summaryrefslogtreecommitdiff
path: root/source3/nsswitch/pam_winbind.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r20687: Implement grace logons for offline authentications in pam_winbind.Günther Deschner1-3/+20
In case a user authenticated sucessfully and his password just expired while beeing disconnected, we should allow a user to logon (given a clear warning). We currently forced the user into a password change dialogue in that scenario; this did not make much sense while offline. Guenther (This used to be commit 668b278653acfc4de7807834988f7af557e608a5)
2007-10-10r20651: Fix "password expires soon" warning message for pam_winbind.Günther Deschner1-12/+67
We were incorrectly calculating the days until the password expires and we also need to look at the info3 pass_must_change_time for expiry calculation. Guenther (This used to be commit 22d79237127a064a934928d175182adecc6300de)
2007-10-10r20304: Smaller fixes for pam_winbind:Günther Deschner1-30/+65
* fail on invalid credential flags in pam_sm_setcred * parse config file for pam_sm_acct_mgmt and pam_sm_open_session Guenther (This used to be commit 2a428ac814d03880de63656ea97827126ccfec5c)
2007-10-10r20249: Fail when parsing invalid options in _pam_parse.Günther Deschner1-1/+2
Guenther (This used to be commit f6c9421abdf5731e894cd2ccc1b7431a3c368bbf)
2007-10-10r20241: Slightly improve readability of the pam_vsyslog replacement function.Günther Deschner1-6/+5
Guenther (This used to be commit 222320373f8a251fc2cf3ff8c3fec93a7a48f9df)
2007-10-10r20240: Be a little more verbose about the credential flags when the debug flagGünther Deschner1-2/+16
is set. Guenther (This used to be commit ecbab58826a51ace2a0d1181a41391f5d170ff06)
2007-10-10r20239: Parse the configfile for pam_sm_setcred as wellGünther Deschner1-1/+7
(e.g. to get the debug flag) Guenther (This used to be commit 2c549f71f15b066ac1f415544848b582558abd5d)
2007-10-10r20180: Ensure that pam returns the correct error messagesJeremy Allison1-38/+78
when offline and or doing password changes. Jeremy. (This used to be commit 4a74c553845c960a355ddb86abaadfe0d550271f)
2007-10-10r20136: Fix #4290. Properly compute time to password expiration in message fromJim McDonough1-1/+2
pam_winbind. Thanks to Andrew Benham <andrew.benham@thus.net> (This used to be commit 0d03f5137936546253a8b3334995f536f3621d57)
2007-10-10r19710: Fix memory leak in get_conf_item_string(). AsJeremy Allison1-5/+1
we're just doing strchr on a const string there's no need to strdup it before, we're never modifying it. Just remove the variable "parm". Jeremy. (This used to be commit 1af18f613b1399220e38e7ab40665c2ca177c5a7)
2007-10-10r19703: Don't free a string if you want to return it!Simo Sorce1-1/+0
(This used to be commit 3fed72ac3efd1fa7df8fb7d1e2cb9772d66bb4bd)
2007-10-10r19351: Also export the info3 profilepath via the PAM_WINBIND_PROFILEPATH dataGünther Deschner1-0/+12
field. Guenther (This used to be commit 66b92f27fa4edec180b8c8eee929ec8f31ef6a08)
2007-10-10r19349: Fix invalid free on the PAM_WINBIND_PWD_LAST_SET data.Günther Deschner1-1/+1
Guenther (This used to be commit a4d17ee9c960abdf21b9af1601bd1042e0cd7636)
2007-10-10r19348: Fix uninitialized dictionary handle, found by valgrind.Günther Deschner1-3/+3
Guenther (This used to be commit 9621bb420a13e634badcc922c73c8bfb30aa6120)
2007-10-10r18927: Fix build. *please* compile the code at least once before checking ↵Gerald Carter1-2/+2
it in. (This used to be commit 4e464a2c35984752244f30ce9bb259eb16149e3f)
2007-10-10r18924: Minor cleanup.Günther Deschner1-8/+8
Guenther (This used to be commit 143a48927b0e21d31a9f54cfc720b5d04a4b6751)
2007-10-10r18667: Two C++ warningsVolker Lendecke1-1/+1
(This used to be commit 8c60e71229cd577f3b17345c5824363dd202eba9)
2007-10-10r18507: Added debug log for returned username.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 7644fa70ba4f7c88d887930e23b5ee2e1632473b)
2007-10-10r18484: Start some cleanup on pam_winbind's syslogging:Günther Deschner1-113/+154
