summaryrefslogtreecommitdiffstats
path: root/source/nsswitch
Commit message (Collapse)AuthorAgeFilesLines
* This commit make winbindd copy winbindd_idmap.tdb into idmap.tdb on theSimo Sorce2003-04-061-5/+23
| | | | | | | | | | | | | | first run if idmap.tdb is not found, and then eventually convert it to the new format. This is done to unify winbind and idmap databases and to make a backup of winbindd_idmap.tdb in case you want to downgrade (of course it will not be updated). This is needed because idmap.tdb contains also local mappings, not only foreign domains mappings. Added some other fixes/improvements Simo.
* Removed unused variables.Tim Potter2003-04-041-2/+0
|
* Fix a compile warning in slprintf format string.Tim Potter2003-04-031-4/+4
| | | | | | Possible typo: winbind_idmap_methods -> winbindd_idmap_methods Fix wrong format char when generating a ldap filter string.
* The ldap idmap backend from Anthony Liguori (aliguori@us.ibm.com):Jim McDonough2003-04-032-1/+395
| | | | | | | This patch moves the ldap routines out of passdb into a generic library and implements an LDAP backend for IDMAP. THe backend can be enabled with "idmap backend = ldap" in smb.conf. THere are also schema changes to make sure to update teh ldap schema files.
* Fixup swat warning.Jeremy Allison2003-04-031-0/+6
| | | | | | Fix winbindd dual mode in the same was as in APP_HEAD. "Ken Cross" <kcross@nssolutions.com> noticed the problem. Jeremy.
* Print out the 'freindly' error message from winbind. Also print usefulAndrew Bartlett2003-04-022-7/+22
| | | | | | | | information into it re the privilaged pipe. Also clean up some bugs in winbindd_pam.c Andrew Bartlett
* THE Idmap patch :-)Simo Sorce2003-04-024-33/+32
| | | | | | | | | | | | | | | | | | | includes a --with-idmap=no switch to disable idmap usage if you find problems. cosmetic fixes and param aliases to separate winbind from idamp roles. A temporarily remote idmap winbind compatibility backend. As I have time I will further change code to not call directly winbind (partly done but not tested) and a specilized module will be built in place for the current glue hack. The patch has been tested locally in my limited time, the patch is simple and clear and should not reserve problems, if any just disable it. As usual, comments and fisex are welcome :-) Simo.
* Placeholder for winbind aix client.Tim Potter2003-03-311-0/+0
|
* Cleanup of winbind client side code.Tim Potter2003-03-3110-601/+708
| | | | | | | Mostly this consists of untangling the existing code and moving it in to operating system specific files. The winbind client code for all supported operating systems is now in nsswitch/winbind_nss_OSNAME.[ch] to make things a bit clearer.
* Don't use old usage() function, but the one from popt.Jelmer Vernooij2003-03-241-1/+0
| | | | Remove some useless arguments
* Revoke some of the popt patch from metze I applied earlier today. It addedJelmer Vernooij2003-03-242-1/+2
| | | | some double options and broke some parameters.
