summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r20725: Get rid of a bool passed down -- gd, please checkVolker Lendecke2-4/+1
(This used to be commit 1ef910f423a9ec69af6abf5a4e2137e8a4e81755)
2007-10-10r20687: Implement grace logons for offline authentications in pam_winbind.Günther Deschner3-21/+45
In case a user authenticated sucessfully and his password just expired while beeing disconnected, we should allow a user to logon (given a clear warning). We currently forced the user into a password change dialogue in that scenario; this did not make much sense while offline. Guenther (This used to be commit 668b278653acfc4de7807834988f7af557e608a5)
2007-10-10r20651: Fix "password expires soon" warning message for pam_winbind.Günther Deschner1-12/+67
We were incorrectly calculating the days until the password expires and we also need to look at the info3 pass_must_change_time for expiry calculation. Guenther (This used to be commit 22d79237127a064a934928d175182adecc6300de)
2007-10-10r20536: In the offline PAM session close case the attempt to delete aGünther Deschner1-1/+5
non-existing krb5 credential cache should not generate an error. Guenther (This used to be commit 11c6f573af5c1d3387e60f3fc44b00e28cd87813)
2007-10-10r20530: Don't want this call to get inadvertently re-added :-).Jeremy Allison1-3/+0
Jeremy. (This used to be commit 68c4fbcf3397d6c43a3e5809b20a23116b1f8a31)
2007-10-10r20489: Missed patch ofthe forest_name patch for lookupnameGerald Carter1-4/+8
(This used to be commit 25c4ebb55f425816e033491138f1216125de6edb)
2007-10-10r20488: When joined to a child domain in a multi-domain/single domain tree,Gerald Carter3-6/+89
the child domain cannot always resolve SIDs in sibling domains. Windows tries to contact a DC in its own domain and then the root domain in the forest. This async changes makes winbindd's name2sid() call do the same. (This used to be commit 7b2bf0e5a6b8d4119657c7a34aa53c9a0c1d5723)
2007-10-10r20355: Fix some C++ warningsVolker Lendecke2-3/+3
(This used to be commit f103c301b18f2eeb5203634cb6b50fa79f57a93b)
2007-10-10r20330: And here's the fix for the parent winbindd crashingJeremy Allison1-0/+5
after it's child died unexpectedly whilst the parent was waiting for a reply. We need to clean up the request we're not going to service, plus we still need to call the continuation function with a "False" flag so it can clean things up. Still testing this, but I think I'm right. Jeremy (This used to be commit 9b04ac0c8104d626697978697d4d8bae791a7edd)
2007-10-10r20329: Fix a winbindd crash bug. If someone pullsJeremy Allison1-5/+7
the network cable out of the machine *exactly* after the init_dc_connect() call in cm_connect_sam() or cm_connect_lsa() call succeeded but before any of the other calls fail, and they have debug level 10 set in the log, then we'd crash due to dereferencing a now NULL pointer (conn->cli gets set to NULL when the init_dc_connect() call called from cm_get_schannel_dcinfo() fails). Yes, before you ask this *did* happen on a customer site :-). Jeremy. (This used to be commit a0278a0cb062500ba97e237d02f55855b68719ec)
2007-10-10r20304: Smaller fixes for pam_winbind:Günther Deschner1-30/+65
* fail on invalid credential flags in pam_sm_setcred * parse config file for pam_sm_acct_mgmt and pam_sm_open_session Guenther (This used to be commit 2a428ac814d03880de63656ea97827126ccfec5c)
2007-10-10r20296: If we're going to overwrite krb5.confJeremy Allison1-15/+12
only do it for our primary domain. Jeremy. (This used to be commit 61d31ce0089fe906d052c971321ce99fede0e240)
2007-10-10r20290: Remove unused callSimo Sorce1-9/+1
(This used to be commit 4920265c31e073cbc0fdbfbe42dc8e47dbadca54)
2007-10-10r20289: IDMAP is part of winbind but not the main process.Simo Sorce3-36/+50
