summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2004-03-24Fix bugzilla # 1208Jim McDonough1-1/+5
Winbind tickets expired. We now check the expiration time, and acquire new tickets. We couln't rely on renewing them, because if we didn't get a request before they expired, we wouldn't have renewed them. Also, there is a one-week limit in MS on renewal life, so new tickets would have been needed after a week anyway. Default is 10 hours, so we should only be acquiring them that often, unless the configuration on the DC is changed (and the minimum is 1 hour). (This used to be commit c2436c433afaab4006554a86307f76b6689d6929)
2004-03-22missed one on BUG 1195; make sure to set the private * to NULLGerald Carter1-5/+2
(This used to be commit 97a24d13892e292d31a1a6d7a1c96893508d6222)
2004-03-22BUG 1185: use 'winbind cache time' as the reconnect period when seq_num == ↵Gerald Carter1-0/+2
-1 rather than multiplying it by 8 (the default cache time is 5 minutes now) (This used to be commit 8d6e370313b62556ba13d88e1ab5ff468ac103c8)
2004-03-22bug 1195: add flag to ADS_STRUCT so we know who owns the main structure's ↵Gerald Carter1-1/+22
memory (not the members though) (This used to be commit 4449e0e251190b741f51348819669453f0758f36)
2004-03-16BUG 1182: patch from john.klinger@lmco.com (John Klinger) to reanable the ↵Gerald Carter2-2/+4
-n 'no cache' option for winbindd (This used to be commit d1848988d9ee9fdd870bcdd32c938b907419558b)
2004-03-14When trying to remove a user from a group, winbind should be informedVolker Lendecke1-0/+3
about the user and group... Volker (This used to be commit 9fa2c4045252f07cc0518457d8ef8b81d8402327)
2004-03-07This might not be used a lot and might not survive for long, but at least itVolker Lendecke2-7/+11
should work as expected :-) Fix wb_delgrpmember. Volker (This used to be commit 9fc0025d12d17b0c68956af481a836eebc32e675)
2004-03-04BUG 848: don't create winbind local users/groups that already exist in the tdbGerald Carter1-3/+16
(This used to be commit 89da3df07b7d90ad19852046d0533673cff8fdc6)
2004-02-10fix more compiler warning after the latest static rampageGerald Carter1-28/+28
(This used to be commit 4f97988dd652983b7cdbb2f2e5a85c9d97ec697e)
2004-02-08Add more static...Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 203ce018365d350c8c0a3f512651cff2b0791b6c)
2004-02-08nsswitch/winbindd_util.c:Andrew Bartlett1-1/+1
add static smbd/uid.c: remove unused function Andrew Bartlett (This used to be commit ab25af0e18d883757775a85f005775a79a86dcc8)
2004-02-08Make more functions static, and remove duplication in the use of functionsAndrew Bartlett1-1/+1
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c (These should perhaps be pulled back out to smbpasswd.c, but that can occour later). Andrew Bartlett (This used to be commit fcdc5efb1e245c8fa95cd031f67ec56093b9056e)
2004-02-04return NSS_SUCCESS if we have found the max number of gids possible on ↵Gerald Carter1-4/+7
Solaris; patch from John Klinger <john.klinger@lmco.com> (This used to be commit 28c2a74c850c0ead8a7d9f8e09705f587b6fae12)
2004-02-02A few fixes from "L. Lucius" <ib@digicron.com>. Don't use int when it'sJeremy Allison1-3/+3
really a size_t. Jeremy. (This used to be commit 2da24613ed62c6dd8465c976bdb2e3aaa33a5058)
2004-01-29completely rewrote the AIX UESS backend (UESS is the AIX equivalent ofAndrew Tridgell1-148/+778
NSS). This time I think I've actually got it right. I wrote a fairly good test suite for UESS modules (similar to nsstest.c) that allowed me to explore how the modules supplied with AIX actually work. This new module also incorporates authentication features, so you don't need a PAM module at all. Just install this UESS module and authentication will "just work". It also handles password change, so /usr/bin/passwd can be used to change windows password. (This used to be commit d62cb9454e310d2baeea0077dad4ba9382ba06cd)
2004-01-29Remove an unused parameter from reload_services_file.Richard Sharpe1-4/+3
(This used to be commit 0032c3f46aaef065e95d987dc0506016aabbe644)
2004-01-26This adds client-side support for the unicode/SAMR password change scheme.Andrew Bartlett1-8/+2
As well as avoiding DOS charset issues, this scheme returns useful error codes, that we can map back via the pam interface. This patch also cleans up the interfaces used for password buffers, to avoid duplication of code. Andrew Bartlett (This used to be commit 2a2b1f0c872d154fbcce71a250e23dfad085ba1e)
2004-01-23Fix typoVolker Lendecke1-2/+1
(This used to be commit 09a30014233f111fe978effb12ecb2f88b710cb5)
2004-01-16Commit sid<->[ug]id extensions to libnss_winbind.so on Linux, as well as aVolker Lendecke1-0/+138
