summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r23769: Move removal of the tdb from the generic tdb_validate functionMichael Adam1-0/+6
to the caller (winbindd_validate_cache in this case). Next, there will be a backup handling for the tdb files. Michael (This used to be commit 821bc84109625c9d85edee38fa26d16f9f0a0fe2)
2007-10-10r23763: Fix a typo in DEBUG message.Michael Adam1-1/+1
Thanks to Karolin Seeger (ks@sernet.de) (This used to be commit 0ae6ae4ee8098abdfefc9fe7c3880bfbb6da52a8)
2007-10-10r23733: Limit LDAP lookup in lookup_usergroups_member() to security groups.Lars Müller1-1/+6
Credits to Ralf Haferkamp for the discussion and help on this. (This used to be commit 5be96d09a7c457b1763d7ad482b5a5a92c02d157)
2007-10-10r23730: Squashed commit of the following:Gerald Carter2-2/+6
commit 3941269fa01038fca242a197e8d7c1f234d45ea7 Author: Gerald (Jerry) Carter <jerry@samba.org> Date: Thu Jul 5 14:52:03 2007 -0500 Two fixes for "winbind expand groups". (a) Update the counter for the number of new groups to resolve else we'll only expand one group member per level and drop the rest. (b) Don't reset the num_names counter in winbindd_ads.c:lookup_groupmem() or we'll drop the SIDs resolved to names via cache from the resulting list. (This used to be commit dfb89dfcaa02f497ff22ac0213b70add6e4d5b8f)
2007-10-10r23708: - Add define for WINBIND_WARN_PWD_EXPIRE.Lars Müller2-2/+12
- Add parameter config_flag to get_config_item_int() and do the same check as in get_conf_item_string. (This used to be commit d1d1baa264587911e1c97b3b35d5ed2bc56bf12b)
2007-10-10r23707: - Move the asprintf() call to create the key even inLars Müller1-14/+12
get_conf_item_string() to the later if statement. - Also move the key definition to the later if statement in get_conf_item_string() and get_conf_item_int(). (This used to be commit 3a82ec943a3828b843dd47aaa0e360844d4dfb91)
2007-10-10r23704: Add pam_pwd_expire feature as discussed on samba-technical.Lars Müller2-11/+95
This is a slightly modified version to set warn_pwd_expire to the default value if 0, no, or a broken value is set. This version also has one if statement less in get_config_item_int(). Thanks a lot to Andreas 'GlaDiaC' Schneider for this feature! (This used to be commit d26914c978457ae0ec097cc40c8e33a7cee9ebcf)
2007-10-10r23672: Allow msrpc_name_to_sid() to be called without a domain_name and ↵Günther Deschner1-7/+9
just a name. Guenther (This used to be commit eeed62b6ca86bcb0875de90a5d8c65948fd80215)
2007-10-10r23632: Correctly return the new_group list pointer from expand_groupsGerald Carter1-1/+1
or else getgrnam() always acts like 'winbind expand groups = 1' (This used to be commit 04ae193ec44c0ecefa64ca44ad0cdb5968087319)
2007-10-10r23627: Allow to pass down the lookup-level to rpccli_lsa_lookup_names().Günther Deschner1-1/+1
Guenther (This used to be commit e9a7512a9f630340004913f1379452eea8a9b6ae)
2007-10-10r23625: Reformating WBFLAGs, just a cosmetic change.Günther Deschner1-15/+15
Guenther (This used to be commit 555ae4a19b35b0672033798e00e3d1e153d2a9b3)
2007-10-10r23619: Fix compile warning in fill_grent_mem() caused by mismatched counter ↵Gerald Carter1-1/+1
size. (This used to be commit 05520d6b0a86c1cd5abbf6252c4a32629cdf8619)
2007-10-10r23611: Fix typo in error message.James Peach1-1/+1
(This used to be commit 8ee76e43843c56869b23f58615635f986c162d01)
2007-10-10r23610: Move some winbindd_cache specific flags and actionsMichael Adam1-1/+19
back to winbindd_cache.c. The generic mechanism should open the cache tdb readonly and with default flags. Michael (This used to be commit 062d8c61294a1e9f8588fa8af31954dd286c7bde)
2007-10-10r23608: Just inline comment cosmetics.Günther Deschner1-5/+2
Guenther (This used to be commit 90c810674dff17b2d08d49cb8d945a86204598a6)
2007-10-10r23607: Add legacy support for Services for Unix (SFU) 2.0.Günther Deschner1-3/+42
Guenther (This used to be commit 11b390309b9677805e5b68f3a1b780658ae85137)
2007-10-10r23601: BUG 4579: Don't mark the SAM domain on a Samba DC as an internal ↵Gerald Carter1-0/+6
domain or else all network connections from the local winbindd will fail (This used to be commit 5e0f8b114b964d08cfb22a7452c617b8512545dc)
