summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_cache.c
AgeCommit message (Collapse)AuthorFilesLines
2004-01-14* Revert to using rpc for mixed mode AD domains.Gerald Carter1-3/+9
The reason for this are: (a) the set_dc_type_and_flags() cannot tell the different between connecting to an NT4 domain and an NT4 BDC of a mixed mode domain. (b) the connection management for the rpc backend only provides on named pipe per cli_state. So it is possible to connect to an NT4 BDC for netlogon and an AD mixed mode DC for lsarpc. RPC is the lowest common demonimator here. (c) Issue with the sequence number value between the highestCommittedUSN LDAP attribute and the seq_num returned via RPC. We will revisit this later, but the changes need to make this work right now are too broad and risky. (This used to be commit 86f24908c395cc832ae87b04c9da3d32449acad3)
2004-01-13sync HEAD with recent changes in 3.0Gerald Carter1-2/+4
(This used to be commit c98399e3c9d74e19b7c9d806ca8028b48866931e)
2004-01-06Merge winbind from Samba 3.0 onto HEAD.Andrew Bartlett1-0/+1
Changes include: - header changes for better pre-compiled headers (tridge) - get a list of sids for a given user (tridge) - fix function prototype and a few other minor things Andrew Bartlett (This used to be commit 60107efdc61247034424d008c6f1eb4d46a19881)
2004-01-06(merge from 3.0)Andrew Bartlett1-3/+3
Add const. Andrew Bartlett (This used to be commit b08502a8fb1083cc49fd2976880b7bef3f14a72a)
2003-09-09sync 3.0 into HEAD for the last timeGerald Carter1-4/+4
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
2003-08-02port latest changes from SAMBA_3_0 treeSimo Sorce1-3/+5
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
2003-07-16trying to get HEAD building again. If you want the codeGerald Carter1-123/+390
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE (This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
2003-06-03* set winbind cache time to 5 minutesGerald Carter1-9/+87
* quit obsessing over the sequence number so much * share the updated sequence number between parent and child winbindd processes in dual mode (This used to be commit 6fb5bdb30e2b1341ba600ce0dfd397394f7a831c)
2003-05-03fixes to *_util.c filesSimo Sorce1-1/+6
add winbindd_passdb backend this makes it possible to have nua accounts on security = user servers to show up in unic through nss_winbind.so the problem is that we do not have group support, so nss group support is not very good at this time (read: totally absent) we NEED group support in passdb (This used to be commit 921215cf4bfbd4d7457f81e181bb1a74a4531ca1)
2003-04-04Removed unused variables.Tim Potter1-2/+0
(This used to be commit 32d1dd19bb0b6abc6508ce65d5129acea79225bf)
2003-02-26Kill RID-only and domain+RID madness from winbind.Andrew Bartlett1-66/+93
Now we deal with SIDs in almost all of winbind (a couple of limited exceptions remain, but I'm looking into them - they use non-winbind structs ATM). This has particular benifits in returning out-of-domain SIDs for group membership (Need to look into this a bit more) as well as general code quality. This also removes much of the complexity from the idmap interface, which now only deals with mapping IDs, not with SID->domain translations. Breifly tested, but needs more. Fixes some valgrind-found bugs from my previous commit. Winbind cache chagned to using SID strings in some places, as I could not follow exactly how to save and restore multiple packed sids properly. Andrew Bartlett (This used to be commit 9247cf08c40f016a924d600ac906cfc6a7016777)
2002-10-15Fix spelling of background_process.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 94fc0ea9f99bc73486ef374a84d2c20ce895ee14)
2002-10-08merge from APP_HEADGerald Carter1-2/+73
* s/driverlocation/comment * detect native mode domain and enumerate local groups Also * Added sendfile stats from SAMBA_2_2 (This used to be commit 764b58e2c0b3179cffe157c0ab58761b156b8423)
2002-08-05This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell1-2/+13
setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
2002-06-18more debug classess activatedSimo Sorce1-0/+3
(This used to be commit 897e64d2e0c1d04ab93441ccaffe369bf43be46e)
2002-06-13Latest patch from metze <metze@metzemix.de> to move most of samba acrossAndrew Bartlett1-1/+2
to using SIDs instead of RIDs. The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument. The idea here is to prevent mistakes where the SID is implict, but isn't the same one that we have in the struct. Andrew Bartlett (This used to be commit 04f9a8ff4c7982f6597c0f6748f85d66d4784901)
