summaryrefslogtreecommitdiff
path: root/source3/nsswitch/wbinfo.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r1562: Make winbind for -S (sid->uid) and -Y (sid->gid) check whether the sidVolker Lendecke1-0/+41
requested actually is of type asked for. I've come across more than one installation where a group sid had ended up as a uid in idmap and vice versa. This just closes one possible for this misconfiguration, people are actually using wbinfo. Volker (This used to be commit acfbd34025c2fde3d6a3e582c120c2b9de8ed39b)
2007-10-10r1492: Rework our random number generation system.Andrew Bartlett1-1/+1
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). Andrew Bartlett (This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
2007-10-10r116: volker's patch for local group and group nestingGerald Carter1-0/+19
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
2004-04-01This restructures lib/afs.c so that the token data can be but into aVolker Lendecke1-0/+67
stream. This is to implement wbinfo -k that asks winbind for authentication which then creates the AFS token for the authenticated user. Volker (This used to be commit 2df6750a079820826013360fb9e47f90bc8223a5)
2004-04-01Cosmetic: Fix a const warning.Volker Lendecke1-5/+6
Volker (This used to be commit c814f7c43db9700ec08a30c45521181c754df247)
2004-03-07This might not be used a lot and might not survive for long, but at least itVolker Lendecke1-1/+1
should work as expected :-) Fix wb_delgrpmember. Volker (This used to be commit 9fc0025d12d17b0c68956af481a836eebc32e675)
2004-01-23Fix typoVolker Lendecke1-2/+1
(This used to be commit 09a30014233f111fe978effb12ecb2f88b710cb5)
2004-01-08This merges in my 'always use ADS' patch. Tested on a mix of NT and ADSAndrew Bartlett1-6/+8
domains, this patch ensures that we always use the ADS backend when security=ADS, and the remote server is capable. The routines used for this behaviour have been upgraded to modern Samba codeing standards. This is a change in behaviour for mixed mode domains, and if the trusted domain cannot be reached with our current krb5.conf file, we will show that domain as disconnected. This is in line with existing behaviour for native mode domains, and for our primary domain. As a consequence of testing this patch, I found that our kerberos error handling was well below par - we would often throw away useful error values. These changes move more routines to ADS_STATUS to return kerberos errors. Also found when valgrinding the setup, fix a few memory leaks. While sniffing the resultant connections, I noticed we would query our list of trusted domains twice - so I have reworked some of the code to avoid that. Andrew Bartlett (This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
2004-01-07Don't duplicate pulling the 'IPC' username from secrets.tdb, insteadAndrew Bartlett1-6/+6
just use one function for both places. Andrew Bartlett (This used to be commit 85da181e8a0ade839f6d595fabdf4cea606f82e1)
2004-01-06remove unused seek_file(); don't hardcode '\' when printing the auth-userGerald Carter1-1/+1
(This used to be commit fac5e05ca1b56cb6e3ab6537d0848fa373c00831)
2004-01-05Show the sid type in name->sid translatons in a way that can be easilyAndrew Bartlett1-1/+1
understood by humans. Andrew Bartlett (This used to be commit 3d91b0a0060f18d49b2fdd9f93ef310e2ea7779d)
2004-01-04Commit the translation of the realm to the netbios domain name in the kerberosVolker Lendecke1-0/+44
session setup. After talking to jht and abartlet I made this unconditional, no additional parameter. Jerry: This is a change in behaviour, but I think it is necessary. Volker (This used to be commit 3ce6c9f27368cfb278007fe660a0e44a84d67f8f)
2003-12-23Fix typo.John Terpstra1-1/+1
(This used to be commit 46b2fb4db5c7e273a9b43c59340a0a47ade5bd5e)
2003-11-19as discussed on irc, this is a small patch that allows a few moreAndrew Tridgell1-1/+41
winbind functions to be accessed via NSS. This provides a much cleaner way for applications that need (for example) to provide name->sid mappings to do this via NSS rather than having to know the winbindd pipe protocol (as this might change). This patch also adds a varient of the winbindd_getgroups() call called winbindd_getusersids() that provides direct SID->SIDs listing of a users supplementary groups. This is enough to allow non-Samba applications to do ACL checking. A test program for the new functionality will be committed shortly. I also added the 'wbinfo --user-sids' option to expose the new function in wbinfo. (This used to be commit 702b35da0ac7c73aa5a6603f871d865565bbe278)
