summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r19255: Add blacklist of accounts when NSS initgroups calls are coming in andGünther Deschner1-0/+24
"winbind use default domain" is set. Defaults to "root, nobody, lp" currently. Guenther (This used to be commit b5b42196a6f2869deefc700dc98060f5ab832e40)
2007-10-10r19254: Make sure to also wait 35 seconds to receive a Netlogon GETDC replyGünther Deschner1-0/+8
here in winbindd_getdcname(). Guenther (This used to be commit 58a181edc5ea8e87e9978f11a5a729ad4dc60091)
2007-10-10r19230: Doh ! Fix obvious crash bug.....Jeremy Allison1-5/+5
(This used to be commit e6560270499365ca42517f6a7cf40845ee80edfb)
2007-10-10r19212: Make sure domains marked internal don't doJeremy Allison2-14/+29
network queries. Jeremy. (This used to be commit e4d5e1d90b40fee1edc5cf0134b276645eea63bf)
2007-10-10r19209: Ensure we don't make mistakes by sending online/offlineJeremy Allison1-26/+100
messages to internal domains, or to domains not being serviced by a winbindd child. Ensure the child online offline requests are domain specific. Jeremy. (This used to be commit 81a9dc4b9fbd4a9bb67f55aa744bf609d6aba1c2)
2007-10-10r19207: Properly canonicalize incoming names to theJeremy Allison3-4/+33
NSS protocols auth, chauthtok, logoff, ccache_ntlm_auth. That way we ensure winbindd only deals with fully qualified names internally. The NSS protocols auth_crap and chng_pswd_auth_crap should be fixed to do the same thing. Jeremy. (This used to be commit dbd2454d3337f64cddbdaf39e9efd6505e6b2590)
2007-10-10r19206: Jeremy, for some reason storing a value-less entry in TDB does not workGünther Deschner1-9/+3
anymore in 3_0. I'm just adding a time(NULL) as value for the WINBINDD_OFFLINE key. Guenther (This used to be commit 2bdf9f140f76d6eb73b34148c47f7d3447e2e563)
2007-10-10r19159: The getdc call can take a long time. Allow for timeouts.Jeremy Allison1-1/+9
Jeremy. (This used to be commit 99bebb65273c78d9867254c47438577bb21af4ee)
2007-10-10r19155: Fix debug message.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 42e5481ce4bebc65040d466b49e3c45cd4e79f5d)
2007-10-10r19148: Finish last nights patch - make offlineJeremy Allison4-51/+78
work again. Still under test. Jeremy. (This used to be commit 40a455db78f805daa6bfeb9e78fb78dcc12fd9a7)
2007-10-10r19143: getdcname on the NETLOGON pipe returns WERROR, not NTSTATUS.Günther Deschner2-6/+8
Guenther (This used to be commit 44e228ac796fca2db8509915067511ed705032bf)
2007-10-10r19105: Ok - this is currently untested (but I'm testing it atJeremy Allison3-43/+24
the moment) but winbindd isn't run in the build farm so hopefully won't break anything too badly - I don't want to lose this. If winbindd starts offline then it falls back to using MS-RPC backend. On going online it needs to reset the backend and try and go to using the AD backend code if possible, as the MS-RPC sequence number fetch just returns 1 as the sequence number if run against an AD DC. In addition, the winbindd async child may end up with the AD backend whilst the main winbindd - which still contacts the DC for some non-async calls, is left using MS-RPC. This can cause some trouble (as you can imagine :-). Attempt to ensure both main winbindd and async children us AD backends on going online. Jeremy. (This used to be commit 5efd4b04b89ace4b264e9ac37a90e202749792be)
2007-10-10r19103: From "Björn JACKE <bjoern@j3e.DE>":Jeremy Allison1-1/+1
The attached patch cleans up pam_winbind a tiny bit. Instead of making exceptions for all pam implementations except for Linux' it's better to make an exception for the only pam implementation which is different from all the others. This is equivalent to what pam_smb_auth does already. ----------------- Jeremy (This used to be commit 8e5596470822d20740f86585a6cf67240f2face4)
2007-10-10r19066: Fix a memleakVolker Lendecke1-0/+1
