code (was originally based on that code). Only applies to the the RPC code. One comment: domain local groups don't show up in 'getent group' that's easy to fix. Code has been tested against 2k domain but doesn't change anything with respect to NT4 domains. netsamlogon caching works pretty much like the universal group caching code did but has had much more testing and puts winbind mostly back in sync between branches. (This used to be commit aac01dc7bc95c20ee21c93f3581e2375d9a894e1)
2003-06-10Add in rety loop for query_user_list (from APP_HEAD). Deals with a bugJeremy Allison1-5/+25
using MSRPC backend and should be safe with ldap backend. Jeremy. (This used to be commit 67535329a2df8986c2d1d85e25cd5c558ee61405)
2003-06-10- fixed the bug that forced us not to use the winbindd cache when weAndrew Tridgell1-35/+32
have a primary ADS domain and a secondary (trusted) NT4 domain. This caused winbindd to be *really* slow for that setup. - fixed winbindd_getgrgid(), which was calling uid_to_sid instead of gid_to_sid(). When you make changes to winbind *PLEASE* test using nsstest. (This used to be commit cdd9b60a078b63e22f543d4c8d0956ff536f4d89)
2003-06-10Instrument cache with debug statements so I can have a clue as to whatJeremy Allison1-56/+208
is going on in remote large sites. Jeremy. (This used to be commit 5987dad1f1049f08bf4a94929f70b5eac96c7007)
2003-06-03* set winbind cache time to 5 minutesGerald Carter1-9/+87
* quit obsessing over the sequence number so much * share the updated sequence number between parent and child winbindd processes in dual mode (This used to be commit 6f99cafa95b2a9dc98d8272fe6a54e9d37098340)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-1/+6
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-04-23Merge HEAD's winbind into 3.0.Andrew Bartlett1-67/+92
This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code, the winbind_idmap abstraction (not idmap proper, but the stuff that held up the winbind LDAP backend in HEAD). Andrew Bartlett (This used to be commit d4d5e6c2ee6383c6cceb5d449aa2ba6c83eb0666)
2002-10-15Fix spelling of background_process.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 2006e36c18bb2d5e44179829c66934efad38b0c7)
2002-10-08merge from APP_HEAD of winbindd's domain local group fixGerald Carter1-2/+73
(This used to be commit 09c6f6329d6ae9327b7ef06de0ea78d24d805456)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-2/+13
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-15/+40
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-04-04Fix up conversion code from old winbindd versions (some testing needed).Jeremy Allison1-0/+31
Added time based cache size check (#ifdef'ed out by default, just didn't want to lose the code). Jeremy. (This used to be commit b2350ed36c42827c417ea4a3dd0668a4a631a090)
2002-03-15enable locking on the winbindd cache tdb so it can be backed up andAndrew Tridgell1-1/+1
manipulated externally (This used to be commit 1ad1a025b3fe5aeff5adf685f47c9cc05ef80e40)
2002-03-09removed bogus prepend_domain() call which was screwing up getpwuid()Andrew Tridgell1-10/+2
with the new default domain code (This used to be commit 0f75b6bd5b42f745f17e2e6624d5d541a30ee897)
2002-01-30Removed version number from file header.Tim Potter1-1/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-11force the time difference in cache comparisons to be unsigned to copeAndrew Tridgell1-1/+4
with the local machine time changing (This used to be commit 116c0a0e3baa6a100a816f1ff2722782941ac3dc)
2002-01-11make the winbind sequence number code more robustAndrew Tridgell1-1/+1
when switching from rpc to ADS this now should make sense (This used to be commit ec73d26c7f9a2bbd4b91e9c22850e032b91666e2)
2001-12-19- added initial support for trusted domains in winbindd_adsAndrew Tridgell1-4/+22
- gss error code patch from a.bokovoy@sam-solutions.net - better sid dumping in ads_dump - fixed help in wbinfo (This used to be commit ee1c3e1f044b4ef62169ad74c5cac40eef81bfda)
2001-12-11removed the start_ndx parameter from group enumerationAndrew Tridgell1-4/+4
I tried testing this by lowering the buffer size in cli_samr_enum_dom_groups() but that didn't work - I think this needs more looking into (This used to be commit 34328e30315e4b42087d0ee11ed0c3fb715bc250)
