summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r11328: Actually verify that the bind on a pipe succeeded with a samr_connect orVolker Lendecke1-167/+196
lsa_openpolicy and fall back appropriately. In particular an ntlmssp bind failure can not be detected before the first real rpc request, at least according to abartlet :-) Works for me against w2k3, w2k and nt4. Sooner or later I should test against samba4 ... :-) Volker (This used to be commit 48a9e35208ae7b6271508085f59833e5def640e8)
2007-10-10r11324: Re-formatting before I can get a very *narrow* focus on the bugs in ↵Volker Lendecke1-59/+61
here. ;-) We can only tell if the bind succeeded on the first real RPC call. So we have to decide according to success of samrconnect whether we have to fall back. Similarly for lsaopenpolicy. Volker (This used to be commit 0603e1c8456ee87b87b051e0303a35fdbfbcf7ca)
2007-10-10r11323: Fix usage of rpccli_netlogon_getdcname. Add some debug messages.Volker Lendecke1-3/+18
Volker (This used to be commit 770ad2a8a72ae7bfcdc1b86b72142e11f662d975)
2007-10-10r11319: read_buf_len and write_buf_len are no longer used, remove them.Volker Lendecke2-6/+3
Volker (This used to be commit 6948f748f689708c396e52097553ff222b1af744)
2007-10-10r11280: BUG 3201: make sure request structure is cleared prior to sending ↵Gerald Carter1-0/+3
the request to winbindd (prevents the WB_RECURSE flags from accidentially getting set (This used to be commit 8c63d6d8a7f50d9a101117338242a9c8b243b43f)
2007-10-10r11253: Fix an annoying timeout when no nmbd is aroundVolker Lendecke1-8/+8
(This used to be commit 10fb32ec52b32b72a46a783b73c6dd1f24625d9b)
2007-10-10r11251: Fix a commentVolker Lendecke1-7/+5
(This used to be commit 1ce6d12898c6f24c83e54561862735586b5a41b4)
2007-10-10r11242: use LDAP bitwise machting rule when searching for groups in ADS.Günther Deschner1-17/+36
This avoids that each time a full-group-dump is requested from ADS; the bitwise match allows to only query those groups we are interested in. The ADS LDAP server changed to RFC compliant behaviour when decoding the ldap filter with extensible match in the latest SPs (fixes). From the patch: /* Workaround ADS LDAP bug present in MS W2K3 SP0 and W2K SP4 w/o * rollup-fixes: * * According to Section 5.1(4) of RFC 2251 if a value of a type is it's * default value, it MUST be absent. In case of extensible matching the * "dnattr" boolean defaults to FALSE and so it must be only be present * when set to TRUE. * * When it is set to FALSE and the OpenLDAP lib (correctly) encodes a * filter using bitwise matching rule then a buggy AD fails to decode * the extensible match. As a workaround set it to TRUE and thereby add * the dnAttributes "dn" field to cope with those older AD versions. * It should not harm and won't put any additional load on the AD since * none of the dn components have a bitmask-attribute. * * Thanks to Ralf Haferkamp for input and testing */ Guenther (This used to be commit db38ed6be607d08515920d46fb8a12f8cb4ddd6e)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison7-64/+71
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r10688: Fix from Volker for bugid #3068 - winbindd crash withJeremy Allison1-1/+2
alt_names. Jeremy. (This used to be commit 35dda6920c9e318726473b6bc9d8495cf8f7b7cc)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter13-522/+658
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r10556: BUG 3083: patch from Alex Deiter <tiamat@komi.mts.ru> to fix ↵Gerald Carter1-1/+4
checking trusted account for winbindd running on a Samba PDC (This used to be commit 24b43af642c9d41c14b9ad64704e13cc9150378d)
2007-10-10r10474: We better ignore builtin SIDs from the Active Directory DC to preventGünther Deschner1-1/+8
that AD's builtin groups mixup with our own builtin groups. Guenther (This used to be commit 9930013161f1ae59e7aed1b397b79792d384f1ba)
2007-10-10r10321: Fix winbindd recursion bug found by Ingo Steuwer ↵Jeremy Allison4-7/+14
<steuwer@univention.de>. Jeremy. (This used to be commit 6795c818a3d63737d5b40faffa3a0b91c71b427b)
2007-10-10r10270: lowercase groupnames and groupmembers again.Günther Deschner1-0/+1
Guenther (This used to be commit 736dffb2a9907a6ca3fee51eb4a9f1da837303a0)
2007-10-10r10268: Fix for bug #3095 - winbindd checking credentials.Jeremy Allison1-12/+18
Jeremy. (This used to be commit e58d8ee0555a5de0a25757b26cc22e02b9aace31)
