summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r13409: No functional changes, just some DEBUG cleanup.Günther Deschner4-7/+5
Guenther (This used to be commit 286f6fc2339cf4ef232c16466b8dffdcddbe343f)
2007-10-10r13391: Only fall into password change when ACB_PWNOEXP is not setGünther Deschner1-2/+2
(got it wrong the first time as administrator has this flag set by default). Guenther (This used to be commit e9ccebf45a5db8964793084950fbb2c23b2469a3)
2007-10-10r13377: Fix from Volker: Make offline authentication work with NT4 as wellGünther Deschner2-2/+20
(handle no ACB_NORMAL flag and save name2sid as early as possible). Guenther (This used to be commit a04a5e40b774b7fe535e9cbbabddf94ee5578005)
2007-10-10r13375: Match XP behaviour: Don't force 'Administrator' to change an expiredGünther Deschner3-17/+8
password on logon. (this might be true for all domain admins as well). Guenther (This used to be commit 24c6b9fecb521380008cb44e6d987a6f495027dc)
2007-10-10r13371: Remove an unused functionVolker Lendecke1-8/+0
(This used to be commit dde8322b5c26b04222eefd3c1d450852f849079f)
2007-10-10r13316: Let the carnage begin....Gerald Carter22-536/+3833
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13310: first round of server affinity patches for winbindd & net ads joinGerald Carter1-25/+45
(This used to be commit 6c3480f9aecc061660ad5c06347b8f1d3e11a330)
2007-10-10r13309: If the sid in the winbind name2sid cache is not valid ↵Volker Lendecke1-1/+3
(NT_STATUS_NONE_MAPPED), we have S-0-0 as a SID in the cache. This leads to ugly level 0 messages from string_to_sid. Avoid them. Volker (This used to be commit d62da3e9875592af91469bf75ca32be77a40ea59)
2007-10-10r13232: defensive programming in an attempt to prevent crashes due to a PDC ↵Gerald Carter1-3/+5
rebooting (This used to be commit 994794383361cfe5d58098ae494489fb0164e1df)
2007-10-10r13229: * fix bad comparison caught by the AIX compiler in wbinfo codeGerald Carter1-3/+3
* update output from mkversion.sh to include the SAMBA_VENDOR_PATCH (This used to be commit 485f0370942880a71095da5096e414b28193b150)
2007-10-10r13212: r12414@cabra: derrell | 2006-01-28 17:52:17 -0500Derrell Lipman3-3/+3
lp_load() could not be called multiple times to modify parameter settings based on reading from multiple configuration settings. Each time, it initialized all of the settings back to their defaults before reading the specified configuration file. This patch adds a parameter to lp_load() specifying whether the settings should be initialized. It does, however, still force the settings to be initialized the first time, even if the request was to not initialize them. (Not doing so could wreak havoc due to uninitialized values.) (This used to be commit f2a24de769d1b2266e576597c57a8e3b1e2a2b51)
2007-10-10r13089: quick fix to work around building ilbnss_winbind.so on SOlaris when ↵Gerald Carter1-0/+2
--enable-developer is specified (This used to be commit 1c7787e4a11c530cec93fa210c97fbe4b38f333a)
2007-10-10r13042: Fix for bug #3248 Stefan Burkei <stefan@burkei.de>.Jeremy Allison1-1/+2
When doing auth_crap authentication use the client given workstation name not our own. Jeremy. (This used to be commit a2bb2e3e819c56b710885fc8206632e22a6ec0ce)
2007-10-10r13024: Add is_null_sid.Günther Deschner1-2/+1
GUenther (This used to be commit 3a6e41a0cb2872a656ea79c8d4fc4b8bce436492)
2007-10-10r12900: Merge from trunk:Günther Deschner2-1/+45
Correctly handle the case where users logon with an expired password. In that case pam_sm_authenticate has to return PAM_SUCESS instead of PAM_NEW_AUTHTOK_REQD or PAM_AUTHTOK_EXPIRED and pam_sm_acct_mgmt has to take care of requesting an immediate password change. (see the Linux PAM documentation). Fixes Bugzilla #1524, #3205. Tested with login, sshd, kdm and gdm on Linux. Thanks to Scott Barker <Scott_Barker@mtechIT.com>. Guenther (This used to be commit 4cb662ffd76dbe30003c618c94ccf6ebd4afb48c)
2007-10-10r12788: Since we have agreed on the case of winbindd names, we can store aGünther Deschner1-2/+5
sid_to_name lookup result already after doing a sucessfull name_to_sid lookup. Guenther (This used to be commit 2456832a6d9ad2590dc02e147cc2c2e87d5a3a7a)
2007-10-10r12787: Revert last commit that removed our logic of memorizing negativeGünther Deschner1-3/+1
name_to_sid lookups in the cache. Guenther (This used to be commit 348d309688260d17d9cdbf11fc54ad30829ceae5)
