summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2002-03-13Fix typo in copyrightAndrew Bartlett1-1/+1
(This used to be commit 54e69ed20adc74fdfe007a9642dcb3a55c02d856)
2002-03-12fixed 2 reconnection bugs in the ADS backend supportAndrew Tridgell1-7/+11
(This used to be commit 1aaa2091d54e7e50cf75927d658e57776792d6ae)
2002-03-12get the test for disconnection the right way around!Andrew Tridgell1-3/+3
(This used to be commit ed80311b41f9869084d1e510cd8fd4213c3a1c19)
2002-03-11Removed bogus calles to D() debugging function. Perhaps these shouldTim Potter1-16/+1
be replaced by DEBUG() calls? (This used to be commit 33dd07d1fc6946e53d3bdaad025adfc20abfab77)
2002-03-11always make winbindd try for the PDC first before trying for a BDCAndrew Tridgell1-5/+7
this prevents propogation delays in the SAM between the PDC and BDCs (This used to be commit 967cb3ed0c3190f3e95a227e4d998a7312b5990b)
2002-03-09removed bogus prepend_domain() call which was screwing up getpwuid()Andrew Tridgell1-10/+2
with the new default domain code (This used to be commit 0f75b6bd5b42f745f17e2e6624d5d541a30ee897)
2002-03-09prevent a segv when a trusted domain is unavailable at startupAndrew Tridgell1-3/+2
(This used to be commit d5b5d3f8400a80c943809db9578a2d7317aa6d2d)
2002-03-09better detection of dead ADS connections, so we have some chance ofAndrew Tridgell1-0/+6
reconnecting (This used to be commit 58b79c0dc882fa402423e44a594e30c27177f490)
2002-03-06nicer message for --sequence when the server is disconnectedAndrew Tridgell1-2/+7
(This used to be commit 233e8b7d447b7efb0227c6c7a6cd2f9e034719fa)
2002-03-02Allow Samba to trust NT4 Domains.Andrew Bartlett1-2/+4
This commit builds on the auth subsystem to give Samba support for trusting NT4 domains. It is off by default, but is enabled by adding 'trustdomain' to the 'auth methods' smb.conf paramater. Tested against NT4 only - there are still some issues with the join code for Win2k servers (spnego stuff). The main work TODO involves enumerating the trusted domains (including the RPC calls to match), and getting winbind to run on the PDC correctly. Similarly, work remains on getting NT4 to trust Samba domains. Andrew Bartlett (This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)
2002-03-01Move wbinfo over to d_printf(). Patch by Hasch@t-online.de (Juergen Hasch)Andrew Bartlett1-55/+55
Andrew Bartlett (This used to be commit 5710e588ce19ff8fa2493a8d0fdbb6b793fd7c09)
2002-02-28enable locking on the idmap database to make it safe to dump/restoreAndrew Tridgell1-1/+1
it externally while winbindd is running (This used to be commit cd3a7466dbf4491aba34197cd6f3cc4167c0c660)
2002-02-28Ensure that winbindd and smbd both use identical logic to find dc's.Jeremy Allison1-28/+27
Fix bug where zeroip addresses were being checked. Jeremy. (This used to be commit 8ed49fe0df201833329c17b2afe1e3aa70646558)
2002-02-27this allows us to support foreign SIDs in winbindd and smbdAndrew Tridgell5-117/+173
this means "xcopy /o" has a chance of working with ACLs that contain ACEs that use SIDs that the Samba server has no knowledge of. It's a bit hackish, Tim, can you look at my uid.c changes? (This used to be commit fe2db3148587937aa7b674c1c99036d42a3776b3)
2002-02-19make protoTim Potter1-1/+0
(This used to be commit 98d3ea19b0755cf59102c479ddbbfe62bd653d74)
2002-02-18fixed a memory leak thanks to dleducq@arkoon.netAndrew Tridgell1-0/+1
(This used to be commit e84c7400175c86c4c79922182115ea1f0948186c)
2002-02-15Winbind cleanup.Andrew Bartlett4-180/+220
This patch fixes the segfaults I introduced in the previous conneciton caching patch. It cleans up the connection cache a *lot* - in particular it adds significant robustness to the operation. If a the DC goes down, we no longer fail the next operation - the code checks if the connection died during one of its own operations on the socket, and restarts the conneciton as required. There is still a memory leak in here somewhere - but this code also cleans up a number of these. Also added is the abilty to sepecify the domain of the 'get around restrict anonymous' user that winbind uses. Andrew Bartlett (This used to be commit 92cbefdf2783bf9dbbb2179c1b2f7cdb802d84a9)
