Age | Commit message (Collapse) | Author | Files | Lines |
|
Use the flags stored in the tdb when determining if a domain can
be contacted. The tdb should be considered authoratative anyways unless
you know the flags in the winbindd_domain are correct (such as when
first enumerating trusts).
Original suggestion and patch from Steven Danneman <steven.danneman@isilon.com>.
Manually rewritten by me for 3.2.
(This used to be commit f53658a20de07a29abbe2e90917b328d00fc0024)
|
|
On a DC, we always use the domain name given. On a domain member,
we use lp_workgroup(). This fixes a bug supporting trusted domains.
(This used to be commit 8b063a414149bdf401a8f854d55ed7dc6f94cb60)
|
|
The check for inbound trusts is invalid when samba is a DC
and has a trust with an active directory domain.
This effectively prevented tusts with an AD domain on a
samba DC from working (unless using "winbindd rpc only"),
because an ads_connect() was never performed. Only the
rpc-based winbindd methods were working properly.
Jerry: Please check!
Michael
(This used to be commit dcd42a1e0642c69348adfaeecef7f7f2f074ac30)
|
|
hand-written ones.
Guenther
(This used to be commit d5ebfccebb1f1b56b45673a506fcdb414103c43b)
|
|
Michael
(This used to be commit 373a00ae0d667d257fa93ab14c773e841f2c4f1a)
|
|
explaining the reason for failure.
Michael
(This used to be commit ba5373ed7f74d560a9de8620039b596b8938d1dc)
|
|
The present assignment
"request->data.init_conn.is_primary = domain->internal ? False : True"
simply feels wrong. This seems to be the thing right to do:
"request->data.init_conn.is_primary = domain->primary ? true : false".
The question is: Does this have any purpose at all?
data.init_conn.is_primary seems to be used nowhere
in the whole code at all.
Is it (still) needed?
Michael
(This used to be commit 8bb21b8b3802e7b093a3c4fb41b8550033388878)
|
|
Guenther
(This used to be commit 40daef4c3d822a28467ff521efca6a55a0370050)
|
|
Guenther
(This used to be commit 54ad97bd8364c393de2c9471a4c14ca5b880b318)
|
|
Guenther
(This used to be commit 4389e4dadbf07c176d9102b74c06e62ecfc242be)
|
|
Interop fixes for AD specific flags. Original patch from Todd Stetcher.
(This used to be commit 5aadfcdaacd6f136eab9e107a88b8544e6d2105f)
|
|
The child struct is immediately reused, and this results
in a panic when child->logfilename == NULL.
Michael
(This used to be commit da131d089db98017632103aa9bbe38c98f7a3fc1)
|
|
Just to be sure the "if (!_domain_list)" in domain_list() test always works.
Michael
(This used to be commit 1f49065d44dd7570d5a9928359751bd36f287952)
|
|
fixes winbind krb5 session at least with heimdal).
Guenther
(This used to be commit 9cf3a98eacea2dd07f89245f147e002b3f49482e)
|
|
metze
(This used to be commit df08708fc1e8fc8e15b36db29faf35ae5ae64b65)
|
|
Pointed out by Steven Danneman on irc, thanks!
Jerry, Günther, please check!
(This used to be commit 9e71c89ac648040739ef2161a2e6c4299be1e35b)
|
|
Guenther
(This used to be commit f7100156a7df7ac3ae84e45a47153b38d9375215)
|
|
(This used to be commit ee851730cef1eb506b47faf57e25789ad3c6aafa)
|
|
This uses 2 tdb files. One is permanent, and is in shared storage
on the cluster (using "tdb:idmap2.tdb =" in smb.conf). The other is a
temporary cache tdb on local storage.
Signed-off-by: Alexander Bokovoy <ab@samba.org>(This used to be commit b6df7e7709365fb620867ad8954bc5bf24496775)
|
|
rpccli_lsa_query_info_policy2().
Guenther
(This used to be commit 7a3fe68bef7acde9d9f8a7a44ce7e9432f3c5a95)
|
|
(CID 535 - actually false but easy to shut up :-).
Jeremy.
