summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2003-04-06This commit make winbindd copy winbindd_idmap.tdb into idmap.tdb on theSimo Sorce1-5/+23
first run if idmap.tdb is not found, and then eventually convert it to the new format. This is done to unify winbind and idmap databases and to make a backup of winbindd_idmap.tdb in case you want to downgrade (of course it will not be updated). This is needed because idmap.tdb contains also local mappings, not only foreign domains mappings. Added some other fixes/improvements Simo. (This used to be commit cf17261519fd8775500f9b9d6caa2bc462e04633)
2003-04-04Removed unused variables.Tim Potter1-2/+0
(This used to be commit 32d1dd19bb0b6abc6508ce65d5129acea79225bf)
2003-04-03Fix a compile warning in slprintf format string.Tim Potter1-4/+4
Possible typo: winbind_idmap_methods -> winbindd_idmap_methods Fix wrong format char when generating a ldap filter string. (This used to be commit f9cb23e68753337676876b97b145e04ad423e184)
2003-04-03The ldap idmap backend from Anthony Liguori (aliguori@us.ibm.com):Jim McDonough2-1/+395
This patch moves the ldap routines out of passdb into a generic library and implements an LDAP backend for IDMAP. THe backend can be enabled with "idmap backend = ldap" in smb.conf. THere are also schema changes to make sure to update teh ldap schema files. (This used to be commit 87c7c582c60521da3a93d997386fe79935012aea)
2003-04-03Fixup swat warning.Jeremy Allison1-0/+6
Fix winbindd dual mode in the same was as in APP_HEAD. "Ken Cross" <kcross@nssolutions.com> noticed the problem. Jeremy. (This used to be commit 214b217b276f43edfddd1664afaae0fa6b2c319f)
2003-04-02Print out the 'freindly' error message from winbind. Also print usefulAndrew Bartlett2-7/+22
information into it re the privilaged pipe. Also clean up some bugs in winbindd_pam.c Andrew Bartlett (This used to be commit e73b01204a8625946ff0fb5f9fc99dd959eb801c)
2003-04-02THE Idmap patch :-)Simo Sorce4-33/+32
includes a --with-idmap=no switch to disable idmap usage if you find problems. cosmetic fixes and param aliases to separate winbind from idamp roles. A temporarily remote idmap winbind compatibility backend. As I have time I will further change code to not call directly winbind (partly done but not tested) and a specilized module will be built in place for the current glue hack. The patch has been tested locally in my limited time, the patch is simple and clear and should not reserve problems, if any just disable it. As usual, comments and fisex are welcome :-) Simo. (This used to be commit 02781320476ed1b7ee5d943fa36f9a66ab67f208)
2003-03-31Placeholder for winbind aix client.Tim Potter1-0/+0
(This used to be commit 872b2ba35bbe9f4312530368615e99808b3a7756)
2003-03-31Cleanup of winbind client side code.Tim Potter10-601/+708
Mostly this consists of untangling the existing code and moving it in to operating system specific files. The winbind client code for all supported operating systems is now in nsswitch/winbind_nss_OSNAME.[ch] to make things a bit clearer. (This used to be commit 93ea047a16a292b23a1d8736ce9bc4098ba142ba)
2003-03-24Don't use old usage() function, but the one from popt.Jelmer Vernooij1-1/+0
Remove some useless arguments (This used to be commit 8df30059ef100a4d5e21501d7746427b4d312589)
2003-03-24Revoke some of the popt patch from metze I applied earlier today. It addedJelmer Vernooij2-1/+2
some double options and broke some parameters. (This used to be commit d5f9b0275c91512e1926504f22aaeec2d104430d)
2003-03-24Patch from metze to generalise POPT_COMMON_SAMBA, with some minor changesJelmer Vernooij2-7/+4
(This used to be commit 2ddfed298d7f0b6e690275725a39c3ef107077ae)
2003-03-23Convert to popt.Jelmer Vernooij1-58/+26
(This used to be commit 18d52ce914715d188966be95f9e4466666a04f74)
2003-03-23NTLM Authentication:Andrew Bartlett7-33/+131
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett (This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
2003-03-19Fix debug message not to use an uninitialized variable.Volker Lendecke1-2/+1
Volker (This used to be commit 80bfa7efd65af02108e3ef1e2b2952cda6dc5999)
2003-03-17Some cosmetic changes to make the popt --usage output look nicer.Tim Potter1-5/+5
(This used to be commit 39124b9a62e1ba0f8089c36b27d6c79352a27973)
2003-03-15If it's an fstring, use fstrcpy().Andrew Bartlett1-8/+8
Andrew Bartlett (This used to be commit bf5e0698eed72d7fc005be08feb36ef82ada716c)
2003-03-11This patch attemptes to clean up winbindd's mutex locking.Andrew Bartlett1-41/+37
