summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2003-05-15Fix for winbindd segfault (finally I think this is the correct one :-)Jeremy Allison1-1/+1
from "Roylance, Stephen D." <SROYLANCE@PARTNERS.ORG>. Jeremy. (This used to be commit 459fb6519bc9bc9bbb151291ff795ecc0c014d63)
2003-05-14Ok, try and fix this correctly... Simplify the nasty loop logic.Jeremy Allison1-7/+7
Jeremy. (This used to be commit c19599a5624ac7ea63b529bf7d36cdcd7c8ef89f)
2003-05-14Fix winbindd coredump. Remember to set a ** pointer to null beforeJeremy Allison1-0/+2
searching and not finding otherwise we return a valid looking pointer that was whatever crap was on the stack. Jeremy. (This used to be commit 5d3ac0e39b2b3c60de7c1fe562e4da1f508a2884)
2003-05-12And finally IDMAP in 3_0Simo Sorce6-58/+35
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-05-10Reverse previous patch from Stefan and me after comments by Andrew BartlettJelmer Vernooij1-2/+0
(This used to be commit d817eaf0ecca2d878ab1ffcf7a747a02d71c811e)
2003-05-10Patch from metze and me that adds dummy smb_register_*() functions soJelmer Vernooij1-0/+2
that is now possible to, for example, load a module which contains an auth method into a binary without the auth/ subsystem built in. (This used to be commit 74d9ecfe2dd7364643d32acb62ade957bd71cd0d)
2003-05-08This puts real netlogon connection caching to winbind. This becomesVolker Lendecke3-81/+135
important once we start doing schannel, as there would be a lot more roundtrips for the second PIPE open and bind. With this patch logging in to a member server is a matter of two (three if you count the ack...) packets between us and the DC. Volker (This used to be commit 5b3cb7725a974629d0bd8b707bc2940c36b8745e)
2003-05-06There appears to be no reason why we have to execute theTim Potter2-60/+45
initialisation code in winbindd_init_common() after the fork when running in dual daemon mode. The only tricky bit is we have to run a tdb_reopen_all() somewhere in the child to avoid tdb corruption. Fixed bug #60. (This used to be commit 25e55aca0fe315c2ccf4e34a94107b2321313714)
2003-05-03This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User1-0/+360
used to be commit f1e59906577a59269f1821d9e438fc56278b9dbe)
2003-05-03fixes to *_util.c filesSimo Sorce2-1/+366
add winbindd_passdb backend this makes it possible to have nua accounts on security = user servers to show up in unic through nss_winbind.so the problem is that we do not have group support, so nss group support is not very good at this time (read: totally absent) we NEED group support in passdb (This used to be commit 921215cf4bfbd4d7457f81e181bb1a74a4531ca1)
2003-05-01proper wellknown sids initialization at startupSimo Sorce1-0/+3
(This used to be commit 568feee8977ee1be210344c8ab1896512894cba2)
2003-05-01*id_to_*id call reshape to return NTSTATUS errorsSimo Sorce3-48/+17
plus internal fixes 1st stage (This used to be commit 6d036761e565bc93964bb3c939d5b7d78d5778a3)
2003-04-29remove convert_smbpasswd and addtosmbpass from tree; people can get them ↵Gerald Carter3-2/+26
from 2.2. if they still need them (This used to be commit 237857a760974bb02000e5d3a776240ec73ca6b6)
2003-04-27make winbind use idmap as well.Simo Sorce7-1079/+54
change idmap_init call removed ldap backend for winbind idmap, seem it had problems anyway and it have to be reworked to work with idmap without calling winbind code. simo (This used to be commit 9d7d007443fc75264b2764b90f272ffc40c9be6c)
2003-04-23Merge HEAD's winbind into 3.0.Andrew Bartlett10-760/+642
This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code, the winbind_idmap abstraction (not idmap proper, but the stuff that held up the winbind LDAP backend in HEAD). Andrew Bartlett (This used to be commit d4d5e6c2ee6383c6cceb5d449aa2ba6c83eb0666)
2003-04-22update copyright notice that is written to the logsGerald Carter1-1/+1