2002-02-11A few small winbind updates:Andrew Bartlett3-25/+60
Add a connection cache to the netlogon pipe. This makes a *massive* difference to the time-per-auth. Also fix up *some* of the memory leaks in other connection caches. Add some debugging messages for the is_connected() code. I'm thinking we should get a client implementation of SMBecho and call it here - as it would allow us to always know the DC is around before we start. Down the debug level for some of the pam_winbind code - I'll probably down it further when I'm finished debugging. Andrew Bartlett (This used to be commit 49d3e476662220775ef8da7db01ea17e77e11b0b)
2002-02-08Fix up some of the DEBUG lines in winbind_pam.cAndrew Bartlett1-8/+10
(This used to be commit dfc8883305abf7630e6446a0b865bae99ec2f5a4)
2002-02-060x is the traditional prefix for displaying hex numbers.Tim Potter1-2/+2
(This used to be commit f424b691ea76819e90f10919b0506bb2216ecd0e)
2002-02-05Drastic impromvents to pam_winbind.Andrew Bartlett5-279/+538
This adds code to do generic PAM -> NTSTATUS and NTSTATUS -> PAM error conversions, and uses them to make the error handling in pam_winbind sane. In particular, pam_winbind now uses PAM error codes, not silly '-1, -2 ...' stuff, and logs the NTSTATUS error that winbind now sends over the pipe. Added code to wbinfo to display these - makes a big difference in debugging winbindd. The main change here is the code to allow pam_winbind password changing to correctly stack - This code ripped from pam_unix, and the copyright attached. (Same as for all pam modules, including pam_winbind) Andrew Bartlett (This used to be commit dc1a72f896b83bc1ad3c7bf6c12c36ace3967280)
2002-01-31Fix from Michael Steffens <michael_steffens@hp.com> to make signalJeremy Allison1-1/+4
processing work correctly in winbindd. This is a really good patch that gives full select semantics to the Samba modified select. Jeremy. (This used to be commit 3af16ade173cac24c1ac5eff4a36b439f16ac036)
2002-01-31reduced memory usage in winbindd with a rpc backend by using aAndrew Tridgell1-6/+11
separate talloc context for each partial fetch (This used to be commit 9c8a2fe4df21c29c90dc8493dade2b12314234c3)
2002-01-31Removed unused variables.Tim Potter1-2/+0
(This used to be commit 703d06fee03b6b6a37b9f64cdc313a0d59c41597)
2002-01-31added 'wbinfo --sequence' to show sequence numbers of all domainsAndrew Tridgell5-0/+67
(This used to be commit bcd234a3dad2cd3d1c57780f4a7a3833ea611764)
2002-01-30Removed version number from file header.Tim Potter24-44/+24
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-30Fix for password change from Samuel Ziegler <sam@xpedion.com>Tim Potter1-11/+11
(This used to be commit 418bdd5919265bc74844401901d91edc84076314)
2002-01-30Removed silly fprintf(stderr, ...) debug.Tim Potter1-2/+1
Part of Samuel Ziegler's patch to get winbind password changing working again in HEAD. (This used to be commit b5540bee7be957d1def62ee85a84488e0250624b)
2002-01-27Some more 'winbind default domain' support patches from Alexander BokovoyAndrew Bartlett1-81/+1
<a.bokovoy@sam-solutions.net>. This patch is designed to remove the 'special cases' required for this support. In particular this now kills off winbind_initgroups, as it appears no longer to be required. Andrew Bartlett (This used to be commit f1d8d509766e9169d39332559162cfec249bfc70)
2002-01-26Back out some of the less well thought out ideas from last weeks work onAndrew Bartlett1-5/+16
winbind default domains, particulary now I understand whats going on a lot better. This ensures that the RPC client code does as little 'magic' as possible - this is up to the application/user. (Where - for to name->sid code - it was all along). This leaves the change that allows the sid->name code to return domains and usernames in seperate paramaters. Andrew Bartlett (This used to be commit 5dfba2cf536f761b0aee314ed9e30dc53900b691)
2002-01-26Change the winbind interface to use seperate 'domain' and 'username' feilds forAndrew Bartlett9-149/+56
the sid->uid and uid->sid conversions. Remove some duplicate arguments from these funcitons, and update the request/response structures for this and the 'winbind domain name' feature. As such 'winbindd_lookup_name' now takes both a domain and username. (This used to be commit ce1b4d4c309e4a60bec5a53224585bd504264672)
