summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r5654: Fix bug 1604 -- make winbind work with more than 10 trusted domains.Volker Lendecke1-3/+34
TODO: This needs to be merged to trunk separately, it has changed a little, but it's friday evening here. Volker (This used to be commit 49c3e04632e9fcdf552259412e8ec54d18269516)
2007-10-10r5471: In cli_samr_lookup_rids, flags is not a flags but an array size. W2k3 ↵Volker Lendecke1-1/+1
rejects everything but 1000 here, so there's no point in exposing that to the caller. Thanks, Volker (This used to be commit 03ec1bd9e54b065c0494bc57a3d78ac0ae28e234)
2007-10-10r5428: Apply some const. LDAP attribs should now be declared const char ↵Volker Lendecke1-1/+1
*attr[]. This gives some new warnings in smbldap.c, but a the callers are cleaned up. Volker (This used to be commit 543799fc0ddc3176469acc1fab7093c41556d403)
2007-10-10r5336: BUG 2329: fix to re-enable winbindd to locate DC's when 'disable ↵Gerald Carter2-69/+86
netbios = yes' (This used to be commit 75a223f1188ae0041c9e3c748af107d642f73810)
2007-10-10r5331: Support SIDs as %s replacements in the afs username map parameter.Volker Lendecke1-0/+12
Add 'log nt token command' parameter. If set, %s is replaced with the user sid, and %t takes all the group sids. Volker (This used to be commit e7dc9fde45c750013ad07f584599dd51f8eb8a54)
2007-10-10r5314: Some const, and an uninitialized variable fix.Volker Lendecke1-4/+4
Volker (This used to be commit b48a46162d7971be3d44d403a2d62247ef2321f7)
2007-10-10r5207: patches from Jay Fenlason @ RedHat (scooped from their Fedora packages)Gerald Carter2-3/+4
(This used to be commit 9019a8436162d3606f6b8584701b0832cf5a7439)
2007-10-10r4967: Not being in any domain local groups is obviously valid...Volker Lendecke1-1/+1
Volker (This used to be commit 78975ab9a996ac61be37410f18ddedb9df58d04b)
2007-10-10r4905: patch from abartlet to remove storing the auth-user credentials from ↵Gerald Carter1-4/+0
the cli* in cm_prepare_connection(). using credentials from a domain other thanour primary domain will cause the schannel setup to fail (This used to be commit a13e29b5f2f1e48225b5b5964bc0777948f16622)
2007-10-10r4760: Make wbinfo --user-sids expand domain local groups. Andrew B., my testingVolker Lendecke6-0/+206
shows that this info is correctly returned to us in to info3 struct, so check_info3_in_group does not need to be adapted. Volker (This used to be commit a84e778cafcefdc1809474c2123e757c8c9d9b70)
2007-10-10r4749: Fix memleakVolker Lendecke1-0/+2
(This used to be commit a8aab6de7516b70cae6c096883874fa152777b13)
2007-10-10r4746: add server support for lsa_enum_acct_rights(); last checkin for the nightGerald Carter1-15/+0
(This used to be commit ccdff4a998405544433aa32938963e4c37962fcc)
2007-10-10r4732: Even if we have 'password server' set, we need to look up the native ↵Volker Lendecke1-0/+6
DC name via netbios, as the user might have set an IP address or a fqdn. Volker (This used to be commit 61466f38429ba67ace3e84c870a0f913f64d122c)
2007-10-10r4575: adding extra debug to cm_prepare_connection()Gerald Carter1-0/+3
(This used to be commit 13a2aa50ea203cee9c2323bb0428f8c50a3c0f77)
2007-10-10r4331: Implement SAMR query_dom_info-call info-level 8 server- and client-side,Günther Deschner1-3/+20
based on samba4-idl. This saves us an enormous amount of totally unnecessary ldap-traffic when several hundreds of winbind-daemons query a Samba3 DC just to get the fake SAM-sequence-number (time(NULL)) by enumerating all users, all groups and all aliases when query-dom-info level 2 is used. Note that we apparently never get the sequence number right (we parse a uint32, although it's a uint64, at least in samba4 idl). For the time being, I would propose to stay with that behaviour. Guenther (This used to be commit f9ab15a986626581000d4b93961184c501f36b93)
2007-10-10r4286: Give back 8 byte lm_session_key in Netrsamlogon-reply.Günther Deschner1-1/+1
The old #ifdef JRATEST-block was copying 16 bytes and thus overwriting acct_flags with bizarre values, breaking a lot of things. This patch is successfully running in a production environment for quite some time now and is required to finally allow Exchange 5.5 to access another Exchange Server when both are running on NT4 in a samba-controlled domain. This also allows Exchange Replication to take place, Exchange Administrator to access other Servers in the network, etc. Fixes Bugzilla #1136. Thanks abartlet for helping me with that one. Guenther (This used to be commit bd4c5125d6989cebc90152a23e113b345806c660)
2007-10-10r4260: Change the license for the winbindd external interface more liberal.Tim Potter1-14/+3
(This used to be commit 82b9faaaa2e1e2986a15102605739e7d13885ac6)
