summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2002-11-02Fix --set-auth-user command to delete entries from the secrets file when anTim Potter1-12/+68
empty username/password is passed on the command line. Previously we were leaving the domain name set and the password set to a NULL character. Added a --get-auth-user command to display the restrict anonymous username information. Can only be run successfully by root. (This used to be commit dcaf21efc5b48ddb0cbe70ce17e45c035ef525ad)
2002-11-02Some winbindd cleanups I made trying to fix cr1020:Tim Potter2-38/+108
- move winbindd client handling into accessor functions in winbindd_util.c - move some winbindd socket routines into accessor functions in winbindd_utils.c (The deadlock situation mentioned in the appliance branch is probably not applicable since we don't clear the connection cache on SIGHUP. Perhaps we should?) (This used to be commit ee0e3d31a1d1bef70810aadcdafdf9678d21ea8f)
2002-11-02Handle the case where the password used in RPC connections (for restrictTim Potter1-3/+8
anonymous support) is blank. (This used to be commit b376b7dad003593d26c867ffe8f906084e42160e)
2002-10-29Sync with HEADJelmer Vernooij1-38/+37
(This used to be commit 658f3e92dd4b291b40ead3ef59eb19daf7f49076)
2002-10-26Try to catch up on the code I've put into HEAD that should be in 3.0:Andrew Bartlett2-19/+44
- vorlan's hosts allow with DNS names patch - use x_fileno() in debug.c, not the struct directly. - check for server timeout on password change (was reporting success) - better error/status loggin in both the pam_winbind client and winbindd_pam server code. - (pdb_ldap) don't set the ldap version twice - we do it on every bind anyway. (This used to be commit 9fa1863d8e7788eda83911ca2610754486b33069)
2002-10-18NULL enum_local_groups for ads winbindd (temporary workaround).Gerald Carter2-1/+2
(This used to be commit 5a2f1edb5848dc054cfaa71b0fb3b473ad930b7d)
2002-10-17Added new error codes. Fix up connection code to retry in the same wayJeremy Allison1-4/+18
that app-head does. Jeremy. (This used to be commit ec7953f20145799f6286a295472df4826bfdfb8f)
2002-10-15Fix spelling of background_process.Jeremy Allison2-6/+6
Jeremy. (This used to be commit 2006e36c18bb2d5e44179829c66934efad38b0c7)
2002-10-15Change to use sys_read/sys_write.Jeremy Allison1-10/+4
Jeremy. (This used to be commit 7d0dc36df0e3ca451c1ab660aa08e0d021ca89f0)
2002-10-08merge from APP_HEAD of winbindd's domain local group fixGerald Carter6-13/+200
(This used to be commit 09c6f6329d6ae9327b7ef06de0ea78d24d805456)
2002-10-04fix typoGerald Carter1-1/+1
(This used to be commit 324da9fdb93cdc5ed240a3291020858765e70acc)
2002-10-04* merge native_mode flag in winbindd_domain struct from app-headGerald Carter3-5/+61
* add some files missing from a previous commit (This used to be commit 29159c97371c75327e377f9d13406dad46095568)
2002-10-04merge of new client side support the Win2k LSARPC UUID in rpcbindGerald Carter1-1/+1
from APP_HEAD (This used to be commit 1cfd2ee433305e91e87804dd55d10e025d30a69e)
2002-10-01Doh ! Lookup name before checking negative cache (the way Tim originallyJeremy Allison1-10/+10
had it...). Jeremy. (This used to be commit 151f0c1c526a04ea14ae054e977c76c8617bb113)
2002-10-01syncing up with HEAD. Seems to be a lot of differences creeping inGerald Carter1-186/+11
(i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f)
2002-09-30Fix memory leak in getting DC list. Remember to exclude failed lookups.Jeremy Allison1-5/+21
Jeremy. (This used to be commit 80ee515d7a45965271be0274b0b3815032f27aa1)
2002-09-26remove files not in HEADGerald Carter1-143/+0
