| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Jeremy.
(This used to be commit 23dcff4d50d1d35b7ddee0d0cb79c16a312f179c)
|
|
clients and aservers. Strange compiler-fu on 64-bit
SLES9 says sizeof(time_t) == 4 but the memory alignment
is on 8 bytes. Change time_t to uint32 to fix alignment.
Remove 'char **gr_mem' from struct winbindd_gr since
it was not being used.
(This used to be commit b68e66d5c4f7348e674b8a009656ebfbbc06e288)
|
|
(This used to be commit 066f69fe88b360b856f3dc49089f8c21b721cce9)
|
|
winbindd server
(This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
|
|
/etc/security/pam_winbind.conf as config file for the PAM module by
default.
Guenther
(This used to be commit 41b79ee80c7b0f4836ded51d42c7dc91cba75ccd)
|
|
PAM_SUCCESS. Günther, could you take a look?
Thanks,
Volker
(This used to be commit fc6effcd9c2bb2d15b7e8fba85cc3193d2d7ce1f)
|
|
internals, mostly with the code that was in pam_winbind before.
Also switch from using loadparm to use iniParser to read the new
pam_winbind options from a configuration file. That still uses the old
(parametric) option names which will be replaced next (as iniParser does
not support parametric options).
Guenther
(This used to be commit 6f668ce67318f17bba79cd98b5d169cd19eafcd4)
|
|
ensure that global memory is freed when unloading pam_winbind.so (needs more testing on non-linux platforms)
(This used to be commit 1e0b79e591d70352a96e0a0487d8f394dc7b36ba)
|
|
has the linear posix locking issue which causes
CLEAR_IF_FIRST to cause performance problems.
As we know we're in a daemon architecture with
long-lived parent we can avoid this in the Samba
case. Add a comment explaining this.
Jeremy.
(This used to be commit 3cd5c3df0d1b98dfa90663973ab13b5d3dbf737e)
|
|
Guenther
(This used to be commit 87293802f3e0666c9a50eb3ca63bb1a7dccc50dc)
|
|
is produced when a process exits abnormally.
First, we coalesce the core dumping code so that we greatly improve our
odds of being able to produce a core file, even in the case of a memory
fault. I've removed duplicates of dump_core() and split it in two to
reduce the amount of work needed to actually do the dump.
Second, we refactor the exit_server code path to always log an explanation
and a stack trace. My goal is to always produce enough log information
for us to be able to explain any server exit, though there is a risk
that this could produce too much log information on a flaky network.
Finally, smbcontrol has gained a smbd fault injection operation to test
the changes above. This is only enabled for developer builds.
(This used to be commit 56bc02d64498eb3faf89f0c5452b9299daea8e95)
|
|
(This used to be commit cc1bdbbc41bd6626ee53abf3f2ab35c454e036b7)
|
|
(This used to be commit 62d60a04cd85dc521e7d63726b856f38287466ad)
|
|
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
I will not write code when changing to Daylight Savings Time.
...
Fix my brain dead inverted logic for turning winbindd on and off
when run on a DC or when calling pdb functions from within winbindd.
(This used to be commit 021b3dc2db9fb422ede4657a1f27ef7ef2d22cee)
|
|
* depreacte 'acl group control' after discussion with Jeremy
and implement functionality as part of 'dos filemode'
* fix winbindd on a non-member server to expand local groups
* prevent code previously only used by smbd from blindly
turning _NO_WINBINDD back on
(This used to be commit 4ab372f4cab22225716b5c9a9a08f0c1dbc9928d)
|
|
Guenther
(This used to be commit 99158406b47dc07961c4f6536181da868cf276ca)
|
|
Jeremy.
(This used to be commit 6ae15544ccfc3ff5d97565ad41ba7f57c7d29b0f)
|
|
cache with a valid TGT in it but we werent able to get or verify the
service ticket for this local host afterwards and therefor didn't get
the PAC, we need to remove that ccache entirely.
Also remove an ugly pair of (not needed) seteuid calls around the ticket
destroy wrapper.
Guenther
(This used to be commit 25a2fb3896596380d9eecac80defbf247a35e6bb)
|
|
case future forward lookups would fail
(This used to be commit d56ed46faec46dad74b469d25ff99c9002792c78)
|
|
just the BUILTIN group when calling winbindd_getgroups.
$ id foo
uid=502(foo) gid=100(users) groups=100(users),10007(RHEL4\staff),
10001(BUILTIN\users)
(This used to be commit 603b4b501a759510d2ec66cbe5ab1e9f5dc5dbc1)
|
|
Guenther
(This used to be commit e162253a32119a31dd652b00f942d4c1a16fab83)
|
|
Guenther
(This used to be commit 24afdda2ae7626b8c0b378d158ede391924d1274)
|
|
to make the following possible:
timelimit 20000 bin/nmbd -F -S --no-process-group
timelimit 20000 bin/smbd -F -S --no-process-group
this is needed to 'make test' working without losing child processes
metze
(This used to be commit c3a9f30e2a12cc852c9fa3a7d161f5c6ee0694ce)
|
|
We were using a far too short renewable_time in the request; newer MIT
releases take care interally that the renewable time is never shorter
then the default ticket lifetime.
