summaryrefslogtreecommitdiff
path: root/source3/nsswitch/pam_winbind.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r21020: Some pam_winbind fixes:Günther Deschner1-14/+13
* make debug_state also configurable from the config file * minor code cleanup Guenther (This used to be commit c562095953df55c91e3dad8f5c29c0b66664b62b)
2007-10-10r21019: Fix typo.Günther Deschner1-1/+1
Guenther (This used to be commit adb40884e04069e7de7580b6531675ebaed5c117)
2007-10-10r21016: Fix pam_sm_setcred again.Günther Deschner1-1/+1
Jerry, the switch statement must ignore the PAM_SILENT flag. Guenther (This used to be commit 46d23c72bf4f3bd04021a9caf8d6b1380352b811)
2007-10-10r21015: fix typo that breaks the buildGerald Carter1-1/+1
(This used to be commit f82a5175304a12b18abb2bc3d9fd9f7023998357)
2007-10-10r21013: * Remove "inline" keywordGerald Carter1-5/+5
* Remove anpther check for PAM_SILENT that prevents logging to syslog * Add missing check for TRY_FIRST_PASS when using authtok (missed from previous merge) (This used to be commit ed794f0872b749955f56112507fd3ae7a6c6e6f5)
2007-10-10r21012: Patch from Danilo Almeida @ Centeris (via me):Gerald Carter1-21/+167
Details: Improve PAM logging - The improved logging is far tracking down PAM-related bugs - PAM_SILENT was being mis-used to suppress syslog output instead of suppressing user output. This lets PAM_SILENT still log to syslog. - Allow logging of item & data state via debug_state config file option. - Logging tracks the pam handle used. (This used to be commit cc1a13a9f06e5c15c8df19d0fbb31dbdeb81a9cc)
2007-10-10r21011: Another patch from Danilo Almeida @ Centeris (via me):Gerald Carter1-4/+7
Details: Reset the "new password prompt required" state whenever we do a new auth. In more detail, in pam_sm_authenticate, if not settting PAM_WINBIND_NEW_AUTHTOK_REQD, then clean any potentially present PAM_WINBIND_NEW_AUTHTOK_REQD. (This used to be commit 402e8594759b42c1986f4f8d69273f68ec5160af)
2007-10-10r21009: Patch from Danilo Almeida @ Centeris (via me).Gerald Carter1-39/+170
Patch details: Support most options in pam_winbind.conf; support comma-separated names in require-membership-of. Details below: 1) Provides support for almost all config options in pam_winbind.conf (all except for use_first_pass, use_authtok, and unknown_ok). - That allows us to work well when invoked via call_modules from pam_unix2.conf as well as allowing use of spaces in names used w/require_membership_of. 2) Support for comma-separated list of names or SID strings in require_membership_of/require-membership-of. - Increased require_membership_of field in winbind request from fstring (256) to pstring (1024). - In PAM side, parse out multiple names or SID strings and convert all of them to SID strings. - In Winbind side, support membership check against multiple SID strings. (This used to be commit 4aca9864896b3e0890ffc9a6980d7ef1311138f7)
2007-10-10r20687: Implement grace logons for offline authentications in pam_winbind.Günther Deschner1-3/+20
In case a user authenticated sucessfully and his password just expired while beeing disconnected, we should allow a user to logon (given a clear warning). We currently forced the user into a password change dialogue in that scenario; this did not make much sense while offline. Guenther (This used to be commit 668b278653acfc4de7807834988f7af557e608a5)
2007-10-10r20651: Fix "password expires soon" warning message for pam_winbind.Günther Deschner1-12/+67
We were incorrectly calculating the days until the password expires and we also need to look at the info3 pass_must_change_time for expiry calculation. Guenther (This used to be commit 22d79237127a064a934928d175182adecc6300de)
2007-10-10r20304: Smaller fixes for pam_winbind:Günther Deschner1-30/+65
* fail on invalid credential flags in pam_sm_setcred * parse config file for pam_sm_acct_mgmt and pam_sm_open_session Guenther (This used to be commit 2a428ac814d03880de63656ea97827126ccfec5c)
2007-10-10r20249: Fail when parsing invalid options in _pam_parse.Günther Deschner1-1/+2
