| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
lp_use_kerberos_keytab parameter.
The first is "kerberos method" and replaces the "use kerberos keytab"
with an enum. Valid options are:
secrets only - use only the secrets for ticket verification (default)
system keytab - use only the system keytab for ticket verification
dedicated keytab - use a dedicated keytab for ticket verification.
secrets and keytab - use the secrets.tdb first, then the system keytab
For existing installs:
"use kerberos keytab = yes" corresponds to secrets and keytab
"use kerberos keytab = no" corresponds to secrets only
The major difference between "system keytab" and "dedicated keytab" is
that the latter method relies on kerberos to find the correct keytab
entry instead of filtering based on expected principals.
The second parameter is "dedicated keytab file", which is the keytab
to use when in "dedicated keytab" mode. This keytab is only used in
ads_verify_ticket.
|
|
"getent group" used to fill the idmap cache with negative
cache entries for unmapped group sids.
Don't pass domain name unconditionally to idmap_sid_to_gid().
idmap_sid_to_gid() only creates new mappings (allocating
idmap backends tdb, tdb2, ldap...) when the domain name passed
in is "".
Note that it is _wrong_ to directly call the idmap_sid_to_gid()
functions here, in the main winbindd. The correct fix would be
to send a sid_to_gid request to winbindd itself, but this needs
more work to prepare the async mechanisms, and we nee a quick
fix for getent passwd now.
Michael
|
|
"getent passwd" used to fill the idmap cache with negative
cache entries for unmapped user sids.
Don't pass domain name unconditionally to idmap_sid_to_[ug]id().
idmap_sid_to_[ug]id() only creates new mappings (allocating
idmap backends tdb, tdb2, ldap...) when the domain name passed
in is "".
Note that it is _wrong_ to directly call the idmap_sid_to_[ug]id()
functions here, in the main winbindd. The correct fix would be
to send a sid_to_[ug]id request to winbindd itself, but this needs
more work to prepare the async mechanisms, and we nee a quick
fix for getent passwd now.
Michael
|
|
and streamline logic some
Michael
|
|
|
|
Michael
|
|
Michael
|
|
So this gets now linked only into its single user: winbindd
(needed by winbindd_cache.c)
Michael
|
|
|
|
metze
|
|
triggered now
metze
|
|
And always setup the fd events.
metze
|
|
|
|
metze
|
|
|
|
Michael
|
|
version.h changes rather frequently. Since it is included via includes.h,
this means each C file will be a cache miss. This applies to the following
situations:
* When building a new package with a new Samba version
* building in a git branch after calling mkversion.sh
after a new commit (i.e. virtually always)
This patch improves the situation in the following way:
* remove inlude "version.h" from includes.h
* Use samba_version_string() instead of SAMBA_VERSION_STRING
in files that use no other macro from version.h instead of
SAMBA_VERSION_STRING.
* explicitly include "version.h" in those files that use more
macros from "version.h" than just SAMBA_VERSION_STRING.
Michael
|
|
|
|
Jeremy.
|
|
Signed-off-by: Bo Yang <boyang@novell.com>
|
|
Jeremy.
|
|
|
|
-1 or domain->last_status is not ok.
|
|
|
|
Jeremy.
|
|
in a forked child.
Jeremy.
|
|
Jeremy.
|
|
Guenther
|
|
|
|
metze
|
|
metze
|
|
set_event_dispatch_time() is stupid by design and only handles
the first event with a given name.
metze
|
|
cancel_named_event() is stupid by design and also only cancels
one single event.
metze
|
|
global state
set_event_dispatch_time() is stupid by design and just picks the first
event with the given name.
metze
|
|
It's really confusing to have two versions of 'fd_event'
metze
|
|
metze
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
Simo is right, we need to ask passdb first. At least this fixes a nasty to find
NT_STATUS_ACCESS_DENIED problem in the build farm for the test run I just did
on host "opi".
Michael, can you re-check if this also fixes the error you found, leading to
the two fixes?
Thanks,
Volker
|
|
This reverts commit 9a9b64dbdfce4414ada22d4f882c8c757b5813e1.
|
|
This reverts commit 45db33e73262d8e195a46fb96405dfb3dc43d6bc.
|
|
Jeremy.
|
|
reinit_after_fork() already calls messaging_reinit()
metze
|
|
As noted by Metzy, it makes no sense here to check id->sid.
What is worse, this might even be passed in uninitialized.
This still fixes the bug for me (of course), but we might need
to check, if another special handling of passdb is needed
(possibly changing from constant return code NT_STATUS_OK...)
Michael
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
This failed for backends other than passed, since
idmap_backends_unixid_to_sid() always asked passdb first,
which returned Success no matter whether a mapping was
found or not.
One effect wast that getpwuid failed after "net cache flush".
Only after filling the cache with a getpwnam call it succeeded.
This fix makes the behaviour of idmap_backends_unixid_to_sid()
exactly the same as that of idmap_backends_sid_to_unixid()
Michael
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
|
