| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
implementation does
not exactly match what you would expect.
XP workstations during login actually do this, so we should better become a
bit more correct. The LDAP query issued is not really fully optimal, but it is
a lot faster and more correct than what was there before. The change in
passdb.h makes it possible that queryuseraliases is done with a single ldap
query.
Volker
(This used to be commit 2508d4ed1e16c268fc9f3676b0c6a122e070f93d)
|
|
Use the fully qualified DOMAIN\user format for 'security = domain|ads'
and apply after authentication has succeeded.
* also change fill_domain_username() to only lowercase the username
and not the domain+username. This was a cosmetic fix only.
makes the output more consistent with %D and %U.
(This used to be commit 30ee2d5b0906d5cd73a8faf5170e5aebcc6d69c8)
|
|
I've been grumbling about under-efficient calls in SAMR, and finally
got around to fixing some of them.
We now call sys_getgroups() (which in turn calls initgroups(), until
glibc 3.4 is released) to figure out a user's group membership. This
is far, far more efficient than scanning all the groups looking for a
match, and is still the 'posix way', just using an effiecient call.
The seperate issue of 'who is in this group' remains, but this one has
been biting some people.
I need to talk to VL about how best to exersise nasty corner cases,
but my initial tests hold strong. (The code is also much simpiler
than before, which has to count for something :-)
Andrew Bartlett
(This used to be commit dc19f161698dab5b71d61fa2bacc7e7b8da5fbba)
|
|
'..' from all #include preprocessor commands. This fixes bugzilla #1880
where OpenVMS gets confused about the '.' characters.
(This used to be commit 7f161702fa4916979602cc0295919b541912acd6)
|
|
Qiao Yang.
(This used to be commit 30ae13cb9fbe5f04e46bcbd5e0c19da9b33341d5)
|
|
Allow 'require_membership_of' and 'require-membership-of'.
Really use a different struct for the SID->Name lookup.
Andrew Bartlett
(This used to be commit 83dadcd089905aa8ff3392010177ffa1dc8237ba)
|
|
naming of the require_membership_of parameter in pam_winbind and fix
the error code for 'you didn't specify a domain' in ntlm_auth.
Andrew Bartlett
(This used to be commit 4bf0b94011fe6bfbec5635e58cafbfe3dc898569)
|
|
inside a function. Bugzilla #1762.
(This used to be commit 002cdd4a5b34611983a32018248f9fe122c4111a)
|
|
in struct secmethod_table as AIX 5.2. Patch from The Written Word.
(This used to be commit 4f8496ad626478c31e9372e07652d50f581256d0)
|
|
and the wbinfo -a test tool.
If 'client ntlmv2 auth' is set, then we will send an NTLMv2, rather
than an NT/LM response to the server.
Andrew Bartlett
(This used to be commit ce2456e436c5d57cd95cd10c6edf759592d0e843)
|
|
Optimization for 'idmap backend = ldap': When asking sid2id for the wrong
type, don't ask ldap when we have the opposite mapping in the local tdb.
Volker
(This used to be commit c91cff3bd38c1a8e23628b032f09829f9abf792d)
|
|
groupnames. In template homedir, leave %D alone uppercased.
Volker
(This used to be commit dcb577f1cd8cf60557c0d061afeec206f58a6b31)
|
|
the type
of sids.
Volker
(This used to be commit d3b2921a8fd86beb77eae45ef9cf1a846a93b199)
|
|
Jeremy.
(This used to be commit 45707b5700f8a7c422fca2d7c95f9fab50740f35)
|
|
Fix from Andreas <andreas@conectiva.com.br>.
Jeremy.
(This used to be commit b5edad8b6098abac9b197d70fe29fb514e625b34)
|
|
access typos.
Jeremy.
(This used to be commit a278dca1b2c103f368d154aee2d3a1edd5604687)
|
|
Thanks to Igor Zhbanov bsg@uniyar.ac.ru.
Volker
(This used to be commit 8a28475a0b7659cb0cdefe57edf801d9958c3755)
|
|
winbindd to return the correct number of groups when the
groups array must be enlarged.
Jeremy.
(This used to be commit bcc769de4d60205209633887f2fb2f0ab6088cae)
|
|
(This used to be commit 4ba98cb469ad938bbc2e46cffaa48cc1c46b8e4e)
|
|
correct debug pid in the logfiles.
Volker
(This used to be commit 410d2c3ebba71434ad92d4572fec64eea7b952cd)
|
|
(This used to be commit 639cb4ced6b6c08b0665890c815f2e1361e7879f)
|
|
Volker
(This used to be commit 11f617eafd5512dab89bc363662f8e6953c359d4)
|
|
belongs into winbind itself, not into wbinfo.
Volker
(This used to be commit 75e5c13d5d4c1da9bbb60f4e93183995c05a89ac)
|
|
from HEAD follows :
While torturing winbind a bit I found the following unfortunate behaviour:
Sending multiple requests at a high rate for a slow operation exposed that no
response comes back until the last request in the queue has been
processed. This is an unfortunate result of serially going through all sockets> that have shown to be readable or writable. All client sockets become readable> at the same time, none of them is writable. We go through them, read the
request, process the complete request. Before we enter the select system call
the next time all requests have to have completed.