The current locking scheme in winbind is a complete mess - indeed, the next step should be to push the locking into cli_full_connection(), but I'll leave it for now. This patch works on the noted behaviour that 2 parts of the connection process need protection - and independent protection. Tim Potter did some work on this a little while back, verifying the second case. The two cases are: - between connect() and first session setup - during the auth2 phase of the netlogon pipe setup. I've removed the counter on the lock, as I fail to see what it gains us. This patch also adds 'anonymous fallback' to our winbindd -> DC connection. If the authenticated connection fails (wbinfo -A specifed) - say that account isn't trusted by a trusted DC - then we try an anonymous. Both tpot and mbp like the patch. Andrew Bartlett (This used to be commit 0620320002082298a15cbba72bd79aecfc607947)
2003-03-11Remove obsolete file.Tim Potter1-13/+0
(This used to be commit c5c1a7979385778c08d6dd7796cfe8be1815992f)
2003-03-08Make sure that the 'remote' machine name can only be set once. For some weirdAndrew Bartlett1-9/+2
reason, during a Win2003 installation, when you select 'domain join' it sends one machine name in the name exchange, and litraly 'machinename' during the NTLMSSP login. Also fix up winbindd's logfile handling, so that it matches smbd and nmbd. (This helps me, by seperating the logs by pid). Andrew Bartlett (This used to be commit afe5a3832f79131fb74461577f1db0e5e8bf4b6d)
2003-03-03Fix "might be used uninitialised" warnings.Jeremy Allison1-2/+2
Jeremy. (This used to be commit a670b57c563b220c2ede1dac4ce1e9c71c866498)
2003-02-28fixed a crash bug in the new winbindd 'sids rule!' codeAndrew Tridgell1-1/+1
(This used to be commit 7dfd59963dba921907893b9d1bffe797e9d8b4ad)
2003-02-28*Excellent* patch from Michael Steffens <michael_steffens@hp.com> to limitJeremy Allison2-15/+59
the unix domain sockets used by winbindd (also solves FD_SETSIZE problem in winbindd to boot !). Adds a "last_access" field to winbindd connections, and will close the oldest idle connection once the number of open connections goes over WINBINDD_MAX_SIMULTANEOUS_CLIENTS (defined in local.h as 200 currently). Jeremy. (This used to be commit a82caefda49396641e8650db8a7ef51752ba6c41)
2003-02-27Fix possible memory leak on failure.Andrew Bartlett1-0/+1
(This used to be commit 052ebc44cde8d31571ed1edb602794349825be11)
2003-02-26Kill RID-only and domain+RID madness from winbind.Andrew Bartlett9-440/+377
Now we deal with SIDs in almost all of winbind (a couple of limited exceptions remain, but I'm looking into them - they use non-winbind structs ATM). This has particular benifits in returning out-of-domain SIDs for group membership (Need to look into this a bit more) as well as general code quality. This also removes much of the complexity from the idmap interface, which now only deals with mapping IDs, not with SID->domain translations. Breifly tested, but needs more. Fixes some valgrind-found bugs from my previous commit. Winbind cache chagned to using SID strings in some places, as I could not follow exactly how to save and restore multiple packed sids properly. Andrew Bartlett (This used to be commit 9247cf08c40f016a924d600ac906cfc6a7016777)
2003-02-26Merge from appliance:Tim Potter1-34/+23
>Another hopeful fix for CR#1168. Change the RPC used in querying >domain users from QueryDispInfo to EnumDomainUsers. Hopefully this >will fix the random dropouts that keep occuring when listing large >domains. > >My thought is that since QueryDispInfo is only used in the NT user >manager it may have a bug with large domains. A more commonly used >RPC may not have such problems. (This used to be commit 0501b7d0b12fa8063ffe6a9d4ecc3391d0c2f45d)
2003-02-25After some comments from tridge, clean the new usergroups code into a helperAndrew Bartlett1-71/+94
function. Andrew Bartlett (This used to be commit 212a52b3d2ca39fcea2990f9293754b08e9b68e4)
2003-02-25Fix a really nasty bug where some users in AD domains (particularly childAndrew Bartlett1-14/+90
domains) would not have the tokenGroups or memberOf attributes filled in. This would cause a user to have no supplementary group membership. Detect this by the fact that the primaryGid must be present in the tokenGroups, and if it isn't (ie, if there is no tokenGroups at all), do a server-side search on all groups using the 'member' attribute and the user's DN. Andrew Bartlett (This used to be commit a074f74e627e1d947a76bcf3a39e3c5df4d4ffe5)
2003-02-22Fix a DEBUG() formatting, add some more debug to our SID pulling code andAndrew Bartlett1-1/+1
inline the call to prs_copy_all_data_out() so that we can know we are not overrunning our buffer. Also check more return values. Andrew Bartlett (This used to be commit e3b73d5d658584428c81c9ef3ccf024687a56e2f)
