summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2002-11-02Fix --set-auth-user command to delete entries from the secrets file when anTim Potter1-12/+68
empty username/password is passed on the command line. Previously we were leaving the domain name set and the password set to a NULL character. Added a --get-auth-user command to display the restrict anonymous username information. Can only be run successfully by root. (This used to be commit 0bb9bc196207fb35c9de6accbe101937a687762f)
2002-11-02Some winbindd cleanups I made trying to fix cr1020:Tim Potter2-38/+108
- move winbindd client handling into accessor functions in winbindd_util.c - move some winbindd socket routines into accessor functions in winbindd_utils.c (The deadlock situation mentioned in the appliance branch is probably not applicable since we don't clear the connection cache on SIGHUP. Perhaps we should?) (This used to be commit 846b5494942c73e68616e7eae0d2fd5ae4b2bc05)
2002-11-02Handle the case where the password used in RPC connections (for restrictTim Potter1-3/+8
anonymous support) is blank. (This used to be commit 7badccda46a0837dd9da802b44c2fbcb4f38845a)
2002-10-26Updates to winbind's PAM client and server - make the debug logsAndrew Bartlett2-19/+44
work a bit better for password changing. Andrew Bartlett (This used to be commit 425782ba32554b90d592493a1928a926e492bb2a)
2002-10-23much simpler code to choose a DC to contact in winbindd. We now alwaysAndrew Tridgell1-55/+6
choose the server that has the most bits in common in its IP with one of our interfaces. (This used to be commit 31774dce67844b67cb405e65f307a20354f2cedb)
2002-10-23if trusted domains are disabled then we should not try to connect toAndrew Tridgell1-1/+6
them in winbindd (This used to be commit 6c7748b001836e4aa3e23dedfe28db3c8acc197a)
2002-10-18must add one to the extra_data size to transfer the 0 string terminator.Herb Lewis1-1/+2
This was causing "wbinfo --sequence" to access past the end of malloced memory. (This used to be commit 4125c582aaf86ee5d92b0c800266543a390aefce)
2002-10-18NULL enum_local_groups for ads winbindd (temporary workaround).Gerald Carter2-1/+2
(This used to be commit 06eea39abdb49d9d547707dcb170c988d7276c1d)
2002-10-17Added new error codes. Fix up connection code to retry in the same wayJeremy Allison1-4/+18
that app-head does. Jeremy. (This used to be commit b521abd86b10573ca8f9116907c81e6deb55f049)
2002-10-15- we need to rescan the trusted domain list regularly to cope withAndrew Tridgell2-1/+5
transitive trusts, and trusts that are added while winbindd is running - removed an unnecessary call to time() (This used to be commit 14489ff30bb9eca2c55d36a69c0b45a2db339061)
2002-10-15Fix spelling of background_process.Jeremy Allison2-6/+6
Jeremy. (This used to be commit 94fc0ea9f99bc73486ef374a84d2c20ce895ee14)
2002-10-15Change to use sys_read/sys_write.Jeremy Allison1-10/+4
Jeremy. (This used to be commit 042890056d5d4128eaaca346e7898ccda860dbe2)
2002-10-08merge from APP_HEADGerald Carter6-13/+200
* s/driverlocation/comment * detect native mode domain and enumerate local groups Also * Added sendfile stats from SAMBA_2_2 (This used to be commit 764b58e2c0b3179cffe157c0ab58761b156b8423)
2002-10-05Don't use usage function, but use popt for usage and help infoJelmer Vernooij1-38/+37
(This used to be commit a0e0f3b293a71ee6a7bb0edb626c5e16cb803830)
2002-10-04fix typoGerald Carter1-1/+1
(This used to be commit 38a956c79bbdb5e1eedfcb1cf3ad4f7c906d0cf7)
2002-10-04merge native_mode flag in winbindd_domain struct from app-headGerald Carter3-5/+61
(This used to be commit dd948a302ad6bd4307ecdfb10510e12185150eae)
2002-10-04merge of new client side support the Win2k LSARPC UUID in rpcbindGerald Carter1-1/+1
