summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2001-11-29I think the lookup_pdc_name() should be called lookup_dc_name() and theTim Potter1-4/+13
name_status_find() call here should look up a #1c name instead of #1d. This fixes some bugs currently with BDC authentication in winbindd and in smbd as you can't query the #1d name with the ip address of a BDC. Who is Uncle Tom Cobbley anyway? (This used to be commit 4215048f7b20a8f9e5877bdbb2f54841b2f7fa64)
2001-11-27Some reformatting.Tim Potter1-223/+229
M-x tabify (This used to be commit 6446d2acd5ead098e5e51b06df5bf78b9e315418)
2001-11-27Added negative caching to group lookups.Jeremy Allison2-48/+87
Jeremy. (This used to be commit fceba7dea5b09ac9ce509c5252a46be8e4d3de85)
2001-11-27Added negative caching to the user pw lookup by name and by uid.Jeremy Allison2-136/+159
Jeremy. (This used to be commit 4013ae87a1c73ceba346de2a0b905e7c8df355c4)
2001-11-27nsswitch/winbindd_group.c nsswitch/winbindd_user.c: formatting fixups.Jeremy Allison2-28/+29
smbd/open.c: Fix "delete on close" for directories. Jeremy. (This used to be commit 014b0973a3b3b9eb22cce3053171fa55f5c16a63)
2001-11-26don't die with a FPE if there are no DCsAndrew Tridgell1-0/+2
(This used to be commit b5999473482475ef64212f4f7204c7895cf8fdf3)
2001-11-26Another merge from appliance-head: in [ug]id_to_sid don't call theTim Potter1-47/+7
winbind function if the id is obviously going to be local. Cleanup of winbind [ug]id parameter handling. (This used to be commit 4ab9ca31a02b3388aa89a00e0390ea9e4c76283a)
2001-11-26Got medieval on another pointless extern. Removed extern struct ipzeroTim Potter1-2/+2
and replaced with two functions: void zero_ip(struct in_adder *ip); BOOL is_zero_ip(struct in_addr ip); (This used to be commit 778f5f77a66cda76348a7c6f64cd63afe2bfe077)
2001-11-26Removed bogus SAFE_FREE() call of talloced return data fromTim Potter3-19/+19
winbindd_lookup_usergroups() (This used to be commit dd2048c418da7a08bc71305491953731fc427f5a)
2001-11-26Fixed some indentation.Tim Potter1-2/+2
(This used to be commit 1dd462844a9b90b498ee79ca33e4048980e2af5f)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett1-5/+7
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-23Fixed delete on close bug. Added core dump code to winbindd.Jeremy Allison2-3/+59
Jeremy. (This used to be commit a58d0f91f9ee7354c01a9c20cfe178d5dc02142d)
2001-11-23Set type to NOTUSED if lookup fail.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 20a4167599ce211f239d0f324e7e73a1c2d8a5a6)
2001-11-23Got rid of that stupid parse_domain_user() warning when compilingTim Potter1-22/+0
winbindd. (This used to be commit 72060a6f5af505d597f372d550d7f3fe559e5550)
2001-11-23Finish 1.45 by removing redundant sid->string conversion inMartin Pool1-14/+44
winbindd_lookup_sid_by_name. Also if the lookup fails then clobber the output parameters rather than leaving them looking potentially valid. Add doxygen. (This used to be commit 61dba52a549039255e46393be1618d3eb54b79dd)
2001-11-23I think you were passing the name of the SID, rather than the DOM_SIDMartin Pool1-1/+1
pointer itself. (Whatever that is.... ;-) (This used to be commit 1393c7c4ede1d6d624c3f5d0bfa4c18b0c6dc27f)
2001-11-23Removed TimeInit() call from every client program (except for one placeTim Potter3-5/+0
in smbd/process.c where the timezone is reinitialised. Was replaced with check for a static is_initialised boolean. (This used to be commit 8fc772c9e5770cd3a8857670214dcff033ebae32)
2001-11-23Fixed check machine account function.Tim Potter4-74/+63
(This used to be commit 8f01a8b07883d18f44da665cbc8e5fba04d3bc91)
2001-11-22Got positive and negative name caching working correctly with ↵Jeremy Allison1-43/+47
