summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2003-05-06There appears to be no reason why we have to execute theTim Potter2-60/+45
initialisation code in winbindd_init_common() after the fork when running in dual daemon mode. The only tricky bit is we have to run a tdb_reopen_all() somewhere in the child to avoid tdb corruption. Fixed bug #60. (This used to be commit 25e55aca0fe315c2ccf4e34a94107b2321313714)
2003-05-03This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User1-0/+360
used to be commit f1e59906577a59269f1821d9e438fc56278b9dbe)
2003-05-03fixes to *_util.c filesSimo Sorce2-1/+366
add winbindd_passdb backend this makes it possible to have nua accounts on security = user servers to show up in unic through nss_winbind.so the problem is that we do not have group support, so nss group support is not very good at this time (read: totally absent) we NEED group support in passdb (This used to be commit 921215cf4bfbd4d7457f81e181bb1a74a4531ca1)
2003-05-01proper wellknown sids initialization at startupSimo Sorce1-0/+3
(This used to be commit 568feee8977ee1be210344c8ab1896512894cba2)
2003-05-01*id_to_*id call reshape to return NTSTATUS errorsSimo Sorce3-48/+17
plus internal fixes 1st stage (This used to be commit 6d036761e565bc93964bb3c939d5b7d78d5778a3)
2003-04-29remove convert_smbpasswd and addtosmbpass from tree; people can get them ↵Gerald Carter3-2/+26
from 2.2. if they still need them (This used to be commit 237857a760974bb02000e5d3a776240ec73ca6b6)
2003-04-27make winbind use idmap as well.Simo Sorce7-1079/+54
change idmap_init call removed ldap backend for winbind idmap, seem it had problems anyway and it have to be reworked to work with idmap without calling winbind code. simo (This used to be commit 9d7d007443fc75264b2764b90f272ffc40c9be6c)
2003-04-23Merge HEAD's winbind into 3.0.Andrew Bartlett10-760/+642
This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code, the winbind_idmap abstraction (not idmap proper, but the stuff that held up the winbind LDAP backend in HEAD). Andrew Bartlett (This used to be commit d4d5e6c2ee6383c6cceb5d449aa2ba6c83eb0666)
2003-04-22update copyright notice that is written to the logsGerald Carter1-1/+1
(This used to be commit 5f1fe04a87a407297eb9d4ad0e5c6bb35b33c067)
2003-04-22update copyright notice that is written to the logsGerald Carter1-1/+1
(This used to be commit 6735a9889f6629f4f77006c59c011570031e044f)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett4-16/+20
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-04-16Store the type of 'sec channel' that we establish to the DC. If we are aAndrew Bartlett4-16/+20
workstation, we have to use the workstation type, if we have a BDC account, we must use the BDC type - even if we are pretending to be a workstation at the moment. Also actually store and retreive the last change time, so we can do periodic password changes again (for RPC at least). And finally, a couple of minor fixes to 'net'. Andrew Bartlett (This used to be commit 6e6b7b79edae3efd0197651e9a8ce6775c001cf2)
2003-04-16Make this code actually compile (--with-ldapsam).Andrew Bartlett1-4/+7
This might not actually be the 'right way' to do this, but it's better to have it compile... Andrew Bartlett (This used to be commit c7dc0b27aca8f7e4653b25dae37ea38d68fc045a)
2003-04-14Removed unused variable.Tim Potter1-2/+0
(This used to be commit 117cc35dd0adc6fd5238a440e299d012bfd8e542)
2003-04-14Merge:Tim Potter1-91/+27
- Jelmer's latest popt changes - debugging tdb messages now initialised and handled in lib/messages.c (This used to be commit b11f35fddec8c3d3899a8bc78d093137f73b2dfb)
2003-04-14Syncup new HEAD version.Tim Potter1-128/+169
(This used to be commit 396bcf0cf6dfc7a36be0c4e774386b266439c3af)
2003-04-14Syncup popt changes with HEAD.Tim Potter1-2/+2
(This used to be commit 39c987c3c522b66146e99fcc528cd60e05ad14f7)
2003-04-09Winbind client for AIX. Written by Steve Roylance.Tim Potter1-0/+411
(This used to be commit e37d025e6724196925c43c8ce558064ed5c072c5)
2003-04-07This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User1-0/+459
used to be commit 43f21c87e12fe88dab6ccba13c2e54161cf87093)
2003-04-07Winbind merges from HEAD:Andrew Bartlett6-17/+32
