| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
(This used to be commit c4e6de9e34e1ff76552ce6d4e72b343fb5f33306)
|
|
(This used to be commit fe79c8a5b726754703626ca0bff57074274c98c7)
|
|
(This used to be commit 6009ae329375b1c40e3d00df977ddccc8b5cc176)
|
|
(This used to be commit cc77db2acbc35cea58576f1e28c7a760a5e31609)
|
|
(This used to be commit e0957c6f4b1e81c27fda1de7fb7cbc9c585f5ac9)
|
|
(This used to be commit 0da9d0d0f9662d8bd2f370f764d5a875e11b3068)
|
|
(This used to be commit 954556b527aa652f9a46f0d48834e92befb3c5f9)
|
|
(This used to be commit daa171552dc00d9602a05ba199c9a3ff24c802f5)
|
|
(This used to be commit fe58926283b51910d8587e32bb11aa681b9a27d3)
|
|
This is called only from idmap_alloc_init, which feels kindof weird.
Digging deeper in the code...
(This used to be commit c8d1bbfddce41cd6bf37dd0a622ef3437a24b492)
|
|
(This used to be commit 7cec389e19323e99b6b6258e539be9d1fd65810f)
|
|
smbcontrol winbindd debug level would only set the debug level of the
parent winbindd process and not the child processes. This patch adds
the functionality of broadcasting the debug message to all winbindd
children. Now the debug level message is propagated to all the winbindd
processes that includes parent and children.
(This used to be commit cfbcfc3ffe74f28ec874a6bf1ab93f55f405b6e6)
|
|
queries."
This reverts commit b58e4f6b3d73294d8448c0dff4341183c52e5b7c.
Details can be found on the samba-technical mailing list.
Karolin
(This used to be commit 534a445df450c681be7da2c9dd65f7294f942b08)
|
|
error code in winbindd group expansion.
Jeremy.
(This used to be commit e321377174f579ba57a70f260f4d4bc234a07439)
|
|
Extends ads_connect() to a new call ads_connect_gc() which connects on port
3268 rather than port 389. Also makes ads_try_connect() static and
only used internally to ldap.c
(This used to be commit f4c37dbe2c986fb7bfe510cdff3b4a9fbc06d079)
|
|
Attached is the companion patch to
(037b9689d9042a398cb91e4628a82fcdfa913c21), which
made handling of WINBINDD_LIST_GROUPS asynchronous.
Because most all of the list_groups code was reusable, I abstracted it,
and implemented both list_groups and list_users on top of it.
On my large test domain a "wbinfo -u" call went from 70 seconds to 30
seconds with this patch. Plus, the parent process is no longer blocked
from receiving new requests during that time.
Steven Danneman | Software Development Engineer
Isilon Systems P +1-206-315-7500 F +1-206-315-7501
www.isilon.com
(This used to be commit 5188f2861137ff06d5399561d55d7d00c3a08644)
|
|
Leave the message inside winbind_messaging_context() for now.
There might be callers, where this debug message could prove useful...
Michael
(This used to be commit e9177ec56a8fe596d6fcfc4a95df87e39f757818)
|
|
Michael
(This used to be commit e710a9b73ea2fd176de7093125bc5f3f3f3a9404)
|
|
Leave appropriate handling to the callers.
Michael
(This used to be commit 3e0c24323af5f10fa68ae8aad552b7346536c908)
|
|
v3-3-test
(This used to be commit 9075c5f2ada8f96ae8d6cbcfc36663969e9bf34f)
|
|
BUILTIN and a Domain
specific version. Stops the domain groups appearing twice.
Jeremy.
(This used to be commit 77b99530e0ce0ab0f335d8b22774548d30690550)
|
|
Guenther
(This used to be commit b1209a039b45985e0b28777e04cba5bcc3de061e)
|
|
Guenther
(This used to be commit 5b4650d56c04be0c498413f17afb2cf6d0e7d548)
|
|
enumerate domain groups.
Jeremy
(This used to be commit 2181770e4589d475b95b4103a8f95a58787f1f86)
|
|
containing a '.'.
Jeremy.
(This used to be commit 96325ff44dc404a68d4ebd423cf78210ec3ff902)
|
|
This reverts commit 2ea03a1e95a30e321e390bef9408a1215711de07.
(This used to be commit 80c2e8295a00c3d88372b55b81d03b455feb69b2)
|
|
Karolin
(This used to be commit 94a4d7fa3209eb668161b8110af6f877b4833fa7)
|
|
arguements -> arguments
Karolin
(This used to be commit 16b5b772d216d10613d433884634b1215efbd6e6)
|
|
Clients can request name-to-sid queries for different combinations of
upper and lower case names. We don't want to create the reverse caching
entries for each combination used.
This avoids inconsistent answers on sid-to-name queries.
Please review!
Karolin
(This used to be commit b58e4f6b3d73294d8448c0dff4341183c52e5b7c)
|
|
goto target we were not reinitializing the array counts.
From Herb:
This is in the file nsswitch/winbindd_cm.c (samba-3.0.30) line 1236
We have a label again: where we keep trying to find the name of the DC
from the list of IPs returned by get_dcs. If we fail to figure out the
name we do a goto again at the end of the function. The problem is we
don't reset the num_dcs, num_addrs, etc and free the memory in the
various arrays. This seems wrong to me. I have a winbindd core where
I have 9 IPs returned for the DCs but at the time of the crash num_dcs
is 87 and if I look through the array dcs it keeps repeating entries
from the same group of 9
Jerry, Volker and Guenther please check.
Jeremy.
(This used to be commit 15f464321a7c71a86b747918343746050d286655)
|
|
(This used to be commit 2ea03a1e95a30e321e390bef9408a1215711de07)
|
|
Reduce the use of config parameters with run time information after discussion
with Guenther.
