Age | Commit message (Collapse) | Author | Files | Lines |
|
The reason for this are:
(a) the set_dc_type_and_flags() cannot tell the different
between connecting to an NT4 domain and an NT4 BDC
of a mixed mode domain.
(b) the connection management for the rpc backend only
provides on named pipe per cli_state. So it is possible
to connect to an NT4 BDC for netlogon and an AD mixed mode
DC for lsarpc. RPC is the lowest common demonimator here.
(c) Issue with the sequence number value between the
highestCommittedUSN LDAP attribute and the seq_num returned
via RPC.
We will revisit this later, but the changes need to make this
work right now are too broad and risky.
(This used to be commit 86f24908c395cc832ae87b04c9da3d32449acad3)
|
|
(This used to be commit c98399e3c9d74e19b7c9d806ca8028b48866931e)
|
|
Changes include:
- header changes for better pre-compiled headers (tridge)
- get a list of sids for a given user (tridge)
- fix function prototype
and a few other minor things
Andrew Bartlett
(This used to be commit 60107efdc61247034424d008c6f1eb4d46a19881)
|
|
Add const.
Andrew Bartlett
(This used to be commit b08502a8fb1083cc49fd2976880b7bef3f14a72a)
|
|
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
|
|
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
|
|
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE
(This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
|
|
* quit obsessing over the sequence number so much
* share the updated sequence number between parent
and child winbindd processes in dual mode
(This used to be commit 6fb5bdb30e2b1341ba600ce0dfd397394f7a831c)
|
|
add winbindd_passdb backend
this makes it possible to have nua accounts on security = user servers to
show up in unic through nss_winbind.so
the problem is that we do not have group support, so nss group support is
not very good at this time (read: totally absent)
we NEED group support in passdb
(This used to be commit 921215cf4bfbd4d7457f81e181bb1a74a4531ca1)
|
|
(This used to be commit 32d1dd19bb0b6abc6508ce65d5129acea79225bf)
|
|
Now we deal with SIDs in almost all of winbind (a couple of limited exceptions
remain, but I'm looking into them - they use non-winbind structs ATM).
This has particular benifits in returning out-of-domain SIDs for group
membership (Need to look into this a bit more) as well as general code quality.
This also removes much of the complexity from the idmap interface, which now
only deals with mapping IDs, not with SID->domain translations.
Breifly tested, but needs more. Fixes some valgrind-found bugs from my
previous commit.
Winbind cache chagned to using SID strings in some places, as I could not
follow exactly how to save and restore multiple packed sids properly.
Andrew Bartlett
(This used to be commit 9247cf08c40f016a924d600ac906cfc6a7016777)
|
|
Jeremy.
(This used to be commit 94fc0ea9f99bc73486ef374a84d2c20ce895ee14)
|
|
* s/driverlocation/comment
* detect native mode domain and enumerate local groups
Also
* Added sendfile stats from SAMBA_2_2
(This used to be commit 764b58e2c0b3179cffe157c0ab58761b156b8423)
|
|
setups.
- split up the ads structure into logical pieces. This makes it much
easier to keep things like the authentication realm and the server
realm separate (they can be different).
- allow ads callers to specify that no sasl bind should be performed
(used by "net ads info" for example)
- fix an error with handing ADS_ERROR_SYSTEM() when errno is 0
- completely rewrote the code for finding the LDAP server. Now try DNS
methods first, and try all DNS servers returned from the SRV DNS
query, sorted by closeness to our interfaces (using the same sort code
as we use in replies from WINS servers). This allows us to cope with
ADS DCs that are down, and ensures we don't pick one that is on the
other side of the country unless absolutely necessary.
- recognise dnsRecords as binary when displaying them
- cope with the realm not being configured in smb.conf (work it out
from the LDAP server)
- look at the trustDirection when looking up trusted domains and don't
include trusts that trust our domains but we don't trust
theirs.
- use LDAP to query the alternate (netbios) name for a realm, and make
sure that both and long and short forms of the name are accepted by
winbindd. Use the short form by default for listing users/groups.
