summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r12313: Introduce yet another copy of the string_sub function:Volker Lendecke1-6/+12
talloc_string_sub. Someone with time on his hands could convert all the callers of all_string_sub to this. realloc_string_sub is *only* called from within substitute.c, it could be moved there I think. Volker (This used to be commit be6c9012da174d5d5116e5172a53bbe6486d6c38)
2007-10-10r12273: Fix copy paste error.Günther Deschner1-2/+2
Guenther (This used to be commit 266f5fc9af6a07bc1f1432e716e6c528e9048533)
2007-10-10r12193: Fix some typos.Günther Deschner3-3/+3
Guenther (This used to be commit 499224f02a8722eea0d4644ca81ca55da0e9a86b)
2007-10-10r12170: Fix a segfault -- this is post-3.0.21 codeVolker Lendecke1-1/+2
(This used to be commit 8b30cf8e09944cd97e4ab959f730bf81591c2541)
2007-10-10r12163: Change lookup_sid and lookup_name to return const char * instead of ↵Volker Lendecke1-1/+1
char *, use a temporary talloc_ctx for clarity. Volker (This used to be commit b15815c804bf3e558ed6357b5e9a6e3e0fac777f)
2007-10-10r12133: Fix an uninitialized variable in new code in rpc_server/srv_samr_nt.c.Volker Lendecke1-1/+15
Fix winbind_lookup_name for the local domain, ie for aliases on a member server. Volker (This used to be commit 4ba50c823e8d61f87ab5627f15e826e73e45ffcc)
2007-10-10r12051: Merge across the lookup_name and lookup_sid work. Lets see how the ↵Volker Lendecke1-14/+27
build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2007-10-10r12045: More warning fixes... Just a few more to go.Jeremy Allison1-1/+1
Jeremy. (This used to be commit cd192ed79a531c6775cdbfb35f0eb2e0fa230ce9)
2007-10-10r11960: add 'wbinfo --separator' to get the currently active winbind_separator.Günther Deschner1-2/+19
Needed for KDM/GDM login masks. Guenther (This used to be commit abf761c8bf5e8cd3b0aba66abd5fd896035ea1ac)
2007-10-10r11867: attempt at fixing the compile issue with nss_winbind.so on HP-UX ↵Gerald Carter1-1/+3
caused by Solaris specific return codes (This used to be commit b823bcbc919d7e4b482c63cbe5b7f99e0bddd5f6)
2007-10-10r11851: Display correct error string.Günther Deschner1-1/+1
Guenther (This used to be commit 4d681f560e59dd483f580c5fe5299af6242ae7c2)
2007-10-10r11707: alt_names[i] might be NULL for i>0 also...Volker Lendecke1-1/+2
Volker (This used to be commit c8b67c2448b09b3386a5b35ed279c134d7a3ba32)
2007-10-10r11704: methods->alternate_name is not used anymore -- remove itVolker Lendecke6-87/+0
(This used to be commit 4a4f85f0ef8545b7062e9a49392d4488aa108036)
2007-10-10r11667: Fix a debug messageVolker Lendecke1-2/+3
(This used to be commit d1f506fa1353cd1b9ddba923dc17a884f7560be6)
2007-10-10r11661: Store the INFO3 in the PAC data into the netsamlogon_cache.Gerald Carter1-2/+2
Also remove the mem_ctx from the netsamlogon_cache_store() API. Guenther, what should we be doing with the other fields in the PAC_LOGON_INFO? (This used to be commit 8bead2d2825015fe41ba7d7401a12c06c29ea7f7)
2007-10-10r11652: Reinstate the netsamlogon_cache in order to workGerald Carter4-0/+100
around failed query_user calls. This fixes logons to a member of a Samba domain as a user from a trusted AD domain. As per comments on samba-technical, I still need to add (a) cache the PAC info as werll as NTLM net_user_info_3 (b) expire the cache when the SMB session goes away Both Jeremy and Guenther have signed off on the idea. (This used to be commit 0c2bb5ba7b92d9210e7fa9f7b70aa67dfe9faaf4)
2007-10-10r11651: After talking to Jeremy, commit my winbindd "Do the Right Thing" patch.Gerald Carter2-27/+64
Still needs some more testing ni domains with multiple DCs. Coming next.... (This used to be commit aaed605206a8549cec575dab31e56bf6d32f26a6)
2007-10-10r11580: fix an uninitialized variable that was causing winbindd to die in ↵Gerald Carter1-1/+1
winbindd_dual_getsidaliases() (This used to be commit c0c181826ea535adcbffb8790ad31356f7e9fc04)
2007-10-10r11573: Adding Andrew Bartlett's patch to make machine accountJeremy Allison3-18/+23
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes the auth module interface to 2 (from 1). The effect of this is that clients can access resources as a machine account if they set these flags. This is the same as Windows (think of a VPN where the vpn client authenticates itself to a VPN server using machine account credentials - the vpn server checks that the machine password was valid by performing a machine account check with the PDC in the same was as it would a user account check. I may add in a restriction (parameter) to allow this behaviour to be turned off (as it was previously). That may be on by default. Andrew Bartlett please review this change carefully. Jeremy. (This used to be commit d1caef866326346fb191f8129d13d98379f18cd8)
