summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd.c
AgeCommit message (Collapse)AuthorFilesLines
2003-03-08Make sure that the 'remote' machine name can only be set once. For some weirdAndrew Bartlett1-9/+2
reason, during a Win2003 installation, when you select 'domain join' it sends one machine name in the name exchange, and litraly 'machinename' during the NTLMSSP login. Also fix up winbindd's logfile handling, so that it matches smbd and nmbd. (This helps me, by seperating the logs by pid). Andrew Bartlett (This used to be commit afe5a3832f79131fb74461577f1db0e5e8bf4b6d)
2003-02-28*Excellent* patch from Michael Steffens <michael_steffens@hp.com> to limitJeremy Allison1-5/+48
the unix domain sockets used by winbindd (also solves FD_SETSIZE problem in winbindd to boot !). Adds a "last_access" field to winbindd connections, and will close the oldest idle connection once the number of open connections goes over WINBINDD_MAX_SIMULTANEOUS_CLIENTS (defined in local.h as 200 currently). Jeremy. (This used to be commit a82caefda49396641e8650db8a7ef51752ba6c41)
2003-02-19Missed one use of SETENV. (Compat macro no longer needed, as we have aAndrew Bartlett1-1/+1
replace.c function). (This used to be commit adad4c66fcfe756277de8c325ac9f8010f9d6f9c)
2003-02-14Fix for trusted domains scan not working inspired by Ken Cross.Tim Potter1-1/+1
(Sorry - I should have checked this in yesterday but forgot) (This used to be commit 7420ddcda8e7189cedacb2c60f5ea265b8c35bda)
2003-01-16Updates to the NTLMSSP code again - moving the base64 decode fuctionality outAndrew Bartlett1-0/+1
of the SWAT code, and adding a base64 encoder. The main purpose of this patch is to add NTLMSSP support to 'ntlm_auth', for use with Squid. Unfortunetly the squid side doesn't quite support what we need yet. Changes to winbind to get us the info we need, and a couple of consequential changes/cleanups in the rest of the code. Andrew Bartlett (This used to be commit fe50ca8f54ded2e119bde08831785fbe0db2ee99)
2003-01-13Merge of remove "winbindd holding pattern" from appliance. It's a bitTim Potter1-6/+0
simpler as the rescanning of trusted domains helps us out a bit. (This used to be commit 089729c02cb2088e85f0e7f8ec79afb58fe98be7)
2003-01-03patch to include support for daemontools from Michael HandlerGerald Carter1-3/+21
(This used to be commit 4c48c475a28450ad4fd8dcc8263e841c0c39a80e)
2003-01-02BIG patch...Andrew Bartlett1-1/+1
This patch makes Samba compile cleanly with -Wwrite-strings. - That is, all string literals are marked as 'const'. These strings are always read only, this just marks them as such for passing to other functions. What is most supprising is that I didn't need to change more than a few lines of code (all in 'net', which got a small cleanup of net.h and extern variables). The rest is just adding a lot of 'const'. As far as I can tell, I have not added any new warnings - apart from making all of tdbutil.c's function const (so they warn for adding that const string to struct). Andrew Bartlett (This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison1-0/+20
named. Ensure we can query them. Jeremy. (This used to be commit 842e08e52a665ae678eea239759bb2de1a0d7b33)
2002-12-01Remove extra headers, and ensure that we correctly bail out of winbindd if weAndrew Bartlett1-0/+6
can't create the socket. Andrew Bartlett (This used to be commit 13b9af53bff8e42126a38f93c3bdd5b4d9b20aba)
2002-11-26After consultation with tpot, remove the 'winbind_domain' environmentAndrew Bartlett1-1/+1
variable hack, the feild on the pipe, and the server-side. It only controlled some enum operations in any case. This is to try and have less 'magic' environment variables. Andrew Bartlett (This used to be commit e4be82e4e2c7cdf15f3e20f73fe9f281f6384423)
2002-11-26Having waited for *way* too long, this is mimir's namecache and trusted domainAndrew Bartlett1-0/+1
