summaryrefslogtreecommitdiff
path: root/source3/nsswitch/wb_client.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r197: mistaken merge from trunkGerald Carter1-0/+4
(This used to be commit 6b18012dc8fe92a296c46a12214622d56e1f3fd8)
2007-10-10r195: adding files to ignore listGerald Carter1-4/+0
(This used to be commit 1501d58b8e23d0c9ae51514773d0429886fa9d58)
2007-10-10r116: volker's patch for local group and group nestingGerald Carter1-0/+24
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
2004-03-14When trying to remove a user from a group, winbind should be informedVolker Lendecke1-0/+3
about the user and group... Volker (This used to be commit 9fa2c4045252f07cc0518457d8ef8b81d8402327)
2003-08-09fix for BUG #267 (problem with supplementary groups).Gerald Carter1-0/+74
Use winbindd to get the group list if possible since we already know it from netsamlogon_cache.tdb. More effecient than letting libc call getgrent() to get seconary groups. Tested by Ken Cross. (This used to be commit 3c537c906f29a08e75895c8c8e3ed5c5abaaa940)
2003-07-16fixes for 'net rpc vampire'. I can now take a blank Samba hostGerald Carter1-14/+21
and migrate an NT4 domain and still logon from domain members (tested logon scripts, system policies, profiles, & home directories) (passdb backend = tdbsam) removed call to idmap_init_wellknown_sids() from winbindd.c since the local domain should be handled by the guest passdb backend (and you don't really always want the Administrator account to be root) ...and we didn't pay attention to this anyways now. (This used to be commit 837d7c54d3ca780160aa0d6a2f0a109bb691948e)
2003-07-11fix sid_to_[uid|gid] (spotted by Volker).Gerald Carter1-70/+76
Still testing this, but I'm checking it in so Volker can test it as well. Should be right. (This used to be commit 8edf193722f699cc33baed410917a78a5e28d0a4)
2003-07-11moving more code around.Gerald Carter1-2/+72
* move rid allocation into IDMAP. See comments in _api_samr_create_user() * add winbind delete user/group functions I'm checking this in to sync up with everyone. But I'm going to split the add a separate winbindd_allocate_rid() function for systems that have an 'add user script' but need idmap to give them a RID. Life would be so much simplier without 'enable rid algorithm'. The current RID allocation is horrible due to this one fact. Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow. Nothing has changed in the way a samba domain is represented, stored, or search in the directory so things should be ok with previous installations. going to bed now. (This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
2003-07-09Large set of changes to add UNIX account/group managementGerald Carter1-0/+144
to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
2003-07-07and so it begins....Gerald Carter1-0/+70
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-07-01* fix the trustdom_cache to work when winbindd is not running.Gerald Carter1-0/+14
smbd will update the trustdom_cache periodically after locking the timestamp key (This used to be commit 7bc4b65b91f98271089335cc301146d5f0c76c3a)
2003-06-21merge of the netsamlogon caching code from APPLIANCE_HEADGerald Carter1-24/+2
This replaces the universal group caching code (was originally based on that code). Only applies to the the RPC code. One comment: domain local groups don't show up in 'getent group' that's easy to fix. Code has been tested against 2k domain but doesn't change anything with respect to NT4 domains. netsamlogon caching works pretty much like the universal group caching code did but has had much more testing and puts winbind mostly back in sync between branches. (This used to be commit aac01dc7bc95c20ee21c93f3581e2375d9a894e1)
2003-04-02Merge of winbind nss library cleanup from HEAD.Tim Potter1-1/+1
(This used to be commit a4b5f2c01bae049edc4f385cb0441bbde4fb443b)
2003-02-18Check return code of string_to_sid. (Merge from HEAD)Martin Pool1-3/+6
(This used to be commit 606bb47f241d2916d039b38f48b50474a3e0dadc)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-3/+3
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-0/+5
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-27Some more 'winbind default domain' support patches from Alexander BokovoyAndrew Bartlett1-81/+1
<a.bokovoy@sam-solutions.net>. This patch is designed to remove the 'special cases' required for this support. In particular this now kills off winbind_initgroups, as it appears no longer to be required. Andrew Bartlett (This used to be commit f1d8d509766e9169d39332559162cfec249bfc70)
2002-01-26Change the winbind interface to use seperate 'domain' and 'username' feilds forAndrew Bartlett1-131/+7
