| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
If we don't have a connection to a trusted domain but still try to do a
lookup we shouldn't segfault.
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Sep 4 18:16:06 CEST 2012 on sn-devel-104
|
|
talloc_traverse_dict will return with -1 in case of an error and
might return positive values that indicate the count of found
entries
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Wed Aug 24 18:09:11 CEST 2011 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We need to enumerate passdb alias members
Thanks to gd for bugging me :-)
|
|
|
|
|
|
|
|
|
|
This converts a talloc_dict retrieved from wb_group_members to the string
that the pipe protocol expects
|
|
|
|
|
|
|
|
|
|
Same comment as in baa6084378e530b: This is just a preparatory checkin.
Volker
|
|
In itself, this is pretty pointless. But in the next steps I'll convert the
winbind internal communication to wb_reqtrans which allocates the request
properly. This minimizes the later diff.
Volker
|
|
|
|
alias enumeration in NSS is not done properly done atm and needs to be fixed.
Guenther
|
|
Guenther
|
|
|
|
|
|
* Adds wbcGetSidAliases that calls the lookup_useraliases function.
* Updates wbinfo and winbind_util.c to call the new function.
* Also added winbind_get_groups helper function.
|
|
|
|
"getent group" used to fill the idmap cache with negative
cache entries for unmapped group sids.
Don't pass domain name unconditionally to idmap_sid_to_gid().
idmap_sid_to_gid() only creates new mappings (allocating
idmap backends tdb, tdb2, ldap...) when the domain name passed
in is "".
Note that it is _wrong_ to directly call the idmap_sid_to_gid()
functions here, in the main winbindd. The correct fix would be
to send a sid_to_gid request to winbindd itself, but this needs
more work to prepare the async mechanisms, and we nee a quick
fix for getent passwd now.
Michael
|
|
|
|
getgrsid_sid2gid_recv
to make code more readble
Michael
|
|
This is just to find the corresponding domain struct.
Actual connection is handled by the domain child.
Michael
|
|
|
|
With large groups, getgrent ran into timeouts because after each
single user that was added to the expanded group list, the list
was sorted and made unique.
Now the list is sorted just once after all members have been added.
Michael
|
|
Before this, "getent group builtin\\administrators" expanded
domain group members in the form DOMAIN\domain\user.
Michael
|
|
Michael
|
|
* Ensures that all points an which a name is received or returned
to/from a client passes through the name aliases layer (users
and groups).
|
|
Make sure that usernames are parsed using the correct separator.
Otherwise group memeberships in winbind may be result broken.
(This used to be commit 20b9c0aa7b4e6d6be5bb6e4e96bd8a1cbb6edd37)
|
|
(This used to be commit 30a180f2fce8cf6a3e5548f6bba453272ba70b33)
|
|
(This used to be commit 50a347f5503ebed0fcc7b9de60f8368677585bb1)
|
|
error code in winbindd group expansion.
Jeremy.
(This used to be commit e321377174f579ba57a70f260f4d4bc234a07439)
|
|
Attached is the companion patch to
(037b9689d9042a398cb91e4628a82fcdfa913c21), which
made handling of WINBINDD_LIST_GROUPS asynchronous.
Because most all of the list_groups code was reusable, I abstracted it,
and implemented both list_groups and list_users on top of it.
On my large test domain a "wbinfo -u" call went from 70 seconds to 30
seconds with this patch. Plus, the parent process is no longer blocked
from receiving new requests during that time.
Steven Danneman | Software Development Engineer
Isilon Systems P +1-206-315-7500 F +1-206-315-7501
www.isilon.com
(This used to be commit 5188f2861137ff06d5399561d55d7d00c3a08644)
|
|
(This used to be commit 3b1dae7c31b881834ca4494c4434ae97a56ce6c7)
|
|
Previously WINBINDD_LIST_GROUPS requests (ex: wbinfo -g) were handled by the
winbindd parent process in a sequential fashion. This patch, delegates the work
to the winbindd children so that the request is handled much faster in large
domain topologies, and doesn't block the parent from receiving new requests.
The core group enumeration and conversion that was handled in
winbindd_list_groups() has been moved into winbindd_dual_list_groups() to be
done by the child.
The parent winbindd_list_groups() simply calls each of the children
asynchronously.
listgroups_recv() aggregates the final group list that will be returned to the
client and tracks how many of the children have returned their lists.
The domain name of the child is passed back through the callbacks to be used in
debugging messages.
There are also several fixes to typos in various comments.
(This used to be commit 037b9689d9042a398cb91e4628a82fcdfa913c21)
|
|
In getgrsid_lookupsid_recv() we use parse_domain_user which itself looks at
lp_winbind_separator(). Thus when building up that group name we should better
use it as well.
(This used to be commit 5df75578ef1da41164936cd11b14114889201d47)
|
|
if (!&new_glist) would always be skipped, if (new_glist == NULL) is
what must have been meant...
Michael
(This used to be commit c1b60cdecff2a53f0a75a432a1ad7730eb734908)
|
|
Guenther
(This used to be commit 6a576cfe9b87e69af6acbe9abc04124b8b743fd3)
|
|
Michael
(This used to be commit 6b2b9a60ef857ec31da5fea631535205fbdede4a)
|
|
A user logging in via GDM was not getting a complete list of supplementary
groups in his/her token. This is because getgroup() was not able to
find the winbindd_domain* using the DNS name. Fallback to matching the DNS
name is the short name match failes.
(This used to be commit 2030a8de19a2c7c735a8aa367dd953e4a5c447b8)
|
|
Jermey.
(This used to be commit a1482b09150f4d292965c77bc73d47fb14f5eb85)
|
