summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2004-01-01Fix for bug 707, getent group for huge ads groups (>1500 members)Volker Lendecke1-21/+48
This introduces range retrieval of ADS attributes. I've rewritten most of Günther's patch, partly to remove code duplication and partly to get the retrieval of members in one rush, not interrupted by the lookups for the DN. Andrew, you told me that you would like to see a check whether the AD sequence number is the same before and after the retrieval to achieve atomicity. This would be trivial to add, but I'm not sure that we want this, as this adds two roundtrips to every membership query. We can not know before the first query whether we get additional range values, and at that point it's too late to ask for the USN. Tested with a group of 4000 members along with lots of small groups. Volker (This used to be commit a2aa6e41e552abfb6d1056ab3a7c75e8fd0a150c)
2003-12-11fixed bad formal parameter type in get_static(); patch Andy PolyakovGerald Carter1-1/+1
(This used to be commit 67d893701f09f29e8af56cd98f04131658b39713)
2003-12-09working on packaging; also fixed some path issues in configure.in & Makefile.inGerald Carter1-2/+2
(This used to be commit c16e51bfaf59b2d5b1b800ee272ac45b13b9a9fc)
2003-11-27use samr_dispinfo(level == 1) for enumerating domain users so we can include ↵Gerald Carter1-17/+34
the full name in gecos field; bug 587 (This used to be commit 5482ff71729b623c4561e42b82467bf2d5d64082)
2003-11-26Merge from 3.0:Andrew Bartlett2-3/+5
- NTLM2 fixes, don't force NTLM2 - Don't use NTLM2 for RPC, it doesn't work yet - Add comments to winbindd_pam.c - Merge 64 bit fixes and better debug messages in winbindd.c Andrew Bartlett (This used to be commit ba94e4a1ab6dc3335bbb29686ca6795d0ffad5b0)
2003-11-22(merge from 3.0)Andrew Bartlett2-5/+10
Changes all over the shop, but all towards: - NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... Andrew Bartlett (This used to be commit 57a895aaabacc0c9147344d097d333793b77c947)
2003-11-07fix for bug 680 (heads up). This gist is to map theGerald Carter1-25/+215
UNIX entity foo to DOMAIN\foo instead of SERVER\foo on members of a Samba domain when all UNIX accounts are shared via NIS, et. al. * allow winbindd to match local accounts to domain SID when 'winbind trusted domains only = yes' * remove code in idmap_ldap that searches the user suffix and group suffix. It's not needed and provides inconsistent functionality from the tdb backend. This has been tested. I'm still waiting on some more feedback but This needs to be in 3.0.1pre2 for widespread use. (This used to be commit cac4723e206bd001882011c9e12327064d032268)
2003-11-05Merge of setenv->putenv for winbind client.Tim Potter1-4/+10
(This used to be commit a26d425f93e43641195d0aaf0f9ce5ef0e69f5e1)
2003-11-03Fix for winbindd on HPUX from albert chin (china@thewrittenword.com)Jeremy Allison1-4/+2
Jeremy. (This used to be commit c2f38eb66578affb50cb15c73b297fb866be140b)
2003-10-31set- set-assword when invoking --set-auth-user and no pwGerald Carter1-2/+7
is given (patch from Tom Dickson) (This used to be commit aa2abd5800856120ddec6937955e961ff0c77c96)
2003-10-22Put strcasecmp/strncasecmp on the banned list (except for needed callsJeremy Allison2-5/+5
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit 5c050a735f86927c7ef2a98b6f3a56abe39e4674)
2003-10-21Merge tridge's AIX fixes.Jeremy Allison1-249/+231
Jeremy. (This used to be commit 96cefb4542debd8902d9bc0cd09bb01c7a41cc69)
2003-10-16Remove DEBUG statement from wb_common.c as it should not be there.Richard Sharpe1-2/+0
(This used to be commit 51f12170affd87cdff23118ed16f85dd97914f0c)
2003-10-13Put back the changes that Simo reverted and fix a speling mistak.Richard Sharpe1-1/+3
(This used to be commit 72b1f727754e2f9f54facba8615032c8118d928c)
2003-10-13So here it is a non-intrusive patch with my latest work on gums (theSimo Sorce1-2/+0
