summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_dual.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r21106: We neither need a account lockout policy handler nor a check domainGünther Deschner1-1/+2
online handler for internal (local SAM, BUILTIN) childs. Jeremy, please check. Guenther (This used to be commit 7d0e2e70684a7e3d377f56ed0244ed136b0b1a99)
2007-10-10r21064: The core of this patch isVolker Lendecke1-9/+16
void message_register(int msg_type, void (*fn)(int msg_type, struct process_id pid, - void *buf, size_t len)) + void *buf, size_t len, + void *private_data), + void *private_data) { struct dispatch_fns *dfn; So this adds a (so far unused) private pointer that is passed from message_register to the message handler. A prerequisite to implement a tiny samba4-API compatible wrapper around our messaging system. That itself is necessary for the Samba4 notify system. Yes, I know, I could import the whole Samba4 messaging system, but I want to do it step by step and I think getting notify in is more important in this step. Volker (This used to be commit c8ae60ed65dcce9660ee39c75488f2838cf9a28b)
2007-10-10r21056: Moving the set_domain_online_request to fork_domain_child() (formerlyGünther Deschner1-9/+12
lived in trustdom_recv(). Jeremy, this is the better place I think but please check. Guenther (This used to be commit beed8b8b320ae9bd8aef669564a5403e4bb35bfd)
2007-10-10r20846: Before this gets out of control...Volker Lendecke1-7/+9
This add a struct event_context and infrastructure for fd events to smbd. This is step zero to import lib/events. Jeremy, I rely on you to watch the change in receive_message_or_smb() closely. For the normal code path this should be the only relevant change. The rest is either not yet used or is cosmetic. Volker (This used to be commit cd07f93a8aecb24c056e33b1ad3447a41959810f)
2007-10-10r20330: And here's the fix for the parent winbindd crashingJeremy Allison1-0/+5
after it's child died unexpectedly whilst the parent was waiting for a reply. We need to clean up the request we're not going to service, plus we still need to call the continuation function with a "False" flag so it can clean things up. Still testing this, but I think I'm right. Jeremy (This used to be commit 9b04ac0c8104d626697978697d4d8bae791a7edd)
2007-10-10r20254: The pam_chauthtok needs to go through the async interface as well.Günther Deschner1-0/+1
This fixes pam password changes in the online case. Guenther (This used to be commit 2d2de1ac27180756df095c586211fe2e7694b94e)
2007-10-10r20206: Start cleaning up the talloc_ctx mess.Jeremy Allison1-12/+14
child->mem_ctx isn't actually used for anything, so remove it. Jeremy. (This used to be commit a7f294b59238826c11e579a7b1a4dca7284bb89d)
2007-10-10r20140: Make online/offline detection completely asynchronous.Jeremy Allison1-1/+4
Now I've done this I might be able to reduce the probe timeout and reduce the backoff algorithm, going back to checking every cache time seconds (5 mins by default), as the parent or forked domain child will never block. Jeremy. (This used to be commit d0add5f946cf63ea43067e8e935876b5346d11de)
2007-10-10r20124: clean up nested extern declaration warningsHerb Lewis1-1/+2
(This used to be commit ac3eb7813e33b9a2e78c9158433f7ed62c3b62bb)
2007-10-10r20116: Start merging in the work done to create the new idmap subsystem.Simo Sorce1-1/+4
Simo. (This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)
2007-10-10r20087: Ensure we clean up any random pending events weJeremy Allison1-2/+8
may have inherited from our parent in the winbindd forked child. Jeremy. (This used to be commit 0a1352f440a9d9b974ad8d571b2e48a43a15b6cc)
2007-10-10r20082: When fork_domain_child is forked when we're offlineJeremy Allison1-0/+11
the child inherits *all* active check_online timout handlers. This is bad when it's not our domain (ie. BUILTIN). Jeremy. (This used to be commit 8d815ec4c103a83ef7cea0ae5fc64681f6bcb48a)
2007-10-10r19230: Doh ! Fix obvious crash bug.....Jeremy Allison1-5/+5
(This used to be commit e6560270499365ca42517f6a7cf40845ee80edfb)
2007-10-10r19209: Ensure we don't make mistakes by sending online/offlineJeremy Allison1-26/+100
messages to internal domains, or to domains not being serviced by a winbindd child. Ensure the child online offline requests are domain specific. Jeremy. (This used to be commit 81a9dc4b9fbd4a9bb67f55aa744bf609d6aba1c2)
2007-10-10r19105: Ok - this is currently untested (but I'm testing it atJeremy Allison1-3/+3