(This used to be commit 9d9f7bbf87bf9a0e003e6da482615fe040d00852)
2002-09-25merge from HEADGerald Carter2-0/+3
(This used to be commit da44b196a977b6edf7cdf27e344295ed15d198f7)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter13-130/+183
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-09-25This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User1-0/+16
used to be commit 9a5541595f78f2cbba16030552c6e780f6fddcf6)
2002-09-24Moved -ve cache check to correct place.Jeremy Allison1-10/+10
Jeremy. (This used to be commit 38c67632ade40413c0cc2b91e04105e4065a18b7)
2002-09-17Reverted my earlier change. It was incorrect. We must be protected byJeremy Allison1-5/+4
pidfile before doing secrets_init(). Jeremy. (This used to be commit f8a0e6ad8b25d405ff2bcb492974d2f0bef81036)
2002-09-17Only create the pidfile once we're ready to receive requests.Jeremy Allison1-3/+5
This allows external programs to correctly synchronise with us. Jeremy. (This used to be commit ffb7632d05191342ecfc5f78fbfd7beacfe257ad)
2002-09-17Add clock skew handling to our kerberos code. This allows us to cope withAndrew Tridgell1-1/+1
the DC being out of sync with the local machine. (This used to be commit 0d28d769472ea3b98ae4c8757093dfd4499f6dd1)
2002-09-15Put unixsocket calls between #ifdef HAVE_UNIXSOCKET's - required for Stratus VOSJelmer Vernooij1-0/+4
(Double checked) (This used to be commit dc3c14fc2b661a62a1876149e96af6de07a2c4a6)
2002-09-12Merge undone cleanups.Tim Potter3-26/+27
(This used to be commit d87c1f507d38444e627bce59b6c765d9c9479ac6)
2002-09-12Merge of winbind auth cleanups from appliance.Tim Potter3-30/+34
(This used to be commit 26d486aa740e283f546efc1f2ca40af3452a4f52)
2002-09-12Merge of cut&paste fix from appliance.Tim Potter1-1/+1
(This used to be commit f75d61b03a3377f3a791b56fc307dc7e56e4707a)
2002-09-12Spelling fix.Tim Potter1-2/+2
(This used to be commit d9fa865e5ce8ba0b7539f9a218fc7dd132eb3d38)
2002-09-11Put pid number in invalid request size debug.Tim Potter1-2/+2
(This used to be commit e63afabf98350353fac79ffc2ae2ddf88d61260f)
2002-09-11Bugfix merge:Tim Potter1-0/+1
>Initialise user_rid value in WINBIND_USERINFO structure returned by >the rpc version of query_user(). This fixes a caching bug found by >Gavrie Philipson from disksite. (This used to be commit 77bde1fa33cc387accda8f38bf654377310f5dbe)
2002-09-07This is the 'main' inclue for for winbind clients - all clients should includeAndrew Bartlett1-0/+16
only this file, and not any others. It includes the function prototypes. (Forgot to commit with earlier patch) Andrew Bartlett (This used to be commit 3ec3861445e7da1347c3b5ba180b33441f59640c)
2002-09-07Don't leak file desciptors in this (impossible?) error case.Andrew Bartlett1-0/+1
(This used to be commit b440418f13b840860be42690bf475c1ee3cb3647)
2002-09-07Winbind client-side cleanups.Andrew Bartlett6-37/+94
The global winbind file descriptor can cause havoc in some situations - particulary when it becomes 0, 1 or 2. This patch (based on some very nice work by Hannes Schmidt <mail@schmidt-net.via.t-online.de>) starts to recitfy the problem by ensuring that the close-on-exec flag is set, and that we move above 3 in the file descriptor table. I've also decided that the PAM module can close it's pipe handle on every request - this isn't performance-critical code. The next step is to do the same for nss_winbind. (But things like getent() might get in our way there). This also cleans up some function prototypes, puts them in just one place. Andrew Bartlett (This used to be commit 442eb39657b98f67cd229ed3110b63aae8bf4e3c)