lookupname/lookupsid. There was a bug in cli_lsa_lookup_name/lookup_sid where NT_STATUS_NONE_MAPPED was being mapped to NT_STATUS_OK, and also the *wrong* number of entries mapped was being returned. The correct field is mapped_count, *NOT* num_entries. Jeremy. (This used to be commit 9f8c644abc455510c06dbd5dbac49c6270746560)
2001-11-22Fixed +ve caching. Still problems with -ve caching.Jeremy Allison1-105/+115
Jeremy. (This used to be commit 7883a2288a6e3198e10ab4e02ed4585e7bb313f6)
2001-11-22Fixed caching of lookupname/lookupsid. Error in check of success !Jeremy Allison1-2/+8
Jeremy. (This used to be commit d039d4fa507a7284e7e1cada0026c63863fe0a2d)
2001-11-22Added debugs to track down sequence lookup problems.Jeremy Allison1-4/+10
Jeremy. (This used to be commit d3f5d5a4aca0d5bc8c4db7dfa8b766b7cda808eb)
2001-11-21W2K doesn't seem to respond to *#0 names in node status. Ensure nameJeremy Allison2-27/+28
lookup uses password server parameter when looking for PDCs. Jeremy. (This used to be commit 54c968913d6553c6d834b068234ab176917075eb)
2001-11-21Added transparent +ve caching for lookupname/lookupsid. -ve caching canJeremy Allison3-112/+238
be easily added (a one liner) once we know the correct error codes returned by a W2K DC. All other winbindd calls should go through a similar transparent caching layer (and will soon). Jeremy. (This used to be commit b16bb21d371772816a4331f5011c151be0e083d5)
2001-11-21Preparing to implement +ve and -ve caching for lookupname/lookupsid calls.Jeremy Allison2-130/+191
Jeremy. (This used to be commit 1f6cc536b2db0c36feee45cfd6ac1ad5ee8fb05a)
2001-11-19Merge from 2.2.Tim Potter1-1/+1
(This used to be commit ebd46aebf921c0026791ffb0afdcffaecb496e8c)
2001-11-19Store some path names in global variables initialized to configureMartin Pool3-9/+7
default, rather than in preprocessor macros. (This used to be commit 79ec88f0da40faebe1e587f1b3e87b5f2b184f58)
2001-11-15Tidyup formatting a bit (spaces->tabs) whilst reading new code to understandJeremy Allison2-220/+202
connection caching. Getting ready for back-merge to 2.2.3. Jeremy. (This used to be commit 5e8df83ba9924adf9df6827c06ed1a2adbe36edf)
2001-11-15Caching user, group and domain sam handles was a stupid idea.Tim Potter4-103/+177
Now we just keep a record of the open pipes. (This used to be commit 77c287e9460eed7bde7004c7e6c8cb0099c6ba6f)
2001-11-15Jeremy, I'm not sure what you were trying to do with the process activityTim Potter1-3/+1
loop in winbindd but it didn't work. (This used to be commit 3ac32af83849e93c83cd1bb48dc7d23e47ccac59)
2001-11-15Added free_domain_info() function.Tim Potter1-0/+27
Get list of trusted domains if we haven't fetched them yet. (This used to be commit ed16aa88a422e759d27dbfae39afc72250c80e8d)
2001-11-15Added free_domain_info() function.Tim Potter1-1/+1
(This used to be commit 1a9a36159104e1d6248254e1efd9925fc1c956d3)
2001-11-15Cache positive and negative name domain controller lookups.Tim Potter1-11/+148
Cache negative connection attempt lookups. Fixed loginc bug in connection_ok() (This used to be commit e07bcfcccd6d4a29f188d978b2c34a7b18ff21fa)
2001-11-15Get list of trusted domains if we haven't fetched them yet.Tim Potter2-0/+9
(This used to be commit 187663210055ecd7b717b3894e3189ca3aaa0ed2)
2001-11-15Fixed display of uninitialised buffer in debug.Tim Potter1-2/+8
Get list of trusted domains if we haven't fetched them yet. (This used to be commit a7ef2d20b1bb4bdb1b9a2769b5c654bd0be791b3)
2001-11-15Bit of a cleanup of signal handling code.Tim Potter1-8/+14
Ignore the SIGUSR1 signal before we install a handler for it as glibc (?) seems to just print out "User defined signal 1" and exit if no handler is installed. (This used to be commit 1212591095dfe65b5e708bee32be5d57b9f33bc8)