2003-10-31prompt for password when invoking --set-auth-user and no pwGerald Carter1-2/+7
is given (patch from Tom Dickson) (This used to be commit ca18ec0f901330c14a68c8a44d2a88a42bb7d92c)
2003-08-12Fix for bug 269. Change wbinfo and ntlm_auth to convert domain, usernameTim Potter1-3/+12
and workstation to utf8 before sending the winbindd request. Also, don't continue when the call to pull_utf8() fails but rather return a winbind error. (This is what was causing the crash) (This used to be commit ca1c463360b75538a93b56a87cbb4a6ee7b6cec6)
2003-08-11adding '.' special name to --domain to mean our domainGerald Carter1-5/+14
(This used to be commit f833d1f15691a418b99f82dbda75b673fb3428f6)
2003-08-10add --domain=DOMAINNAME to wbinfoGerald Carter1-17/+33
Add support for geting the sequence number, list of users, and list of groups for a specific domain (assuming on reported back by wbinfo -m) wbinfo -u --domain=DOA (This used to be commit 34fc6e1bf97d514d3b1763a808d08d730191e03b)
2003-07-25Make wbinfo -p work again. Fixes bug 251.Tim Potter1-1/+1
(This used to be commit ad4dd4909ffa29dbfbbd9a4f234e976fd253846b)
2003-07-11moving more code around.Gerald Carter1-22/+60
* move rid allocation into IDMAP. See comments in _api_samr_create_user() * add winbind delete user/group functions I'm checking this in to sync up with everyone. But I'm going to split the add a separate winbindd_allocate_rid() function for systems that have an 'add user script' but need idmap to give them a RID. Life would be so much simplier without 'enable rid algorithm'. The current RID allocation is horrible due to this one fact. Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow. Nothing has changed in the way a samba domain is represented, stored, or search in the directory so things should be ok with previous installations. going to bed now. (This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
2003-07-09Large set of changes to add UNIX account/group managementGerald Carter1-1/+174
to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
2003-07-08fix some formattingGerald Carter1-25/+24
(This used to be commit fca08b1c8766ef1961a9dedc127224249cac9543)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-1/+1
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-06-18Remove the -A option of wbinfo, leaving only the long version,Jim McDonough1-1/+1
--set-auth-user. There was enough confusion, as in bug #158, when a user accidentally typed -A instead of -a, and would get themselves stuck with a non-working winbind. I've made the changes to docs/docbook/manpages/wbinfo.xml, but I'm not sure what to do beyond that. Is checking that in enough? (This used to be commit 70fe85e4698ce2c26372b050417986bf4a96680b)
2003-04-14Syncup popt changes with HEAD.Tim Potter1-2/+2
(This used to be commit 39c987c3c522b66146e99fcc528cd60e05ad14f7)
2003-04-07Winbind merges from HEAD:Andrew Bartlett1-4/+6
- fix winbindd_pam bugs - give a better error message for unauthorized access to auth_crap - show this message in wbinfo - fix spelling: privilaged -> privileged ** This changes the location of the winbindd privileged pipe ** (thanks to tpot) Andrew Bartlett (This used to be commit 92c2a33483cc9ddd1dd627224192a3023f8caff8)
2003-03-18Merge of popt help cleanups.Tim Potter1-5/+5
(This used to be commit 067810ed4a38c567e64e683a24cdd405479b5ee1)
2003-02-25Merge: add popt_common_version to command line options table.Tim Potter1-0/+1
(This used to be commit 8de62f7896a53084e87b95c013d8693214c8ab85)
2003-01-08cannot assign to constHerb Lewis1-1/+1
(This used to be commit 01757e8b510e5475c76423ffe5e3c16b2aca134e)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-1/+1
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-16/+9
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-11-02Fix --set-auth-user command to delete entries from the secrets file when anTim Potter1-12/+68
empty username/password is passed on the command line. Previously we were leaving the domain name set and the password set to a NULL character. Added a --get-auth-user command to display the restrict anonymous username information. Can only be run successfully by root. (This used to be commit dcaf21efc5b48ddb0cbe70ce17e45c035ef525ad)