factored-out nss_winbind.[ch]. I took tridge's public domain license comment for the nss_winbind.[ch]. This is probably not the last word on that extension, but as it is quite non-intrusive to the main samba code, I would like to give it a start. Volker (This used to be commit da5944129fad39010544b82649dfe5531a504ecf)
2004-01-15And another memory corruption in winbind. Arg 3 of safe_strcpy does notVolker Lendecke1-1/+1
include the terminating 0. Volker (This used to be commit 945c7807641e82500c84e833f03f381497f0a2d0)
2004-01-15Fix a segfault in winbindd. Calling getusersids with a SID that results in 0Volker Lendecke1-1/+1
groups winbind ended up freeing an uninitialised pointer. Volker (This used to be commit cd89288e21ba13a9e97c548eccc15cef21a98d07)
2004-01-15BUG 936: fix bind credentials for schannel binds in smbd (and add a comment ↵Gerald Carter1-3/+3
to winbindd_cm about this (This used to be commit 5134c6bcbc5180431e95a30559c453f3744fd427)
2004-01-14Fix initgroups() call nss_winbind on solaris; patch from John Klinger ↵Gerald Carter1-0/+16
<john.klinger@lmco.com> (This used to be commit 40b7d863dc246ea23ff3d9cdc167f1fb96166e1d)
2004-01-14* Revert to using rpc for mixed mode AD domains.Gerald Carter1-3/+9
The reason for this are: (a) the set_dc_type_and_flags() cannot tell the different between connecting to an NT4 domain and an NT4 BDC of a mixed mode domain. (b) the connection management for the rpc backend only provides on named pipe per cli_state. So it is possible to connect to an NT4 BDC for netlogon and an AD mixed mode DC for lsarpc. RPC is the lowest common demonimator here. (c) Issue with the sequence number value between the highestCommittedUSN LDAP attribute and the seq_num returned via RPC. We will revisit this later, but the changes need to make this work right now are too broad and risky. (This used to be commit 1ed2e521536108229d153c2996f4757d89461166)
2004-01-14Remove duplicate comment.Andrew Bartlett1-2/+0
Andrew Bartlett (This used to be commit b0b2010461d8554334b033c4f07d78c308e73e7f)
2004-01-12fixing compile problems due to my recent ads.h changesGerald Carter1-1/+1
(This used to be commit d7b6298b9e4e7f83deaa2c6f3d711c390ff9cefd)
2004-01-11update copyright to -2004Stefan Metzmacher1-1/+1
metze (This used to be commit 12d6bc3bd0684646e990c2fc6485fe1a92ac98fb)
2004-01-08Use StrCaseCmp, not strcasecmp. Should fix winbind build on IRIXJelmer Vernooij1-2/+2
(This used to be commit 65b01f67d5725bc54e6bc19b6e84beef38e372f8)
2004-01-08fix segfault when sid_ptr == 0 in DsEnumDomainTrusts() replyGerald Carter1-3/+2
(This used to be commit ba9dc0d9fd3e30a7ddf97b6a4df753db7ba12cc1)
2004-01-08fix a seg fault caused by abartlet's last checkin; there's no way this could ↵Gerald Carter1-1/+1
have been tested against an NT4 DC (This used to be commit 8e8a351cabb502f1a93b219fec064fb4eb094856)
2004-01-08use SAFE_FREE(), not free().Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 595dee660742f8bd5770a5f7aaf3a5d1987dbcfa)
2004-01-08This merges in my 'always use ADS' patch. Tested on a mix of NT and ADSAndrew Bartlett9-36/+146
domains, this patch ensures that we always use the ADS backend when security=ADS, and the remote server is capable. The routines used for this behaviour have been upgraded to modern Samba codeing standards. This is a change in behaviour for mixed mode domains, and if the trusted domain cannot be reached with our current krb5.conf file, we will show that domain as disconnected. This is in line with existing behaviour for native mode domains, and for our primary domain. As a consequence of testing this patch, I found that our kerberos error handling was well below par - we would often throw away useful error values. These changes move more routines to ADS_STATUS to return kerberos errors. Also found when valgrinding the setup, fix a few memory leaks. While sniffing the resultant connections, I noticed we would query our list of trusted domains twice - so I have reworked some of the code to avoid that. Andrew Bartlett (This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
2004-01-08Move more of winbind to use 'find_our_domain()' rather than the dangerousAndrew Bartlett5-48/+38
find_domain_from_name(lp_workgroup()). (as find_domain_from_name() can change the data in lp_workgroup()) Andrew Bartlett (This used to be commit 2e6eaad9ce6a0ad6923b5952ef6cf1c3688b7cfa)
2004-01-08The correct test for 'is our primary domain' is domain->primaryAndrew Bartlett1-1/+1
(This used to be commit 703f101136b8e9bbc16f57a37cd9d9d739606a84)
2004-01-07Machines are people too!Andrew Bartlett4-34/+23
