Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 839d64add4ebf900863f1ed3e7a379db9b6fdf69)
|
|
tdb_validate
in winbindd cache validation.
Michael
(This used to be commit 2c2a1ff2c27861ca87afbd8bab39d257a69e9565)
|
|
sid_array_from_info3()
function.
Guenther
(This used to be commit 1e1e480115e37b3f4c85f979ddd800b8de0b9c57)
|
|
(This used to be commit 86476efc7a6adfe70c0437c2ff1bbd4b2b4ade5e)
|
|
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
|
|
not GNU Library General Public License
(This used to be commit 727a6cf2cba8da6b40610409b264e86e6908eb0c)
|
|
(This used to be commit c676a971142d7176fd5dbf21405fca14515a0a76)
|
|
(This used to be commit f3df6cd87e1927f41e95af51d750a71278282e15)
|
|
(This used to be commit b6cbac3db3b478d5c7991cee78c6695fc8d22681)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
to the caller (winbindd_validate_cache in this case).
Next, there will be a backup handling for the tdb files.
Michael
(This used to be commit 821bc84109625c9d85edee38fa26d16f9f0a0fe2)
|
|
Thanks to Karolin Seeger (ks@sernet.de)
(This used to be commit 0ae6ae4ee8098abdfefc9fe7c3880bfbb6da52a8)
|
|
Credits to Ralf Haferkamp for the discussion and help on this.
(This used to be commit 5be96d09a7c457b1763d7ad482b5a5a92c02d157)
|
|
commit 3941269fa01038fca242a197e8d7c1f234d45ea7
Author: Gerald (Jerry) Carter <jerry@samba.org>
Date: Thu Jul 5 14:52:03 2007 -0500
Two fixes for "winbind expand groups".
(a) Update the counter for the number of new groups to resolve else
we'll only expand one group member per level and drop the rest.
(b) Don't reset the num_names counter in winbindd_ads.c:lookup_groupmem()
or we'll drop the SIDs resolved to names via cache from the resulting
list.
(This used to be commit dfb89dfcaa02f497ff22ac0213b70add6e4d5b8f)
|
|
- Add parameter config_flag to get_config_item_int() and do the same
check as in get_conf_item_string.
(This used to be commit d1d1baa264587911e1c97b3b35d5ed2bc56bf12b)
|
|
get_conf_item_string() to the later if statement.
- Also move the key definition to the later if statement in
get_conf_item_string() and get_conf_item_int().
(This used to be commit 3a82ec943a3828b843dd47aaa0e360844d4dfb91)
|
|
This is a slightly modified version to set warn_pwd_expire to the
default value if 0, no, or a broken value is set.
This version also has one if statement less in get_config_item_int().
Thanks a lot to Andreas 'GlaDiaC' Schneider for this feature!
(This used to be commit d26914c978457ae0ec097cc40c8e33a7cee9ebcf)
|
|
just a name.
Guenther
(This used to be commit eeed62b6ca86bcb0875de90a5d8c65948fd80215)
|
|
or else getgrnam() always acts like 'winbind expand groups = 1'
(This used to be commit 04ae193ec44c0ecefa64ca44ad0cdb5968087319)
|
|
Guenther
(This used to be commit e9a7512a9f630340004913f1379452eea8a9b6ae)
|
|
Guenther
(This used to be commit 555ae4a19b35b0672033798e00e3d1e153d2a9b3)
|
|
size.
(This used to be commit 05520d6b0a86c1cd5abbf6252c4a32629cdf8619)
|
|
(This used to be commit 8ee76e43843c56869b23f58615635f986c162d01)
|
|
back to winbindd_cache.c. The generic mechanism
should open the cache tdb readonly and with default
flags.
Michael
(This used to be commit 062d8c61294a1e9f8588fa8af31954dd286c7bde)
|
|
Guenther
(This used to be commit 90c810674dff17b2d08d49cb8d945a86204598a6)
|
|
Guenther
(This used to be commit 11b390309b9677805e5b68f3a1b780658ae85137)
|
|
domain or else all network connections from the local winbindd will fail
(This used to be commit 5e0f8b114b964d08cfb22a7452c617b8512545dc)
|
|
code into a generic tdb validation code.
In lib/util_tdb.c for a start.
Michael
(This used to be commit 527edfa0cbcb233218ebabc395666d1d7228ee37)
|
|
variable at the correct point just before the write
call is scheduled.
Jeremy.
