IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
commit 3941269fa01038fca242a197e8d7c1f234d45ea7
Author: Gerald (Jerry) Carter <jerry@samba.org>
Date: Thu Jul 5 14:52:03 2007 -0500
Two fixes for "winbind expand groups".
(a) Update the counter for the number of new groups to resolve else
we'll only expand one group member per level and drop the rest.
(b) Don't reset the num_names counter in winbindd_ads.c:lookup_groupmem()
or we'll drop the SIDs resolved to names via cache from the resulting
list.
get_conf_item_string() to the later if statement.
- Also move the key definition to the later if statement in
get_conf_item_string() and get_conf_item_int().
This is a slightly modified version to set warn_pwd_expire to the
default value if 0, no, or a broken value is set.
This version also has one if statement less in get_config_item_int().
Thanks a lot to Andreas 'GlaDiaC' Schneider for this feature!
communication failures. Set timeout to 5 mins. Ensure that
we're terminating the correct child (the one we thought we
were talking to). Still setting up my testing environment
but I have high hopes for this being the fix for the 3.0.25b
showstopper.
Jeremy.
when verifying a ticket from winbindd_pam.c.
I've found during multiple, fast, automated SSH logins (such
as from a cron script) that the replay cache in MIT's krb5
lib will occasionally fail the krb5_rd_req() as a replay attack.
There seems to be a small window during which the MIT krb5
libs could reproduce identical time stamps for ctime and cusec
in the authenticator since Unix systems only give back
milli-seconds rather than the micro-seconds needed by the
authenticator. Checked against MIT 1.5.1. Have not
researched how Heimdal does it.
My thinking is that if someone can spoof the KDC and TDS
services we are pretty hopeless anyways.
in the winbindd_getgrnam() call. Couple of comments:
* Adds "winbind expand groups" parameter which defines the
max depth winbindd will expand group members. The default
is the current behavior of one level of expansion.
* The entire getrgnam() interface should be async. I
haven't done that.
* Refactors the domain users hack in fill_grent_mem() into
its own function.
there, do some reformatting.
Jeremy, I think we should also kill the child. It might hang in
something (an fcntl lock for example) that the next child might run into
immediately again.
I'm 100% certain I've forgotten to merge something, but the main code
should be in. It's mainly in dbwrap_ctdb.c, ctdbd_conn.c and
messages_ctdbd.c.
There should be no changes to the non-cluster case, it does survive make
test on my laptop.
It survives some very basic tests with ctdbd enables, I did not do the
full test suite for clusters yet.
Phew...
Volker