2007-10-10r11511: A classic "friday night check-in" :-). This moves muchJeremy Allison1-0/+2
of the Samba4 timezone handling code back into Samba3. Gets rid of "kludge-gmt" and removes the effectiveness of the parameter "time offset" (I can add this back in very easily if needed) - it's no longer being looked at. I'm hoping this will fix the problems people have been having with DST transitions. I'll start comprehensive testing tomorrow, but for now all modifications are done. Splits time get/set functions into srv_XXX and cli_XXX as they need to look at different timezone offsets. Get rid of much of the "efficiency" cruft that was added to Samba back in the day when the C library timezone handling functions were slow. Jeremy. (This used to be commit 414303bc0272f207046b471a0364fa296b67c1f8)
2007-10-10r11492: Fix bug #3224 (I hope). Correctly use machine_account_nameJeremy Allison1-2/+3
and client_name when doing netlogon credential setup. Jeremy. (This used to be commit 37e6ef9389041f58eada167239fd022f01c5fecb)
2007-10-10r11381: Correctly connect to 445 and 139 after a successful getdcname.Volker Lendecke1-3/+10
Volker (This used to be commit 440e7b3342e6b7b12208b789853962de72a9cac2)
2007-10-10r11368: Remove a memleak that just cost me half an hour: If we terminate ↵Volker Lendecke1-1/+1
inside a message handler, the list of messages from retrieve_all_messages is not properly freed. Not important, just confusing :-) Volker (This used to be commit d20388750dcfe7e0680246f7e3e6beb3a6d51a4a)
2007-10-10r11338: Move knowledge of \\ needed into rpc_client/cli_netlogonJeremy Allison1-7/+1
(this is the way it's been done in other functions). Instead of moving this into the IDL, I think the best solution would be to write a wrapper function around any call that needs this (this is what we already do for many of the calls). Jeremy. (This used to be commit aeca4efa11728be53b81967bb5442b5b09d1a975)
2007-10-10r11328: Actually verify that the bind on a pipe succeeded with a samr_connect orVolker Lendecke1-167/+196
lsa_openpolicy and fall back appropriately. In particular an ntlmssp bind failure can not be detected before the first real rpc request, at least according to abartlet :-) Works for me against w2k3, w2k and nt4. Sooner or later I should test against samba4 ... :-) Volker (This used to be commit 48a9e35208ae7b6271508085f59833e5def640e8)
2007-10-10r11324: Re-formatting before I can get a very *narrow* focus on the bugs in ↵Volker Lendecke1-59/+61
here. ;-) We can only tell if the bind succeeded on the first real RPC call. So we have to decide according to success of samrconnect whether we have to fall back. Similarly for lsaopenpolicy. Volker (This used to be commit 0603e1c8456ee87b87b051e0303a35fdbfbcf7ca)
2007-10-10r11323: Fix usage of rpccli_netlogon_getdcname. Add some debug messages.Volker Lendecke1-3/+18
Volker (This used to be commit 770ad2a8a72ae7bfcdc1b86b72142e11f662d975)
2007-10-10r11319: read_buf_len and write_buf_len are no longer used, remove them.Volker Lendecke2-6/+3
Volker (This used to be commit 6948f748f689708c396e52097553ff222b1af744)
2007-10-10r11280: BUG 3201: make sure request structure is cleared prior to sending ↵Gerald Carter1-0/+3
the request to winbindd (prevents the WB_RECURSE flags from accidentially getting set (This used to be commit 8c63d6d8a7f50d9a101117338242a9c8b243b43f)
2007-10-10r11253: Fix an annoying timeout when no nmbd is aroundVolker Lendecke1-8/+8
(This used to be commit 10fb32ec52b32b72a46a783b73c6dd1f24625d9b)
2007-10-10r11251: Fix a commentVolker Lendecke1-7/+5
(This used to be commit 1ce6d12898c6f24c83e54561862735586b5a41b4)
2007-10-10r11242: use LDAP bitwise machting rule when searching for groups in ADS.Günther Deschner1-17/+36