This patch optimizes this by first looking at the sockets for writability. A
write on a socket that came back from select does not block, so this
additional loop might have a non-zero cost, but it can't prevent other
operations from proceeding.
After a possibly long-running winbindd_process() we directly start select()
again. To avoid starvation the currently processed client is demoted to be the> last one in the list of clients.
Jeremy.
(This used to be commit bfdeb22c69d09eb73305b6034fa6d0ec67275789)
|
|
HPUX 11 which doesn't have one of its own.
(This used to be commit 3d275d1eee9644651dcbb61a342648e878fe3506)
|
|
struct; patch from Dimitri van der Spek <dwspek@aboveit.nl>
(This used to be commit aa89806deb9d4c9cbd23ccdd41bb98346e395078)
|
|
in the username in the user_info3
(This used to be commit 4703a71fa88dff8bdc932f6c9af3a9d25a88938f)
|
|
testing
it.
Volker
(This used to be commit 0a3413fbe378bc378aea7ffe9a6af8b65ce49f4a)
|
|
Guenther
(This used to be commit 74287178d208fd2f5b152314a3b797dcfea698a7)
|
|
Guenther
(This used to be commit 86a61c86a49a7e4d67e61201458c9b0229fb0825)
|
|
(This used to be commit a0b80033c997d50562f66686e79a58fc9603217d)
|
|
ntlm_auth uses, to pam_winbindd as well.
This allows to make successfull authentication via PAM dependent on
SID-membership. At the moment, both ntlm_auth and pam_winbindd.so accept
user/group-names or sid-strings - as discussed, recursive membership
(e.g. local aliases) will be added later.
Guenther
(This used to be commit 7494569655f8d112a0c883a2748a1012bb64ad3a)
|
|
Guenther
(This used to be commit a0a6d7d72f2a24c422db255acf6c439a9b0921df)
|
|
Volker
(This used to be commit d5060c30e38b46b322615f0e0b465fbf73ed5245)
|
|
winbindd_fill_pwent consistently.
Jeremy.
(This used to be commit 8d355b9b9ddd6edf15c70977f5a719b549a56378)
|
|
We may not have any interfaces up at all, so initialise the return variable.
Fixes Debian bug #252591
Andrew Bartlett
(This used to be commit 35aabae9d9bf66ef2c8eb4e07a850c606d8236d2)
|
|
requested actually is of type asked for. I've come across more than one
installation where a group sid had ended up as a uid in idmap and vice
versa. This just closes one possible for this misconfiguration, people
are actually using wbinfo.
Volker
(This used to be commit acfbd34025c2fde3d6a3e582c120c2b9de8ed39b)
|
|
restarted if
need be. We should also make sure the main line know we no longer have a child.
(This used to be commit e3dc7934b50c8578d70fc01688a07bd369a7cf30)
|
|
(This used to be commit 128951cfe43e364970ec5760230a6450f54ae86d)
|
|
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().
For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation. This removes the 'need_reseed'
parameter from generate_random_buffer().
Andrew Bartlett
(This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
|
|
add a timeout to the ldap open calls. New parameter, ldap timeout
added.
Jeremy.
(This used to be commit e5b3094c4cc75eb07f667dd1aeb73921ed7366ac)
|
|
Check in the 'winbind proxy only' mode -- no new parameter required :-)
If you don't set idmap uid or idmap gid, winbind will not do idmap stuff, it
will only proxy the netlogon request and thus speed up the authentication of
domain users.
Volker
(This used to be commit 29235f0c69035376ad7ac27b08a59069fa151102)
|
|
Andrew Bartlett
(This used to be commit 999b2501a14d1f611f6bfe1f800a852825a21526)
|
|
for setting up an schannel connection. This solves the problem
of a Samba DC running winbind, trusting a native mode AD domain,
and needing to enumerate AD users via wbinfo -u.
(This used to be commit e9f109d1b38e0b0adec9b7e9a907f90a79d297ea)
|
|
winbind_sid_to_gid. For the consistency check, local_sid_to_gid must set the
name_type it found.
Volker
(This used to be commit 5070c1b68f2add16916ba3135984f6e70bbe42cf)
|
|
idmap_sid_to_gid
on the user sid. This might lead to a user SID entered as a GID in the idmap.
Volker
(This used to be commit 98e10d149710d9b70404e77a4bc0560c2e48aeaf)
|
|
correct sid type returned for builtin sids.
Jeremy.
(This used to be commit 14cf55abb8239e7c90f8891565ac7ed8c51423eb)
|
|
Jeremy.
(This used to be commit 3399727864f3aa8981f022254dfed622fcb50c49)
|
|
pipe in non-blocking mode to prevent process hang.
Jeremy.
(This used to be commit dece22de8e0bd18ee5a152dea7f682ae04e5cba0)
|
|
Jeremy.
(This used to be commit c23a73324b335e42877551283b274f6d12f2c1a7)
|
