summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd.c
AgeCommit message (Collapse)AuthorFilesLines
2003-09-09sync 3.0 into HEAD for the last timeGerald Carter1-4/+4
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
2003-08-02port latest changes from SAMBA_3_0 treeSimo Sorce1-24/+10
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
2003-07-16trying to get HEAD building again. If you want the codeGerald Carter1-12/+63
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE (This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
2003-05-28Whitespace syncup.Tim Potter1-1/+0
(This used to be commit 25caa7c6279aca249e3554b61bbc3175b66883d3)
2003-05-27Merge the remaining bits of fix for bug #60.Tim Potter1-59/+48
(This used to be commit 7c3da9b4db94add8c3cf93d8f8d1ae0e907b5b99)
2003-05-10Forgot one file.Jelmer Vernooij1-3/+0
(This used to be commit 71f6fb16ba9c75b96aea9b0b18f4b73b0d11a5ac)
2003-05-10Reverse previous patch from Stefan and me after comments by Andrew Bartlett.Jelmer Vernooij1-0/+1
(This used to be commit d31509fe88da8727521586dced1da2c73bfee2bc)
2003-05-10Patch from metze and me that adds dummy smb_register_*() functionsJelmer Vernooij1-0/+2
(This used to be commit 367a5cad1edf6a49783806d5a8b59a62d8856706)
2003-05-01proper wellknown sids initialization at startupSimo Sorce1-0/+3
(This used to be commit 568feee8977ee1be210344c8ab1896512894cba2)
2003-04-27make winbind use idmap as well.Simo Sorce1-3/+2
change idmap_init call removed ldap backend for winbind idmap, seem it had problems anyway and it have to be reworked to work with idmap without calling winbind code. simo (This used to be commit 9d7d007443fc75264b2764b90f272ffc40c9be6c)
2003-04-22update copyright notice that is written to the logsGerald Carter1-1/+1
(This used to be commit 5f1fe04a87a407297eb9d4ad0e5c6bb35b33c067)
2003-04-07Create a pidfile, even when running in interactive mode.Tim Potter1-3/+2
(This used to be commit 1d7400e679df136f03daf79788ea998c5a787f89)
2003-04-07privilaged -> privilegedTim Potter1-4/+4
(This changes the location of the winbindd privileged pipe) (This used to be commit f111f10076c7797e5fd39edcc0aad7d860bb5ac5)
2003-04-07Remove duplicate "tallocdump" message from tdb messaging system. TheTim Potter1-22/+1
same functionality exists as "pool-usage". Move initialisation of this and dmalloc messages inside message_init(). (This used to be commit af6ecafcbbf65dbedc49b3a86da39ce608bdadac)
2003-03-24Don't use old usage() function, but the one from popt.Jelmer Vernooij1-1/+0
Remove some useless arguments (This used to be commit 8df30059ef100a4d5e21501d7746427b4d312589)
2003-03-24Revoke some of the popt patch from metze I applied earlier today. It addedJelmer Vernooij1-0/+1
some double options and broke some parameters. (This used to be commit d5f9b0275c91512e1926504f22aaeec2d104430d)
2003-03-24Patch from metze to generalise POPT_COMMON_SAMBA, with some minor changesJelmer Vernooij1-5/+2
(This used to be commit 2ddfed298d7f0b6e690275725a39c3ef107077ae)
2003-03-23Convert to popt.Jelmer Vernooij1-58/+26
(This used to be commit 18d52ce914715d188966be95f9e4466666a04f74)
2003-03-23NTLM Authentication:Andrew Bartlett1-5/+25
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett (This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
2003-03-08Make sure that the 'remote' machine name can only be set once. For some weirdAndrew Bartlett1-9/+2
reason, during a Win2003 installation, when you select 'domain join' it sends one machine name in the name exchange, and litraly 'machinename' during the NTLMSSP login. Also fix up winbindd's logfile handling, so that it matches smbd and nmbd. (This helps me, by seperating the logs by pid). Andrew Bartlett (This used to be commit afe5a3832f79131fb74461577f1db0e5e8bf4b6d)
2003-02-28*Excellent* patch from Michael Steffens <michael_steffens@hp.com> to limitJeremy Allison1-5/+48
the unix domain sockets used by winbindd (also solves FD_SETSIZE problem in winbindd to boot !). Adds a "last_access" field to winbindd connections, and will close the oldest idle connection once the number of open connections goes over WINBINDD_MAX_SIMULTANEOUS_CLIENTS (defined in local.h as 200 currently). Jeremy. (This used to be commit a82caefda49396641e8650db8a7ef51752ba6c41)