(This used to be commit 5f1fe04a87a407297eb9d4ad0e5c6bb35b33c067)
2003-04-22update copyright notice that is written to the logsGerald Carter1-1/+1
(This used to be commit 6735a9889f6629f4f77006c59c011570031e044f)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett4-16/+20
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-04-16Store the type of 'sec channel' that we establish to the DC. If we are aAndrew Bartlett4-16/+20
workstation, we have to use the workstation type, if we have a BDC account, we must use the BDC type - even if we are pretending to be a workstation at the moment. Also actually store and retreive the last change time, so we can do periodic password changes again (for RPC at least). And finally, a couple of minor fixes to 'net'. Andrew Bartlett (This used to be commit 6e6b7b79edae3efd0197651e9a8ce6775c001cf2)
2003-04-16Make this code actually compile (--with-ldapsam).Andrew Bartlett1-4/+7
This might not actually be the 'right way' to do this, but it's better to have it compile... Andrew Bartlett (This used to be commit c7dc0b27aca8f7e4653b25dae37ea38d68fc045a)
2003-04-14Removed unused variable.Tim Potter1-2/+0
(This used to be commit 117cc35dd0adc6fd5238a440e299d012bfd8e542)
2003-04-14Merge:Tim Potter1-91/+27
- Jelmer's latest popt changes - debugging tdb messages now initialised and handled in lib/messages.c (This used to be commit b11f35fddec8c3d3899a8bc78d093137f73b2dfb)
2003-04-14Syncup new HEAD version.Tim Potter1-128/+169
(This used to be commit 396bcf0cf6dfc7a36be0c4e774386b266439c3af)
2003-04-14Syncup popt changes with HEAD.Tim Potter1-2/+2
(This used to be commit 39c987c3c522b66146e99fcc528cd60e05ad14f7)
2003-04-09Winbind client for AIX. Written by Steve Roylance.Tim Potter1-0/+411
(This used to be commit e37d025e6724196925c43c8ce558064ed5c072c5)
2003-04-07This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User1-0/+459
used to be commit 43f21c87e12fe88dab6ccba13c2e54161cf87093)
2003-04-07Winbind merges from HEAD:Andrew Bartlett6-17/+32
- fix winbindd_pam bugs - give a better error message for unauthorized access to auth_crap - show this message in wbinfo - fix spelling: privilaged -> privileged ** This changes the location of the winbindd privileged pipe ** (thanks to tpot) Andrew Bartlett (This used to be commit 92c2a33483cc9ddd1dd627224192a3023f8caff8)
2003-04-07Create a pidfile, even when running in interactive mode.Tim Potter1-3/+2
(This used to be commit 1d7400e679df136f03daf79788ea998c5a787f89)
2003-04-07privilaged -> privilegedTim Potter5-10/+10
(This changes the location of the winbindd privileged pipe) (This used to be commit f111f10076c7797e5fd39edcc0aad7d860bb5ac5)
2003-04-07Remove duplicate "tallocdump" message from tdb messaging system. TheTim Potter1-22/+1
same functionality exists as "pool-usage". Move initialisation of this and dmalloc messages inside message_init(). (This used to be commit af6ecafcbbf65dbedc49b3a86da39ce608bdadac)
2003-04-06This commit make winbindd copy winbindd_idmap.tdb into idmap.tdb on theSimo Sorce1-5/+23
first run if idmap.tdb is not found, and then eventually convert it to the new format. This is done to unify winbind and idmap databases and to make a backup of winbindd_idmap.tdb in case you want to downgrade (of course it will not be updated). This is needed because idmap.tdb contains also local mappings, not only foreign domains mappings. Added some other fixes/improvements Simo. (This used to be commit cf17261519fd8775500f9b9d6caa2bc462e04633)
2003-04-04Removed unused variables.Tim Potter1-2/+0
(This used to be commit 32d1dd19bb0b6abc6508ce65d5129acea79225bf)
2003-04-03Fix a compile warning in slprintf format string.Tim Potter1-4/+4
Possible typo: winbind_idmap_methods -> winbindd_idmap_methods Fix wrong format char when generating a ldap filter string. (This used to be commit f9cb23e68753337676876b97b145e04ad423e184)
2003-04-03The ldap idmap backend from Anthony Liguori (aliguori@us.ibm.com):Jim McDonough2-1/+395
