summaryrefslogtreecommitdiffstats
path: root/source3/nsswitch/winbindd.c
Commit message (Collapse)AuthorAgeFilesLines
* r1297: Yes, it does survive valgrind for my tests :-)Volker Lendecke2007-10-101-8/+5
| | | | | | | | | | | Check in the 'winbind proxy only' mode -- no new parameter required :-) If you don't set idmap uid or idmap gid, winbind will not do idmap stuff, it will only proxy the netlogon request and thus speed up the authentication of domain users. Volker (This used to be commit 29235f0c69035376ad7ac27b08a59069fa151102)
* r294: checking in volker's winbindd patches; tested on domain members (Samba ↵Gerald Carter2007-10-101-0/+2
| | | | | | and AD) as well as on a Samba DC (This used to be commit 157d53782d6a7d0b7e30676a674ff2a25a15369c)
* r116: volker's patch for local group and group nestingGerald Carter2007-10-101-0/+1
| | | | (This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
* BUG 1182: patch from john.klinger@lmco.com (John Klinger) to reanable the ↵Gerald Carter2004-03-161-1/+1
| | | | | | -n 'no cache' option for winbindd (This used to be commit d1848988d9ee9fdd870bcdd32c938b907419558b)
* Remove an unused parameter from reload_services_file.Richard Sharpe2004-01-291-4/+3
| | | | (This used to be commit 0032c3f46aaef065e95d987dc0506016aabbe644)
* update copyright to -2004Stefan Metzmacher2004-01-111-1/+1
| | | | | metze (This used to be commit 12d6bc3bd0684646e990c2fc6485fe1a92ac98fb)
* This merges in my 'always use ADS' patch. Tested on a mix of NT and ADSAndrew Bartlett2004-01-081-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | domains, this patch ensures that we always use the ADS backend when security=ADS, and the remote server is capable. The routines used for this behaviour have been upgraded to modern Samba codeing standards. This is a change in behaviour for mixed mode domains, and if the trusted domain cannot be reached with our current krb5.conf file, we will show that domain as disconnected. This is in line with existing behaviour for native mode domains, and for our primary domain. As a consequence of testing this patch, I found that our kerberos error handling was well below par - we would often throw away useful error values. These changes move more routines to ADS_STATUS to return kerberos errors. Also found when valgrinding the setup, fix a few memory leaks. While sniffing the resultant connections, I noticed we would query our list of trusted domains twice - so I have reworked some of the code to avoid that. Andrew Bartlett (This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
* Commit the translation of the realm to the netbios domain name in the kerberosVolker Lendecke2004-01-041-0/+1
| | | | | | | | | | session setup. After talking to jht and abartlet I made this unconditional, no additional parameter. Jerry: This is a change in behaviour, but I think it is necessary. Volker (This used to be commit 3ce6c9f27368cfb278007fe660a0e44a84d67f8f)
* Add a comment, and a useful debug message.Andrew Bartlett2003-11-251-0/+1
| | | | (This used to be commit df14b0af31863680218b06ae9de2f010a38fba6e)
* as discussed on irc, this is a small patch that allows a few moreAndrew Tridgell2003-11-191-0/+1
| | | | | | | | | | | | | | | | | | winbind functions to be accessed via NSS. This provides a much cleaner way for applications that need (for example) to provide name->sid mappings to do this via NSS rather than having to know the winbindd pipe protocol (as this might change). This patch also adds a varient of the winbindd_getgroups() call called winbindd_getusersids() that provides direct SID->SIDs listing of a users supplementary groups. This is enough to allow non-Samba applications to do ACL checking. A test program for the new functionality will be committed shortly. I also added the 'wbinfo --user-sids' option to expose the new function in wbinfo. (This used to be commit 702b35da0ac7c73aa5a6603f871d865565bbe278)