2003-02-19Missed one use of SETENV. (Compat macro no longer needed, as we have aAndrew Bartlett1-1/+1
replace.c function). (This used to be commit adad4c66fcfe756277de8c325ac9f8010f9d6f9c)
2003-02-14Fix for trusted domains scan not working inspired by Ken Cross.Tim Potter1-1/+1
(Sorry - I should have checked this in yesterday but forgot) (This used to be commit 7420ddcda8e7189cedacb2c60f5ea265b8c35bda)
2003-01-16Updates to the NTLMSSP code again - moving the base64 decode fuctionality outAndrew Bartlett1-0/+1
of the SWAT code, and adding a base64 encoder. The main purpose of this patch is to add NTLMSSP support to 'ntlm_auth', for use with Squid. Unfortunetly the squid side doesn't quite support what we need yet. Changes to winbind to get us the info we need, and a couple of consequential changes/cleanups in the rest of the code. Andrew Bartlett (This used to be commit fe50ca8f54ded2e119bde08831785fbe0db2ee99)
2003-01-13Merge of remove "winbindd holding pattern" from appliance. It's a bitTim Potter1-6/+0
simpler as the rescanning of trusted domains helps us out a bit. (This used to be commit 089729c02cb2088e85f0e7f8ec79afb58fe98be7)
2003-01-03patch to include support for daemontools from Michael HandlerGerald Carter1-3/+21
(This used to be commit 4c48c475a28450ad4fd8dcc8263e841c0c39a80e)
2003-01-02BIG patch...Andrew Bartlett1-1/+1
This patch makes Samba compile cleanly with -Wwrite-strings. - That is, all string literals are marked as 'const'. These strings are always read only, this just marks them as such for passing to other functions. What is most supprising is that I didn't need to change more than a few lines of code (all in 'net', which got a small cleanup of net.h and extern variables). The rest is just adding a lot of 'const'. As far as I can tell, I have not added any new warnings - apart from making all of tdbutil.c's function const (so they warn for adding that const string to struct). Andrew Bartlett (This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison1-0/+20
named. Ensure we can query them. Jeremy. (This used to be commit 842e08e52a665ae678eea239759bb2de1a0d7b33)
2002-12-01Remove extra headers, and ensure that we correctly bail out of winbindd if weAndrew Bartlett1-0/+6
can't create the socket. Andrew Bartlett (This used to be commit 13b9af53bff8e42126a38f93c3bdd5b4d9b20aba)
2002-11-26After consultation with tpot, remove the 'winbind_domain' environmentAndrew Bartlett1-1/+1
variable hack, the feild on the pipe, and the server-side. It only controlled some enum operations in any case. This is to try and have less 'magic' environment variables. Andrew Bartlett (This used to be commit e4be82e4e2c7cdf15f3e20f73fe9f281f6384423)
2002-11-26Having waited for *way* too long, this is mimir's namecache and trusted domainAndrew Bartlett1-0/+1
cache code. This uses gencache, mimir's new caching code that stores at text-based cache of various data. Mimir has done a *lot* of work on this patch, and it is finally time to get it in CVS. Andrew Bartlett (This used to be commit 47f3bfe9564e7f3aff60cefaefd599e0abb30a31)
2002-11-18Bug fix from appliance - we must initialise the winbindd server stateTim Potter1-2/+2
before reading smb.conf parameters, not after. (This used to be commit 2beebe252f8fc76366d38024b0578f83d8542d1d)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-12/+2
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
2002-11-08Compleatly remove support for logfile truncation. All logs are opened forAndrew Bartlett1-6/+0
append writes. (blessed by jra) Andrew Bartlett (This used to be commit 81633064dd196c40541ecece8def51745f514646)
2002-11-07Call winbindd_param_init() earlier on in the piece so we don't get stuck inTim Potter1-14/+15
the holding pattern when started up when security = user or security = ads. Clean up return value of winbindd_common_init() - what a mess! (This used to be commit 8a6d37752182e0de7fd04b2c31f90e145dde783b)
