summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2001-11-05Use cli_nt_login_network() instead of domain_client_validate() to performTim Potter3-41/+86
pam authentication. This allows us to link in less other crap. Authenticating with a challenge/response doesn't seem to work though - we always get back NT_STATUS_WRONG_PASSWORD. (This used to be commit d85aa1ce83327dda6aa3dcd9bbab9cf6979dda1e)
2001-11-03Added NT_USER_TOKEN into server_info to fix extra groups problem.Jeremy Allison1-1/+3
Got "medieval on our ass" about const warnings (as many as I could :-). Jeremy. (This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
2001-10-31Removed unneeded extern.Tim Potter1-2/+0
(This used to be commit c80641b6f335aa706a2e384b7cfe7912be4a41b1)
2001-10-31This is a farily large patch (3300 lines) and reworks most of the AuthRewriteAndrew Bartlett1-72/+15
code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
2001-10-31Added some extra fields to the auth_serversupplied_info structure.Tim Potter3-4/+14
To obtain the full group membership of a user (i.e nested groups on a win2k native mode server) it is necessary to merge this list of groups with the groups returned by winbindd when creating an nt access token. This breaks winbindd linking while AB and I sync up our changes to the authentication subsystem. (This used to be commit 4eeb7bcd783d7cfb3ac232f1faa035773007401d)
2001-10-29Don't force winbind to use non-local DC's.Volker Lendecke1-1/+1
Volker (This used to be commit fd1d0064b3a4fe834c5d8e810a12a8077f9d2a66)
2001-10-29This commit is number 4 of 4.Andrew Bartlett1-4/+4
In particular this commit focuses on: Actually adding the 'const' to the passdb interface, and the flow-on changes. Also kill off the 'disp_info' stuff, as its no longer used. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes introduces a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username --- This finishes this line of commits off, your tree should now compile again :-) Andrew Bartlett (This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
2001-10-29Hey where did those 4 character tabs come from?Tim Potter1-4/+4
(This used to be commit 49d47238267c3a2e0fc466178b779a692a7809ff)
2001-10-29Don't reference tallocated memory that has already been disposed of. TheTim Potter3-11/+26
cli_samr_query_userinfo function used to do this. (This used to be commit da2c167660ec12360354f96dc672d935f58dd9c0)
2001-10-27Added some connection checking code. Doesn't work yet though.Tim Potter1-10/+43
(This used to be commit 4f4dace5772780cf4eedc0ebca1c60d04171eb74)
2001-10-21Fix for fussy Solaris compiler.Tim Potter1-3/+1
(This used to be commit d50005d4c118ae32d1ddbdee4feec479db4682b9)
2001-10-19Fixed some memory leaks introduced by connection handling rewrite, as wellTim Potter4-20/+29
as one memory leak that has been there for ages! Changed the way talloc is used in get{pw,gr}nam routines. (This used to be commit d52cd1854fdff18c223d6dd1eca0e26f1f0bf01b)
2001-10-19Converted some more functions to create and dispose of a talloc context on aTim Potter5-87/+106
per-call basis rather than per-connection. Had a bit more of a reformatting fest. Still need to run it through insure and handle downed connections. (This used to be commit 46fe5a8fb96974e1323bc3e5d94fda74edbeb852)
2001-10-14Some reformatting.Tim Potter1-6/+10
(This used to be commit 5fc97e72ebf5976d66345107f3d9e6d3ae27eb94)
2001-10-14Pass domain structure around in cache code rather than the domain name.Tim Potter3-32/+29
(This used to be commit c6338d7eaeb31db2666603fcdd9179e61891a1c9)
2001-10-14Resurrected sam sequence number code.Tim Potter1-117/+175
Pass domain structure around in cache code rather than the domain name. Some misc reformatting to make things look prettier. (This used to be commit 295dd2a5817b5d7c40474b9e460f3515e8c8e449)
2001-10-12Converted a few winbind functions to use a talloc context that is destroyedTim Potter1-32/+72