2002-06-05Store cache entry keys that have RID values in decimal to beTim Potter1-6/+6
consistent with other keys. (This used to be commit 1e5bdf974fb1e64b5f5b82e0e24eb97aeb229584)
2002-06-04Store the key for a name to sid cache entry in upper case rather thanTim Potter1-4/+12
whatever case the request was made in. This gets rid of duplicate cache entries. Also when doing a sid to name, prime the cache with the name to sid mapping result. We can't do the reverse as we don't know the correct case of the name to store in the cache. (This used to be commit f268b0d5fb811b364578b11a66ca69973717eea8)
2002-06-04Fixed some formatting.Tim Potter1-3/+4
(This used to be commit 25554b46ded273e8f4070f14661b691ccc9ddd17)
2002-04-24a new "dual daemon" operating mode for winbinddAndrew Tridgell1-2/+14
this mode improves the response time of winbindd by having a background process update the cache while the forground process responds to queries from cache. You can enable this mode using the -B command line option. It is quite experimental, which is why it is not the default. (This used to be commit c0feff97eefdf5a70e5973e247b395dbdf5d2ef2)
2002-04-04Fix up conversion code from old winbindd versions (some testing needed).Jeremy Allison1-0/+31
Added time based cache size check (#ifdef'ed out by default, just didn't want to lose the code). Jeremy. (This used to be commit b2350ed36c42827c417ea4a3dd0668a4a631a090)
2002-03-15enable locking on the winbindd cache tdb so it can be backed up andAndrew Tridgell1-1/+1
manipulated externally (This used to be commit 1ad1a025b3fe5aeff5adf685f47c9cc05ef80e40)
2002-03-09removed bogus prepend_domain() call which was screwing up getpwuid()Andrew Tridgell1-10/+2
with the new default domain code (This used to be commit 0f75b6bd5b42f745f17e2e6624d5d541a30ee897)
2002-01-30Removed version number from file header.Tim Potter1-1/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-11force the time difference in cache comparisons to be unsigned to copeAndrew Tridgell1-1/+4
with the local machine time changing (This used to be commit 116c0a0e3baa6a100a816f1ff2722782941ac3dc)
2002-01-11make the winbind sequence number code more robustAndrew Tridgell1-1/+1
when switching from rpc to ADS this now should make sense (This used to be commit ec73d26c7f9a2bbd4b91e9c22850e032b91666e2)
2001-12-19- added initial support for trusted domains in winbindd_adsAndrew Tridgell1-4/+22
- gss error code patch from a.bokovoy@sam-solutions.net - better sid dumping in ads_dump - fixed help in wbinfo (This used to be commit ee1c3e1f044b4ef62169ad74c5cac40eef81bfda)
2001-12-11removed the start_ndx parameter from group enumerationAndrew Tridgell1-4/+4
I tried testing this by lowering the buffer size in cli_samr_enum_dom_groups() but that didn't work - I think this needs more looking into (This used to be commit 34328e30315e4b42087d0ee11ed0c3fb715bc250)
2001-12-11got rid of start_ndx from query_user_list()Andrew Tridgell1-4/+4
(This used to be commit 1c909afe76566807fb576c965eb869f98e72f2bd)
2001-12-10winbindd backends can now be marked "consistent" or "inconsistent"Andrew Tridgell1-31/+87
consistent backends (like ADS) always give correct primary group info, so we can play cache tricks to speed things up a lot inconsistent backends (like MSRPC) need to fetch stuff more often (This used to be commit 217c39f23282e20f96a61a0d5a2434b3f5f66a86)
2001-12-10shrank the winbindd_cache.tdb somewhatAndrew Tridgell1-27/+63
on my system it now uses 132k for 308 users (This used to be commit 2b396f9172bb4c2d1d9216d724a1aaab8bb22ba8)
2001-12-10added some commentsAndrew Tridgell1-0/+2
(This used to be commit 34589d5a4786b7e441efecaef0575f9eaa0d7edf)
2001-12-10moved the domain sid lookup and enumeration of trusted domains intoAndrew Tridgell1-1/+24
the backends at startup, loop until we get the domain sid for our primary domain, trying every 10 seconds. This makes winbindd handle a room-wide power failure better (This used to be commit 7c60ae59378be1b2af2e57ee3927966a29a797a5)
2001-12-10make sid_binstring available without HAVE_ADSAndrew Tridgell1-1/+2
(This used to be commit 4a6d29768665f71b72cf48ee34ee9a9c451232f6)
2001-12-10explicitly encode NULL strings in the cacheAndrew Tridgell1-1/+15
(This used to be commit 77c1376456765a7afe90afad96fab819fdcf8af3)
2001-12-10removed a debug lineAndrew Tridgell1-2/+0