(This used to be commit 57d596395db287301eefd34e62c9aaf857c34c69)
|
|
not keeping primary domain online status up to date.
Jeremy.
(This used to be commit 0621c7c8161b7b94cc9249ab3e71855d3030b6fb)
|
|
backend. This allows winbindd when running on a Samba PDC to
correctly answer wbinfo -u lists and other queries.
Jeremy.
(This used to be commit e61ad0c1586733ae1d3518ce56d95094d1ac5ef9)
|
|
Jeremy.
(This used to be commit 25e76a19f22cdf726928d6c4b165745de9e455d6)
|
|
way - deleting the socket!
Jeremy.
(This used to be commit 3ab5a3883e33eba159152aa02544d71f047c7e45)
|
|
83b04c60fac76ccd2d5aecb14f8896a07d488b1f..6e66512d5beb256a44c6703cdb8c7fa7e0fd8537.
We still need to address https://bugzilla.redhat.com/show_bug.cgi?id=429024, but this
will come later.
Jeremy.
(This used to be commit 41e20becf3b976656f60aaec9175df329803b012)
|
|
cm_prepare_connection
when checking for a trusted domain situation.
This is how it was meant to be:
Otherwise, with a dc-trusted-domain situation but trusted domains disabled,
we would attempt to do a session setup and fail (wouldn't even get a trust
password).
Michael
(This used to be commit a5a51ca8e5971992d9b060d66201b808bd2b7a53)
|
|
(This used to be commit 3b1dae7c31b881834ca4494c4434ae97a56ce6c7)
|
|
Win2008 domain (merged from v3-0-test).
commit 8dc4e979776aae0ecaa74b51dc1eac78a7631405
Author: Steven Danneman <sdanneman@isilon.com>
Date: Wed May 7 13:34:26 2008 -0700
spnego SPN fix when contacting trusted domains
cli_session_setup_spnego() was not taking into consideration the situation
where we're connecting to a trusted domain, specifically one (like W2K8)
which doesn't return a SPN in the NegTokenInit.
This caused two problems:
1) When guessing the SPN using kerberos_get_default_realm_from_ccache() we
were always using our default realm, not the realm of the domain we're
connecting to.
2) When falling back on NTLMSSP for authentication we were passing the name
of the domain we're connecting to for use in our credentials when we should be
passing our own workgroup name.
The fix for both was to split the single "domain" parameter into
"user_domain" and "dest_realm" parameters. We use the "user_domain"
parameter to pass into the NTLM call, and we used "dest_realm" to create an SPN
if none was returned in the NegTokenInit2 packet. If no "dest_realm" is
provided we assume we're connecting to our own domain and use the credentials
cache to build the SPN.
Since we have a reasonable guess at the SPN, I removed the check that defaults
us directly to NTLM when negHint is empty.
(This used to be commit b78b14c88e8354aadf9ba7644bdb1c29245fe419)
|
|
looking up trust credentials in our tdb.
commit fd0ae47046d37ec8297396a2733209c4d999ea91
Author: Steven Danneman <sdanneman@isilon.com>
Date: Thu May 8 13:34:49 2008 -0700
Use machine account and machine password from our domain when
contacting trusted domains.
(This used to be commit 69b37ae60757075a0712149c5f97f17ee22c2e41)
|
|
Jeremy.
(This used to be commit 0bc18967aa7cb6f4debeaa48be81d0e48a7d9503)
|
|
Previously WINBINDD_LIST_GROUPS requests (ex: wbinfo -g) were handled by the
winbindd parent process in a sequential fashion. This patch, delegates the work
to the winbindd children so that the request is handled much faster in large
domain topologies, and doesn't block the parent from receiving new requests.
The core group enumeration and conversion that was handled in
winbindd_list_groups() has been moved into winbindd_dual_list_groups() to be
done by the child.
The parent winbindd_list_groups() simply calls each of the children
asynchronously.
listgroups_recv() aggregates the final group list that will be returned to the
client and tracks how many of the children have returned their lists.
The domain name of the child is passed back through the callbacks to be used in
debugging messages.
There are also several fixes to typos in various comments.
(This used to be commit 037b9689d9042a398cb91e4628a82fcdfa913c21)
|
|
Michael
(This used to be commit 467b8f0f4d58fc00d07264c651016087bd00b233)
|
|
call :
CatchChild();
*before* we fork the domain child. This call establishes a signal handler that
eats SIGCLD signals and doesn't call sys_select_signal() as the main daemon
SIGCLD handler should do. This causes the parent to ignore dead children and
time out, instead of calling winbind_child_died() on receipt of the signal. The
correct fix is to move the CatchChild call into the child code after the fork.
Jeremy.
(This used to be commit 8d701a142be2b75dc30ad215bc178af902eb4af9)
|
|
in particular closing and reopening logs on SIGHUP.
Conflicts:
source/winbindd/winbindd.c
(This used to be commit 0f7b11accec7df1c0e9a9dc0828a5e0c5ddec4cb)
|
|
The wbcLookupDomainController() call supports a set of flags
defined in wbclient.h. Add a mapping function between these
flags and the original DS_XXX flags in order to prevent having
to include the generated RPC headers in wbclient.h.
(This used to be commit 31614cd5e08dd6389c66e6ddf9f2d5429c6ab033)
|
|
Guenther
(This used to be commit 7889516a384c155a9045aad4409c041fddd0d98d)
|
|
Guenther
(This used to be commit 82cbb3269b2e764c9c2a2fbcbe9c29feae07fb62)
|
|
everywhere.
Guenther
(This used to be commit fe904ee77a7fec1674e9db660978c40c17897f77)
|