the moment) but winbindd isn't run in the build farm so hopefully won't break anything too badly - I don't want to lose this. If winbindd starts offline then it falls back to using MS-RPC backend. On going online it needs to reset the backend and try and go to using the AD backend code if possible, as the MS-RPC sequence number fetch just returns 1 as the sequence number if run against an AD DC. In addition, the winbindd async child may end up with the AD backend whilst the main winbindd - which still contacts the DC for some non-async calls, is left using MS-RPC. This can cause some trouble (as you can imagine :-). Attempt to ensure both main winbindd and async children us AD backends on going online. Jeremy. (This used to be commit 5efd4b04b89ace4b264e9ac37a90e202749792be)
2007-10-10r18980: Be a little more intelligent about "startup_time",Jeremy Allison1-4/+4
move into the domain struct. Allow message to go online to set this state and cope with removing it. Jeremy. (This used to be commit 51f0e60cc3a652b0ff1658d4c07bfc9493fbc51a)
2007-10-10r18937: Protect against segc in the idmap winbindd child processGerald Carter1-2/+4
(the domain is NULL here) (This used to be commit a36de910d289363a5374fe063099311712d4e57a)
2007-10-10r18703: Fix the annoying effect that happens when nscd is running:Günther Deschner1-1/+2
We usually do not get the results from user/group script modifications immediately. A lot of users do add nscd restart/refresh commands into their scripts to workaround that while we could flush the nscd caches directly using libnscd. Guenther (This used to be commit 7db6ce295afbedfada7b207ad56566d2195a0d21)
2007-10-10r18605: sync dlinklist.h with samba4, that means DLIST_ADD_END()Stefan Metzmacher1-2/+2
and DLIST_DEMOTE() now take the type of the tmp pointer not the tmp pointer itself anymore. metze (This used to be commit 2f58645b7094e81dff3734f11aa183ea2ab53d2d)
2007-10-10r18551: Implement a 30 seconds from startup, during which weJeremy Allison1-1/+12
try hard to connect a DC even if we might be offline. Jeremy. (This used to be commit a9f115140700487767bafa058db744eea5ee8f77)
2007-10-10r18533: Ensure we clear out the failed connection cache for an entireJeremy Allison1-2/+2
domain when going back online. Jeremy. (This used to be commit c7e4c8d0b4d109ec67d4424dd446b74b55246c72)
2007-10-10r18506: Fix online requests to cause an immediate DC connection.Jeremy Allison1-3/+3
Jeremy. (This used to be commit 03b1699fa7d94fd637ff8c3bd2c59358673d2607)
2007-10-10r18411: Getting a zero length read is common. Don't log atJeremy Allison1-1/+1
debug level zero. Jeremy. (This used to be commit e23caeb7b57b0b1bbc2f8b6abf34166f271a88fa)
2007-10-10r18191: Fix the online/offline state handling of winbindd.Jeremy Allison1-5/+15
Instead of trying to do this in the winbindd_cache entries, add a timed even handler to probe every 5 mins when disconnected. Fix events to run all pending events, rather than only one. Jeremy. (This used to be commit 7bfbe1b4fb9a91c6678035f220bbf0b4f5afdcac)
2007-10-10r17610: Added the ability for firefox to drive the winbinddJeremy Allison1-0/+1
ntlm_auth module to allow it to use winbindd cached credentials.The credentials are currently only stored in a krb5 MIT environment - we need to add an option to winbindd to allow passwords to be stored even in an NTLM-only environment. Patch from Robert O'Callahan, modified with some fixes by me. Jeremy. (This used to be commit ae7cc298a113d8984557684bd6ad216cbb27cff3)
2007-10-10r17605: Some C++ warningsVolker Lendecke1-2/+4
(This used to be commit 05268d7a731861b10ce8556fd32a004808383923)
2007-10-10r17459: As by Jerry's word commit this without his review.Simo Sorce1-0/+2
This patch add some missing async functions to solve UID/GID -> SID requests not just out of the cache, but down the remote idmap if necessary. This patch solves the problem of servers not showing users/groups names for allocated UID/GIDs when joined to a group of servers that share a prepopulated idmap backend. Also correctly resolve UID/GIDs to SIDs when looking ACLs from the windows security tab on teh same situation. Simo. (This used to be commit b8578bfab6a04fcd65a2e65f507067459e326077)
2007-10-10r17005: Add a new helper mode to ntlm_auth: ntlm-change-password-1Andrew Bartlett1-0/+1
This mode proxies pre-calculated blobs from a remote (probably VPN) client into the domain. This allows clients to change their password over a PPTP connection (where they would not be able to connect to SAMR directly). The precalculated blobs do not reveal the plaintext password. Original patch by Alexey Kobozev <cobedump@gmail.com> (This used to be commit 967292b7136c5100c0b9a2783c34b1948b16dad4)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-0/+1
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16475: destroy talloc ctx when we weren't able to collect onlinestatusGünther Deschner1-0/+4
messages. Guenther (This used to be commit d6b52e818109e6eb5a3df1bbc127c333e819141d)
2007-10-10r16474: There is no point in figuring out lockout policies if we do not allowGünther Deschner1-1/+1
offline logons at all. Guenther (This used to be commit dfbe555c69b3272bcff1d76a699aae2bdb85bdaf)
2007-10-10r15526: Avoid double \n.Günther Deschner1-1/+1