2002-09-06Patch from "Stefan (metze) Metzmacher" <metze@metzemix.de>Andrew Bartlett1-4/+4
to extend the ADS_STATUS system to include NTSTATUS, and to provide a better general infrustructure for his sam_ads work. I've also added some extra failure mode DEBUG()s to parts of the code. NOTE: The ADS_ERR_OK() macro is rather sensitive to braketing issues - without the final set of brakets, the test is essentially inverted - causing some intersting 'error = success' messages... Andrew Bartlett (This used to be commit 5b9a7ab901bc311f3ad08462a8a68d133c34a8b4)
2002-09-04Quietened some debugs.Tim Potter1-2/+2
(This used to be commit ea26b3e8efcb83e16f7eb5add031a8df99046a69)
2002-08-30added cli_net_auth_3 client code.Jean-François Micouleau1-3/+3
changed cli_nt_setup_creds() to call cli_net_auth_2 or cli_net_auth_3 based on a switch. pass also the negociation flags all the way. all the places calling cli_nt_setup_creds() are still using cli_net_aut2(), it's just for future use and for rpcclient. in the future we will be able to call auth_2 or auth_3 as we want. J.F. (This used to be commit 4d38caca40f98d0584fefb9d66424a3db5b5789e)
2002-08-29fix connecting to a BDC when the PDC is down but in WINS and no bcastAndrew Tridgell1-5/+3
can be used to find a BDC 2nd try .... (This used to be commit f757223ebe88148b83e1a32b87c014c15c0a68dd)
2002-08-29fix connecting to a BDC when the PDC is down but in WINS and no bcastAndrew Tridgell1-0/+7
can be used to find a BDC (This used to be commit e95d8e2c9ee5cf22b628f3e0d99fb74bcc632ea0)
2002-08-29Use popt for --helpJelmer Vernooij1-54/+24
(This used to be commit 073106ad25fba8c8aaa57c296ce8e7cb7b3e3e97)
2002-08-27Fix typo in debug.Tim Potter1-1/+1
(This used to be commit 86433a3492a3b70a051257940ae28ada8788a650)
2002-08-23Moved calculation of secure channel type into a new function.Tim Potter1-4/+3
(This used to be commit b8dba26978c281259e02b9d6ebacaa7cba4f7787)
2002-08-21Patch from Paul Green <Paul.Green@stratus.com> to be more POSIX-compatibleJelmer Vernooij1-0/+4
(This used to be commit addf29e6765393b25c35bd833d29e29e4581c233)
2002-08-18be a bit more paranoid about not getting duplicate domain names (canAndrew Tridgell1-2/+8
happen when the LDAP call to get the flatname for the primary domain fails) (This used to be commit 8d40f34e2f5188f15f414e807d023bfea7bd8c8e)
2002-08-17sync 3.0 branch with headJelmer Vernooij17-240/+467
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-08-17Becouse of changes to the meaning of this feild over time, this doesn'tAndrew Bartlett1-17/+0
actually work. Also, the idea of 'loopback winbind' isn't that bad an idea anyway (potential PDC/BDC applications). Given all that, remove it... Andrew Bartlett (This used to be commit fc0d6e53fce1d05b16ec58c0bdc38aa8da4422c0)
2002-08-16Merge of netbios namecache code from APPLIANCE_HEAD.Tim Potter1-0/+2
Tridge suggested a generic caching mechanism for Samba to avoid the proliferation of little cache files hanging around limpet like in the locks directory. Someone should probably implement this at some stage. (This used to be commit dad31483b3bd1790356ef1e40ac62624a403bce8)
2002-08-07Add some more const :-)Andrew Bartlett1-3/+3
This also makes it a easier to see which paramaters are 'in', and which are 'out'. Andrew Bartlett (This used to be commit 122cf648d7f364c68ecb7a576a42e94a954e9e56)
2002-08-05fixed wbinfo -t for netbiosless domainsAndrew Tridgell1-1/+7
(This used to be commit 68e70b000b273ba72206c87ad1efd6efc2c7c487)
2002-08-05This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell6-125/+172
setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)