summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2002-01-20This patch makes the 'winbind use default domain' code interact better withAndrew Bartlett8-116/+70
smbd, and also makes it much cleaner inside winbindd. It is mostly my code, with a few changes and testing performed by Alexander Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and security=ads, but more testing is always appricatiated. The idea is that we no longer cart around a 'domain\user' string, we keep them seperate until the last moment - when we push that string into a pwent on onto the socket. This removes the need to be constantly parsing that string - the domain prefix is almost always already provided, (only a couple of functions actually changed arguments in all this). Some consequential changes to the RPC client code, to stop it concatonating the two strings (it now passes them both back as params). I havn't changed the cache code, however the usernames will no longer have a double domain prefix in the key string. The actual structures are unchanged - but the meaning of 'username' in the 'rid' will have changed. (The cache is invalidated at startup, so on-disk formats are not an issue here). Andrew Bartlett (This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
2002-01-19Fix to close winbindd_idmap on exit. Pointed out by Alexander Bokovoy.Jeremy Allison3-0/+10
Jeremy. (This used to be commit 1bd96b3094b530c3426b22b6f891c7fc055e7033)
2002-01-19fixes (asprintf) from 2.2Simo Sorce1-4/+6
(This used to be commit 6b123adda901ff05b0271eeda060297448f64eec)
2002-01-18This is the 'winbind default domain' patch from Alexander BokovoyAndrew Bartlett7-46/+138
<a.bokovoy@sam-solutions.net>. The idea is the domain\username is rather harsh for unix systems - people don't expect to have to FTP, SSH and (in particular) e-mail with a username like that. This 'corrects' that - but is not without its own problems. As you can see from the changes to files like username.c and wb_client.c (smbd's winbind client code) a lot of assumptions are made in a lot of places about lp_winbind_seperator determining a users's status as a domain or local user. The main change I will shortly be making is to investigate and kill off winbind_initgroups() - as far as I know it was a workaround for an old bug in winbind itself (and a bug in RH 5.2) and should no longer be relevent. I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters to determine a user/groups's 'local' status, rather than the presence of the seperator. As such, this functionality is recommended for servers providing unix services, but is currently less than optimal for windows clients. (TODO: remove all references to lp_winbind_seperator() and lp_winbind_use_default_domain() from smbd) Andrew Bartlett (This used to be commit 07a21fcd2311d2d9b430b99303e3532a8c1159e4)
2002-01-15Fix from 2.2. It didn't break on HEAD because it isn't being compiled. Herb?Jim McDonough1-10/+10
(This used to be commit 4fcaec53de18220ff6662f62a1430f67757cdcc5)
2002-01-15adding wins commands to winbindd - will check in the rest of the changesHerb Lewis1-0/+211
after further testing in 2.2 branch. (This used to be commit d5cdbc7e4ff48273bd7616694eef98c61e6f1f33)
2002-01-14Initialise cli variables and try not to do a cli_shutdown() of uninitialsedAndrew Bartlett1-4/+10
memory. The winbind connection caching code isn't exactly a plesent beast, and there is more work that needs to be done to nail this properly. Andrew Bartlett (This used to be commit dd40ce54b7f170854d63e08ac737f1b4306bd95b)
2002-01-13I'm doing some things towards the NamedPipes game with lckl and he has asked meAndrew Bartlett1-86/+2
to move this from being a static to matching its mate in lib/util_sock.c. In any case, this should discorage anybody from using the 'wrong' version of this function. (ie the one from TNG, which needs a bit more error checking depending on use). Andrew Bartlett (This used to be commit e6a3a01f795a85d908180ff19469ce09a2803512)
