Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit a26d425f93e43641195d0aaf0f9ce5ef0e69f5e1)
|
|
(This used to be commit 51f12170affd87cdff23118ed16f85dd97914f0c)
|
|
(This used to be commit 72b1f727754e2f9f54facba8615032c8118d928c)
|
|
laternative to the current passdb).
Currently it is run through a comatibility module in the passdb layer, with
a subset of the functionality it may provide.
It is still work in progress, but as someone asked me about it, and as it
should make no difference to the normal code, I tought it was a good idea to
put it into.
It adds a dependency on perl. I know it is not very nice, but I'm sure we
will work out a solution for that.
As always blame me if I break something, but try to fix yourself, as I am
busy-busy-busy :-)
Simo.
(This used to be commit 7b3c94b5cfc1a9ceb430613353a937345f2eda74)
|
|
(This used to be commit 96f1ce740a8ebca3861bb2006b11301236a6fdb2)
|
|
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
|
|
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE
(This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
|
|
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
|
|
can't create the socket.
Andrew Bartlett
(This used to be commit 13b9af53bff8e42126a38f93c3bdd5b4d9b20aba)
|
|
variable hack, the feild on the pipe, and the server-side.
It only controlled some enum operations in any case.
This is to try and have less 'magic' environment variables.
Andrew Bartlett
(This used to be commit e4be82e4e2c7cdf15f3e20f73fe9f281f6384423)
|
|
(Double checked)
(This used to be commit dc3c14fc2b661a62a1876149e96af6de07a2c4a6)
|
|
(This used to be commit b440418f13b840860be42690bf475c1ee3cb3647)
|
|
The global winbind file descriptor can cause havoc in some situations -
particulary when it becomes 0, 1 or 2. This patch (based on some very nice
work by Hannes Schmidt <mail@schmidt-net.via.t-online.de>) starts to recitfy
the problem by ensuring that the close-on-exec flag is set, and that we move
above 3 in the file descriptor table.
I've also decided that the PAM module can close it's pipe handle on every
request - this isn't performance-critical code.
The next step is to do the same for nss_winbind. (But things like getent()
might get in our way there).
This also cleans up some function prototypes, puts them in just one place.
Andrew Bartlett
(This used to be commit 442eb39657b98f67cd229ed3110b63aae8bf4e3c)
|
|
actually work. Also, the idea of 'loopback winbind' isn't that bad an idea
anyway (potential PDC/BDC applications).
Given all that, remove it...
Andrew Bartlett
(This used to be commit fc0d6e53fce1d05b16ec58c0bdc38aa8da4422c0)
|
|
code
(This used to be commit 91ad9041e9507d36eb3f40c23c5d4df61f139ef0)
|
|
(This used to be commit 2f74fb6e9893d306598ebedd54658f2dd56e988e)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
swedish" test to client calls. This is putting a length field at the
start of a request so we can disconnect clients talking with an out of date
libnss_winbind.so rather than deadlock them.
Misc cleanups:
- made some int values uint32
- moved WINBIND_INTERFACE_VERSION to start of cmd list
(This used to be commit a4af65b9b93671f13f277d49279a85042a8fd1d5)
|
|
(This used to be commit 20c5f042e3bb79ff96a993c70b843908dcfafb65)
|
|
(This used to be commit 03dc67788f68c9e01b5a82fdf43f837cb19f4608)
|
|
(This used to be commit 0768991d04ea03e774ca8662c9cae5e1951b88e0)
|
|
code not to do lookups for a particular domain. This allows winbind to
operate on a Samba PDC
(This used to be commit d472ee3a690fb6db03fd4536e4093a18fc37ddbb)
|
|
(This used to be commit 001129e2153633dbd079889b11331e9c27786e5b)
|
|
but I haven't actually run it yet so it probably doesn't work. (-:
(This used to be commit 59f95416b66db6df05289bde224de29c721978e5)
|
|
the libnss_winbind.so from head now works with
the winbindd from tng
(This used to be commit 67ccfd2826548a6ca22562f9fb3ae156a57bd7db)
|
|
(This used to be commit b9137b613dc8cb45cbebfc6e57e20fde0517347a)
|
|
Jeremy.
(This used to be commit d131ad1ce3f6e72e295f865a463f8dcbfa6f8d42)
|
|
Initialise response structure correctly.
(This used to be commit 587c8e58fdd79dce47fb59ce702596ea58c8b4a6)
|
|
nsswitch/wb_client.c
Merge of nsswitch/common.c rename to nsswitch/wb_common.c from TNG.
(This used to be commit f866c18f6be65db67d9d2a6c0b42e1af3b421e6c)
|