2001-11-15Fix detection of RedHat 7.2.Jeremy Allison1-442/+0
Remove unused old file. Test 42 byte reply to SMBntcreate (W2K does this). Jeremy. (This used to be commit a55a63a4ca55602ad9221af17c0bc8e185536433)
2001-11-14Make signal handling safer (handle EINTR on read/write/accept), don'tJeremy Allison1-38/+52
call slprintf within a signal handler. Jeremy. (This used to be commit a9f7974cb8e266ce87d2979fa107bf7ebbb98b70)
2001-11-14Got ready to implement Martin's idea, but request doesn't have a lengthJeremy Allison2-10/+24
field.... well, now at least the code is there when it does :-). Jeremy. (This used to be commit 22e323ca47325482b6ae527070509ed9c6cbccee)
2001-11-14Random connection robustness related fixes. Display some debugs aboutTim Potter5-31/+122
the currently open connections when winbindd receives a USR1 signal. Hmm - I've just realised this will conflict with the messaging code but we don't use that yet. (This used to be commit caef54e40081477609a824185949ddf6db6ba363)
2001-11-14#ifdef'd out suggestion for tim on making the winbindd protocol moreMartin Pool1-1/+13
robust. (This used to be commit 8952f8763e16339e58bc65943387a00fc89dc200)
2001-11-14Added needed debugs...Jeremy Allison1-25/+39
Jeremy. (This used to be commit 804f232398b734228256e3361ec6df4ba5cf480c)
2001-11-13Fix winbind client code so that winbind calls are not made if theJeremy Allison2-15/+43
requested name does not have a winbind separator character. This makes the intent explicit. Tim, contact me if this is not what you indended. Jeremy. (This used to be commit 86b7cf7f85840316052ff29115bf55c04dc17486)
2001-11-05Use cli_nt_login_network() instead of domain_client_validate() to performTim Potter3-41/+86
pam authentication. This allows us to link in less other crap. Authenticating with a challenge/response doesn't seem to work though - we always get back NT_STATUS_WRONG_PASSWORD. (This used to be commit d85aa1ce83327dda6aa3dcd9bbab9cf6979dda1e)
2001-11-03Added NT_USER_TOKEN into server_info to fix extra groups problem.Jeremy Allison1-1/+3
Got "medieval on our ass" about const warnings (as many as I could :-). Jeremy. (This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
2001-10-31Removed unneeded extern.Tim Potter1-2/+0
(This used to be commit c80641b6f335aa706a2e384b7cfe7912be4a41b1)
2001-10-31This is a farily large patch (3300 lines) and reworks most of the AuthRewriteAndrew Bartlett1-72/+15
code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
2001-10-31Added some extra fields to the auth_serversupplied_info structure.Tim Potter3-4/+14
To obtain the full group membership of a user (i.e nested groups on a win2k native mode server) it is necessary to merge this list of groups with the groups returned by winbindd when creating an nt access token. This breaks winbindd linking while AB and I sync up our changes to the authentication subsystem. (This used to be commit 4eeb7bcd783d7cfb3ac232f1faa035773007401d)
2001-10-29Don't force winbind to use non-local DC's.Volker Lendecke1-1/+1
Volker (This used to be commit fd1d0064b3a4fe834c5d8e810a12a8077f9d2a66)
2001-10-29This commit is number 4 of 4.Andrew Bartlett1-4/+4
In particular this commit focuses on: Actually adding the 'const' to the passdb interface, and the flow-on changes. Also kill off the 'disp_info' stuff, as its no longer used. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes introduces a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username --- This finishes this line of commits off, your tree should now compile again :-) Andrew Bartlett (This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)