Age | Commit message (Collapse) | Author | Files | Lines |
|
Pointed out by Steven Danneman on irc, thanks!
Jerry, Günther, please check!
(This used to be commit 9e71c89ac648040739ef2161a2e6c4299be1e35b)
|
|
Guenther
(This used to be commit f7100156a7df7ac3ae84e45a47153b38d9375215)
|
|
(This used to be commit ee851730cef1eb506b47faf57e25789ad3c6aafa)
|
|
This uses 2 tdb files. One is permanent, and is in shared storage
on the cluster (using "tdb:idmap2.tdb =" in smb.conf). The other is a
temporary cache tdb on local storage.
Signed-off-by: Alexander Bokovoy <ab@samba.org>(This used to be commit b6df7e7709365fb620867ad8954bc5bf24496775)
|
|
rpccli_lsa_query_info_policy2().
Guenther
(This used to be commit 7a3fe68bef7acde9d9f8a7a44ce7e9432f3c5a95)
|
|
(CID 535 - actually false but easy to shut up :-).
Jeremy.
(This used to be commit 4038bb3a9485943db58d9fe30947e11522ce283d)
|
|
Guenther
(This used to be commit 19a980f52044a170618629e5b0484c1f6b586e5f)
|
|
Michael
(This used to be commit 6b2b9a60ef857ec31da5fea631535205fbdede4a)
|
|
Michael
(This used to be commit 3f89aea8e4df3a2de8c5e4c6f4e417567adb2d67)
|
|
Guenther
(This used to be commit 73233a06d6f0f1346c48b465750af4b532cd7306)
|
|
Michael
(This used to be commit 6f673b7f10c145d88e6a6d3072b5f8cd98837304)
|
|
Michael
(This used to be commit 62d6d4fff2edcce04e793d2a2f877cb3f4fedbdb)
|
|
Michael
(This used to be commit dba24ceae78ffc49200b647838b6bf3657275add)
|
|
Michael
(This used to be commit 66fc1db1d19d11792d9506b06ad914d88b7e0663)
|
|
If we try to flush the caches and due to a corrupted tdb we and have no tdb
context close the tdb and validate it. Initialize the cache afterwards again.
(This used to be commit d0c0f91fb9f3438a18c6f47ed894f525beb75cbf)
|
|
Also *do not* clear the trust list when rescanning or else it is possible
to suffer from a race condition where no trusted domains can be found.
(This used to be commit e7164a252bf213a74d6eeac5aa04645eed5be241)
|
|
(This used to be commit f89e356bdaa203ef0a3ce6b8bd52170afa68a2c9)
|
|
A user logging in via GDM was not getting a complete list of supplementary
groups in his/her token. This is because getgroup() was not able to
find the winbindd_domain* using the DNS name. Fallback to matching the DNS
name is the short name match failes.
(This used to be commit 2030a8de19a2c7c735a8aa367dd953e4a5c447b8)
|
|
This allows us to deal with child domains in transitive forest trusts.
It also allows us to fill in the forest name to the target domain to the
struct winbindd_domain *.
(This used to be commit ed30516bb0f55f9ba466debf91b6e33d1c28a484)
|
|
Jeremy.
(This used to be commit a5df44f5b7887d10c1e1a0b7a3dd05bcf31015e1)
|
|
sid_size did the same as ndr_size_dom_sid
(This used to be commit 8aec5d09ba023413bd8ecbdfbc7d23904df94389)
|
|
Jermey.
(This used to be commit a1482b09150f4d292965c77bc73d47fb14f5eb85)
|
|
Guenther
(This used to be commit b7383818168863a7ba43c2456f8c44e96e76707a)
|
|
is set.
This essentially re-establishes r14496 (2155bb0535656f294bd054d6a0a7d16a9a71c31b)
which was undone in r17723 (43bd8c00abb38eb23a1497a255d194fb1bbffffb) for
reasons that are unclear to me. Maybe I am being too naive.
Now we do again only retrieve the password policy when called from
the pam_winbind module. This fixes logons delegated to AD trusted
domain controllers: We need to connect to the sam to retrieve the
password policy. But auhtenticated session setup is not possible
when contacting the trusted domain dc and afterwards, SamrConnect
also fails with whatever credentials and method used.