Make sure we route all request to remote DCs via the main process so that IDMAP can correctly reuse DC connections and use the async interface. This fixes also idmap_nss so that it is able to resolve local group names (requires patch on the samba dc earlier committed to SAMBA_3_0 to make it resolve both the mapped and the unmapped name). Simo. (This used to be commit 4297510f22c3fd60afd062e3c5eb142be2122b16)
2007-10-10r20287: Allow a NULL sid when setting up the list of trusted domains.Gerald Carter1-2/+7
(This used to be commit ccea7155bc8c22816f2622e604e0ef76109487f1)
2007-10-10r20279: Fix winbind segfault in winbindd_getsidaliases.Günther Deschner1-4/+15
Jeremy: sidstr formerly could be NULL (when num_aliases was 0), since we strdup here it needs to exist. Guenther (This used to be commit 29396a1bd8ebd6d951f35941b13c9c61593ae6d3)
2007-10-10r20270: Even with the dual daemon mode the parent winbinddJeremy Allison2-3/+26
still needs to contact the DC's for non async requests like enumerate users/groups etc. Now that online DC detection is tied to async events we must enable the processing of events in the main loop of winbindd. Finally got rid of the last hard coded domain->initialized = 1 code in init_child_recv() - now all domain->initialized = True gets done only in the connection manager code when either we're online and have spoken to the DC or are offline and we know we can't talk to the DC. Jeremy. (This used to be commit b3c98057fbad182f6c05c5daec6cd258dd491064)
2007-10-10r20269: merge -r20264:20267 from SAMBA_3_0_24Herb Lewis3-1/+45
more no previous prototype warnings (This used to be commit 41be182f78762372ae13759ede5d2bd40a71d7f5)
2007-10-10r20261: merge 20260 from samba_3_0_24Herb Lewis1-1/+1
clean up a bunch of no previous prototype warnings (This used to be commit c60687db112405262adf26dbf267804b04074e67)
2007-10-10r20254: The pam_chauthtok needs to go through the async interface as well.Günther Deschner2-14/+27
This fixes pam password changes in the online case. Guenther (This used to be commit 2d2de1ac27180756df095c586211fe2e7694b94e)
2007-10-10r20252: Revert back to const, but I have a fleble feeling we should go the ↵Simo Sorce1-1/+1
ther way. (This used to be commit 2048d491507cef1ac87da4fd2fedc458aae5a97d)
2007-10-10r20250: If we've come from being globally offline weJeremy Allison1-10/+26
don't have a check online event handler set. We need to add one once we're been asked to go back online as this is the only way to actually go into the online state. Doh ! :-). Jeremy. (This used to be commit 5d36c4e0313c2d735242dfdd57343372be59c6e1)
2007-10-10r20249: Fail when parsing invalid options in _pam_parse.Günther Deschner1-1/+2
Guenther (This used to be commit f6c9421abdf5731e894cd2ccc1b7431a3c368bbf)
2007-10-10r20245: merge 20244 from samba_3_0_24Herb Lewis1-3/+3
get rid of more nested extern declarations warnings (This used to be commit e9df051f5201843e3428ddbed7a719553c2e799a)
2007-10-10r20242: these are not really const as we set them in the functionSimo Sorce1-1/+1
(This used to be commit 6a0260fb04f4f9066cbc9eea495141ab3f515b47)
2007-10-10r20241: Slightly improve readability of the pam_vsyslog replacement function.Günther Deschner1-6/+5
Guenther (This used to be commit 222320373f8a251fc2cf3ff8c3fec93a7a48f9df)
2007-10-10r20240: Be a little more verbose about the credential flags when the debug flagGünther Deschner1-2/+16
is set. Guenther (This used to be commit ecbab58826a51ace2a0d1181a41391f5d170ff06)
2007-10-10r20239: Parse the configfile for pam_sm_setcred as wellGünther Deschner1-1/+7
(e.g. to get the debug flag) Guenther (This used to be commit 2c549f71f15b066ac1f415544848b582558abd5d)
2007-10-10r20218: Same fix as r20217 -- can we consolidate that duplicated code a bit?Volker Lendecke1-8/+16
(This used to be commit fdb310f57932ac3b3fd09721e6b6494b30ad57af)
2007-10-10r20217: uid_t and gid_t are not necessarily 32 bit. In assignments we get an ↵Volker Lendecke1-8/+12