* Patch from metze to generalise POPT_COMMON_SAMBA, with some minor changesJelmer Vernooij2003-03-242-7/+4
|
* Convert to popt.Jelmer Vernooij2003-03-231-58/+26
|
* NTLM Authentication:Andrew Bartlett2003-03-237-33/+131
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett
* Fix debug message not to use an uninitialized variable.Volker Lendecke2003-03-191-2/+1
| | | | Volker
* Some cosmetic changes to make the popt --usage output look nicer.Tim Potter2003-03-171-5/+5
|
* If it's an fstring, use fstrcpy().Andrew Bartlett2003-03-151-8/+8
| | | | Andrew Bartlett
* This patch attemptes to clean up winbindd's mutex locking.Andrew Bartlett2003-03-111-41/+37
| | | | | | | | | | | | | | | | | | | | | | | | | The current locking scheme in winbind is a complete mess - indeed, the next step should be to push the locking into cli_full_connection(), but I'll leave it for now. This patch works on the noted behaviour that 2 parts of the connection process need protection - and independent protection. Tim Potter did some work on this a little while back, verifying the second case. The two cases are: - between connect() and first session setup - during the auth2 phase of the netlogon pipe setup. I've removed the counter on the lock, as I fail to see what it gains us. This patch also adds 'anonymous fallback' to our winbindd -> DC connection. If the authenticated connection fails (wbinfo -A specifed) - say that account isn't trusted by a trusted DC - then we try an anonymous. Both tpot and mbp like the patch. Andrew Bartlett
* Remove obsolete file.Tim Potter2003-03-111-13/+0
|
* Make sure that the 'remote' machine name can only be set once. For some weirdAndrew Bartlett2003-03-081-9/+2
| | | | | | | | | | | | reason, during a Win2003 installation, when you select 'domain join' it sends one machine name in the name exchange, and litraly 'machinename' during the NTLMSSP login. Also fix up winbindd's logfile handling, so that it matches smbd and nmbd. (This helps me, by seperating the logs by pid). Andrew Bartlett
* Fix "might be used uninitialised" warnings.Jeremy Allison2003-03-031-2/+2
| | | | Jeremy.
* fixed a crash bug in the new winbindd 'sids rule!' codeAndrew Tridgell2003-02-281-1/+1
|
* *Excellent* patch from Michael Steffens <michael_steffens@hp.com> to limitJeremy Allison2003-02-282-15/+59
| | | | | | | | | the unix domain sockets used by winbindd (also solves FD_SETSIZE problem in winbindd to boot !). Adds a "last_access" field to winbindd connections, and will close the oldest idle connection once the number of open connections goes over WINBINDD_MAX_SIMULTANEOUS_CLIENTS (defined in local.h as 200 currently). Jeremy.
* Fix possible memory leak on failure.Andrew Bartlett2003-02-271-0/+1
|
* Kill RID-only and domain+RID madness from winbind.Andrew Bartlett2003-02-269-440/+377
| | | | | | | | | | | | | | | | | | | Now we deal with SIDs in almost all of winbind (a couple of limited exceptions remain, but I'm looking into them - they use non-winbind structs ATM). This has particular benifits in returning out-of-domain SIDs for group membership (Need to look into this a bit more) as well as general code quality. This also removes much of the complexity from the idmap interface, which now only deals with mapping IDs, not with SID->domain translations. Breifly tested, but needs more. Fixes some valgrind-found bugs from my previous commit. Winbind cache chagned to using SID strings in some places, as I could not follow exactly how to save and restore multiple packed sids properly. Andrew Bartlett
* Merge from appliance:Tim Potter2003-02-261-34/+23
| | | | | | | | | | | >Another hopeful fix for CR#1168. Change the RPC used in querying >domain users from QueryDispInfo to EnumDomainUsers. Hopefully this >will fix the random dropouts that keep occuring when listing large >domains. > >My thought is that since QueryDispInfo is only used in the NT user >manager it may have a bug with large domains. A more commonly used >RPC may not have such problems.
* After some comments from tridge, clean the new usergroups code into a helperAndrew Bartlett2003-02-251-71/+94
| | | | | | function. Andrew Bartlett
* Fix a really nasty bug where some users in AD domains (particularly childAndrew Bartlett2003-02-251-14/+90
| | | | | | | | | | | | domains) would not have the tokenGroups or memberOf attributes filled in. This would cause a user to have no supplementary group membership. Detect this by the fact that the primaryGid must be present in the tokenGroups, and if it isn't (ie, if there is no tokenGroups at all), do a server-side search on all groups using the 'member' attribute and the user's DN. Andrew Bartlett
* Fix a DEBUG() formatting, add some more debug to our SID pulling code andAndrew Bartlett2003-02-221-1/+1
| | | | | | | | | inline the call to prs_copy_all_data_out() so that we can know we are not overrunning our buffer. Also check more return values. Andrew Bartlett
* rename 'winbind backend' to 'idmap backend'. Put paramter in security ↵Jim McDonough2003-02-211-23/+23
| | | | section...does this make sense?