Guenther (This used to be commit f6c9421abdf5731e894cd2ccc1b7431a3c368bbf)
2007-10-10r20241: Slightly improve readability of the pam_vsyslog replacement function.Günther Deschner1-6/+5
Guenther (This used to be commit 222320373f8a251fc2cf3ff8c3fec93a7a48f9df)
2007-10-10r20240: Be a little more verbose about the credential flags when the debug flagGünther Deschner1-2/+16
is set. Guenther (This used to be commit ecbab58826a51ace2a0d1181a41391f5d170ff06)
2007-10-10r20239: Parse the configfile for pam_sm_setcred as wellGünther Deschner1-1/+7
(e.g. to get the debug flag) Guenther (This used to be commit 2c549f71f15b066ac1f415544848b582558abd5d)
2007-10-10r20180: Ensure that pam returns the correct error messagesJeremy Allison1-38/+78
when offline and or doing password changes. Jeremy. (This used to be commit 4a74c553845c960a355ddb86abaadfe0d550271f)
2007-10-10r20136: Fix #4290. Properly compute time to password expiration in message fromJim McDonough1-1/+2
pam_winbind. Thanks to Andrew Benham <andrew.benham@thus.net> (This used to be commit 0d03f5137936546253a8b3334995f536f3621d57)
2007-10-10r19710: Fix memory leak in get_conf_item_string(). AsJeremy Allison1-5/+1
we're just doing strchr on a const string there's no need to strdup it before, we're never modifying it. Just remove the variable "parm". Jeremy. (This used to be commit 1af18f613b1399220e38e7ab40665c2ca177c5a7)
2007-10-10r19703: Don't free a string if you want to return it!Simo Sorce1-1/+0
(This used to be commit 3fed72ac3efd1fa7df8fb7d1e2cb9772d66bb4bd)
2007-10-10r19351: Also export the info3 profilepath via the PAM_WINBIND_PROFILEPATH dataGünther Deschner1-0/+12
field. Guenther (This used to be commit 66b92f27fa4edec180b8c8eee929ec8f31ef6a08)
2007-10-10r19349: Fix invalid free on the PAM_WINBIND_PWD_LAST_SET data.Günther Deschner1-1/+1
Guenther (This used to be commit a4d17ee9c960abdf21b9af1601bd1042e0cd7636)
2007-10-10r19348: Fix uninitialized dictionary handle, found by valgrind.Günther Deschner1-3/+3
Guenther (This used to be commit 9621bb420a13e634badcc922c73c8bfb30aa6120)
2007-10-10r18927: Fix build. *please* compile the code at least once before checking ↵Gerald Carter1-2/+2
it in. (This used to be commit 4e464a2c35984752244f30ce9bb259eb16149e3f)
2007-10-10r18924: Minor cleanup.Günther Deschner1-8/+8
Guenther (This used to be commit 143a48927b0e21d31a9f54cfc720b5d04a4b6751)
2007-10-10r18667: Two C++ warningsVolker Lendecke1-1/+1
(This used to be commit 8c60e71229cd577f3b17345c5824363dd202eba9)
2007-10-10r18507: Added debug log for returned username.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 7644fa70ba4f7c88d887930e23b5ee2e1632473b)
2007-10-10r18484: Start some cleanup on pam_winbind's syslogging:Günther Deschner1-113/+154
* as openlog() is non-reentrant and pam_winbind thereby overrides the syslog settings of the calling application, directly call syslog (or pam_vsyslog if available) * support the PAM_SILENT flag to avoid any log messages beeing created Guenther (This used to be commit 0f7e37ffc4759a4e29f63ab83f39ddb31c8240f6)
2007-10-10r18158: Stop winbindd from accumulating memory creds infinitely when doingGünther Deschner1-4/+4
pam offline logons. Guenther (This used to be commit 95788cb291b89b431972e29e148b412992cc32a5)
2007-10-10r18062: Fix to ensure the name used by pam matches theJeremy Allison1-4/+25
name that will be returned by winbindd. This (should) fix the bug where the user logs in with DOMAIN\user but winbindd returns only "user" for the username due to 'winbind use default domain' being set. Jeremy. (This used to be commit 1b2aa17354d50740902010f4a1e0217c8b1f7bdd)
2007-10-10r17723: * BUG 3969: Fix unsigned time comparison with expiration policy from ↵Gerald Carter1-4/+4
AD DC * Merge patches from SLES10 to make sure we talk to the correct winbindd process when performing pam_auth (and pull the password policy info). (This used to be commit 43bd8c00abb38eb23a1497a255d194fb1bbffffb)
2007-10-10r17584: Some C++ WarningsVolker Lendecke1-1/+1
