summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_proto.h
AgeCommit message (Collapse)AuthorFilesLines
2002-02-27this allows us to support foreign SIDs in winbindd and smbdAndrew Tridgell1-7/+8
this means "xcopy /o" has a chance of working with ACLs that contain ACEs that use SIDs that the Samba server has no knowledge of. It's a bit hackish, Tim, can you look at my uid.c changes? (This used to be commit fe2db3148587937aa7b674c1c99036d42a3776b3)
2002-02-19make protoTim Potter1-1/+0
(This used to be commit 98d3ea19b0755cf59102c479ddbbfe62bd653d74)
2002-01-31added 'wbinfo --sequence' to show sequence numbers of all domainsAndrew Tridgell1-0/+1
(This used to be commit bcd234a3dad2cd3d1c57780f4a7a3833ea611764)
2002-01-26Change the winbind interface to use seperate 'domain' and 'username' feilds forAndrew Bartlett1-1/+1
the sid->uid and uid->sid conversions. Remove some duplicate arguments from these funcitons, and update the request/response structures for this and the 'winbind domain name' feature. As such 'winbindd_lookup_name' now takes both a domain and username. (This used to be commit ce1b4d4c309e4a60bec5a53224585bd504264672)
2002-01-20This patch makes the 'winbind use default domain' code interact better withAndrew Bartlett1-1/+2
smbd, and also makes it much cleaner inside winbindd. It is mostly my code, with a few changes and testing performed by Alexander Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and security=ads, but more testing is always appricatiated. The idea is that we no longer cart around a 'domain\user' string, we keep them seperate until the last moment - when we push that string into a pwent on onto the socket. This removes the need to be constantly parsing that string - the domain prefix is almost always already provided, (only a couple of functions actually changed arguments in all this). Some consequential changes to the RPC client code, to stop it concatonating the two strings (it now passes them both back as params). I havn't changed the cache code, however the usernames will no longer have a double domain prefix in the key string. The actual structures are unchanged - but the meaning of 'username' in the 'rid' will have changed. (The cache is invalidated at startup, so on-disk formats are not an issue here). Andrew Bartlett (This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
2002-01-19Fix to close winbindd_idmap on exit. Pointed out by Alexander Bokovoy.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 1bd96b3094b530c3426b22b6f891c7fc055e7033)
2002-01-18This is the 'winbind default domain' patch from Alexander BokovoyAndrew Bartlett1-0/+2
<a.bokovoy@sam-solutions.net>. The idea is the domain\username is rather harsh for unix systems - people don't expect to have to FTP, SSH and (in particular) e-mail with a username like that. This 'corrects' that - but is not without its own problems. As you can see from the changes to files like username.c and wb_client.c (smbd's winbind client code) a lot of assumptions are made in a lot of places about lp_winbind_seperator determining a users's status as a domain or local user. The main change I will shortly be making is to investigate and kill off winbind_initgroups() - as far as I know it was a workaround for an old bug in winbind itself (and a bug in RH 5.2) and should no longer be relevent. I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters to determine a user/groups's 'local' status, rather than the presence of the seperator. As such, this functionality is recommended for servers providing unix services, but is currently less than optimal for windows clients. (TODO: remove all references to lp_winbind_seperator() and lp_winbind_use_default_domain() from smbd) Andrew Bartlett (This used to be commit 07a21fcd2311d2d9b430b99303e3532a8c1159e4)
2002-01-11Always query the PDC for the list of trusted domains rather than interatingTim Potter1-2/+5
the list received at startup or we get an out of date list. I thought there might be some sequence number that is incremented when a trusted domain is added or removed - perhaps there is but I just haven't found it yet. - Renamed get_domain_info() to init_domain_list() - Made an accessor function to return the list of trusted domains rather than using a global so we don't have to remember to put a magic init function - The getent state can not keep a pointer to a winbind_domain structure as it may be freed if init_domain_list() is called again so we keep the domain name instead (This used to be commit 37216c649a394b449eaaaa6644709eafb3bf37ff)
2002-01-10Return the winbind separator over the socket, so programs don't have to parseAndrew Bartlett1-0/+2