2003-02-21rename 'winbind backend' to 'idmap backend'. Put paramter in security ↵Jim McDonough1-23/+23
section...does this make sense? (This used to be commit 822083f73e8ba4e096c53ff0f7578f47bc21b7b5)
2003-02-21Fix another compiler warning.Tim Potter1-1/+0
(This used to be commit 1ea27d7987d2c0f67977371a99efec3ded13c872)
2003-02-20From aliguori@us.ibm.com:Jim McDonough3-438/+731
This patch adds the architecture for an IDMAP backend system including a new smb.conf parameter "winbind backend". Right now, the only valid value is "tdb" but I'm currently working on an LDAP backend. (This used to be commit 35e4448dcb2deb0d5d34d9e974a49f2fb31f1356)
2003-02-20for some (very weird) reason, the domain I was testing aginst would notAndrew Bartlett1-0/+4
return a DN for the user. Make sure we don't segfault. Andrew Bartlett (This used to be commit 9fdedeff6a3a9f8e8d048e6afd7001ad676c4e91)
2003-02-19Missed one use of SETENV. (Compat macro no longer needed, as we have aAndrew Bartlett1-1/+1
replace.c function). (This used to be commit adad4c66fcfe756277de8c325ac9f8010f9d6f9c)
2003-02-19Move to a in-memory ccache for winbind, and replace setenv() properly.Andrew Bartlett2-17/+1
(According to the manpages, you cannot put a stack variable into putenv()). Yes, this leaks memory. Andrew Bartlett (This used to be commit 50bced1e26434ecc7474964062746e2831e5f433)
2003-02-18Add -V option (to print out version) to utilities where possibleJelmer Vernooij1-0/+1
(pdbedit already has a -V option..) (This used to be commit 5de622968d95c1436dbd34edc8d0a9bbff68916b)
2003-02-18Check return code from string_to_sid.Martin Pool1-3/+6
(This used to be commit fe449328b226a33ad1c64e087fe63e79f90ab4ac)
2003-02-15Patch based on work by Michael Steffens <michael_steffens@hp.com> to wrapJeremy Allison1-65/+107
all cm_get_XX calls and their subsequent requests in a retry loop in case we've temporarily lost connection to the DC. Makes winbindd more reliable. Jeremy. (This used to be commit 81f358b632dbf7043d2a716359b0fcf7c647af0a)
2003-02-14Ensure that only parse_prs.c access internal members of the prs_struct.Jeremy Allison1-1/+2
Needed to move to disk based i/o later. Jeremy. (This used to be commit 4c3ee228fcdb089eaeead95e79532a9cf6cb0de6)
2003-02-14Fix for trusted domains scan not working inspired by Ken Cross.Tim Potter2-7/+8
(Sorry - I should have checked this in yesterday but forgot) (This used to be commit 7420ddcda8e7189cedacb2c60f5ea265b8c35bda)
2003-02-12setup the %U substitution in winbindd for the homedir templateAndrew Tridgell1-0/+1
(This used to be commit 6186c10ceb2e61cd684968b56d3f32d9916538f8)
2003-02-01Always escape ldap filter strings. Escaping code was from pam_ldap, but I'm toAndrew Bartlett1-1/+8
blame for the realloc() stuff. Plus a couple of minor updates to libads. Andrew Bartlett (This used to be commit 34b2e558a4b3cfd753339bb228a9799e27ed8170)
2003-01-31Ensure Luke Howard's (C) is added.Jeremy Allison1-1/+21
Jeremy. (This used to be commit 6624fa59d749b0c0d6aacc35b9b6ba2b567d6eb4)
2003-01-29Use new interface for cli_samr_query_dispinfo().Tim Potter1-5/+10
(This used to be commit d3962da61a5717dda7e99996bbeb4735d4373041)
2003-01-16Fixed up mutex protection around winbindd logon code. Sync with APP-HEAD.Jeremy Allison1-28/+41
Jeremy. (This used to be commit 3d04872499332ef2d8e7479b924afc8fc1ac29d7)
2003-01-16Updates to the NTLMSSP code again - moving the base64 decode fuctionality outAndrew Bartlett3-1/+16
of the SWAT code, and adding a base64 encoder. The main purpose of this patch is to add NTLMSSP support to 'ntlm_auth', for use with Squid. Unfortunetly the squid side doesn't quite support what we need yet. Changes to winbind to get us the info we need, and a couple of consequential changes/cleanups in the rest of the code. Andrew Bartlett (This used to be commit fe50ca8f54ded2e119bde08831785fbe0db2ee99)
2003-01-16Add mutex protection around auth calls.Jeremy Allison1-41/+37
Jeremy. (This used to be commit af8a5d79682410482646eea075dff2d344d60e31)
2003-01-15small merges from SAMBA_3_0; mostly typos, renames, etc...Gerald Carter1-3/+3
(This used to be commit 9ac196dad4893b0ceef13281a140be5d85391e6c)
2003-01-14Remove wrapper function _get_trust_account_password() as it doesn'tTim Potter1-15/+2
seem to do anything useful anymore other than call secrets_fetch_trust_account_password(). (This used to be commit 7b0c03cbf1376f82b0bb5f4cf86e2db3b0bc1dec)
2003-01-14Added a comment in case anyone is thinking of doing a SMB_ASSERT in winbindd.Tim Potter1-0/+2
(This used to be commit c64e2308bae31d48171685b3b67b8cace1b003b5)