summaryrefslogtreecommitdiff
path: root/source3/nsswitch/wbinfo.c
AgeCommit message (Collapse)AuthorFilesLines
2003-03-24Revoke some of the popt patch from metze I applied earlier today. It addedJelmer Vernooij1-1/+1
some double options and broke some parameters. (This used to be commit d5f9b0275c91512e1926504f22aaeec2d104430d)
2003-03-24Patch from metze to generalise POPT_COMMON_SAMBA, with some minor changesJelmer Vernooij1-2/+2
(This used to be commit 2ddfed298d7f0b6e690275725a39c3ef107077ae)
2003-03-17Some cosmetic changes to make the popt --usage output look nicer.Tim Potter1-5/+5
(This used to be commit 39124b9a62e1ba0f8089c36b27d6c79352a27973)
2003-02-18Add -V option (to print out version) to utilities where possibleJelmer Vernooij1-0/+1
(pdbedit already has a -V option..) (This used to be commit 5de622968d95c1436dbd34edc8d0a9bbff68916b)
2003-01-07cannot make assignments to const values.Herb Lewis1-1/+1
(This used to be commit e3b1e64d9f23347a5ecefeb15329b6ec8971a55e)
2003-01-02BIG patch...Andrew Bartlett1-1/+1
This patch makes Samba compile cleanly with -Wwrite-strings. - That is, all string literals are marked as 'const'. These strings are always read only, this just marks them as such for passing to other functions. What is most supprising is that I didn't need to change more than a few lines of code (all in 'net', which got a small cleanup of net.h and extern variables). The rest is just adding a lot of 'const'. As far as I can tell, I have not added any new warnings - apart from making all of tdbutil.c's function const (so they warn for adding that const string to struct). Andrew Bartlett (This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-16/+9
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
2002-11-02Fix --set-auth-user command to delete entries from the secrets file when anTim Potter1-12/+68
empty username/password is passed on the command line. Previously we were leaving the domain name set and the password set to a NULL character. Added a --get-auth-user command to display the restrict anonymous username information. Can only be run successfully by root. (This used to be commit 0bb9bc196207fb35c9de6accbe101937a687762f)
2002-10-05Don't use usage function, but use popt for usage and help infoJelmer Vernooij1-38/+37
(This used to be commit a0e0f3b293a71ee6a7bb0edb626c5e16cb803830)
2002-09-12Merge undone cleanups.Tim Potter1-13/+5
(This used to be commit d87c1f507d38444e627bce59b6c765d9c9479ac6)
2002-09-12Merge of winbind auth cleanups from appliance.Tim Potter1-11/+21
(This used to be commit 26d486aa740e283f546efc1f2ca40af3452a4f52)
2002-09-07Winbind client-side cleanups.Andrew Bartlett1-8/+4
The global winbind file descriptor can cause havoc in some situations - particulary when it becomes 0, 1 or 2. This patch (based on some very nice work by Hannes Schmidt <mail@schmidt-net.via.t-online.de>) starts to recitfy the problem by ensuring that the close-on-exec flag is set, and that we move above 3 in the file descriptor table. I've also decided that the PAM module can close it's pipe handle on every request - this isn't performance-critical code. The next step is to do the same for nss_winbind. (But things like getent() might get in our way there). This also cleans up some function prototypes, puts them in just one place. Andrew Bartlett (This used to be commit 442eb39657b98f67cd229ed3110b63aae8bf4e3c)
2002-08-29Use popt for --helpJelmer Vernooij1-54/+24
(This used to be commit 073106ad25fba8c8aaa57c296ce8e7cb7b3e3e97)
2002-07-21Compilers do find bugs :-)Andrew Bartlett1-2/+1
This was a mixup between the enum type NSS_STATUS and a BOOL (extra test for equality). Andrew Bartlett (This used to be commit 63b7820b6585608c0ebb582ec8b28ed3c949a1f4)
2002-07-20Try to fix up warnings - particularly on the IRIX 64 bit compiler (which had aAndrew Bartlett1-2/+2
