Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-05-18 | s3-crypto: only include crypto headers when crypto is done. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-05-18 | s3-rpc_misc: clean out include/rpc_misc.h. | Günther Deschner | 4 | -4/+4 | |
Well known rids don't really belong into an rpc header, just use the ones defined in security.idl. Guenther | |||||
2010-05-17 | s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain(). | Günther Deschner | 1 | -2/+4 | |
Guenther | |||||
2010-05-17 | s3-winbind: make the getpeername() checks in cm_prepare_connection IPv6 aware. | Günther Deschner | 1 | -5/+25 | |
Note that this failure was hard to track, as winbind did only log a super helpful "cm_prepare_connection: Success" debug message. IPv6 gurus, please check Successfully tested in two independent IPv6 networks now. Guenther | |||||
2010-05-17 | s3:winbind:idmap_tdb: don't check ranges when an invalid entry was found. | Michael Adam | 1 | -0/+1 | |
There is no point in checking the ranges this if the record found had an invalid/unknown type: the mapping is not filled in. If it were initialized to some defaults before, the check just might replace the status NT_STATUS_INTERNAL_DB_ERROR with a NT_STATUS_NONE_MAPPED, which is not as precise. | |||||
2010-05-13 | s3:winbindd Provide a winbindd_register_handlers() helper function for s3compat | Andrew Bartlett | 2 | -95/+102 | |
This function provides a useful entry point for s3compat to set things up in winbindd. Andrew Bartlett | |||||
2010-05-13 | s3:winbindd Split helper functions to allow s3compat to call them | Andrew Bartlett | 2 | -22/+30 | |
This provides a more useful entry point for s3compat. Andrew Bartlett | |||||
2010-05-13 | s3:Winbindd Move winbindd_event_context to a different file | Andrew Bartlett | 3 | -12/+40 | |
This allows this function to be easily replaced in s3compat Andrew Bartlett | |||||
2010-05-13 | s3:winbindd Rename 'children' to 'winbindd_children' and make static | Andrew Bartlett | 1 | -9/+9 | |
2010-05-13 | s3:winbindd Remove call to namecache_enable(). | Andrew Bartlett | 1 | -4/+0 | |
This call only prints a DEBUG() Andrew Bartlett | |||||
2010-05-11 | s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATA | Andrew Bartlett | 1 | -14/+15 | |
All the callers just want the PAC_LOGON_INFO, so search for that in ads_verify_ticket(), and don't bother the callers with the rest of the PAC. This change makes sense on it's own (removing boilerplate wrappers that just confuse the code), but it also makes it much easier to implement a matching ads_verify_ticket() function in Samba4 for the s3compat proposal. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-06 | s3: only include gen_ndr headers where needed. | Günther Deschner | 5 | -0/+5 | |
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time as follows: ccache build w/o patch real 4m21.529s ccache build with patch real 3m6.402s pch build w/o patch real 4m26.318s pch build with patch real 3m6.932s Guenther | |||||
2010-05-02 | s3: Unify DEBUG_KRB5_TKT_REGAIN and DEBUG_KRB5_TKT_RENEWAL | Volker Lendecke | 1 | -1/+1 | |
I don't think it makes sense to #ifdef this one case separately. Metze, Bo Yang, please check! | |||||
2010-05-02 | s3: Fix a typo | Volker Lendecke | 1 | -1/+1 | |
2010-05-02 | s3: Fix the code order in append_auth_data | Volker Lendecke | 1 | -7/+7 | |
This is to comply with the comment "currently, anything from here on potentially overwrites extra_data." Günther, please check! | |||||
2010-04-29 | s3: range-check idmap script output | Volker Lendecke | 1 | -0/+13 | |
Not doing so results in the id mapping succeeding once unchecked and later on being refused, because when reading from the tdb we do the checks. | |||||
2010-04-29 | s3: Fix an uninitialized variable in idmap_tdb2_sid_to_id() | Volker Lendecke | 1 | -0/+1 | |
When we find an invalid record in the database, there's no point in checking the non-existing value against the range limits. | |||||
2010-04-29 | s3: Fix some nonempty blank lines | Volker Lendecke | 1 | -14/+14 | |
2010-04-25 | s3: async_domain_request is no longer used | Volker Lendecke | 2 | -67/+0 | |
2010-04-25 | s3: Convert add_trusted_domains() to wb_domain_request_send() | Volker Lendecke | 1 | -22/+19 | |
2010-04-25 | s3: Simplify trustdom_state | Volker Lendecke | 1 | -10/+5 | |
Don't store information explicitly as boolean flags that can be easily retrieved from the domain when it's actually needed. | |||||
2010-04-25 | s3: Make "struct trustdom_state" its own talloc context | Volker Lendecke | 1 | -14/+9 | |
