1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

80 Commits

Author SHA1 Message Date
Gerald Carter
fed660877c r7415: * big change -- volker's new async winbindd from trunk
(This used to be commit a0ac9a8ffd)
2007-10-10 10:57:08 -05:00
Gerald Carter
450e8d5749 r7130: remove 'winbind enable local accounts' code from the 3.0 tree
(This used to be commit 318c3db4cb)
2007-10-10 10:57:01 -05:00
Andrew Bartlett
f219db7d69 r2762: Remove silly conversion to and from UTF8 on the winbind pipe. Fix the
naming of the require_membership_of parameter in pam_winbind and fix
the error code for 'you didn't specify a domain' in ntlm_auth.

Andrew Bartlett
(This used to be commit 4bf0b94011)
2007-10-10 10:52:51 -05:00
Andrew Bartlett
e357bc3216 r2755: Fix NTLMv2 for use with pam_winbind, the plaintext ntlm_auth modes,
and the wbinfo -a test tool.

If 'client ntlmv2 auth' is set, then we will send an NTLMv2, rather
than an NT/LM response to the server.

Andrew Bartlett
(This used to be commit ce2456e436)
2007-10-10 10:52:51 -05:00
Volker Lendecke
7f53bb13da r2340: Solve the problem of user sids ending up with gid's and vice versa: This
belongs into winbind itself, not into wbinfo.

Volker
(This used to be commit 75e5c13d5d)
2007-10-10 10:52:40 -05:00
Volker Lendecke
d810ffe58e r1562: Make winbind for -S (sid->uid) and -Y (sid->gid) check whether the sid
requested actually is of type asked for. I've come across more than one
installation where a group sid had ended up as a uid in idmap and vice
versa. This just closes one possible for this misconfiguration, people
are actually using wbinfo.

Volker
(This used to be commit acfbd34025)
2007-10-10 10:52:15 -05:00
Andrew Bartlett
9d0783bf21 r1492: Rework our random number generation system.
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().

For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation.  This removes the 'need_reseed'
parameter from generate_random_buffer().

Andrew Bartlett
(This used to be commit 36741d3cf5)
2007-10-10 10:52:13 -05:00
Gerald Carter
7af3777ab3 r116: volker's patch for local group and group nesting
(This used to be commit b393469d95)
2007-10-10 10:51:10 -05:00
Volker Lendecke
56e7c149ba This restructures lib/afs.c so that the token data can be but into a
stream. This is to implement wbinfo -k that asks winbind for authentication
which then creates the AFS token for the authenticated user.

Volker
(This used to be commit 2df6750a07)
2004-04-01 12:31:50 +00:00
Volker Lendecke
e2f355c7ea Cosmetic: Fix a const warning.
Volker
(This used to be commit c814f7c43d)
2004-04-01 08:54:01 +00:00
Volker Lendecke
6659353bd9 This might not be used a lot and might not survive for long, but at least it
should work as expected :-)

Fix wb_delgrpmember.

Volker
(This used to be commit 9fc0025d12)
2004-03-07 08:16:10 +00:00
Volker Lendecke
9038e9e2c3 Fix typo
(This used to be commit 09a3001423)
2004-01-23 12:57:29 +00:00
Andrew Bartlett
7d068355aa This merges in my 'always use ADS' patch. Tested on a mix of NT and ADS
domains, this patch ensures that we always use the ADS backend when
security=ADS, and the remote server is capable.

The routines used for this behaviour have been upgraded to modern Samba
codeing standards.

This is a change in behaviour for mixed mode domains, and if the trusted
domain cannot be reached with our current krb5.conf file, we will show
that domain as disconnected.

This is in line with existing behaviour for native mode domains, and for
our primary domain.

As a consequence of testing this patch, I found that our kerberos error
handling was well below par - we would often throw away useful error
values.  These changes move more routines to ADS_STATUS to return
kerberos errors.

Also found when valgrinding the setup, fix a few memory leaks.

While sniffing the resultant connections, I noticed we would query our
list of trusted domains twice - so I have reworked some of the code to
avoid that.

Andrew Bartlett
(This used to be commit 7c34de8096)
2004-01-08 08:19:18 +00:00
Andrew Bartlett
43a4e1dbf9 Don't duplicate pulling the 'IPC' username from secrets.tdb, instead
just use one function for both places.

Andrew Bartlett
(This used to be commit 85da181e8a)
2004-01-07 10:11:24 +00:00
Gerald Carter
d86628d062 remove unused seek_file(); don't hardcode '\' when printing the auth-user
(This used to be commit fac5e05ca1)
2004-01-06 19:57:14 +00:00
Andrew Bartlett
db44ffd3ac Show the sid type in name->sid translatons in a way that can be easily
understood by humans.

