summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r22730: Fix password changes via pam_winbindd when using "winbind normalize ↵Gerald Carter1-0/+2
names" and the username has been munged. Make sure to munge it back before performing the change_password() request. (This used to be commit ff025d451e165383ad7d524e0e8176d987554049)
2007-10-10r22727: remove outdated comment about templatre shell and homedirGerald Carter1-3/+1
(This used to be commit e8f9bd655829f671e9ce395aa9b4b94ff4bab36a)
2007-10-10r22726: When performing an offline logon for a user in a trusted domain,Gerald Carter1-0/+8
take care not to expire the name2sid cache entry just because that child does not know that the primary domain is offline. (This used to be commit 0399f52a1cdbb1acf8d41afddf498529ff4923cf)
2007-10-10r22725: * Don't try to update the sequence_number when offlineGerald Carter1-3/+11
* Log the NTSTATUS when saving name/sid cache entry * Allow the backend loolkup_usergroups() call in winbindd_{rpc,ads}.c to inform the wcache manager that the group list should not be cached (needed for one-way trusts). (This used to be commit 693ab48408dbb775b57dcc5140e27ad9221852a1)
2007-10-10r22724: Call an nss_info backend's init() function if theGerald Carter1-3/+8
previous call was unsuccessful. needed for offline logons. (This used to be commit c3a8dc5d136e33b66849c38bfa910cd044cd521f)
2007-10-10r22720: Fixes for offline auth when using krb5_auth = yes in pam_winbind.Gerald Carter1-8/+26
Assume that "NO_DOMAIN_CONTROLLERS_FOUND" means that the domain is offline. (This used to be commit 30f9cc52bf8270652624c79691d147e05e476583)
2007-10-10r22719: Missed change for one-way trust support. Ignore password policyGerald Carter1-1/+5
settings from one trusted domain with no incoming trust path. Guenther, I think this is ok as we only need the pw policy to give feedback on upcoming expiration times. (This used to be commit c79ae57388d087496777129d6936cd51aab38d5b)
2007-10-10r22717: Add Everyone and AuthenticatedUsers to the user's tokenGerald Carter1-1/+10
for use by the require-membership-of pam_winbind option. (This used to be commit 11f81c5997a014cca9d98c474e7870ebb07c4642)
2007-10-10r22716: Clarify comment in winbindd_domain structureGerald Carter1-2/+2
(This used to be commit 32fd8558bd4531a745a04810a1cb6392dfab16a5)
2007-10-10r22715: When our primary domain does on or offline, make sure to send a msgGerald Carter2-23/+37
to the idmap child. Also remove the check for the global offline state in child_msg_offline() as this means we cannot mark domains offline due to network outages. (This used to be commit 1b99e8b521eae3e9fa775577de01116bb20fb8b3)
2007-10-10r22713: Offline logon fixes for idmap manager:Gerald Carter3-60/+80
(a) Ignore the negative cache when the domain is offline (b) don't delete expired entries from the cache as these can be used when offline (same model as thw wcache entries) (c) Delay idmap backend initialization when offline as the backend routines will not be called until we go online anyways. This prevents idmap_init() from failing when a backend's init() function fails becuase of lack of network connectivity (This used to be commit 4086ef15b395f1a536fb669af2103a33ecc14de4)
2007-10-10r22712: Inform the user when logging in via pam_winbindGerald Carter3-0/+37
and the krb5 tkt cache could not be created due to clock skew. (This used to be commit 24616f7d6be40b090dc74851b1ea7d09d6976811)
2007-10-10r22711: Fix a compile warnign in query_user(). Ensure that user_ridGerald Carter2-3/+2
is initialized. (This used to be commit ef0304268284df7166ecd1b17328076e7ce40de9)
2007-10-10r22710: Support one-way trusts.Gerald Carter8-20/+290
* Rely on the fact that name2sid will work for any name in a trusted domain will work against our primary domain (even in the absense of an incoming trust path) * Only logons will reliably work and the idmap backend is responsible for being able to manage id's without contacting the trusted domain * "getent passwd" and "getent group" for trusted users and groups will work but we cannot get the group membership of a user in any fashion without the user first logging on (via NTLM or krb5) and the netsamlogon_cache being updated. (This used to be commit dee2bce2af6aab8308dcef4109cc5248cfba5ef5)
2007-10-10r22709: we can only use tschannel when commectcing to our primary (might ↵Gerald Carter1-1/+8
need some fixing here for a Samba DC) (This used to be commit 3d2123383d9dab6f0c8832e0f04238aa9a972c70)
