Age | Commit message (Collapse) | Author | Files | Lines |
|
empty username/password is passed on the command line. Previously we were
leaving the domain name set and the password set to a NULL character.
Added a --get-auth-user command to display the restrict anonymous username
information. Can only be run successfully by root.
(This used to be commit dcaf21efc5b48ddb0cbe70ce17e45c035ef525ad)
|
|
- move winbindd client handling into accessor functions in
winbindd_util.c
- move some winbindd socket routines into accessor functions in
winbindd_utils.c
(The deadlock situation mentioned in the appliance branch is probably
not applicable since we don't clear the connection cache on SIGHUP.
Perhaps we should?)
(This used to be commit ee0e3d31a1d1bef70810aadcdafdf9678d21ea8f)
|
|
anonymous support) is blank.
(This used to be commit b376b7dad003593d26c867ffe8f906084e42160e)
|
|
(This used to be commit 658f3e92dd4b291b40ead3ef59eb19daf7f49076)
|
|
- vorlan's hosts allow with DNS names patch
- use x_fileno() in debug.c, not the struct directly.
- check for server timeout on password change (was reporting success)
- better error/status loggin in both the pam_winbind client and winbindd_pam
server code.
- (pdb_ldap) don't set the ldap version twice - we do it on every bind anyway.
(This used to be commit 9fa1863d8e7788eda83911ca2610754486b33069)
|
|
(This used to be commit 5a2f1edb5848dc054cfaa71b0fb3b473ad930b7d)
|
|
that app-head does.
Jeremy.
(This used to be commit ec7953f20145799f6286a295472df4826bfdfb8f)
|
|
Jeremy.
(This used to be commit 2006e36c18bb2d5e44179829c66934efad38b0c7)
|
|
Jeremy.
(This used to be commit 7d0dc36df0e3ca451c1ab660aa08e0d021ca89f0)
|
|
(This used to be commit 09c6f6329d6ae9327b7ef06de0ea78d24d805456)
|
|
(This used to be commit 324da9fdb93cdc5ed240a3291020858765e70acc)
|
|
* add some files missing from a previous commit
(This used to be commit 29159c97371c75327e377f9d13406dad46095568)
|
|
from APP_HEAD
(This used to be commit 1cfd2ee433305e91e87804dd55d10e025d30a69e)
|
|
had it...).
Jeremy.
(This used to be commit 151f0c1c526a04ea14ae054e977c76c8617bb113)
|
|
(i ignored the new SAMBA stuff, but the rest of this looks like it should
have been merged already).
(This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f)
|
|
Jeremy.
(This used to be commit 80ee515d7a45965271be0274b0b3815032f27aa1)
|
|
(This used to be commit 9d9f7bbf87bf9a0e003e6da482615fe040d00852)
|
|
(This used to be commit da44b196a977b6edf7cdf27e344295ed15d198f7)
|
|
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
|
|
used to be commit 9a5541595f78f2cbba16030552c6e780f6fddcf6)
|
|
Jeremy.
(This used to be commit 38c67632ade40413c0cc2b91e04105e4065a18b7)
|
|
pidfile before doing secrets_init().
Jeremy.
(This used to be commit f8a0e6ad8b25d405ff2bcb492974d2f0bef81036)
|
|
This allows external programs to correctly synchronise with us.
Jeremy.
(This used to be commit ffb7632d05191342ecfc5f78fbfd7beacfe257ad)
|
|
the DC being out of sync with the local machine.
(This used to be commit 0d28d769472ea3b98ae4c8757093dfd4499f6dd1)
|
|
(Double checked)
(This used to be commit dc3c14fc2b661a62a1876149e96af6de07a2c4a6)
|
|
(This used to be commit d87c1f507d38444e627bce59b6c765d9c9479ac6)
|
|
(This used to be commit 26d486aa740e283f546efc1f2ca40af3452a4f52)
|
|
(This used to be commit f75d61b03a3377f3a791b56fc307dc7e56e4707a)
|
|
(This used to be commit d9fa865e5ce8ba0b7539f9a218fc7dd132eb3d38)
|
|
(This used to be commit e63afabf98350353fac79ffc2ae2ddf88d61260f)
|
|
>Initialise user_rid value in WINBIND_USERINFO structure returned by
>the rpc version of query_user(). This fixes a caching bug found by
>Gavrie Philipson from disksite.
(This used to be commit 77bde1fa33cc387accda8f38bf654377310f5dbe)
|
|
only this file, and not any others. It includes the function prototypes.
(Forgot to commit with earlier patch)
Andrew Bartlett
(This used to be commit 3ec3861445e7da1347c3b5ba180b33441f59640c)
|
|
(This used to be commit b440418f13b840860be42690bf475c1ee3cb3647)
|
|
The global winbind file descriptor can cause havoc in some situations -
particulary when it becomes 0, 1 or 2. This patch (based on some very nice
work by Hannes Schmidt <mail@schmidt-net.via.t-online.de>) starts to recitfy
the problem by ensuring that the close-on-exec flag is set, and that we move
above 3 in the file descriptor table.