* a small include file rearrangement that doesn't affect normalAndrew Tridgell2003-11-121-0/+1
| | | | | | compilation, but that allows Samba3 to take advantage of pre-compiled headers in gcc if available. (This used to be commit b3e024ce1da7c7e24fcacd8a2964dd2e4562ba39)
* Final round of printf warnings fixes for the moment.Tim Potter2003-11-061-3/+3
| | | | (This used to be commit 0519a7022b4979c0e8ddd4907f4b858a59299c06)
* Add a better error message to wb_common.c when unable to connect to a pipeRichard Sharpe2003-10-131-0/+7
| | | | | | socket and add a comment to winbindd.c to explain the fancy calculation of buffer offset. (This used to be commit 7c7ef9680b7378e12ffdd0bf95ee7ad673bea2f5)
* make sure we keep the trusted domain cache up to dateGerald Carter2003-08-251-8/+2
| | | | (This used to be commit 3324adcaceb9191b5d4d671ac9b51c85c6714598)
* metze's autogenerate patch for version.hGerald Carter2003-08-201-1/+1
| | | | (This used to be commit ae452e51b02672a56adf18aa7a7e365eeaba9272)
* fix 2 bugs:Gerald Carter2003-08-081-1/+7
| | | | | | | | | | 1) don't ask trusted DC's for a list of trusted domains. This causes us to treat non-transitive ones as if they were transitive. Not needed anyways 2) Fix dc lookup bug where we would always try to use DNS to resolve the DC's for a domain (even if it was a trusted NT4 domain). (This used to be commit 4d3acce5066d3adf53ee8fbaa627c42523b3cbc3)
* convert snprintf() calls using pstrings & fstringsGerald Carter2003-07-231-2/+2
| | | | | | | to pstr_sprintf() and fstr_sprintf() to try to standardize. lots of snprintf() calls were using len-1; some were using len. At least this helps to be consistent. (This used to be commit 9f835b85dd38cbe655eb19021ff763f31886ac00)
* Fixup a bunch of printf-style functions and debugs to use unsigned long whenTim Potter2003-07-221-8/+8
| | | | | | | displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings on some of the 64-bit build farm machines as well as help us out when 64-bit uid/gid/pid values come along. (This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a)
* Replace the eight (!) copies of dummy become/unbecome root with a single one.Tim Potter2003-07-221-14/+0
| | | | (This used to be commit 8b818ce381595cdcb36631a2440d6aa0038805f1)
* fixes for 'net rpc vampire'. I can now take a blank Samba hostGerald Carter2003-07-161-3/+0
| | | | | | | | | | | | and migrate an NT4 domain and still logon from domain members (tested logon scripts, system policies, profiles, & home directories) (passdb backend = tdbsam) removed call to idmap_init_wellknown_sids() from winbindd.c since the local domain should be handled by the guest passdb backend (and you don't really always want the Administrator account to be root) ...and we didn't pay attention to this anyways now. (This used to be commit 837d7c54d3ca780160aa0d6a2f0a109bb691948e)
* Add support for MSG_SMB_CONF_UPDATED and MSG_SHUTDOWN to all daemons (smbd, ↵Alexander Bokovoy2003-07-151-4/+22
| | | | | | nmbd, winbindd). Reviewed by jerry and tridge. (This used to be commit 02c5e2fc6f0721ebd82a9e6a2b34190607de55fe)
* remove -B and default to dual-daemon mode (-Y to run as a single process)Gerald Carter2003-07-151-2/+2
| | | | (This used to be commit 369a914ebefd5625af19b76d71b502e5e13a7147)
* Large set of changes to add UNIX account/group managementGerald Carter2003-07-091-1/+10
| | | | | to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
* fix linking issues in winbindd with become/unbecome_root() in passdb.cGerald Carter2003-07-091-0/+14
| | | | (This used to be commit 389fe1e51abb533a781f69731a75771cb846d850)
* Some const correctness. Stop tdb being used as a remote backend. If anJeremy Allison2003-06-271-1/+1