Michael
(This used to be commit 6d765e0de523211a2d0b43a2c4c4117f5f0c662f)
|
|
All callers are replaced by Get_Pwnam_alloc
(This used to be commit 735f59315497113aebadcf9ad387e3dbfffa284a)
|
|
Don't fall back to schannel when trust creds could be obtained.
This is still not complete, but I am getting closer.
Michael
(This used to be commit 7c9fa597d684a25822b4db6615f28336f2d64ef3)
|
|
Make a copy of the machine_password and machine_account strings
in all conditional paths so that SAFE_FREE() will always be valid.
(This used to be commit 194c4640b158457a6d0d5ea91e28d41d619c77de)
|
|
least surprise for callers
(This used to be commit eb523ba77697346a365589101aac379febecd546)
|
|
This adds 28 fstrings on the stack, but I think an fstring on the stack is
still far better than a static one.
(This used to be commit c7c885078be8fd3024c186044ac28275d7609679)
|
|
It seems a bit pointless to do a fstrcpy(dst, sid_string_static(src))
(This used to be commit c221c246b10e2dbbd54a9af2dc45de2eae237380)
|
|
(This used to be commit 0a911d38b8f4be382a9df60f9c6de0c500464b3a)
|
|
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
|
|
(This used to be commit f00ab810d2540679bec109498ac89e1eafe18f03)
|
|
metze
(This used to be commit 075d315e0f72d506b70040da10940e4af131b4e2)
|
|
Even if the session setup was anonymous, try and collect
trust creds with get_trust_creds() and use these before
falling back to schannel.
This is the first attempt to fix interdomain trusts.
(get password policy and stuff)
Michael
(This used to be commit e180bbd45452435e981192028a0ad90078c04236)
|
|
Michael
(This used to be commit 481f18b20d6d5ee12c62120a3559bb16cc98e465)
|
|
Do not attempt to do a session setup when in a trusted domain
situation (this gives STATUS_NOLOGON_TRUSTED_DOMAIN_ACCOUNT).
Use get_trust_pw_clear to get machine trust account.
Only call this when the results is really used.
Use the proper domain and account name for session setup.
Michael
(This used to be commit 18c66a364e0ddc4960769871ca190944f7fe5c44)
|
|
Michael
(This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
|
|
Up to now each caller used its own logic.
This eliminates code paths where there was a special treatment
of the following situation: the domain given is not our workgroup
(i.e. our own domain) and we are not a DC (i.e. it is not a typical
trusted domain situation). In situation the given domain name was
previously used as the machine account name, resulting in an account
name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me.
get_trust_pw would not have obtained a password in this situation
anyways.
I hope I have not missed an important point here!
Michael
(This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
|
|
by retrieving trust password only, when it will be used.
Michael
(This used to be commit cdc60d8ae8c0ef804206b20b451e9557f97d4439)
|
|
Michael
(This used to be commit 164bfb25d7b5cfeffeb4d81958b7629a11ca5d5e)
|
|
The tdb is validated before it gets initialized. Since then sighandlers changed
a restart isn't needed anymore.
(This used to be commit aabe9b33fcaed8af98b1ed6b736253e196d87d48)
|
|
Also the design of this function was really bad,
instead do the dump into a file, the client should get
back the list of mappings.
metze
(This used to be commit ce7fe8acf41e90553431c7cda6823700701835c7)
|
|
WINBINDD_DUAL_UID2NAME
WINBINDD_DUAL_NAME2UID
WINBINDD_DUAL_GID2NAME
WINBINDD_DUAL_NAME2GID
metze
(This used to be commit fd4499ee438e4947990200db529363d51bd2c956)
|
|
metze
(This used to be commit a52237e3a10aa4ac15cd9e7b859a54c46bfa9cdf)
|
|
Add struct_ prefix to struct based protocol specific
elemetens struct winbindd_child_dispatch_table.
metze
(This used to be commit 4ab9a8aab72a8406659a72e87b2d2a1ec2a2eabf)
|
|
metze
(This used to be commit de31913f0a4fd407d935ec4e27a6123ab7847ab5)
|
|
them with malloc'ing accessor functions. Should save a
lot of static space :-).
Jeremy.
(This used to be commit 52dc5eaef2106015b3a8b659e818bdb15ad94b05)
|
|
No more temptations to use static length strings.
Jeremy.
(This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de)
|
|
Remove all vestiges of pstring (except for smbctool as noted
in previous commit).
Jeremy
(This used to be commit 4c32a22ac50ada3275d2ffba3c1aa08bee7d1549)
|