distinction between uchar and char). Lots of const etc. Andrew Bartlett (This used to be commit 8196ee908e10db2119e480fe1b0a71b31a16febc)
2002-07-11Usage fixes from APPLIANCE_HEAD.Tim Potter1-1/+2
(This used to be commit 952d722a3bba15b7a10b4cbabb5548f4dde682d7)
2002-06-02The last element of the definitions of enums can't have a trailingTim Potter1-1/+1
comma. Only initialisers can have this in ANSI C. (This used to be commit b6119f583552425c2be30662e9325270a5dbf096)
2002-05-29merge from 2.2Gerald Carter1-1/+1
(This used to be commit 612584f7d5383db28960e1ae9aaeaa9b8b47486c)
2002-05-21debug classizedSimo Sorce1-0/+3
(This used to be commit ae5d24873ad0fb3df970cc9912e18e6a5067ae2d)
2002-05-19A small change to print out the error message only if we could not check theRichard Sharpe1-4/+5
secrets ... (This used to be commit 56eea2623a8a8f2a5a0311cda6d0282d0037a3cc)
2002-05-18As per rsharpe's request, require only a Masters in Astrophysics toAndrew Bartlett1-14/+10
correctly configure winbind. (Next job: Fill in the 'error_msg' field with somthing useful) (This used to be commit 49ee2a25c131641887cbc438a6336652f042cfb0)
2002-05-13Don't store domain with username in secrets.tdbTim Potter1-1/+1
(This used to be commit 5c58b4290dbc364f3b2d6593fd0425fd50160993)
2002-05-13Merge of --set-auth-user updates from 2.2Tim Potter1-3/+4
(This used to be commit 0420ae846cc93d4598b16dd21a4b8f61ae270fa2)
2002-04-04Spelling.Tim Potter1-1/+1
(This used to be commit b43256df5367fd16a0f6dcdf94fdbe8932cb77c9)
2002-04-04Call poptFreeContext() as appropriate.Tim Potter1-23/+30
Clean up exit path code. (This used to be commit 41157400e3f55879fd2f20d22beeed07f1c817f5)
2002-03-29merge winbindd WINS changes from 2.2Herb Lewis1-0/+68
(This used to be commit 205399dc17e464360b0152538329b9e111b0e7f4)
2002-03-20Cache call to winbind separator.Tim Potter1-46/+56
Some random reformatting and cleanup. Display output of wbinfo -s using actual winbind separator. (This used to be commit 099f8c5dfdb150b025e29d5c8ca060f1ee1c0145)
2002-03-01Move wbinfo over to d_printf(). Patch by Hasch@t-online.de (Juergen Hasch)Andrew Bartlett1-55/+55
Andrew Bartlett (This used to be commit 5710e588ce19ff8fa2493a8d0fdbb6b793fd7c09)
2002-02-15Winbind cleanup.Andrew Bartlett1-5/+13
This patch fixes the segfaults I introduced in the previous conneciton caching patch. It cleans up the connection cache a *lot* - in particular it adds significant robustness to the operation. If a the DC goes down, we no longer fail the next operation - the code checks if the connection died during one of its own operations on the socket, and restarts the conneciton as required. There is still a memory leak in here somewhere - but this code also cleans up a number of these. Also added is the abilty to sepecify the domain of the 'get around restrict anonymous' user that winbind uses. Andrew Bartlett (This used to be commit 92cbefdf2783bf9dbbb2179c1b2f7cdb802d84a9)
2002-02-11A few small winbind updates:Andrew Bartlett1-1/+0
Add a connection cache to the netlogon pipe. This makes a *massive* difference to the time-per-auth. Also fix up *some* of the memory leaks in other connection caches. Add some debugging messages for the is_connected() code. I'm thinking we should get a client implementation of SMBecho and call it here - as it would allow us to always know the DC is around before we start. Down the debug level for some of the pam_winbind code - I'll probably down it further when I'm finished debugging. Andrew Bartlett (This used to be commit 49d3e476662220775ef8da7db01ea17e77e11b0b)
2002-02-060x is the traditional prefix for displaying hex numbers.Tim Potter1-2/+2
(This used to be commit f424b691ea76819e90f10919b0506bb2216ecd0e)
2002-02-05Drastic impromvents to pam_winbind.Andrew Bartlett1-0/+6