- fix winbindd_pam bugs - give a better error message for unauthorized access to auth_crap - show this message in wbinfo - fix spelling: privilaged -> privileged ** This changes the location of the winbindd privileged pipe ** (thanks to tpot) Andrew Bartlett (This used to be commit 92c2a33483cc9ddd1dd627224192a3023f8caff8)
2003-04-07Create a pidfile, even when running in interactive mode.Tim Potter1-3/+2
(This used to be commit 1d7400e679df136f03daf79788ea998c5a787f89)
2003-04-07privilaged -> privilegedTim Potter5-10/+10
(This changes the location of the winbindd privileged pipe) (This used to be commit f111f10076c7797e5fd39edcc0aad7d860bb5ac5)
2003-04-07Remove duplicate "tallocdump" message from tdb messaging system. TheTim Potter1-22/+1
same functionality exists as "pool-usage". Move initialisation of this and dmalloc messages inside message_init(). (This used to be commit af6ecafcbbf65dbedc49b3a86da39ce608bdadac)
2003-04-06This commit make winbindd copy winbindd_idmap.tdb into idmap.tdb on theSimo Sorce1-5/+23
first run if idmap.tdb is not found, and then eventually convert it to the new format. This is done to unify winbind and idmap databases and to make a backup of winbindd_idmap.tdb in case you want to downgrade (of course it will not be updated). This is needed because idmap.tdb contains also local mappings, not only foreign domains mappings. Added some other fixes/improvements Simo. (This used to be commit cf17261519fd8775500f9b9d6caa2bc462e04633)
2003-04-04Removed unused variables.Tim Potter1-2/+0
(This used to be commit 32d1dd19bb0b6abc6508ce65d5129acea79225bf)
2003-04-03Fix a compile warning in slprintf format string.Tim Potter1-4/+4
Possible typo: winbind_idmap_methods -> winbindd_idmap_methods Fix wrong format char when generating a ldap filter string. (This used to be commit f9cb23e68753337676876b97b145e04ad423e184)
2003-04-03The ldap idmap backend from Anthony Liguori (aliguori@us.ibm.com):Jim McDonough2-1/+395
This patch moves the ldap routines out of passdb into a generic library and implements an LDAP backend for IDMAP. THe backend can be enabled with "idmap backend = ldap" in smb.conf. THere are also schema changes to make sure to update teh ldap schema files. (This used to be commit 87c7c582c60521da3a93d997386fe79935012aea)
2003-04-03Fixup swat warning.Jeremy Allison1-0/+6
Fix winbindd dual mode in the same was as in APP_HEAD. "Ken Cross" <kcross@nssolutions.com> noticed the problem. Jeremy. (This used to be commit 8bbcb833317245d7f5b8695e4a5c676f67003937)
2003-04-03Fixup swat warning.Jeremy Allison1-0/+6
Fix winbindd dual mode in the same was as in APP_HEAD. "Ken Cross" <kcross@nssolutions.com> noticed the problem. Jeremy. (This used to be commit 214b217b276f43edfddd1664afaae0fa6b2c319f)
2003-04-02Print out the 'freindly' error message from winbind. Also print usefulAndrew Bartlett2-7/+22
information into it re the privilaged pipe. Also clean up some bugs in winbindd_pam.c Andrew Bartlett (This used to be commit e73b01204a8625946ff0fb5f9fc99dd959eb801c)
2003-04-02THE Idmap patch :-)Simo Sorce4-33/+32
includes a --with-idmap=no switch to disable idmap usage if you find problems. cosmetic fixes and param aliases to separate winbind from idamp roles. A temporarily remote idmap winbind compatibility backend. As I have time I will further change code to not call directly winbind (partly done but not tested) and a specilized module will be built in place for the current glue hack. The patch has been tested locally in my limited time, the patch is simple and clear and should not reserve problems, if any just disable it. As usual, comments and fisex are welcome :-) Simo. (This used to be commit 02781320476ed1b7ee5d943fa36f9a66ab67f208)
2003-04-02Merge of winbind nss library cleanup from HEAD.Tim Potter8-1628/+372
(This used to be commit a4b5f2c01bae049edc4f385cb0441bbde4fb443b)
2003-04-02Whitespace syncup.Tim Potter1-4/+4
(This used to be commit 2125b0b8ce2bfbb85f325ccbb2a455728ee3f135)
2003-03-31This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User8-0/+1733
used to be commit fd163bd94497534f9c80c205d44b30b72b81cbcd)
2003-03-31Placeholder for winbind aix client.Tim Potter1-0/+0
(This used to be commit 872b2ba35bbe9f4312530368615e99808b3a7756)
2003-03-31Cleanup of winbind client side code.Tim Potter10-601/+708
Mostly this consists of untangling the existing code and moving it in to operating system specific files. The winbind client code for all supported operating systems is now in nsswitch/winbind_nss_OSNAME.[ch] to make things a bit clearer. (This used to be commit 93ea047a16a292b23a1d8736ce9bc4098ba142ba)