2002-01-12Many thanks to Alexander Bokovoy <a.bokovoy@sam-solutions.net>.Andrew Bartlett3-0/+12
This work was sponsored by Optifacio Software Services, Inc. Andrew Bartlett (various e-mails announcements merged into some form of commit message below:) This patch which adds basics of universal groups support into Samba 3. Currently, only Winbind with RPC calls supports this, ADS support requires additional (possibly huge) work on KRB5 PAC. However, basic infrastructure is here. This patch adds: 1. Storing of universal groups for particular user logged into Samba software (smbd/ two winbind-pam methods) into netlogon_unigrp.tdb as array of uint32 supplemental group rids keyed as DOMAIN_SID/USER_RID in tdb. 2. Fetching of unversal groups for given user rid and domain sid from netlogon_unigrp.tdb. Since this is used in both smbd and winbindd, main code is in source/lib/netlogon_uingrp.c. Dependencies are added to AUTH_OBJ as UNIGRP_OBJ and WINBINDD_OBJ as UNIGRP_OBJ. This patch has had a few versions, the final version in particular: Many thanks to Andrew Bartlett for critics and comments, and partly rewritten code. New: - updated fetching code to changed byte order macros - moved functions to proper namespace - optimized memory usage by reusing caller's memory context - enhanced code to more follow Samba coding rules Todo: - proper universal group expiration after timeout (This used to be commit 80c2aefbe7c1aa363dd286a47d50c5d8b4595f43)
2002-01-11force the time difference in cache comparisons to be unsigned to copeAndrew Tridgell1-1/+4
with the local machine time changing (This used to be commit 116c0a0e3baa6a100a816f1ff2722782941ac3dc)
2002-01-11make the winbind sequence number code more robustAndrew Tridgell1-1/+1
when switching from rpc to ADS this now should make sense (This used to be commit ec73d26c7f9a2bbd4b91e9c22850e032b91666e2)
2002-01-11Always query the PDC for the list of trusted domains rather than interatingTim Potter7-114/+179
the list received at startup or we get an out of date list. I thought there might be some sequence number that is incremented when a trusted domain is added or removed - perhaps there is but I just haven't found it yet. - Renamed get_domain_info() to init_domain_list() - Made an accessor function to return the list of trusted domains rather than using a global so we don't have to remember to put a magic init function - The getent state can not keep a pointer to a winbind_domain structure as it may be freed if init_domain_list() is called again so we keep the domain name instead (This used to be commit 37216c649a394b449eaaaa6644709eafb3bf37ff)
2002-01-11Some memory leak fixes.Tim Potter1-17/+23
(This used to be commit da4db0373b65d975d5129715d6b1fa725b188766)
2002-01-10Since AB has been changing the winbind interface it's time to add the "mockTim Potter3-21/+21
swedish" test to client calls. This is putting a length field at the start of a request so we can disconnect clients talking with an out of date libnss_winbind.so rather than deadlock them. Misc cleanups: - made some int values uint32 - moved WINBIND_INTERFACE_VERSION to start of cmd list (This used to be commit a4af65b9b93671f13f277d49279a85042a8fd1d5)
2002-01-10merge tpots name changes into IRIX part of code. When you change the nameHerb Lewis1-8/+8
of a define you need to grep for the old name and change ALL places. (This used to be commit 09e3276fb7207dff73f181072851bd542fb64263)
2002-01-10Return the winbind separator over the socket, so programs don't have to parseAndrew Bartlett5-18/+78