* as openlog() is non-reentrant and pam_winbind thereby overrides the syslog settings of the calling application, directly call syslog (or pam_vsyslog if available) * support the PAM_SILENT flag to avoid any log messages beeing created Guenther (This used to be commit 0f7e37ffc4759a4e29f63ab83f39ddb31c8240f6)
2007-10-10r18158: Stop winbindd from accumulating memory creds infinitely when doingGünther Deschner1-4/+4
pam offline logons. Guenther (This used to be commit 95788cb291b89b431972e29e148b412992cc32a5)
2007-10-10r18062: Fix to ensure the name used by pam matches theJeremy Allison1-4/+25
name that will be returned by winbindd. This (should) fix the bug where the user logs in with DOMAIN\user but winbindd returns only "user" for the username due to 'winbind use default domain' being set. Jeremy. (This used to be commit 1b2aa17354d50740902010f4a1e0217c8b1f7bdd)
2007-10-10r17723: * BUG 3969: Fix unsigned time comparison with expiration policy from ↵Gerald Carter1-4/+4
AD DC * Merge patches from SLES10 to make sure we talk to the correct winbindd process when performing pam_auth (and pull the password policy info). (This used to be commit 43bd8c00abb38eb23a1497a255d194fb1bbffffb)
2007-10-10r17584: Some C++ WarningsVolker Lendecke1-1/+1
(This used to be commit f6194cf4b263454bbdf180a7d014ffc3498df497)
2007-10-10r17366: Save the logon script path from the info3 in the PAM session allowingGünther Deschner1-4/+18
other PAM modules to pick it up from there. Guenther (This used to be commit b3ac5a586ba37b1122b0dc941dfee648fc4fa6d5)
2007-10-10r17365: Fix memleak.Günther Deschner1-1/+4
Guenther (This used to be commit 62a8e0b08919e71c6a575ce6d89d8a4a09acbd87)
2007-10-10r17017: BUG 3916: fix pam config file parsing in pam_winbind.Gerald Carter1-15/+17
Patch from Dietrich Streifert <dietrich.streifert@visionet.de> (This used to be commit 8d6218825827a54ca69e462c00a3dc9e25ef3ddf)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-6/+24
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16941: Fix crash bug when the pam conversation receives an empty token.Günther Deschner1-2/+2
Thanks to Bjoern Jacke for the report and test-case. Guenther (This used to be commit f2ebc0e3de396f44f49dabbfe42cb3ad1c1a7ec1)
2007-10-10r15984: Correctly handle the case when there is no configuration file forGünther Deschner1-1/+1
pam_winbind. Guenther (This used to be commit 29758ea1c4e1b9b57d27765d539306058299fcd1)
2007-10-10r15546: When debugging is enabled be just a little more verbose in logging inGünther Deschner1-6/+6
pam_winbind. Guenther (This used to be commit bf077fb2268b79faffd1fdda04847c37ffead32d)
2007-10-10r15528: Make the existance of the /etc/security/pam_winbind.conf fileGünther Deschner1-3/+5
non-critical and fallback to only parse the argv options in that case. Guenther (This used to be commit 9dac3ab328e9c7ba374e0efc3fe16d940ecc9d3b)
2007-10-10r15478: Likewise for bug # 3763Volker Lendecke1-4/+4
(This used to be commit 7188ec6bd81715c4df17528bca2b2e658173043f)
2007-10-10r15417: Don't use cached credentials when changing passwords.Günther Deschner1-1/+5
Guenther (This used to be commit 34b29c30b2f4b5a3c40a65ca8338c87a4c16f3ff)
2007-10-10r15411: Small debug fixes for the PAM module.Günther Deschner1-2/+2
Guenther (This used to be commit 1856dc0f52b2a2ba2e59f1a7a77ccd32c27928c0)
2007-10-10r15399: Fix the build, sorry, Jerry :)Günther Deschner1-2/+2
Guenther (This used to be commit cc800ced60e5e6bbd923a3a0b7d58650c6e14121)
2007-10-10r15398: Attempt to send the correct warning when a password change was attemptedGünther Deschner1-11/+34
too early. Guenther (This used to be commit 7f64a66d25f2a4aa48c2639da8e783c1759c5dd4)
2007-10-10r15040: Stripping the parametric options in pam_winbind and useGünther Deschner1-8/+8
/etc/security/pam_winbind.conf as config file for the PAM module by default. Guenther (This used to be commit 41b79ee80c7b0f4836ded51d42c7dc91cba75ccd)
