summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_dual.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r17610: Added the ability for firefox to drive the winbinddJeremy Allison1-0/+1
ntlm_auth module to allow it to use winbindd cached credentials.The credentials are currently only stored in a krb5 MIT environment - we need to add an option to winbindd to allow passwords to be stored even in an NTLM-only environment. Patch from Robert O'Callahan, modified with some fixes by me. Jeremy. (This used to be commit ae7cc298a113d8984557684bd6ad216cbb27cff3)
2007-10-10r17605: Some C++ warningsVolker Lendecke1-2/+4
(This used to be commit 05268d7a731861b10ce8556fd32a004808383923)
2007-10-10r17459: As by Jerry's word commit this without his review.Simo Sorce1-0/+2
This patch add some missing async functions to solve UID/GID -> SID requests not just out of the cache, but down the remote idmap if necessary. This patch solves the problem of servers not showing users/groups names for allocated UID/GIDs when joined to a group of servers that share a prepopulated idmap backend. Also correctly resolve UID/GIDs to SIDs when looking ACLs from the windows security tab on teh same situation. Simo. (This used to be commit b8578bfab6a04fcd65a2e65f507067459e326077)
2007-10-10r17005: Add a new helper mode to ntlm_auth: ntlm-change-password-1Andrew Bartlett1-0/+1
This mode proxies pre-calculated blobs from a remote (probably VPN) client into the domain. This allows clients to change their password over a PPTP connection (where they would not be able to connect to SAMR directly). The precalculated blobs do not reveal the plaintext password. Original patch by Alexey Kobozev <cobedump@gmail.com> (This used to be commit 967292b7136c5100c0b9a2783c34b1948b16dad4)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-0/+1
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16475: destroy talloc ctx when we weren't able to collect onlinestatusGünther Deschner1-0/+4
messages. Guenther (This used to be commit d6b52e818109e6eb5a3df1bbc127c333e819141d)
2007-10-10r16474: There is no point in figuring out lockout policies if we do not allowGünther Deschner1-1/+1
offline logons at all. Guenther (This used to be commit dfbe555c69b3272bcff1d76a699aae2bdb85bdaf)
2007-10-10r15526: Avoid double \n.Günther Deschner1-1/+1
Guenther (This used to be commit 3546187bb4a74b14071e2c23561e70e57ad13e86)
2007-10-10r15428: Add "smbcontrol winbind onlinestatus" for debugging purpose.Günther Deschner1-0/+76
Guenther (This used to be commit 9e15b1659c105b0be846e8f71c27b20eab961bd2)
2007-10-10r15084: Try and squeeze more out of the non-read/write code path.Jeremy Allison1-2/+3
Jeremy. (This used to be commit 23dcff4d50d1d35b7ddee0d0cb79c16a312f179c)
2007-10-10r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit ↵Gerald Carter1-8/+8
winbindd server (This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
2007-10-10r14954: Fix #3569 based on William Jojo's work. AIX alsoJeremy Allison1-1/+1
has the linear posix locking issue which causes CLEAR_IF_FIRST to cause performance problems. As we know we're in a daemon architecture with long-lived parent we can avoid this in the Samba case. Add a comment explaining this. Jeremy. (This used to be commit 3cd5c3df0d1b98dfa90663973ab13b5d3dbf737e)
2007-10-10r14505: Rename the timed_event to lockout_policy_event.Günther Deschner1-8/+8
Guenther (This used to be commit 3e607aa69ae2d43fb6ec170d03221a6b22d3f35d)
2007-10-10r14474: Also flush the nscd caches before entering the main winbindd loop.Günther Deschner1-16/+1
Guenther (This used to be commit c81eb71834dc827db63c8adb3f816bbbe916473c)
2007-10-10r14405: Fix the build when nscd_flush_cache is detectedJeremy Allison1-10/+12
(variable definition was missing). Jeremy. (This used to be commit 48594f0270502149069fc883096181a9730d76bf)
2007-10-10r14403: * modifies create_local_nt_token() to create a BUILTIN\AdministratorsGerald Carter1-1/+0
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes' * Add a SID domain to the group mapping enumeration passdb call to fix the checks for local and builtin groups. The SID can be NULL if you want the old semantics for internal maintenance. I only updated the tdb group mapping code. * remove any group mapping from the tdb that have a gid of -1 for better consistency with pdb_ldap.c. The fixes the problem with calling add_group_map() in the tdb code for unmapped groups which might have had a record present. * Ensure that we distinguish between groups in the BUILTIN and local machine domains via getgrnam() Other wise BUILTIN\Administrators & SERVER\Administrators would resolve to the same gid. * Doesn't strip the global_sam_name() from groups in the local machine's domain (this is required to work with 'winbind default domain' code) Still todo. * Fix fallback Administrators membership for root and domain Admins if nested groups = no or winbindd is not running * issues with "su - user -c 'groups'" command * There are a few outstanding issues with BUILTIN\Users that Windows apparently tends to assume. I worked around this presently with a manual group mapping but I do not think this is a good solution. So I'll probably add some similar as I did for Administrators. (This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
2007-10-10r14329: Fix the build on systems without libcom_err.Günther Deschner1-2/+2