2007-10-10r22708: disable saving the trusted domain list as we want to the parent ↵Gerald Carter1-0/+6
daemon to manage the complete trusted domain cache (This used to be commit 3a9152a2acfc7b615a5c6b8764ea9462443f00d1)
2007-10-10r22707: missed merge from local tree: pass the correct state to the domain ↵Gerald Carter1-1/+1
when calling the async lookupsid() routine (This used to be commit 3d814862af7382a9ea56b2c8d3cc9a31dca4bdb6)
2007-10-10r22706: missed one reference to domain->native_mode in the previous commitGerald Carter1-1/+1
(This used to be commit aa2ac5a1944884586c9f7e97c3a0b1b6c418b554)
2007-10-10r22705: Implement new set_dc_type_and_flags() called based on theGerald Carter3-9/+170
information return from our DC in the DsEnumerateDomainTrusts() call. If the fails, we callback ot the older connect-to-the-remote-domain method. Note that this means we can only reliably expect the native_mode flag to be set for our own domain as this information in not available outside our primary domain from the trusted information. This is ok as we only really need the flag when trying to determine to enumerate domain local groups via RPC. Use the AD flag rather than the native_mode flag when using ldap to obtain the seq_num for a domain. (This used to be commit 4b4148a9642f03b8f27dda2132708bcc0cbb3b8e)
2007-10-10r22704: Implement three step method for enumerating domain trusts.Gerald Carter5-21/+319
(a) Query our primary domain for trusts (b) Query all tree roots in our forest (c) Query all forest roots in trusted forests. This will give us a complete trust topology including domains via transitive Krb5 trusts. We also store the trust type, flags, and attributes so we can determine one-way trusted domains (outgoing only trust path). Patch for one-way trusts coming in a later check-in. "wbinfo -m" now lists all domains in the domain_list() as held by the main winbindd process. (This used to be commit 9cf6068f1e0a1063d331af17aa493140497b96ef)
2007-10-10r22703: Convert winbindd_getgrgid() and winbindd_getgetpwnam()Gerald Carter1-113/+113
to use the same code path after we resolve the name/gid to a SID. Use the async lookupname/lookupsid interface. (This used to be commit d12b8147d6bd34fad680cb8705dc6d7bbea1db12)
2007-10-10r22702: Convert both lookup name and lookup sid to follow theGerald Carter2-31/+105
same heuristic. First try our DC and then try a DC in the root of our forest. Use a temporary state since winbindd_lookupXXX_async() is called from various winbindd API entry points. Note this will break the compile. That will be fixed in the next commit. (This used to be commit b442644bac2a7d5853440254257ca34a8e7c25de)
2007-10-10r22700: Add a simple wcache TRUSTDOM api for maintaing a completeGerald Carter2-1/+478
list of trusted domains without requiring each winbindd process to aquire this on its own. This is needed for various idmap plugins and for dealing with different trust topoligies. list_trusted_domain() patches coming next. (This used to be commit 2da62a3d965a9701e16e644fd6bc728b43f28489)
2007-10-10r22677: One line fix to make net idmap restore work againSimo Sorce1-0/+1
Jerry, please add this for 3.0.25 final (This used to be commit e04ca2d7f8ea2d4c70c2a35201a98c5ecd672d59)
2007-10-10r22675: Simo's patch for 0 size allocation. Still needJeremy Allison2-9/+13
to examine parse_misc.c fix. Jeremy. (This used to be commit 80d981265cd3bc9d73c5da3c514ec736e2dfa73a)
2007-10-10r22666: Expand kerberos_kinit_password_ext() to return NTSTATUS codes and makeGünther Deschner2-4/+6
winbindd's kerberized pam_auth use that. Guenther (This used to be commit 0f436eab5b2e5891c341c27cb22db52a72bf1af7)
2007-10-10r22647: Avoid leaking a full info3 structure on each winbindd cached login ↵Günther Deschner2-5/+5
by making netsamlogon_cache_get() return a talloc'ed structure. Guenther (This used to be commit 5b149967cc3ab68057db015e67b688c9b9577f0d)
2007-10-10r22646: segfault fix in idmap_ldap.c from 3_0_25Simo Sorce1-2/+8
(This used to be commit 565d7d0b18f18ba11f186667df95bc608a179efa)
2007-10-10r22643: Don't clear cached U/SID and UG/SID entries when we want to logon ↵Günther Deschner1-1/+8
offline. Guenther (This used to be commit 37f9f466fd05bb06d8539bdb2cb72a730c2af4f4)
2007-10-10r22636: Fix logic bug.Günther Deschner1-6/+6
We certainly don't want to crash winbind on each sucessfull centry_uint{8,16,32,64} read. Jeremy, please check :-) Guenther (This used to be commit bfcd10766bcac1d50f7624bbe5a72eca57b5e278)
