summaryrefslogtreecommitdiff
path: root/source3/nsswitch/pam_winbind.h
AgeCommit message (Collapse)AuthorFilesLines
2008-01-17Finally enable pidl generated SAMR & NETLOGON headers and clients.Günther Deschner1-11/+12
Guenther (This used to be commit f7100156a7df7ac3ae84e45a47153b38d9375215)
2007-10-10r23708: - Add define for WINBIND_WARN_PWD_EXPIRE.Lars Müller1-0/+1
- Add parameter config_flag to get_config_item_int() and do the same check as in get_conf_item_string. (This used to be commit d1d1baa264587911e1c97b3b35d5ed2bc56bf12b)
2007-10-10r23704: Add pam_pwd_expire feature as discussed on samba-technical.Lars Müller1-1/+1
This is a slightly modified version to set warn_pwd_expire to the default value if 0, no, or a broken value is set. This version also has one if statement less in get_config_item_int(). Thanks a lot to Andreas 'GlaDiaC' Schneider for this feature! (This used to be commit d26914c978457ae0ec097cc40c8e33a7cee9ebcf)
2007-10-10r23095: Support systems that have their PAM headers in /usr/include/pam.James Peach1-2/+10
(This used to be commit f1e8de4b576b3954d456cb64c02417908bab8da4)
2007-10-10r22712: Inform the user when logging in via pam_winbindGerald Carter1-0/+2
and the krb5 tkt cache could not be created due to clock skew. (This used to be commit 24616f7d6be40b090dc74851b1ea7d09d6976811)
2007-10-10r21500: Fix inappropriate creation of a krb5 ticket refreshing event when a userGünther Deschner1-0/+1
changed a password via pam_chauthtok. Only do this if a) a user logs on using an expired password (or a password that needs to be changed immediately) or b) the user itself changes his password. Also make sure to delete the in-memory krb5 credential cache (when a user did not request a FILE based cred cache). Finally honor the krb5 settings in the first pam authentication in the chauthtok block (PAM_PRELIM_CHECK). This circumvents confusion when NTLM samlogon authentication is still possible with the old password after the password has been already changed (on w2k3 sp1 dcs). Guenther (This used to be commit c3005c48cd86bc1dd17fab80da05c2d34071b872)
2007-10-10r21159: Cleanup pam_sm_chauthtok() in pam_winbind:Günther Deschner1-1/+17
Set info3 strings, krb5ccname and returned username after we changed a password and sucessfully re-authenticated afterwards. In that case we ended up without this information. Guenther (This used to be commit 034d42ba7236e67303a8221b7a613799d1a61b83)
2007-10-10r21154: Add PAM_WINBIND_LOGONSERVER, also merge the various pam_set_data calls.Günther Deschner1-0/+1
Guenther (This used to be commit 97a0b1b79499af10930500ce857c93ffbacfdb6e)
2007-10-10r21152: Correctly omit pam conversations when PAM_SILENT has been set by theGünther Deschner1-10/+10
calling application. Guenther (This used to be commit ebfae9a671d2c960178228ba7fdcd07cb2f49a05)
2007-10-10r21012: Patch from Danilo Almeida @ Centeris (via me):Gerald Carter1-0/+1
Details: Improve PAM logging - The improved logging is far tracking down PAM-related bugs - PAM_SILENT was being mis-used to suppress syslog output instead of suppressing user output. This lets PAM_SILENT still log to syslog. - Allow logging of item & data state via debug_state config file option. - Logging tracks the pam handle used. (This used to be commit cc1a13a9f06e5c15c8df19d0fbb31dbdeb81a9cc)
2007-10-10r20687: Implement grace logons for offline authentications in pam_winbind.Günther Deschner1-0/+3
In case a user authenticated sucessfully and his password just expired while beeing disconnected, we should allow a user to logon (given a clear warning). We currently forced the user into a password change dialogue in that scenario; this did not make much sense while offline. Guenther (This used to be commit 668b278653acfc4de7807834988f7af557e608a5)
2007-10-10r19351: Also export the info3 profilepath via the PAM_WINBIND_PROFILEPATH dataGünther Deschner1-0/+1
field. Guenther (This used to be commit 66b92f27fa4edec180b8c8eee929ec8f31ef6a08)
2007-10-10r19103: From "Björn JACKE <bjoern@j3e.DE>":Jeremy Allison1-1/+1
The attached patch cleans up pam_winbind a tiny bit. Instead of making exceptions for all pam implementations except for Linux' it's better to make an exception for the only pam implementation which is different from all the others. This is equivalent to what pam_smb_auth does already. ----------------- Jeremy (This used to be commit 8e5596470822d20740f86585a6cf67240f2face4)
2007-10-10r18798: use libreplace headers in pam and nss modulesStefan Metzmacher1-17/+3
this hopefully fixes the build on AIX metze (This used to be commit ef1001f5a269f3d6a66f40e3fb01eccc807dcd7e)
2007-10-10r18484: Start some cleanup on pam_winbind's syslogging:Günther Deschner1-1/+6
* as openlog() is non-reentrant and pam_winbind thereby overrides the syslog settings of the calling application, directly call syslog (or pam_vsyslog if available) * support the PAM_SILENT flag to avoid any log messages beeing created Guenther (This used to be commit 0f7e37ffc4759a4e29f63ab83f39ddb31c8240f6)