(This used to be commit e076dc16462a3ce11105bf9a729ec59ddd9bdc75)
|
|
on the lists :-).
Jeremy.
(This used to be commit f075620d2071aaecb72e93cbda32c4f624f23d86)
|
|
communication failures. Set timeout to 5 mins. Ensure that
we're terminating the correct child (the one we thought we
were talking to). Still setting up my testing environment
but I have high hopes for this being the fix for the 3.0.25b
showstopper.
Jeremy.
(This used to be commit c366df2fe7f1aa1e8fd9bca35bc3b029d76b3abc)
|
|
where a
torture test would be much more appropriate). Fix #4408.
Guenther
(This used to be commit 7514a370cae9c6fdacffd2b885fd93cb1230ce96)
|
|
Guenther
(This used to be commit 5456ea59ba12593b0aac9745b41cdd0f5ec0a559)
|
|
Guenther
(This used to be commit 2592e68a43a73474e1bb53f83642c864fd159b45)
|
|
(This used to be commit 13c6eacff02b55b9fd6201406802f271dcf13e8e)
|
|
This closes #4624 for me.
(This used to be commit 3635b304155299ac93fda57e5e9ece0acd605e77)
|
|
Jeremy.
(This used to be commit 5b2836e2d5f9081b5e39637538d8f2d19e1115c4)
|
|
failed expression in SMB_ASSERT.
(This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713)
|
|
getgrnam() for machine and domain local groups.
(This used to be commit 4d4c1eca30ce57b4072e9f8c59fcc49bf3a5c48e)
|
|
when verifying a ticket from winbindd_pam.c.
I've found during multiple, fast, automated SSH logins (such
as from a cron script) that the replay cache in MIT's krb5
lib will occasionally fail the krb5_rd_req() as a replay attack.
There seems to be a small window during which the MIT krb5
libs could reproduce identical time stamps for ctime and cusec
in the authenticator since Unix systems only give back
milli-seconds rather than the micro-seconds needed by the
authenticator. Checked against MIT 1.5.1. Have not
researched how Heimdal does it.
My thinking is that if someone can spoof the KDC and TDS
services we are pretty hopeless anyways.
(This used to be commit cbd33da9f78373e29729325bbab1ae9040712b11)
|
|
in the winbindd_getgrnam() call. Couple of comments:
* Adds "winbind expand groups" parameter which defines the
max depth winbindd will expand group members. The default
is the current behavior of one level of expansion.
* The entire getrgnam() interface should be async. I
haven't done that.
* Refactors the domain users hack in fill_grent_mem() into
its own function.
(This used to be commit 3d3a8130351753dc5caa2a270d130e2150da6b54)
|
|
kill call as that sets pid = 0 ! :-).
Jeremy.
(This used to be commit bcfce39094ef30a1d1ae4dba5a90738e2678bcbf)
|
|
to Jerry add to 3.0.25b.
Jeremy.
(This used to be commit ade91e78cbe2871d3a8df18fa1f92bc16a7600a8)
|
|
(This used to be commit 5b983957e3a0a05f77bfb8a10a7986c22b81088d)
|
|
there, do some reformatting.
Jeremy, I think we should also kill the child. It might hang in
something (an fcntl lock for example) that the next child might run into
immediately again.
(This used to be commit 6729a4df4b57f638161ec55f9b1edd0bc8bb947e)
|
|
winbindd: Exceeding 200 client connections, no idle connection found"
bug #3204. This fixes it in Jerry's testing !
Jeremy.
(This used to be commit 0c7ce6a68286fa98258828545fc869aaac19a028)
|
|
I'm 100% certain I've forgotten to merge something, but the main code
should be in. It's mainly in dbwrap_ctdb.c, ctdbd_conn.c and
messages_ctdbd.c.
There should be no changes to the non-cluster case, it does survive make
test on my laptop.
It survives some very basic tests with ctdbd enables, I did not do the
full test suite for clusters yet.
Phew...
Volker
(This used to be commit 15553d6327a3aecdd2b0b94a3656d04bf4106323)
|
|
init also in idmap_nss and idmap_passdb for coherency and to
prevent errors in future if we change the init functions to
actually do something and not just return NT_STATUS_OK
(This used to be commit 86f532c1b0cf7961b8331bb212c3ed2084fda3fc)
|
|
evaluation loop
Fixes one of the segfaults in bug #4667
(This used to be commit 176e1c0b692b9509a29bbbb2b35ad821dfb0d5aa)
|