Guenther (This used to be commit 44fcd3113be970edd01f7f076c4b6cad2d03ebcd)
2007-10-10r14321: When we have libnscd and winbindd comes (back) online, try to flush theGünther Deschner1-0/+16
nscd caches so that NSS-calls can deliver accurate information. Guenther (This used to be commit a32a423a0e9e0d4dd21282fd528bcd3247fddbd1)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter1-3/+3
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13409: No functional changes, just some DEBUG cleanup.Günther Deschner1-1/+1
Guenther (This used to be commit 286f6fc2339cf4ef232c16466b8dffdcddbe343f)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-3/+214
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r11251: Fix a commentVolker Lendecke1-7/+5
(This used to be commit 1ce6d12898c6f24c83e54561862735586b5a41b4)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-59/+92
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r9709: Fix two bugs found by Brian Moran: Any request sent to winbind while ↵Volker Lendecke1-6/+4
the child in question is still initializing overwrites domain->dcname. Only overwrite if the parent actually has sent a dcname and thus really knows it. Second, ntlm_auth needs the error code, not just the fact it failed. Jerry, the 3_0 part might qualify as a "recommended patch". Thanks, Volker (This used to be commit d79b179b7f9d2efa4f8ee47bfe386e90d8b58322)
2007-10-10r9362: formatting cleanupGerald Carter1-28/+21
(This used to be commit f6b8af1ce13a0fa306bdd2a8aa1f0b7c6b185d81)
2007-10-10r9330: Remove the classic dual daemon since it was not being used.Gerald Carter1-180/+0
It was already gone in trunk anyways. working on fixing BUG 3000 which does work now but we are flying without a cache. (This used to be commit 4936d6d8b28edc59a3d17defcdf255ea6e0ba4e0)
2007-10-10r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison1-29/+29
safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10r7785: This looks much larger than it is. It changes the top-level functions ↵Volker Lendecke1-0/+36
of the parent winbind not to return winbindd_result. This is to hopefully fix all the problems where a result has been scheduled for write twice. The problematic ones have been the functions that might have been delayed as well as under other circumstances immediately gets answered from the cache. Now a request needs to be explicitly replied to with a request_error() or request_ok(). Volker (This used to be commit 7365c9accf98ec1dd78a59dd7f62462bbb8528d4)
2007-10-10r7423: Fix the build on sol10Volker Lendecke1-1/+1
(This used to be commit e8fde1bd92e8b19c8b5ce22f92cb048de773be1c)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter1-1/+444
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-1/+1
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r2440: Use sys_fork instead of fork for the dual daemon so that we get theVolker Lendecke1-1/+1
correct debug pid in the logfiles. Volker (This used to be commit 410d2c3ebba71434ad92d4572fec64eea7b952cd)
2003-11-12a small include file rearrangement that doesn't affect normalAndrew Tridgell1-0/+1
compilation, but that allows Samba3 to take advantage of pre-compiled headers in gcc if available. (This used to be commit b3e024ce1da7c7e24fcacd8a2964dd2e4562ba39)
2003-05-27Whoops - tried to merge to wrong branch for bug #60 merge. This redosTim Potter1-3/+0
the original fix. (This used to be commit 711f65bee0e7955fdb415182abe4812eae8ec4c3)
2003-05-26Merge of fix for bug #60.Tim Potter1-0/+3
(This used to be commit 0583dc358e918cf8bfb4d17bae0f42c4b385d313)
2003-05-06There appears to be no reason why we have to execute theTim Potter1-3/+0
initialisation code in winbindd_init_common() after the fork when running in dual daemon mode. The only tricky bit is we have to run a tdb_reopen_all() somewhere in the child to avoid tdb corruption. Fixed bug #60. (This used to be commit 25e55aca0fe315c2ccf4e34a94107b2321313714)
2003-04-03Fixup swat warning.Jeremy Allison1-0/+6
Fix winbindd dual mode in the same was as in APP_HEAD. "Ken Cross" <kcross@nssolutions.com> noticed the problem. Jeremy. (This used to be commit 8bbcb833317245d7f5b8695e4a5c676f67003937)
2002-11-09remove accidental debug code.Gerald Carter1-4/+0
(This used to be commit 9bba2199e3127c8a7bcb3143d962a6660c125d88)
2002-11-08fix for defunct winbindd from APP_HEADGerald Carter1-2/+7
(This used to be commit 856678d69fac9849c689c485fc727fca300eb152)
2002-10-15Fix spelling of background_process.Jeremy Allison1-4/+4
Jeremy. (This used to be commit 2006e36c18bb2d5e44179829c66934efad38b0c7)
2002-07-14this is a trick to work around the fact that posix does not supplyAndrew Tridgell1-0/+1
a getgr*() function that lists groups without numerating all the group members. Instead of definiing a new nss method (which might cause problems) I added an environment variable WINBIND_GETGRLST that tells winbind not to fill in the group members in a gergrent() request. This can speed up group listing by a factor of 20 or more (on my test system with 50000 groups it reduces the time from an hour to 2 minutes) (This used to be commit e3f73256d31ab9914daae49f41e984a534996870)
2002-06-18more debug classess activatedSimo Sorce1-0/+3
(This used to be commit 897e64d2e0c1d04ab93441ccaffe369bf43be46e)
2002-04-24damn! I forgot to commit winbindd_dual.cAndrew Tridgell1-0/+205
(This used to be commit f3764ab2c602d6af9dce15f0d525a9f11c1723f1)