2007-10-10r17366: Save the logon script path from the info3 in the PAM session allowingGünther Deschner1-0/+1
other PAM modules to pick it up from there. Guenther (This used to be commit b3ac5a586ba37b1122b0dc941dfee648fc4fa6d5)
2007-10-10r15479: Check in patch from bug # 3746 -- Thanks TimurVolker Lendecke1-0/+1
(This used to be commit ac79bba1a118635ed18d23cf84bdf15923b354c0)
2007-10-10r15398: Attempt to send the correct warning when a password change was attemptedGünther Deschner1-0/+1
too early. Guenther (This used to be commit 7f64a66d25f2a4aa48c2639da8e783c1759c5dd4)
2007-10-10r15040: Stripping the parametric options in pam_winbind and useGünther Deschner1-2/+4
/etc/security/pam_winbind.conf as config file for the PAM module by default. Guenther (This used to be commit 41b79ee80c7b0f4836ded51d42c7dc91cba75ccd)
2007-10-10r15038: Replace all code in pam_winbind that relied on access to sambaGünther Deschner1-1/+21
internals, mostly with the code that was in pam_winbind before. Also switch from using loadparm to use iniParser to read the new pam_winbind options from a configuration file. That still uses the old (parametric) option names which will be replaced next (as iniParser does not support parametric options). Guenther (This used to be commit 6f668ce67318f17bba79cd98b5d169cd19eafcd4)
2007-10-10r14940: Remove pam_winbind's ability to create home directories on it's own.Günther Deschner1-1/+0
Guenther (This used to be commit 87293802f3e0666c9a50eb3ca63bb1a7dccc50dc)
2007-10-10r14841: Fix IRIX build --with-pam.Günther Deschner1-1/+1
Guenther (This used to be commit 99158406b47dc07961c4f6536181da868cf276ca)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-2/+54
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r12900: Merge from trunk:Günther Deschner1-0/+2
Correctly handle the case where users logon with an expired password. In that case pam_sm_authenticate has to return PAM_SUCESS instead of PAM_NEW_AUTHTOK_REQD or PAM_AUTHTOK_EXPIRED and pam_sm_acct_mgmt has to take care of requesting an immediate password change. (see the Linux PAM documentation). Fixes Bugzilla #1524, #3205. Tested with login, sshd, kdm and gdm on Linux. Thanks to Scott Barker <Scott_Barker@mtechIT.com>. Guenther (This used to be commit 4cb662ffd76dbe30003c618c94ccf6ebd4afb48c)
2007-10-10r1888: Bring the same level of "required_membership"-functionality thatGünther Deschner1-0/+1
ntlm_auth uses, to pam_winbindd as well. This allows to make successfull authentication via PAM dependent on SID-membership. At the moment, both ntlm_auth and pam_winbindd.so accept user/group-names or sid-strings - as discussed, recursive membership (e.g. local aliases) will be added later. Guenther (This used to be commit 7494569655f8d112a0c883a2748a1012bb64ad3a)
2003-09-04More FreeBSD PAM compile fixes. Don't redefine PAM_AUTHTOK_RECOVER_ERRTim Potter1-0/+3
if it already exists. FreeBSD 4.8 doesn't need the redefinition, 5.0 does. (This used to be commit 4a3727b03b0488fa82687014cb476b1971a78be8)
2003-09-02Fix for bug 261. Create a configure #define for FreeBSD and a check inTim Potter1-1/+1
nsswitch/pam_winbind.h so we can compile properly on this platform. (This used to be commit 75411005fcab7ecf31940c5f7b87fd407166f98a)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-2/+1
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-03-23Various winbind updates:Andrew Bartlett1-1/+1
- pam_winbind updates from vance, fixing a typo and making some the options work properly. - Extra parinoia in the winbind connection loop - Allow pam_winbind to compile on HP-UX (Don Mcall, more work to do). - Fix up configure.in to use the same method for building the test .so as the Makefile uses. Andrew Bartlett (This used to be commit 8e705dd9215b1cb3f44d6348094679d7dc6a7fbd)
2002-02-05Drastic impromvents to pam_winbind.Andrew Bartlett1-3/+16
This adds code to do generic PAM -> NTSTATUS and NTSTATUS -> PAM error conversions, and uses them to make the error handling in pam_winbind sane. In particular, pam_winbind now uses PAM error codes, not silly '-1, -2 ...' stuff, and logs the NTSTATUS error that winbind now sends over the pipe. Added code to wbinfo to display these - makes a big difference in debugging winbindd. The main change here is the code to allow pam_winbind password changing to correctly stack - This code ripped from pam_unix, and the copyright attached. (Same as for all pam modules, including pam_winbind) Andrew Bartlett (This used to be commit dc1a72f896b83bc1ad3c7bf6c12c36ace3967280)
2001-09-17move to SAFE_FREE()Simo Sorce1-7/+1
(This used to be commit 03dc67788f68c9e01b5a82fdf43f837cb19f4608)
2001-05-22Try to fix build by adding autoconf tests for pam headers.Jeremy Allison1-0/+2
Jeremy. (This used to be commit d52bc4d219bd07e656986e7754ea6e238c626d77)
2001-05-07iAdditional files for winbind merge.Tim Potter1-0/+85
(This used to be commit 38ab3b31b5dc39fb59f224b399bb9c2269f1c933)