2002-01-26Allow a winbind client to obtain the server's domain name.Andrew Bartlett1-1/+13
(This used to be commit 85018fecfad1f7f6ef44b511bac937881a7bf937)
2002-01-25Removed dodgy init of local variable.Tim Potter1-1/+1
(This used to be commit 1f7172b48e77dcda8bfd20d8e79a90b523727493)
2002-01-25Much more useful handling of backup domain controllers in winbindd. HonourTim Potter1-25/+51
the "password server" smb.conf parameter when choosing a DC to connect to. Due to the origin of the code in cm_get_dc_name() it wouldn't try additional DCs if the first DC didn't work. This would wedge winbindd if you had "password server = foo1, foo2" and foo1 was down. (This used to be commit fc7ed1b4a8774a6a07a8d8fd08d9d2f15cd5c1dc)
2002-01-22Call pidfile_create() as part of init sequence.Tim Potter1-0/+3
(This used to be commit fa05a7de6d2311293242825dc98596d8e42c6249)
2002-01-20This patch makes the 'winbind use default domain' code interact better withAndrew Bartlett8-116/+70
smbd, and also makes it much cleaner inside winbindd. It is mostly my code, with a few changes and testing performed by Alexander Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and security=ads, but more testing is always appricatiated. The idea is that we no longer cart around a 'domain\user' string, we keep them seperate until the last moment - when we push that string into a pwent on onto the socket. This removes the need to be constantly parsing that string - the domain prefix is almost always already provided, (only a couple of functions actually changed arguments in all this). Some consequential changes to the RPC client code, to stop it concatonating the two strings (it now passes them both back as params). I havn't changed the cache code, however the usernames will no longer have a double domain prefix in the key string. The actual structures are unchanged - but the meaning of 'username' in the 'rid' will have changed. (The cache is invalidated at startup, so on-disk formats are not an issue here). Andrew Bartlett (This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
2002-01-19Fix to close winbindd_idmap on exit. Pointed out by Alexander Bokovoy.Jeremy Allison3-0/+10
Jeremy. (This used to be commit 1bd96b3094b530c3426b22b6f891c7fc055e7033)
2002-01-19fixes (asprintf) from 2.2Simo Sorce1-4/+6
(This used to be commit 6b123adda901ff05b0271eeda060297448f64eec)
2002-01-18This is the 'winbind default domain' patch from Alexander BokovoyAndrew Bartlett7-46/+138
<a.bokovoy@sam-solutions.net>. The idea is the domain\username is rather harsh for unix systems - people don't expect to have to FTP, SSH and (in particular) e-mail with a username like that. This 'corrects' that - but is not without its own problems. As you can see from the changes to files like username.c and wb_client.c (smbd's winbind client code) a lot of assumptions are made in a lot of places about lp_winbind_seperator determining a users's status as a domain or local user. The main change I will shortly be making is to investigate and kill off winbind_initgroups() - as far as I know it was a workaround for an old bug in winbind itself (and a bug in RH 5.2) and should no longer be relevent. I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters to determine a user/groups's 'local' status, rather than the presence of the seperator. As such, this functionality is recommended for servers providing unix services, but is currently less than optimal for windows clients. (TODO: remove all references to lp_winbind_seperator() and lp_winbind_use_default_domain() from smbd) Andrew Bartlett (This used to be commit 07a21fcd2311d2d9b430b99303e3532a8c1159e4)
2002-01-15Fix from 2.2. It didn't break on HEAD because it isn't being compiled. Herb?Jim McDonough1-10/+10
(This used to be commit 4fcaec53de18220ff6662f62a1430f67757cdcc5)
2002-01-15adding wins commands to winbindd - will check in the rest of the changesHerb Lewis1-0/+211
after further testing in 2.2 branch. (This used to be commit d5cdbc7e4ff48273bd7616694eef98c61e6f1f33)