(This used to be commit c53e2e54750764c9a0eb57a86fd226b4f8711a66)
2007-10-10r19065: No functional change, just a trivial simplificationVolker Lendecke1-19/+19
(This used to be commit 45628f71cfc770b1ba67abf38aac53ac40773cd0)
2007-10-10r19064: This code block is already #ifdef'ed by WITH_ADS which should implyVolker Lendecke1-2/+2
HAVE_KRB5. If WITH_ADS does not imply KRB5, we have to fix that. Lets see what the build farm thinks about this. Volker (This used to be commit 27b063078dff0d8c5eb552dd73825f6858d04e4b)
2007-10-10r18980: Be a little more intelligent about "startup_time",Jeremy Allison3-7/+31
move into the domain struct. Allow message to go online to set this state and cope with removing it. Jeremy. (This used to be commit 51f0e60cc3a652b0ff1658d4c07bfc9493fbc51a)
2007-10-10r18955: fix the build on solaris where unistd.h needs to be includes beforeStefan Metzmacher1-1/+1
socket_wrapper defined ioctl swrap_ioctl metze (This used to be commit e43d1f6c17c8a44c989a57309b8378c1dd8f591c)
2007-10-10r18937: Protect against segc in the idmap winbindd child processGerald Carter1-2/+4
(the domain is NULL here) (This used to be commit a36de910d289363a5374fe063099311712d4e57a)
2007-10-10r18927: Fix build. *please* compile the code at least once before checking ↵Gerald Carter1-2/+2
it in. (This used to be commit 4e464a2c35984752244f30ce9bb259eb16149e3f)
2007-10-10r18924: Minor cleanup.Günther Deschner1-8/+8
Guenther (This used to be commit 143a48927b0e21d31a9f54cfc720b5d04a4b6751)
2007-10-10r18871: Fix copy/paste mixup.Günther Deschner1-1/+1
Guenther (This used to be commit 2a605a0b175dc0ccc65ee2dc68e394bef7c954d1)
2007-10-10r18842: Protect against "winbind cache time = 0" on two other occasions.Günther Deschner1-2/+2
Guenther (This used to be commit b1cd9d45e9581bec56bfdc21d2a8afb7f094be22)
2007-10-10r18841: Protect against potential event loop when someone is using "winbindGünther Deschner1-2/+2
cache time = 0". Guenther (This used to be commit 9ac6016e32d236e7470919c075df551d1d73498c)
2007-10-10r18798: use libreplace headers in pam and nss modulesStefan Metzmacher3-69/+8
this hopefully fixes the build on AIX metze (This used to be commit ef1001f5a269f3d6a66f40e3fb01eccc807dcd7e)
2007-10-10r18784: hopefully fix the BOOL bug on AIXStefan Metzmacher1-2/+2
metze (This used to be commit 454d9590de6ff94a1edd7321e26af0f0978a356a)
2007-10-10r18710: Prevent that our offline cache can get outdated after a password change.Günther Deschner1-1/+8
Guenther (This used to be commit 8006cf962b4a33278414fcdf07bf94d739cb4aab)
2007-10-10r18703: Fix the annoying effect that happens when nscd is running:Günther Deschner3-23/+4
We usually do not get the results from user/group script modifications immediately. A lot of users do add nscd restart/refresh commands into their scripts to workaround that while we could flush the nscd caches directly using libnscd. Guenther (This used to be commit 7db6ce295afbedfada7b207ad56566d2195a0d21)
2007-10-10r18667: Two C++ warningsVolker Lendecke1-1/+1
(This used to be commit 8c60e71229cd577f3b17345c5824363dd202eba9)
2007-10-10r18605: sync dlinklist.h with samba4, that means DLIST_ADD_END()Stefan Metzmacher1-2/+2
and DLIST_DEMOTE() now take the type of the tmp pointer not the tmp pointer itself anymore. metze (This used to be commit 2f58645b7094e81dff3734f11aa183ea2ab53d2d)
2007-10-10r18557: If you've set security=ads, do the DNS queries first.Jeremy Allison1-9/+6
Doing otherwise means site support doesn't work correctly. Jeremy. (This used to be commit 06a75f3b935b30c60ab4690634b26cdcd7f02b90)
2007-10-10r18552: Ensure the sitename matches before we SAF store a DC in ADS mode.Jeremy Allison1-2/+4
Jeremy. (This used to be commit 03e1078b459531af5a2336b584b3c886c5dd1e29)
2007-10-10r18551: Implement a 30 seconds from startup, during which weJeremy Allison4-3/+27