smb.conf to get it right. While wb_client needs its lp_load() for samba dependency reasons, it now uses the new method both to example and test the new code. Also add an interface version function, and return the winbind's samba version string. In preperation for default domains, its now up to winbindd to reject plaintext auths that don't have a seperator, but NTLM (CRAP) auths now have two feilds, hence need parsing. Andrew Bartlett (This used to be commit 2bd2a092ee3d49a74d896385688d7c7256aa297e)
2002-01-10This changes the winbind protcol a bit:Andrew Bartlett6-38/+84
It adds a 'ping' request, just to check winbind is in fact alive It also changes winbindd_pam_auth_crap to take usernames and domain seperatly. (backward incompatible change, needs merge to 2.2, but this is not yet released code, so no workarounds) Finally, it adds some debugs and fixes a few memory leaks (uses talloc to do it). Andrew Bartlett (This used to be commit 6df29bfe335144a968f5367f624ef2b4cf9e69b0)
2002-01-10A big tidyup while thinking about getting trusted domains being re-readTim Potter8-132/+142
when they are added or removed on the PDC. - renamed GETPWNAM_FROM_{UID,USER} constants and functions to GETPW{NAM,UID} - renamed GETGRNAM_FROM_{GID,GROUP} constants and functions to GETGR{NAM,GID} - use SIGUSR2 in winbindd for debugging/logging instead of SIGUSR1 in preparation for moving to smbcontrol type messages (not sure whether to ditch this altogether or not) - tidy debugging messages in top level winbind user and group routines - convert talloc_init() to talloc_init_named() - make enumerations of the domain list use the same local variable names (This used to be commit eeb8af9c1a66bfcd80823d7b406acbab79857a16)
2002-01-09Fixed typo.Jeremy Allison1-1/+1
Jeremy. (This used to be commit a99e0cec1e2596c5bc89932e64de301f3fb9ae86)
2002-01-09HPUX nss fix.Jeremy Allison1-2/+18
Jeremy. (This used to be commit 1f12e310e5d8b01d3d29132d1bb1f41196165f7f)
2002-01-08Getting ready to add winbindd support for HPUX 11.Jeremy Allison2-0/+154
Jeremy. (This used to be commit 012a9144124b5bde5fb1fe12c6147f32ccf2046e)
2002-01-07Don't log the password in pam_sm_authenticate() unless DEBUG_PASSWORD isTim Potter1-2/+10
defined. This is done with --enable-developer mode. (This used to be commit caff5dc1d66953cb52f94cd6407778b23e1810eb)
2002-01-01Further rpc_client removal, this time from winbindd.Andrew Bartlett2-39/+61
Also removed the dependency on auth_util.o, which makes things nicer. Finally, this kills off the NECESSARY_BECAUSE_SAMBA_DEPENDENCIES_ARE_SO_BROKEN_OBJ makefile variable - becouse Samba dependencies are starting to be sane again! Andrew Bartlett (This used to be commit 4609edcac3b70c11025f0c5aa0ddbeed93369c84)
2001-12-30When running interactive we want to set our own process group forJeremy Allison1-0/+9
signal management. Jeremy. (This used to be commit fffae94dd5699f44c0b1c8081587deafd89b3fc0)
2001-12-22merge Jeremy's gcc3 warning fix from 2.2Herb Lewis1-1/+1
(This used to be commit 52e9d2c383371e64e498bbdb4a3f0e8583ca77a0)
2001-12-22merge IRIX winbind support from Samba 2.2 branchHerb Lewis3-97/+666
(This used to be commit 20c5f042e3bb79ff96a993c70b843908dcfafb65)
2001-12-21Append to log.winbindd instead of overwriting it so we are consistent withTim Potter1-0/+7
smbd/nmbd behaviour. (This used to be commit 54d276561524213302e7bb2d759d7d4082fd6e8a)
2001-12-20added ads_domain_sid() functionAndrew Tridgell1-15/+5
(This used to be commit ff002a458afa6ca378f0c6d2ec9fb74233c839a7)
2001-12-20Removed global debugf. Replaced with lp_set_logfile(name).Jeremy Allison1-5/+13
Fixed winbindd to finally stop leaving log. file droppings :-). Jeremy. (This used to be commit 0bea6cf79a44f79fa3a4f2c8381e898e79c66509)
2001-12-20Setup global_myworkgroup. Needed for secrets fetch code.Jeremy Allison1-8/+11
Jeremy. (This used to be commit 057e91c1c3833516d03b492f3ebe489d8216a0ba)
2001-12-20net ads password and net ads chostpass commands from Remus KoosAndrew Tridgell1-0/+1
(This used to be commit 412e79c448bf02e3097b5c14a36fe0172d8d2895)
2001-12-19use "ads server" option if set for primary domainAndrew Tridgell1-4/+10