Guenther
(This used to be commit bde4a4018e26bc9aab4b928ec9811c05b21574f3)
|
|
Guenther
(This used to be commit 3f195f8248c88ec8bf8ceb195575ce6bb49d7fc4)
|
|
kerberos_kinit_password_ext provides access to more options.
Guenther
(This used to be commit afc519530f94b420b305fc28f83c16db671d0d7f)
|
|
Guenther
(This used to be commit 345d2ab5d399a99f271148cf308271cb7fc2c0ca)
|
|
supported.
Is there a better way to check for the 0x1c010002 status code?
Guenther
(This used to be commit c7268dc9ac304e1b6dac80762087a57484906103)
|
|
(This used to be commit 6704859950eb93d86906d4916cf6842d9a970d2f)
|
|
environment.
Guenther
(This used to be commit 1f1402e45db8d80a7c19208fae934e1b0f3da134)
|
|
offline logons work again with NT4 and older Samba3 DCs.
Guenther
(This used to be commit 0892077fcec913ef76b017b5bfe058d20a322915)
|
|
Guenther
(This used to be commit 3e607aa69ae2d43fb6ec170d03221a6b22d3f35d)
|
|
policies when requested.
No panic, the flags is uint32 so we are not running out of WBFLAG bits.
Guenther
(This used to be commit 2155bb0535656f294bd054d6a0a7d16a9a71c31b)
|
|
failed with a clear error indication. This prevents the bad logon count
beeing increased on the DC.
Guenther
(This used to be commit 5fdddffba5cf05ccac23a64fbe404a34e73fa73c)
|
|
(This used to be commit d9b85e3b287c24d2a3e2076da331fe06192b0eef)
|
|
Guenther
(This used to be commit c81eb71834dc827db63c8adb3f816bbbe916473c)
|
|
and want to just shutdown and exit.
Guenther
(This used to be commit 0aa6328ed6ba6d0d24169ffdff0099405c9bfb00)
|
|
Guenther
(This used to be commit 4157bfe9cfe79ff78e7e527a50058cf9103cab61)
|
|
* Automatically creates the BUILTIN\Users group similar to
how BUILTIN\Administrators is done. This code does need to
be cleaned up considerably. I'll continue to work on this.
* The important fix is for getusergroups() when dealing with a
local user and nested groups. Now I can run the following
successfully:
$ su - jerry -c groups
users BUILTIN\users
(This used to be commit f54d911e686ffd68ddc6dbc073987b9d8eb2fa5b)
|
|
(variable definition was missing).
Jeremy.
(This used to be commit 48594f0270502149069fc883096181a9730d76bf)
|
|
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'
* Add a SID domain to the group mapping enumeration passdb call
to fix the checks for local and builtin groups. The SID can be
NULL if you want the old semantics for internal maintenance.
I only updated the tdb group mapping code.
* remove any group mapping from the tdb that have a
gid of -1 for better consistency with pdb_ldap.c.
The fixes the problem with calling add_group_map() in
the tdb code for unmapped groups which might have had
a record present.
* Ensure that we distinguish between groups in the
BUILTIN and local machine domains via getgrnam()
Other wise BUILTIN\Administrators & SERVER\Administrators
would resolve to the same gid.
* Doesn't strip the global_sam_name() from groups in the
local machine's domain (this is required to work with
'winbind default domain' code)
Still todo.
* Fix fallback Administrators membership for root and domain Admins
if nested groups = no or winbindd is not running
* issues with "su - user -c 'groups'" command
* There are a few outstanding issues with BUILTIN\Users that
Windows apparently tends to assume. I worked around this
presently with a manual group mapping but I do not think
this is a good solution. So I'll probably add some similar
as I did for Administrators.
(This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
|
|
Jeremy.
(This used to be commit 8444c997bd3e18b1d04ebe85f06c8c6e34d7373f)
|
|
Guenther
(This used to be commit 4cfd737cc1d8840888f80e360119eeb627acb381)
|
|
the correct malloc-macros.
Jeremy.
(This used to be commit 412dc6f5dbc796126b94f3809fe660afac5d3c2a)
|
|
Guenther
(This used to be commit 44fcd3113be970edd01f7f076c4b6cad2d03ebcd)
|
|
nscd caches so that NSS-calls can deliver accurate information.
Guenther
(This used to be commit a32a423a0e9e0d4dd21282fd528bcd3247fddbd1)
|
|
quieten coverity bug #194 (which I think is a
false positive).
Jeremy.
(This used to be commit 07d8b02d3dddf7322e096f3f0a7cc1c8fa709fa3)
|
|
explicit.
Jeremy.
(This used to be commit aeae20a8d9f3658acb8edd373eb601bdf7eab98b)
|
|
Jeremy.
(This used to be commit 9fa2e1bdedb61557b43f86c2898b7bf8762bbb63)
|
|
in error code path.
Jeremy.
(This used to be commit 9f5fcdd8fb437882568e38e174e2df27bd077ba3)
|