This avoids that each time a full-group-dump is requested from ADS; the bitwise match allows to only query those groups we are interested in. The ADS LDAP server changed to RFC compliant behaviour when decoding the ldap filter with extensible match in the latest SPs (fixes). From the patch: /* Workaround ADS LDAP bug present in MS W2K3 SP0 and W2K SP4 w/o * rollup-fixes: * * According to Section 5.1(4) of RFC 2251 if a value of a type is it's * default value, it MUST be absent. In case of extensible matching the * "dnattr" boolean defaults to FALSE and so it must be only be present * when set to TRUE. * * When it is set to FALSE and the OpenLDAP lib (correctly) encodes a * filter using bitwise matching rule then a buggy AD fails to decode * the extensible match. As a workaround set it to TRUE and thereby add * the dnAttributes "dn" field to cope with those older AD versions. * It should not harm and won't put any additional load on the AD since * none of the dn components have a bitmask-attribute. * * Thanks to Ralf Haferkamp for input and testing */ Guenther (This used to be commit db38ed6be607d08515920d46fb8a12f8cb4ddd6e)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison7-64/+71
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r10688: Fix from Volker for bugid #3068 - winbindd crash withJeremy Allison1-1/+2
alt_names. Jeremy. (This used to be commit 35dda6920c9e318726473b6bc9d8495cf8f7b7cc)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter13-522/+658
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r10556: BUG 3083: patch from Alex Deiter <tiamat@komi.mts.ru> to fix ↵Gerald Carter1-1/+4
checking trusted account for winbindd running on a Samba PDC (This used to be commit 24b43af642c9d41c14b9ad64704e13cc9150378d)
2007-10-10r10474: We better ignore builtin SIDs from the Active Directory DC to preventGünther Deschner1-1/+8
that AD's builtin groups mixup with our own builtin groups. Guenther (This used to be commit 9930013161f1ae59e7aed1b397b79792d384f1ba)
2007-10-10r10321: Fix winbindd recursion bug found by Ingo Steuwer ↵Jeremy Allison4-7/+14
<steuwer@univention.de>. Jeremy. (This used to be commit 6795c818a3d63737d5b40faffa3a0b91c71b427b)
2007-10-10r10270: lowercase groupnames and groupmembers again.Günther Deschner1-0/+1
Guenther (This used to be commit 736dffb2a9907a6ca3fee51eb4a9f1da837303a0)
2007-10-10r10268: Fix for bug #3095 - winbindd checking credentials.Jeremy Allison1-12/+18
Jeremy. (This used to be commit e58d8ee0555a5de0a25757b26cc22e02b9aace31)
2007-10-10r10267: Exit if winbind can't find or generate a SID -- there's no point inVolker Lendecke1-1/+1
continuing. Found during investigation of bug 3105. Volker (This used to be commit 72546f185696235c9d5cb6196448178d9e15e858)
2007-10-10r10263: Fix debug which got more instead of less confusing.Günther Deschner1-1/+1
Guenther (This used to be commit ac3786a7a7dfc77d3b305ae67c97ab4f7f63961e)
2007-10-10r10262: * Fix for getgrnam not returning builtin group (which is done by getentGünther Deschner2-4/+6
group) * Give a better debug message when returning builtin groups. Guenther (This used to be commit ec79971dc7606c1dfea3acf87cd19fa4153ae417)
2007-10-10r10261: Don't bother to peek rids in builtin-sids.Günther Deschner1-0/+3
Guenther (This used to be commit d75bfce8cc9122ddcad149704e467c784f0a0872)
2007-10-10r10152: 64-bit fix for bug #3082. Thanks to Robin Hill for tracking this ↵Volker Lendecke1-1/+3
down with valgrind. Jerry, if this patch proves to fix his problem, it is definitely a candidate for the recommended patches page. Volker (This used to be commit 5232034b0daca8486fd55e53c2d910e4fbf0299d)
2007-10-10r9780: Clean up a bunch of compiler warnings.James Peach2-9/+1
(This used to be commit 623d2e69319ffead31a780a4d6156dae45f386d7)
2007-10-10r9758: make sure to lower case usernames in winbindd's getpwnam()Gerald Carter1-1/+4
(This used to be commit 9fc539088eda7f9b5d212b7df50594bec51e16f5)
2007-10-10r9709: Fix two bugs found by Brian Moran: Any request sent to winbind while ↵Volker Lendecke2-7/+7
the child in question is still initializing overwrites domain->dcname. Only overwrite if the parent actually has sent a dcname and thus really knows it. Second, ntlm_auth needs the error code, not just the fact it failed. Jerry, the 3_0 part might qualify as a "recommended patch". Thanks, Volker (This used to be commit d79b179b7f9d2efa4f8ee47bfe386e90d8b58322)
2007-10-10r9588: remove netsamlogon_cache interface...everything seems to work fine. ↵Gerald Carter4-98/+0
Will deal with any fallout from special environments using a non-cache solution (This used to be commit e1de6f238f3981d81e49fb41919fdce4f07c8280)
2007-10-10r9366: patch from Toomas.Soome@mls.ee to include hosts lookups via the ↵Gerald Carter1-0/+290
winbind pipe on solaris (This used to be commit e822a7539065c12d23b491e85f2cce7e98195f77)