2007-10-10r10267: Exit if winbind can't find or generate a SID -- there's no point inVolker Lendecke1-1/+1
continuing. Found during investigation of bug 3105. Volker (This used to be commit 72546f185696235c9d5cb6196448178d9e15e858)
2007-10-10r10263: Fix debug which got more instead of less confusing.Günther Deschner1-1/+1
Guenther (This used to be commit ac3786a7a7dfc77d3b305ae67c97ab4f7f63961e)
2007-10-10r10262: * Fix for getgrnam not returning builtin group (which is done by getentGünther Deschner2-4/+6
group) * Give a better debug message when returning builtin groups. Guenther (This used to be commit ec79971dc7606c1dfea3acf87cd19fa4153ae417)
2007-10-10r10261: Don't bother to peek rids in builtin-sids.Günther Deschner1-0/+3
Guenther (This used to be commit d75bfce8cc9122ddcad149704e467c784f0a0872)
2007-10-10r10152: 64-bit fix for bug #3082. Thanks to Robin Hill for tracking this ↵Volker Lendecke1-1/+3
down with valgrind. Jerry, if this patch proves to fix his problem, it is definitely a candidate for the recommended patches page. Volker (This used to be commit 5232034b0daca8486fd55e53c2d910e4fbf0299d)
2007-10-10r9780: Clean up a bunch of compiler warnings.James Peach2-9/+1
(This used to be commit 623d2e69319ffead31a780a4d6156dae45f386d7)
2007-10-10r9758: make sure to lower case usernames in winbindd's getpwnam()Gerald Carter1-1/+4
(This used to be commit 9fc539088eda7f9b5d212b7df50594bec51e16f5)
2007-10-10r9709: Fix two bugs found by Brian Moran: Any request sent to winbind while ↵Volker Lendecke2-7/+7
the child in question is still initializing overwrites domain->dcname. Only overwrite if the parent actually has sent a dcname and thus really knows it. Second, ntlm_auth needs the error code, not just the fact it failed. Jerry, the 3_0 part might qualify as a "recommended patch". Thanks, Volker (This used to be commit d79b179b7f9d2efa4f8ee47bfe386e90d8b58322)
2007-10-10r9588: remove netsamlogon_cache interface...everything seems to work fine. ↵Gerald Carter4-98/+0
Will deal with any fallout from special environments using a non-cache solution (This used to be commit e1de6f238f3981d81e49fb41919fdce4f07c8280)
2007-10-10r9366: patch from Toomas.Soome@mls.ee to include hosts lookups via the ↵Gerald Carter1-0/+290
winbind pipe on solaris (This used to be commit e822a7539065c12d23b491e85f2cce7e98195f77)
2007-10-10r9362: formatting cleanupGerald Carter1-28/+21
(This used to be commit f6b8af1ce13a0fa306bdd2a8aa1f0b7c6b185d81)
2007-10-10r9361: patch from Ed Plese to fix a faulty error in winbinddGerald Carter1-13/+12
caused by users with no supplementary groups. (This used to be commit dbdf8c631531c499965630bfae3b381f3dc8314a)
2007-10-10r9330: Remove the classic dual daemon since it was not being used.Gerald Carter3-238/+3
It was already gone in trunk anyways. working on fixing BUG 3000 which does work now but we are flying without a cache. (This used to be commit 4936d6d8b28edc59a3d17defcdf255ea6e0ba4e0)
2007-10-10r9322: fixing debug log and ensuring that we set the right winbind_methodsGerald Carter2-4/+6
pointer in get_cache() by requiring that all domain structure be initialized with the set_dc_type_and_flags(). (This used to be commit c064609b942e88c70fe0a868e52c57ad1016850c)
2007-10-10r9301: Allow user-defined list and lookup timeouts on IRIX. Bugzilla bug #2284.James Peach1-1/+16
(This used to be commit bb579141d86202ac891a7b777c137cb87effefe3)
2007-10-10r9252: 2 type fixes from Luke Mewburn <lukem@NetBSD.org>. Bugid #2934.Jeremy Allison1-1/+2
Jeremy. (This used to be commit c63ad85b8c1aedd04a65e46c27a6e2661093847a)
2007-10-10r8800: grr...get logic right when checking #defineGerald Carter1-2/+2
(This used to be commit c2f69827de13a6e63077bfc4a62738c0f88e0835)
2007-10-10r8799: disabling schannel on samr and lsa until I figure outGerald Carter1-9/+15
the latest MS changes in 2003 sp1 and 2004 sp4 sr1 (This used to be commit 7588c32baa50994bdc6e351d79da3edff1fdc876)
2007-10-10r8796: disable schannel on the lsa client pipe for now to deal with Windows ↵Gerald Carter1-0/+7
2003 sp1 and Windows 2000 SP4 SR1 (This used to be commit bc1443837c81bebbac7894075a15fe96338f8b0a)
2007-10-10r8572: Remove crufty #define NO_SYSLOG as it's not used at all anymore.Tim Potter1-2/+0
(This used to be commit 985dbb47d925e79c1195ca219f7ab5d6648b22b8)
