| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Make sure that usernames are parsed using the correct separator.
Otherwise group memeberships in winbind may be result broken.
|
| |
|
|
| |
This reverts commit b57cbf62e8180c8fdb8f541c43358d36d8dbbdfa.
|
| |
|
|
|
|
| |
request.extra_data is not freed if there is no extra_data in response or
when there is some error happens in processing. This patch will free the
buffer right after processing a request before sending back a response.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This is a fix for a few small inefficiencies/bugs in the get_dcs() path.
* because the third add_one_dc_unique() loop was outside the ADS check all DCs
returned from the non-sitename lookup were being tacked onto the dc_name_ip
list twice.
* add_one_dc_unique() now checks if the given IP address already exists before
adding it to the list, making the returned list actually unique
* added more thorough doxygen comment headers
|
| |
|
|
| |
This reverts commit 8594edf666c29fd4ddf1780da842683dd81483b6.
|
| |\ |
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The scanner did not figure out that we always have a primary domain, so it
complained about us potentially passing a NULL pointer down to
set_domain_online_request() where it is dereferenced.
Make the code a bit clearer.
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| | |
Jeremy.
|
| |\| |
|
| | | |
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| | |
Guenther
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| |
| |
| |
| | |
farm failures when winbindd connects as guest.
This one took a *lot* of tracking down :-).
Jeremy.
|
| | |
| |
| |
| | |
The call was looking up a uid and not gid in the cache.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix segv when talking to parent DC (joined to child domain).
The root cause was
(a) storing the parent domain in the cli_state struct caused
the NTLMSSP pipe bind to fail which made us fallover to
the schannel code path
(b) the dcinfo pointer in cm_get_schannel_dcinfo() was returning
NULL even though the function indicated success.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
reconnect code to cope with rebooting a DC. This
replaces the code I asked Volker to revert.
The logic is pretty simple. It adds a new parameter,
"winbind reconnect delay", set to 30 seconds by
default, which determines how long to wait between
connection attempts.
To avoid overwhelming the box with DC-probe
forked children, the code now keeps track of
the DC probe child per winbindd_domain struct
and only starts a new one if the existing one
has died.
I also added a little logic to make sure the
dc probe child always sends a message whatever
the reason for exit so we will always reschedule
another connect attempt.
Also added documentation.
Jeremy.
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| | |
Guenther
|
| |/
|
|
|
| |
lookup_domain_name(). This new function accept separated
strings for domain and name.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
was asking for a winbindd name to SID lookup of
"Unix Group\name" where "name" was also a valid username,
the winbindd passdb lookup of that name was losing the
domain string info before calling lookup name (ie. lookup_name()
was being called with just the string "name", not the
full string "Unix Group\name").
The passdb backend of winbindd has to cope with
not only names from it's own global SAM domain,
but it does lookups for BUILTIN and "Unix User"
and "Unix Group" also, so making it guess by
losing the domain string is "A Bad Idea" (tm) :-).
Note that as winbind globally calls winbind_off()
at startup, it's safe for winbind to call sys_getgrnam()
to do the "Unix Group" lookup from inside lookup_name().
Jeremy.
|
| |
|
|
| |
Jeremy, please check & push if it's ok.
|
| |
|
|
|
|
|
|
|
| |
should never include the user SID.
The comment for the function in winbindd/winbindd_ads.c says
/* Lookup groups a user is a member of. */
The following patch makes the wbinfo calls return the correct data
before and after a login.
wbinfo --user-domgroups and --user-sids
|
| |
|
|
| |
This reverts commit 9920473cc165e75ee9aa5cbb9e568eb5fb67e9e6.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
fetch mapping.
Michael
|
| |
|
|
|
|
|
|
| |
1. use the return value that idmap_tdb2_open_perm_db() gives us
2. don't delete frep the local db if deleting from the perm db failed.
3. fix wrong interpretation of return value of the local delete
Michael
|
| |
|
|
|
|
|
|
| |
1. use the return value that idmap_tdb2_open_perm_db() gives us
2. don't write to the local db if writing to the perm db failed.
3. fix wrong interpretation of return value of the local store
Michael
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a band-aid for the rather convoluted offline/online mess in winbind
right now. Winbind re-uses the offline functionality that is targeted at domain
client installations on laptops to not overload disfunctional DCs. It uses the
winbind cache timeout as the retry timeout after a DC reboot.
I am using a parametric options because when this mess is cleaned up, that
parameter needs to go away again.
I'd recommend to use something like
winbind:online check timeout = 30
in typical LAN environments. This means a reconnect is attempted every 30
seconds.
Volker
|
| |
|
|
| |
(cherry picked from commit 666bf8456ac44cbbbd5524af2bf4fd89e18ddf62)
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This was overwritten by "idmap uid/gid" anyway. These are now the range
parameters for the alloc backend.
|
| | |
|
| | |
|
| | |
|