(This used to be commit 4038bb3a9485943db58d9fe30947e11522ce283d)
|
|
Guenther
(This used to be commit 19a980f52044a170618629e5b0484c1f6b586e5f)
|
|
Michael
(This used to be commit 6b2b9a60ef857ec31da5fea631535205fbdede4a)
|
|
Michael
(This used to be commit 3f89aea8e4df3a2de8c5e4c6f4e417567adb2d67)
|
|
Guenther
(This used to be commit 73233a06d6f0f1346c48b465750af4b532cd7306)
|
|
Michael
(This used to be commit 6f673b7f10c145d88e6a6d3072b5f8cd98837304)
|
|
Michael
(This used to be commit 62d6d4fff2edcce04e793d2a2f877cb3f4fedbdb)
|
|
Michael
(This used to be commit dba24ceae78ffc49200b647838b6bf3657275add)
|
|
Michael
(This used to be commit 66fc1db1d19d11792d9506b06ad914d88b7e0663)
|
|
If we try to flush the caches and due to a corrupted tdb we and have no tdb
context close the tdb and validate it. Initialize the cache afterwards again.
(This used to be commit d0c0f91fb9f3438a18c6f47ed894f525beb75cbf)
|
|
Also *do not* clear the trust list when rescanning or else it is possible
to suffer from a race condition where no trusted domains can be found.
(This used to be commit e7164a252bf213a74d6eeac5aa04645eed5be241)
|
|
(This used to be commit f89e356bdaa203ef0a3ce6b8bd52170afa68a2c9)
|
|
A user logging in via GDM was not getting a complete list of supplementary
groups in his/her token. This is because getgroup() was not able to
find the winbindd_domain* using the DNS name. Fallback to matching the DNS
name is the short name match failes.
(This used to be commit 2030a8de19a2c7c735a8aa367dd953e4a5c447b8)
|
|
This allows us to deal with child domains in transitive forest trusts.
It also allows us to fill in the forest name to the target domain to the
struct winbindd_domain *.
(This used to be commit ed30516bb0f55f9ba466debf91b6e33d1c28a484)
|
|
Jeremy.
(This used to be commit a5df44f5b7887d10c1e1a0b7a3dd05bcf31015e1)
|
|
sid_size did the same as ndr_size_dom_sid
(This used to be commit 8aec5d09ba023413bd8ecbdfbc7d23904df94389)
|
|
Jermey.
(This used to be commit a1482b09150f4d292965c77bc73d47fb14f5eb85)
|
|
Guenther
(This used to be commit b7383818168863a7ba43c2456f8c44e96e76707a)
|
|
is set.
This essentially re-establishes r14496 (2155bb0535656f294bd054d6a0a7d16a9a71c31b)
which was undone in r17723 (43bd8c00abb38eb23a1497a255d194fb1bbffffb) for
reasons that are unclear to me. Maybe I am being too naive.
Now we do again only retrieve the password policy when called from
the pam_winbind module. This fixes logons delegated to AD trusted
domain controllers: We need to connect to the sam to retrieve the
password policy. But auhtenticated session setup is not possible
when contacting the trusted domain dc and afterwards, SamrConnect
also fails with whatever credentials and method used.
Michael
(This used to be commit 6d765e0de523211a2d0b43a2c4c4117f5f0c662f)
|
|
All callers are replaced by Get_Pwnam_alloc
(This used to be commit 735f59315497113aebadcf9ad387e3dbfffa284a)
|
|
Don't fall back to schannel when trust creds could be obtained.
This is still not complete, but I am getting closer.
Michael
(This used to be commit 7c9fa597d684a25822b4db6615f28336f2d64ef3)
|
|
Make a copy of the machine_password and machine_account strings
in all conditional paths so that SAFE_FREE() will always be valid.
(This used to be commit 194c4640b158457a6d0d5ea91e28d41d619c77de)
|
|
least surprise for callers
(This used to be commit eb523ba77697346a365589101aac379febecd546)
|
|
This adds 28 fstrings on the stack, but I think an fstring on the stack is
still far better than a static one.
(This used to be commit c7c885078be8fd3024c186044ac28275d7609679)
|
|
It seems a bit pointless to do a fstrcpy(dst, sid_string_static(src))
(This used to be commit c221c246b10e2dbbd54a9af2dc45de2eae237380)
|
|
(This used to be commit 0a911d38b8f4be382a9df60f9c6de0c500464b3a)
|
|
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
|
|
(This used to be commit f00ab810d2540679bec109498ac89e1eafe18f03)
|
|
metze
(This used to be commit 075d315e0f72d506b70040da10940e4af131b4e2)
|
|
Even if the session setup was anonymous, try and collect
trust creds with get_trust_creds() and use these before
falling back to schannel.
This is the first attempt to fix interdomain trusts.
(get password policy and stuff)
Michael
(This used to be commit e180bbd45452435e981192028a0ad90078c04236)
|