laternative to the current passdb). Currently it is run through a comatibility module in the passdb layer, with a subset of the functionality it may provide. It is still work in progress, but as someone asked me about it, and as it should make no difference to the normal code, I tought it was a good idea to put it into. It adds a dependency on perl. I know it is not very nice, but I'm sure we will work out a solution for that. As always blame me if I break something, but try to fix yourself, as I am busy-busy-busy :-) Simo. (This used to be commit 7b3c94b5cfc1a9ceb430613353a937345f2eda74)
2003-10-13Pull my previous changes into head as well.Richard Sharpe2-0/+9
(This used to be commit 96f1ce740a8ebca3861bb2006b11301236a6fdb2)
2003-10-13make sure to use the escaped DN; patch from Guenther Deschner; bug 592Gerald Carter1-1/+1
(This used to be commit fe6aa4a95181bb2ad4352710cfc7868918609274)
2003-10-03don't call ads_destroy() twice; fixes segfault in winbindd when DC goes ↵Gerald Carter1-4/+11
down; bug 437 (This used to be commit 9da4d1f7dbb289dd1db5e57a4fd78004bbfbd26b)
2003-09-24fixing a bug in the retry loop for winbindd_pam_auth[_crap]()Gerald Carter1-15/+25
(This used to be commit a1b6e28e9c1742dd5debe46b18fa474f11b31dd1)
2003-09-22fix some warnings found by the Sun C compilerGerald Carter1-1/+0
(This used to be commit 585764305aa84a7732f71f2e01227e1a6a08664f)
2003-09-17Obviously correct typo bugfix from Lin Li <linl@xandros.com>.Jeremy Allison1-1/+1
Jeremy. (This used to be commit f91da7d99bc2d9e57c411ceb0c2eb812654f3701)
2003-09-09sync 3.0 into HEAD for the last timeGerald Carter17-184/+556
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
2003-08-02port latest changes from SAMBA_3_0 treeSimo Sorce16-206/+313
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
2003-07-16ading new files from 3.0Gerald Carter1-0/+1209
(This used to be commit 99feae7b5b1c229a925367b87c0c0f636d9a2d75)
2003-07-16trying to get HEAD building again. If you want the codeGerald Carter18-999/+2320
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE (This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
2003-06-03* set winbind cache time to 5 minutesGerald Carter3-18/+95
* quit obsessing over the sequence number so much * share the updated sequence number between parent and child winbindd processes in dual mode (This used to be commit 6fb5bdb30e2b1341ba600ce0dfd397394f7a831c)
2003-05-28Whitespace syncup.Tim Potter1-1/+0
(This used to be commit 25caa7c6279aca249e3554b61bbc3175b66883d3)
2003-05-27This should be the correct fix for merge of bug #60 from 3.0.Tim Potter1-3/+0
(This used to be commit aaf06908b290af8184731833a3c9b0837b4fc499)
2003-05-27Merge the remaining bits of fix for bug #60.Tim Potter1-59/+48
(This used to be commit 7c3da9b4db94add8c3cf93d8f8d1ae0e907b5b99)
2003-05-19Updates for AIX winbind client from Stephen Roylance.Tim Potter1-62/+58
(This used to be commit c4dd5a420394882444af2f76b8628e27dadccf0c)
2003-05-14Fix winbindd coredump. Remember to set a ** pointer to null beforeJeremy Allison1-0/+2
searching and not finding otherwise we return a valid looking pointer that was whatever crap was on the stack. Jeremy. (This used to be commit b6e78900175d4362f3a4d0216aa635931a0c11e9)
2003-05-10Forgot one file.Jelmer Vernooij1-3/+0
(This used to be commit 71f6fb16ba9c75b96aea9b0b18f4b73b0d11a5ac)
2003-05-10Reverse previous patch from Stefan and me after comments by Andrew Bartlett.Jelmer Vernooij1-0/+1
(This used to be commit d31509fe88da8727521586dced1da2c73bfee2bc)
2003-05-10Patch from metze and me that adds dummy smb_register_*() functionsJelmer Vernooij1-0/+2
(This used to be commit 367a5cad1edf6a49783806d5a8b59a62d8856706)
2003-05-03fixes to *_util.c filesSimo Sorce2-1/+366
add winbindd_passdb backend this makes it possible to have nua accounts on security = user servers to show up in unic through nss_winbind.so the problem is that we do not have group support, so nss group support is not very good at this time (read: totally absent) we NEED group support in passdb (This used to be commit 921215cf4bfbd4d7457f81e181bb1a74a4531ca1)
