Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 8b769bf5bbbe54b1a39fd85cc24db09c1ab7faab)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
used to be commit b8d39651fb90ef170055735412417239a63afc5d)
|
|
a getgr*() function that lists groups without numerating all the
group members. Instead of definiing a new nss method (which might
cause problems) I added an environment variable WINBIND_GETGRLST
that tells winbind not to fill in the group members in a gergrent()
request. This can speed up group listing by a factor of 20 or more
(on my test system with 50000 groups it reduces the time from an hour
to 2 minutes)
(This used to be commit e3f73256d31ab9914daae49f41e984a534996870)
|
|
previously. Fix that.
Andrew Bartlett
(This used to be commit c552910477f0baca4d2173c2bdf4748de3c3b8ad)
|
|
(This used to be commit 952d722a3bba15b7a10b4cbabb5548f4dde682d7)
|
|
(This used to be commit 66c9cab369e38284c71572bfb3643538e253a451)
|
|
membership from an ADS server. We now use a 'member' query on the
group and do a separate call to convert the resulting distinguished
name to a name, rid etc. This is *much* faster for very large numbers
of groups (on a quantum test system with 10000 groups it drops the
time from an hour to about 35 seconds).
strangely enough, this actually *increases* the amount of ldap
traffic, its just that the MS LDAP server answers these queries much
faster.
(This used to be commit 5538048e4f6dd224b2990f3c6a3e99fd07065f77)
|
|
Andrew Bartlett
(This used to be commit d1ca2b9f23ce701eb6b6becafb1acd813fc8fc3a)
|
|
code
(This used to be commit 91ad9041e9507d36eb3f40c23c5d4df61f139ef0)
|
|
(This used to be commit dbfd4e5101599bcb85600e4c5c93ce5390b9aa91)
|
|
We now cope wiith multiple WINS groups and multiple failover servers
for release and refresh as well as registration. We also do the regitrations
in the same fashion as W2K does, where we don't try to register the next
IP in the list for a name until the WINS server has acked the previos IP.
This prevents us flooding the WINS server and also seems to make for much
more reliable multi-homed registration.
I also changed the dead WINS server code to mark pairs of IPs dead,
not individual IPs. The idea is that a WINS server might be dead from
the point of view of one of our interfaces, but not another, so we
need to keep talking to it on one while moving onto a failover WINS
server on the other interface. This copes much better with partial
LAN outages and weird routing tables.
(This used to be commit 313f2c9ff7a513802e4f893324865e70912d419e)
|
|
accept an extended syntax for 'wins server' like this:
wins server = group1:192.168.2.10 group2:192.168.3.99 group1:192.168.0.1
The tags before the IPs don't mean anything, they are just a way of
grouping IPs together. If you use the old syntax (ie. no ':') then
an implicit group name of '*' is used. In general I'd recommend people
use interface names for the group names, but it doesn't matter much.
When we register in nmbd we try to register all our IPs with each group
of WINS servers. We keep trying until all of them are registered with
every group, falling back to the failover WINS servers for each group
as we go.
When we do a WINS lookup we try each of the WINS servers for each group.
If a WINS server for a group gives a negative answer then we give up
on that group and move to the next group. If it times out then
we move to the next failover wins server in the group.
In either case, if a WINS server doesn't respond then we mark it dead
for 10 minutes, to prevent lengthy waits for dead servers.
(This used to be commit e125f06058b6b51382cf046b1dbb30728b8aeda5)
|
|
few more places to use it.
Andrew Bartlett
(This used to be commit 23689b0746d5ab030d8693abf71dd2e80ec1d7c7)
|
|
Andrew Bartlett
(This used to be commit 3b2464ffdad5e64a05e227b50116cb59f6d34204)
|
|
Jeremy.
(This used to be commit 629cea2ff4f640cd60d9ecfa72acf2707b3f1ff4)
|
|
(This used to be commit 897e64d2e0c1d04ab93441ccaffe369bf43be46e)
|
|
to using SIDs instead of RIDs.
The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument.
The idea here is to prevent mistakes where the SID is implict, but isn't
the same one that we have in the struct.
Andrew Bartlett
(This used to be commit 04f9a8ff4c7982f6597c0f6748f85d66d4784901)
|
|
(This used to be commit 8e51081333ae0b81a2aa2c609aa7a3ff8bf7f4ec)
|
|
the (now static) global_sam_sid.
The only place it was being used was to return global_sid_NULL to some
uid->sid functions - and I'm not convinced this is correct in any case.
