| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
metze
|
| |
|
|
|
|
|
|
|
|
|
| |
Now the winbindd cache can be checked at runtime by
calling "smbcontrol winbindd validate-cache".
For the execution of the validation code, I fork a child
and in the child restore the default SIGCHLD handler in
order for the fork/waitpid mechanism of tdb_validate to work.
Michael
|
| |
|
|
|
|
|
|
|
|
|
| |
So there is a new subcommand "smbcontrol winbindd validate-cache" now.
This change provides the infrastructure:
The function currently returns "true" unconditionally.
The call of a real cache validation function will be incorporated
in subsequent changes.
Michael
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the two functions talloc_stackframe() and talloc_tos().
* When a new talloc stackframe is allocated with talloc_stackframe(), then
* the TALLOC_CTX returned with talloc_tos() is reset to that new
* frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse
* happens: The previous talloc_tos() is restored.
*
* This API is designed to be robust in the sense that if someone forgets to
* TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and
* resets the talloc_tos().
The original motivation for this patch was to get rid of the
sid_string_static & friends buffers. Explicitly passing talloc context
everywhere clutters code too much for my taste, so an implicit
talloc_tos() is introduced here. Many of these static buffers are
replaced by a single static pointer.
The intended use would thus be that low-level functions can rather
freely push stuff to talloc_tos, the upper layers clean up by freeing
the stackframe. The more of these stackframes are used and correctly
freed the more exact the memory cleanup happens.
This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and
lp_talloc_ctx (did I forget any?)
So, never do a
tmp_ctx = talloc_init("foo");
anymore, instead, use
tmp_ctx = talloc_stackframe()
:-)
Volker
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
|
|
|
|
| |
TODO: don't allow '-i -D' and '-D -i' on all
server binaries in the SAMBA_3_2 branch!
The &server_mode patch makes this difficult to check...
metze
|
| |
|
|
|
|
| |
- use poptPrintUsage() to give the user more info
metze
|
| |
|
|
|
|
|
|
|
|
| |
smbd, nmbd and winbindd can be started with invalid options currently.
The first patch attached would be a possible solution.
It contains an exit if an invalid option has been used. The main problem
is, that existing setups with wrong options or missing arguments in start
scripts will break (which is the right behaviour from my point of view).
metze
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
failed expression in SMB_ASSERT.
|
| |
|
|
|
| |
Herb).
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
doing this because for the clustering the marshalling is needed in more
than one place, so I wanted a decent routine to marshall a message_rec
struct which was not there before.
Tridge, this seems about the same speed as it used to be before, the
librpc/ndr overhead in my tests was under the noise.
Volker
|
| |
|
|
| |
Nothing of major interest. Will fix a few problems with one way trusts.
|
| |
|
|
|
|
|
|
|
|
| |
winbindd main function.
I have tested and somewhat extended the code, and it seems
to do a good job. I have possibly not caught all error
conditions though.
Michael
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
patch.
This changes "struct process_id" to "struct server_id", keeping both is
just too much hassle. No functional change (I hope ;-))
Volker
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(a) Query our primary domain for trusts
(b) Query all tree roots in our forest
(c) Query all forest roots in trusted forests.
This will give us a complete trust topology including
domains via transitive Krb5 trusts. We also store the
trust type, flags, and attributes so we can determine
one-way trusted domains (outgoing only trust path).
Patch for one-way trusts coming in a later check-in.