smb.conf to get it right. While wb_client needs its lp_load() for samba dependency reasons, it now uses the new method both to example and test the new code. Also add an interface version function, and return the winbind's samba version string. In preperation for default domains, its now up to winbindd to reject plaintext auths that don't have a seperator, but NTLM (CRAP) auths now have two feilds, hence need parsing. Andrew Bartlett (This used to be commit 2bd2a092ee3d49a74d896385688d7c7256aa297e)
2002-01-10This changes the winbind protcol a bit:Andrew Bartlett1-0/+2
It adds a 'ping' request, just to check winbind is in fact alive It also changes winbindd_pam_auth_crap to take usernames and domain seperatly. (backward incompatible change, needs merge to 2.2, but this is not yet released code, so no workarounds) Finally, it adds some debugs and fixes a few memory leaks (uses talloc to do it). Andrew Bartlett (This used to be commit 6df29bfe335144a968f5367f624ef2b4cf9e69b0)
2002-01-10A big tidyup while thinking about getting trusted domains being re-readTim Potter1-5/+4
when they are added or removed on the PDC. - renamed GETPWNAM_FROM_{UID,USER} constants and functions to GETPW{NAM,UID} - renamed GETGRNAM_FROM_{GID,GROUP} constants and functions to GETGR{NAM,GID} - use SIGUSR2 in winbindd for debugging/logging instead of SIGUSR1 in preparation for moving to smbcontrol type messages (not sure whether to ditch this altogether or not) - tidy debugging messages in top level winbind user and group routines - convert talloc_init() to talloc_init_named() - make enumerations of the domain list use the same local variable names (This used to be commit eeb8af9c1a66bfcd80823d7b406acbab79857a16)
2001-12-19much better ADS error handling systemAndrew Tridgell1-9/+9
(This used to be commit 05a90a28843e0d69183a49a76617c5f32817df16)
2001-12-14Added the group enum code from 2.2Jeremy Allison1-0/+1
Jeremy. (This used to be commit 59e01a22c5cb1046758c8cd6b09333c19d6cd26e)
2001-12-10Make protoMartin Pool1-1/+0
(This used to be commit 83ab28a7e5cc75d3cdf35c083b057a1c7e50192d)
2001-12-10make sid_binstring available without HAVE_ADSAndrew Tridgell1-47/+2
(This used to be commit 4a6d29768665f71b72cf48ee34ee9a9c451232f6)
2001-12-09completely new winbindd cache infrastructureAndrew Tridgell1-0/+4
this one looks like just another winbind backend, and has the following properties: - does -ve and +ve cacheing of all queries - can be disabled with -n switch to winbindd - stores all records packed, so even huge domains are not a problem for a complete cache - handles the server being down - uses sequence numbers for all entries This fixes a lot of problems with winbindd. Serving from cache is now *very* fast. (This used to be commit fddb4f4c04473a60a97212c0c8e143d6a4d68380)
2001-12-08added internal sasl/gssapi code. This means we are no longer dependent on ↵Andrew Tridgell1-0/+9
cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm (This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b)
2001-12-05moved the sequence number fetch into the backend, and fetch theAndrew Tridgell1-1/+0
sequence number via ldap when using ads (This used to be commit 9a084f0bb91883224ad44e2b76417d10c15cce42)
2001-12-05finally worked out how to do ldap lookups by binary blobs, so I canAndrew Tridgell1-10/+0
now do searches on SID. This allows me to do a true ldap sid_to_name() function one one function to go! (This used to be commit 7d44aa3915bc88fd2b2f8454f190b11677cbb848)
2001-12-05Fixed parse_domain_user to be bool.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 9563de2ef8c1197f4941671d2fdade7d933c32d0)
2001-12-04moved lookup_usergroups() into the backend structureAndrew Tridgell1-4/+0
(This used to be commit 689f45d2079d06b09947b2cdd314867df98c938d)
2001-12-04added a query_user backendAndrew Tridgell1-3/+0
fixed a winbindd crash when the group membership can't be looked up (This used to be commit 088f4cc5be4a1a38781e4d019146d53993ed8c6f)
2001-12-03put sid_to_name behind the winbindd backend interfaceAndrew Tridgell1-0/+5
I spent quite a while trying to work out how to make this call via ldap and failed. I then found that MS servers seem use rpc for sid_to_name, and it works even when in native mode, I ended up just implementing it via rpc (This used to be commit 789833b44e342c0b5de463ed8f9b5f7474a99f27)
2001-12-03added name_to_sid to the backendAndrew Tridgell1-13/+17
(This used to be commit 816e40a51af80a7f703c0451304de406deab3dd8)
2001-12-03split winbindd_enum_dom_groups into the new backend structureAndrew Tridgell1-4/+0
