summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_cred_cache.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r22666: Expand kerberos_kinit_password_ext() to return NTSTATUS codes and makeGünther Deschner1-2/+4
winbindd's kerberized pam_auth use that. Guenther (This used to be commit 0f436eab5b2e5891c341c27cb22db52a72bf1af7)
2007-10-10r22061: Fix the krb5 user ticket refresh event timeout in winbinddGerald Carter1-9/+32
(This used to be commit 4a99b89618948f5518b9c685d1cdcfaad69bfc80)
2007-10-10r21626: Fix memory leak on error path noticed byGerald Carter1-0/+1
SATOH Fumiyasu <fumiya@samba.gr.jp> (This used to be commit d68b2910c8ba97a42b8bccc0af1341fc301a76d0)
2007-10-10r21622: Fix bad merge caught by James.Gerald Carter1-7/+0
(This used to be commit 05886edb3559355e8cd3e3eb8999f24b64ddb3eb)
2007-10-10r21615: don't wait until the last second to try to renew a Krb5 ticket as it ↵Gerald Carter1-2/+4
is took late (This used to be commit 5575845952171aaeae81cf65fe32be33cc1b45ba)
2007-10-10r21614: The memset() called on aligned memory was causing crashesGerald Carter1-0/+11
on x86_64 Linux boxes. Since it is not needed, just use malloc() on Linux. (This used to be commit 3644bd999621e04b3fae262f172e93ea8fdcd47e)
2007-10-10r21537: Avoid to trigger the confusing "cached entry differs." warning whenGünther Deschner1-0/+12
there is just no cache around for a user. Guenther (This used to be commit a6c249b59228c6891cde624f72fff23879dbd19f)
2007-10-10r21530: Don't code with jet-lag and Volker looking over yourJeremy Allison1-1/+1
shoulder.... Correct fix for warning :-) Jeremy. (This used to be commit 773001870d22ef4ff7ec00f73661b59a63cade42)
2007-10-10r21529: Fix warning from bad cast.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 34675624e2be886188337a883a6c4a57ef7e3fe3)
2007-10-10r21525: Go ahead and checkin the mlock() & memalign() fixes soGerald Carter1-20/+10
others don't get stuck with the winbindd hang. Still waiting on additional confirmation from Guenther that this fixes thes issues he was observing as well. But it's been running in my local tree for a day without problems. (This used to be commit 0d2b80c6c4a744b05a0efdec352cddccc430e0c4)
2007-10-10r21505: make sure mlock()'d memory is aligned on a page boundaryGerald Carter1-7/+24
(This used to be commit 52e6a2ceab794875781575ed17ec86808f6e26da)
2007-10-10r20846: Before this gets out of control...Volker Lendecke1-7/+9
This add a struct event_context and infrastructure for fd events to smbd. This is step zero to import lib/events. Jeremy, I rely on you to watch the change in receive_message_or_smb() closely. For the normal code path this should be the only relevant change. The rest is either not yet used or is cosmetic. Volker (This used to be commit cd07f93a8aecb24c056e33b1ad3447a41959810f)
2007-10-10r20725: Get rid of a bool passed down -- gd, please checkVolker Lendecke1-2/+1
(This used to be commit 1ef910f423a9ec69af6abf5a4e2137e8a4e81755)
2007-10-10r20536: In the offline PAM session close case the attempt to delete aGünther Deschner1-1/+5
non-existing krb5 credential cache should not generate an error. Guenther (This used to be commit 11c6f573af5c1d3387e60f3fc44b00e28cd87813)
2007-10-10r20171: Don't delete the krb5 credential if others still reference to it.Günther Deschner1-7/+32
Guenther (This used to be commit a1378979be4fe5ac5148b0a7830859aebb97838c)
2007-10-10r18842: Protect against "winbind cache time = 0" on two other occasions.Günther Deschner1-2/+2
Guenther (This used to be commit b1cd9d45e9581bec56bfdc21d2a8afb7f094be22)
2007-10-10r18841: Protect against potential event loop when someone is using "winbindGünther Deschner1-2/+2
cache time = 0". Guenther (This used to be commit 9ac6016e32d236e7470919c075df551d1d73498c)
2007-10-10r18239: THIS IS GUENTHER'S WORK !!! He's allowing me to mergeJeremy Allison1-46/+151
this at the moment as I'm working on this area. Thanks a lot Guenther. Add the capability to get krb5 tickets even if we log on in the offline state and have to cache the credentials. Once we go online we should start getting krb5 tickets again. Currently this code waits until lp_winbind_cache_time() seconds (5 minutes by default) before getting tickets. This is correct in the DC down case, but not in the global offline -> online case. I'll later add a trigger to force an immediate refresh on the offline -> online state transition. Jeremy. (This used to be commit 04fe034f4a222c83a8d788040f7edc370afe9fa6)