2001-12-11got rid of start_ndx from query_user_list()Andrew Tridgell1-4/+4
(This used to be commit 1c909afe76566807fb576c965eb869f98e72f2bd)
2001-12-10winbindd backends can now be marked "consistent" or "inconsistent"Andrew Tridgell1-31/+87
consistent backends (like ADS) always give correct primary group info, so we can play cache tricks to speed things up a lot inconsistent backends (like MSRPC) need to fetch stuff more often (This used to be commit 217c39f23282e20f96a61a0d5a2434b3f5f66a86)
2001-12-10shrank the winbindd_cache.tdb somewhatAndrew Tridgell1-27/+63
on my system it now uses 132k for 308 users (This used to be commit 2b396f9172bb4c2d1d9216d724a1aaab8bb22ba8)
2001-12-10added some commentsAndrew Tridgell1-0/+2
(This used to be commit 34589d5a4786b7e441efecaef0575f9eaa0d7edf)
2001-12-10moved the domain sid lookup and enumeration of trusted domains intoAndrew Tridgell1-1/+24
the backends at startup, loop until we get the domain sid for our primary domain, trying every 10 seconds. This makes winbindd handle a room-wide power failure better (This used to be commit 7c60ae59378be1b2af2e57ee3927966a29a797a5)
2001-12-10make sid_binstring available without HAVE_ADSAndrew Tridgell1-1/+2
(This used to be commit 4a6d29768665f71b72cf48ee34ee9a9c451232f6)
2001-12-10explicitly encode NULL strings in the cacheAndrew Tridgell1-1/+15
(This used to be commit 77c1376456765a7afe90afad96fab819fdcf8af3)
2001-12-10removed a debug lineAndrew Tridgell1-2/+0
(This used to be commit ec4c90fd7f56f8870884e5a27622cae71d154eca)
2001-12-09completely new winbindd cache infrastructureAndrew Tridgell1-449/+548
this one looks like just another winbind backend, and has the following properties: - does -ve and +ve cacheing of all queries - can be disabled with -n switch to winbindd - stores all records packed, so even huge domains are not a problem for a complete cache - handles the server being down - uses sequence numbers for all entries This fixes a lot of problems with winbindd. Serving from cache is now *very* fast. (This used to be commit fddb4f4c04473a60a97212c0c8e143d6a4d68380)
2001-12-05moved the sequence number fetch into the backend, and fetch theAndrew Tridgell1-56/+1
sequence number via ldap when using ads (This used to be commit 9a084f0bb91883224ad44e2b76417d10c15cce42)
2001-12-03added name_to_sid to the backendAndrew Tridgell1-10/+10
(This used to be commit 816e40a51af80a7f703c0451304de406deab3dd8)
2001-11-22Added debugs to track down sequence lookup problems.Jeremy Allison1-4/+10
Jeremy. (This used to be commit d3f5d5a4aca0d5bc8c4db7dfa8b766b7cda808eb)
2001-11-21Preparing to implement +ve and -ve caching for lookupname/lookupsid calls.Jeremy Allison1-128/+189
Jeremy. (This used to be commit 1f6cc536b2db0c36feee45cfd6ac1ad5ee8fb05a)
2001-11-15Caching user, group and domain sam handles was a stupid idea.Tim Potter1-2/+22
Now we just keep a record of the open pipes. (This used to be commit 77c287e9460eed7bde7004c7e6c8cb0099c6ba6f)
2001-11-14Random connection robustness related fixes. Display some debugs aboutTim Potter1-1/+1
the currently open connections when winbindd receives a USR1 signal. Hmm - I've just realised this will conflict with the messaging code but we don't use that yet. (This used to be commit caef54e40081477609a824185949ddf6db6ba363)
2001-10-14Resurrected sam sequence number code.Tim Potter1-117/+175
Pass domain structure around in cache code rather than the domain name. Some misc reformatting to make things look prettier. (This used to be commit 295dd2a5817b5d7c40474b9e460f3515e8c8e449)
2001-10-05This is the start of a bit of a rewrite of winbindd's connection handling.Tim Potter1-0/+29
I've wrapped up all the decisions about managing, making and closing connections into a connection manager in nsswitch/winbindd_cm.c. It's rather incomplete at the moment - only querying basic user info works at the moment (i.e finger -m DOMAIN/user) and everything else is broken. Jeremy, please take a look and I'll start moving across the rest of winbindd to this new system. (This used to be commit c369cf5af787ed9c642778d21f162716fbf0620e)
2001-09-17move to SAFE_FREE()Simo Sorce1-2/+2
(This used to be commit 03dc67788f68c9e01b5a82fdf43f837cb19f4608)