Age | Commit message (Collapse) | Author | Files | Lines |
|
Jeremy.
(This used to be commit 3399727864f3aa8981f022254dfed622fcb50c49)
|
|
pipe in non-blocking mode to prevent process hang.
Jeremy.
(This used to be commit dece22de8e0bd18ee5a152dea7f682ae04e5cba0)
|
|
functions.
(This used to be commit 7710232ba21305a1e3c9523ace82a5a419526b50)
|
|
platforms don't have setenv().
(This used to be commit a8b487c4cb5d181e59755f49063512b2729bccb5)
|
|
(This used to be commit 1482933089bd1e6114ad29d77ce229482f2d161b)
|
|
DEBUG() should not be called in winbind client code as it's actually
dynamically linked by glibc into programs that use the nsswitch
database functions.
(This used to be commit 90380a684af244175d216344101e734c85220a7b)
|
|
socket and add a comment to winbindd.c to explain the fancy calculation of
buffer offset.
(This used to be commit 7c7ef9680b7378e12ffdd0bf95ee7ad673bea2f5)
|
|
we might leak the extra_data somewhere else as well.
Volker
(This used to be commit 5d379345fa06f4253f67b40cb8127b70072db561)
|
|
* remove idmap_XX_to_XX calls from smbd. Move back to the
the winbind_XXX and local_XXX calls used in 2.2
* all uid/gid allocation must involve winbindd now
* move flags field around in winbindd_request struct
* add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id()
to prevent automatic allocation for unknown SIDs
* add 'winbind trusted domains only' parameter to force a domain member
server to use matching users names from /etc/passwd for its domain
(needed for domain member of a Samba domain)
* rename 'idmap only' to 'enable rid algorithm' for better clarity
(defaults to "yes")
code has been tested on
* domain member of native mode 2k domain
* ads domain member of native mode 2k domain
* domain member of NT4 domain
* domain member of Samba domain
* Samba PDC running winbindd with trusts
Logons tested using 2k clients and smbclient as domain users
and trusted users. Tested both 'winbind trusted domains only = [yes|no]'
This will be a long week of changes. The next item on the list is
winbindd_passdb.c & machine trust accounts not in /etc/passwd (done
via winbindd_passdb)
(This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
|
|
we now have to check the value for _NO_WINBINDD.
"1" enables, and != "1" disables (use "0" by convention).
(This used to be commit 11eccaef1dc61d80a7db8d0fb4bc5a47d71a4390)
|
|
NTLM Authentication:
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit ec071ca3dcbd3881dc08e6a8d7ac2ff0bcd57664)
|
|
(This used to be commit 0637f582fe1d41f8ef247e5989f84caa72162f05)
|
|
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
|
|
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
swedish" test to client calls. This is putting a length field at the
start of a request so we can disconnect clients talking with an out of date
libnss_winbind.so rather than deadlock them.
Misc cleanups:
- made some int values uint32
- moved WINBIND_INTERFACE_VERSION to start of cmd list
(This used to be commit a4af65b9b93671f13f277d49279a85042a8fd1d5)
|
|
(This used to be commit 20c5f042e3bb79ff96a993c70b843908dcfafb65)
|
|
(This used to be commit 03dc67788f68c9e01b5a82fdf43f837cb19f4608)
|
|
(This used to be commit 0768991d04ea03e774ca8662c9cae5e1951b88e0)
|
|
code not to do lookups for a particular domain. This allows winbind to
operate on a Samba PDC
(This used to be commit d472ee3a690fb6db03fd4536e4093a18fc37ddbb)
|
|
(This used to be commit 001129e2153633dbd079889b11331e9c27786e5b)
|
|
but I haven't actually run it yet so it probably doesn't work. (-:
(This used to be commit 59f95416b66db6df05289bde224de29c721978e5)
|
|
the libnss_winbind.so from head now works with
the winbindd from tng
(This used to be commit 67ccfd2826548a6ca22562f9fb3ae156a57bd7db)
|
|
(This used to be commit b9137b613dc8cb45cbebfc6e57e20fde0517347a)
|
|
Jeremy.
(This used to be commit d131ad1ce3f6e72e295f865a463f8dcbfa6f8d42)
|
|
Initialise response structure correctly.
(This used to be commit 587c8e58fdd79dce47fb59ce702596ea58c8b4a6)
|
|
nsswitch/wb_client.c
Merge of nsswitch/common.c rename to nsswitch/wb_common.c from TNG.
(This used to be commit f866c18f6be65db67d9d2a6c0b42e1af3b421e6c)
|