2002-10-29Sync with HEADJelmer Vernooij1-38/+37
(This used to be commit 658f3e92dd4b291b40ead3ef59eb19daf7f49076)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-68/+36
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-4/+3
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-17/+18
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-05-13Merge from HEAD:Tim Potter1-1/+1
> Don't store domain with username in secrets.tdb (This used to be commit a4a01afebe5b05e55ba64ada37e567d235d82fe8)
2002-05-13Merge of --set-auth-user updates from 2.2Tim Potter1-3/+4
(This used to be commit f01d48fbf5ba08edb0b2882957af98bdfd38c064)
2002-04-04Spelling.Tim Potter1-1/+1
(This used to be commit b43256df5367fd16a0f6dcdf94fdbe8932cb77c9)
2002-04-04Call poptFreeContext() as appropriate.Tim Potter1-23/+30
Clean up exit path code. (This used to be commit 41157400e3f55879fd2f20d22beeed07f1c817f5)
2002-03-29merge winbindd WINS changes from 2.2Herb Lewis1-0/+68
(This used to be commit 205399dc17e464360b0152538329b9e111b0e7f4)
2002-03-20Cache call to winbind separator.Tim Potter1-46/+56
Some random reformatting and cleanup. Display output of wbinfo -s using actual winbind separator. (This used to be commit 099f8c5dfdb150b025e29d5c8ca060f1ee1c0145)
2002-03-01Move wbinfo over to d_printf(). Patch by Hasch@t-online.de (Juergen Hasch)Andrew Bartlett1-55/+55
Andrew Bartlett (This used to be commit 5710e588ce19ff8fa2493a8d0fdbb6b793fd7c09)
2002-02-15Winbind cleanup.Andrew Bartlett1-5/+13
This patch fixes the segfaults I introduced in the previous conneciton caching patch. It cleans up the connection cache a *lot* - in particular it adds significant robustness to the operation. If a the DC goes down, we no longer fail the next operation - the code checks if the connection died during one of its own operations on the socket, and restarts the conneciton as required. There is still a memory leak in here somewhere - but this code also cleans up a number of these. Also added is the abilty to sepecify the domain of the 'get around restrict anonymous' user that winbind uses. Andrew Bartlett (This used to be commit 92cbefdf2783bf9dbbb2179c1b2f7cdb802d84a9)
2002-02-11A few small winbind updates:Andrew Bartlett1-1/+0
Add a connection cache to the netlogon pipe. This makes a *massive* difference to the time-per-auth. Also fix up *some* of the memory leaks in other connection caches. Add some debugging messages for the is_connected() code. I'm thinking we should get a client implementation of SMBecho and call it here - as it would allow us to always know the DC is around before we start. Down the debug level for some of the pam_winbind code - I'll probably down it further when I'm finished debugging. Andrew Bartlett (This used to be commit 49d3e476662220775ef8da7db01ea17e77e11b0b)
2002-02-060x is the traditional prefix for displaying hex numbers.Tim Potter1-2/+2
(This used to be commit f424b691ea76819e90f10919b0506bb2216ecd0e)
2002-02-05Drastic impromvents to pam_winbind.Andrew Bartlett1-0/+6
This adds code to do generic PAM -> NTSTATUS and NTSTATUS -> PAM error conversions, and uses them to make the error handling in pam_winbind sane. In particular, pam_winbind now uses PAM error codes, not silly '-1, -2 ...' stuff, and logs the NTSTATUS error that winbind now sends over the pipe. Added code to wbinfo to display these - makes a big difference in debugging winbindd. The main change here is the code to allow pam_winbind password changing to correctly stack - This code ripped from pam_unix, and the copyright attached. (Same as for all pam modules, including pam_winbind) Andrew Bartlett (This used to be commit dc1a72f896b83bc1ad3c7bf6c12c36ace3967280)
2002-01-31added 'wbinfo --sequence' to show sequence numbers of all domainsAndrew Tridgell1-0/+34
(This used to be commit bcd234a3dad2cd3d1c57780f4a7a3833ea611764)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-26Change the winbind interface to use seperate 'domain' and 'username' feilds forAndrew Bartlett1-3/+25
the sid->uid and uid->sid conversions. Remove some duplicate arguments from these funcitons, and update the request/response structures for this and the 'winbind domain name' feature. As such 'winbindd_lookup_name' now takes both a domain and username. (This used to be commit ce1b4d4c309e4a60bec5a53224585bd504264672)