also created winbindd_rpc.c which contains the functions that have been converted to the new structure. There will soon be a winbindd_ads.c for the ldap backend (This used to be commit e4ccc602ba65838646f2632120069f3274619dd9)
2001-12-01The beginnings of alternative backends for winbinddAndrew Tridgell1-2/+2
This just splits off the dispinfo call behind a methods structure. I'll split off a few more functions soon, then we will be ready for LDAP replacement methods (This used to be commit 0216b0fca115c903ec31ed21427a83c62077dc95)
2001-11-26Removed bogus SAFE_FREE() call of talloced return data fromTim Potter1-1/+4
winbindd_lookup_usergroups() (This used to be commit dd2048c418da7a08bc71305491953731fc427f5a)
2001-11-23Fixed check machine account function.Tim Potter1-7/+14
(This used to be commit 8f01a8b07883d18f44da665cbc8e5fba04d3bc91)
2001-11-15Added free_domain_info() function.Tim Potter1-1/+1
(This used to be commit 1a9a36159104e1d6248254e1efd9925fc1c956d3)
2001-11-14Random connection robustness related fixes. Display some debugs aboutTim Potter1-2/+3
the currently open connections when winbindd receives a USR1 signal. Hmm - I've just realised this will conflict with the messaging code but we don't use that yet. (This used to be commit caef54e40081477609a824185949ddf6db6ba363)
2001-11-05Use cli_nt_login_network() instead of domain_client_validate() to performTim Potter1-0/+1
pam authentication. This allows us to link in less other crap. Authenticating with a challenge/response doesn't seem to work though - we always get back NT_STATUS_WRONG_PASSWORD. (This used to be commit d85aa1ce83327dda6aa3dcd9bbab9cf6979dda1e)
2001-10-29Don't reference tallocated memory that has already been disposed of. TheTim Potter1-1/+2
cli_samr_query_userinfo function used to do this. (This used to be commit da2c167660ec12360354f96dc672d935f58dd9c0)
2001-10-19Converted some more functions to create and dispose of a talloc context on aTim Potter1-0/+2
per-call basis rather than per-connection. Had a bit more of a reformatting fest. Still need to run it through insure and handle downed connections. (This used to be commit 46fe5a8fb96974e1323bc3e5d94fda74edbeb852)
2001-10-14Pass domain structure around in cache code rather than the domain name.Tim Potter1-20/+17
(This used to be commit c6338d7eaeb31db2666603fcdd9179e61891a1c9)
2001-10-09Implemented sam group handle stuff. getent group now works.Tim Potter1-2/+3
(This used to be commit 63731d4a00e7a70b48d0c25677c76ec6b2e04ce1)
2001-10-08More work on winbindd connection rewrite:Tim Potter1-5/+6
- implemented some of the sam related connection manager routines - fill in group id and gecos fields for getpwnam/getpwuid routines - convert querydispinfo to cm - getent passwd now works Now for the group related routines... (This used to be commit 4f8ea877876e91d4762f22e78aeb1bce4c65f011)
2001-10-05This is the start of a bit of a rewrite of winbindd's connection handling.Tim Potter1-9/+14
I've wrapped up all the decisions about managing, making and closing connections into a connection manager in nsswitch/winbindd_cm.c. It's rather incomplete at the moment - only querying basic user info works at the moment (i.e finger -m DOMAIN/user) and everything else is broken. Jeremy, please take a look and I'll start moving across the rest of winbindd to this new system. (This used to be commit c369cf5af787ed9c642778d21f162716fbf0620e)
2001-09-10convert more code to use XFILEAndrew Tridgell1-6/+0
(This used to be commit fe6679dffba9a92bb35933ad52172c9be0e9ef90)
2001-09-05more warning fixes on solarisAndrew Tridgell1-1/+1
(This used to be commit c04c67fec85b1c81ef0b3cebacde304a1de0d854)
2001-09-04the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but ↵Andrew Tridgell1-1/+1
the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-08-22Added another authentication interface to winbindd. The Challenge ResponseTim Potter1-10/+11
Authentication Protocol (CRAP) takes a tuple of (username, random challenge, encrypted lm password, encrypted nt password) where the passwords are encrypted with the random challenge ala ntlmssp. (This used to be commit 11f72a78e3a16bbb17b576d80b47a9eb818ee428)
2001-05-14Compile fixes for dynamic samr_query_userinfo() stuff.Tim Potter1-6/+2
(This used to be commit a92a0d061bd322b9d3a1fe13c6ce2d2e1f070ef7)
2001-05-07Preliminary merge of winbind into HEAD. Note that this compiles and linksTim Potter1-27/+63
but I haven't actually run it yet so it probably doesn't work. (-: (This used to be commit 59f95416b66db6df05289bde224de29c721978e5)
2000-05-09brought the winbindd code into headAndrew Tridgell1-0/+113
this does not yet compile, but I'm working on that. (This used to be commit 3fb862531a4e78dca13d16d958517b16e5bdd4e2)