2007-10-10r12771: Apply patch from bug 3374, attempt to fix build on tru64.Volker Lendecke1-0/+4
Thanks to "The Written Word" -- whoever that is :-) Volker (This used to be commit 7d0956f0bd28728fbb8b4c24c4ed3cdcc04e2daf)
2007-10-10r12742: Don't write null sid mappings into the winbindd_cache.tdb.Günther Deschner1-1/+3
Guenther (This used to be commit 1e0124efc54810125bbfae6dce536b2c4fff62c1)
2007-10-10r12713: Remove use of uint8_t -> uint8.Jeremy Allison1-6/+6
Jeremy. (This used to be commit 4473ac4ef9c86574fc49b1e67089b59b14b6d10d)
2007-10-10r12555: Fix more load_case_table swegfaults. Arggg.Jeremy Allison1-0/+1
What I'd give for a global constructor... Jeremy. (This used to be commit c970d7d0a5ba225465dfb0980989b8817b17c643)
2007-10-10r12544: Fix segfaults in winbind, smbpasswd and netVolker Lendecke1-0/+2
(This used to be commit 9ca8edc26e66887d6333943bc6a9776352c657fc)
2007-10-10r12407: Fix returning wrong error codes and better sort out errors and stdoutGünther Deschner1-41/+49
messages. Guenther (This used to be commit 3ca735f7ad5bee53cd778f13347d48a76008d6e4)
2007-10-10r12341: add DEBUG statement.Günther Deschner1-1/+3
Guenther (This used to be commit d50098518d77f9559457f558df7d11d3f026833e)
2007-10-10r12313: Introduce yet another copy of the string_sub function:Volker Lendecke1-6/+12
talloc_string_sub. Someone with time on his hands could convert all the callers of all_string_sub to this. realloc_string_sub is *only* called from within substitute.c, it could be moved there I think. Volker (This used to be commit be6c9012da174d5d5116e5172a53bbe6486d6c38)
2007-10-10r12273: Fix copy paste error.Günther Deschner1-2/+2
Guenther (This used to be commit 266f5fc9af6a07bc1f1432e716e6c528e9048533)
2007-10-10r12193: Fix some typos.Günther Deschner3-3/+3
Guenther (This used to be commit 499224f02a8722eea0d4644ca81ca55da0e9a86b)
2007-10-10r12170: Fix a segfault -- this is post-3.0.21 codeVolker Lendecke1-1/+2
(This used to be commit 8b30cf8e09944cd97e4ab959f730bf81591c2541)
2007-10-10r12163: Change lookup_sid and lookup_name to return const char * instead of ↵Volker Lendecke1-1/+1
char *, use a temporary talloc_ctx for clarity. Volker (This used to be commit b15815c804bf3e558ed6357b5e9a6e3e0fac777f)
2007-10-10r12133: Fix an uninitialized variable in new code in rpc_server/srv_samr_nt.c.Volker Lendecke1-1/+15
Fix winbind_lookup_name for the local domain, ie for aliases on a member server. Volker (This used to be commit 4ba50c823e8d61f87ab5627f15e826e73e45ffcc)
2007-10-10r12051: Merge across the lookup_name and lookup_sid work. Lets see how the ↵Volker Lendecke1-14/+27
build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2007-10-10r12045: More warning fixes... Just a few more to go.Jeremy Allison1-1/+1
Jeremy. (This used to be commit cd192ed79a531c6775cdbfb35f0eb2e0fa230ce9)
2007-10-10r11960: add 'wbinfo --separator' to get the currently active winbind_separator.Günther Deschner1-2/+19
Needed for KDM/GDM login masks. Guenther (This used to be commit abf761c8bf5e8cd3b0aba66abd5fd896035ea1ac)
2007-10-10r11867: attempt at fixing the compile issue with nss_winbind.so on HP-UX ↵Gerald Carter1-1/+3
caused by Solaris specific return codes (This used to be commit b823bcbc919d7e4b482c63cbe5b7f99e0bddd5f6)
2007-10-10r11851: Display correct error string.Günther Deschner1-1/+1
Guenther (This used to be commit 4d681f560e59dd483f580c5fe5299af6242ae7c2)
2007-10-10r11707: alt_names[i] might be NULL for i>0 also...Volker Lendecke1-1/+2
Volker (This used to be commit c8b67c2448b09b3386a5b35ed279c134d7a3ba32)
2007-10-10r11704: methods->alternate_name is not used anymore -- remove itVolker Lendecke6-87/+0
(This used to be commit 4a4f85f0ef8545b7062e9a49392d4488aa108036)
2007-10-10r11667: Fix a debug messageVolker Lendecke1-2/+3
(This used to be commit d1f506fa1353cd1b9ddba923dc17a884f7560be6)
2007-10-10r11661: Store the INFO3 in the PAC data into the netsamlogon_cache.Gerald Carter1-2/+2
Also remove the mem_ctx from the netsamlogon_cache_store() API. Guenther, what should we be doing with the other fields in the PAC_LOGON_INFO? (This used to be commit 8bead2d2825015fe41ba7d7401a12c06c29ea7f7)
2007-10-10r11652: Reinstate the netsamlogon_cache in order to workGerald Carter4-0/+100