the sid->uid and uid->sid conversions. Remove some duplicate arguments from these funcitons, and update the request/response structures for this and the 'winbind domain name' feature. As such 'winbindd_lookup_name' now takes both a domain and username. (This used to be commit ce1b4d4c309e4a60bec5a53224585bd504264672)
2002-01-18This is the 'winbind default domain' patch from Alexander BokovoyAndrew Bartlett1-19/+51
<a.bokovoy@sam-solutions.net>. The idea is the domain\username is rather harsh for unix systems - people don't expect to have to FTP, SSH and (in particular) e-mail with a username like that. This 'corrects' that - but is not without its own problems. As you can see from the changes to files like username.c and wb_client.c (smbd's winbind client code) a lot of assumptions are made in a lot of places about lp_winbind_seperator determining a users's status as a domain or local user. The main change I will shortly be making is to investigate and kill off winbind_initgroups() - as far as I know it was a workaround for an old bug in winbind itself (and a bug in RH 5.2) and should no longer be relevent. I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters to determine a user/groups's 'local' status, rather than the presence of the seperator. As such, this functionality is recommended for servers providing unix services, but is currently less than optimal for windows clients. (TODO: remove all references to lp_winbind_seperator() and lp_winbind_use_default_domain() from smbd) Andrew Bartlett (This used to be commit 07a21fcd2311d2d9b430b99303e3532a8c1159e4)
2001-12-13make sure we find NSS_STATUS structAndrew Tridgell1-0/+1
(This used to be commit 7db718d44a62aee9610a9dfd9e671345a0ea7737)
2001-12-05Fixed parse_domain_user to be bool.Jeremy Allison1-11/+9
Jeremy. (This used to be commit 9563de2ef8c1197f4941671d2fdade7d933c32d0)
2001-12-03added name_to_sid to the backendAndrew Tridgell1-1/+1
(This used to be commit 816e40a51af80a7f703c0451304de406deab3dd8)
2001-11-13Fix winbind client code so that winbind calls are not made if theJeremy Allison1-15/+22
requested name does not have a winbind separator character. This makes the intent explicit. Tim, contact me if this is not what you indended. Jeremy. (This used to be commit 86b7cf7f85840316052ff29115bf55c04dc17486)
2001-10-29This commit is number 4 of 4.Andrew Bartlett1-4/+4
In particular this commit focuses on: Actually adding the 'const' to the passdb interface, and the flow-on changes. Also kill off the 'disp_info' stuff, as its no longer used. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes introduces a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username --- This finishes this line of commits off, your tree should now compile again :-) Andrew Bartlett (This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
2001-09-17move to SAFE_FREE()Simo Sorce1-2/+2
(This used to be commit 03dc67788f68c9e01b5a82fdf43f837cb19f4608)
2001-08-24get rid of compiler warningsHerb Lewis1-2/+3
(This used to be commit 0768991d04ea03e774ca8662c9cae5e1951b88e0)
2001-08-18More Realloc fixes.Jeremy Allison1-1/+1
Jeremy. (This used to be commit b4fa49fe13cb93d578b1714d5863a9f50395bf65)
2001-08-13Fixed up 'orrible formatting.Tim Potter1-21/+21
(This used to be commit 73addddb2e038946e38a6a15f46f61148a49ac08)
2001-08-12this is a big global fix for the ptr = Realloc(ptr, size) bug.Simo Sorce1-3/+4
many possible mem leaks, and segfaults fixed. someone should port this fix to 2.2 also. (This used to be commit fa8e55b8b465114ce209344965c1ca0333b84db9)
2001-07-18the nss and pam modules in winbind don't have strchr_m() yet, so useAndrew Tridgell1-3/+3
strchr() for the moment (This used to be commit c2c1f2027e6e623bba59610e3aa41618773e6361)
2001-07-04strchr and strrchr are macros when compiling with optimisation in gcc, so we ↵Andrew Tridgell1-3/+3
can't redefine them. damn. (This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf)
2001-06-07Fixed bug in winbind_sid_to_gid() function.Tim Potter1-1/+1
(This used to be commit 9a77f8530f58852f07d523facc61ea1daf6184d7)
2001-06-06Indent dodgy function prototype to avoid make proto picking it up andTim Potter1-1/+1
causing mayhem throughout the tree. (This used to be commit 369c911b446c311d4a5c8b4fddfe7fbffffefeba)
2001-06-04More compile fixups for winbind portability.Tim Potter1-2/+6
(This used to be commit 086f332bb11ff0b2474554f81ef257e6a444a5cc)
2001-05-07Preliminary merge of winbind into HEAD. Note that this compiles and linksTim Potter1-0/+22
but I haven't actually run it yet so it probably doesn't work. (-: (This used to be commit 59f95416b66db6df05289bde224de29c721978e5)
2001-03-20Fix for crash when doing name lookup with a quoted string. Part ofJeremy Allison1-1/+1
lookup_name was expecting to be able to write to the string. Changed lookup_name to use const. Jeremy. (This used to be commit 80c18d88491f1148ade623e81c33f84ba4f952f3)
