Age | Commit message (Collapse) | Author | Files | Lines |
|
empty username/password is passed on the command line. Previously we were
leaving the domain name set and the password set to a NULL character.
Added a --get-auth-user command to display the restrict anonymous username
information. Can only be run successfully by root.
(This used to be commit 0bb9bc196207fb35c9de6accbe101937a687762f)
|
|
- move winbindd client handling into accessor functions in
winbindd_util.c
- move some winbindd socket routines into accessor functions in
winbindd_utils.c
(The deadlock situation mentioned in the appliance branch is probably
not applicable since we don't clear the connection cache on SIGHUP.
Perhaps we should?)
(This used to be commit 846b5494942c73e68616e7eae0d2fd5ae4b2bc05)
|
|
anonymous support) is blank.
(This used to be commit 7badccda46a0837dd9da802b44c2fbcb4f38845a)
|
|
work a bit better for password changing.
Andrew Bartlett
(This used to be commit 425782ba32554b90d592493a1928a926e492bb2a)
|
|
choose the server that has the most bits in common in its IP with one
of our interfaces.
(This used to be commit 31774dce67844b67cb405e65f307a20354f2cedb)
|
|
them in winbindd
(This used to be commit 6c7748b001836e4aa3e23dedfe28db3c8acc197a)
|
|
This was causing "wbinfo --sequence" to access past the end of malloced
memory.
(This used to be commit 4125c582aaf86ee5d92b0c800266543a390aefce)
|
|
(This used to be commit 06eea39abdb49d9d547707dcb170c988d7276c1d)
|
|
that app-head does.
Jeremy.
(This used to be commit b521abd86b10573ca8f9116907c81e6deb55f049)
|
|
transitive trusts, and trusts that are added while winbindd is running
- removed an unnecessary call to time()
(This used to be commit 14489ff30bb9eca2c55d36a69c0b45a2db339061)
|
|
Jeremy.
(This used to be commit 94fc0ea9f99bc73486ef374a84d2c20ce895ee14)
|
|
Jeremy.
(This used to be commit 042890056d5d4128eaaca346e7898ccda860dbe2)
|
|
* s/driverlocation/comment
* detect native mode domain and enumerate local groups
Also
* Added sendfile stats from SAMBA_2_2
(This used to be commit 764b58e2c0b3179cffe157c0ab58761b156b8423)
|
|
(This used to be commit a0e0f3b293a71ee6a7bb0edb626c5e16cb803830)
|
|
(This used to be commit 38a956c79bbdb5e1eedfcb1cf3ad4f7c906d0cf7)
|
|
(This used to be commit dd948a302ad6bd4307ecdfb10510e12185150eae)
|
|
from APP_HEAD
(This used to be commit 38c9e4299845fd77cc8629945ce2d259489f7437)
|
|
had it...).
Jeremy.
(This used to be commit 6929b65954ff5b94d11db79c8fc6a295311c238f)
|
|
Jeremy.
(This used to be commit c4fcbb2948beb3b6594d53a7ffdc8b94fd0d94e0)
|
|
like metze's sam_ads can also use them.
Also add error checking etc to a few more functions.
Andrew Bartlett
(This used to be commit c864edf4fbf8a6c37888a14b861d7c12cf503d4f)
|
|
ago....)
(This used to be commit 1b55965f12dc2ede46ca2dbc82acbf56b7e33e2e)
|
|
Jeremy.
(This used to be commit 38c67632ade40413c0cc2b91e04105e4065a18b7)
|
|
pidfile before doing secrets_init().
Jeremy.
(This used to be commit f8a0e6ad8b25d405ff2bcb492974d2f0bef81036)
|
|
This allows external programs to correctly synchronise with us.
Jeremy.
(This used to be commit ffb7632d05191342ecfc5f78fbfd7beacfe257ad)
|
|
the DC being out of sync with the local machine.
(This used to be commit 0d28d769472ea3b98ae4c8757093dfd4499f6dd1)
|
|
(Double checked)
(This used to be commit dc3c14fc2b661a62a1876149e96af6de07a2c4a6)
|
|
(This used to be commit d87c1f507d38444e627bce59b6c765d9c9479ac6)
|
|
(This used to be commit 26d486aa740e283f546efc1f2ca40af3452a4f52)
|
|
(This used to be commit f75d61b03a3377f3a791b56fc307dc7e56e4707a)
|
|
(This used to be commit d9fa865e5ce8ba0b7539f9a218fc7dd132eb3d38)
|
|
(This used to be commit e63afabf98350353fac79ffc2ae2ddf88d61260f)
|
|
>Initialise user_rid value in WINBIND_USERINFO structure returned by
>the rpc version of query_user(). This fixes a caching bug found by
>Gavrie Philipson from disksite.
(This used to be commit 77bde1fa33cc387accda8f38bf654377310f5dbe)
|
|
only this file, and not any others. It includes the function prototypes.
(Forgot to commit with earlier patch)
Andrew Bartlett
(This used to be commit 3ec3861445e7da1347c3b5ba180b33441f59640c)
|
|
(This used to be commit b440418f13b840860be42690bf475c1ee3cb3647)
|
|
The global winbind file descriptor can cause havoc in some situations -
particulary when it becomes 0, 1 or 2. This patch (based on some very nice
work by Hannes Schmidt <mail@schmidt-net.via.t-online.de>) starts to recitfy
the problem by ensuring that the close-on-exec flag is set, and that we move
above 3 in the file descriptor table.