around failed query_user calls. This fixes logons to a member of a Samba domain as a user from a trusted AD domain. As per comments on samba-technical, I still need to add (a) cache the PAC info as werll as NTLM net_user_info_3 (b) expire the cache when the SMB session goes away Both Jeremy and Guenther have signed off on the idea. (This used to be commit 0c2bb5ba7b92d9210e7fa9f7b70aa67dfe9faaf4)
2007-10-10r11651: After talking to Jeremy, commit my winbindd "Do the Right Thing" patch.Gerald Carter2-27/+64
Still needs some more testing ni domains with multiple DCs. Coming next.... (This used to be commit aaed605206a8549cec575dab31e56bf6d32f26a6)
2007-10-10r11580: fix an uninitialized variable that was causing winbindd to die in ↵Gerald Carter1-1/+1
winbindd_dual_getsidaliases() (This used to be commit c0c181826ea535adcbffb8790ad31356f7e9fc04)
2007-10-10r11573: Adding Andrew Bartlett's patch to make machine accountJeremy Allison3-18/+23
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes the auth module interface to 2 (from 1). The effect of this is that clients can access resources as a machine account if they set these flags. This is the same as Windows (think of a VPN where the vpn client authenticates itself to a VPN server using machine account credentials - the vpn server checks that the machine password was valid by performing a machine account check with the PDC in the same was as it would a user account check. I may add in a restriction (parameter) to allow this behaviour to be turned off (as it was previously). That may be on by default. Andrew Bartlett please review this change carefully. Jeremy. (This used to be commit d1caef866326346fb191f8129d13d98379f18cd8)
2007-10-10r11511: A classic "friday night check-in" :-). This moves muchJeremy Allison1-0/+2
of the Samba4 timezone handling code back into Samba3. Gets rid of "kludge-gmt" and removes the effectiveness of the parameter "time offset" (I can add this back in very easily if needed) - it's no longer being looked at. I'm hoping this will fix the problems people have been having with DST transitions. I'll start comprehensive testing tomorrow, but for now all modifications are done. Splits time get/set functions into srv_XXX and cli_XXX as they need to look at different timezone offsets. Get rid of much of the "efficiency" cruft that was added to Samba back in the day when the C library timezone handling functions were slow. Jeremy. (This used to be commit 414303bc0272f207046b471a0364fa296b67c1f8)
2007-10-10r11492: Fix bug #3224 (I hope). Correctly use machine_account_nameJeremy Allison1-2/+3
and client_name when doing netlogon credential setup. Jeremy. (This used to be commit 37e6ef9389041f58eada167239fd022f01c5fecb)
2007-10-10r11381: Correctly connect to 445 and 139 after a successful getdcname.Volker Lendecke1-3/+10
Volker (This used to be commit 440e7b3342e6b7b12208b789853962de72a9cac2)
2007-10-10r11368: Remove a memleak that just cost me half an hour: If we terminate ↵Volker Lendecke1-1/+1
inside a message handler, the list of messages from retrieve_all_messages is not properly freed. Not important, just confusing :-) Volker (This used to be commit d20388750dcfe7e0680246f7e3e6beb3a6d51a4a)
2007-10-10r11338: Move knowledge of \\ needed into rpc_client/cli_netlogonJeremy Allison1-7/+1
(this is the way it's been done in other functions). Instead of moving this into the IDL, I think the best solution would be to write a wrapper function around any call that needs this (this is what we already do for many of the calls). Jeremy. (This used to be commit aeca4efa11728be53b81967bb5442b5b09d1a975)
2007-10-10r11328: Actually verify that the bind on a pipe succeeded with a samr_connect orVolker Lendecke1-167/+196
lsa_openpolicy and fall back appropriately. In particular an ntlmssp bind failure can not be detected before the first real rpc request, at least according to abartlet :-) Works for me against w2k3, w2k and nt4. Sooner or later I should test against samba4 ... :-) Volker (This used to be commit 48a9e35208ae7b6271508085f59833e5def640e8)
2007-10-10r11324: Re-formatting before I can get a very *narrow* focus on the bugs in ↵Volker Lendecke1-59/+61
here. ;-) We can only tell if the bind succeeded on the first real RPC call. So we have to decide according to success of samrconnect whether we have to fall back. Similarly for lsaopenpolicy. Volker (This used to be commit 0603e1c8456ee87b87b051e0303a35fdbfbcf7ca)