Guenther (This used to be commit 3546187bb4a74b14071e2c23561e70e57ad13e86)
2007-10-10r15428: Add "smbcontrol winbind onlinestatus" for debugging purpose.Günther Deschner1-0/+76
Guenther (This used to be commit 9e15b1659c105b0be846e8f71c27b20eab961bd2)
2007-10-10r15084: Try and squeeze more out of the non-read/write code path.Jeremy Allison1-2/+3
Jeremy. (This used to be commit 23dcff4d50d1d35b7ddee0d0cb79c16a312f179c)
2007-10-10r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit ↵Gerald Carter1-8/+8
winbindd server (This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
2007-10-10r14954: Fix #3569 based on William Jojo's work. AIX alsoJeremy Allison1-1/+1
has the linear posix locking issue which causes CLEAR_IF_FIRST to cause performance problems. As we know we're in a daemon architecture with long-lived parent we can avoid this in the Samba case. Add a comment explaining this. Jeremy. (This used to be commit 3cd5c3df0d1b98dfa90663973ab13b5d3dbf737e)
2007-10-10r14505: Rename the timed_event to lockout_policy_event.Günther Deschner1-8/+8
Guenther (This used to be commit 3e607aa69ae2d43fb6ec170d03221a6b22d3f35d)
2007-10-10r14474: Also flush the nscd caches before entering the main winbindd loop.Günther Deschner1-16/+1
Guenther (This used to be commit c81eb71834dc827db63c8adb3f816bbbe916473c)
2007-10-10r14405: Fix the build when nscd_flush_cache is detectedJeremy Allison1-10/+12
(variable definition was missing). Jeremy. (This used to be commit 48594f0270502149069fc883096181a9730d76bf)
2007-10-10r14403: * modifies create_local_nt_token() to create a BUILTIN\AdministratorsGerald Carter1-1/+0
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes' * Add a SID domain to the group mapping enumeration passdb call to fix the checks for local and builtin groups. The SID can be NULL if you want the old semantics for internal maintenance. I only updated the tdb group mapping code. * remove any group mapping from the tdb that have a gid of -1 for better consistency with pdb_ldap.c. The fixes the problem with calling add_group_map() in the tdb code for unmapped groups which might have had a record present. * Ensure that we distinguish between groups in the BUILTIN and local machine domains via getgrnam() Other wise BUILTIN\Administrators & SERVER\Administrators would resolve to the same gid. * Doesn't strip the global_sam_name() from groups in the local machine's domain (this is required to work with 'winbind default domain' code) Still todo. * Fix fallback Administrators membership for root and domain Admins if nested groups = no or winbindd is not running * issues with "su - user -c 'groups'" command * There are a few outstanding issues with BUILTIN\Users that Windows apparently tends to assume. I worked around this presently with a manual group mapping but I do not think this is a good solution. So I'll probably add some similar as I did for Administrators. (This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
2007-10-10r14329: Fix the build on systems without libcom_err.Günther Deschner1-2/+2
Guenther (This used to be commit 44fcd3113be970edd01f7f076c4b6cad2d03ebcd)
2007-10-10r14321: When we have libnscd and winbindd comes (back) online, try to flush theGünther Deschner1-0/+16
nscd caches so that NSS-calls can deliver accurate information. Guenther (This used to be commit a32a423a0e9e0d4dd21282fd528bcd3247fddbd1)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter1-3/+3
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13409: No functional changes, just some DEBUG cleanup.Günther Deschner1-1/+1
Guenther (This used to be commit 286f6fc2339cf4ef232c16466b8dffdcddbe343f)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-3/+214
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r11251: Fix a commentVolker Lendecke1-7/+5
(This used to be commit 1ce6d12898c6f24c83e54561862735586b5a41b4)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-59/+92
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r9709: Fix two bugs found by Brian Moran: Any request sent to winbind while ↵Volker Lendecke1-6/+4
the child in question is still initializing overwrites domain->dcname. Only overwrite if the parent actually has sent a dcname and thus really knows it. Second, ntlm_auth needs the error code, not just the fact it failed. Jerry, the 3_0 part might qualify as a "recommended patch". Thanks, Volker (This used to be commit d79b179b7f9d2efa4f8ee47bfe386e90d8b58322)
2007-10-10r9362: formatting cleanupGerald Carter1-28/+21
(This used to be commit f6b8af1ce13a0fa306bdd2a8aa1f0b7c6b185d81)
2007-10-10r9330: Remove the classic dual daemon since it was not being used.Gerald Carter1-180/+0
It was already gone in trunk anyways. working on fixing BUG 3000 which does work now but we are flying without a cache. (This used to be commit 4936d6d8b28edc59a3d17defcdf255ea6e0ba4e0)