IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Pass domain structure around in cache code rather than the domain name.
Some misc reformatting to make things look prettier.
(This used to be commit 295dd2a5817b5d7c40474b9e460f3515e8c8e449)
what was I thinking with those 4 character tabs?)
We now pass our winbindd test suite again!
Still to do:
- talloc_ctx on a per winbindd request basis not per connection
- clean up old crap we don't use any more
- test against multiple BDCs (I know this isn't going to work - group/user
handles have to be made against the same DC the domain and basic handles
are.
- implement network and dc failure recovery
(This used to be commit dc4ca0e0bd779b9157ea3b2a8f17eb455abf0f26)
- implemented some of the sam related connection manager routines
- fill in group id and gecos fields for getpwnam/getpwuid routines
- convert querydispinfo to cm
- getent passwd now works
Now for the group related routines...
(This used to be commit 4f8ea877876e91d4762f22e78aeb1bce4c65f011)
I've wrapped up all the decisions about managing, making and closing
connections into a connection manager in nsswitch/winbindd_cm.c.
It's rather incomplete at the moment - only querying basic user info works
at the moment (i.e finger -m DOMAIN/user) and everything else is broken.
Jeremy, please take a look and I'll start moving across the rest of
winbindd to this new system.
(This used to be commit c369cf5af787ed9c642778d21f162716fbf0620e)
- the usersupplied_info now contains a smb_username (as it comes across on
the wire) and a unix_username (after being passed through mapping
functions)
- when doing security={server,domain} use the smb_username, otherwise use
the unix_username
(This used to be commit d34fd8ec0716127c7a68eeb8e77d1ae8cc07b547)
Authentication Protocol (CRAP) takes a tuple of (username, random
challenge, encrypted lm password, encrypted nt password) where the
passwords are encrypted with the random challenge ala ntlmssp.
(This used to be commit 11f72a78e3a16bbb17b576d80b47a9eb818ee428)
many possible mem leaks, and segfaults fixed.
someone should port this fix to 2.2 also.
(This used to be commit fa8e55b8b465114ce209344965c1ca0333b84db9)
In particuar, it moves the domain_client_validate stuff out of
auth_domain.c to somwhere where they (I hope) they can be shared
with winbind better. (This may need some work)
The main purpose of this patch was however to improve some of the
internal documentation and to correctly place become_root()/unbecome_root()
calls within the code.
Finally this patch moves some more of auth.c into other files, auth_unix.c
in this case.
Andrew Bartlett
(This used to be commit ea1c547ac880def29f150de2172c95213509350e)
samba-technical a few weeks ago.
The idea here is to standardize the checking of user names and passwords,
thereby ensuring that all authtentications pass the same standards. The
interface currently implemented in as
nt_status = check_password(user_info, server_info)
where user_info contains (mostly) the authentication data, and server_info
contains things like the user-id they got, and their resolved user name.
The current ugliness with the way the structures are created will be killed
the next revision, when they will be created and malloced by creator functions.
This patch also includes the first implementation of NTLMv2 in HEAD, but which
needs some more testing. We also add a hack to allow plaintext passwords to be
compared with smbpasswd, not the system password database.
Finally, this patch probably reintroduces the PAM accounts bug we had in
2.2.0, I'll fix that once this hits the tree. (I've just finished testing
it on a wide variety of platforms, so I want to get this patch in).
(This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)
works much better with trusted domains whose DCs cannot be reached.
I'm pretty impressed with how much faster winbindd is in HEAD rather than
TNG. A lot fewer unecessary name lookups are performed and it feels a lot
zippier now.
(This used to be commit 36413784aec5819c83e5e469ce4c7bb5d468e980)
code not to do lookups for a particular domain. This allows winbind to
operate on a Samba PDC
(This used to be commit d472ee3a690fb6db03fd4536e4093a18fc37ddbb)
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
(This used to be commit debb471267960e56005a741817ebd227ecfc512a)
but the code suffered from bitrot and is not now reentrant. That means
we can get bizarre behaviour
i've fixed this by making next_token() reentrant and creating a
next_token_nr() that is a small non-reentrant wrapper for those lumps
of code (mostly smbclient) that have come to rely on the non-reentrant
behaviour
(This used to be commit 674ee2f1d12b0afc164a9e9072758fd1c5e54df7)
Don't call find_domain_from_name() from winbindd_kill_connections() as
you get stuck in an infinite loop!
(This used to be commit 8e982941d82b813197f2a9720149e60f629b5b20)
