summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_misc.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter1-95/+305
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-3/+3
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2004-01-08This merges in my 'always use ADS' patch. Tested on a mix of NT and ADSAndrew Bartlett1-0/+1
domains, this patch ensures that we always use the ADS backend when security=ADS, and the remote server is capable. The routines used for this behaviour have been upgraded to modern Samba codeing standards. This is a change in behaviour for mixed mode domains, and if the trusted domain cannot be reached with our current krb5.conf file, we will show that domain as disconnected. This is in line with existing behaviour for native mode domains, and for our primary domain. As a consequence of testing this patch, I found that our kerberos error handling was well below par - we would often throw away useful error values. These changes move more routines to ADS_STATUS to return kerberos errors. Also found when valgrinding the setup, fix a few memory leaks. While sniffing the resultant connections, I noticed we would query our list of trusted domains twice - so I have reworked some of the code to avoid that. Andrew Bartlett (This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
2004-01-08Move more of winbind to use 'find_our_domain()' rather than the dangerousAndrew Bartlett1-11/+2
find_domain_from_name(lp_workgroup()). (as find_domain_from_name() can change the data in lp_workgroup()) Andrew Bartlett (This used to be commit 2e6eaad9ce6a0ad6923b5952ef6cf1c3688b7cfa)
2004-01-08The correct test for 'is our primary domain' is domain->primaryAndrew Bartlett1-1/+1
(This used to be commit 703f101136b8e9bbc16f57a37cd9d9d739606a84)
2004-01-05Change our Domain controller lookup routines to more carefully seperateAndrew Bartlett1-3/+11
DNS names (realms) from NetBIOS domain names. Until now, we would experience delays as we broadcast lookups for DNS names onto the local network segments. Now if DNS comes back negative, we fall straight back to looking up the short name. Andrew Bartlett (This used to be commit 32397c8b01f1dec7b05140d210bb32f836a80ca6)
2004-01-04Commit the translation of the realm to the netbios domain name in the kerberosVolker Lendecke1-0/+29
session setup. After talking to jht and abartlet I made this unconditional, no additional parameter. Jerry: This is a change in behaviour, but I think it is necessary. Volker (This used to be commit 3ce6c9f27368cfb278007fe660a0e44a84d67f8f)
2003-11-12a small include file rearrangement that doesn't affect normalAndrew Tridgell1-0/+1
compilation, but that allows Samba3 to take advantage of pre-compiled headers in gcc if available. (This used to be commit b3e024ce1da7c7e24fcacd8a2964dd2e4562ba39)
2003-09-05fixes for ads domain membership when only the realm is defined inGerald Carter1-2/+14
smb.conf Fixes to ensure we work with disable netbios = yes (This used to be commit 3913e43724870c62a0d77ec3e73cbe9480cb6247)
2003-08-20metze's autogenerate patch for version.hGerald Carter1-1/+1
(This used to be commit ae452e51b02672a56adf18aa7a7e365eeaba9272)
2003-08-10add --domain=DOMAINNAME to wbinfoGerald Carter1-0/+12
Add support for geting the sequence number, list of users, and list of groups for a specific domain (assuming on reported back by wbinfo -m) wbinfo -u --domain=DOA (This used to be commit 34fc6e1bf97d514d3b1763a808d08d730191e03b)
2003-07-22Fixup a bunch of printf-style functions and debugs to use unsigned long whenTim Potter1-9/+9
displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings on some of the 64-bit build farm machines as well as help us out when 64-bit uid/gid/pid values come along. (This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a)
2003-05-27Fix extra arg for cm_get_netlogon_cli()Tim Potter1-1/+1
(This used to be commit a0c3f1d31c4888d33061bb011fcb8e701bba30bc)
2003-05-26Formatting syncup.Tim Potter1-3/+1
(This used to be commit f4b050932a44d836b11299c158666f6804cceda5)
2003-05-08This puts real netlogon connection caching to winbind. This becomesVolker Lendecke1-1/+3
important once we start doing schannel, as there would be a lot more roundtrips for the second PIPE open and bind. With this patch logging in to a member server is a matter of two (three if you count the ack...) packets between us and the DC. Volker (This used to be commit 5b3cb7725a974629d0bd8b707bc2940c36b8745e)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett1-3/+4
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-04-07Winbind merges from HEAD:Andrew Bartlett1-1/+1
- fix winbindd_pam bugs - give a better error message for unauthorized access to auth_crap - show this message in wbinfo - fix spelling: privilaged -> privileged ** This changes the location of the winbindd privileged pipe ** (thanks to tpot) Andrew Bartlett (This used to be commit 92c2a33483cc9ddd1dd627224192a3023f8caff8)
2003-03-24(merge from HEAD)Andrew Bartlett1-0/+17
NTLM Authentication: - Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett (This used to be commit ec071ca3dcbd3881dc08e6a8d7ac2ff0bcd57664)
2003-01-28Merge from HEAD:Andrew Bartlett1-0/+12
- NTLMSSP over SPENGO (sesssion-setup-and-x) cleanup and code refactor. - also consequential changes to the NTLMSSP and SPNEGO parsing functions - and the client code that uses the same functions - Add ntlm_auth, a NTLMSSP authentication interface for use by applications like Squid and Apache. - also consquential changes to use common code for base64 encode/decode. - Winbind changes to support ntlm_auth (I don't want this program to need to read smb.conf, instead getting all it's details over the pipe). - nmbd changes for fstrcat() instead of fstrcpy(). Andrew Bartlett (This used to be commit fbb46da79cf322570a7e3318100c304bbf33409e)