Andrew Bartlett
(This used to be commit 3d91b0a006)
2004-01-05 04:26:35 +00:00
Volker Lendecke
fd35232584 Commit the translation of the realm to the netbios domain name in the kerberos
session setup. After talking to jht and abartlet I made this unconditional, no
additional parameter.

Jerry: This is a change in behaviour, but I think it is necessary.

Volker
(This used to be commit 3ce6c9f273)
2004-01-04 11:51:31 +00:00
John Terpstra
1d2cfc6845 Fix typo.
(This used to be commit 46b2fb4db5)
2003-12-23 20:25:21 +00:00
Andrew Tridgell
53dfaac5fb as discussed on irc, this is a small patch that allows a few more
winbind functions to be accessed via NSS. This provides a much cleaner
way for applications that need (for example) to provide name->sid
mappings to do this via NSS rather than having to know the winbindd
pipe protocol (as this might change).

This patch also adds a varient of the winbindd_getgroups() call called
winbindd_getusersids() that provides direct SID->SIDs listing of a
users supplementary groups. This is enough to allow non-Samba
applications to do ACL checking.

A test program for the new functionality will be committed shortly.

I also added the 'wbinfo --user-sids' option to expose the new
function in wbinfo.
(This used to be commit 702b35da0a)
2003-11-19 08:11:14 +00:00
Gerald Carter
94713905d1 prompt for password when invoking --set-auth-user and no pw
is given (patch from Tom Dickson)
(This used to be commit ca18ec0f90)
2003-10-31 20:29:18 +00:00
Tim Potter
dffd0f379f Fix for bug 269. Change wbinfo and ntlm_auth to convert domain, username
and workstation to utf8 before sending the winbindd request.  Also, don't
continue when the call to pull_utf8() fails but rather return a winbind
error.  (This is what was causing the crash)
(This used to be commit ca1c463360)
2003-08-12 00:46:15 +00:00
Gerald Carter
63a72d20bd adding '.' special name to --domain to mean our domain
(This used to be commit f833d1f156)
2003-08-11 06:36:30 +00:00
Gerald Carter
d5d9055b9b add --domain=DOMAINNAME to wbinfo
Add support for geting the sequence number, list of users, and list
of groups for a specific domain (assuming on reported back by
wbinfo -m)

	wbinfo -u --domain=DOA
(This used to be commit 34fc6e1bf9)
2003-08-10 22:01:11 +00:00
Tim Potter
ff5f4d66a5 Make wbinfo -p work again. Fixes bug 251.
(This used to be commit ad4dd4909f)
2003-07-25 01:18:10 +00:00
Gerald Carter
03d5867d52 moving more code around.
* move rid allocation into IDMAP.  See comments in _api_samr_create_user()
  * add winbind delete user/group functions

I'm checking this in to sync up with everyone.  But I'm going to split
the add a separate winbindd_allocate_rid() function for systems
that have an 'add user script' but need idmap to give them a RID.
Life would be so much simplier without 'enable rid algorithm'.
The current RID allocation is horrible due to this one fact.
Tested idmap_tdb but not idmap_ldap yet.  Will do that tomorrow.

Nothing has changed in the way a samba domain is represented, stored,
or search in the directory so things should be ok with previous installations.

going to bed now.
(This used to be commit 0463045cc7)
2003-07-11 05:33:40 +00:00
Gerald Carter
16ff7b26f6 Large set of changes to add UNIX account/group management
to winbindd.  See README.idmap-and-winbind-changes for details.
(This used to be commit 1111bc7b0c)
2003-07-09 16:44:47 +00:00
Gerald Carter
3912ca09ea fix some formatting
(This used to be commit fca08b1c87)
2003-07-08 03:16:28 +00:00
Jeremy Allison
ce72beb2b5 Removed strupper/strlower macros that automatically map to strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a0)
2003-07-03 19:11:31 +00:00
Jim McDonough
c364128212 Remove the -A option of wbinfo, leaving only the long version,
--set-auth-user.  There was enough confusion, as in bug #158,
when a user accidentally typed -A instead of -a, and would get themselves
stuck with a non-working winbind.