from APP_HEAD (This used to be commit 38c9e4299845fd77cc8629945ce2d259489f7437)
2002-10-01Doh ! Lookup name before checking negative cache (the way Tim originallyJeremy Allison1-10/+10
had it...). Jeremy. (This used to be commit 6929b65954ff5b94d11db79c8fc6a295311c238f)
2002-09-30Fix memory leak in getting DC list. Remember to exclude failed lookups.Jeremy Allison1-5/+21
Jeremy. (This used to be commit c4fcbb2948beb3b6594d53a7ffdc8b94fd0d94e0)
2002-09-27Move a number of ADS related functions out into utility libs, so that thingsAndrew Bartlett1-186/+11
like metze's sam_ads can also use them. Also add error checking etc to a few more functions. Andrew Bartlett (This used to be commit c864edf4fbf8a6c37888a14b861d7c12cf503d4f)
2002-09-25fix getpass replacement check (i thought I fixed this a few daysGerald Carter1-0/+2
ago....) (This used to be commit 1b55965f12dc2ede46ca2dbc82acbf56b7e33e2e)
2002-09-24Moved -ve cache check to correct place.Jeremy Allison1-10/+10
Jeremy. (This used to be commit 38c67632ade40413c0cc2b91e04105e4065a18b7)
2002-09-17Reverted my earlier change. It was incorrect. We must be protected byJeremy Allison1-5/+4
pidfile before doing secrets_init(). Jeremy. (This used to be commit f8a0e6ad8b25d405ff2bcb492974d2f0bef81036)
2002-09-17Only create the pidfile once we're ready to receive requests.Jeremy Allison1-3/+5
This allows external programs to correctly synchronise with us. Jeremy. (This used to be commit ffb7632d05191342ecfc5f78fbfd7beacfe257ad)
2002-09-17Add clock skew handling to our kerberos code. This allows us to cope withAndrew Tridgell1-1/+1
the DC being out of sync with the local machine. (This used to be commit 0d28d769472ea3b98ae4c8757093dfd4499f6dd1)
2002-09-15Put unixsocket calls between #ifdef HAVE_UNIXSOCKET's - required for Stratus VOSJelmer Vernooij1-0/+4
(Double checked) (This used to be commit dc3c14fc2b661a62a1876149e96af6de07a2c4a6)
2002-09-12Merge undone cleanups.Tim Potter3-26/+27
(This used to be commit d87c1f507d38444e627bce59b6c765d9c9479ac6)
2002-09-12Merge of winbind auth cleanups from appliance.Tim Potter3-30/+34
(This used to be commit 26d486aa740e283f546efc1f2ca40af3452a4f52)
2002-09-12Merge of cut&paste fix from appliance.Tim Potter1-1/+1
(This used to be commit f75d61b03a3377f3a791b56fc307dc7e56e4707a)
2002-09-12Spelling fix.Tim Potter1-2/+2
(This used to be commit d9fa865e5ce8ba0b7539f9a218fc7dd132eb3d38)
2002-09-11Put pid number in invalid request size debug.Tim Potter1-2/+2
(This used to be commit e63afabf98350353fac79ffc2ae2ddf88d61260f)
2002-09-11Bugfix merge:Tim Potter1-0/+1
>Initialise user_rid value in WINBIND_USERINFO structure returned by >the rpc version of query_user(). This fixes a caching bug found by >Gavrie Philipson from disksite. (This used to be commit 77bde1fa33cc387accda8f38bf654377310f5dbe)
2002-09-07This is the 'main' inclue for for winbind clients - all clients should includeAndrew Bartlett1-0/+16
only this file, and not any others. It includes the function prototypes. (Forgot to commit with earlier patch) Andrew Bartlett (This used to be commit 3ec3861445e7da1347c3b5ba180b33441f59640c)
2002-09-07Don't leak file desciptors in this (impossible?) error case.Andrew Bartlett1-0/+1
(This used to be commit b440418f13b840860be42690bf475c1ee3cb3647)
2002-09-07Winbind client-side cleanups.Andrew Bartlett6-37/+94
The global winbind file descriptor can cause havoc in some situations - particulary when it becomes 0, 1 or 2. This patch (based on some very nice work by Hannes Schmidt <mail@schmidt-net.via.t-online.de>) starts to recitfy the problem by ensuring that the close-on-exec flag is set, and that we move above 3 in the file descriptor table. I've also decided that the PAM module can close it's pipe handle on every request - this isn't performance-critical code. The next step is to do the same for nss_winbind. (But things like getent() might get in our way there). This also cleans up some function prototypes, puts them in just one place. Andrew Bartlett (This used to be commit 442eb39657b98f67cd229ed3110b63aae8bf4e3c)
