summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2010-11-19s3: Remove some unused codeVolker Lendecke2-44/+0
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Nov 19 11:21:00 CET 2010 on sn-devel-104
2010-11-18s3: Call sid_check_is_domain instead of dom_sid_equalVolker Lendecke1-1/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu Nov 18 15:32:32 UTC 2010 on sn-devel-104
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_auth_dataVolker Lendecke1-13/+14
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Nov 17 12:02:34 UTC 2010 on sn-devel-104
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_info3_as_txtVolker Lendecke1-28/+29
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_afs_tokenVolker Lendecke1-8/+6
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_info3_as_ndrVolker Lendecke1-4/+5
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_unix_usernameVolker Lendecke1-6/+6
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_auth_dataVolker Lendecke1-11/+11
2010-11-17"bool ? true : false" is a bit pointlessVolker Lendecke1-2/+1
2010-11-17s3: Move parse_sidlist to the only calling fileVolker Lendecke3-44/+42
2010-11-17s3: Remove some unused codeVolker Lendecke2-23/+0
2010-11-14Fix the unexpected.tdb database problem. Change nmbd to store theJeremy Allison1-1/+6
transaction id of packets it was requested to send via a client, and only store replies that match these ids. On the client side change clients to always attempt to ask nmbd first for name_query and node_status calls, and then fall back to doing socket calls if we can't talk to nmbd (either nmbd is not running, or we're not root and cannot open the messaging tdb's). Fix readers of unexpected.tdb to delete packets they've successfully read. This should fix a long standing problem of unexpected.tdb growing out of control in noisy NetBIOS envioronments with lots of bradcasts, yet still allow unprivileged client apps to work mostly as well as they already did (nmblookup for example) in an environment when nmbd isn't running. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sun Nov 14 05:22:45 UTC 2010 on sn-devel-104
2010-11-14Move error reporting of messaging context creation fail intoJeremy Allison2-1/+10
the daemons themselves. Allows client utilities to silently fail to create a messaging context due to access denied on the messaging tdb (which I need for the following patch). Jeremy.
2010-11-08Second part of fix for bug #7777 - When requesting lookups for BUILTIN sids, ↵Jeremy Allison1-1/+3
winbindd allocates new uids/gids in error. Ensure we return after calling passdb for SID lookups for which we are authoritative. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Nov 8 22:24:34 UTC 2010 on sn-devel-104
2010-11-08First part of fix for bug #7777 - When requesting lookups for BUILTIN sids, ↵Jeremy Allison1-0/+10
winbindd allocates new uids/gids in error. Ensure idmap_init_passdb_domain() correctly initialized the default domain first. Jeremy.
2010-11-08s3-waf: add idmap_autorid to the build.Günther Deschner1-0/+9
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Nov 8 14:17:27 UTC 2010 on sn-devel-104
2010-11-08s3: Fix an uninitialized variableVolker Lendecke1-0/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Nov 8 13:22:06 UTC 2010 on sn-devel-104
2010-11-08s3:idmap: add a new ID mapping module autoridChristian Ambach1-0/+471
This is an initial implementation of the idmap_autorid module. It works similar to the idmap_rid module but requires less configuration. It will automatically pick ranges for each domain, so you do not have to bother any more about adding an idmap configuration for all of the domains in the forest. This is very easy to use and to configure and much more deterministic and faster than idmap_tdb, the typical choice of Samba users up to now.
2010-11-08s3:winbind add wcache_tdc_fetch_domainbysidChristian Ambach2-0/+53
add a function to lookup a domain in the winbind cache by domain SID
2010-11-08s3: Put some parentheses around conditionalsVolker Lendecke1-2/+2
2010-11-08s3: Consistently use stdbool types in new codeVolker Lendecke1-11/+11
2010-11-08s3:winbind add timeouts to winbind cacheChristian Ambach1-14/+57
This adds a timeout value to cache entries and the NDR records in the winbind cache. The previous approach of just comparing the sequence number has some issues, e.g. when retrying a wbinfo -n operation for a user in a not yet trusted domain was always failing even after the trusted domain was added. The new approach compares sequence number and timeout value to determine if a cache entry is still valid or not. I increased the cache version number so an old cache will be wiped automatically after upgrade.