This adds code to do generic PAM -> NTSTATUS and NTSTATUS -> PAM error conversions, and uses them to make the error handling in pam_winbind sane. In particular, pam_winbind now uses PAM error codes, not silly '-1, -2 ...' stuff, and logs the NTSTATUS error that winbind now sends over the pipe. Added code to wbinfo to display these - makes a big difference in debugging winbindd. The main change here is the code to allow pam_winbind password changing to correctly stack - This code ripped from pam_unix, and the copyright attached. (Same as for all pam modules, including pam_winbind) Andrew Bartlett (This used to be commit dc1a72f896b83bc1ad3c7bf6c12c36ace3967280)
2002-01-31added 'wbinfo --sequence' to show sequence numbers of all domainsAndrew Tridgell1-0/+34
(This used to be commit bcd234a3dad2cd3d1c57780f4a7a3833ea611764)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-26Change the winbind interface to use seperate 'domain' and 'username' feilds forAndrew Bartlett1-3/+25
the sid->uid and uid->sid conversions. Remove some duplicate arguments from these funcitons, and update the request/response structures for this and the 'winbind domain name' feature. As such 'winbindd_lookup_name' now takes both a domain and username. (This used to be commit ce1b4d4c309e4a60bec5a53224585bd504264672)
2002-01-20This patch makes the 'winbind use default domain' code interact better withAndrew Bartlett1-11/+0
smbd, and also makes it much cleaner inside winbindd. It is mostly my code, with a few changes and testing performed by Alexander Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and security=ads, but more testing is always appricatiated. The idea is that we no longer cart around a 'domain\user' string, we keep them seperate until the last moment - when we push that string into a pwent on onto the socket. This removes the need to be constantly parsing that string - the domain prefix is almost always already provided, (only a couple of functions actually changed arguments in all this). Some consequential changes to the RPC client code, to stop it concatonating the two strings (it now passes them both back as params). I havn't changed the cache code, however the usernames will no longer have a double domain prefix in the key string. The actual structures are unchanged - but the meaning of 'username' in the 'rid' will have changed. (The cache is invalidated at startup, so on-disk formats are not an issue here). Andrew Bartlett (This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
2002-01-18This is the 'winbind default domain' patch from Alexander BokovoyAndrew Bartlett1-8/+5
<a.bokovoy@sam-solutions.net>. The idea is the domain\username is rather harsh for unix systems - people don't expect to have to FTP, SSH and (in particular) e-mail with a username like that. This 'corrects' that - but is not without its own problems. As you can see from the changes to files like username.c and wb_client.c (smbd's winbind client code) a lot of assumptions are made in a lot of places about lp_winbind_seperator determining a users's status as a domain or local user. The main change I will shortly be making is to investigate and kill off winbind_initgroups() - as far as I know it was a workaround for an old bug in winbind itself (and a bug in RH 5.2) and should no longer be relevent. I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters to determine a user/groups's 'local' status, rather than the presence of the seperator. As such, this functionality is recommended for servers providing unix services, but is currently less than optimal for windows clients. (TODO: remove all references to lp_winbind_seperator() and lp_winbind_use_default_domain() from smbd) Andrew Bartlett (This used to be commit 07a21fcd2311d2d9b430b99303e3532a8c1159e4)
2002-01-11Some memory leak fixes.Tim Potter1-17/+23
(This used to be commit da4db0373b65d975d5129715d6b1fa725b188766)
2002-01-10Return the winbind separator over the socket, so programs don't have to parseAndrew Bartlett1-17/+37