I've also decided that the PAM module can close it's pipe handle on every
request - this isn't performance-critical code.
The next step is to do the same for nss_winbind. (But things like getent()
might get in our way there).
This also cleans up some function prototypes, puts them in just one place.
Andrew Bartlett
(This used to be commit 442eb39657b98f67cd229ed3110b63aae8bf4e3c)
|
|
to extend the ADS_STATUS system to include NTSTATUS, and to provide a better
general infrustructure for his sam_ads work.
I've also added some extra failure mode DEBUG()s to parts of the code.
NOTE: The ADS_ERR_OK() macro is rather sensitive to braketing issues - without
the final set of brakets, the test is essentially inverted - causing some
intersting 'error = success' messages...
Andrew Bartlett
(This used to be commit 5b9a7ab901bc311f3ad08462a8a68d133c34a8b4)
|
|
(This used to be commit ea26b3e8efcb83e16f7eb5add031a8df99046a69)
|
|
changed cli_nt_setup_creds() to call cli_net_auth_2 or cli_net_auth_3 based on a switch.
pass also the negociation flags all the way.
all the places calling cli_nt_setup_creds() are still using cli_net_aut2(), it's just for future use and for rpcclient.
in the future we will be able to call auth_2 or auth_3 as we want.
J.F.
(This used to be commit 4d38caca40f98d0584fefb9d66424a3db5b5789e)
|
|
can be used to find a BDC
2nd try ....
(This used to be commit f757223ebe88148b83e1a32b87c014c15c0a68dd)
|
|
can be used to find a BDC
(This used to be commit e95d8e2c9ee5cf22b628f3e0d99fb74bcc632ea0)
|
|
(This used to be commit 073106ad25fba8c8aaa57c296ce8e7cb7b3e3e97)
|
|
(This used to be commit 86433a3492a3b70a051257940ae28ada8788a650)
|
|
(This used to be commit b8dba26978c281259e02b9d6ebacaa7cba4f7787)
|
|
(This used to be commit addf29e6765393b25c35bd833d29e29e4581c233)
|
|
happen when the LDAP call to get the flatname for the primary domain
fails)
(This used to be commit 8d40f34e2f5188f15f414e807d023bfea7bd8c8e)
|
|
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
|
|
actually work. Also, the idea of 'loopback winbind' isn't that bad an idea
anyway (potential PDC/BDC applications).
Given all that, remove it...
Andrew Bartlett
(This used to be commit fc0d6e53fce1d05b16ec58c0bdc38aa8da4422c0)
|
|
Tridge suggested a generic caching mechanism for Samba to avoid the
proliferation of little cache files hanging around limpet like in the
locks directory. Someone should probably implement this at some
stage.
(This used to be commit dad31483b3bd1790356ef1e40ac62624a403bce8)
|
|
This also makes it a easier to see which paramaters are 'in', and which are
'out'.
Andrew Bartlett
(This used to be commit 122cf648d7f364c68ecb7a576a42e94a954e9e56)
|
|
(This used to be commit 68e70b000b273ba72206c87ad1efd6efc2c7c487)
|
|
setups.
- split up the ads structure into logical pieces. This makes it much
easier to keep things like the authentication realm and the server
realm separate (they can be different).
- allow ads callers to specify that no sasl bind should be performed
(used by "net ads info" for example)
- fix an error with handing ADS_ERROR_SYSTEM() when errno is 0
- completely rewrote the code for finding the LDAP server. Now try DNS
methods first, and try all DNS servers returned from the SRV DNS
query, sorted by closeness to our interfaces (using the same sort code
as we use in replies from WINS servers). This allows us to cope with
ADS DCs that are down, and ensures we don't pick one that is on the
other side of the country unless absolutely necessary.
- recognise dnsRecords as binary when displaying them
- cope with the realm not being configured in smb.conf (work it out
from the LDAP server)
- look at the trustDirection when looking up trusted domains and don't
include trusts that trust our domains but we don't trust
theirs.
- use LDAP to query the alternate (netbios) name for a realm, and make
sure that both and long and short forms of the name are accepted by
winbindd. Use the short form by default for listing users/groups.
- rescan the list of trusted domains every 5 minutes in case new trust
relationships are added while winbindd is running
- include transient trust relationships (ie. C trusts B, B trusts A,
so C trusts A) in winbindd.
- don't do a gratuituous node status lookup when finding an ADS DC (we
don't need it and it could fail)
- remove unused sid_to_distinguished_name function
- make sure we find the allternate name of our primary domain when
operating with a netbiosless ADS DC (using LDAP to do the lookup)
- fixed the rpc trusted domain enumeration to support up to approx
2000 trusted domains (the old limit was 3)
- use the IP for the remote_machine (%m) macro when the client doesn't
supply us with a name via a netbios session request (eg. port 445)
- if the client uses SPNEGO then use the machine name from the SPNEGO
auth packet for remote_machine (%m) macro
- add new 'net ads workgroup' command to find the netbios workgroup
name for a realm
(This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
|