Andrew Bartlett
(This used to be commit e2a76a7fc94dd59c09bba3cda91446fad9f8c0e0)
|
|
I think it should be removed from CVS. This matches the other proto files.
Andrew Bartlett
(This used to be commit 5a8d573f1784b037fd848d85a96dabfebfad63fd)
|
|
Jeremy.
(This used to be commit 2c1e78702423ba17993975eb7f158058cc7f229f)
|
|
consistent with other keys.
(This used to be commit 1e5bdf974fb1e64b5f5b82e0e24eb97aeb229584)
|
|
is being ignored on sighandler exit. This means we have to have a small
array of fd's, not a single one.
Jeremy.
(This used to be commit b06862e2de8d3bafbc10a9807501ef5bf148a61c)
|
|
whatever case the request was made in. This gets rid of duplicate
cache entries.
Also when doing a sid to name, prime the cache with the name to sid
mapping result. We can't do the reverse as we don't know the correct
case of the name to store in the cache.
(This used to be commit f268b0d5fb811b364578b11a66ca69973717eea8)
|
|
(This used to be commit 25554b46ded273e8f4070f14661b691ccc9ddd17)
|
|
(This used to be commit 8b5ac00ac60135f83145c65425d7b33a751a15b4)
|
|
comma. Only initialisers can have this in ANSI C.
(This used to be commit b6119f583552425c2be30662e9325270a5dbf096)
|
|
(This used to be commit 612584f7d5383db28960e1ae9aaeaa9b8b47486c)
|
|
to correctly allow password changes on expired passwords. (No security
implications, as its just a 'will I let you talk to the server' check).
pam_winbind checks the password prior to changing it, so that users don't
have to make up and type their new password when they havn't even got the
old one right. This also helps with stacking etc.
Andrew Bartlett
(This used to be commit 2b78d493002a3ba13533429c6a14f5c0a92f43d1)
|
|
(This used to be commit 2f74fb6e9893d306598ebedd54658f2dd56e988e)
|
|
didn't make any sense, and its was always just strlen(password) anyway.
This fixes it to be strlen(password)+1
Andrew Bartlett
(This used to be commit c205b18bd6b9b69200ff3db55f2c641631d4ab40)
|
|
(This used to be commit ae5d24873ad0fb3df970cc9912e18e6a5067ae2d)
|
|
secrets ...
(This used to be commit 56eea2623a8a8f2a5a0311cda6d0282d0037a3cc)
|
|
correctly configure winbind.
(Next job: Fill in the 'error_msg' field with somthing useful)
(This used to be commit 49ee2a25c131641887cbc438a6336652f042cfb0)
|
|
I think we may still need to look at our server enumeration code, but
other than that, its much better in the tree than out.
Andrew Bartlett
(This used to be commit d57a1b4629d12a0374cc6d74dfc6f5d4793fcef8)
|
|
(This used to be commit c986a19cde0dfa96b512eb24d873203981e68c48)
|
|
> Don't store domain with username in secrets.tdb
(This used to be commit a4a01afebe5b05e55ba64ada37e567d235d82fe8)
|
|
(This used to be commit 5c58b4290dbc364f3b2d6593fd0425fd50160993)
|
|
(This used to be commit f01d48fbf5ba08edb0b2882957af98bdfd38c064)
|
|
(This used to be commit 0420ae846cc93d4598b16dd21a4b8f61ae270fa2)
|
|
(This used to be commit e24f6288b63b950d7e8fee80759a94d6acd8cfa6)
|
|
(This used to be commit 1c3c0d7cb64caa6be7ee6d786fe400a1d6944a72)
|
|
(This used to be commit 4bbc584e6ce9cbc32bae715fd3fec0d89f2e271f)
|
|
<Michael.Gerdts@alcatel.com>. The struct passwd in Solaris contains some
extra fields which must be initialised otherwise nscd crashes.
(This used to be commit a67323d07177ebc8e46dc14476efaf7e95944504)
|
|
(This used to be commit 833fea47106444a4bcc0547c8bbb7d6d148fa1e7)
|
|
(This used to be commit ddc0f556305fc12fc27ce89e01e00f98feb7d6c8)
|
|
Jeremy.
(This used to be commit 6d957924579d64407bdd94d7e78088fb1ea5c9ce)
|
|
Jeremy.
(This used to be commit 7ddad4061a1b7ed25e4d6471c7a1f8f97a98ed37)
|
|
Herb please check.
Jeremy.
(This used to be commit a312b5b2de117797ddfdc79316378aac93034718)
|