2003-03-24Don't use old usage() function, but the one from popt.Jelmer Vernooij1-1/+0
Remove some useless arguments (This used to be commit 8df30059ef100a4d5e21501d7746427b4d312589)
2003-03-24Revoke some of the popt patch from metze I applied earlier today. It addedJelmer Vernooij2-1/+2
some double options and broke some parameters. (This used to be commit d5f9b0275c91512e1926504f22aaeec2d104430d)
2003-03-24Patch from metze to generalise POPT_COMMON_SAMBA, with some minor changesJelmer Vernooij2-7/+4
(This used to be commit 2ddfed298d7f0b6e690275725a39c3ef107077ae)
2003-03-24(merge from HEAD)Andrew Bartlett7-33/+131
NTLM Authentication: - Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett (This used to be commit ec071ca3dcbd3881dc08e6a8d7ac2ff0bcd57664)
2003-03-23Convert to popt.Jelmer Vernooij1-58/+26
(This used to be commit 18d52ce914715d188966be95f9e4466666a04f74)
2003-03-23NTLM Authentication:Andrew Bartlett7-33/+131
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett (This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
2003-03-19Fix debug message not to use an uninitialized variable.Volker Lendecke1-2/+1
Volker (This used to be commit 80bfa7efd65af02108e3ef1e2b2952cda6dc5999)
2003-03-19Fix debug message not to use an uninitialized variable.Volker Lendecke1-2/+1
Volker (This used to be commit 71906a5b4e4f93ebd4c27a0d22d74aad62e14924)
2003-03-18Jeremy merged across my string parinoia fixes, but forgot to enable them! :-)Andrew Bartlett1-8/+8
This patch catches up on the rest of the work - as much string checking as is possible is done at compile time, and the rest at runtime. Lots of code converted to pstrcpy() etc, and other code reworked to correctly call sizeof(). Andrew Bartlett (This used to be commit c5b604e2ee67d74241ae2fa07ae904647d35a2be)
2003-03-18Merge of popt help cleanups.Tim Potter1-5/+5
(This used to be commit 067810ed4a38c567e64e683a24cdd405479b5ee1)
2003-03-17Merge from HEAD - make winbindd locking sane again:Andrew Bartlett1-36/+32
Original message: This patch attemptes to clean up winbindd's mutex locking. The current locking scheme in winbind is a complete mess - indeed, the next step should be to push the locking into cli_full_connection(), but I'll leave it for now. This patch works on the noted behaviour that 2 parts of the connection process need protection - and independent protection. Tim Potter did some work on this a little while back, verifying the second case. The two cases are: - between connect() and first session setup - during the auth2 phase of the netlogon pipe setup. I've removed the counter on the lock, as I fail to see what it gains us. This patch also adds 'anonymous fallback' to our winbindd -> DC connection. If the authenticated connection fails (wbinfo -A specifed) - say that account isn't trusted by a trusted DC - then we try an anonymous. Both tpot and mbp like the patch. Andrew Bartlett (This used to be commit b5283c00a900393b83f0edb2785c5caf402404eb)
2003-03-17Some cosmetic changes to make the popt --usage output look nicer.Tim Potter1-5/+5
(This used to be commit 39124b9a62e1ba0f8089c36b27d6c79352a27973)
2003-03-15If it's an fstring, use fstrcpy().Andrew Bartlett1-8/+8
Andrew Bartlett (This used to be commit bf5e0698eed72d7fc005be08feb36ef82ada716c)
2003-03-11This patch attemptes to clean up winbindd's mutex locking.Andrew Bartlett1-41/+37
The current locking scheme in winbind is a complete mess - indeed, the next step should be to push the locking into cli_full_connection(), but I'll leave it for now. This patch works on the noted behaviour that 2 parts of the connection process need protection - and independent protection. Tim Potter did some work on this a little while back, verifying the second case. The two cases are: - between connect() and first session setup - during the auth2 phase of the netlogon pipe setup. I've removed the counter on the lock, as I fail to see what it gains us. This patch also adds 'anonymous fallback' to our winbindd -> DC connection. If the authenticated connection fails (wbinfo -A specifed) - say that account isn't trusted by a trusted DC - then we try an anonymous. Both tpot and mbp like the patch. Andrew Bartlett (This used to be commit 0620320002082298a15cbba72bd79aecfc607947)