summaryrefslogtreecommitdiffstats
path: root/source/nsswitch/winbindd_misc.c
Commit message (Collapse)AuthorAgeFilesLines
* r22704: Implement three step method for enumerating domain trusts.Gerald Carter2007-10-101-1/+32
| | | | | | | | | | | | | | | (a) Query our primary domain for trusts (b) Query all tree roots in our forest (c) Query all forest roots in trusted forests. This will give us a complete trust topology including domains via transitive Krb5 trusts. We also store the trust type, flags, and attributes so we can determine one-way trusted domains (outgoing only trust path). Patch for one-way trusts coming in a later check-in. "wbinfo -m" now lists all domains in the domain_list() as held by the main winbindd process.
* r19394: When we fail to get the list of trusted domains, make sure to returnGünther Deschner2007-10-101-1/+1
| | | | | | WINBINDD_ERROR. Guenther
* r19254: Make sure to also wait 35 seconds to receive a Netlogon GETDC replyGünther Deschner2007-10-101-0/+8
| | | | | | here in winbindd_getdcname(). Guenther
* r19143: getdcname on the NETLOGON pipe returns WERROR, not NTSTATUS.Günther Deschner2007-10-101-3/+4
| | | | Guenther
* r17605: Some C++ warningsVolker Lendecke2007-10-101-2/+4
|
* r16687: Fix bugs #3901, #3902, #3903 reported by jason@ncac.gwu.edu.Jeremy Allison2007-10-101-0/+6
| | | | Jeremy
* r16361: Fix Klocwork ID 1731 1770 1771 1775 1796Volker Lendecke2007-10-101-1/+4
| | | | Volker
* r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit ↵Gerald Carter2007-10-101-5/+5
| | | | winbindd server
* r13316: Let the carnage begin....Gerald Carter2007-10-101-0/+17
| | | | Sync with trunk as off r13315
* r12193: Fix some typos.Günther Deschner2007-10-101-1/+1
| | | | Guenther
* r11707: alt_names[i] might be NULL for i>0 also...Volker Lendecke2007-10-101-1/+2
| | | | Volker
* r10688: Fix from Volker for bugid #3068 - winbindd crash withJeremy Allison2007-10-101-1/+2
| | | | | alt_names. Jeremy.
* r10656: BIG merge from trunk. Features not copied overGerald Carter2007-10-101-19/+11
| | | | | | | * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck)
* r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison2007-10-101-6/+6
| | | | | | safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy
* r7785: This looks much larger than it is. It changes the top-level functions ↵Volker Lendecke2007-10-101-64/+54
| | | | | | | | | | | | | | | of the parent winbind not to return winbindd_result. This is to hopefully fix all the problems where a result has been scheduled for write twice. The problematic ones have been the functions that might have been delayed as well as under other circumstances immediately gets answered from the cache. Now a request needs to be explicitly replied to with a request_error() or request_ok(). Volker
* r7415: * big change -- volker's new async winbindd from trunkGerald Carter2007-10-101-95/+305
|
* r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison2007-10-101-3/+3
| | | | | | | | | allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy.
* This merges in my 'always use ADS' patch. Tested on a mix of NT and ADSAndrew Bartlett2004-01-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | domains, this patch ensures that we always use the ADS backend when security=ADS, and the remote server is capable. The routines used for this behaviour have been upgraded to modern Samba codeing standards. This is a change in behaviour for mixed mode domains, and if the trusted domain cannot be reached with our current krb5.conf file, we will show that domain as disconnected. This is in line with existing behaviour for native mode domains, and for our primary domain. As a consequence of testing this patch, I found that our kerberos error handling was well below par - we would often throw away useful error values. These changes move more routines to ADS_STATUS to return kerberos errors. Also found when valgrinding the setup, fix a few memory leaks. While sniffing the resultant connections, I noticed we would query our list of trusted domains twice - so I have reworked some of the code to avoid that. Andrew Bartlett
* Move more of winbind to use 'find_our_domain()' rather than the dangerousAndrew Bartlett2004-01-081-11/+2
| | | | | | | | find_domain_from_name(lp_workgroup()). (as find_domain_from_name() can change the data in lp_workgroup()) Andrew Bartlett
* The correct test for 'is our primary domain' is domain->primaryAndrew Bartlett2004-01-081-1/+1
|
* Change our Domain controller lookup routines to more carefully seperateAndrew Bartlett2004-01-051-3/+11
| | | | | | | | | | | | DNS names (realms) from NetBIOS domain names. Until now, we would experience delays as we broadcast lookups for DNS names onto the local network segments. Now if DNS comes back negative, we fall straight back to looking up the short name. Andrew Bartlett
* Commit the translation of the realm to the netbios domain name in the kerberosVolker Lendecke2004-01-041-0/+29
| | | | | | | | | session setup. After talking to jht and abartlet I made this unconditional, no additional parameter. Jerry: This is a change in behaviour, but I think it is necessary. Volker
* a small include file rearrangement that doesn't affect normalAndrew Tridgell2003-11-121-0/+1
| | | | | compilation, but that allows Samba3 to take advantage of pre-compiled headers in gcc if available.
