IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
a getgr*() function that lists groups without numerating all the
group members. Instead of definiing a new nss method (which might
cause problems) I added an environment variable WINBIND_GETGRLST
that tells winbind not to fill in the group members in a gergrent()
request. This can speed up group listing by a factor of 20 or more
(on my test system with 50000 groups it reduces the time from an hour
to 2 minutes)
(This used to be commit e3f73256d3)
membership from an ADS server. We now use a 'member' query on the
group and do a separate call to convert the resulting distinguished
name to a name, rid etc. This is *much* faster for very large numbers
of groups (on a quantum test system with 10000 groups it drops the
time from an hour to about 35 seconds).
strangely enough, this actually *increases* the amount of ldap
traffic, its just that the MS LDAP server answers these queries much
faster.
(This used to be commit 5538048e4f)
We now cope wiith multiple WINS groups and multiple failover servers
for release and refresh as well as registration. We also do the regitrations
in the same fashion as W2K does, where we don't try to register the next
IP in the list for a name until the WINS server has acked the previos IP.
This prevents us flooding the WINS server and also seems to make for much
more reliable multi-homed registration.
I also changed the dead WINS server code to mark pairs of IPs dead,
not individual IPs. The idea is that a WINS server might be dead from
the point of view of one of our interfaces, but not another, so we
need to keep talking to it on one while moving onto a failover WINS
server on the other interface. This copes much better with partial
LAN outages and weird routing tables.
(This used to be commit 313f2c9ff7)
accept an extended syntax for 'wins server' like this:
wins server = group1:192.168.2.10 group2:192.168.3.99 group1:192.168.0.1
The tags before the IPs don't mean anything, they are just a way of
grouping IPs together. If you use the old syntax (ie. no ':') then
an implicit group name of '*' is used. In general I'd recommend people
use interface names for the group names, but it doesn't matter much.
When we register in nmbd we try to register all our IPs with each group
of WINS servers. We keep trying until all of them are registered with
every group, falling back to the failover WINS servers for each group
as we go.
When we do a WINS lookup we try each of the WINS servers for each group.
If a WINS server for a group gives a negative answer then we give up
on that group and move to the next group. If it times out then
we move to the next failover wins server in the group.
In either case, if a WINS server doesn't respond then we mark it dead
for 10 minutes, to prevent lengthy waits for dead servers.
(This used to be commit e125f06058)
to using SIDs instead of RIDs.
The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument.
The idea here is to prevent mistakes where the SID is implict, but isn't
the same one that we have in the struct.
Andrew Bartlett
(This used to be commit 04f9a8ff4c)
the (now static) global_sam_sid.
The only place it was being used was to return global_sid_NULL to some
uid->sid functions - and I'm not convinced this is correct in any case.
Andrew Bartlett
(This used to be commit e2a76a7fc9)
whatever case the request was made in. This gets rid of duplicate
cache entries.
Also when doing a sid to name, prime the cache with the name to sid
mapping result. We can't do the reverse as we don't know the correct
case of the name to store in the cache.
(This used to be commit f268b0d5fb)
to correctly allow password changes on expired passwords. (No security
implications, as its just a 'will I let you talk to the server' check).
pam_winbind checks the password prior to changing it, so that users don't
have to make up and type their new password when they havn't even got the
old one right. This also helps with stacking etc.
Andrew Bartlett
(This used to be commit 2b78d49300)
didn't make any sense, and its was always just strlen(password) anyway.
This fixes it to be strlen(password)+1
Andrew Bartlett
(This used to be commit c205b18bd6)
I think we may still need to look at our server enumeration code, but
other than that, its much better in the tree than out.
Andrew Bartlett
(This used to be commit d57a1b4629)
<Michael.Gerdts@alcatel.com>. The struct passwd in Solaris contains some
extra fields which must be initialised otherwise nscd crashes.
(This used to be commit a67323d071)