immediately after the call. (This used to be commit 3e9a80d5bed724690da7321cde6b95022d60ba60)
2001-10-12Removed some unused code from the recent cleanup.Tim Potter2-291/+2
(This used to be commit 4f12df9fc569b73dcf037b476976cb3be47ac43f)
2001-10-10Got the rest of the group functions working. Did some reformatting (manTim Potter3-68/+37
what was I thinking with those 4 character tabs?) We now pass our winbindd test suite again! Still to do: - talloc_ctx on a per winbindd request basis not per connection - clean up old crap we don't use any more - test against multiple BDCs (I know this isn't going to work - group/user handles have to be made against the same DC the domain and basic handles are. - implement network and dc failure recovery (This used to be commit dc4ca0e0bd779b9157ea3b2a8f17eb455abf0f26)
2001-10-09Implemented sam group handle stuff. getent group now works.Tim Potter6-110/+208
(This used to be commit 63731d4a00e7a70b48d0c25677c76ec6b2e04ce1)
2001-10-08More work on winbindd connection rewrite:Tim Potter5-179/+353
- implemented some of the sam related connection manager routines - fill in group id and gecos fields for getpwnam/getpwuid routines - convert querydispinfo to cm - getent passwd now works Now for the group related routines... (This used to be commit 4f8ea877876e91d4762f22e78aeb1bce4c65f011)
2001-10-05This is the start of a bit of a rewrite of winbindd's connection handling.Tim Potter9-380/+588
I've wrapped up all the decisions about managing, making and closing connections into a connection manager in nsswitch/winbindd_cm.c. It's rather incomplete at the moment - only querying basic user info works at the moment (i.e finger -m DOMAIN/user) and everything else is broken. Jeremy, please take a look and I'll start moving across the rest of winbindd to this new system. (This used to be commit c369cf5af787ed9c642778d21f162716fbf0620e)
2001-10-03fix some possible memleaks and not tested reallocs spotted by Andreas MoroderSimo Sorce1-5/+12
(This used to be commit d30939a091b48f4d77f7618c75668ae151a5592e)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter2-6/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-17move to SAFE_FREE()Simo Sorce14-68/+51
(This used to be commit 03dc67788f68c9e01b5a82fdf43f837cb19f4608)
2001-09-12Some patches to authentication:Tim Potter1-4/+4
- the usersupplied_info now contains a smb_username (as it comes across on the wire) and a unix_username (after being passed through mapping functions) - when doing security={server,domain} use the smb_username, otherwise use the unix_username (This used to be commit d34fd8ec0716127c7a68eeb8e77d1ae8cc07b547)
2001-09-10convert more code to use XFILEAndrew Tridgell1-6/+0
(This used to be commit fe6679dffba9a92bb35933ad52172c9be0e9ef90)
2001-09-10more static/dead fnsAndrew Tridgell2-11/+2
(This used to be commit f59826c0c9ba283c25faeec2cbdc7e19cca7aa04)
2001-09-10kill a dead fn and make a local one staticAndrew Tridgell2-80/+4
(This used to be commit 1e9815105e235ad1141b899b03d3de756d217d49)
2001-09-05more warning fixes on solarisAndrew Tridgell5-6/+10
(This used to be commit c04c67fec85b1c81ef0b3cebacde304a1de0d854)
2001-09-05fixed a bunch of compilation errors on Solaris, mostly people getting ↵Andrew Tridgell6-69/+99
NSS_STATUS and WINBINDD error codes mixed up (This used to be commit 66698d6b841df809a8654012a8385bffacb9dc4a)
2001-09-04don't do pointer arithmetic on void* (some compilers can't do it)Andrew Tridgell1-1/+1
(This used to be commit c65e8db7ae765f844f8b0adb1e5de3651561ad96)
2001-09-04the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but ↵Andrew Tridgell7-104/+94
the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-08-30merge from 2.2Gerald Carter1-1/+1
(This used to be commit 3e8ccb420260591f362fa8a9d1221481449f8ef7)
2001-08-30merge from APPLIANCE_TNGGerald Carter1-0/+1
(This used to be commit 2af0a65e4c56e9361ee03286edcf26b5926b39e4)