cache code. This uses gencache, mimir's new caching code that stores at text-based cache of various data. Mimir has done a *lot* of work on this patch, and it is finally time to get it in CVS. Andrew Bartlett (This used to be commit 47f3bfe9564e7f3aff60cefaefd599e0abb30a31)
2002-11-18Bug fix from appliance - we must initialise the winbindd server stateTim Potter1-2/+2
before reading smb.conf parameters, not after. (This used to be commit 2beebe252f8fc76366d38024b0578f83d8542d1d)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-12/+2
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
2002-11-08Compleatly remove support for logfile truncation. All logs are opened forAndrew Bartlett1-6/+0
append writes. (blessed by jra) Andrew Bartlett (This used to be commit 81633064dd196c40541ecece8def51745f514646)
2002-11-07Call winbindd_param_init() earlier on in the piece so we don't get stuck inTim Potter1-14/+15
the holding pattern when started up when security = user or security = ads. Clean up return value of winbindd_common_init() - what a mess! (This used to be commit 8a6d37752182e0de7fd04b2c31f90e145dde783b)
2002-11-02Some winbindd cleanups I made trying to fix cr1020:Tim Potter1-38/+22
- move winbindd client handling into accessor functions in winbindd_util.c - move some winbindd socket routines into accessor functions in winbindd_utils.c (The deadlock situation mentioned in the appliance branch is probably not applicable since we don't clear the connection cache on SIGHUP. Perhaps we should?) (This used to be commit 846b5494942c73e68616e7eae0d2fd5ae4b2bc05)
2002-10-15- we need to rescan the trusted domain list regularly to cope withAndrew Tridgell1-0/+4
transitive trusts, and trusts that are added while winbindd is running - removed an unnecessary call to time() (This used to be commit 14489ff30bb9eca2c55d36a69c0b45a2db339061)
2002-10-15Change to use sys_read/sys_write.Jeremy Allison1-10/+4
Jeremy. (This used to be commit 042890056d5d4128eaaca346e7898ccda860dbe2)
2002-09-17Reverted my earlier change. It was incorrect. We must be protected byJeremy Allison1-5/+4
pidfile before doing secrets_init(). Jeremy. (This used to be commit f8a0e6ad8b25d405ff2bcb492974d2f0bef81036)
2002-09-17Only create the pidfile once we're ready to receive requests.Jeremy Allison1-3/+5
This allows external programs to correctly synchronise with us. Jeremy. (This used to be commit ffb7632d05191342ecfc5f78fbfd7beacfe257ad)
2002-09-11Put pid number in invalid request size debug.Tim Potter1-2/+2
(This used to be commit e63afabf98350353fac79ffc2ae2ddf88d61260f)
2002-08-27Fix typo in debug.Tim Potter1-1/+1
(This used to be commit 86433a3492a3b70a051257940ae28ada8788a650)
2002-08-16Merge of netbios namecache code from APPLIANCE_HEAD.Tim Potter1-0/+2
Tridge suggested a generic caching mechanism for Samba to avoid the proliferation of little cache files hanging around limpet like in the locks directory. Someone should probably implement this at some stage. (This used to be commit dad31483b3bd1790356ef1e40ac62624a403bce8)
2002-07-31Winbind updates!Andrew Bartlett1-0/+3
This updates the 'winbind' authentication module and winbind's 'PAM' (actually netlogon) code to allow smbd to cache connections to the DC. This is particulary relevent when we need mutex locks already - there is no parallelism to be gained anyway. The winbind code authenticates the user, and if successful, passes back the 'info3' struct describing the user. smbd then interprets that in exactly the same way as an 'ntdomain' logon. Also, add parinoia to winbind about null termination. Andrew Bartlett (This used to be commit 167f122b670d4ef67d78e6f79a2bae3f6e8d67df)
2002-07-21Another smattering of static and constAndrew Bartlett1-1/+1
(This used to be commit 897cc4a610932e596f8a9807213166e380ef0203)
