summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_cred_cache.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r20171: Don't delete the krb5 credential if others still reference to it.Günther Deschner1-7/+32
Guenther (This used to be commit a1378979be4fe5ac5148b0a7830859aebb97838c)
2007-10-10r18842: Protect against "winbind cache time = 0" on two other occasions.Günther Deschner1-2/+2
Guenther (This used to be commit b1cd9d45e9581bec56bfdc21d2a8afb7f094be22)
2007-10-10r18841: Protect against potential event loop when someone is using "winbindGünther Deschner1-2/+2
cache time = 0". Guenther (This used to be commit 9ac6016e32d236e7470919c075df551d1d73498c)
2007-10-10r18239: THIS IS GUENTHER'S WORK !!! He's allowing me to mergeJeremy Allison1-46/+151
this at the moment as I'm working on this area. Thanks a lot Guenther. Add the capability to get krb5 tickets even if we log on in the offline state and have to cache the credentials. Once we go online we should start getting krb5 tickets again. Currently this code waits until lp_winbind_cache_time() seconds (5 minutes by default) before getting tickets. This is correct in the DC down case, but not in the global offline -> online case. I'll later add a trigger to force an immediate refresh on the offline -> online state transition. Jeremy. (This used to be commit 04fe034f4a222c83a8d788040f7edc370afe9fa6)
2007-10-10r18128: Don't forget to set the ref count to 1 on a referenceJeremy Allison1-0/+1
counted struct. Doh ! Jeremy. (This used to be commit 8c78386e8da72108551cff72a6cc9da89264ddee)
2007-10-10r18028: Fix warnings on non-krb5 systemsVolker Lendecke1-0/+2
(This used to be commit 30df6cb65f2dcc1829ea362ea0bc2a5e10f9819a)
2007-10-10r17897: Store the uid in the memory creds. Don't request theJeremy Allison1-5/+19
krb5 refresh creds when doing cached NTLM auth, request the memory creds instead. Jeremy. (This used to be commit 310ac0b226edcfd5bedc2c3305a05993db20c7af)
2007-10-10r17837: Split out the storing of memory cached credentialsJeremy Allison1-146/+345
from the krb5 ticket renewal code. This allows cached credentials to be stored for single sign-on via ntlm_auth for machines in a domain still using NTLM. Also (hopefully) fixes the reference counting problem with pam_logon/logoff so multiple logons/logoffs won't lose cached credentials. This compiles, but I'm intending to test it over the weekend so don't complain too much :-). I also want it in the tree so Coverity can scan it for errors. Guenther, check this over please - I ran through the architecture with Jerry and he's ok with it, but this is modifying your code a lot. Jeremy. (This used to be commit 679eeeb91155dad3942efde6ae9f8d81faf18c5b)
2007-10-10r17616: Add the lm and nt hashes to the cached credentialsJeremy Allison1-23/+43
stored - only store the password if we're going to be doing a krb5 refresh. GD please review this change ! Now to add code to reference count the cached creds (to allow multiple pam_logon/pam_logoffs to keep the creds around), ensure that the cred cache is called on all successful pam_logons (if we have winbindd cache pam credentials = true, set this by default) and finally ensure the creds cache is changed on successful password change. GD - you *really* need to review this :-). Jeremy. (This used to be commit 017e7e14958d29246a1b221e33755bb91e96b08f)
2007-10-10r17605: Some C++ warningsVolker Lendecke1-1/+1
(This used to be commit 05268d7a731861b10ce8556fd32a004808383923)
2007-10-10r16755: Hunting warning has some benefits....Volker Lendecke1-2/+2
Solaris found this one that needs to go into 3.0.23, actually munlock the password memory. Volker (This used to be commit 6fa928f96a70b7b063dd1bdbb08c6a3f5d942229)
2007-10-10r15634: Prevent passwords of winbindd's list of credential caches from beeingGünther Deschner1-0/+46
swapped to disc using mlock(). (patch was reviewed by Jeremy). Guenther (This used to be commit 206cdbb8e9a4a0900060d56510e58b85a2b8aec5)
2007-10-10r15541: Only ever store a user's password in a WINBINDD_CCACHE_ENTRY struct whenGünther Deschner1-1/+1
we have a reason to do so. Guenther (This used to be commit 4da79bd10c17277171aad26ee0278f8e5b64abdb)
2007-10-10r15539: Use portable wrapper functions instead of seteuidJeremy Allison1-4/+4
directly in winbindd. Jeremy. (This used to be commit 2e65fcc9def5f1386a33ca4a76e494838e3a0632)
2007-10-10r15396: Cleanup credential caches from winbind's linked list.Günther Deschner1-0/+12
Guenther (This used to be commit 7420b095077689fee4b5c9fb76cdb6533be1d465)
2007-10-10r15240: Correctly disallow unauthorized access when logging on with theGünther Deschner1-0/+1
kerberized pam_winbind and workstation restrictions are in effect. The krb5 AS-REQ needs to add the host netbios-name in the address-list. We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from the edata of the KRB_ERROR but the login at least fails when the local machine is not in the workstation list on the DC. Guenther (This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
2007-10-10r14585: Tighten argument list of kerberos_kinit_password again,Günther Deschner1-8/+8
kerberos_kinit_password_ext provides access to more options. Guenther (This used to be commit afc519530f94b420b305fc28f83c16db671d0d7f)
2007-10-10r14148: Removing the not very well tested krb5 ticket refresh handling activatedGünther Deschner1-3/+0
over --with-kcm. No time to look after it for the moment. Guenther (This used to be commit 7ec2b31a8790db1466ffafeab533c11ab7ea801a)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter1-4/+5
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-0/+270
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)