Age | Commit message (Collapse) | Author | Files | Lines |
|
others don't get stuck with the winbindd hang.
Still waiting on additional confirmation from Guenther
that this fixes thes issues he was observing as well.
But it's been running in my local tree for a day without
problems.
(This used to be commit 0d2b80c6c4a744b05a0efdec352cddccc430e0c4)
|
|
Jerry please check.
Simo.
(This used to be commit a5354aa9a0bd860500356f45d09fce3d01649c60)
|
|
(This used to be commit 52e6a2ceab794875781575ed17ec86808f6e26da)
|
|
changed a password via pam_chauthtok. Only do this if
a) a user logs on using an expired password (or a password that needs to
be changed immediately) or
b) the user itself changes his password.
Also make sure to delete the in-memory krb5 credential cache (when a
user did not request a FILE based cred cache).
Finally honor the krb5 settings in the first pam authentication in the
chauthtok block (PAM_PRELIM_CHECK). This circumvents confusion when
NTLM samlogon authentication is still possible with the old password after
the password has been already changed (on w2k3 sp1 dcs).
Guenther
(This used to be commit c3005c48cd86bc1dd17fab80da05c2d34071b872)
|
|
on terminate. Pointed out by Herb.
Jeremy.
(This used to be commit 08998b74a51acd55eb6cbe095e682e2a79334736)
|
|
Guenther
(This used to be commit 5c4a58ff3ab261e32789f39f2cf478367b727318)
|
|
Guenther
(This used to be commit ad063d9a944e923777e538c2cb050d47f9f8bea0)
|
|
(This used to be commit aa8f306fa545af653d8288919fa5a3b80f447bec)
|
|
(This used to be commit 9fe5f7885771e68b11c7794653d0e4771eeac403)
|
|
allow detection of libbiconv if all others fail - need for FreeBSD
(This used to be commit 7acc9421b0643cb04bff1f1d98ecb899f9b09601)
|
|
_nss_winbind_initgroups_dyn() on an empty group list.
Guenther
(This used to be commit 155b9e7c74d1a623e018fc2f8ca2e32e4aa3f213)
|
|
Avoid assigning 0 as primary group id for users in NSS calls.
Jerry, please check.
Guenther
(This used to be commit 03f5f7d0140c99411c137e7e2eac7e2d0c08202e)
|
|
Jeremy, I'm afraid you removed the "domain->initialized" from the
set_dc_types_and_flags() call when the connect to PI_LSARPC_DS failed
(with rev. 19148).
This causes now that init_dc_connection_network is called again and
again which in turn rescans the DC each time (which of course fails each
time with NT_STATUS_BUFFER_TOO_SMALL). Just continue with the
non-PI_LSARPC_DS scan so that the domain is initialized properly.
Guenther
(This used to be commit c6f63a08f55a4121cbe5aac537d2ef983dc25a97)
|
|
Guenther
(This used to be commit 639b7989b3ad1438a443a33dc41115bcc90f72d2)
|
|
Guenther
(This used to be commit e3c32583795631212dc0d5cd01981b27cde2a489)
|
|
print NSS_STATUS code with DEBUG_NSS when leaving a function.
Guenther
(This used to be commit 53ecd63d94fd0a502ef5cdeb512c8e38795698e1)
|
|
Guenther
(This used to be commit dcbf7a1250aa5c6293ffba6a930ee23537ec9484)
|
|
Cached logon with pam_winbind should work now also for NT4 and samba3
domains.
Guenther
(This used to be commit b2f91154820219959b8008b15802c70e1d76d158)
|
|
Guenther
(This used to be commit 5a7b2fccb3cdc6a849aedcd256eea86faec1d54c)
|
|
Guenther
(This used to be commit 968dfcc8218cacdd97c2c66929e95f5062ff464a)
|
|
Guenther
(This used to be commit 16c90f30b93f32c4f8fed00a6cc154c596e4244d)
|
|
(This used to be commit 5c3edad86098c5271cb141b8f7885ca7f5b48072)
|
|
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".
Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).
Guenther
(This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
|
|
(This used to be commit 509ae5ffa17be340c41fecaaace75816c18316c6)
|
|
dleonard@vintela.com for this fix !
Jeremy.