2002-07-14this is a trick to work around the fact that posix does not supplyAndrew Tridgell1-0/+1
a getgr*() function that lists groups without numerating all the group members. Instead of definiing a new nss method (which might cause problems) I added an environment variable WINBIND_GETGRLST that tells winbind not to fill in the group members in a gergrent() request. This can speed up group listing by a factor of 20 or more (on my test system with 50000 groups it reduces the time from an hour to 2 minutes) (This used to be commit e3f73256d31ab9914daae49f41e984a534996870)
2002-06-07Merge pidfile fix.Jeremy Allison1-3/+3
Jeremy. (This used to be commit 2c1e78702423ba17993975eb7f158058cc7f229f)
2002-05-13Merge of secrets_init() paranoia fix from 2.2Tim Potter1-1/+6
(This used to be commit 1c3c0d7cb64caa6be7ee6d786fe400a1d6944a72)
2002-04-24main() needs to be indented to make sure it doesn't generate aAndrew Tridgell1-1/+1
prototype (This used to be commit fdfde9b84cf825d84316344fea5af43a9b8ebcc9)
2002-04-24a new "dual daemon" operating mode for winbinddAndrew Tridgell1-47/+88
this mode improves the response time of winbindd by having a background process update the cache while the forground process responds to queries from cache. You can enable this mode using the -B command line option. It is quite experimental, which is why it is not the default. (This used to be commit c0feff97eefdf5a70e5973e247b395dbdf5d2ef2)
2002-04-13Tidy up winbindd debug. Added Bill Moran's hide unreadable fix.Jeremy Allison1-4/+3
Jeremy. (This used to be commit a9895fcb30cdcb572cd254b0d370d79f95c7214d)
2002-04-04Fix up conversion code from old winbindd versions (some testing needed).Jeremy Allison1-0/+4
Added time based cache size check (#ifdef'ed out by default, just didn't want to lose the code). Jeremy. (This used to be commit b2350ed36c42827c417ea4a3dd0668a4a631a090)
2002-03-29merge winbindd WINS changes from 2.2Herb Lewis1-0/+5
(This used to be commit 205399dc17e464360b0152538329b9e111b0e7f4)
2002-03-26Unblock sigusr1 on startup.Tim Potter1-0/+1
(This used to be commit f1cb5ff6c41cabc02da84d56c1a6d95fa434d484)
2002-03-26Added code for smb messaging. winbindd now responds to the smbcontrolTim Potter1-2/+15
ping, debug and pool-usage messages. (This used to be commit 144f0481c8b05956bdc96461a82d530fa85e3c72)
2002-03-15added a -h usage option to winbinddAndrew Tridgell1-1/+16
(This used to be commit d6a4a10f58accd6ad158ba60eb1508f00c9a4dd3)
2002-03-14Now we have reliable signals take SIGTERM inband.Jeremy Allison1-5/+4
Jeremy. (This used to be commit cad82926a8baf7605cef81f0e0d4daa8e527e6ee)
2002-02-18fixed a memory leak thanks to dleducq@arkoon.netAndrew Tridgell1-0/+1
(This used to be commit e84c7400175c86c4c79922182115ea1f0948186c)
2002-01-31Fix from Michael Steffens <michael_steffens@hp.com> to make signalJeremy Allison1-1/+4
processing work correctly in winbindd. This is a really good patch that gives full select semantics to the Samba modified select. Jeremy. (This used to be commit 3af16ade173cac24c1ac5eff4a36b439f16ac036)
2002-01-31added 'wbinfo --sequence' to show sequence numbers of all domainsAndrew Tridgell1-0/+1
(This used to be commit bcd234a3dad2cd3d1c57780f4a7a3833ea611764)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-26Change the winbind interface to use seperate 'domain' and 'username' feilds forAndrew Bartlett1-0/+1
the sid->uid and uid->sid conversions. Remove some duplicate arguments from these funcitons, and update the request/response structures for this and the 'winbind domain name' feature. As such 'winbindd_lookup_name' now takes both a domain and username. (This used to be commit ce1b4d4c309e4a60bec5a53224585bd504264672)
2002-01-22Call pidfile_create() as part of init sequence.Tim Potter1-0/+3
(This used to be commit fa05a7de6d2311293242825dc98596d8e42c6249)