* fixes for ads domain membership when only the realm is defined inGerald Carter2003-09-051-2/+14
| | | | | | smb.conf Fixes to ensure we work with disable netbios = yes
* metze's autogenerate patch for version.hGerald Carter2003-08-201-1/+1
|
* add --domain=DOMAINNAME to wbinfoGerald Carter2003-08-101-0/+12
| | | | | | | | Add support for geting the sequence number, list of users, and list of groups for a specific domain (assuming on reported back by wbinfo -m) wbinfo -u --domain=DOA
* Fixup a bunch of printf-style functions and debugs to use unsigned long whenTim Potter2003-07-221-9/+9
| | | | | | displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings on some of the 64-bit build farm machines as well as help us out when 64-bit uid/gid/pid values come along.
* Fix extra arg for cm_get_netlogon_cli()Tim Potter2003-05-271-1/+1
|
* Formatting syncup.Tim Potter2003-05-261-3/+1
|
* This puts real netlogon connection caching to winbind. This becomesVolker Lendecke2003-05-081-1/+3
| | | | | | | | | important once we start doing schannel, as there would be a lot more roundtrips for the second PIPE open and bind. With this patch logging in to a member server is a matter of two (three if you count the ack...) packets between us and the DC. Volker
* Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett2003-04-211-3/+4
| | | | | | | | | | | This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett
* Winbind merges from HEAD:Andrew Bartlett2003-04-071-1/+1
| | | | | | | | | | | - fix winbindd_pam bugs - give a better error message for unauthorized access to auth_crap - show this message in wbinfo - fix spelling: privilaged -> privileged ** This changes the location of the winbindd privileged pipe ** (thanks to tpot) Andrew Bartlett
* (merge from HEAD)Andrew Bartlett2003-03-241-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | NTLM Authentication: - Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett
* Merge from HEAD:Andrew Bartlett2003-01-281-0/+12
| | | | | | | | | | | | | | - NTLMSSP over SPENGO (sesssion-setup-and-x) cleanup and code refactor. - also consequential changes to the NTLMSSP and SPNEGO parsing functions - and the client code that uses the same functions - Add ntlm_auth, a NTLMSSP authentication interface for use by applications like Squid and Apache. - also consquential changes to use common code for base64 encode/decode. - Winbind changes to support ntlm_auth (I don't want this program to need to read smb.conf, instead getting all it's details over the pipe). - nmbd changes for fstrcat() instead of fstrcpy(). Andrew Bartlett
* winbindd merges from HEADGerald Carter2003-01-151-16/+7
|
* Merge from HEAD:Tim Potter2002-11-181-1/+2
| | | | | | >must add one to the extra_data size to transfer the 0 string terminator. >This was causing "wbinfo --sequence" to access past the end of malloced >memory.
* Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison2002-11-121-3/+1
| | | | | | dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy.
* updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell2002-07-151-2/+11
|
* Fix a double-free bug in wbinfo -t's call in winbindd.Andrew Bartlett2002-03-191-5/+4
| | | | | | | | | | I forgot to clean this up when netlogon move across to the connection cache arrangement. Also add some smb_panics to the connection_ok() code to try to catch this kind of thing better in future. Andrew Bartlett
* get the test for disconnection the right way around!Andrew Tridgell2002-03-121-3/+3
|
* nicer message for --sequence when the server is disconnectedAndrew Tridgell2002-03-061-2/+7
|
* added 'wbinfo --sequence' to show sequence numbers of all domainsAndrew Tridgell2002-01-311-0/+29
|
* Removed version number from file header.Tim Potter2002-01-301-2/+1
| | | | Changed "SMB/Netbios" to "SMB/CIFS" in file header.
* Allow a winbind client to obtain the server's domain name.Andrew Bartlett2002-01-261-1/+13
|
* Always query the PDC for the list of trusted domains rather than interatingTim Potter2002-01-111-3/+6
| | | | | | | | | | | | | | | | | the list received at startup or we get an out of date list. I thought there might be some sequence number that is incremented when a trusted domain is added or removed - perhaps there is but I just haven't found it yet. - Renamed get_domain_info() to init_domain_list() - Made an accessor function to return the list of trusted domains rather than using a global so we don't have to remember to put a magic init function - The getent state can not keep a pointer to a winbind_domain structure as it may be freed if init_domain_list() is called again so we keep the domain name instead
* Return the winbind separator over the socket, so programs don't have to parseAndrew Bartlett2002-01-101-1/+27
| | | | | | | | | | | | | | | | smb.conf to get it right. While wb_client needs its lp_load() for samba dependency reasons, it now uses the new method both to example and test the new code. Also add an interface version function, and return the winbind's samba version string. In preperation for default domains, its now up to winbindd to reject plaintext auths that don't have a seperator, but NTLM (CRAP) auths now have two feilds, hence need parsing. Andrew Bartlett
* This changes the winbind protcol a bit:Andrew Bartlett2002-01-101-11/+10
| | | | | | | | | | | | | | It adds a 'ping' request, just to check winbind is in fact alive It also changes winbindd_pam_auth_crap to take usernames and domain seperatly. (backward incompatible change, needs merge to 2.2, but this is not yet released code, so no workarounds) Finally, it adds some debugs and fixes a few memory leaks (uses talloc to do it). Andrew Bartlett
* Fixed delete on close bug. Added core dump code to winbindd.Jeremy Allison2001-11-231-2/+1
| | | | Jeremy.
* Fixed check machine account function.Tim Potter2001-11-231-55/+29
|
* Get list of trusted domains if we haven't fetched them yet.Tim Potter2001-11-151-0/+3
|
generated by cgit (git 2.34.1) at 2024-10-06 10:27:55 +0000