This patch moves the ldap routines out of passdb into a generic library and implements an LDAP backend for IDMAP. THe backend can be enabled with "idmap backend = ldap" in smb.conf. THere are also schema changes to make sure to update teh ldap schema files. (This used to be commit 87c7c582c60521da3a93d997386fe79935012aea)
2003-04-03Fixup swat warning.Jeremy Allison1-0/+6
Fix winbindd dual mode in the same was as in APP_HEAD. "Ken Cross" <kcross@nssolutions.com> noticed the problem. Jeremy. (This used to be commit 8bbcb833317245d7f5b8695e4a5c676f67003937)
2003-04-03Fixup swat warning.Jeremy Allison1-0/+6
Fix winbindd dual mode in the same was as in APP_HEAD. "Ken Cross" <kcross@nssolutions.com> noticed the problem. Jeremy. (This used to be commit 214b217b276f43edfddd1664afaae0fa6b2c319f)
2003-04-02Print out the 'freindly' error message from winbind. Also print usefulAndrew Bartlett2-7/+22
information into it re the privilaged pipe. Also clean up some bugs in winbindd_pam.c Andrew Bartlett (This used to be commit e73b01204a8625946ff0fb5f9fc99dd959eb801c)
2003-04-02THE Idmap patch :-)Simo Sorce4-33/+32
includes a --with-idmap=no switch to disable idmap usage if you find problems. cosmetic fixes and param aliases to separate winbind from idamp roles. A temporarily remote idmap winbind compatibility backend. As I have time I will further change code to not call directly winbind (partly done but not tested) and a specilized module will be built in place for the current glue hack. The patch has been tested locally in my limited time, the patch is simple and clear and should not reserve problems, if any just disable it. As usual, comments and fisex are welcome :-) Simo. (This used to be commit 02781320476ed1b7ee5d943fa36f9a66ab67f208)
2003-04-02Merge of winbind nss library cleanup from HEAD.Tim Potter8-1628/+372
(This used to be commit a4b5f2c01bae049edc4f385cb0441bbde4fb443b)
2003-04-02Whitespace syncup.Tim Potter1-4/+4
(This used to be commit 2125b0b8ce2bfbb85f325ccbb2a455728ee3f135)
2003-03-31This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User8-0/+1733
used to be commit fd163bd94497534f9c80c205d44b30b72b81cbcd)
2003-03-31Placeholder for winbind aix client.Tim Potter1-0/+0
(This used to be commit 872b2ba35bbe9f4312530368615e99808b3a7756)
2003-03-31Cleanup of winbind client side code.Tim Potter10-601/+708
Mostly this consists of untangling the existing code and moving it in to operating system specific files. The winbind client code for all supported operating systems is now in nsswitch/winbind_nss_OSNAME.[ch] to make things a bit clearer. (This used to be commit 93ea047a16a292b23a1d8736ce9bc4098ba142ba)
2003-03-24Don't use old usage() function, but the one from popt.Jelmer Vernooij1-1/+0
Remove some useless arguments (This used to be commit 8df30059ef100a4d5e21501d7746427b4d312589)
2003-03-24Revoke some of the popt patch from metze I applied earlier today. It addedJelmer Vernooij2-1/+2
some double options and broke some parameters. (This used to be commit d5f9b0275c91512e1926504f22aaeec2d104430d)
2003-03-24Patch from metze to generalise POPT_COMMON_SAMBA, with some minor changesJelmer Vernooij2-7/+4
(This used to be commit 2ddfed298d7f0b6e690275725a39c3ef107077ae)
2003-03-24(merge from HEAD)Andrew Bartlett7-33/+131
NTLM Authentication: - Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett (This used to be commit ec071ca3dcbd3881dc08e6a8d7ac2ff0bcd57664)
2003-03-23Convert to popt.Jelmer Vernooij1-58/+26
(This used to be commit 18d52ce914715d188966be95f9e4466666a04f74)
2003-03-23NTLM Authentication:Andrew Bartlett7-33/+131
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett (This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
2003-03-19Fix debug message not to use an uninitialized variable.Volker Lendecke1-2/+1
Volker (This used to be commit 80bfa7efd65af02108e3ef1e2b2952cda6dc5999)