(This used to be commit 1bf5c1a46f4c3f44054ce8fcbc551cdb72683f2b)
2001-12-19add support for mixtures of ADS/NT4 domains, as long as the primaryAndrew Tridgell1-0/+9
domain is ADS (This used to be commit e97b40e09427c2c5f0a497f9432af08d6d6762f2)
2001-12-19much better ADS error handling systemAndrew Tridgell2-72/+68
(This used to be commit 05a90a28843e0d69183a49a76617c5f32817df16)
2001-12-19added trusted realm support to ADS authenticationAndrew Tridgell3-1/+8
the method used for checking if a domain is a trusted domain is very crude, we should really call a backend fn of some sort. For now I'm using winbindd to do the dirty work. (This used to be commit adf44a9bd0d997ba4dcfadc564a29149531525af)
2001-12-19- added initial support for trusted domains in winbindd_adsAndrew Tridgell4-18/+81
- gss error code patch from a.bokovoy@sam-solutions.net - better sid dumping in ads_dump - fixed help in wbinfo (This used to be commit ee1c3e1f044b4ef62169ad74c5cac40eef81bfda)
2001-12-18fixed handling of empty or dead domain in wbinfo -gAndrew Tridgell1-60/+9
(This used to be commit 2c54cfbc475cd22d0e906898a07d4e0576c64c80)
2001-12-14Added the group enum code from 2.2Jeremy Allison1-0/+1
Jeremy. (This used to be commit 59e01a22c5cb1046758c8cd6b09333c19d6cd26e)
2001-12-13make sure we find NSS_STATUS structAndrew Tridgell1-0/+1
(This used to be commit 7db718d44a62aee9610a9dfd9e671345a0ea7737)
2001-12-12allow IRIX to build nsswitch/libnss_wins.soHerb Lewis1-12/+82
(This used to be commit 564bfd77287b3006c7246065990ca9b91f79826a)
2001-12-12add *.po32 to ignore listHerb Lewis1-0/+1
(This used to be commit fe0db4c55f8bfc70004edd60a29359337fa40723)
2001-12-11Oops, the -a option disappeared.Tim Potter1-0/+1
(This used to be commit 6194f874bbc50cb40228b29fb783a7716104b824)
2001-12-11sync with 2.2Herb Lewis1-0/+29
added multiple include protection added IRIX defines (This used to be commit b9dbb38bf2d1fbe1ca5d0aa53b89f76844d6209c)
2001-12-11Replace backslash with winbind separator before calling parse_domain_user(). ↵Jim McDonough1-2/+4
Winbind separators other than backslash didn't work. (This used to be commit 6688781331e046adc77783792fc009cda7c8b5b8)
2001-12-11fix for IRIX compilersHerb Lewis1-2/+2
(This used to be commit b110f57e49bcb4e3c648020850ee18d1888b9152)
2001-12-11handle systems without setenv()Andrew Tridgell1-1/+1
(This used to be commit 87090652460e57703b40f21e9ed08c18770b61c3)
2001-12-11Modify winbindd to use authenticated user info from secrets.tdb when makingTim Potter2-2/+34
IPC$ connections to domain controllers. (This used to be commit 1217ef28a6c18c085fcb2eac3bf04866c166d959)
2001-12-11Converted wbinfo to use popt instead of getopt - popt is very nice!Tim Potter1-28/+100
Added a --set-auth-user function to set a username and password that can be used by winbindd when making connections to domain controllers. This is necessary when restrictions have been placed on anonymous connections either through the RestrictAnonymous registry setting, or the win2k Local Security Policy -> Security Settings -> Local Policies -> Security Options -> Additional restrictions for anonymous connections. (phew) Two new keys are set in secrets.tdb: SECRETS/AUTH_USER and SECRETS/AUTH_PASSWORD which hold the username and plaintext password of the user to connect as. To reset these values, run wbinfo --set-auth-user "" (This used to be commit 507003522b70443f79b8b69a836dcd38d309cfca)
2001-12-11removed the start_ndx parameter from group enumerationAndrew Tridgell5-87/+80
I tried testing this by lowering the buffer size in cli_samr_enum_dom_groups() but that didn't work - I think this needs more looking into (This used to be commit 34328e30315e4b42087d0ee11ed0c3fb715bc250)
2001-12-11got rid of start_ndx from query_user_list()Andrew Tridgell6-128/+120
(This used to be commit 1c909afe76566807fb576c965eb869f98e72f2bd)