Age | Commit message (Collapse) | Author | Files | Lines |
|
The global winbind file descriptor can cause havoc in some situations -
particulary when it becomes 0, 1 or 2. This patch (based on some very nice
work by Hannes Schmidt <mail@schmidt-net.via.t-online.de>) starts to recitfy
the problem by ensuring that the close-on-exec flag is set, and that we move
above 3 in the file descriptor table.
I've also decided that the PAM module can close it's pipe handle on every
request - this isn't performance-critical code.
The next step is to do the same for nss_winbind. (But things like getent()
might get in our way there).
This also cleans up some function prototypes, puts them in just one place.
Andrew Bartlett
(This used to be commit 442eb39657b98f67cd229ed3110b63aae8bf4e3c)
|
|
Andrew Bartlett
(This used to be commit e09c4bd69aaec0dc43b5bf69f651cbfad3c5f4ad)
|
|
(This used to be commit 897cc4a610932e596f8a9807213166e380ef0203)
|
|
to correctly allow password changes on expired passwords. (No security
implications, as its just a 'will I let you talk to the server' check).
pam_winbind checks the password prior to changing it, so that users don't
have to make up and type their new password when they havn't even got the
old one right. This also helps with stacking etc.
Andrew Bartlett
(This used to be commit 2b78d493002a3ba13533429c6a14f5c0a92f43d1)
|
|
applied these to 2.2.
Andrew Bartlett
(This used to be commit 51fe3324dda6b1f9a9a45deda7a76b1fff35399a)
|
|
- pam_winbind updates from vance, fixing a typo and making some the options
work properly.
- Extra parinoia in the winbind connection loop
- Allow pam_winbind to compile on HP-UX (Don Mcall, more work to do).
- Fix up configure.in to use the same method for building the test .so
as the Makefile uses.
Andrew Bartlett
(This used to be commit 8e705dd9215b1cb3f44d6348094679d7dc6a7fbd)
|
|
(This used to be commit 54e69ed20adc74fdfe007a9642dcb3a55c02d856)
|
|
be replaced by DEBUG() calls?
(This used to be commit 33dd07d1fc6946e53d3bdaad025adfc20abfab77)
|
|
This adds code to do generic PAM -> NTSTATUS and NTSTATUS -> PAM error
conversions, and uses them to make the error handling in pam_winbind sane.
In particular, pam_winbind now uses PAM error codes, not silly '-1, -2 ...'
stuff, and logs the NTSTATUS error that winbind now sends over the pipe.
Added code to wbinfo to display these - makes a big difference in debugging
winbindd.
The main change here is the code to allow pam_winbind password changing to
correctly stack - This code ripped from pam_unix, and the copyright attached.
(Same as for all pam modules, including pam_winbind)
Andrew Bartlett
(This used to be commit dc1a72f896b83bc1ad3c7bf6c12c36ace3967280)
|
|
Part of Samuel Ziegler's patch to get winbind password changing working
again in HEAD.
(This used to be commit b5540bee7be957d1def62ee85a84488e0250624b)
|
|
defined. This is done with --enable-developer mode.
(This used to be commit caff5dc1d66953cb52f94cd6407778b23e1810eb)
|
|
(This used to be commit 1e7b1c71b9c409859bcf0aeb3d5785acc4aee027)
|
|
renamed ntdom to winbind
I think that using winbind in /etc/nsswitch.conf is better than ntdom
(This used to be commit 80f85b5359c26dc26f8f88b984f27cfa4ac34e61)
|
|
this does not yet compile, but I'm working on that.
(This used to be commit 3fb862531a4e78dca13d16d958517b16e5bdd4e2)
|