smb.conf to get it right. While wb_client needs its lp_load() for samba dependency reasons, it now uses the new method both to example and test the new code. Also add an interface version function, and return the winbind's samba version string. In preperation for default domains, its now up to winbindd to reject plaintext auths that don't have a seperator, but NTLM (CRAP) auths now have two feilds, hence need parsing. Andrew Bartlett (This used to be commit 2bd2a092ee3d49a74d896385688d7c7256aa297e)
2002-01-10This changes the winbind protcol a bit:Andrew Bartlett1-6/+56
It adds a 'ping' request, just to check winbind is in fact alive It also changes winbindd_pam_auth_crap to take usernames and domain seperatly. (backward incompatible change, needs merge to 2.2, but this is not yet released code, so no workarounds) Finally, it adds some debugs and fixes a few memory leaks (uses talloc to do it). Andrew Bartlett (This used to be commit 6df29bfe335144a968f5367f624ef2b4cf9e69b0)
2001-12-19- added initial support for trusted domains in winbindd_adsAndrew Tridgell1-1/+5
- gss error code patch from a.bokovoy@sam-solutions.net - better sid dumping in ads_dump - fixed help in wbinfo (This used to be commit ee1c3e1f044b4ef62169ad74c5cac40eef81bfda)
2001-12-11Oops, the -a option disappeared.Tim Potter1-0/+1
(This used to be commit 6194f874bbc50cb40228b29fb783a7716104b824)
2001-12-11fix for IRIX compilersHerb Lewis1-2/+2
(This used to be commit b110f57e49bcb4e3c648020850ee18d1888b9152)
2001-12-11Converted wbinfo to use popt instead of getopt - popt is very nice!Tim Potter1-28/+100
Added a --set-auth-user function to set a username and password that can be used by winbindd when making connections to domain controllers. This is necessary when restrictions have been placed on anonymous connections either through the RestrictAnonymous registry setting, or the win2k Local Security Policy -> Security Settings -> Local Policies -> Security Options -> Additional restrictions for anonymous connections. (phew) Two new keys are set in secrets.tdb: SECRETS/AUTH_USER and SECRETS/AUTH_PASSWORD which hold the username and plaintext password of the user to connect as. To reset these values, run wbinfo --set-auth-user "" (This used to be commit 507003522b70443f79b8b69a836dcd38d309cfca)
2001-12-04Correct message on wbinfo fail to open config file.Jeremy Allison1-1/+2
Jeremy. (This used to be commit 9b7182a9da24b53f3501f6562dc66bed67fb9133)
2001-11-23Removed TimeInit() call from every client program (except for one placeTim Potter1-2/+0
in smbd/process.c where the timezone is reinitialised. Was replaced with check for a static is_initialised boolean. (This used to be commit 8fc772c9e5770cd3a8857670214dcff033ebae32)
2001-11-19Store some path names in global variables initialized to configureMartin Pool1-1/+1
default, rather than in preprocessor macros. (This used to be commit 79ec88f0da40faebe1e587f1b3e87b5f2b184f58)
2001-11-13Fix winbind client code so that winbind calls are not made if theJeremy Allison1-0/+21
requested name does not have a winbind separator character. This makes the intent explicit. Tim, contact me if this is not what you indended. Jeremy. (This used to be commit 86b7cf7f85840316052ff29115bf55c04dc17486)
2001-09-05fixed a bunch of compilation errors on Solaris, mostly people getting ↵Andrew Tridgell1-32/+33
NSS_STATUS and WINBINDD error codes mixed up (This used to be commit 66698d6b841df809a8654012a8385bffacb9dc4a)
2001-08-22Added another authentication interface to winbindd. The Challenge ResponseTim Potter1-15/+116
Authentication Protocol (CRAP) takes a tuple of (username, random challenge, encrypted lm password, encrypted nt password) where the passwords are encrypted with the random challenge ala ntlmssp. (This used to be commit 11f72a78e3a16bbb17b576d80b47a9eb818ee428)