Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit a1b6e28e9c1742dd5debe46b18fa474f11b31dd1)
|
|
(This used to be commit 585764305aa84a7732f71f2e01227e1a6a08664f)
|
|
Jeremy.
(This used to be commit f91da7d99bc2d9e57c411ceb0c2eb812654f3701)
|
|
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
|
|
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
|
|
(This used to be commit 99feae7b5b1c229a925367b87c0c0f636d9a2d75)
|
|
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE
(This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
|
|
* quit obsessing over the sequence number so much
* share the updated sequence number between parent
and child winbindd processes in dual mode
(This used to be commit 6fb5bdb30e2b1341ba600ce0dfd397394f7a831c)
|
|
(This used to be commit 25caa7c6279aca249e3554b61bbc3175b66883d3)
|
|
(This used to be commit aaf06908b290af8184731833a3c9b0837b4fc499)
|
|
(This used to be commit 7c3da9b4db94add8c3cf93d8f8d1ae0e907b5b99)
|
|
(This used to be commit c4dd5a420394882444af2f76b8628e27dadccf0c)
|
|
searching and not finding otherwise we return a valid looking pointer
that was whatever crap was on the stack.
Jeremy.
(This used to be commit b6e78900175d4362f3a4d0216aa635931a0c11e9)
|
|
(This used to be commit 71f6fb16ba9c75b96aea9b0b18f4b73b0d11a5ac)
|
|
(This used to be commit d31509fe88da8727521586dced1da2c73bfee2bc)
|
|
(This used to be commit 367a5cad1edf6a49783806d5a8b59a62d8856706)
|
|
add winbindd_passdb backend
this makes it possible to have nua accounts on security = user servers to
show up in unic through nss_winbind.so
the problem is that we do not have group support, so nss group support is
not very good at this time (read: totally absent)
we NEED group support in passdb
(This used to be commit 921215cf4bfbd4d7457f81e181bb1a74a4531ca1)
|
|
(This used to be commit 568feee8977ee1be210344c8ab1896512894cba2)
|
|
plus internal fixes
1st stage
(This used to be commit 6d036761e565bc93964bb3c939d5b7d78d5778a3)
|
|
change idmap_init call
removed ldap backend for winbind idmap, seem it had problems anyway and it
have to be reworked to work with idmap without calling winbind code.
simo
(This used to be commit 9d7d007443fc75264b2764b90f272ffc40c9be6c)
|
|
(This used to be commit 5f1fe04a87a407297eb9d4ad0e5c6bb35b33c067)
|
|
workstation, we have to use the workstation type, if we have a BDC account,
we must use the BDC type - even if we are pretending to be a workstation
at the moment.
Also actually store and retreive the last change time, so we can do
periodic password changes again (for RPC at least).
And finally, a couple of minor fixes to 'net'.
Andrew Bartlett
(This used to be commit 6e6b7b79edae3efd0197651e9a8ce6775c001cf2)
|
|
This might not actually be the 'right way' to do this, but it's better to
have it compile...
Andrew Bartlett
(This used to be commit c7dc0b27aca8f7e4653b25dae37ea38d68fc045a)
|
|
(This used to be commit 117cc35dd0adc6fd5238a440e299d012bfd8e542)
|
|
(This used to be commit e37d025e6724196925c43c8ce558064ed5c072c5)
|
|
(This used to be commit 1d7400e679df136f03daf79788ea998c5a787f89)
|
|
(This changes the location of the winbindd privileged pipe)
(This used to be commit f111f10076c7797e5fd39edcc0aad7d860bb5ac5)
|
|
same functionality exists as "pool-usage".
Move initialisation of this and dmalloc messages inside message_init().
(This used to be commit af6ecafcbbf65dbedc49b3a86da39ce608bdadac)
|
|
first run if idmap.tdb is not found, and then eventually convert it to the
new format.
This is done to unify winbind and idmap databases and to make a backup of
winbindd_idmap.tdb in case you want to downgrade (of course it will not be
updated).
This is needed because idmap.tdb contains also local mappings, not only
foreign domains mappings.
Added some other fixes/improvements
Simo.
(This used to be commit cf17261519fd8775500f9b9d6caa2bc462e04633)
|
|
(This used to be commit 32d1dd19bb0b6abc6508ce65d5129acea79225bf)
|
|
Possible typo: winbind_idmap_methods -> winbindd_idmap_methods
Fix wrong format char when generating a ldap filter string.