2010-11-05s3: Remove some duplicate prototypesVolker Lendecke1-16/+0
2010-11-03s3: Fix a getgrent crash with many groupsVolker Lendecke1-0/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Nov 3 12:58:49 UTC 2010 on sn-devel-104
2010-11-02s3: Fix a typo in a DEBUG msgVolker Lendecke1-1/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Nov 2 13:13:39 UTC 2010 on sn-devel-104
2010-11-02s3-debug Impove setup_logging() to specify logging to stderrAndrew Bartlett1-1/+5
This change improves the setup_logging() API so that callers which wish to set up logging to stderr can simply ask for it, rather than directly modify the dbf global variable. Andrew Bartlett
2010-11-01s3:winbindd: fix query_user for users with NULL full name.Michael Adam1-1/+3
Not sure whether query_user ever sends a NULL full name. Query Display Info does, and it does not harm to add the check here, too. Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Mon Nov 1 13:03:33 UTC 2010 on sn-devel-104
2010-11-01s3:winbindd: fix query_user_list for users with NULL full_nameMichael Adam1-1/+3
2010-10-20s3: Use any_nt_status_not_ok in winbindVolker Lendecke19-95/+19
2010-10-18s3: fix the build of idmap_adex, idmap_tdb2, idmap_hash and several vfs modules.Günther Deschner4-0/+4
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 18 14:39:39 UTC 2010 on sn-devel-104
2010-10-18s3-winbind: Fixed init order.Andreas Schneider1-3/+3
We need the system server info in the rpc services. Autobuild-User: Andreas Schneider <asn@samba.org> Autobuild-Date: Mon Oct 18 12:43:16 UTC 2010 on sn-devel-104
2010-10-15s3-winbind: Fixed the build of idmap_rid.Andreas Schneider1-0/+1
2010-10-14libcli/auth Merge source4/libcli/security and util_sid.c into the common codeAndrew Bartlett1-1/+1
This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14s3-auth Use security_token_debug() from common codeAndrew Bartlett2-2/+1
This prints the security token including the privileges as strings instead of just a bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett36-7/+36
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-08Move talloc_enable_null_tracking() to the s3 daemonsVolker Lendecke1-1/+7
2010-10-08s3-waf: slowly getting modules to match how they look like in old build.Günther Deschner1-32/+32
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Oct 8 09:31:01 UTC 2010 on sn-devel-104
2010-10-07samr: for correctness, rename samr_RidTypeArray to samr_RidAttrArray.Günther Deschner2-2/+2
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Thu Oct 7 12:04:32 UTC 2010 on sn-devel-104
2010-10-05s3-waf: convert NSS_INFO into a subsystem.Günther Deschner1-0/+49
We don't do the fancy symlinking to idmap modules though. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Tue Oct 5 10:50:53 UTC 2010 on sn-devel-104
2010-10-01s3:events: Call all ready fd event handlers on each iteration of the main loopSteven Danneman1-3/+3
Previously, only one fd handler was being called per main message loop in all smbd child processes. In the case where multiple fds are available for reading the fd corresponding to the event closest to the beginning of the event list would be run. Obviously this is arbitrary and could cause unfairness. Usually, the first event fd is the network socket, meaning heavy load of client requests can starve out other fd events such as oplock or notify upcalls from the kernel. In this patch, I have changed the behavior of run_events() to unset any fd that it has already called a handler function, as well as decrement the number of fds that were returned from select(). This allows the caller of run_events() to iterate it, until all available fds have been handled. I then changed the main loop in smbd child processes to iterate run_events(). This way, all available fds are handled on each wake of select, while still checking for timed or signalled events between each handler function call. I also added an explicit check for EINTR from select(), which previously was masked by the fact that run_events() would handle any signal event before the return code was checked. This required a signature change to run_events() but all other callers should have no change in their behavior. I also fixed a bug in run_events() where it could be called with a selrtn value of -1, doing unecessary looping through the fd_event list when no fds were available. Also, remove the temporary echo handler hack, as all fds should be treated fairly now.
2010-10-01samba: share select wrappers.Günther Deschner1-0/+1
Guenther
2010-09-30s3: Add "smbcontrol winbindd ip-dropped <local-ip>"Volker Lendecke4-0/+69
This is supposed to improve the winbind reconnect time after an ip address has been moved away from a box. Any kind of HA scenario will benefit from this, because winbindd does not have to wait for the TCP timeout to kick in when a local IP address has been dropped and DC replies are not received anymore.
2010-09-30s3: Re-introduce a procid_self()Volker Lendecke1-1/+1
Giving the parent pid to reinit_after_fork is not a good idea.... None of the other callers do this, checked it.
2010-09-28s3-waf: fix dependencies in most of our module subsystems.Günther Deschner1-1/+0
Guenther
2010-09-27Change to using TDB_INCOMPATIBLE_HASH (the jenkins hash) on allJeremy Allison1-2/+5
TDB_CLEAR_IF_FIRST tdb's. For tdb's like gencache where we open without CLEAR_IF_FIRST and then with CLEAR_IF_FIRST if corrupt this is still safe to use as if opening an existing tdb the new hash will be ignored - it's only used on creating a new tdb not opening an old one. Jeremy.
2010-09-27s3-waf: add missing IDMAP modules.Günther Deschner1-0/+16
Guenther
2010-09-27s3-waf: move idmap subsystem to winbindd/wscript_build.Günther Deschner1-0/+74
Guenther
2010-09-21s3: Remove a pointless if-statementVolker Lendecke1-4/+0
2010-09-21s3-winbindd: another attempt to fix the non-ldap build.Günther Deschner2-0/+5
Guenther
2010-09-20s3: Replace sid_binstring and sid_guidstring with PIDL-based alternativesAndrew Bartlett4-6/+10
This reduces the manual marshalling of these structures by removing the duplication here. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>