2002-01-19Fix to close winbindd_idmap on exit. Pointed out by Alexander Bokovoy.Jeremy Allison1-0/+2
Jeremy. (This used to be commit 1bd96b3094b530c3426b22b6f891c7fc055e7033)
2002-01-13I'm doing some things towards the NamedPipes game with lckl and he has asked meAndrew Bartlett1-86/+2
to move this from being a static to matching its mate in lib/util_sock.c. In any case, this should discorage anybody from using the 'wrong' version of this function. (ie the one from TNG, which needs a bit more error checking depending on use). Andrew Bartlett (This used to be commit e6a3a01f795a85d908180ff19469ce09a2803512)
2002-01-12Many thanks to Alexander Bokovoy <a.bokovoy@sam-solutions.net>.Andrew Bartlett1-0/+1
This work was sponsored by Optifacio Software Services, Inc. Andrew Bartlett (various e-mails announcements merged into some form of commit message below:) This patch which adds basics of universal groups support into Samba 3. Currently, only Winbind with RPC calls supports this, ADS support requires additional (possibly huge) work on KRB5 PAC. However, basic infrastructure is here. This patch adds: 1. Storing of universal groups for particular user logged into Samba software (smbd/ two winbind-pam methods) into netlogon_unigrp.tdb as array of uint32 supplemental group rids keyed as DOMAIN_SID/USER_RID in tdb. 2. Fetching of unversal groups for given user rid and domain sid from netlogon_unigrp.tdb. Since this is used in both smbd and winbindd, main code is in source/lib/netlogon_uingrp.c. Dependencies are added to AUTH_OBJ as UNIGRP_OBJ and WINBINDD_OBJ as UNIGRP_OBJ. This patch has had a few versions, the final version in particular: Many thanks to Andrew Bartlett for critics and comments, and partly rewritten code. New: - updated fetching code to changed byte order macros - moved functions to proper namespace - optimized memory usage by reusing caller's memory context - enhanced code to more follow Samba coding rules Todo: - proper universal group expiration after timeout (This used to be commit 80c2aefbe7c1aa363dd286a47d50c5d8b4595f43)
2002-01-11Always query the PDC for the list of trusted domains rather than interatingTim Potter1-3/+3
the list received at startup or we get an out of date list. I thought there might be some sequence number that is incremented when a trusted domain is added or removed - perhaps there is but I just haven't found it yet. - Renamed get_domain_info() to init_domain_list() - Made an accessor function to return the list of trusted domains rather than using a global so we don't have to remember to put a magic init function - The getent state can not keep a pointer to a winbind_domain structure as it may be freed if init_domain_list() is called again so we keep the domain name instead (This used to be commit 37216c649a394b449eaaaa6644709eafb3bf37ff)
2002-01-10Since AB has been changing the winbind interface it's time to add the "mockTim Potter1-16/+11
swedish" test to client calls. This is putting a length field at the start of a request so we can disconnect clients talking with an out of date libnss_winbind.so rather than deadlock them. Misc cleanups: - made some int values uint32 - moved WINBIND_INTERFACE_VERSION to start of cmd list (This used to be commit a4af65b9b93671f13f277d49279a85042a8fd1d5)
2002-01-10Return the winbind separator over the socket, so programs don't have to parseAndrew Bartlett1-0/+2
smb.conf to get it right. While wb_client needs its lp_load() for samba dependency reasons, it now uses the new method both to example and test the new code. Also add an interface version function, and return the winbind's samba version string. In preperation for default domains, its now up to winbindd to reject plaintext auths that don't have a seperator, but NTLM (CRAP) auths now have two feilds, hence need parsing. Andrew Bartlett (This used to be commit 2bd2a092ee3d49a74d896385688d7c7256aa297e)