2007-10-10r8145: When inventing a new parameter for SFU-support, be aware of Volker'sGünther Deschner2-8/+15
upcoming changes for "unixinfo"-pipe. Therefor (after speaking with Volker) replace "winbind sfu support" with the list-parameter "winbind nss info" which defaults to "template". For SFU-support set it to "winbind nss info = template sfu". Note that nss_info_use() is just a dummy function at the moment. Guenther (This used to be commit 91596330ea3c4ba0fb9ddc52ad9d4a7c8e5b2d3f)
2007-10-10r7994: This adds support in Winbindd's "security = ads"-mode to retrieve the ↵Günther Deschner7-47/+127
POSIX homedirectory and the loginshell from Active Directory's "Services for Unix". Enable it with: winbind sfu support = yes User-Accounts without SFU-Unix-Attributes will be assigned template-based Shells and Homedirs as before. Note that it doesn't matter which version of Services for Unix you use (2.0, 2.2, 3.0 or 3.5). Samba should detect the correct attributes (msSFULoginShell, msSFU30LoginShell, etc.) automatically. If you also want to share the same uid/gid-space as SFU then also use PADL's ad-idmap-Plugin: idmap backend = ad When using the idmap-plugin only those accounts will appear in Name Service Switch that have those UNIX-attributes which avoids potential uid/gid-space clashes between SFU-ids and automatically assigned idmap-ids. Guenther (This used to be commit 28b59699425b1c954d191fc0e3bd357e4a4e4cd8)
2007-10-10r7949: Work around for broken Solaris header files.Jeremy Allison1-0/+26
Jeremy (This used to be commit 4d5002931056d2a88d49ce060c10bc0fecf4ba50)
2007-10-10r7903: Attempt to fix the AIX buildVolker Lendecke1-10/+10
(This used to be commit bb884b0bf96899bf3cf477bfe2220cdfc7aa596d)
2007-10-10r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison17-387/+386
safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10r7877: Attempt to fix a smb_panic reported by Pavel Rochnyack.Volker Lendecke2-15/+29
Volker (This used to be commit 7d1b890fead61551465e2a972e4097d9c1a4d6fd)
2007-10-10r7785: This looks much larger than it is. It changes the top-level functions ↵Volker Lendecke9-298/+368
of the parent winbind not to return winbindd_result. This is to hopefully fix all the problems where a result has been scheduled for write twice. The problematic ones have been the functions that might have been delayed as well as under other circumstances immediately gets answered from the cache. Now a request needs to be explicitly replied to with a request_error() or request_ok(). Volker (This used to be commit 7365c9accf98ec1dd78a59dd7f62462bbb8528d4)
2007-10-10r7454: couple of winbindd fixesGerald Carter4-9/+17
* make sure to use our domain as the account name in the net_req_auth2() request when running on a Samba DC * make sure to lookup the correct domain (not default to ours) when getting an async getpwnam() call (This used to be commit c9c3e3c122a6a04847c448d298b6f1adb4f35a60)
2007-10-10r7440: * merge registry server changes from trunk (so far) for moreGerald Carter1-4/+4
printmig.exe work * merge the sys_select_signal(char c) change from trunk in order to keeo the winbind code in sync (This used to be commit a112c5570a7f8ddddde1af0fa665f40a6067e8cf)
2007-10-10r7423: Fix the build on sol10Volker Lendecke1-1/+1
(This used to be commit e8fde1bd92e8b19c8b5ce22f92cb048de773be1c)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter20-2637/+6290
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r7243: Don't look at gencache.tdb for the trusted domains if winbind is around.Volker Lendecke1-0/+31
Volker (This used to be commit 94acb93f57b963bf137c6ddd644a147f4d0b5175)
2007-10-10r7148: Fix #2736: winbind race condition with detecting idle clientsJim McDonough1-6/+12
winbind idle connection closing logic is getting invoked under high loads for clients which may already have commands in the pipe. This race condition causes clients to fail with NSS_STATUS_UNAVAIL sometimes. We now retry several times hoping (still not guaranteed, though) it will work. (This used to be commit 05c04cfd2526b8b9a82916b5dffc18bf27c3f198)
2007-10-10r7145: reuse the WINBIND_REQUIRED_MEMBERSHIP constant.Günther Deschner1-12/+14
This is just cosmetic but prevents people from thinking that the pam_winbind "require_membership_of"-option is not yet implemented :) Guenther (This used to be commit ef80a49a858d7d81d427c7bac71fdac4fc0d1bd6)