summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2003-04-14Merge:Tim Potter1-91/+27
- Jelmer's latest popt changes - debugging tdb messages now initialised and handled in lib/messages.c (This used to be commit b11f35fddec8c3d3899a8bc78d093137f73b2dfb)
2003-04-14Syncup new HEAD version.Tim Potter1-128/+169
(This used to be commit 396bcf0cf6dfc7a36be0c4e774386b266439c3af)
2003-04-14Syncup popt changes with HEAD.Tim Potter1-2/+2
(This used to be commit 39c987c3c522b66146e99fcc528cd60e05ad14f7)
2003-04-07This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User1-0/+459
used to be commit 43f21c87e12fe88dab6ccba13c2e54161cf87093)
2003-04-07Winbind merges from HEAD:Andrew Bartlett6-17/+32
- fix winbindd_pam bugs - give a better error message for unauthorized access to auth_crap - show this message in wbinfo - fix spelling: privilaged -> privileged ** This changes the location of the winbindd privileged pipe ** (thanks to tpot) Andrew Bartlett (This used to be commit 92c2a33483cc9ddd1dd627224192a3023f8caff8)
2003-04-07Create a pidfile, even when running in interactive mode.Tim Potter1-3/+2
(This used to be commit 1d7400e679df136f03daf79788ea998c5a787f89)
2003-04-07privilaged -> privilegedTim Potter5-10/+10
(This changes the location of the winbindd privileged pipe) (This used to be commit f111f10076c7797e5fd39edcc0aad7d860bb5ac5)
2003-04-07Remove duplicate "tallocdump" message from tdb messaging system. TheTim Potter1-22/+1
same functionality exists as "pool-usage". Move initialisation of this and dmalloc messages inside message_init(). (This used to be commit af6ecafcbbf65dbedc49b3a86da39ce608bdadac)
2003-04-06This commit make winbindd copy winbindd_idmap.tdb into idmap.tdb on theSimo Sorce1-5/+23
first run if idmap.tdb is not found, and then eventually convert it to the new format. This is done to unify winbind and idmap databases and to make a backup of winbindd_idmap.tdb in case you want to downgrade (of course it will not be updated). This is needed because idmap.tdb contains also local mappings, not only foreign domains mappings. Added some other fixes/improvements Simo. (This used to be commit cf17261519fd8775500f9b9d6caa2bc462e04633)
2003-04-04Removed unused variables.Tim Potter1-2/+0
(This used to be commit 32d1dd19bb0b6abc6508ce65d5129acea79225bf)
2003-04-03Fix a compile warning in slprintf format string.Tim Potter1-4/+4
Possible typo: winbind_idmap_methods -> winbindd_idmap_methods Fix wrong format char when generating a ldap filter string. (This used to be commit f9cb23e68753337676876b97b145e04ad423e184)
2003-04-03The ldap idmap backend from Anthony Liguori (aliguori@us.ibm.com):Jim McDonough2-1/+395
This patch moves the ldap routines out of passdb into a generic library and implements an LDAP backend for IDMAP. THe backend can be enabled with "idmap backend = ldap" in smb.conf. THere are also schema changes to make sure to update teh ldap schema files. (This used to be commit 87c7c582c60521da3a93d997386fe79935012aea)
2003-04-03Fixup swat warning.Jeremy Allison1-0/+6
Fix winbindd dual mode in the same was as in APP_HEAD. "Ken Cross" <kcross@nssolutions.com> noticed the problem. Jeremy. (This used to be commit 8bbcb833317245d7f5b8695e4a5c676f67003937)
2003-04-03Fixup swat warning.Jeremy Allison1-0/+6
Fix winbindd dual mode in the same was as in APP_HEAD. "Ken Cross" <kcross@nssolutions.com> noticed the problem. Jeremy. (This used to be commit 214b217b276f43edfddd1664afaae0fa6b2c319f)
2003-04-02Print out the 'freindly' error message from winbind. Also print usefulAndrew Bartlett2-7/+22
information into it re the privilaged pipe. Also clean up some bugs in winbindd_pam.c Andrew Bartlett (This used to be commit e73b01204a8625946ff0fb5f9fc99dd959eb801c)
2003-04-02THE Idmap patch :-)Simo Sorce4-33/+32
includes a --with-idmap=no switch to disable idmap usage if you find problems. cosmetic fixes and param aliases to separate winbind from idamp roles. A temporarily remote idmap winbind compatibility backend. As I have time I will further change code to not call directly winbind (partly done but not tested) and a specilized module will be built in place for the current glue hack. The patch has been tested locally in my limited time, the patch is simple and clear and should not reserve problems, if any just disable it. As usual, comments and fisex are welcome :-) Simo. (This used to be commit 02781320476ed1b7ee5d943fa36f9a66ab67f208)
2003-04-02Merge of winbind nss library cleanup from HEAD.Tim Potter8-1628/+372
(This used to be commit a4b5f2c01bae049edc4f385cb0441bbde4fb443b)
2003-04-02Whitespace syncup.Tim Potter1-4/+4
(This used to be commit 2125b0b8ce2bfbb85f325ccbb2a455728ee3f135)
2003-03-31This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User8-0/+1733
used to be commit fd163bd94497534f9c80c205d44b30b72b81cbcd)
