Age | Commit message (Collapse) | Author | Files | Lines |
|
* Adds wbcGetSidAliases that calls the lookup_useraliases function.
* Updates wbinfo and winbind_util.c to call the new function.
* Also added winbind_get_groups helper function.
|
|
* Adds the plumbing required to lookup users by sid into winbind, wbinfo
and smbd helper lib (winbind_util.c).
* Removes some double declarations of winbind_util.c functions.
* Bumps the winbind protocol version to 21 and the minor version of
wbclient to 3.
|
|
necessary."
This reverts commit 487f5e7b4768cfe9e511b0ba56f16c411e21f702.
I was confused about the real meaning of find_domain_from_name_noinit()
vs. find_domain_from_name(). We don't need the connection established
here, just the domain struct which gets initialized by rescan_trusted_domains().
Sorry for the noise.
Michael
|
|
Calling find_domain_from_name_noinit() might not be enough here.
This makes winbindd_getpwent() behave the same as winbindd_getgrent().
Michael
|
|
find_domain_from_name_noinit() is no longer called only for
name alias support.
Michael
|
|
This also switches wb_reqtrans to use wbcErr instead of NTSTATUS as it would
be pointless to convert to errno first and to wbcErr later.
|
|
Michael, please check!
|
|
Michael
|
|
Michael
|
|
Michael
|
|
adding tmp talloc ctx and removing a variable
Michael
|
|
Michael
|
|
Michael
|
|
Michael
|
|
Michael
|
|
|
|
lp_use_kerberos_keytab parameter.
The first is "kerberos method" and replaces the "use kerberos keytab"
with an enum. Valid options are:
secrets only - use only the secrets for ticket verification (default)
system keytab - use only the system keytab for ticket verification
dedicated keytab - use a dedicated keytab for ticket verification.
secrets and keytab - use the secrets.tdb first, then the system keytab
For existing installs:
"use kerberos keytab = yes" corresponds to secrets and keytab
"use kerberos keytab = no" corresponds to secrets only
The major difference between "system keytab" and "dedicated keytab" is
that the latter method relies on kerberos to find the correct keytab
entry instead of filtering based on expected principals.
The second parameter is "dedicated keytab file", which is the keytab
to use when in "dedicated keytab" mode. This keytab is only used in
ads_verify_ticket.
|
|
"getent group" used to fill the idmap cache with negative
cache entries for unmapped group sids.
Don't pass domain name unconditionally to idmap_sid_to_gid().
idmap_sid_to_gid() only creates new mappings (allocating
idmap backends tdb, tdb2, ldap...) when the domain name passed
in is "".
Note that it is _wrong_ to directly call the idmap_sid_to_gid()
functions here, in the main winbindd. The correct fix would be
to send a sid_to_gid request to winbindd itself, but this needs
more work to prepare the async mechanisms, and we nee a quick
fix for getent passwd now.
Michael
|
|
"getent passwd" used to fill the idmap cache with negative
cache entries for unmapped user sids.
Don't pass domain name unconditionally to idmap_sid_to_[ug]id().
idmap_sid_to_[ug]id() only creates new mappings (allocating
idmap backends tdb, tdb2, ldap...) when the domain name passed
in is "".
Note that it is _wrong_ to directly call the idmap_sid_to_[ug]id()
functions here, in the main winbindd. The correct fix would be
to send a sid_to_[ug]id request to winbindd itself, but this needs
more work to prepare the async mechanisms, and we nee a quick
fix for getent passwd now.
Michael
|
|
and streamline logic some
Michael
|
|
|
|
Michael
|
|
Michael
|
|
So this gets now linked only into its single user: winbindd
(needed by winbindd_cache.c)
Michael
|
|
|
|
metze
|
|
triggered now
metze
|
|
And always setup the fd events.
metze
|
|
|
|
metze
|
|
|
|
Michael
|
|
version.h changes rather frequently. Since it is included via includes.h,
this means each C file will be a cache miss. This applies to the following
situations:
* When building a new package with a new Samba version
* building in a git branch after calling mkversion.sh
after a new commit (i.e. virtually always)
This patch improves the situation in the following way:
* remove inlude "version.h" from includes.h
* Use samba_version_string() instead of SAMBA_VERSION_STRING
in files that use no other macro from version.h instead of
SAMBA_VERSION_STRING.
* explicitly include "version.h" in those files that use more
macros from "version.h" than just SAMBA_VERSION_STRING.
Michael
|
|
|
|
Jeremy.
|
|
Signed-off-by: Bo Yang <boyang@novell.com>
|
|
Jeremy.
|
|
|
|
-1 or domain->last_status is not ok.
|
|
|
|
Jeremy.
|
|
in a forked child.
Jeremy.
|
|
Jeremy.
|
|
Guenther
|
|
|
|
metze
|
|
metze
|
|
set_event_dispatch_time() is stupid by design and only handles
the first event with a given name.
metze
|
|
cancel_named_event() is stupid by design and also only cancels
one single event.
metze
|
|
global state
set_event_dispatch_time() is stupid by design and just picks the first
event with the given name.
metze
|