* Fix another compiler warning.Tim Potter2003-02-211-1/+0
|
* From aliguori@us.ibm.com:Jim McDonough2003-02-203-438/+731
| | | | | | This patch adds the architecture for an IDMAP backend system including a new smb.conf parameter "winbind backend". Right now, the only valid value is "tdb" but I'm currently working on an LDAP backend.
* for some (very weird) reason, the domain I was testing aginst would notAndrew Bartlett2003-02-201-0/+4
| | | | | | return a DN for the user. Make sure we don't segfault. Andrew Bartlett
* Missed one use of SETENV. (Compat macro no longer needed, as we have aAndrew Bartlett2003-02-191-1/+1
| | | | replace.c function).
* Move to a in-memory ccache for winbind, and replace setenv() properly.Andrew Bartlett2003-02-192-17/+1
| | | | | | | | (According to the manpages, you cannot put a stack variable into putenv()). Yes, this leaks memory. Andrew Bartlett
* Add -V option (to print out version) to utilities where possibleJelmer Vernooij2003-02-181-0/+1
| | | | (pdbedit already has a -V option..)
* Check return code from string_to_sid.Martin Pool2003-02-181-3/+6
|
* Patch based on work by Michael Steffens <michael_steffens@hp.com> to wrapJeremy Allison2003-02-151-65/+107
| | | | | | all cm_get_XX calls and their subsequent requests in a retry loop in case we've temporarily lost connection to the DC. Makes winbindd more reliable. Jeremy.
* Ensure that only parse_prs.c access internal members of the prs_struct.Jeremy Allison2003-02-141-1/+2
| | | | | Needed to move to disk based i/o later. Jeremy.
* Fix for trusted domains scan not working inspired by Ken Cross.Tim Potter2003-02-142-7/+8
| | | | (Sorry - I should have checked this in yesterday but forgot)
* setup the %U substitution in winbindd for the homedir templateAndrew Tridgell2003-02-121-0/+1
|
* Always escape ldap filter strings. Escaping code was from pam_ldap, but I'm toAndrew Bartlett2003-02-011-1/+8
| | | | | | | | blame for the realloc() stuff. Plus a couple of minor updates to libads. Andrew Bartlett
* Ensure Luke Howard's (C) is added.Jeremy Allison2003-01-311-1/+21
| | | | Jeremy.
* Use new interface for cli_samr_query_dispinfo().Tim Potter2003-01-291-5/+10
|
* Fixed up mutex protection around winbindd logon code. Sync with APP-HEAD.Jeremy Allison2003-01-161-28/+41
| | | | Jeremy.
* Updates to the NTLMSSP code again - moving the base64 decode fuctionality outAndrew Bartlett2003-01-163-1/+16
| | | | | | | | | | | | | of the SWAT code, and adding a base64 encoder. The main purpose of this patch is to add NTLMSSP support to 'ntlm_auth', for use with Squid. Unfortunetly the squid side doesn't quite support what we need yet. Changes to winbind to get us the info we need, and a couple of consequential changes/cleanups in the rest of the code. Andrew Bartlett
* Add mutex protection around auth calls.Jeremy Allison2003-01-161-41/+37
| | | | Jeremy.
* small merges from SAMBA_3_0; mostly typos, renames, etc...Gerald Carter2003-01-151-3/+3
|
* Remove wrapper function _get_trust_account_password() as it doesn'tTim Potter2003-01-141-15/+2
| | | | | seem to do anything useful anymore other than call secrets_fetch_trust_account_password().
* Added a comment in case anyone is thinking of doing a SMB_ASSERT in winbindd.Tim Potter2003-01-141-0/+2
|
generated by cgit (git 2.34.1) at 2025-09-25 08:36:18 +0000