2002-01-14Initialise cli variables and try not to do a cli_shutdown() of uninitialsedAndrew Bartlett1-4/+10
memory. The winbind connection caching code isn't exactly a plesent beast, and there is more work that needs to be done to nail this properly. Andrew Bartlett (This used to be commit dd40ce54b7f170854d63e08ac737f1b4306bd95b)
2002-01-13I'm doing some things towards the NamedPipes game with lckl and he has asked meAndrew Bartlett1-86/+2
to move this from being a static to matching its mate in lib/util_sock.c. In any case, this should discorage anybody from using the 'wrong' version of this function. (ie the one from TNG, which needs a bit more error checking depending on use). Andrew Bartlett (This used to be commit e6a3a01f795a85d908180ff19469ce09a2803512)
2002-01-12Many thanks to Alexander Bokovoy <a.bokovoy@sam-solutions.net>.Andrew Bartlett3-0/+12
This work was sponsored by Optifacio Software Services, Inc. Andrew Bartlett (various e-mails announcements merged into some form of commit message below:) This patch which adds basics of universal groups support into Samba 3. Currently, only Winbind with RPC calls supports this, ADS support requires additional (possibly huge) work on KRB5 PAC. However, basic infrastructure is here. This patch adds: 1. Storing of universal groups for particular user logged into Samba software (smbd/ two winbind-pam methods) into netlogon_unigrp.tdb as array of uint32 supplemental group rids keyed as DOMAIN_SID/USER_RID in tdb. 2. Fetching of unversal groups for given user rid and domain sid from netlogon_unigrp.tdb. Since this is used in both smbd and winbindd, main code is in source/lib/netlogon_uingrp.c. Dependencies are added to AUTH_OBJ as UNIGRP_OBJ and WINBINDD_OBJ as UNIGRP_OBJ. This patch has had a few versions, the final version in particular: Many thanks to Andrew Bartlett for critics and comments, and partly rewritten code. New: - updated fetching code to changed byte order macros - moved functions to proper namespace - optimized memory usage by reusing caller's memory context - enhanced code to more follow Samba coding rules Todo: - proper universal group expiration after timeout (This used to be commit 80c2aefbe7c1aa363dd286a47d50c5d8b4595f43)
2002-01-11force the time difference in cache comparisons to be unsigned to copeAndrew Tridgell1-1/+4
with the local machine time changing (This used to be commit 116c0a0e3baa6a100a816f1ff2722782941ac3dc)
2002-01-11make the winbind sequence number code more robustAndrew Tridgell1-1/+1
when switching from rpc to ADS this now should make sense (This used to be commit ec73d26c7f9a2bbd4b91e9c22850e032b91666e2)
2002-01-11Always query the PDC for the list of trusted domains rather than interatingTim Potter7-114/+179
the list received at startup or we get an out of date list. I thought there might be some sequence number that is incremented when a trusted domain is added or removed - perhaps there is but I just haven't found it yet. - Renamed get_domain_info() to init_domain_list() - Made an accessor function to return the list of trusted domains rather than using a global so we don't have to remember to put a magic init function - The getent state can not keep a pointer to a winbind_domain structure as it may be freed if init_domain_list() is called again so we keep the domain name instead (This used to be commit 37216c649a394b449eaaaa6644709eafb3bf37ff)
2002-01-11Some memory leak fixes.Tim Potter1-17/+23
(This used to be commit da4db0373b65d975d5129715d6b1fa725b188766)
2002-01-10Since AB has been changing the winbind interface it's time to add the "mockTim Potter3-21/+21
swedish" test to client calls. This is putting a length field at the start of a request so we can disconnect clients talking with an out of date libnss_winbind.so rather than deadlock them. Misc cleanups: - made some int values uint32 - moved WINBIND_INTERFACE_VERSION to start of cmd list (This used to be commit a4af65b9b93671f13f277d49279a85042a8fd1d5)
2002-01-10merge tpots name changes into IRIX part of code. When you change the nameHerb Lewis1-8/+8
of a define you need to grep for the old name and change ALL places. (This used to be commit 09e3276fb7207dff73f181072851bd542fb64263)