2003-03-31Placeholder for winbind aix client.Tim Potter1-0/+0
(This used to be commit 872b2ba35bbe9f4312530368615e99808b3a7756)
2003-03-31Cleanup of winbind client side code.Tim Potter10-601/+708
Mostly this consists of untangling the existing code and moving it in to operating system specific files. The winbind client code for all supported operating systems is now in nsswitch/winbind_nss_OSNAME.[ch] to make things a bit clearer. (This used to be commit 93ea047a16a292b23a1d8736ce9bc4098ba142ba)
2003-03-24Don't use old usage() function, but the one from popt.Jelmer Vernooij1-1/+0
Remove some useless arguments (This used to be commit 8df30059ef100a4d5e21501d7746427b4d312589)
2003-03-24Revoke some of the popt patch from metze I applied earlier today. It addedJelmer Vernooij2-1/+2
some double options and broke some parameters. (This used to be commit d5f9b0275c91512e1926504f22aaeec2d104430d)
2003-03-24Patch from metze to generalise POPT_COMMON_SAMBA, with some minor changesJelmer Vernooij2-7/+4
(This used to be commit 2ddfed298d7f0b6e690275725a39c3ef107077ae)
2003-03-24(merge from HEAD)Andrew Bartlett7-33/+131
NTLM Authentication: - Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett (This used to be commit ec071ca3dcbd3881dc08e6a8d7ac2ff0bcd57664)
2003-03-23Convert to popt.Jelmer Vernooij1-58/+26
(This used to be commit 18d52ce914715d188966be95f9e4466666a04f74)
2003-03-23NTLM Authentication:Andrew Bartlett7-33/+131
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett (This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
2003-03-19Fix debug message not to use an uninitialized variable.Volker Lendecke1-2/+1
Volker (This used to be commit 80bfa7efd65af02108e3ef1e2b2952cda6dc5999)
2003-03-19Fix debug message not to use an uninitialized variable.Volker Lendecke1-2/+1
Volker (This used to be commit 71906a5b4e4f93ebd4c27a0d22d74aad62e14924)
2003-03-18Jeremy merged across my string parinoia fixes, but forgot to enable them! :-)Andrew Bartlett1-8/+8
This patch catches up on the rest of the work - as much string checking as is possible is done at compile time, and the rest at runtime. Lots of code converted to pstrcpy() etc, and other code reworked to correctly call sizeof(). Andrew Bartlett (This used to be commit c5b604e2ee67d74241ae2fa07ae904647d35a2be)
2003-03-18Merge of popt help cleanups.Tim Potter1-5/+5
(This used to be commit 067810ed4a38c567e64e683a24cdd405479b5ee1)
2003-03-17Merge from HEAD - make winbindd locking sane again:Andrew Bartlett1-36/+32
Original message: This patch attemptes to clean up winbindd's mutex locking. The current locking scheme in winbind is a complete mess - indeed, the next step should be to push the locking into cli_full_connection(), but I'll leave it for now. This patch works on the noted behaviour that 2 parts of the connection process need protection - and independent protection. Tim Potter did some work on this a little while back, verifying the second case. The two cases are: - between connect() and first session setup - during the auth2 phase of the netlogon pipe setup. I've removed the counter on the lock, as I fail to see what it gains us. This patch also adds 'anonymous fallback' to our winbindd -> DC connection. If the authenticated connection fails (wbinfo -A specifed) - say that account isn't trusted by a trusted DC - then we try an anonymous. Both tpot and mbp like the patch. Andrew Bartlett (This used to be commit b5283c00a900393b83f0edb2785c5caf402404eb)
2003-03-17Some cosmetic changes to make the popt --usage output look nicer.Tim Potter1-5/+5
(This used to be commit 39124b9a62e1ba0f8089c36b27d6c79352a27973)
2003-03-15If it's an fstring, use fstrcpy().Andrew Bartlett1-8/+8
Andrew Bartlett (This used to be commit bf5e0698eed72d7fc005be08feb36ef82ada716c)
2003-03-11This patch attemptes to clean up winbindd's mutex locking.Andrew Bartlett1-41/+37
The current locking scheme in winbind is a complete mess - indeed, the next step should be to push the locking into cli_full_connection(), but I'll leave it for now. This patch works on the noted behaviour that 2 parts of the connection process need protection - and independent protection. Tim Potter did some work on this a little while back, verifying the second case. The two cases are: - between connect() and first session setup - during the auth2 phase of the netlogon pipe setup. I've removed the counter on the lock, as I fail to see what it gains us. This patch also adds 'anonymous fallback' to our winbindd -> DC connection. If the authenticated connection fails (wbinfo -A specifed) - say that account isn't trusted by a trusted DC - then we try an anonymous. Both tpot and mbp like the patch. Andrew Bartlett (This used to be commit 0620320002082298a15cbba72bd79aecfc607947)
2003-03-11Remove obsolete file.Tim Potter1-13/+0