(This used to be commit 70b5db7d8c6aa324ad98436fe3fafe715c04c5a8)
|
|
from both idmap_ldap_{alloc,db}_init()
* Fix the backwards compat support in idmap_ldap.c
* Fix a spelling error in the idmap_fetch_secret() function name
(This used to be commit 615a10435618abb89852910a0d36c1d9ff35647f)
|
|
(This used to be commit 01af19cc9d8e282ffd6ff6b52699ed2d0369ff69)
|
|
the PAM_SUCCESS block.
Guenther
(This used to be commit f4a704745cb0bd2c5dc2a9b16619d8ee30fd7ba1)
|
|
* Consolidate all pam_winbind password expiry warnings in the one
_pam_send_password_expiry_message() call.
* Also convert some more NTSTATUS codes to error messages.
* Add paranoia check to only do all the post-processing after PAM_SUCCESS.
Guenther
(This used to be commit 02713f314b65a14e659e801f7eebea453756ac44)
|
|
Set info3 strings, krb5ccname and returned username after we changed a
password and sucessfully re-authenticated afterwards. In that case we
ended up without this information.
Guenther
(This used to be commit 034d42ba7236e67303a8221b7a613799d1a61b83)
|
|
pam_winbind.
Guenther
(This used to be commit 1feb961577475dceb97948cd2fdb987005890498)
|
|
Guenther
(This used to be commit 86b34cd5d6675c8f0a0becdcded36de4a815c898)
|
|
Guenther
(This used to be commit 97a0b1b79499af10930500ce857c93ffbacfdb6e)
|
|
calling application.
Guenther
(This used to be commit ebfae9a671d2c960178228ba7fdcd07cb2f49a05)
|
|
(This used to be commit 1d46b2ae3447b3521987b2ab1064a6ea314cfa07)
|
|
lookup when we actually are. Although the Linux nss winbind backend
protects against num_mem != 0 && buf == NULL.
Guenther
(This used to be commit a9ac4630b46242f88bd7a4e92511b55cc82e9940)
|
|
Guenther
(This used to be commit cdef1d00b89abd632281d428f1e1a6b322559af4)
|
|
Guenther
(This used to be commit 1b82c5fa0e363942947453a8e1b74aa2b95d8733)
|
|
received NT_STATUS_PASSWORD_RESTRICTION.
Guenther
(This used to be commit 2ac9cb3bbd1980df54f1b6cc2cfb823be43f3230)
|
|
requests in pam_winbind (Bug #4094).
Inspired by fix from Lars Heete.
Guenther
(This used to be commit 88e2185d2913e835e074dc3cc4ab1c631c3296a5)
|
|
(This used to be commit 5c36d67d272a52f58532daa3c3c09b8f8b6a34e0)
|
|
Guenther
(This used to be commit 08ca5ea6f1b09506055b2508aa79704f39b3bbd7)
|
|
(This used to be commit 6b754f7c96400d5d1f14e807aac0aa925c45eefb)
|
|
online handler for internal (local SAM, BUILTIN) childs. Jeremy, please
check.
Guenther
(This used to be commit 7d0e2e70684a7e3d377f56ed0244ed136b0b1a99)
|
|
have a build failure in 3.0.24 in event_add_timed ?
Jeremy
(This used to be commit ede30a8b4b705808d9c46ae848f5cbd89a808cdc)
|
|
we may not just assume that we look for our own realm's dcs next.
Guenther
(This used to be commit bf0c4ce7b1194e18cc16a044b042d0066463cf87)
|
|
on the samba-technical ml. The replacement character is hardcoded
as a '_' for now.
(This used to be commit bd8238417b8d692ed381a870901ff1ee4cfa80f6)
|
|
void message_register(int msg_type,
void (*fn)(int msg_type, struct process_id pid,
- void *buf, size_t len))
+ void *buf, size_t len,
+ void *private_data),
+ void *private_data)
{
struct dispatch_fns *dfn;
So this adds a (so far unused) private pointer that is passed from
message_register to the message handler. A prerequisite to implement a tiny
samba4-API compatible wrapper around our messaging system. That itself is
necessary for the Samba4 notify system.
Yes, I know, I could import the whole Samba4 messaging system, but I want to
do it step by step and I think getting notify in is more important in this
step.
Volker
(This used to be commit c8ae60ed65dcce9660ee39c75488f2838cf9a28b)
|
|
lived in trustdom_recv().
Jeremy, this is the better place I think but please check.
Guenther
(This used to be commit beed8b8b320ae9bd8aef669564a5403e4bb35bfd)
|
|
outside the idmap daemon
(This used to be commit 57160e3dd96a7a776389da604393c20a738202ea)
|