| | | | | | | | idmap backend is specified cause smbd to ask winbindd (use winbindd if you want a consistant remote backend solution). Should work well enough for next beta now... Jeremy. (This used to be commit 8f830c509af5976d988a30f0b0aee4ec61dd97a3)
* add tdb backup function separation and winbind idmap upgrade code formSimo Sorce2003-06-241-0/+3
| | | | | | | pre-2.2.4 tdb database format. tx volker for your work on this (This used to be commit 2bdbeb9e97a59ecd16f74fbb04ab5ca57b28a757)
* merge of the netsamlogon caching code from APPLIANCE_HEADGerald Carter2003-06-211-2/+12
| | | | | | | | | | | | | | | | This replaces the universal group caching code (was originally based on that code). Only applies to the the RPC code. One comment: domain local groups don't show up in 'getent group' that's easy to fix. Code has been tested against 2k domain but doesn't change anything with respect to NT4 domains. netsamlogon caching works pretty much like the universal group caching code did but has had much more testing and puts winbind mostly back in sync between branches. (This used to be commit aac01dc7bc95c20ee21c93f3581e2375d9a894e1)
* And finally IDMAP in 3_0Simo Sorce2003-05-121-3/+5
| | | | | | | | | | | | | | | | | | | | | We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
* Reverse previous patch from Stefan and me after comments by Andrew BartlettJelmer Vernooij2003-05-101-2/+0
| | | | (This used to be commit d817eaf0ecca2d878ab1ffcf7a747a02d71c811e)
* Patch from metze and me that adds dummy smb_register_*() functions soJelmer Vernooij2003-05-101-0/+2
| | | | | | that is now possible to, for example, load a module which contains an auth method into a binary without the auth/ subsystem built in. (This used to be commit 74d9ecfe2dd7364643d32acb62ade957bd71cd0d)
* There appears to be no reason why we have to execute theTim Potter2003-05-061-57/+45
| | | | | | | | | | | initialisation code in winbindd_init_common() after the fork when running in dual daemon mode. The only tricky bit is we have to run a tdb_reopen_all() somewhere in the child to avoid tdb corruption. Fixed bug #60. (This used to be commit 25e55aca0fe315c2ccf4e34a94107b2321313714)
* Merge HEAD's winbind into 3.0.Andrew Bartlett2003-04-231-1/+2
| | | | | | | | | This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code, the winbind_idmap abstraction (not idmap proper, but the stuff that held up the winbind LDAP backend in HEAD). Andrew Bartlett (This used to be commit d4d5e6c2ee6383c6cceb5d449aa2ba6c83eb0666)
* update copyright notice that is written to the logsGerald Carter2003-04-221-1/+1
| | | | (This used to be commit 6735a9889f6629f4f77006c59c011570031e044f)
* Merge:Tim Potter2003-04-141-91/+27
| | | | | | - Jelmer's latest popt changes - debugging tdb messages now initialised and handled in lib/messages.c (This used to be commit b11f35fddec8c3d3899a8bc78d093137f73b2dfb)
* Winbind merges from HEAD:Andrew Bartlett2003-04-071-4/+4
| | | | | | | | | | | | - fix winbindd_pam bugs - give a better error message for unauthorized access to auth_crap - show this message in wbinfo - fix spelling: privilaged -> privileged ** This changes the location of the winbindd privileged pipe ** (thanks to tpot) Andrew Bartlett (This used to be commit 92c2a33483cc9ddd1dd627224192a3023f8caff8)
* (merge from HEAD)Andrew Bartlett2003-03-241-5/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | NTLM Authentication: - Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett (This used to be commit ec071ca3dcbd3881dc08e6a8d7ac2ff0bcd57664)
* *Excellent* patch from Michael Steffens <michael_steffens@hp.com> to limitJeremy Allison2003-02-281-5/+48
