summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_nss.h
AgeCommit message (Collapse)AuthorFilesLines
2003-03-23NTLM Authentication:Andrew Bartlett1-1/+4
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett (This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
2003-01-16Updates to the NTLMSSP code again - moving the base64 decode fuctionality outAndrew Bartlett1-1/+3
of the SWAT code, and adding a base64 encoder. The main purpose of this patch is to add NTLMSSP support to 'ntlm_auth', for use with Squid. Unfortunetly the squid side doesn't quite support what we need yet. Changes to winbind to get us the info we need, and a couple of consequential changes/cleanups in the rest of the code. Andrew Bartlett (This used to be commit fe50ca8f54ded2e119bde08831785fbe0db2ee99)
2002-11-26After consultation with tpot, remove the 'winbind_domain' environmentAndrew Bartlett1-2/+2
variable hack, the feild on the pipe, and the server-side. It only controlled some enum operations in any case. This is to try and have less 'magic' environment variables. Andrew Bartlett (This used to be commit e4be82e4e2c7cdf15f3e20f73fe9f281f6384423)
2002-09-12Merge undone cleanups.Tim Potter1-1/+3
(This used to be commit d87c1f507d38444e627bce59b6c765d9c9479ac6)
2002-09-12Merge of winbind auth cleanups from appliance.Tim Potter1-0/+1
(This used to be commit 26d486aa740e283f546efc1f2ca40af3452a4f52)
2002-07-31Winbind updates!Andrew Bartlett1-1/+11
This updates the 'winbind' authentication module and winbind's 'PAM' (actually netlogon) code to allow smbd to cache connections to the DC. This is particulary relevent when we need mutex locks already - there is no parallelism to be gained anyway. The winbind code authenticates the user, and if successful, passes back the 'info3' struct describing the user. smbd then interprets that in exactly the same way as an 'ntdomain' logon. Also, add parinoia to winbind about null termination. Andrew Bartlett (This used to be commit 167f122b670d4ef67d78e6f79a2bae3f6e8d67df)
2002-07-14this is a trick to work around the fact that posix does not supplyAndrew Tridgell1-0/+3
a getgr*() function that lists groups without numerating all the group members. Instead of definiing a new nss method (which might cause problems) I added an environment variable WINBIND_GETGRLST that tells winbind not to fill in the group members in a gergrent() request. This can speed up group listing by a factor of 20 or more (on my test system with 50000 groups it reduces the time from an hour to 2 minutes) (This used to be commit e3f73256d31ab9914daae49f41e984a534996870)
2002-03-29merge winbindd WINS changes from 2.2Herb Lewis1-0/+8
(This used to be commit 205399dc17e464360b0152538329b9e111b0e7f4)
2002-02-05Drastic impromvents to pam_winbind.Andrew Bartlett1-1/+8
This adds code to do generic PAM -> NTSTATUS and NTSTATUS -> PAM error conversions, and uses them to make the error handling in pam_winbind sane. In particular, pam_winbind now uses PAM error codes, not silly '-1, -2 ...' stuff, and logs the NTSTATUS error that winbind now sends over the pipe. Added code to wbinfo to display these - makes a big difference in debugging winbindd. The main change here is the code to allow pam_winbind password changing to correctly stack - This code ripped from pam_unix, and the copyright attached. (Same as for all pam modules, including pam_winbind) Andrew Bartlett (This used to be commit dc1a72f896b83bc1ad3c7bf6c12c36ace3967280)
2002-01-31added 'wbinfo --sequence' to show sequence numbers of all domainsAndrew Tridgell1-0/+2
(This used to be commit bcd234a3dad2cd3d1c57780f4a7a3833ea611764)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-26Change the winbind interface to use seperate 'domain' and 'username' feilds forAndrew Bartlett1-3/+9
the sid->uid and uid->sid conversions. Remove some duplicate arguments from these funcitons, and update the request/response structures for this and the 'winbind domain name' feature. As such 'winbindd_lookup_name' now takes both a domain and username. (This used to be commit ce1b4d4c309e4a60bec5a53224585bd504264672)