2001-08-30merge from APPLIANCE_TNGGerald Carter1-43/+73
(This used to be commit aff66993e47dc14371c15e75de11ff2c15d226f3)
2001-08-27converted another bunch of stuff to NTSTATUSAndrew Tridgell6-33/+33
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
2001-08-24get rid of compiler warningsHerb Lewis2-3/+4
(This used to be commit 0768991d04ea03e774ca8662c9cae5e1951b88e0)
2001-08-24Make domain_client_validate return a status code instead of a boolean.Tim Potter1-10/+10
(This used to be commit b4e79ab34b7df4687966f4ca81b575dce8503775)
2001-08-23Added copyright for me and AB.Tim Potter1-0/+2
(This used to be commit 19cd6a1dc446830c1448f4a21a915ea8994dc268)
2001-08-22Added another authentication interface to winbindd. The Challenge ResponseTim Potter6-26/+210
Authentication Protocol (CRAP) takes a tuple of (username, random challenge, encrypted lm password, encrypted nt password) where the passwords are encrypted with the random challenge ala ntlmssp. (This used to be commit 11f72a78e3a16bbb17b576d80b47a9eb818ee428)
2001-08-18More Realloc fixes.Jeremy Allison2-4/+13
Jeremy. (This used to be commit b4fa49fe13cb93d578b1714d5863a9f50395bf65)
2001-08-18More Realloc fixes.Jeremy Allison1-7/+17
Jeremy. (This used to be commit 381c02e6389dbb41fa66a854d7293594fd4bd0a6)
2001-08-13Fixed up 'orrible formatting.Tim Potter1-21/+21
(This used to be commit 73addddb2e038946e38a6a15f46f61148a49ac08)
2001-08-12this is a big global fix for the ptr = Realloc(ptr, size) bug.Simo Sorce4-12/+24
many possible mem leaks, and segfaults fixed. someone should port this fix to 2.2 also. (This used to be commit fa8e55b8b465114ce209344965c1ca0333b84db9)
2001-08-12This patch does a number of things, mostly smaller than they look :-)Andrew Bartlett1-1/+14
In particuar, it moves the domain_client_validate stuff out of auth_domain.c to somwhere where they (I hope) they can be shared with winbind better. (This may need some work) The main purpose of this patch was however to improve some of the internal documentation and to correctly place become_root()/unbecome_root() calls within the code. Finally this patch moves some more of auth.c into other files, auth_unix.c in this case. Andrew Bartlett (This used to be commit ea1c547ac880def29f150de2172c95213509350e)
2001-08-03This is my 'Authentication Rewrite' version 1.01, mostly as submitted toAndrew Bartlett1-8/+48
samba-technical a few weeks ago. The idea here is to standardize the checking of user names and passwords, thereby ensuring that all authtentications pass the same standards. The interface currently implemented in as nt_status = check_password(user_info, server_info) where user_info contains (mostly) the authentication data, and server_info contains things like the user-id they got, and their resolved user name. The current ugliness with the way the structures are created will be killed the next revision, when they will be created and malloced by creator functions. This patch also includes the first implementation of NTLMv2 in HEAD, but which needs some more testing. We also add a hack to allow plaintext passwords to be compared with smbpasswd, not the system password database. Finally, this patch probably reintroduces the PAM accounts bug we had in 2.2.0, I'll fix that once this hits the tree. (I've just finished testing it on a wide variety of platforms, so I want to get this patch in). (This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)
2001-07-25Merge of change machine account password race fix from appliance branch.Tim Potter1-1/+17
(This used to be commit 6e698d65ecb13b0b46d15bce7e0314fa1a46a13a)
2001-07-25a better test for unix domain socketsAndrew Tridgell1-1/+1
(This used to be commit 7b3d030e1f869a842822d9a356a027cca6f3a725)
2001-07-23In wb_samr_query_dispinfo() pass back the 32-bit status code fromTim Potter1-10/+10
cli_samr_query_dispinfo(). (This used to be commit d5f12bc53074d574a503e7183887fdcec9bb9dd4)