While machine accounts cannot use an NTLM login (NT4 style), they are otherwise full and valid members of the domain, and expect to be able to use kerberos to connect to CIFS servers. This means that the LocalSystem account, used by various services, can perform things like backups, without the admin needing to enter further passwords. This particular issue (bug 722) has started to come up a lot on the lists. I have only enabled it for winbindd-based systems, as the macros use use to call the 'add user script' will strip the $ from the username for security reasons. Andrew Bartlett (This used to be commit 6a9bbd1da3bb961d24e74348fa0b68574022855f)
2004-01-07Don't duplicate pulling the 'IPC' username from secrets.tdb, insteadAndrew Bartlett1-6/+6
just use one function for both places. Andrew Bartlett (This used to be commit 85da181e8a0ade839f6d595fabdf4cea606f82e1)
2004-01-06remove unused seek_file(); don't hardcode '\' when printing the auth-userGerald Carter1-1/+1
(This used to be commit fac5e05ca1b56cb6e3ab6537d0848fa373c00831)
2004-01-06Ensure that for wbinfo --set-auth-user, we actually use the domain.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 93a5d8079a0291be14517e437f8f0c964c21e91d)
2004-01-05Fix warningVolker Lendecke1-1/+1
Volker (This used to be commit 541e6998a06ac523ad794b10f4e7a46951a06726)
2004-01-05shorten some more lines.Andrew Bartlett1-7/+14
(This used to be commit 7e5855dfd27ed9ec1fa924986f1ba02632a0d5a0)
2004-01-05Grumble... grumble... fix the build...Andrew Bartlett1-5/+7
(This used to be commit 687aececa66c2c1ba8e5bc3127d8ca79a97436d1)
2004-01-05Show the sid type in name->sid translatons in a way that can be easilyAndrew Bartlett1-1/+1
understood by humans. Andrew Bartlett (This used to be commit 3d91b0a0060f18d49b2fdd9f93ef310e2ea7779d)
2004-01-05Change our Domain controller lookup routines to more carefully seperateAndrew Bartlett6-102/+127
DNS names (realms) from NetBIOS domain names. Until now, we would experience delays as we broadcast lookups for DNS names onto the local network segments. Now if DNS comes back negative, we fall straight back to looking up the short name. Andrew Bartlett (This used to be commit 32397c8b01f1dec7b05140d210bb32f836a80ca6)
2004-01-05Add const.Andrew Bartlett1-3/+3
(This used to be commit aacb817e89d17349003159e1b7c28546babc8559)
2004-01-05rpc_client/cli_lsarpc.c:Andrew Bartlett3-77/+37
rpc_parse/parse_lsa.c: nsswitch/winbindd_rpc.c: nsswitch/winbindd.h: - Add const libads/ads_ldap.c: - Cleanup function for use nsswitch/winbindd_ads.c: - Use new utility function ads_sid_to_dn - Don't search for 'dn=', rather call the ads_search_retry_dn() nsswitch/winbindd_ads.c: include/rpc_ds.h: rpc_client/cli_ds.c: - Fixup braindamage in cli_ds_enum_domain_trusts(): - This function was returning a UNISTR2 up to the caller, and was doing nasty (invalid, per valgrind) things with memcpy() - Create a new structure that represents this informaiton in a useful way and use talloc. Andrew Bartlett (This used to be commit 06c3f15aa166bb567d8be0a8bc4b095b167ab371)
2004-01-05Fix for bug 707, getent group for huge ads groups (>1500 members)Andrew Bartlett1-22/+72
This introduces range retrieval of ADS attributes. VL rewrote most of Günther's patch, partly to remove code duplication and partly to get the retrieval of members in one rush, not interrupted by the lookups for the DN. I rewrote that patch, to ensure that we can keep an eye on the USN (sequence number) of the entry - this allows us to ensure the read was atomic. In particular, the range retrieval is now generic, for strings. It could easily be made generic for any attribute type, if need be. Andrew Bartlett (This used to be commit 131bb928f19c7b1f582c4ad9ac42e5f3d9dfb622)
2004-01-05We can't possilby get 'ok' here, as the if statement above just checked for it.Andrew Bartlett1-2/+0
(This used to be commit cf4454969434d3026c57ac11c0528dc4cea9c77a)
2004-01-04Commit the translation of the realm to the netbios domain name in the kerberosVolker Lendecke4-0/+85
session setup. After talking to jht and abartlet I made this unconditional, no additional parameter. Jerry: This is a change in behaviour, but I think it is necessary. Volker (This used to be commit 3ce6c9f27368cfb278007fe660a0e44a84d67f8f)
2004-01-03And yet another constVolker Lendecke1-1/+1
Volker (This used to be commit dafa4d202b65382c365f10365208d9de4eef5586)
2004-01-02Under certain error conditions (a talloc() failure above) this would causeAndrew Bartlett1-2/+0
a double-free(), and the resultant malloc heap corruption. This may be one of our lurking winbind segfaults. Andrew Bartlett (This used to be commit 903263a1bdb755f86dac3a9a92a4af39c8b102c4)