2001-01-15Changes from APPLIANCE_HEAD:David O'Neill1-2/+9
source/rpc_parse/parse_lsa.c - off by one unistr length bug in init_lsa_trans_name() source/lib/util_sid.c - resolve more BUILTIN sid values to names. source/nsswitch/wb_client.c - fix typo in debug message - set errno on error so we don't get bogus value from last failure. source/rpc_server/srv_spoolss_nt.c - add debug to track number of open printer handles for ease of tracking handle leaks in the future. source/rpc_server/srv_lsa.c - fix off-by-one string bug. This was preventing NT from displaying names for well-know SIDs in printer permissions dialog. (This used to be commit 59229b9025cff54cbdd05e374616ffbf9c6fee33)
2001-01-04Changes from APPLIANCE_HEAD:David O'Neill1-1/+2
source/Makefile.in - changes to ctags and etags rules that somehow got lost along the way. source/include/proto.h - make proto source/smbd/sec_ctx.c source/smbd/password.c - merge debugs for debugging user groups and NT token stuff. source/lib/util_str.c - capitalise domain name returned from parse_domain_user() source/nsswitch/wb_client.c - fix broken conditional in debug statement. source/include/rpc_secdes.h source/include/rpc_spoolss.h source/printing/nt_printing.c source/lib/util_seaccess.c - fix printer permission bugs related to ACE masks for printers. This adds mapping of generic access rights to object specific rights for NT printers. Still need to work out whether or not to ignore ACEs with certain flags set, though. See comments in util_seaccess.c:check_ace() for details. source/printing/nt_printing.c source/printing/printing.c - use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER until we sort out printer/printjob permission stuff. (This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0)
2000-10-25Fix for uidtoname not returning DOMAIN\name but just name. This causedJeremy Allison1-2/+9
printer_access_check to break in a domain environment. Jeremy. (This used to be commit 0fc1a461504f87c145f5f91189bd767989c488f2)
2000-10-13Fix to allow smbd to call winbindd if it is running for all group enumeration,Jeremy Allison1-196/+51
falling back to the UNIX calls on error. This should fix all problems with smbd enumerating all users in all groups in all trusted domains via winbindd. Also changed GETDC to query 1C name rather than 1b name as only the PDC registers 1b. Jeremy. (This used to be commit 5b0038a2afd8abbd6fd4a58f5477a40d1926d498)
2000-10-11Use sys_setgroups - systems with broken getgroups need this.Jeremy Allison1-1/+1
Jeremy. (This used to be commit c7c90c83372df53eac0f3779dffedd4b28c8c757)
2000-10-11Renamed WINBINDD_INITGROUPS constant to WINBINDD_GETGROUPS.Tim Potter1-1/+1
(This used to be commit 5f3cf2eb78bfa6fb00890d449d38e9f13964712c)
2000-10-11Modified initgroups to provide a get groups a user is a member ofTim Potter1-6/+132
functionality. This is much faster than inverting the group database. Added client side command for this to wbinfo. (This used to be commit e87b2d3d1fb84311d83d21a76900f994e4ff71dd)
2000-10-10Added debug so we can see how winbindd converts SIDS.Jeremy Allison1-13/+40
Jeremy. (This used to be commit 6696bf203c90dc20c00b47737f5ea1d9b8e23d75)
2000-10-05Spelling flames. (-:Tim Potter1-6/+6
(This used to be commit 178e6971005505d2debd74b761ecfaa982336a53)
2000-10-05Fixed compiler warnings.Tim Potter1-4/+6
(This used to be commit ec7f7e350dc1dfa757436cb0efe777c3e0719877)
2000-09-01Fix from John Reilly @ HP for my typo with the parameters being reversed. Ooops.Jeremy Allison1-3/+3
Jeremy. (This used to be commit 8317d70a35086c5539e67d60cbcf937b6ce0932c)
2000-08-23Added code to do SID to uid/gid conversion. Needed for ACL support.Jeremy Allison1-10/+178
Jeremy. (This used to be commit 81c5380f91839b6416c8a42739dadf00e7388528)
2000-08-02Started to canonicalize our handling of uid -> sid code in order toJeremy Allison1-23/+83
get ready and fix se_access_check(). Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid() functions that look via winbind first the fall back on local lookup. All Samba should use these rather than trying to call winbindd code directly. Added NT_USER_TOKEN struct in user_struct, contains list of NT sids associated with this user. se_access_check() should use this (cached) value rather than attempting to do the same thing itself when given a uid/gid pair. More work needs to be done to preserve these things accross security context changes (especially with the tricky pipe problem) but I'm beginning to see how this will be done..... probably by registering a new vuid for an authenticated RPC pipe and not treating the pipe calls specially. More thoughts needed - but we're almost there... Jeremy. (This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)