2007-10-10r4258: strlower username, not (non-existing) domain_username.Günther Deschner1-1/+1
Guenther (This used to be commit 4f10666295ff7c086ac2a38e0a5f0ac80b57b9a0)
2007-10-10r4128: Cron jobs etc seem to do an initgroups for root quite frequently. SoVolker Lendecke1-1/+1
log.winbindd is spammed with 'user root does not exist'. Increase debug level. Volker (This used to be commit 7256771dd01029ed103896c0825bb91b88757015)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison16-101/+84
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3931: Fix all "may be used uninitialized" and "shadow" warnings.Jeremy Allison1-2/+4
Jeremy. (This used to be commit 8e979772a640bb4f00f4d72b6a9c837b8ef14333)
2007-10-10r3911: typo.Günther Deschner1-1/+1
Guenther (This used to be commit 52dea588fd0b40a32c56b5634315b149fc088907)
2007-10-10r3843: If a connection to a DC is requested, open connections ↵Volker Lendecke2-160/+428
simultaeneously to all DCs found. The first one to reply wins. Volker (This used to be commit 84ac54aef2bd56b5c889d3b05b8828aceb8ae00e)
2007-10-10r3776: Fix for bug #2038 from Johann Hanne <jhml@gmx.net>. Don't checkJeremy Allison1-9/+4
for no groups after every lookup - move check to the end as we should only fail if all lookups fail. Jeremy. (This used to be commit 3b40c1e4365f37b967e14be02c6aa52893a80f51)
2007-10-10r3566: Completely replace the queryuseraliases call. The previous ↵Volker Lendecke1-5/+5
implementation does not exactly match what you would expect. XP workstations during login actually do this, so we should better become a bit more correct. The LDAP query issued is not really fully optimal, but it is a lot faster and more correct than what was there before. The change in passdb.h makes it possible that queryuseraliases is done with a single ldap query. Volker (This used to be commit 2508d4ed1e16c268fc9f3676b0c6a122e070f93d)
2007-10-10r3140: * try to ensure consistent usage of the username map.Gerald Carter1-3/+4
Use the fully qualified DOMAIN\user format for 'security = domain|ads' and apply after authentication has succeeded. * also change fill_domain_username() to only lowercase the username and not the domain+username. This was a cosmetic fix only. makes the output more consistent with %D and %U. (This used to be commit 30ee2d5b0906d5cd73a8faf5170e5aebcc6d69c8)
2007-10-10r2868: Well, I'm not quite sure what I'm doing back in Samba 3.0, but anyway...Andrew Bartlett1-18/+0
I've been grumbling about under-efficient calls in SAMR, and finally got around to fixing some of them. We now call sys_getgroups() (which in turn calls initgroups(), until glibc 3.4 is released) to figure out a user's group membership. This is far, far more efficient than scanning all the groups looking for a match, and is still the 'posix way', just using an effiecient call. The seperate issue of 'who is in this group' remains, but this one has been biting some people. I need to talk to VL about how best to exersise nasty corner cases, but my initial tests hold strong. (The code is also much simpiler than before, which has to count for something :-) Andrew Bartlett (This used to be commit dc19f161698dab5b71d61fa2bacc7e7b8da5fbba)
2007-10-10r2835: Since we always have -I. and -I$(srcdir) in CFLAGS, we can get rid ofTim Potter1-1/+1
'..' from all #include preprocessor commands. This fixes bugzilla #1880 where OpenVMS gets confused about the '.' characters. (This used to be commit 7f161702fa4916979602cc0295919b541912acd6)
2007-10-10r2822: Fix parameter confusion in priming of name-to-sid cache. Found byTim Potter1-1/+1
Qiao Yang. (This used to be commit 30ae13cb9fbe5f04e46bcbd5e0c19da9b33341d5)
2007-10-10r2779: Some fixes to pam_winbind.c.:Andrew Bartlett1-7/+8
Allow 'require_membership_of' and 'require-membership-of'. Really use a different struct for the SID->Name lookup. Andrew Bartlett (This used to be commit 83dadcd089905aa8ff3392010177ffa1dc8237ba)
2007-10-10r2762: Remove silly conversion to and from UTF8 on the winbind pipe. Fix theAndrew Bartlett4-55/+33
naming of the require_membership_of parameter in pam_winbind and fix the error code for 'you didn't specify a domain' in ntlm_auth. Andrew Bartlett (This used to be commit 4bf0b94011fe6bfbec5635e58cafbfe3dc898569)
2007-10-10r2760: Another patch from The Written Word. Don't declare function prototypesTim Potter1-1/+2
inside a function. Bugzilla #1762. (This used to be commit 002cdd4a5b34611983a32018248f9fe122c4111a)
2007-10-10r2759: Fix for winbindd on AIX 5.1. Apparently it doesn't have as many methodsTim Potter1-0/+6
in struct secmethod_table as AIX 5.2. Patch from The Written Word. (This used to be commit 4f8496ad626478c31e9372e07652d50f581256d0)