2003-01-15winbindd merges from HEADGerald Carter1-16/+7
(This used to be commit 8bd91a50d4e743935196ca258d06a3e43392140d)
2002-11-18Merge from HEAD:Tim Potter1-1/+2
>must add one to the extra_data size to transfer the 0 string terminator. >This was causing "wbinfo --sequence" to access past the end of malloced >memory. (This used to be commit a3c4f013d679c97dd56779c927884deae0c1027a)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-3/+1
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-2/+11
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-19Fix a double-free bug in wbinfo -t's call in winbindd.Andrew Bartlett1-5/+4
I forgot to clean this up when netlogon move across to the connection cache arrangement. Also add some smb_panics to the connection_ok() code to try to catch this kind of thing better in future. Andrew Bartlett (This used to be commit f4f23fad6099143ec26550afc67655390070ceb8)
2002-03-12get the test for disconnection the right way around!Andrew Tridgell1-3/+3
(This used to be commit ed80311b41f9869084d1e510cd8fd4213c3a1c19)
2002-03-06nicer message for --sequence when the server is disconnectedAndrew Tridgell1-2/+7
(This used to be commit 233e8b7d447b7efb0227c6c7a6cd2f9e034719fa)
2002-01-31added 'wbinfo --sequence' to show sequence numbers of all domainsAndrew Tridgell1-0/+29
(This used to be commit bcd234a3dad2cd3d1c57780f4a7a3833ea611764)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-26Allow a winbind client to obtain the server's domain name.Andrew Bartlett1-1/+13
(This used to be commit 85018fecfad1f7f6ef44b511bac937881a7bf937)
2002-01-11Always query the PDC for the list of trusted domains rather than interatingTim Potter1-3/+6
the list received at startup or we get an out of date list. I thought there might be some sequence number that is incremented when a trusted domain is added or removed - perhaps there is but I just haven't found it yet. - Renamed get_domain_info() to init_domain_list() - Made an accessor function to return the list of trusted domains rather than using a global so we don't have to remember to put a magic init function - The getent state can not keep a pointer to a winbind_domain structure as it may be freed if init_domain_list() is called again so we keep the domain name instead (This used to be commit 37216c649a394b449eaaaa6644709eafb3bf37ff)
2002-01-10Return the winbind separator over the socket, so programs don't have to parseAndrew Bartlett1-1/+27
smb.conf to get it right. While wb_client needs its lp_load() for samba dependency reasons, it now uses the new method both to example and test the new code. Also add an interface version function, and return the winbind's samba version string. In preperation for default domains, its now up to winbindd to reject plaintext auths that don't have a seperator, but NTLM (CRAP) auths now have two feilds, hence need parsing. Andrew Bartlett (This used to be commit 2bd2a092ee3d49a74d896385688d7c7256aa297e)
2002-01-10This changes the winbind protcol a bit:Andrew Bartlett1-11/+10
It adds a 'ping' request, just to check winbind is in fact alive It also changes winbindd_pam_auth_crap to take usernames and domain seperatly. (backward incompatible change, needs merge to 2.2, but this is not yet released code, so no workarounds) Finally, it adds some debugs and fixes a few memory leaks (uses talloc to do it). Andrew Bartlett (This used to be commit 6df29bfe335144a968f5367f624ef2b4cf9e69b0)
2001-11-23Fixed delete on close bug. Added core dump code to winbindd.Jeremy Allison1-2/+1
Jeremy. (This used to be commit a58d0f91f9ee7354c01a9c20cfe178d5dc02142d)
2001-11-23Fixed check machine account function.Tim Potter1-55/+29
(This used to be commit 8f01a8b07883d18f44da665cbc8e5fba04d3bc91)
2001-11-15Get list of trusted domains if we haven't fetched them yet.Tim Potter1-0/+3
(This used to be commit 187663210055ecd7b717b3894e3189ca3aaa0ed2)
2001-11-03Added NT_USER_TOKEN into server_info to fix extra groups problem.Jeremy Allison1-1/+3
Got "medieval on our ass" about const warnings (as many as I could :-). Jeremy. (This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
2001-09-17move to SAFE_FREE()Simo Sorce1-2/+2
(This used to be commit 03dc67788f68c9e01b5a82fdf43f837cb19f4608)
2001-09-10more static/dead fnsAndrew Tridgell1-2/+2
(This used to be commit f59826c0c9ba283c25faeec2cbdc7e19cca7aa04)
2001-09-04the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but ↵Andrew Tridgell1-10/+8
the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-08-27converted another bunch of stuff to NTSTATUSAndrew Tridgell1-1/+1
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
2001-08-12this is a big global fix for the ptr = Realloc(ptr, size) bug.Simo Sorce1-3/+8
many possible mem leaks, and segfaults fixed. someone should port this fix to 2.2 also. (This used to be commit fa8e55b8b465114ce209344965c1ca0333b84db9)
2001-07-25Merge of change machine account password race fix from appliance branch.Tim Potter1-1/+17
(This used to be commit 6e698d65ecb13b0b46d15bce7e0314fa1a46a13a)
2001-07-04The big character set handling changeover!Andrew Tridgell1-6/+2
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)
2001-05-07iAdditional files for winbind merge.Tim Potter1-0/+159
(This used to be commit 38ab3b31b5dc39fb59f224b399bb9c2269f1c933)