2007-10-10r23600: First step in abstracting the winbindd cache validationMichael Adam1-219/+25
code into a generic tdb validation code. In lib/util_tdb.c for a start. Michael (This used to be commit 527edfa0cbcb233218ebabc395666d1d7228ee37)
2007-10-10r23577: Fix winbindd (sorry). Ensure I set the new child_pidJeremy Allison1-1/+3
variable at the correct point just before the write call is scheduled. Jeremy. (This used to be commit e076dc16462a3ce11105bf9a729ec59ddd9bdc75)
2007-10-10r23574: Remove double-null check (I hate people bitching at meJeremy Allison1-3/+1
on the lists :-). Jeremy. (This used to be commit f075620d2071aaecb72e93cbda32c4f624f23d86)
2007-10-10r23573: Cope with terminating winbindd children on read/write/timeoutJeremy Allison1-38/+45
communication failures. Set timeout to 5 mins. Ensure that we're terminating the correct child (the one we thought we were talking to). Still setting up my testing environment but I have high hopes for this being the fix for the 3.0.25b showstopper. Jeremy. (This used to be commit c366df2fe7f1aa1e8fd9bca35bc3b029d76b3abc)
2007-10-10r23568: Remove last traces of Heimdal KCM support (and don't misuse wbinfo ↵Günther Deschner1-25/+4
where a torture test would be much more appropriate). Fix #4408. Guenther (This used to be commit 7514a370cae9c6fdacffd2b885fd93cb1230ce96)
2007-10-10r23565: Avoid double NULL pointer checks.Günther Deschner2-18/+6
Guenther (This used to be commit 5456ea59ba12593b0aac9745b41cdd0f5ec0a559)
2007-10-10r23564: Handle MSG_DUMP_EVENT_LIST only in winbindd for now.Günther Deschner2-0/+42
Guenther (This used to be commit 2592e68a43a73474e1bb53f83642c864fd159b45)
2007-10-10r23539: Remove code duplication and unify behaviour of winbind_nss_*.h filesKai Blin2-6/+1
(This used to be commit 13c6eacff02b55b9fd6201406802f271dcf13e8e)
2007-10-10r23525: I believe this patch is ok, got no reply of it being not ok.Simo Sorce1-2/+40
This closes #4624 for me. (This used to be commit 3635b304155299ac93fda57e5e9ece0acd605e77)
2007-10-10r23515: Ensure status isn't used uninitialized.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 5b2836e2d5f9081b5e39637538d8f2d19e1115c4)
2007-10-10r23510: Tidy calls to smb_panic by removing trailing newlines. Print theJames Peach3-8/+9
failed expression in SMB_ASSERT. (This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713)
2007-10-10r23496: Fix logic error in getgrnam_recv() that brokeGerald Carter1-1/+1
getgrnam() for machine and domain local groups. (This used to be commit 4d4c1eca30ce57b4072e9f8c59fcc49bf3a5c48e)
2007-10-10r23474: Here's a small patch that disables the libkrb5.so replay cacheGerald Carter1-1/+1
when verifying a ticket from winbindd_pam.c. I've found during multiple, fast, automated SSH logins (such as from a cron script) that the replay cache in MIT's krb5 lib will occasionally fail the krb5_rd_req() as a replay attack. There seems to be a small window during which the MIT krb5 libs could reproduce identical time stamps for ctime and cusec in the authenticator since Unix systems only give back milli-seconds rather than the micro-seconds needed by the authenticator. Checked against MIT 1.5.1. Have not researched how Heimdal does it. My thinking is that if someone can spoof the KDC and TDS services we are pretty hopeless anyways. (This used to be commit cbd33da9f78373e29729325bbab1ae9040712b11)
2007-10-10r23471: Here's a rough patch for expanding domain group membershipGerald Carter2-155/+347
in the winbindd_getgrnam() call. Couple of comments: * Adds "winbind expand groups" parameter which defines the max depth winbindd will expand group members. The default is the current behavior of one level of expansion. * The entire getrgnam() interface should be async. I haven't done that. * Refactors the domain users hack in fill_grent_mem() into its own function. (This used to be commit 3d3a8130351753dc5caa2a270d130e2150da6b54)
2007-10-10r23448: Doh ! Don't call winbind_child_died() *before* theJeremy Allison1-7/+6
kill call as that sets pid = 0 ! :-). Jeremy. (This used to be commit bcfce39094ef30a1d1ae4dba5a90738e2678bcbf)
2007-10-10r23447: Add kill signal to child dead path. After talkingJeremy Allison1-0/+3