(This used to be commit 560deeb4ece9dd4a65e10b0aae20f8ab1fe0d24c)
2003-03-11Remove obsolete file.Tim Potter1-13/+0
(This used to be commit c5c1a7979385778c08d6dd7796cfe8be1815992f)
2003-03-08Make sure that the 'remote' machine name can only be set once. For some weirdAndrew Bartlett1-9/+2
reason, during a Win2003 installation, when you select 'domain join' it sends one machine name in the name exchange, and litraly 'machinename' during the NTLMSSP login. Also fix up winbindd's logfile handling, so that it matches smbd and nmbd. (This helps me, by seperating the logs by pid). Andrew Bartlett (This used to be commit afe5a3832f79131fb74461577f1db0e5e8bf4b6d)
2003-03-03Fix "might be used uninitialised" warnings.Jeremy Allison1-2/+2
Jeremy. (This used to be commit a670b57c563b220c2ede1dac4ce1e9c71c866498)
2003-02-28fixed a crash bug in the new winbindd 'sids rule!' codeAndrew Tridgell1-1/+1
(This used to be commit 7dfd59963dba921907893b9d1bffe797e9d8b4ad)
2003-02-28*Excellent* patch from Michael Steffens <michael_steffens@hp.com> to limitJeremy Allison2-15/+59
the unix domain sockets used by winbindd (also solves FD_SETSIZE problem in winbindd to boot !). Adds a "last_access" field to winbindd connections, and will close the oldest idle connection once the number of open connections goes over WINBINDD_MAX_SIMULTANEOUS_CLIENTS (defined in local.h as 200 currently). Jeremy. (This used to be commit a82caefda49396641e8650db8a7ef51752ba6c41)
2003-02-28*Excellent* patch from Michael Steffens <michael_steffens@hp.com> to limitJeremy Allison2-15/+59
the unix domain sockets used by winbindd (also solves FD_SETSIZE problem in winbindd to boot !). Adds a "last_access" field to winbindd connections, and will close the oldest idle connection once the number of open connections goes over WINBINDD_MAX_SIMULTANEOUS_CLIENTS (defined in local.h as 200 currently). Jeremy. (This used to be commit 7a586552a3aeb4a26495f0965af4bd027456a011)
2003-02-27Fix possible memory leak on failure.Andrew Bartlett1-0/+1
(This used to be commit 052ebc44cde8d31571ed1edb602794349825be11)
2003-02-26Kill RID-only and domain+RID madness from winbind.Andrew Bartlett9-440/+377
Now we deal with SIDs in almost all of winbind (a couple of limited exceptions remain, but I'm looking into them - they use non-winbind structs ATM). This has particular benifits in returning out-of-domain SIDs for group membership (Need to look into this a bit more) as well as general code quality. This also removes much of the complexity from the idmap interface, which now only deals with mapping IDs, not with SID->domain translations. Breifly tested, but needs more. Fixes some valgrind-found bugs from my previous commit. Winbind cache chagned to using SID strings in some places, as I could not follow exactly how to save and restore multiple packed sids properly. Andrew Bartlett (This used to be commit 9247cf08c40f016a924d600ac906cfc6a7016777)
2003-02-26Merge from appliance:Tim Potter1-34/+23
>Another hopeful fix for CR#1168. Change the RPC used in querying >domain users from QueryDispInfo to EnumDomainUsers. Hopefully this >will fix the random dropouts that keep occuring when listing large >domains. > >My thought is that since QueryDispInfo is only used in the NT user >manager it may have a bug with large domains. A more commonly used >RPC may not have such problems. (This used to be commit 0501b7d0b12fa8063ffe6a9d4ecc3391d0c2f45d)
2003-02-25Merge: newline on debug message.Tim Potter1-1/+1
(This used to be commit df49463e62e4be7535485b668f00db287ff581f3)
2003-02-25Merge: add popt_common_version to command line options table.Tim Potter1-0/+1
(This used to be commit 8de62f7896a53084e87b95c013d8693214c8ab85)
2003-02-25After some comments from tridge, clean the new usergroups code into a helperAndrew Bartlett1-71/+94
function. Andrew Bartlett (This used to be commit 212a52b3d2ca39fcea2990f9293754b08e9b68e4)
2003-02-25Fix a really nasty bug where some users in AD domains (particularly childAndrew Bartlett1-14/+90
domains) would not have the tokenGroups or memberOf attributes filled in. This would cause a user to have no supplementary group membership. Detect this by the fact that the primaryGid must be present in the tokenGroups, and if it isn't (ie, if there is no tokenGroups at all), do a server-side search on all groups using the 'member' attribute and the user's DN. Andrew Bartlett (This used to be commit a074f74e627e1d947a76bcf3a39e3c5df4d4ffe5)
2003-02-24Merge from HEAD client-side authentication changes:Andrew Bartlett1-1/+0
- new kerberos code, allowing the account to change it's own password without special SD settings required - NTLMSSP client code, now seperated from cliconnect.c - NTLMv2 client code - SMB signing fixes Andrew Bartlett (This used to be commit 837680ca517982f2e5944730581a83012d4181ae)