2010-04-24 | s3: sendto_domain() is lo longer used | Volker Lendecke | 2 | -30/+0 | |
2010-04-23 | s3: Allow pdb password change using WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP | Volker Lendecke | 1 | -0/+15 | |
2010-04-23 | s3: init_dc_connection() can't init for internal domains | Volker Lendecke | 1 | -0/+4 | |
This fixes a crash in winbindd_dual_pam_chng_pswd_auth_crap when given global_sam_name() in the domain field | |||||
2010-04-23 | s3: replace some data_blob_talloc by data_blob_const | Volker Lendecke | 1 | -8/+4 | |
2010-04-23 | s3: Convert WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP to the new async API | Volker Lendecke | 4 | -47/+132 | |
2010-04-23 | s3-winbind: fix setup_domain_child() callers. | Günther Deschner | 1 | -2/+2 | |
Volker, please check. Guenther | |||||
2010-04-23 | s3: Fix a winbind crash when scanning trusts | Volker Lendecke | 1 | -0/+6 | |
add_trusted_domain() for a new domain always needs to be followed by a setup_domain_child(). This was not always done, in particular not when walking to the forest root for additional trusts. This is a minimal patch, we need to fix add_trusted_domain(). | |||||
2010-04-19 | s3: Move the in-memory ccache to the parent | Volker Lendecke | 7 | -95/+90 | |
None of this blocks, so there is no reason to keep this in a winbind child process | |||||
2010-04-19 | s3-winbind: Allow changing the password for pdb | Volker Lendecke | 1 | -0/+47 | |
2010-04-19 | s3: Convert WINBINDD_PAM_LOGOFF to the new async API | Volker Lendecke | 4 | -68/+148 | |
2010-04-19 | s3: Convert WINBINDD_PAM_CHAUTHTOK to the new async API | Volker Lendecke | 4 | -59/+131 | |
2010-04-19 | s3: Convert WINBINDD_PAM_AUTH_CRAP to the new async API | Volker Lendecke | 4 | -73/+132 | |
2010-04-19 | s3: Convert WINBINDD_PAM_AUTH to the new async API | Volker Lendecke | 4 | -66/+134 | |
2010-04-19 | winbindd: Fill in num_entries where available | Volker Lendecke | 3 | -0/+6 | |
The server implementation of WINBINDD_LIST_USERS, WINBINDD_LIST_GROUPS and WINBINDD_LIST_TRUSTDOM knows the number of entries returned. Bump up the version number so that a newer lib does not rely on something an older winbind does not do. | |||||
2010-04-19 | s3: Add some debug to GETSIDALIASES | Volker Lendecke | 1 | -0/+9 | |
2010-04-18 | s3: Fix indentation in remove_ccache | Volker Lendecke | 1 | -1/+1 | |
2010-04-18 | s3: Fix a typo in winbindd_ccache_save | Volker Lendecke | 1 | -1/+1 | |
2010-04-13 | s3-winbind: Authenticate SAM users | Volker Lendecke | 1 | -5/+71 | |
2010-04-13 | s3-winbindd: Fix typo in comment. | Karolin Seeger | 1 | -1/+1 | |
Karolin | |||||
2010-04-11 | s3: Use sizeof(chal) instead of a constant | Volker Lendecke | 1 | -1/+1 | |
2010-04-11 | s3: Cosmetics -- I could not spot where "chal" was initialized | Volker Lendecke | 1 | -1/+1 | |
2010-04-10 | s3: Remove domain selection from dual_pam_auth | Volker Lendecke | 1 | -53/+13 | |
We're in a child, the parent already has chosen the domain by picking the right child to connect to. Metze, you've done work on winbind lately, so it goes to you: Please check :-) | |||||
2010-04-10 | s3: Check 0 termination in GETALIASES | Volker Lendecke | 1 | -7/+13 | |
2010-04-08 | s3: Remove the separate "child" argument from setup_domain_child() | Volker Lendecke | 3 | -15/+8 | |
2010-04-08 | s3:winbindd: make "smbcontrol winbindd validate-cache" reliable again | Stefan Metzmacher | 1 | -0/+3 | |
commit 73577205cf81644e7fe853eaf3e6459f7f443096 (s3:winbindd: fix problems with SIGCHLD handling (bug #7317)) broke this. metze | |||||
2010-04-05 | s3: Fix a cut&paste error in winbindd_list_groups_done | Volker Lendecke | 1 | -1/+1 | |
2010-04-01 | s3:winbindd: remove unused variables | Stefan Metzmacher | 1 | -2/+0 | |
metze | |||||
2010-04-01 | s3:winbindd: fix problems with SIGCHLD handling (bug #7317) | Stefan Metzmacher | 3 | -17/+6 | |
The main problem is that we call CatchChild() within the parent winbindd, which overwrites the signal handler that was registered by winbindd_setup_sig_chld_handler(). That means winbindd_sig_chld_handler() and winbind_child_died() are never triggered when a winbindd domain child dies. As a result will get "broken pipe" for all requests to that domain. To reduce the risk of similar bugs in future we call CatchChild() in winbindd_reinit_after_fork() now. We also use a full winbindd_reinit_after_fork() in the cache validation child now instead instead of just resetting the SIGCHLD handler by hand. This will also fix possible tdb problems on systems without pread/pwrite and disabled mmap as we now correctly reopen the tdb handle for the child. metze |