to Jerry add to 3.0.25b. Jeremy. (This used to be commit ade91e78cbe2871d3a8df18fa1f92bc16a7600a8)
2007-10-10r23446: Restore Jeremy's original formatting, just fix the comment.Volker Lendecke1-21/+17
(This used to be commit 5b983957e3a0a05f77bfb8a10a7986c22b81088d)
2007-10-10r23426: Correct a comment. The default timeout is not 1min, but 30s. WhileVolker Lendecke1-17/+21
there, do some reformatting. Jeremy, I think we should also kill the child. It might hang in something (an fcntl lock for example) that the next child might run into immediately again. (This used to be commit 6729a4df4b57f638161ec55f9b1edd0bc8bb947e)
2007-10-10r23424: Thanks to Jerry, we finally tracked down the :Jeremy Allison1-0/+62
winbindd: Exceeding 200 client connections, no idle connection found" bug #3204. This fixes it in Jerry's testing ! Jeremy. (This used to be commit 0c7ce6a68286fa98258828545fc869aaac19a028)
2007-10-10r23410: Merge the core of the cluster code.Volker Lendecke1-0/+7
I'm 100% certain I've forgotten to merge something, but the main code should be in. It's mainly in dbwrap_ctdb.c, ctdbd_conn.c and messages_ctdbd.c. There should be no changes to the non-cluster case, it does survive make test on my laptop. It survives some very basic tests with ctdbd enables, I did not do the full test suite for clusters yet. Phew... Volker (This used to be commit 15553d6327a3aecdd2b0b94a3656d04bf4106323)
2007-10-10r23406: Evn if not strictly currently necessary do check for correctSimo Sorce2-0/+16
init also in idmap_nss and idmap_passdb for coherency and to prevent errors in future if we change the init functions to actually do something and not just return NT_STATUS_OK (This used to be commit 86f532c1b0cf7961b8331bb212c3ed2084fda3fc)
2007-10-10r23404: Fix wrong (and missing) action on error condition in ldap reply ↵Simo Sorce1-1/+5
evaluation loop Fixes one of the segfaults in bug #4667 (This used to be commit 176e1c0b692b9509a29bbbb2b35ad821dfb0d5aa)
2007-10-10r23368: Make "winbind:rpc only" a full blown parameter. Thanks to Karolin forVolker Lendecke1-1/+1
the patch :-) (This used to be commit 07b71a02aef15b75d281cabeb7140db1bc0bb283)
2007-10-10r23355: Fix some more build warnings.Günther Deschner2-3/+3
Guenther (This used to be commit 23e25bba8fafb31492b517d63f0a00c5ec07d5da)
2007-10-10r23348: Fix connection reporting on SIGUSR2 (noticed byJeremy Allison1-0/+3
Herb). Jeremy. (This used to be commit dcb617e550c98de8a4bdcb9b1f7f78ba008fc138)
2007-10-10r23345: Stop Coverity from getting confused.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 8e83e4267260201777c753c4e3849d65fd20ae8f)
2007-10-10r23340: Fix typo in debug ouput. Found by Karolin Seeger <ks@sernet.de>.Michael Adam1-1/+1
Michael (This used to be commit 81c7d152b2cb8fafa3d510c3d35fb86bae1e0856)
2007-10-10r23330: always include "winbind_client.h" as first headerStefan Metzmacher2-2/+2
as it brings in "replace.h" this will bring in "config.h" metze (This used to be commit d0b7b77fc437288d2e14099209bfd435bd7f1da4)
2007-10-10r23312: As per Volker, rename the "windbind:ads" parameter "winbind:rpc only".James Peach1-4/+3
(This used to be commit cbd083efb9a00db68be24cde10b96da06390d970)
2007-10-10r23297: This introduces the winbind:ads parameter which defaults to True. ↵Volker Lendecke1-1/+3
Setting it to False makes winbind use RPC and not LDAP methods to connect to the DCs, even when it figured out they are AD. (This used to be commit 1c1f710e3e2e222c9d91a5650844c1db5ebd5a3a)
2007-10-10r23291: Undo the somewhat naive change of r23279:Michael Adam1-2/+10
The clear text presentaion of the sid in the ldap expression does work with w2k3 but not with w2k.... Thanks to Guenther for advising me of this issue. Michael (This used to be commit 7e6b0c19f816b52cca257c2837680e70f1af8594)
2007-10-10r23290: Fix another small and stupid but severe typo.Michael Adam1-1/+1
Hopfully, I have finally got this right... :-) Michael (This used to be commit 2190d838e49692fcba8f3a393dd30db937899fed)
2007-10-10r23287: Use talloc_move instead of talloc_steal as this is what I reallyMichael Adam1-1/+1
wanted to do. Michael (This used to be commit f2adae8fc197be1e40769dbda27ee5b1085c3c64)
generated by cgit (git 2.34.1) at 2024-07-04 02:12:22 +0000