Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb 27 20:14:20 CET 2011 on sn-devel-104
|
|
|
|
|
|
|
|
Right now, the nss_info backends are tied to the idmap backends (which is wrong
IMHO). In the domain child we don't load the idmap backend anymore, so we don't
have the nss info modules. This needs fixing properly.
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb 27 16:59:19 CET 2011 on sn-devel-104
|
|
Casting those variables will lead to sscanf believing that it sees pointers to
unsigned longs. These might be 64 bit long, thus sscanf will overwrite memory
it should not overwrite. Assigning the vars later is okay, there we get
automatic type conversion. C can be nasty ...
Christian, please check!
|
|
The "goto error;" lead to the invalid talloc_free.
Christian, please check!
|
|
as the autorid module relies on a stable minimum uid/gid value
and rangesize, it now saves the values used at first successful start
and refuses to work if these values get changed in smb.conf later.
Changing the values after the first mapping was done will result
in unpredictable behaviour.
Another check covers the maximum uid value. If this gets decreased
later and domain range mappings already exist that would result
in uid values higher than the new uid value, initialization will
be aborted
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb 23 15:42:35 CET 2011 on sn-devel-104
|
|
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.
The structure is also not ideal for it's current purpose. Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session. This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.
(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
this brings the s3 waf build much closer to the proposed s3build top
level build, using the same bld.SAMBA3_*() rules
There are a few renames of subsystems in here, with a 3 suffix where
it would create a conflict.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Guenther
|
|
|
|
builds w/o ldap.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Feb 11 13:08:38 CET 2011 on sn-devel-104
|
|
Guenther
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Feb 9 00:01:45 CET 2011 on sn-devel-104
|
|
Guenther
|
|
The benefit of this that it makes us more robust to secure channel resets
triggered from tools outside the winbind process. Long term we need to have a
shared tdb secure channel store though as well.
Guenther
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Feb 4 18:11:04 CET 2011 on sn-devel-104
|
|
more usefull
metze
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Feb 3 03:35:32 CET 2011 on sn-devel-104
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Feb 2 18:10:45 CET 2011 on sn-devel-104
|
|
#7944)
If winbindd connects to a domain controller it doesn't establish the lsa
connection over ncacn_ip_tcp direct. This happens only on demand.
If someone does a 'net rpc testjoin' and then a
wbinfo -n DOMAIN\\administrator, we'll get DCERPC faults with
ACCESS_DENIED/SEC_PKG_ERROR, because winbindd's in memory copy
of the schannel session key is invalidated.
This problem can also happen on other calls, but the
lookup_names/sids calls on thet lsa ncacn_ip_tcp connection
are the most important ones.
The long term fix is to store the schannel client state in a
tdb, but for now it's enough to catch the error and invalidate
the all connections to the dc and reestablish the schannel
session key.
The fix for bug 7568 (commit be396411a4e1f3a174f8a44b6c062d834135e70a)
made this worse, as it assumes winbindd's in memory session key is
always the current one.
metze
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb 2 15:44:21 CET 2011 on sn-devel-104
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb 2 14:14:43 CET 2011 on sn-devel-104
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Feb 1 15:59:17 CET 2011 on sn-devel-104
|
|
main loop"
This reverts commit 455fccf86b6544cd17a2571c63a88f8aebff3f74.
I'll add a more generic fix for this problem.
metze
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Jan 28 23:38:16 CET 2011 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Jan 26 12:41:14 CET 2011 on sn-devel-104
|
|
This reverts commit 18962ea3852d0d0fc7371e99813bebd54fae0a19.
|
|
This reverts commit cea36aeacf8778493463f31e6afc3f58384639e2.
|
|
After failing the netr_LogonSamLogonEx, we failed to retry with
netr_LogonSamLogon.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Jan 24 12:35:42 CET 2011 on sn-devel-104
|
|
|
|
This makes us scale better with many simultaneous winbind requests,
some of which might be slow.
This implementation breaks offline logons, as the cached credentials are
maintained in a child (this needs fixing). So, if the offline logons are
active, only allow one DC connection.
Probably the offline logon and the scalable file server cases are
separate enough so that this patch is useful even with the restriction.
|