2002-11-02Some winbindd cleanups I made trying to fix cr1020:Tim Potter1-38/+22
- move winbindd client handling into accessor functions in winbindd_util.c - move some winbindd socket routines into accessor functions in winbindd_utils.c (The deadlock situation mentioned in the appliance branch is probably not applicable since we don't clear the connection cache on SIGHUP. Perhaps we should?) (This used to be commit 846b5494942c73e68616e7eae0d2fd5ae4b2bc05)
2002-10-15- we need to rescan the trusted domain list regularly to cope withAndrew Tridgell1-0/+4
transitive trusts, and trusts that are added while winbindd is running - removed an unnecessary call to time() (This used to be commit 14489ff30bb9eca2c55d36a69c0b45a2db339061)
2002-10-15Change to use sys_read/sys_write.Jeremy Allison1-10/+4
Jeremy. (This used to be commit 042890056d5d4128eaaca346e7898ccda860dbe2)
2002-09-17Reverted my earlier change. It was incorrect. We must be protected byJeremy Allison1-5/+4
pidfile before doing secrets_init(). Jeremy. (This used to be commit f8a0e6ad8b25d405ff2bcb492974d2f0bef81036)
2002-09-17Only create the pidfile once we're ready to receive requests.Jeremy Allison1-3/+5
This allows external programs to correctly synchronise with us. Jeremy. (This used to be commit ffb7632d05191342ecfc5f78fbfd7beacfe257ad)
2002-09-11Put pid number in invalid request size debug.Tim Potter1-2/+2
(This used to be commit e63afabf98350353fac79ffc2ae2ddf88d61260f)
2002-08-27Fix typo in debug.Tim Potter1-1/+1
(This used to be commit 86433a3492a3b70a051257940ae28ada8788a650)
2002-08-16Merge of netbios namecache code from APPLIANCE_HEAD.Tim Potter1-0/+2
Tridge suggested a generic caching mechanism for Samba to avoid the proliferation of little cache files hanging around limpet like in the locks directory. Someone should probably implement this at some stage. (This used to be commit dad31483b3bd1790356ef1e40ac62624a403bce8)
2002-07-31Winbind updates!Andrew Bartlett1-0/+3
This updates the 'winbind' authentication module and winbind's 'PAM' (actually netlogon) code to allow smbd to cache connections to the DC. This is particulary relevent when we need mutex locks already - there is no parallelism to be gained anyway. The winbind code authenticates the user, and if successful, passes back the 'info3' struct describing the user. smbd then interprets that in exactly the same way as an 'ntdomain' logon. Also, add parinoia to winbind about null termination. Andrew Bartlett (This used to be commit 167f122b670d4ef67d78e6f79a2bae3f6e8d67df)
2002-07-21Another smattering of static and constAndrew Bartlett1-1/+1
(This used to be commit 897cc4a610932e596f8a9807213166e380ef0203)
2002-07-14this is a trick to work around the fact that posix does not supplyAndrew Tridgell1-0/+1
a getgr*() function that lists groups without numerating all the group members. Instead of definiing a new nss method (which might cause problems) I added an environment variable WINBIND_GETGRLST that tells winbind not to fill in the group members in a gergrent() request. This can speed up group listing by a factor of 20 or more (on my test system with 50000 groups it reduces the time from an hour to 2 minutes) (This used to be commit e3f73256d31ab9914daae49f41e984a534996870)
2002-06-07Merge pidfile fix.Jeremy Allison1-3/+3
Jeremy. (This used to be commit 2c1e78702423ba17993975eb7f158058cc7f229f)
2002-05-13Merge of secrets_init() paranoia fix from 2.2Tim Potter1-1/+6
(This used to be commit 1c3c0d7cb64caa6be7ee6d786fe400a1d6944a72)
2002-04-24main() needs to be indented to make sure it doesn't generate aAndrew Tridgell1-1/+1
prototype (This used to be commit fdfde9b84cf825d84316344fea5af43a9b8ebcc9)
2002-04-24a new "dual daemon" operating mode for winbinddAndrew Tridgell1-47/+88
this mode improves the response time of winbindd by having a background process update the cache while the forground process responds to queries from cache. You can enable this mode using the -B command line option. It is quite experimental, which is why it is not the default. (This used to be commit c0feff97eefdf5a70e5973e247b395dbdf5d2ef2)