2002-01-10Since AB has been changing the winbind interface it's time to add the "mockTim Potter1-5/+8
swedish" test to client calls. This is putting a length field at the start of a request so we can disconnect clients talking with an out of date libnss_winbind.so rather than deadlock them. Misc cleanups: - made some int values uint32 - moved WINBIND_INTERFACE_VERSION to start of cmd list (This used to be commit a4af65b9b93671f13f277d49279a85042a8fd1d5)
2002-01-10Return the winbind separator over the socket, so programs don't have to parseAndrew Bartlett1-0/+10
smb.conf to get it right. While wb_client needs its lp_load() for samba dependency reasons, it now uses the new method both to example and test the new code. Also add an interface version function, and return the winbind's samba version string. In preperation for default domains, its now up to winbindd to reject plaintext auths that don't have a seperator, but NTLM (CRAP) auths now have two feilds, hence need parsing. Andrew Bartlett (This used to be commit 2bd2a092ee3d49a74d896385688d7c7256aa297e)
2002-01-10This changes the winbind protcol a bit:Andrew Bartlett1-0/+2
It adds a 'ping' request, just to check winbind is in fact alive It also changes winbindd_pam_auth_crap to take usernames and domain seperatly. (backward incompatible change, needs merge to 2.2, but this is not yet released code, so no workarounds) Finally, it adds some debugs and fixes a few memory leaks (uses talloc to do it). Andrew Bartlett (This used to be commit 6df29bfe335144a968f5367f624ef2b4cf9e69b0)
2002-01-10A big tidyup while thinking about getting trusted domains being re-readTim Potter1-4/+4
when they are added or removed on the PDC. - renamed GETPWNAM_FROM_{UID,USER} constants and functions to GETPW{NAM,UID} - renamed GETGRNAM_FROM_{GID,GROUP} constants and functions to GETGR{NAM,GID} - use SIGUSR2 in winbindd for debugging/logging instead of SIGUSR1 in preparation for moving to smbcontrol type messages (not sure whether to ditch this altogether or not) - tidy debugging messages in top level winbind user and group routines - convert talloc_init() to talloc_init_named() - make enumerations of the domain list use the same local variable names (This used to be commit eeb8af9c1a66bfcd80823d7b406acbab79857a16)
2001-11-21Preparing to implement +ve and -ve caching for lookupname/lookupsid calls.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 1f6cc536b2db0c36feee45cfd6ac1ad5ee8fb05a)
2001-11-14Got ready to implement Martin's idea, but request doesn't have a lengthJeremy Allison1-5/+5
field.... well, now at least the code is there when it does :-). Jeremy. (This used to be commit 22e323ca47325482b6ae527070509ed9c6cbccee)
2001-09-17move to SAFE_FREE()Simo Sorce1-0/+4
(This used to be commit 03dc67788f68c9e01b5a82fdf43f837cb19f4608)
2001-09-05fixed a bunch of compilation errors on Solaris, mostly people getting ↵Andrew Tridgell1-1/+1
NSS_STATUS and WINBINDD error codes mixed up (This used to be commit 66698d6b841df809a8654012a8385bffacb9dc4a)
2001-08-22Added another authentication interface to winbindd. The Challenge ResponseTim Potter1-0/+9
Authentication Protocol (CRAP) takes a tuple of (username, random challenge, encrypted lm password, encrypted nt password) where the passwords are encrypted with the random challenge ala ntlmssp. (This used to be commit 11f72a78e3a16bbb17b576d80b47a9eb818ee428)
2000-10-11Renamed WINBINDD_INITGROUPS constant to WINBINDD_GETGROUPS.Tim Potter1-1/+1
(This used to be commit 5f3cf2eb78bfa6fb00890d449d38e9f13964712c)
2000-08-25Updated file with version in TNG.Tim Potter1-2/+3
(This used to be commit 156e17dea48962bca98a3f7d1e876eb6047ebc8a)
2000-07-05Merge of wbinfo program from TNG.Tim Potter1-1/+4
(This used to be commit 659e4d88ff9dbf1fa9cd8904470c4a8d02d8674b)
2000-06-30Merge from TNG.Tim Potter1-2/+4
(This used to be commit b46fc0ed040ff24bb4e348904fdb0e9788364837)
2000-06-14Merge from TNG.Tim Potter1-53/+103
(This used to be commit e5cb97dda89fe23612b75861232591e4831733e0)
2000-05-09brought the winbindd code into headAndrew Tridgell1-0/+118
this does not yet compile, but I'm working on that. (This used to be commit 3fb862531a4e78dca13d16d958517b16e5bdd4e2)