summaryrefslogtreecommitdiff
path: root/source3/nsswitch/pam_winbind.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r18484: Start some cleanup on pam_winbind's syslogging:Günther Deschner1-113/+154
* as openlog() is non-reentrant and pam_winbind thereby overrides the syslog settings of the calling application, directly call syslog (or pam_vsyslog if available) * support the PAM_SILENT flag to avoid any log messages beeing created Guenther (This used to be commit 0f7e37ffc4759a4e29f63ab83f39ddb31c8240f6)
2007-10-10r18158: Stop winbindd from accumulating memory creds infinitely when doingGünther Deschner1-4/+4
pam offline logons. Guenther (This used to be commit 95788cb291b89b431972e29e148b412992cc32a5)
2007-10-10r18062: Fix to ensure the name used by pam matches theJeremy Allison1-4/+25
name that will be returned by winbindd. This (should) fix the bug where the user logs in with DOMAIN\user but winbindd returns only "user" for the username due to 'winbind use default domain' being set. Jeremy. (This used to be commit 1b2aa17354d50740902010f4a1e0217c8b1f7bdd)
2007-10-10r17723: * BUG 3969: Fix unsigned time comparison with expiration policy from ↵Gerald Carter1-4/+4
AD DC * Merge patches from SLES10 to make sure we talk to the correct winbindd process when performing pam_auth (and pull the password policy info). (This used to be commit 43bd8c00abb38eb23a1497a255d194fb1bbffffb)
2007-10-10r17584: Some C++ WarningsVolker Lendecke1-1/+1
(This used to be commit f6194cf4b263454bbdf180a7d014ffc3498df497)
2007-10-10r17366: Save the logon script path from the info3 in the PAM session allowingGünther Deschner1-4/+18
other PAM modules to pick it up from there. Guenther (This used to be commit b3ac5a586ba37b1122b0dc941dfee648fc4fa6d5)
2007-10-10r17365: Fix memleak.Günther Deschner1-1/+4
Guenther (This used to be commit 62a8e0b08919e71c6a575ce6d89d8a4a09acbd87)
2007-10-10r17017: BUG 3916: fix pam config file parsing in pam_winbind.Gerald Carter1-15/+17
Patch from Dietrich Streifert <dietrich.streifert@visionet.de> (This used to be commit 8d6218825827a54ca69e462c00a3dc9e25ef3ddf)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-6/+24
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16941: Fix crash bug when the pam conversation receives an empty token.Günther Deschner1-2/+2
Thanks to Bjoern Jacke for the report and test-case. Guenther (This used to be commit f2ebc0e3de396f44f49dabbfe42cb3ad1c1a7ec1)
2007-10-10r15984: Correctly handle the case when there is no configuration file forGünther Deschner1-1/+1
pam_winbind. Guenther (This used to be commit 29758ea1c4e1b9b57d27765d539306058299fcd1)
2007-10-10r15546: When debugging is enabled be just a little more verbose in logging inGünther Deschner1-6/+6
pam_winbind. Guenther (This used to be commit bf077fb2268b79faffd1fdda04847c37ffead32d)
2007-10-10r15528: Make the existance of the /etc/security/pam_winbind.conf fileGünther Deschner1-3/+5
non-critical and fallback to only parse the argv options in that case. Guenther (This used to be commit 9dac3ab328e9c7ba374e0efc3fe16d940ecc9d3b)
2007-10-10r15478: Likewise for bug # 3763Volker Lendecke1-4/+4
(This used to be commit 7188ec6bd81715c4df17528bca2b2e658173043f)
2007-10-10r15417: Don't use cached credentials when changing passwords.Günther Deschner1-1/+5
Guenther (This used to be commit 34b29c30b2f4b5a3c40a65ca8338c87a4c16f3ff)
2007-10-10r15411: Small debug fixes for the PAM module.Günther Deschner1-2/+2
Guenther (This used to be commit 1856dc0f52b2a2ba2e59f1a7a77ccd32c27928c0)
2007-10-10r15399: Fix the build, sorry, Jerry :)Günther Deschner1-2/+2
Guenther (This used to be commit cc800ced60e5e6bbd923a3a0b7d58650c6e14121)
2007-10-10r15398: Attempt to send the correct warning when a password change was attemptedGünther Deschner1-11/+34
too early. Guenther (This used to be commit 7f64a66d25f2a4aa48c2639da8e783c1759c5dd4)
2007-10-10r15040: Stripping the parametric options in pam_winbind and useGünther Deschner1-8/+8
/etc/security/pam_winbind.conf as config file for the PAM module by default. Guenther (This used to be commit 41b79ee80c7b0f4836ded51d42c7dc91cba75ccd)