2002-09-06Patch from "Stefan (metze) Metzmacher" <metze@metzemix.de>Andrew Bartlett1-4/+4
to extend the ADS_STATUS system to include NTSTATUS, and to provide a better general infrustructure for his sam_ads work. I've also added some extra failure mode DEBUG()s to parts of the code. NOTE: The ADS_ERR_OK() macro is rather sensitive to braketing issues - without the final set of brakets, the test is essentially inverted - causing some intersting 'error = success' messages... Andrew Bartlett (This used to be commit 5b9a7ab901bc311f3ad08462a8a68d133c34a8b4)
2002-09-04Quietened some debugs.Tim Potter1-2/+2
(This used to be commit ea26b3e8efcb83e16f7eb5add031a8df99046a69)
2002-08-30added cli_net_auth_3 client code.Jean-François Micouleau1-3/+3
changed cli_nt_setup_creds() to call cli_net_auth_2 or cli_net_auth_3 based on a switch. pass also the negociation flags all the way. all the places calling cli_nt_setup_creds() are still using cli_net_aut2(), it's just for future use and for rpcclient. in the future we will be able to call auth_2 or auth_3 as we want. J.F. (This used to be commit 4d38caca40f98d0584fefb9d66424a3db5b5789e)
2002-08-29fix connecting to a BDC when the PDC is down but in WINS and no bcastAndrew Tridgell1-5/+3
can be used to find a BDC 2nd try .... (This used to be commit f757223ebe88148b83e1a32b87c014c15c0a68dd)
2002-08-29fix connecting to a BDC when the PDC is down but in WINS and no bcastAndrew Tridgell1-0/+7
can be used to find a BDC (This used to be commit e95d8e2c9ee5cf22b628f3e0d99fb74bcc632ea0)
2002-08-29Use popt for --helpJelmer Vernooij1-54/+24
(This used to be commit 073106ad25fba8c8aaa57c296ce8e7cb7b3e3e97)
2002-08-27Fix typo in debug.Tim Potter1-1/+1
(This used to be commit 86433a3492a3b70a051257940ae28ada8788a650)
2002-08-23Moved calculation of secure channel type into a new function.Tim Potter1-4/+3
(This used to be commit b8dba26978c281259e02b9d6ebacaa7cba4f7787)
2002-08-21Patch from Paul Green <Paul.Green@stratus.com> to be more POSIX-compatibleJelmer Vernooij1-0/+4
(This used to be commit addf29e6765393b25c35bd833d29e29e4581c233)
2002-08-18be a bit more paranoid about not getting duplicate domain names (canAndrew Tridgell1-2/+8
happen when the LDAP call to get the flatname for the primary domain fails) (This used to be commit 8d40f34e2f5188f15f414e807d023bfea7bd8c8e)
2002-08-17Becouse of changes to the meaning of this feild over time, this doesn'tAndrew Bartlett1-17/+0
actually work. Also, the idea of 'loopback winbind' isn't that bad an idea anyway (potential PDC/BDC applications). Given all that, remove it... Andrew Bartlett (This used to be commit fc0d6e53fce1d05b16ec58c0bdc38aa8da4422c0)
2002-08-16Merge of netbios namecache code from APPLIANCE_HEAD.Tim Potter1-0/+2
Tridge suggested a generic caching mechanism for Samba to avoid the proliferation of little cache files hanging around limpet like in the locks directory. Someone should probably implement this at some stage. (This used to be commit dad31483b3bd1790356ef1e40ac62624a403bce8)
2002-08-07Add some more const :-)Andrew Bartlett1-3/+3
This also makes it a easier to see which paramaters are 'in', and which are 'out'. Andrew Bartlett (This used to be commit 122cf648d7f364c68ecb7a576a42e94a954e9e56)
2002-08-05fixed wbinfo -t for netbiosless domainsAndrew Tridgell1-1/+7
(This used to be commit 68e70b000b273ba72206c87ad1efd6efc2c7c487)
2002-08-05This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell6-125/+172
setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)