summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd.c
AgeCommit message (Collapse)AuthorFilesLines
2003-05-12And finally IDMAP in 3_0Simo Sorce1-3/+5
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-05-10Reverse previous patch from Stefan and me after comments by Andrew BartlettJelmer Vernooij1-2/+0
(This used to be commit d817eaf0ecca2d878ab1ffcf7a747a02d71c811e)
2003-05-10Patch from metze and me that adds dummy smb_register_*() functions soJelmer Vernooij1-0/+2
that is now possible to, for example, load a module which contains an auth method into a binary without the auth/ subsystem built in. (This used to be commit 74d9ecfe2dd7364643d32acb62ade957bd71cd0d)
2003-05-06There appears to be no reason why we have to execute theTim Potter1-57/+45
initialisation code in winbindd_init_common() after the fork when running in dual daemon mode. The only tricky bit is we have to run a tdb_reopen_all() somewhere in the child to avoid tdb corruption. Fixed bug #60. (This used to be commit 25e55aca0fe315c2ccf4e34a94107b2321313714)
2003-04-23Merge HEAD's winbind into 3.0.Andrew Bartlett1-1/+2
This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code, the winbind_idmap abstraction (not idmap proper, but the stuff that held up the winbind LDAP backend in HEAD). Andrew Bartlett (This used to be commit d4d5e6c2ee6383c6cceb5d449aa2ba6c83eb0666)
2003-04-22update copyright notice that is written to the logsGerald Carter1-1/+1
(This used to be commit 6735a9889f6629f4f77006c59c011570031e044f)
2003-04-14Merge:Tim Potter1-91/+27
- Jelmer's latest popt changes - debugging tdb messages now initialised and handled in lib/messages.c (This used to be commit b11f35fddec8c3d3899a8bc78d093137f73b2dfb)
2003-04-07Winbind merges from HEAD:Andrew Bartlett1-4/+4
- fix winbindd_pam bugs - give a better error message for unauthorized access to auth_crap - show this message in wbinfo - fix spelling: privilaged -> privileged ** This changes the location of the winbindd privileged pipe ** (thanks to tpot) Andrew Bartlett (This used to be commit 92c2a33483cc9ddd1dd627224192a3023f8caff8)
2003-03-24(merge from HEAD)Andrew Bartlett1-5/+25
NTLM Authentication: - Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett (This used to be commit ec071ca3dcbd3881dc08e6a8d7ac2ff0bcd57664)
2003-02-28*Excellent* patch from Michael Steffens <michael_steffens@hp.com> to limitJeremy Allison1-5/+48
the unix domain sockets used by winbindd (also solves FD_SETSIZE problem in winbindd to boot !). Adds a "last_access" field to winbindd connections, and will close the oldest idle connection once the number of open connections goes over WINBINDD_MAX_SIMULTANEOUS_CLIENTS (defined in local.h as 200 currently). Jeremy. (This used to be commit 7a586552a3aeb4a26495f0965af4bd027456a011)
2003-02-19Merge minor library fixes from HEAD to 3.0.Andrew Bartlett1-1/+1
- setenv() replacement - mimir's ASN1/SPNEGO typo fixes - (size_t)-1 fixes for push_* returns - function argument signed/unsigned correction - ASN1 error handling (ensure we don't use initiailsed data) - extra net ads join error checking - allow 'set security discriptor' to fail - escape ldap strings in libads. - getgrouplist() correctness fixes (include primary gid) Andrew Bartlett (This used to be commit e9d6e2ea9a3dc01d3849b925c50702cda6ddf225)
2003-02-14Mop and bucket for trusted domain enumeration fix.Tim Potter1-1/+1
(This used to be commit 5cfb30551a713caa3d69406450c1eac4541a30fa)
2003-01-28Merge from HEAD:Andrew Bartlett1-0/+1
- NTLMSSP over SPENGO (sesssion-setup-and-x) cleanup and code refactor. - also consequential changes to the NTLMSSP and SPNEGO parsing functions - and the client code that uses the same functions - Add ntlm_auth, a NTLMSSP authentication interface for use by applications like Squid and Apache. - also consquential changes to use common code for base64 encode/decode. - Winbind changes to support ntlm_auth (I don't want this program to need to read smb.conf, instead getting all it's details over the pipe). - nmbd changes for fstrcat() instead of fstrcpy(). Andrew Bartlett (This used to be commit fbb46da79cf322570a7e3318100c304bbf33409e)
2003-01-15playing janitor for tpot; remove holding patternGerald Carter1-6/+0
(This used to be commit c8e77809adfb2ace18c219d9291651a4959bbcb7)
2003-01-03patch to include support for daemontools from Michael HandlerGerald Carter1-3/+21
(This used to be commit a8db1b611d83bfd8dcf60f1e6d8fcbf57c798528)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-1/+1
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison1-0/+20
named. Ensure we can query them. Jeremy. (This used to be commit 09a218a9f6fb0bd922940467bf8500eb4f1bcf84)
2002-12-20Merge from HEAD.Tim Potter1-1/+7