2007-10-10r2755: Fix NTLMv2 for use with pam_winbind, the plaintext ntlm_auth modes,Andrew Bartlett2-10/+97
and the wbinfo -a test tool. If 'client ntlmv2 auth' is set, then we will send an NTLMv2, rather than an NT/LM response to the server. Andrew Bartlett (This used to be commit ce2456e436c5d57cd95cd10c6edf759592d0e843)
2007-10-10r2691: Increase a debug level for a quite frequent operation.Volker Lendecke1-2/+2
Optimization for 'idmap backend = ldap': When asking sid2id for the wrong type, don't ask ldap when we have the opposite mapping in the local tdb. Volker (This used to be commit c91cff3bd38c1a8e23628b032f09829f9abf792d)
2007-10-10r2584: After talking to jerry, commit the strlower patch to getent username andVolker Lendecke2-0/+3
groupnames. In template homedir, leave %D alone uppercased. Volker (This used to be commit dcb577f1cd8cf60557c0d061afeec206f58a6b31)
2007-10-10r2566: Fix creation of aliases via usrmgr. Winbind was too strict checking ↵Volker Lendecke1-2/+10
the type of sids. Volker (This used to be commit d3b2921a8fd86beb77eae45ef9cf1a846a93b199)
2007-10-10r2540: Fix it the way Henrik Nordstrom (the patch author) wants :-).Jeremy Allison1-5/+3
Jeremy. (This used to be commit 45707b5700f8a7c422fca2d7c95f9fab50740f35)
2007-10-10r2528: Ensure MIN is defined as a macro so it's not undefined in the .so.Jeremy Allison1-0/+4
Fix from Andreas <andreas@conectiva.com.br>. Jeremy. (This used to be commit b5edad8b6098abac9b197d70fe29fb514e625b34)
2007-10-10r2482: Fix from Arthur van Dongen <avdongen@xs4all.nl> to fix acces -> ↵Jeremy Allison1-2/+2
access typos. Jeremy. (This used to be commit a278dca1b2c103f368d154aee2d3a1edd5604687)
2007-10-10r2470: Fix bug 1797: winbind and nmbd ignored "-l" option.Volker Lendecke1-2/+6
Thanks to Igor Zhbanov bsg@uniyar.ac.ru. Volker (This used to be commit 8a28475a0b7659cb0cdefe57edf801d9958c3755)
2007-10-10r2451: Fix from Henrik Nordstrom <hno@squid-cache.org> to allowJeremy Allison1-13/+26
winbindd to return the correct number of groups when the groups array must be enlarged. Jeremy. (This used to be commit bcc769de4d60205209633887f2fb2f0ab6088cae)
2007-10-10r2450: don't limit the number of groups returned by winbindd_getgroups()Gerald Carter1-4/+1
(This used to be commit 4ba98cb469ad938bbc2e46cffaa48cc1c46b8e4e)
2007-10-10r2440: Use sys_fork instead of fork for the dual daemon so that we get theVolker Lendecke1-1/+1
correct debug pid in the logfiles. Volker (This used to be commit 410d2c3ebba71434ad92d4572fec64eea7b952cd)
2007-10-10r2378: Remove two confusing #definesVolker Lendecke2-4/+0
(This used to be commit 639cb4ced6b6c08b0665890c815f2e1361e7879f)
2007-10-10r2351: Fix use of an uninitialized variable. valgrind is sooo useful.Volker Lendecke1-2/+2
Volker (This used to be commit 11f617eafd5512dab89bc363662f8e6953c359d4)
2007-10-10r2340: Solve the problem of user sids ending up with gid's and vice versa: ThisVolker Lendecke2-60/+59
belongs into winbind itself, not into wbinfo. Volker (This used to be commit 75e5c13d5d4c1da9bbb60f4e93183995c05a89ac)
2007-10-10r2265: Volkers change to HEAD looks very good. Commit messageJeremy Allison2-5/+20
from HEAD follows : While torturing winbind a bit I found the following unfortunate behaviour: Sending multiple requests at a high rate for a slow operation exposed that no response comes back until the last request in the queue has been processed. This is an unfortunate result of serially going through all sockets> that have shown to be readable or writable. All client sockets become readable> at the same time, none of them is writable. We go through them, read the request, process the complete request. Before we enter the select system call the next time all requests have to have completed. This patch optimizes this by first looking at the sockets for writability. A write on a socket that came back from select does not block, so this additional loop might have a non-zero cost, but it can't prevent other operations from proceeding. After a possibly long-running winbindd_process() we directly start select() again. To avoid starvation the currently processed client is demoted to be the> last one in the list of clients. Jeremy. (This used to be commit bfdeb22c69d09eb73305b6034fa6d0ec67275789)
2007-10-10r2264: Fix for #1741. Define a struct nss_groupsbymem (thanks lukeh!) forTim Potter1-0/+22
HPUX 11 which doesn't have one of its own. (This used to be commit 3d275d1eee9644651dcbb61a342648e878fe3506)
2007-10-10r2177: use the correct counter when copying group rids from the user_info3 ↵Gerald Carter1-3/+3
struct; patch from Dimitri van der Spek <dwspek@aboveit.nl> (This used to be commit aa89806deb9d4c9cbd23ccdd41bb98346e395078)