2007-10-10r15039: Fix an uninitialized variable. I _think_ this should default toVolker Lendecke1-1/+1
PAM_SUCCESS. Günther, could you take a look? Thanks, Volker (This used to be commit fc6effcd9c2bb2d15b7e8fba85cc3193d2d7ce1f)
2007-10-10r15038: Replace all code in pam_winbind that relied on access to sambaGünther Deschner1-85/+148
internals, mostly with the code that was in pam_winbind before. Also switch from using loadparm to use iniParser to read the new pam_winbind options from a configuration file. That still uses the old (parametric) option names which will be replaced next (as iniParser does not support parametric options). Guenther (This used to be commit 6f668ce67318f17bba79cd98b5d169cd19eafcd4)
2007-10-10r15003: patch based on code from Arkady Glabek <aglabek@centeris.com> to ↵Gerald Carter1-0/+10
ensure that global memory is freed when unloading pam_winbind.so (needs more testing on non-linux platforms) (This used to be commit 1e0b79e591d70352a96e0a0487d8f394dc7b36ba)
2007-10-10r14940: Remove pam_winbind's ability to create home directories on it's own.Günther Deschner1-58/+0
Guenther (This used to be commit 87293802f3e0666c9a50eb3ca63bb1a7dccc50dc)
2007-10-10r14508: Return PAM_SUCCESS in pam_sm_close_session when there is no KRB5CCNAMEGünther Deschner1-1/+1
environment. Guenther (This used to be commit 1f1402e45db8d80a7c19208fae934e1b0f3da134)
2007-10-10r14496: Add WBFLAG_PAM_GET_PWD_POLICY bit to only callout for domain passwordGünther Deschner1-1/+1
policies when requested. No panic, the flags is uint32 so we are not running out of WBFLAG bits. Guenther (This used to be commit 2155bb0535656f294bd054d6a0a7d16a9a71c31b)
2007-10-10r13895: As agreed upon with gd on the phone, remove ↵Volker Lendecke1-3/+3
WBFLAG_PAM_CONTACT_TRUSTDOM. This can not work for NTLM auth, where we only have a workstation account for our own domain. For the PAM Kerberos login we need to find a better way to do this, probably using Dsr_GetDCName and some winbind-crafted krb5.conf. Volker (This used to be commit bf7c608147bcbbedd89b3dcd24a929ea3e601bc8)
2007-10-10r13492: As noone objected on the mailing-list:Günther Deschner1-4/+43
Fix parse_domain_user to fail when splitting a full name like "DOM\user" when "winbind use default domain" and "winbind trusted domains only" are not enabled. This allows pam_winbind to behave correctly when more modules are stacked in the "account" or "password" PAM facility. pam_winbindd calls WINBINDD_GETPWNAM which can decide whether or not a user is a winbind user and return correct PAM error codes. Guenther (This used to be commit e6d52c1e9d8cec7be6d552c2a67a392df21c3ec9)
2007-10-10r13391: Only fall into password change when ACB_PWNOEXP is not setGünther Deschner1-2/+2
(got it wrong the first time as administrator has this flag set by default). Guenther (This used to be commit e9ccebf45a5db8964793084950fbb2c23b2469a3)
2007-10-10r13375: Match XP behaviour: Don't force 'Administrator' to change an expiredGünther Deschner1-2/+4
password on logon. (this might be true for all domain admins as well). Guenther (This used to be commit 24c6b9fecb521380008cb44e6d987a6f495027dc)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-267/+724
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r12900: Merge from trunk:Günther Deschner1-1/+43
Correctly handle the case where users logon with an expired password. In that case pam_sm_authenticate has to return PAM_SUCESS instead of PAM_NEW_AUTHTOK_REQD or PAM_AUTHTOK_EXPIRED and pam_sm_acct_mgmt has to take care of requesting an immediate password change. (see the Linux PAM documentation). Fixes Bugzilla #1524, #3205. Tested with login, sshd, kdm and gdm on Linux. Thanks to Scott Barker <Scott_Barker@mtechIT.com>. Guenther (This used to be commit 4cb662ffd76dbe30003c618c94ccf6ebd4afb48c)
2007-10-10r10321: Fix winbindd recursion bug found by Ingo Steuwer ↵Jeremy Allison1-1/+1
<steuwer@univention.de>. Jeremy. (This used to be commit 6795c818a3d63737d5b40faffa3a0b91c71b427b)