- null termination of winbind request fix - bail out if we can't open winbind socket (This used to be commit 102e490d683c0758a9798a3c15e748509690c95b)
2002-11-18Bug fix from appliance - we must initialise the winbindd server stateTim Potter1-2/+2
before reading smb.conf parameters, not after. (This used to be commit 7bdaa03f2fc7ea6ef0f56f7c73b951c177d64a2e)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-12/+2
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-11-09Last sync with HEADJelmer Vernooij1-6/+0
(This used to be commit 1175b62337f5c29954cd5e8dfdc2327c9c80748c)
2002-11-07Keep branches in sync.....Jeremy Allison1-14/+19
Jeremy. (This used to be commit faf92207e71980aaaad8b5487f5c2d6a60f7ddd1)
2002-11-02Some winbindd cleanups I made trying to fix cr1020:Tim Potter1-38/+22
- move winbindd client handling into accessor functions in winbindd_util.c - move some winbindd socket routines into accessor functions in winbindd_utils.c (The deadlock situation mentioned in the appliance branch is probably not applicable since we don't clear the connection cache on SIGHUP. Perhaps we should?) (This used to be commit ee0e3d31a1d1bef70810aadcdafdf9678d21ea8f)
2002-10-15Change to use sys_read/sys_write.Jeremy Allison1-10/+4
Jeremy. (This used to be commit 7d0dc36df0e3ca451c1ab660aa08e0d021ca89f0)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-2/+3
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-1/+6
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-52/+93
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-05-13Merge of secrets_init() paranoia fix from 2.2Tim Potter1-1/+6
(This used to be commit e24f6288b63b950d7e8fee80759a94d6acd8cfa6)
2002-04-04Fix up conversion code from old winbindd versions (some testing needed).Jeremy Allison1-0/+4
Added time based cache size check (#ifdef'ed out by default, just didn't want to lose the code). Jeremy. (This used to be commit b2350ed36c42827c417ea4a3dd0668a4a631a090)
2002-03-29merge winbindd WINS changes from 2.2Herb Lewis1-0/+5
(This used to be commit 205399dc17e464360b0152538329b9e111b0e7f4)
2002-03-26Unblock sigusr1 on startup.Tim Potter1-0/+1
(This used to be commit f1cb5ff6c41cabc02da84d56c1a6d95fa434d484)
2002-03-26Added code for smb messaging. winbindd now responds to the smbcontrolTim Potter1-2/+15
ping, debug and pool-usage messages. (This used to be commit 144f0481c8b05956bdc96461a82d530fa85e3c72)
2002-03-15added a -h usage option to winbinddAndrew Tridgell1-1/+16
(This used to be commit d6a4a10f58accd6ad158ba60eb1508f00c9a4dd3)
2002-03-14Now we have reliable signals take SIGTERM inband.Jeremy Allison1-5/+4
Jeremy. (This used to be commit cad82926a8baf7605cef81f0e0d4daa8e527e6ee)
2002-02-18fixed a memory leak thanks to dleducq@arkoon.netAndrew Tridgell1-0/+1
(This used to be commit e84c7400175c86c4c79922182115ea1f0948186c)
2002-01-31Fix from Michael Steffens <michael_steffens@hp.com> to make signalJeremy Allison1-1/+4
processing work correctly in winbindd. This is a really good patch that gives full select semantics to the Samba modified select. Jeremy. (This used to be commit 3af16ade173cac24c1ac5eff4a36b439f16ac036)
2002-01-31added 'wbinfo --sequence' to show sequence numbers of all domainsAndrew Tridgell1-0/+1
(This used to be commit bcd234a3dad2cd3d1c57780f4a7a3833ea611764)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-26Change the winbind interface to use seperate 'domain' and 'username' feilds forAndrew Bartlett1-0/+1
the sid->uid and uid->sid conversions. Remove some duplicate arguments from these funcitons, and update the request/response structures for this and the 'winbind domain name' feature. As such 'winbindd_lookup_name' now takes both a domain and username. (This used to be commit ce1b4d4c309e4a60bec5a53224585bd504264672)
2002-01-22Call pidfile_create() as part of init sequence.Tim Potter1-0/+3
(This used to be commit fa05a7de6d2311293242825dc98596d8e42c6249)
2002-01-19Fix to close winbindd_idmap on exit. Pointed out by Alexander Bokovoy.Jeremy Allison1-0/+2
Jeremy. (This used to be commit 1bd96b3094b530c3426b22b6f891c7fc055e7033)
2002-01-13I'm doing some things towards the NamedPipes game with lckl and he has asked meAndrew Bartlett1-86/+2
to move this from being a static to matching its mate in lib/util_sock.c. In any case, this should discorage anybody from using the 'wrong' version of this function. (ie the one from TNG, which needs a bit more error checking depending on use). Andrew Bartlett (This used to be commit e6a3a01f795a85d908180ff19469ce09a2803512)
2002-01-12Many thanks to Alexander Bokovoy <a.bokovoy@sam-solutions.net>.Andrew Bartlett1-0/+1