2007-10-10r15039: Fix an uninitialized variable. I _think_ this should default toVolker Lendecke1-1/+1
PAM_SUCCESS. Günther, could you take a look? Thanks, Volker (This used to be commit fc6effcd9c2bb2d15b7e8fba85cc3193d2d7ce1f)
2007-10-10r15038: Replace all code in pam_winbind that relied on access to sambaGünther Deschner1-85/+148
internals, mostly with the code that was in pam_winbind before. Also switch from using loadparm to use iniParser to read the new pam_winbind options from a configuration file. That still uses the old (parametric) option names which will be replaced next (as iniParser does not support parametric options). Guenther (This used to be commit 6f668ce67318f17bba79cd98b5d169cd19eafcd4)
2007-10-10r15003: patch based on code from Arkady Glabek <aglabek@centeris.com> to ↵Gerald Carter1-0/+10
ensure that global memory is freed when unloading pam_winbind.so (needs more testing on non-linux platforms) (This used to be commit 1e0b79e591d70352a96e0a0487d8f394dc7b36ba)
2007-10-10r14940: Remove pam_winbind's ability to create home directories on it's own.Günther Deschner1-58/+0
Guenther (This used to be commit 87293802f3e0666c9a50eb3ca63bb1a7dccc50dc)
2007-10-10r14508: Return PAM_SUCCESS in pam_sm_close_session when there is no KRB5CCNAMEGünther Deschner1-1/+1
environment. Guenther (This used to be commit 1f1402e45db8d80a7c19208fae934e1b0f3da134)
2007-10-10r14496: Add WBFLAG_PAM_GET_PWD_POLICY bit to only callout for domain passwordGünther Deschner1-1/+1
policies when requested. No panic, the flags is uint32 so we are not running out of WBFLAG bits. Guenther (This used to be commit 2155bb0535656f294bd054d6a0a7d16a9a71c31b)
2007-10-10r13895: As agreed upon with gd on the phone, remove ↵Volker Lendecke1-3/+3
WBFLAG_PAM_CONTACT_TRUSTDOM. This can not work for NTLM auth, where we only have a workstation account for our own domain. For the PAM Kerberos login we need to find a better way to do this, probably using Dsr_GetDCName and some winbind-crafted krb5.conf. Volker (This used to be commit bf7c608147bcbbedd89b3dcd24a929ea3e601bc8)
2007-10-10r13492: As noone objected on the mailing-list:Günther Deschner1-4/+43
Fix parse_domain_user to fail when splitting a full name like "DOM\user" when "winbind use default domain" and "winbind trusted domains only" are not enabled. This allows pam_winbind to behave correctly when more modules are stacked in the "account" or "password" PAM facility. pam_winbindd calls WINBINDD_GETPWNAM which can decide whether or not a user is a winbind user and return correct PAM error codes. Guenther (This used to be commit e6d52c1e9d8cec7be6d552c2a67a392df21c3ec9)
2007-10-10r13391: Only fall into password change when ACB_PWNOEXP is not setGünther Deschner1-2/+2
(got it wrong the first time as administrator has this flag set by default). Guenther (This used to be commit e9ccebf45a5db8964793084950fbb2c23b2469a3)
2007-10-10r13375: Match XP behaviour: Don't force 'Administrator' to change an expiredGünther Deschner1-2/+4
password on logon. (this might be true for all domain admins as well). Guenther (This used to be commit 24c6b9fecb521380008cb44e6d987a6f495027dc)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-267/+724
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r12900: Merge from trunk:Günther Deschner1-1/+43
Correctly handle the case where users logon with an expired password. In that case pam_sm_authenticate has to return PAM_SUCESS instead of PAM_NEW_AUTHTOK_REQD or PAM_AUTHTOK_EXPIRED and pam_sm_acct_mgmt has to take care of requesting an immediate password change. (see the Linux PAM documentation). Fixes Bugzilla #1524, #3205. Tested with login, sshd, kdm and gdm on Linux. Thanks to Scott Barker <Scott_Barker@mtechIT.com>. Guenther (This used to be commit 4cb662ffd76dbe30003c618c94ccf6ebd4afb48c)
2007-10-10r10321: Fix winbindd recursion bug found by Ingo Steuwer ↵Jeremy Allison1-1/+1
<steuwer@univention.de>. Jeremy. (This used to be commit 6795c818a3d63737d5b40faffa3a0b91c71b427b)