2007-10-10r22633: Fix typo in debug message.James Peach1-1/+1
(This used to be commit 4c58b6b1946bf61b24cbdb3c331fee3d48a6b7d2)
2007-10-10r22590: Make TALLOC_ARRAY consistent across all uses.Jeremy Allison2-13/+24
That should be it.... Jeremy. (This used to be commit 603233a98bbf65467c8b4f04719d771c70b3b4c9)
2007-10-10r22589: Make TALLOC_ARRAY consistent across all uses.Jeremy Allison4-29/+57
Jeremy. (This used to be commit 8968808c3b5b0208cbad9ac92eaf948f2c546dd9)
2007-10-10r22553: Fix the buildVolker Lendecke2-2/+2
(This used to be commit 561f3c67f40ed6a983ebf170e4014b256ca71219)
2007-10-10r22542: Move over to using the _strict varients of the tallocJeremy Allison6-15/+15
calls. No functional changes. Looks bigger than it is :-). Jeremy. (This used to be commit f6fa3080fee1b20df9f1968500840a88cf0ee592)
2007-10-10r22511: Remove unused LDAPMessage.Günther Deschner1-3/+0
Guenther (This used to be commit 31a193b02a08d2323d93659105c0fd5650b33419)
2007-10-10r22507: Wrap the method of obtaining sockets to listen on.James Peach3-103/+128
(This used to be commit e027322b769b896184484155fef7c2ba247412a4)
2007-10-10r22473: Correct fix for setting a default compat tdb idmap backend.Gerald Carter1-29/+30
Previous code would always fill in "idmap backend = tdb" even if you defined idmap domains. My fault. I should have tested the original patch more before committing. (This used to be commit a60c3f6a5a92722552197f7ab133f2ec3af377f9)
2007-10-10r22466: Fix build warning.Günther Deschner1-1/+1
Guenther (This used to be commit d6f259e91862df043f14430a60e9d646e30fe632)
2007-10-10r22461: Use ranged LDAP queries in lookup_usergroups_member() and start to ↵Günther Deschner1-99/+75
optinmize lookup_groupmem(). In the later, at least try to avoid those massive LDAP dn_lookups by looking in the cache before. Guenther (This used to be commit eb1566869c5493f2a1d1ff9fcaaa45c143ad12a0)
2007-10-10r22447: Patch from Ying Li <ying.li2@hp.com> to default tdb idmapGerald Carter1-0/+8
plugin when neither idmap domains nor idmap backend have been defined. (This used to be commit 2fa12753da22551c9d5e6ca1bea95884e02ef7b2)
2007-10-10r22444: * Validate a SID before trying to convert it to a uid/gid via the publicGerald Carter1-3/+3
winbindd interface * Add nss_info/*so files to the RHEL/Fedora packaging (This used to be commit 1787fcb8c1199215fcec74472c727b8c8fbf5473)
2007-10-10r22430: Add SID validate to sid2uid() and sid2gid() public entry points in ↵Gerald Carter1-4/+81
winbindd (This used to be commit 0890cb941ed5d87a919edb5a896f331e900af007)
2007-10-10r22418: Support running under launchd. We abstract the method of obtainingJames Peach2-17/+104
sockets to listen on a little, because in the launchd case these are provided for us. We also add an idle timeout so that a daemon can exit after a period of inactivity. (This used to be commit fc8589a3371d396197fae508e563f814899c2beb)
2007-10-10r22417: Refactor the various daemon run-mode options to make the semanticsJames Peach1-20/+23
of the various flags explicit. (This used to be commit 19c929c6330a50f278ac322ac5fcb83d03734ea2)
2007-10-10r22402: Fix build warning.Günther Deschner1-1/+1
Guenther (This used to be commit bf9131fed30b3d6f80c41734c04450a1e6bcba5b)
2007-10-10r22393: fix cut&paste errorSimo Sorce1-1/+1
(This used to be commit 70878d698532aa8b0e151e7772894e251290186e)
2007-10-10r22392: Remove leftover potentially segfaulty code.Simo Sorce1-6/+5
Check we are online before actually trying to connect anywhere (This used to be commit ff5e0b2986d43de1e88c85783b451fcb9828d6a8)
2007-10-10r22390: Patchset sent to samba-technical to address the winbindGerald Carter5-164/+63
loop when allocating a new id for a SID: auth_util.patch Revert create_local_token() to the 3.0.24 codebase idmap_type.patch Have the caller fillin the id_map.xid.type field when resolving a SID so that if we allocate a new id, we know what type to use winbindd_api.patch Remove the WINBINDD_SIDS_TO_XIDS calls from the public winbindd interface for the 3.0.25 release idmap_rid.patch Cleanup the idmap_rid backend to not call back into winbindd to resolve the SID in order to verify it's type. (This used to be commit 3b24dae9e73b244540a68b631b428a4d0f57440b)
2007-10-10r22388: clearer message, thanks DavidSimo Sorce1-1/+1
(This used to be commit 7961476784713267efc19d305aa66c68275ccaa1)