- rescan the list of trusted domains every 5 minutes in case new trust
relationships are added while winbindd is running
- include transient trust relationships (ie. C trusts B, B trusts A,
so C trusts A) in winbindd.
- don't do a gratuituous node status lookup when finding an ADS DC (we
don't need it and it could fail)
- remove unused sid_to_distinguished_name function
- make sure we find the allternate name of our primary domain when
operating with a netbiosless ADS DC (using LDAP to do the lookup)
- fixed the rpc trusted domain enumeration to support up to approx
2000 trusted domains (the old limit was 3)
- use the IP for the remote_machine (%m) macro when the client doesn't
supply us with a name via a netbios session request (eg. port 445)
- if the client uses SPNEGO then use the machine name from the SPNEGO
auth packet for remote_machine (%m) macro
- add new 'net ads workgroup' command to find the netbios workgroup
name for a realm
(This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
|
|
(This used to be commit 897e64d2e0c1d04ab93441ccaffe369bf43be46e)
|
|
to using SIDs instead of RIDs.
The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument.
The idea here is to prevent mistakes where the SID is implict, but isn't
the same one that we have in the struct.
Andrew Bartlett
(This used to be commit 04f9a8ff4c7982f6597c0f6748f85d66d4784901)
|
|
consistent with other keys.
(This used to be commit 1e5bdf974fb1e64b5f5b82e0e24eb97aeb229584)
|
|
whatever case the request was made in. This gets rid of duplicate
cache entries.
Also when doing a sid to name, prime the cache with the name to sid
mapping result. We can't do the reverse as we don't know the correct
case of the name to store in the cache.
(This used to be commit f268b0d5fb811b364578b11a66ca69973717eea8)
|
|
(This used to be commit 25554b46ded273e8f4070f14661b691ccc9ddd17)
|
|
this mode improves the response time of winbindd by having a
background process update the cache while the forground process
responds to queries from cache.
You can enable this mode using the -B command line option. It is quite
experimental, which is why it is not the default.
(This used to be commit c0feff97eefdf5a70e5973e247b395dbdf5d2ef2)
|
|
Added time based cache size check (#ifdef'ed out by default, just didn't
want to lose the code).
Jeremy.
(This used to be commit b2350ed36c42827c417ea4a3dd0668a4a631a090)
|
|
manipulated externally
(This used to be commit 1ad1a025b3fe5aeff5adf685f47c9cc05ef80e40)
|
|
with the new default domain code
(This used to be commit 0f75b6bd5b42f745f17e2e6624d5d541a30ee897)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
with the local machine time changing
(This used to be commit 116c0a0e3baa6a100a816f1ff2722782941ac3dc)
|
|
when switching from rpc to ADS this now should make sense
(This used to be commit ec73d26c7f9a2bbd4b91e9c22850e032b91666e2)
|
|
- gss error code patch from a.bokovoy@sam-solutions.net
- better sid dumping in ads_dump
- fixed help in wbinfo
(This used to be commit ee1c3e1f044b4ef62169ad74c5cac40eef81bfda)
|
|
I tried testing this by lowering the buffer size in
cli_samr_enum_dom_groups() but that didn't work - I think this needs
more looking into
(This used to be commit 34328e30315e4b42087d0ee11ed0c3fb715bc250)
|
|
(This used to be commit 1c909afe76566807fb576c965eb869f98e72f2bd)
|
|
consistent backends (like ADS) always give correct primary group
info, so we can play cache tricks to speed things up a lot
inconsistent backends (like MSRPC) need to fetch stuff more often
(This used to be commit 217c39f23282e20f96a61a0d5a2434b3f5f66a86)
|
|
on my system it now uses 132k for 308 users
(This used to be commit 2b396f9172bb4c2d1d9216d724a1aaab8bb22ba8)
|
|
(This used to be commit 34589d5a4786b7e441efecaef0575f9eaa0d7edf)
|
|
the backends
at startup, loop until we get the domain sid for our primary domain,
trying every 10 seconds. This makes winbindd handle a room-wide power
failure better
(This used to be commit 7c60ae59378be1b2af2e57ee3927966a29a797a5)
|
|
(This used to be commit 4a6d29768665f71b72cf48ee34ee9a9c451232f6)
|
|
(This used to be commit 77c1376456765a7afe90afad96fab819fdcf8af3)
|
|
(This used to be commit ec4c90fd7f56f8870884e5a27622cae71d154eca)
|
|
this one looks like just another winbind backend, and has the
following properties:
- does -ve and +ve cacheing of all queries
- can be disabled with -n switch to winbindd
- stores all records packed, so even huge domains are not a problem
for a complete cache
- handles the server being down
- uses sequence numbers for all entries
This fixes a lot of problems with winbindd. Serving from cache is now
*very* fast.