(This used to be commit f9cb23e68753337676876b97b145e04ad423e184)
|
|
This patch moves the ldap routines out of passdb into a generic
library and implements an LDAP backend for IDMAP. THe backend
can be enabled with "idmap backend = ldap" in smb.conf. THere
are also schema changes to make sure to update teh ldap schema files.
(This used to be commit 87c7c582c60521da3a93d997386fe79935012aea)
|
|
Fix winbindd dual mode in the same was as in APP_HEAD. "Ken Cross" <kcross@nssolutions.com>
noticed the problem.
Jeremy.
(This used to be commit 214b217b276f43edfddd1664afaae0fa6b2c319f)
|
|
information into it re the privilaged pipe.
Also clean up some bugs in winbindd_pam.c
Andrew Bartlett
(This used to be commit e73b01204a8625946ff0fb5f9fc99dd959eb801c)
|
|
includes a --with-idmap=no switch to disable idmap usage if you find
problems.
cosmetic fixes and param aliases to separate winbind from idamp roles.
A temporarily remote idmap winbind compatibility backend.
As I have time I will further change code to not call directly winbind
(partly done but not tested) and a specilized module will be built in place
for the current glue hack.
The patch has been tested locally in my limited time, the patch is simple and
clear and should not reserve problems, if any just disable it.
As usual, comments and fisex are welcome :-)
Simo.
(This used to be commit 02781320476ed1b7ee5d943fa36f9a66ab67f208)
|
|
(This used to be commit 872b2ba35bbe9f4312530368615e99808b3a7756)
|
|
Mostly this consists of untangling the existing code and moving it in
to operating system specific files. The winbind client code for all
supported operating systems is now in nsswitch/winbind_nss_OSNAME.[ch]
to make things a bit clearer.
(This used to be commit 93ea047a16a292b23a1d8736ce9bc4098ba142ba)
|
|
Remove some useless arguments
(This used to be commit 8df30059ef100a4d5e21501d7746427b4d312589)
|
|
some double options and broke some parameters.
(This used to be commit d5f9b0275c91512e1926504f22aaeec2d104430d)
|
|
(This used to be commit 2ddfed298d7f0b6e690275725a39c3ef107077ae)
|
|
(This used to be commit 18d52ce914715d188966be95f9e4466666a04f74)
|
|
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
|
|
Volker
(This used to be commit 80bfa7efd65af02108e3ef1e2b2952cda6dc5999)
|
|
(This used to be commit 39124b9a62e1ba0f8089c36b27d6c79352a27973)
|
|
Andrew Bartlett
(This used to be commit bf5e0698eed72d7fc005be08feb36ef82ada716c)
|
|
The current locking scheme in winbind is a complete mess - indeed, the
next step should be to push the locking into cli_full_connection(), but
I'll leave it for now.
This patch works on the noted behaviour that 2 parts of the connection
process need protection - and independent protection. Tim Potter did
some work on this a little while back, verifying the second case.
The two cases are:
- between connect() and first session setup
- during the auth2 phase of the netlogon pipe setup.
I've removed the counter on the lock, as I fail to see what it gains us.
This patch also adds 'anonymous fallback' to our winbindd -> DC connection.
If the authenticated connection fails (wbinfo -A specifed) - say that
account isn't trusted by a trusted DC - then we try an anonymous.
Both tpot and mbp like the patch.
Andrew Bartlett
(This used to be commit 0620320002082298a15cbba72bd79aecfc607947)
|
|
(This used to be commit c5c1a7979385778c08d6dd7796cfe8be1815992f)
|
|
reason, during a Win2003 installation, when you select 'domain join' it sends
one machine name in the name exchange, and litraly 'machinename' during the
NTLMSSP login.
Also fix up winbindd's logfile handling, so that it matches smbd and nmbd.
(This helps me, by seperating the logs by pid).
Andrew Bartlett
(This used to be commit afe5a3832f79131fb74461577f1db0e5e8bf4b6d)
|
|
Jeremy.
(This used to be commit a670b57c563b220c2ede1dac4ce1e9c71c866498)
|
|
(This used to be commit 7dfd59963dba921907893b9d1bffe797e9d8b4ad)
|