I've made the changes to docs/docbook/manpages/wbinfo.xml, but I'm not
sure what to do beyond that.  Is checking that in enough?
(This used to be commit 70fe85e469)
2003-06-18 14:20:23 +00:00
Tim Potter
be67b58247 Syncup popt changes with HEAD.
(This used to be commit 39c987c3c5)
2003-04-14 02:38:21 +00:00
Andrew Bartlett
d23b35a65f Winbind merges from HEAD:
- fix winbindd_pam bugs
 - give a better error message for unauthorized access to auth_crap
 - show this message in wbinfo
 - fix spelling: privilaged -> privileged
   ** This changes the location of the winbindd privileged pipe **
   (thanks to tpot)

Andrew Bartlett
(This used to be commit 92c2a33483)
2003-04-07 07:32:51 +00:00
Tim Potter
ce7ff20527 Merge of popt help cleanups.
(This used to be commit 067810ed4a)
2003-03-18 06:07:50 +00:00
Tim Potter
a03c5f2394 Merge: add popt_common_version to command line options table.
(This used to be commit 8de62f7896)
2003-02-25 23:54:23 +00:00
Herb Lewis
9f49bff0e3 cannot assign to const
(This used to be commit 01757e8b51)
2003-01-08 02:18:49 +00:00
Andrew Bartlett
634c54310c Merge from HEAD - make Samba compile with -Wwrite-strings without additional
warnings.  (Adds a lot of const).

Andrew Bartlett
(This used to be commit 3a7458f947)
2003-01-03 08:28:12 +00:00
Jeremy Allison
2f194322d4 Removed global_myworkgroup, global_myname, global_myscope. Added liberal
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8)
2002-11-12 23:20:50 +00:00
Tim Potter
aea57af3e3 Fix --set-auth-user command to delete entries from the secrets file when an
empty username/password is passed on the command line.  Previously we were
leaving the domain name set and the password set to a NULL character.

Added a --get-auth-user command to display the restrict anonymous username
information.  Can only be run successfully by root.
(This used to be commit dcaf21efc5)
2002-11-02 01:51:53 +00:00
Jelmer Vernooij
11817b0780 Sync with HEAD
(This used to be commit 658f3e92dd)
2002-10-29 17:36:50 +00:00
Gerald Carter
a834a73e34 sync'ing up for 3.0alpha20 release
(This used to be commit 65e7b5273b)
2002-09-25 15:19:00 +00:00
Jelmer Vernooij
b2edf254ed sync 3.0 branch with head
(This used to be commit 3928578b52)
2002-08-17 17:00:51 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Tim Potter
38788fbec5 Merge from HEAD:
> Don't store domain with username in secrets.tdb
(This used to be commit a4a01afebe)
2002-05-13 23:31:51 +00:00
Tim Potter
b6c77fd3bb Merge of --set-auth-user updates from 2.2
(This used to be commit f01d48fbf5)
2002-05-13 00:46:28 +00:00
Tim Potter
f98b2faf99 Spelling.
(This used to be commit b43256df53)
2002-04-04 06:47:20 +00:00
Tim Potter
4b925288ef Call poptFreeContext() as appropriate.
Clean up exit path code.
(This used to be commit 41157400e3)
2002-04-04 06:40:17 +00:00
Herb Lewis
93af72fe45 merge winbindd WINS changes from 2.2
(This used to be commit 205399dc17)
2002-03-29 15:37:39 +00:00
Tim Potter
97ec0686f1 Cache call to winbind separator.
Some random reformatting and cleanup.

Display output of wbinfo -s using actual winbind separator.
(This used to be commit 099f8c5dfd)
2002-03-20 03:54:47 +00:00
Andrew Bartlett
f8b06e0dab Move wbinfo over to d_printf(). Patch by Hasch@t-online.de (Juergen Hasch)
Andrew Bartlett
(This used to be commit 5710e588ce)
2002-03-01 01:13:42 +00:00
Andrew Bartlett
e91e0a83af Winbind cleanup.
This patch fixes the segfaults I introduced in the previous conneciton caching
patch.  It cleans up the connection cache a *lot* - in particular it adds
significant robustness to the operation.

If a the DC goes down, we no longer fail the next operation - the code checks
if the connection died during one of its own operations on the socket, and
restarts the conneciton as required.

There is still a memory leak in here somewhere - but this code also cleans up a
number of these.

Also added is the abilty to sepecify the domain of the 'get around restrict anonymous'
user that winbind uses.

Andrew Bartlett
(This used to be commit 92cbefdf27)
2002-02-15 13:28:59 +00:00
Andrew Bartlett
14e6be4975 A few small winbind updates:
Add a connection cache to the netlogon pipe.  This makes a *massive* difference
to the time-per-auth.  Also fix up *some* of the memory leaks in other
connection caches.

Add some debugging messages for the is_connected() code.  I'm thinking we
should get a client implementation of SMBecho and call it here - as it would
allow us to always know the DC is around before we start.

Down the debug level for some of the pam_winbind code - I'll probably down it
further when I'm finished debugging.

Andrew Bartlett
(This used to be commit 49d3e47666)
2002-02-11 01:29:07 +00:00