Age | Commit message (Collapse) | Author | Files | Lines |
|
Make some code static, add some const to the PAM code, and make the plaintext
password code actually function - particulary without the requirement to
modify the 'struct passwd' (which it assumed was made up of fstrings)
This kills some particularly ugly code in lib/util_pw.c
Andrew Bartlett
(This used to be commit 302dad4990ba5194f072e435465d9adaa089ae06)
|
|
(This used to be commit d222bc8c4b620095a21ba327940d4750d5dee753)
|
|
(This used to be commit ae5d24873ad0fb3df970cc9912e18e6a5067ae2d)
|
|
(This used to be commit 6c08c233e6675056c0ee0bbc4ecdcbc205950f54)
|
|
This adds code to do generic PAM -> NTSTATUS and NTSTATUS -> PAM error
conversions, and uses them to make the error handling in pam_winbind sane.
In particular, pam_winbind now uses PAM error codes, not silly '-1, -2 ...'
stuff, and logs the NTSTATUS error that winbind now sends over the pipe.
Added code to wbinfo to display these - makes a big difference in debugging
winbindd.
The main change here is the code to allow pam_winbind password changing to
correctly stack - This code ripped from pam_unix, and the copyright attached.
(Same as for all pam modules, including pam_winbind)
Andrew Bartlett
(This used to be commit dc1a72f896b83bc1ad3c7bf6c12c36ace3967280)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
(This used to be commit 3b5e72bda3263c6bdf81dfface4fae4f06b71032)
|
|
In particular this commit focuses on:
Actually adding the 'const' to the passdb interface, and the flow-on changes.
Also kill off the 'disp_info' stuff, as its no longer used.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes introduces a large dose of 'const' to the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
---
This finishes this line of commits off, your tree should now compile again :-)
Andrew Bartlett
(This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
|
|
The problem is we were trying to use mask_match as a generic
wildcard matcher for UNIX strings (like the password prompts).
We can't do that - we need a unix_wild_match (re-added into lib/util.c)
as the ms_fnmatch semantics for empty strings are completely wrong.
This caused partial reads to be accepted as correct passwd change
responses when they were not....
Also added paranioa test to stop passwd change being done as root
with no %u in the passwd program string.
Jeremy.
(This used to be commit 9333bbeb7627c8b21a3eaeae1683c34e17d14bf0)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
(This used to be commit 64d35e94fe6f7e56353b286162f670c8595a90e6)
|
|
(This used to be commit 5f6e7bbce76c85571ee10a3f8b5bbbd0beadb632)
|
|
the client code still needs some work
(This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
|
|
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
|
|
Fixed crash bug with un-zeroed talloced memory.
Jeremy.
(This used to be commit eea1c30df246e081e672d7132345d0fd35ad9841)
|
|
Jeremy.
(This used to be commit 79574c07ed5de7194a17c9ee8d189370d8e42bcc)
|
|
Jeremy.
(This used to be commit e94957d548745649ce04423dc6f16bbe3dd4f869)
|
|
Jeremy.
(This used to be commit 70bdf8e76135e96fabcedeffbfd5892a564985e0)
|
|
the pam password change code to ensure that existing and working password
chat scripts don't break with 2.2.1. PAM password changing has to be explicitly
requested.
Allowed wildcards in pam password change matching (matches password chat
script matching). Had to add const (sorry Tim :-) to ms_fnmatch() to
stop warnings. Don't worry - the const changes are isolated and don't
cause any other warnings :-).
Jeremy.
(This used to be commit 47b4d82536c09bffe3a0d9917fa31d935f1be7d8)
|
|
should eventually be an autoconf test with a #ifdef workaround. I *HATE* pam :-).
Jeremy.
(This used to be commit 52a9226a5aaa769e960619c2bd0a561dd9b0493d)
|
|
Jeremy.
(This used to be commit d9b960b4a5997e4cd09e3da9ea4754cbae1e29b3)
|
|
court of king caractacus, was just passing by... :-).
Jeremy.
(This used to be commit acc3e7a057ad7fb0c2fb1cafff0c623ec0524d04)
|
|
PAM_AUTHTOK_RECOVER_ERR).
Jeremy.
(This used to be commit 6b2dd14205a4170c11067c4f851db11ab9154fce)
|
|
Jeremy.
(This used to be commit c4d3df4f145dc28d1b285fad64c787cebb613e70)
|
|
remove global static PAM variables, and to tidy up the PAM internals code.
Now looks like the rest of Samba.
Still needs testing.
Jeremy.
(This used to be commit 1648ac64a75de74d1a1575eb49cccc4f75488bfa)
|
|
Only set this to "on" if you know you have your PAM set up correctly.....
NB. Doesn't apply to plaintext password authentication, which must use
pam when compiled in.
Jeremy.
(This used to be commit 59aa99f3901d098b7afbe675021bda53b62ee496)
|
|
Jeremy.
(This used to be commit 4db22afeed659a871a4a1f719d5fa1f2df07e24d)
|
|
Jeremy.
(This used to be commit c4048fcdb6ff3a890b69be8ef4832e9bd958cfec)
|
|
Fixed off by one bug using StrnCpy instead of strdup().
Jeremy.
(This used to be commit d4b1c0be2e700c86a4338bb497777f97e3c960a7)
|
|
horrid utmp hostname parameter - now uses the client name instead.
Also tidies up some of the unencrypted password checking when PAM
is compiled in.
FIXME ! An pam_accountcheck() is being called even when smb encrypted
passwords are negotiated. Is this the correct thing to do when winbindd
is running ! This needs *SEVERE* testing....
Jeremy.
(This used to be commit 071c799f479dd25efdb9c41745fc8f2beea7b568)
|
|
(This used to be commit 44f96771c384b319290ab5e14cad6ba8f3fb5383)
|
|
(This used to be commit 72812e4cf199d804418dc52cc0b0ba683b8a2e5c)
|
|
(This used to be commit f52a5014ee325f9d91f266f88eac51b6136a75b9)
|
|
don't use pam_setcred() if we haven't called pam_authenticate()
Merge from 2.2
Jeremy.
(This used to be commit 89589895e3adce75ecd6205547392326cf291543)
|
|
(This used to be commit 02e84267f74b26bdf7f76c0fc9dbaecbc8574d58)
|
|
Jeremy.
(This used to be commit add847778bf458238bf2a1b14ab71b8cdfd7aec0)
|
|
(This used to be commit 88b6043b4e26c2771e0c444376b7017f5048baf8)
|
|
Jeremy.
(This used to be commit ecd00e258c6fe4e8d90f48da74874e090dce4a40)
|