2003-05-01proper wellknown sids initialization at startupSimo Sorce1-0/+3
(This used to be commit 568feee8977ee1be210344c8ab1896512894cba2)
2003-05-01*id_to_*id call reshape to return NTSTATUS errorsSimo Sorce3-48/+17
plus internal fixes 1st stage (This used to be commit 6d036761e565bc93964bb3c939d5b7d78d5778a3)
2003-04-27make winbind use idmap as well.Simo Sorce7-1079/+54
change idmap_init call removed ldap backend for winbind idmap, seem it had problems anyway and it have to be reworked to work with idmap without calling winbind code. simo (This used to be commit 9d7d007443fc75264b2764b90f272ffc40c9be6c)
2003-04-22update copyright notice that is written to the logsGerald Carter1-1/+1
(This used to be commit 5f1fe04a87a407297eb9d4ad0e5c6bb35b33c067)
2003-04-16Store the type of 'sec channel' that we establish to the DC. If we are aAndrew Bartlett4-16/+20
workstation, we have to use the workstation type, if we have a BDC account, we must use the BDC type - even if we are pretending to be a workstation at the moment. Also actually store and retreive the last change time, so we can do periodic password changes again (for RPC at least). And finally, a couple of minor fixes to 'net'. Andrew Bartlett (This used to be commit 6e6b7b79edae3efd0197651e9a8ce6775c001cf2)
2003-04-16Make this code actually compile (--with-ldapsam).Andrew Bartlett1-4/+7
This might not actually be the 'right way' to do this, but it's better to have it compile... Andrew Bartlett (This used to be commit c7dc0b27aca8f7e4653b25dae37ea38d68fc045a)
2003-04-14Removed unused variable.Tim Potter1-2/+0
(This used to be commit 117cc35dd0adc6fd5238a440e299d012bfd8e542)
2003-04-09Winbind client for AIX. Written by Steve Roylance.Tim Potter1-0/+411
(This used to be commit e37d025e6724196925c43c8ce558064ed5c072c5)
2003-04-07Create a pidfile, even when running in interactive mode.Tim Potter1-3/+2
(This used to be commit 1d7400e679df136f03daf79788ea998c5a787f89)
2003-04-07privilaged -> privilegedTim Potter5-10/+10
(This changes the location of the winbindd privileged pipe) (This used to be commit f111f10076c7797e5fd39edcc0aad7d860bb5ac5)
2003-04-07Remove duplicate "tallocdump" message from tdb messaging system. TheTim Potter1-22/+1
same functionality exists as "pool-usage". Move initialisation of this and dmalloc messages inside message_init(). (This used to be commit af6ecafcbbf65dbedc49b3a86da39ce608bdadac)
2003-04-06This commit make winbindd copy winbindd_idmap.tdb into idmap.tdb on theSimo Sorce1-5/+23
first run if idmap.tdb is not found, and then eventually convert it to the new format. This is done to unify winbind and idmap databases and to make a backup of winbindd_idmap.tdb in case you want to downgrade (of course it will not be updated). This is needed because idmap.tdb contains also local mappings, not only foreign domains mappings. Added some other fixes/improvements Simo. (This used to be commit cf17261519fd8775500f9b9d6caa2bc462e04633)
2003-04-04Removed unused variables.Tim Potter1-2/+0
(This used to be commit 32d1dd19bb0b6abc6508ce65d5129acea79225bf)
2003-04-03Fix a compile warning in slprintf format string.Tim Potter1-4/+4
Possible typo: winbind_idmap_methods -> winbindd_idmap_methods Fix wrong format char when generating a ldap filter string. (This used to be commit f9cb23e68753337676876b97b145e04ad423e184)
2003-04-03The ldap idmap backend from Anthony Liguori (aliguori@us.ibm.com):Jim McDonough2-1/+395
This patch moves the ldap routines out of passdb into a generic library and implements an LDAP backend for IDMAP. THe backend can be enabled with "idmap backend = ldap" in smb.conf. THere are also schema changes to make sure to update teh ldap schema files. (This used to be commit 87c7c582c60521da3a93d997386fe79935012aea)