This work was sponsored by Optifacio Software Services, Inc. Andrew Bartlett (various e-mails announcements merged into some form of commit message below:) This patch which adds basics of universal groups support into Samba 3. Currently, only Winbind with RPC calls supports this, ADS support requires additional (possibly huge) work on KRB5 PAC. However, basic infrastructure is here. This patch adds: 1. Storing of universal groups for particular user logged into Samba software (smbd/ two winbind-pam methods) into netlogon_unigrp.tdb as array of uint32 supplemental group rids keyed as DOMAIN_SID/USER_RID in tdb. 2. Fetching of unversal groups for given user rid and domain sid from netlogon_unigrp.tdb. Since this is used in both smbd and winbindd, main code is in source/lib/netlogon_uingrp.c. Dependencies are added to AUTH_OBJ as UNIGRP_OBJ and WINBINDD_OBJ as UNIGRP_OBJ. This patch has had a few versions, the final version in particular: Many thanks to Andrew Bartlett for critics and comments, and partly rewritten code. New: - updated fetching code to changed byte order macros - moved functions to proper namespace - optimized memory usage by reusing caller's memory context - enhanced code to more follow Samba coding rules Todo: - proper universal group expiration after timeout (This used to be commit 80c2aefbe7c1aa363dd286a47d50c5d8b4595f43)
2002-01-11Always query the PDC for the list of trusted domains rather than interatingTim Potter1-3/+3
the list received at startup or we get an out of date list. I thought there might be some sequence number that is incremented when a trusted domain is added or removed - perhaps there is but I just haven't found it yet. - Renamed get_domain_info() to init_domain_list() - Made an accessor function to return the list of trusted domains rather than using a global so we don't have to remember to put a magic init function - The getent state can not keep a pointer to a winbind_domain structure as it may be freed if init_domain_list() is called again so we keep the domain name instead (This used to be commit 37216c649a394b449eaaaa6644709eafb3bf37ff)
2002-01-10Since AB has been changing the winbind interface it's time to add the "mockTim Potter1-16/+11
swedish" test to client calls. This is putting a length field at the start of a request so we can disconnect clients talking with an out of date libnss_winbind.so rather than deadlock them. Misc cleanups: - made some int values uint32 - moved WINBIND_INTERFACE_VERSION to start of cmd list (This used to be commit a4af65b9b93671f13f277d49279a85042a8fd1d5)
2002-01-10Return the winbind separator over the socket, so programs don't have to parseAndrew Bartlett1-0/+2
smb.conf to get it right. While wb_client needs its lp_load() for samba dependency reasons, it now uses the new method both to example and test the new code. Also add an interface version function, and return the winbind's samba version string. In preperation for default domains, its now up to winbindd to reject plaintext auths that don't have a seperator, but NTLM (CRAP) auths now have two feilds, hence need parsing. Andrew Bartlett (This used to be commit 2bd2a092ee3d49a74d896385688d7c7256aa297e)
2002-01-10This changes the winbind protcol a bit:Andrew Bartlett1-0/+1
It adds a 'ping' request, just to check winbind is in fact alive It also changes winbindd_pam_auth_crap to take usernames and domain seperatly. (backward incompatible change, needs merge to 2.2, but this is not yet released code, so no workarounds) Finally, it adds some debugs and fixes a few memory leaks (uses talloc to do it). Andrew Bartlett (This used to be commit 6df29bfe335144a968f5367f624ef2b4cf9e69b0)
2002-01-10A big tidyup while thinking about getting trusted domains being re-readTim Potter1-13/+14
when they are added or removed on the PDC. - renamed GETPWNAM_FROM_{UID,USER} constants and functions to GETPW{NAM,UID} - renamed GETGRNAM_FROM_{GID,GROUP} constants and functions to GETGR{NAM,GID} - use SIGUSR2 in winbindd for debugging/logging instead of SIGUSR1 in preparation for moving to smbcontrol type messages (not sure whether to ditch this altogether or not) - tidy debugging messages in top level winbind user and group routines - convert talloc_init() to talloc_init_named() - make enumerations of the domain list use the same local variable names (This used to be commit eeb8af9c1a66bfcd80823d7b406acbab79857a16)
2001-12-30When running interactive we want to set our own process group forJeremy Allison1-0/+9
signal management. Jeremy. (This used to be commit fffae94dd5699f44c0b1c8081587deafd89b3fc0)
2001-12-21Append to log.winbindd instead of overwriting it so we are consistent withTim Potter1-0/+7
smbd/nmbd behaviour. (This used to be commit 54d276561524213302e7bb2d759d7d4082fd6e8a)