(This used to be commit ec4c90fd7f56f8870884e5a27622cae71d154eca)
2001-12-09completely new winbindd cache infrastructureAndrew Tridgell1-449/+548
this one looks like just another winbind backend, and has the following properties: - does -ve and +ve cacheing of all queries - can be disabled with -n switch to winbindd - stores all records packed, so even huge domains are not a problem for a complete cache - handles the server being down - uses sequence numbers for all entries This fixes a lot of problems with winbindd. Serving from cache is now *very* fast. (This used to be commit fddb4f4c04473a60a97212c0c8e143d6a4d68380)
2001-12-05moved the sequence number fetch into the backend, and fetch theAndrew Tridgell1-56/+1
sequence number via ldap when using ads (This used to be commit 9a084f0bb91883224ad44e2b76417d10c15cce42)
2001-12-03added name_to_sid to the backendAndrew Tridgell1-10/+10
(This used to be commit 816e40a51af80a7f703c0451304de406deab3dd8)
2001-11-22Added debugs to track down sequence lookup problems.Jeremy Allison1-4/+10
Jeremy. (This used to be commit d3f5d5a4aca0d5bc8c4db7dfa8b766b7cda808eb)
2001-11-21Preparing to implement +ve and -ve caching for lookupname/lookupsid calls.Jeremy Allison1-128/+189
Jeremy. (This used to be commit 1f6cc536b2db0c36feee45cfd6ac1ad5ee8fb05a)
2001-11-15Caching user, group and domain sam handles was a stupid idea.Tim Potter1-2/+22
Now we just keep a record of the open pipes. (This used to be commit 77c287e9460eed7bde7004c7e6c8cb0099c6ba6f)
2001-11-14Random connection robustness related fixes. Display some debugs aboutTim Potter1-1/+1
the currently open connections when winbindd receives a USR1 signal. Hmm - I've just realised this will conflict with the messaging code but we don't use that yet. (This used to be commit caef54e40081477609a824185949ddf6db6ba363)
2001-10-14Resurrected sam sequence number code.Tim Potter1-117/+175
Pass domain structure around in cache code rather than the domain name. Some misc reformatting to make things look prettier. (This used to be commit 295dd2a5817b5d7c40474b9e460f3515e8c8e449)
2001-10-05This is the start of a bit of a rewrite of winbindd's connection handling.Tim Potter1-0/+29
I've wrapped up all the decisions about managing, making and closing connections into a connection manager in nsswitch/winbindd_cm.c. It's rather incomplete at the moment - only querying basic user info works at the moment (i.e finger -m DOMAIN/user) and everything else is broken. Jeremy, please take a look and I'll start moving across the rest of winbindd to this new system. (This used to be commit c369cf5af787ed9c642778d21f162716fbf0620e)
2001-09-17move to SAFE_FREE()Simo Sorce1-2/+2
(This used to be commit 03dc67788f68c9e01b5a82fdf43f837cb19f4608)
2001-06-04use LDSHFLAGS not -shared in several placesAndrew Tridgell1-1/+1
(This used to be commit 8ec9c87b5d1a7dae17d5b1a30f58effaf5e69e4b)
2001-05-07Preliminary merge of winbind into HEAD. Note that this compiles and linksTim Potter1-93/+156
but I haven't actually run it yet so it probably doesn't work. (-: (This used to be commit 59f95416b66db6df05289bde224de29c721978e5)
2001-04-08Got "medieval on our ass" about adding the -1 to slprintf.Jeremy Allison1-15/+15
Jeremy. (This used to be commit 94747b4639ed9b19f7d0fb896e43aa392a84989a)
2001-01-11Changes from APPLIANCE_HEAD:David O'Neill1-1/+11
testsuite/printing/psec.c - Use lock directory from smb.conf parameter when peeking at the ntdrivers.tdb file. source/rpc_parse/parse_sec.c - fix typo in debug message source/script/installbin.sh - create private directory as part of 'make install'. source/nsswitch/winbindd_cache.c source/nsswitch/winbindd_idmap.c source/passdb/secrets.c source/smbd/connection.c - always convert tdb key to unix code-page when generating. source/printing/nt_printing.c - always convert tdb key to unix code-page when generating. - don't prepend path to a filename that is NULL in add_a_printer_driver_3(). source/rpc_server/srv_spoolss_nt.c - always convert tdb key to unix code-page when generating. - don't prepend server name to a path/filename that is NULL in the fill_printer_driver_info functions. source/printing/printing.c - always convert tdb key to unix code-page when generating. - move access check for print_queue_purge() outside of job delete loop. source/smbd/unix_acls.c - fix for setting ACLs (this got missed earlier) source/lib/messages.c - trivial sync with appliance_head (This used to be commit 376601d17d53ef7bfaafa576bd770e554516e808)