try hard to connect a DC even if we might be offline. Jeremy. (This used to be commit a9f115140700487767bafa058db744eea5ee8f77)
2007-10-10r18543: Fix Coverity ID#312Volker Lendecke1-0/+1
(This used to be commit 763cbe924b78b206985db6552e20cb4830446d35)
2007-10-10r18533: Ensure we clear out the failed connection cache for an entireJeremy Allison1-2/+2
domain when going back online. Jeremy. (This used to be commit c7e4c8d0b4d109ec67d4424dd446b74b55246c72)
2007-10-10r18525: Be a little less agressive about going back online when requested.Jeremy Allison1-7/+15
Jeremy. (This used to be commit 9a0066278c30b123eeaed8213294b6d81a339524)
2007-10-10r18511: Ops, fix the build.Günther Deschner1-1/+1
Guenther (This used to be commit 20de0b4823abb59518b7ffb495120494e705df7a)
2007-10-10r18510: Protect against storing null-sids in the winbind cache.Günther Deschner1-0/+8
Guenther (This used to be commit b04c8d46efc67e013b976e0ba1be558b70a1f899)
2007-10-10r18509: We must always canonicalise the usernames to be UPPERCASE DOMAIN,Jeremy Allison1-2/+3
lowercase username. We cache names as keys in this form, and we weren't always returning this.... Jeremy. (This used to be commit 205aa2b70d647460ca5a273caad7717312f53aab)
2007-10-10r18507: Added debug log for returned username.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 7644fa70ba4f7c88d887930e23b5ee2e1632473b)
2007-10-10r18506: Fix online requests to cause an immediate DC connection.Jeremy Allison2-8/+38
Jeremy. (This used to be commit 03b1699fa7d94fd637ff8c3bd2c59358673d2607)
2007-10-10r18484: Start some cleanup on pam_winbind's syslogging:Günther Deschner2-114/+160
* as openlog() is non-reentrant and pam_winbind thereby overrides the syslog settings of the calling application, directly call syslog (or pam_vsyslog if available) * support the PAM_SILENT flag to avoid any log messages beeing created Guenther (This used to be commit 0f7e37ffc4759a4e29f63ab83f39ddb31c8240f6)
2007-10-10r18476: Protect ourselves from bad cached creds a littleJeremy Allison1-2/+30
better - don't just panic - delete them. Jeremy. (This used to be commit 4c54b75076442d239ae374b236c6f33aafece981)
2007-10-10r18473: Once we go online, trigger a "get krb5 ticket event"Jeremy Allison1-0/+6
immediately if we were waiting on one. Jeremy. (This used to be commit 6dc8f9042f057e1f9aff46042a0fe697cb8a912c)
2007-10-10r18411: Getting a zero length read is common. Don't log atJeremy Allison1-1/+1
debug level zero. Jeremy. (This used to be commit e23caeb7b57b0b1bbc2f8b6abf34166f271a88fa)
2007-10-10r18271: Big change:Gerald Carter14-77/+77
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r18259: Fix the non-krb5 builds.Günther Deschner1-1/+2
Guenther (This used to be commit 576488933b8e04ddd6cb45a7992374efe174a404)
2007-10-10r18239: THIS IS GUENTHER'S WORK !!! He's allowing me to mergeJeremy Allison3-51/+219
this at the moment as I'm working on this area. Thanks a lot Guenther. Add the capability to get krb5 tickets even if we log on in the offline state and have to cache the credentials. Once we go online we should start getting krb5 tickets again. Currently this code waits until lp_winbind_cache_time() seconds (5 minutes by default) before getting tickets. This is correct in the DC down case, but not in the global offline -> online case. I'll later add a trigger to force an immediate refresh on the offline -> online state transition. Jeremy. (This used to be commit 04fe034f4a222c83a8d788040f7edc370afe9fa6)
2007-10-10r18224: Paranoia - ensure the oplock event handler isJeremy Allison1-1/+10
removed immediately in the handler. Extra debug info tracking down winbindd DC selection. Jeremy. (This used to be commit 7ba9b6ce588f716589e9f88ed146fad36c4b3758)
2007-10-10r18199: Allow winbindd to delete a saf_ entry if it knowsJeremy Allison1-0/+4
it can't talk to it. Jeremy. (This used to be commit 7385a076f8fd351472d37d9363304948e88f9f99)