(This used to be commit f6194cf4b263454bbdf180a7d014ffc3498df497)
2007-10-10r17366: Save the logon script path from the info3 in the PAM session allowingGünther Deschner1-4/+18
other PAM modules to pick it up from there. Guenther (This used to be commit b3ac5a586ba37b1122b0dc941dfee648fc4fa6d5)
2007-10-10r17365: Fix memleak.Günther Deschner1-1/+4
Guenther (This used to be commit 62a8e0b08919e71c6a575ce6d89d8a4a09acbd87)
2007-10-10r17017: BUG 3916: fix pam config file parsing in pam_winbind.Gerald Carter1-15/+17
Patch from Dietrich Streifert <dietrich.streifert@visionet.de> (This used to be commit 8d6218825827a54ca69e462c00a3dc9e25ef3ddf)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-6/+24
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16941: Fix crash bug when the pam conversation receives an empty token.Günther Deschner1-2/+2
Thanks to Bjoern Jacke for the report and test-case. Guenther (This used to be commit f2ebc0e3de396f44f49dabbfe42cb3ad1c1a7ec1)
2007-10-10r15984: Correctly handle the case when there is no configuration file forGünther Deschner1-1/+1
pam_winbind. Guenther (This used to be commit 29758ea1c4e1b9b57d27765d539306058299fcd1)
2007-10-10r15546: When debugging is enabled be just a little more verbose in logging inGünther Deschner1-6/+6
pam_winbind. Guenther (This used to be commit bf077fb2268b79faffd1fdda04847c37ffead32d)
2007-10-10r15528: Make the existance of the /etc/security/pam_winbind.conf fileGünther Deschner1-3/+5
non-critical and fallback to only parse the argv options in that case. Guenther (This used to be commit 9dac3ab328e9c7ba374e0efc3fe16d940ecc9d3b)
2007-10-10r15478: Likewise for bug # 3763Volker Lendecke1-4/+4
(This used to be commit 7188ec6bd81715c4df17528bca2b2e658173043f)
2007-10-10r15417: Don't use cached credentials when changing passwords.Günther Deschner1-1/+5
Guenther (This used to be commit 34b29c30b2f4b5a3c40a65ca8338c87a4c16f3ff)
2007-10-10r15411: Small debug fixes for the PAM module.Günther Deschner1-2/+2
Guenther (This used to be commit 1856dc0f52b2a2ba2e59f1a7a77ccd32c27928c0)
2007-10-10r15399: Fix the build, sorry, Jerry :)Günther Deschner1-2/+2
Guenther (This used to be commit cc800ced60e5e6bbd923a3a0b7d58650c6e14121)
2007-10-10r15398: Attempt to send the correct warning when a password change was attemptedGünther Deschner1-11/+34
too early. Guenther (This used to be commit 7f64a66d25f2a4aa48c2639da8e783c1759c5dd4)
2007-10-10r15040: Stripping the parametric options in pam_winbind and useGünther Deschner1-8/+8
/etc/security/pam_winbind.conf as config file for the PAM module by default. Guenther (This used to be commit 41b79ee80c7b0f4836ded51d42c7dc91cba75ccd)
2007-10-10r15039: Fix an uninitialized variable. I _think_ this should default toVolker Lendecke1-1/+1
PAM_SUCCESS. Günther, could you take a look? Thanks, Volker (This used to be commit fc6effcd9c2bb2d15b7e8fba85cc3193d2d7ce1f)
2007-10-10r15038: Replace all code in pam_winbind that relied on access to sambaGünther Deschner1-85/+148
internals, mostly with the code that was in pam_winbind before. Also switch from using loadparm to use iniParser to read the new pam_winbind options from a configuration file. That still uses the old (parametric) option names which will be replaced next (as iniParser does not support parametric options). Guenther (This used to be commit 6f668ce67318f17bba79cd98b5d169cd19eafcd4)
2007-10-10r15003: patch based on code from Arkady Glabek <aglabek@centeris.com> to ↵Gerald Carter1-0/+10
ensure that global memory is freed when unloading pam_winbind.so (needs more testing on non-linux platforms) (This used to be commit 1e0b79e591d70352a96e0a0487d8f394dc7b36ba)
2007-10-10r14940: Remove pam_winbind's ability to create home directories on it's own.Günther Deschner1-58/+0
Guenther (This used to be commit 87293802f3e0666c9a50eb3ca63bb1a7dccc50dc)
2007-10-10r14508: Return PAM_SUCCESS in pam_sm_close_session when there is no KRB5CCNAMEGünther Deschner1-1/+1
environment. Guenther (This used to be commit 1f1402e45db8d80a7c19208fae934e1b0f3da134)