"wbinfo -m" now lists all domains in the domain_list() as held
by the main winbindd process.
|
| | |
|
| |
|
|
|
|
| |
sockets to listen on a little, because in the launchd case these
are provided for us. We also add an idle timeout so that a daemon
can exit after a period of inactivity.
|
| |
|
|
| |
of the various flags explicit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
loop when allocating a new id for a SID:
auth_util.patch Revert create_local_token() to
the 3.0.24 codebase
idmap_type.patch Have the caller fillin the
id_map.xid.type field when
resolving a SID so that if we allocate
a new id, we know what type to use
winbindd_api.patch Remove the WINBINDD_SIDS_TO_XIDS calls
from the public winbindd interface
for the 3.0.25 release
idmap_rid.patch Cleanup the idmap_rid backend to not
call back into winbindd to resolve
the SID in order to verify it's type.
|
| |
|
|
|
|
|
|
|
| |
same load/store function as NTTIME). Add a version number
string to the winbindd cache so we can tell if it needs
upgrading. THIS WILL DELETE ANY EXISTING winbindd_cache.tdb
on first startup regardless of offline auth status. Once
this is done we're in good shape though.
Jeremy.
|
| |
|
|
|
| |
This hack makes thing work, but we will need to try again to
make the getpw* calls fully async, that's the real fix.
|
| | |
|
| |
|
|
| |
so they can honor the offline logon state.
|
| |
|
|
|
| |
on terminate. Pointed out by Herb.
Jeremy.
|
| |
|
|
|
| |
dleonard@vintela.com for this fix !
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
void message_register(int msg_type,
void (*fn)(int msg_type, struct process_id pid,
- void *buf, size_t len))
+ void *buf, size_t len,
+ void *private_data),
+ void *private_data)
{
struct dispatch_fns *dfn;
So this adds a (so far unused) private pointer that is passed from
message_register to the message handler. A prerequisite to implement a tiny
samba4-API compatible wrapper around our messaging system. That itself is
necessary for the Samba4 notify system.
Yes, I know, I could import the whole Samba4 messaging system, but I want to
do it step by step and I think getting notify in is more important in this
step.
Volker
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This allows a provider to supply the homedirectory, etc...
attributes for a user without requiring support in core
winbindd code. The idmap_ad.c module has been modified
to provide the idmap 'ad' library as well as the rfc2307 and sfu
"winbind nss info" support.
The SID/id mapping is working in idmap_ad but the nss_info
still has a few quirks that I'm in the process of resolving.
|
| | |
|
| |
|
|
| |
Guenther
|
| |
|
|
|
|
|
|
|
|
|
| |
This add a struct event_context and infrastructure for fd events to smbd. This
is step zero to import lib/events.
Jeremy, I rely on you to watch the change in receive_message_or_smb()
closely. For the normal code path this should be the only relevant change. The
rest is either not yet used or is cosmetic.
Volker
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
still needs to contact the DC's for non async requests
like enumerate users/groups etc. Now that online
DC detection is tied to async events we must enable
the processing of events in the main loop of winbindd.
Finally got rid of the last hard coded domain->initialized = 1
code in init_child_recv() - now all domain->initialized = True
gets done only in the connection manager code when either
we're online and have spoken to the DC or are offline and
we know we can't talk to the DC.
Jeremy.
|
| |
|
|
| |
Simo.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
| |
against tdb corruption. Needs fleshing out
(and I forgot one record type) and needs helpful
suggestion from Volker to validate freelist,
but should give an idea of how this will look.
Jeremy.
|
| |
|
|
| |
in core dump path.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
We usually do not get the results from user/group script modifications
immediately. A lot of users do add nscd restart/refresh commands into
their scripts to workaround that while we could flush the nscd caches
directly using libnscd.
Guenther
|
| |
|
|
|
| |
krb5.conf files under lockdir, not privatedir.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
ntlm_auth module to allow it to use winbindd cached
credentials.The credentials are currently only stored
in a krb5 MIT environment - we need to add an option to
winbindd to allow passwords to be stored even in an NTLM-only
environment.
Patch from Robert O'Callahan, modified with some fixes
by me.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
This mode proxies pre-calculated blobs from a remote (probably VPN)
client into the domain. This allows clients to change their password
over a PPTP connection (where they would not be able to connect to
SAMR directly).
The precalculated blobs do not reveal the plaintext password.
Original patch by Alexey Kobozev <cobedump@gmail.com>
|
| |
|
|
|
|
|
| |
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
|