(This used to be commit fddb4f4c04473a60a97212c0c8e143d6a4d68380)
|
|
sequence number via ldap when using ads
(This used to be commit 9a084f0bb91883224ad44e2b76417d10c15cce42)
|
|
(This used to be commit 816e40a51af80a7f703c0451304de406deab3dd8)
|
|
Jeremy.
(This used to be commit d3f5d5a4aca0d5bc8c4db7dfa8b766b7cda808eb)
|
|
Jeremy.
(This used to be commit 1f6cc536b2db0c36feee45cfd6ac1ad5ee8fb05a)
|
|
Now we just keep a record of the open pipes.
(This used to be commit 77c287e9460eed7bde7004c7e6c8cb0099c6ba6f)
|
|
the currently open connections when winbindd receives a USR1 signal.
Hmm - I've just realised this will conflict with the messaging code
but we don't use that yet.
(This used to be commit caef54e40081477609a824185949ddf6db6ba363)
|
|
Pass domain structure around in cache code rather than the domain name.
Some misc reformatting to make things look prettier.
(This used to be commit 295dd2a5817b5d7c40474b9e460f3515e8c8e449)
|
|
I've wrapped up all the decisions about managing, making and closing
connections into a connection manager in nsswitch/winbindd_cm.c.
It's rather incomplete at the moment - only querying basic user info works
at the moment (i.e finger -m DOMAIN/user) and everything else is broken.
Jeremy, please take a look and I'll start moving across the rest of
winbindd to this new system.
(This used to be commit c369cf5af787ed9c642778d21f162716fbf0620e)
|
|
(This used to be commit 03dc67788f68c9e01b5a82fdf43f837cb19f4608)
|
|
(This used to be commit 8ec9c87b5d1a7dae17d5b1a30f58effaf5e69e4b)
|
|
but I haven't actually run it yet so it probably doesn't work. (-:
(This used to be commit 59f95416b66db6df05289bde224de29c721978e5)
|
|
Jeremy.
(This used to be commit 94747b4639ed9b19f7d0fb896e43aa392a84989a)
|
|
testsuite/printing/psec.c
- Use lock directory from smb.conf parameter when peeking at the
ntdrivers.tdb file.
source/rpc_parse/parse_sec.c
- fix typo in debug message
source/script/installbin.sh
- create private directory as part of 'make install'.
source/nsswitch/winbindd_cache.c
source/nsswitch/winbindd_idmap.c
source/passdb/secrets.c
source/smbd/connection.c
- always convert tdb key to unix code-page when generating.
source/printing/nt_printing.c
- always convert tdb key to unix code-page when generating.
- don't prepend path to a filename that is NULL in
add_a_printer_driver_3().
source/rpc_server/srv_spoolss_nt.c
- always convert tdb key to unix code-page when generating.
- don't prepend server name to a path/filename that is NULL in the
fill_printer_driver_info functions.
source/printing/printing.c
- always convert tdb key to unix code-page when generating.
- move access check for print_queue_purge() outside of job delete
loop.
source/smbd/unix_acls.c
- fix for setting ACLs (this got missed earlier)
source/lib/messages.c
- trivial sync with appliance_head
(This used to be commit 376601d17d53ef7bfaafa576bd770e554516e808)
|