I've also decided that the PAM module can close it's pipe handle on every
request - this isn't performance-critical code.
The next step is to do the same for nss_winbind. (But things like getent()
might get in our way there).
This also cleans up some function prototypes, puts them in just one place.
Andrew Bartlett
(This used to be commit 442eb39657b98f67cd229ed3110b63aae8bf4e3c)
|
|
to extend the ADS_STATUS system to include NTSTATUS, and to provide a better
general infrustructure for his sam_ads work.
I've also added some extra failure mode DEBUG()s to parts of the code.
NOTE: The ADS_ERR_OK() macro is rather sensitive to braketing issues - without
the final set of brakets, the test is essentially inverted - causing some
intersting 'error = success' messages...
Andrew Bartlett
(This used to be commit 5b9a7ab901bc311f3ad08462a8a68d133c34a8b4)
|
|
(This used to be commit ea26b3e8efcb83e16f7eb5add031a8df99046a69)
|
|
changed cli_nt_setup_creds() to call cli_net_auth_2 or cli_net_auth_3 based on a switch.
pass also the negociation flags all the way.
all the places calling cli_nt_setup_creds() are still using cli_net_aut2(), it's just for future use and for rpcclient.
in the future we will be able to call auth_2 or auth_3 as we want.
J.F.
(This used to be commit 4d38caca40f98d0584fefb9d66424a3db5b5789e)
|
|
can be used to find a BDC
2nd try ....
(This used to be commit f757223ebe88148b83e1a32b87c014c15c0a68dd)
|
|
can be used to find a BDC
(This used to be commit e95d8e2c9ee5cf22b628f3e0d99fb74bcc632ea0)
|
|
(This used to be commit 073106ad25fba8c8aaa57c296ce8e7cb7b3e3e97)
|
|
(This used to be commit 86433a3492a3b70a051257940ae28ada8788a650)
|
|
(This used to be commit b8dba26978c281259e02b9d6ebacaa7cba4f7787)
|
|
(This used to be commit addf29e6765393b25c35bd833d29e29e4581c233)
|
|
happen when the LDAP call to get the flatname for the primary domain
fails)
(This used to be commit 8d40f34e2f5188f15f414e807d023bfea7bd8c8e)
|
|
actually work. Also, the idea of 'loopback winbind' isn't that bad an idea
anyway (potential PDC/BDC applications).
Given all that, remove it...
Andrew Bartlett
(This used to be commit fc0d6e53fce1d05b16ec58c0bdc38aa8da4422c0)
|
|
Tridge suggested a generic caching mechanism for Samba to avoid the
proliferation of little cache files hanging around limpet like in the
locks directory. Someone should probably implement this at some
stage.
(This used to be commit dad31483b3bd1790356ef1e40ac62624a403bce8)
|
|
This also makes it a easier to see which paramaters are 'in', and which are
'out'.
Andrew Bartlett
(This used to be commit 122cf648d7f364c68ecb7a576a42e94a954e9e56)
|
|
(This used to be commit 68e70b000b273ba72206c87ad1efd6efc2c7c487)
|
|
setups.
- split up the ads structure into logical pieces. This makes it much
easier to keep things like the authentication realm and the server
realm separate (they can be different).
- allow ads callers to specify that no sasl bind should be performed
(used by "net ads info" for example)
- fix an error with handing ADS_ERROR_SYSTEM() when errno is 0
- completely rewrote the code for finding the LDAP server. Now try DNS
methods first, and try all DNS servers returned from the SRV DNS
query, sorted by closeness to our interfaces (using the same sort code
as we use in replies from WINS servers). This allows us to cope with
ADS DCs that are down, and ensures we don't pick one that is on the
other side of the country unless absolutely necessary.
- recognise dnsRecords as binary when displaying them
- cope with the realm not being configured in smb.conf (work it out
from the LDAP server)
- look at the trustDirection when looking up trusted domains and don't
include trusts that trust our domains but we don't trust
theirs.
- use LDAP to query the alternate (netbios) name for a realm, and make
sure that both and long and short forms of the name are accepted by
winbindd. Use the short form by default for listing users/groups.
- rescan the list of trusted domains every 5 minutes in case new trust
relationships are added while winbindd is running
- include transient trust relationships (ie. C trusts B, B trusts A,
so C trusts A) in winbindd.
- don't do a gratuituous node status lookup when finding an ADS DC (we
don't need it and it could fail)
- remove unused sid_to_distinguished_name function
- make sure we find the allternate name of our primary domain when
operating with a netbiosless ADS DC (using LDAP to do the lookup)
- fixed the rpc trusted domain enumeration to support up to approx
2000 trusted domains (the old limit was 3)
- use the IP for the remote_machine (%m) macro when the client doesn't
supply us with a name via a netbios session request (eg. port 445)
- if the client uses SPNEGO then use the machine name from the SPNEGO
auth packet for remote_machine (%m) macro
- add new 'net ads workgroup' command to find the netbios workgroup
name for a realm
(This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
|