2007-10-10r18128: Don't forget to set the ref count to 1 on a referenceJeremy Allison1-0/+1
counted struct. Doh ! Jeremy. (This used to be commit 8c78386e8da72108551cff72a6cc9da89264ddee)
2007-10-10r18028: Fix warnings on non-krb5 systemsVolker Lendecke1-0/+2
(This used to be commit 30df6cb65f2dcc1829ea362ea0bc2a5e10f9819a)
2007-10-10r17897: Store the uid in the memory creds. Don't request theJeremy Allison1-5/+19
krb5 refresh creds when doing cached NTLM auth, request the memory creds instead. Jeremy. (This used to be commit 310ac0b226edcfd5bedc2c3305a05993db20c7af)
2007-10-10r17837: Split out the storing of memory cached credentialsJeremy Allison1-146/+345
from the krb5 ticket renewal code. This allows cached credentials to be stored for single sign-on via ntlm_auth for machines in a domain still using NTLM. Also (hopefully) fixes the reference counting problem with pam_logon/logoff so multiple logons/logoffs won't lose cached credentials. This compiles, but I'm intending to test it over the weekend so don't complain too much :-). I also want it in the tree so Coverity can scan it for errors. Guenther, check this over please - I ran through the architecture with Jerry and he's ok with it, but this is modifying your code a lot. Jeremy. (This used to be commit 679eeeb91155dad3942efde6ae9f8d81faf18c5b)
2007-10-10r17616: Add the lm and nt hashes to the cached credentialsJeremy Allison1-23/+43
stored - only store the password if we're going to be doing a krb5 refresh. GD please review this change ! Now to add code to reference count the cached creds (to allow multiple pam_logon/pam_logoffs to keep the creds around), ensure that the cred cache is called on all successful pam_logons (if we have winbindd cache pam credentials = true, set this by default) and finally ensure the creds cache is changed on successful password change. GD - you *really* need to review this :-). Jeremy. (This used to be commit 017e7e14958d29246a1b221e33755bb91e96b08f)
2007-10-10r17605: Some C++ warningsVolker Lendecke1-1/+1
(This used to be commit 05268d7a731861b10ce8556fd32a004808383923)
2007-10-10r16755: Hunting warning has some benefits....Volker Lendecke1-2/+2
Solaris found this one that needs to go into 3.0.23, actually munlock the password memory. Volker (This used to be commit 6fa928f96a70b7b063dd1bdbb08c6a3f5d942229)
2007-10-10r15634: Prevent passwords of winbindd's list of credential caches from beeingGünther Deschner1-0/+46
swapped to disc using mlock(). (patch was reviewed by Jeremy). Guenther (This used to be commit 206cdbb8e9a4a0900060d56510e58b85a2b8aec5)
2007-10-10r15541: Only ever store a user's password in a WINBINDD_CCACHE_ENTRY struct whenGünther Deschner1-1/+1
we have a reason to do so. Guenther (This used to be commit 4da79bd10c17277171aad26ee0278f8e5b64abdb)
2007-10-10r15539: Use portable wrapper functions instead of seteuidJeremy Allison1-4/+4
directly in winbindd. Jeremy. (This used to be commit 2e65fcc9def5f1386a33ca4a76e494838e3a0632)
2007-10-10r15396: Cleanup credential caches from winbind's linked list.Günther Deschner1-0/+12
Guenther (This used to be commit 7420b095077689fee4b5c9fb76cdb6533be1d465)
2007-10-10r15240: Correctly disallow unauthorized access when logging on with theGünther Deschner1-0/+1
kerberized pam_winbind and workstation restrictions are in effect. The krb5 AS-REQ needs to add the host netbios-name in the address-list. We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from the edata of the KRB_ERROR but the login at least fails when the local machine is not in the workstation list on the DC. Guenther (This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
2007-10-10r14585: Tighten argument list of kerberos_kinit_password again,Günther Deschner1-8/+8
kerberos_kinit_password_ext provides access to more options. Guenther (This used to be commit afc519530f94b420b305fc28f83c16db671d0d7f)
2007-10-10r14148: Removing the not very well tested krb5 ticket refresh handling activatedGünther Deschner1-3/+0
over --with-kcm. No time to look after it for the moment. Guenther (This used to be commit 7ec2b31a8790db1466ffafeab533c11ab7ea801a)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter1-4/+5
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-0/+270
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)