2007-10-10r7145: reuse the WINBIND_REQUIRED_MEMBERSHIP constant.Günther Deschner1-12/+14
This is just cosmetic but prevents people from thinking that the pam_winbind "require_membership_of"-option is not yet implemented :) Guenther (This used to be commit ef80a49a858d7d81d427c7bac71fdac4fc0d1bd6)
2007-10-10r5207: patches from Jay Fenlason @ RedHat (scooped from their Fedora packages)Gerald Carter1-2/+2
(This used to be commit 9019a8436162d3606f6b8584701b0832cf5a7439)
2007-10-10r3911: typo.Günther Deschner1-1/+1
Guenther (This used to be commit 52dea588fd0b40a32c56b5634315b149fc088907)
2007-10-10r2779: Some fixes to pam_winbind.c.:Andrew Bartlett1-7/+8
Allow 'require_membership_of' and 'require-membership-of'. Really use a different struct for the SID->Name lookup. Andrew Bartlett (This used to be commit 83dadcd089905aa8ff3392010177ffa1dc8237ba)
2007-10-10r2762: Remove silly conversion to and from UTF8 on the winbind pipe. Fix theAndrew Bartlett1-7/+9
naming of the require_membership_of parameter in pam_winbind and fix the error code for 'you didn't specify a domain' in ntlm_auth. Andrew Bartlett (This used to be commit 4bf0b94011fe6bfbec5635e58cafbfe3dc898569)
2007-10-10r2482: Fix from Arthur van Dongen <avdongen@xs4all.nl> to fix acces -> ↵Jeremy Allison1-2/+2
access typos. Jeremy. (This used to be commit a278dca1b2c103f368d154aee2d3a1edd5604687)
2007-10-10r1971: move counter.Günther Deschner1-1/+1
Guenther (This used to be commit 74287178d208fd2f5b152314a3b797dcfea698a7)
2007-10-10r1942: Add missing semicolon.John Terpstra1-1/+1
(This used to be commit a0b80033c997d50562f66686e79a58fc9603217d)
2007-10-10r1888: Bring the same level of "required_membership"-functionality thatGünther Deschner1-5/+55
ntlm_auth uses, to pam_winbindd as well. This allows to make successfull authentication via PAM dependent on SID-membership. At the moment, both ntlm_auth and pam_winbindd.so accept user/group-names or sid-strings - as discussed, recursive membership (e.g. local aliases) will be added later. Guenther (This used to be commit 7494569655f8d112a0c883a2748a1012bb64ad3a)
2003-01-15*lots of small merges form HEADGerald Carter1-1/+2
*sync up configure.in *don't build torture tools in make all *make sure to remove torture tools as part of make clean (This used to be commit 0fb724b3216eeeb97e61ff12755ca3a31bcad6ef)
2002-10-26Try to catch up on the code I've put into HEAD that should be in 3.0:Andrew Bartlett1-19/+37
- vorlan's hosts allow with DNS names patch - use x_fileno() in debug.c, not the struct directly. - check for server timeout on password change (was reporting success) - better error/status loggin in both the pam_winbind client and winbindd_pam server code. - (pdb_ldap) don't set the ldap version twice - we do it on every bind anyway. (This used to be commit 9fa1863d8e7788eda83911ca2610754486b33069)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-10/+11
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-7/+11
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-0/+9
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-04-03More winbind for HPUX updates from Don Mccall. I think JRA has alreadyAndrew Bartlett1-2/+23
applied these to 2.2. Andrew Bartlett (This used to be commit 51fe3324dda6b1f9a9a45deda7a76b1fff35399a)
2002-03-23Various winbind updates:Andrew Bartlett1-3/+3
- pam_winbind updates from vance, fixing a typo and making some the options work properly. - Extra parinoia in the winbind connection loop - Allow pam_winbind to compile on HP-UX (Don Mcall, more work to do). - Fix up configure.in to use the same method for building the test .so as the Makefile uses. Andrew Bartlett (This used to be commit 8e705dd9215b1cb3f44d6348094679d7dc6a7fbd)
2002-03-13Fix typo in copyrightAndrew Bartlett1-1/+1
(This used to be commit 54e69ed20adc74fdfe007a9642dcb3a55c02d856)
2002-03-11Removed bogus calles to D() debugging function. Perhaps these shouldTim Potter1-16/+1
be replaced by DEBUG() calls? (This used to be commit 33dd07d1fc6946e53d3bdaad025adfc20abfab77)
generated by cgit (git 2.34.1) at 2024-08-04 10:34:19 +0000