| | | | | | | | | | the unix domain sockets used by winbindd (also solves FD_SETSIZE problem in winbindd to boot !). Adds a "last_access" field to winbindd connections, and will close the oldest idle connection once the number of open connections goes over WINBINDD_MAX_SIMULTANEOUS_CLIENTS (defined in local.h as 200 currently). Jeremy. (This used to be commit 7a586552a3aeb4a26495f0965af4bd027456a011)
* Merge minor library fixes from HEAD to 3.0.Andrew Bartlett2003-02-191-1/+1
| | | | | | | | | | | | | | | - setenv() replacement - mimir's ASN1/SPNEGO typo fixes - (size_t)-1 fixes for push_* returns - function argument signed/unsigned correction - ASN1 error handling (ensure we don't use initiailsed data) - extra net ads join error checking - allow 'set security discriptor' to fail - escape ldap strings in libads. - getgrouplist() correctness fixes (include primary gid) Andrew Bartlett (This used to be commit e9d6e2ea9a3dc01d3849b925c50702cda6ddf225)
* Mop and bucket for trusted domain enumeration fix.Tim Potter2003-02-141-1/+1
| | | | (This used to be commit 5cfb30551a713caa3d69406450c1eac4541a30fa)
* Merge from HEAD:Andrew Bartlett2003-01-281-0/+1
| | | | | | | | | | | | | | | - NTLMSSP over SPENGO (sesssion-setup-and-x) cleanup and code refactor. - also consequential changes to the NTLMSSP and SPNEGO parsing functions - and the client code that uses the same functions - Add ntlm_auth, a NTLMSSP authentication interface for use by applications like Squid and Apache. - also consquential changes to use common code for base64 encode/decode. - Winbind changes to support ntlm_auth (I don't want this program to need to read smb.conf, instead getting all it's details over the pipe). - nmbd changes for fstrcat() instead of fstrcpy(). Andrew Bartlett (This used to be commit fbb46da79cf322570a7e3318100c304bbf33409e)
* playing janitor for tpot; remove holding patternGerald Carter2003-01-151-6/+0
| | | | (This used to be commit c8e77809adfb2ace18c219d9291651a4959bbcb7)
* patch to include support for daemontools from Michael HandlerGerald Carter2003-01-031-3/+21
| | | | (This used to be commit a8db1b611d83bfd8dcf60f1e6d8fcbf57c798528)
* Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett2003-01-031-1/+1
| | | | | | | warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
* Forward port the change to talloc_init() to make all talloc contextsJeremy Allison2002-12-201-0/+20
| | | | | | named. Ensure we can query them. Jeremy. (This used to be commit 09a218a9f6fb0bd922940467bf8500eb4f1bcf84)
* Merge from HEAD.Tim Potter2002-12-201-1/+7
| | | | | | - null termination of winbind request fix - bail out if we can't open winbind socket (This used to be commit 102e490d683c0758a9798a3c15e748509690c95b)
* Bug fix from appliance - we must initialise the winbindd server stateTim Potter2002-11-181-2/+2
| | | | | before reading smb.conf parameters, not after. (This used to be commit 7bdaa03f2fc7ea6ef0f56f7c73b951c177d64a2e)
* Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison2002-11-121-12/+2
| | | | | | | dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
* Last sync with HEADJelmer Vernooij2002-11-091-6/+0
| | | | (This used to be commit 1175b62337f5c29954cd5e8dfdc2327c9c80748c)
* Keep branches in sync.....Jeremy Allison2002-11-071-14/+19
| | | | | Jeremy. (This used to be commit faf92207e71980aaaad8b5487f5c2d6a60f7ddd1)
* Some winbindd cleanups I made trying to fix cr1020:Tim Potter2002-11-021-38/+22
| | | | | | | | | | | | | - move winbindd client handling into accessor functions in winbindd_util.c - move some winbindd socket routines into accessor functions in winbindd_utils.c (The deadlock situation mentioned in the appliance branch is probably not applicable since we don't clear the connection cache on SIGHUP. Perhaps we should?) (This used to be commit ee0e3d31a1d1bef70810aadcdafdf9678d21ea8f)
generated by cgit (git 2.34.1) at 2025-09-25 18:03:45 +0000