automatic conversion, but not when we pass pointers down to other functions. Simo, please check. Volker (This used to be commit 04845f600b2ac9a129b3ecdb1e9060a5d8502830)
2007-10-10r20216: Fix fallback code.Simo Sorce1-11/+13
A reversed check made it impossile to fallback to the Unix Domain mapping code. Also fix a potential use of a freed array. Jerry, my tests shows that this code now correctly handle the fallback to Unix Domain when our Domain member is asked for a mapped group that has a unix name different from the Windows name against a Samba DC and we do not use winbindd but share users/groups by other means (ldap / sync of passwd and group files) Immediate Fix would be to discuss if we should answer back when DOMAIN\unixgroup -> SID is asked for, in the case the unixgroup name is mapped to a different name. IE: DOMAIN\Domain Admins -> ntadmins Currently if we are asked for "DOMAIN\Domain Admins" we return the dom admins SID If we are asked for "DOMAIN\ntadmins we return "not found", but we may consider to return the Domain admins SID in this case too. Comments are welcome on this point! Long term fix I think is the unixinfo pipe and of course an idmap_unixinfo moudle. Simo. (This used to be commit 07bdbb4c215461a721f9b608bd375387b96ababb)
2007-10-10r20207: Fix a couple more places where extra_data wasJeremy Allison2-5/+8
being talloc'ed off the NULL context instead of being malloced. Jeremy. (This used to be commit 47bdeb4efeaa5a441ad2d39bb3b94d72263e66e4)
2007-10-10r20206: Start cleaning up the talloc_ctx mess.Jeremy Allison4-13/+20
child->mem_ctx isn't actually used for anything, so remove it. Jeremy. (This used to be commit a7f294b59238826c11e579a7b1a4dca7284bb89d)
2007-10-10r20186: Fix winbind crash bug in WINBIND_GETGROUPS.Günther Deschner1-2/+3
response_extra_sent() expects to free a malloced extra_data.data while the add_XX_to_array functions all return talloced memory now. Jeremy, please check. Guenther (This used to be commit 9f34c9f3695757819d728a17a1497247ea479ebf)
2007-10-10r20180: Ensure that pam returns the correct error messagesJeremy Allison2-48/+91
when offline and or doing password changes. Jeremy. (This used to be commit 4a74c553845c960a355ddb86abaadfe0d550271f)
2007-10-10r20171: Don't delete the krb5 credential if others still reference to it.Günther Deschner2-21/+37
Guenther (This used to be commit a1378979be4fe5ac5148b0a7830859aebb97838c)
2007-10-10r20155: revert, I misreadSimo Sorce1-1/+1
(This used to be commit 20aa6322efe617f928c5cf2224a7660ca6525297)
2007-10-10r20154: Fix nasty typo, hunting another bugSimo Sorce1-1/+1
(This used to be commit bf8dc44cc2892a784ec3a118abc0abb1018fbde4)
2007-10-10r20151: remove meaningless checksSimo Sorce1-8/+0
(This used to be commit 33a55f0cfc0c5eb3f3cfa8276fa258349ad42f8d)
2007-10-10r20150: better memory handling for some functions, make sure we don'tSimo Sorce4-17/+35
leak memory by using the wrong(long lived) mem context (This used to be commit a28cdd6e742cb72a728bd337546ee95fd4160ed8)
2007-10-10r20146: Now online checks are fully async we can do themJeremy Allison1-7/+1
every cache timeout times. Jeremy. (This used to be commit 5d364bc5ccc45b8d7bf3e484d16b37ac9e06b5cf)
2007-10-10r20140: Make online/offline detection completely asynchronous.Jeremy Allison2-23/+181
Now I've done this I might be able to reduce the probe timeout and reduce the backoff algorithm, going back to checking every cache time seconds (5 mins by default), as the parent or forked domain child will never block. Jeremy. (This used to be commit d0add5f946cf63ea43067e8e935876b5346d11de)
2007-10-10r20136: Fix #4290. Properly compute time to password expiration in message fromJim McDonough1-1/+2
pam_winbind. Thanks to Andrew Benham <andrew.benham@thus.net> (This used to be commit 0d03f5137936546253a8b3334995f536f3621d57)
2007-10-10r20124: clean up nested extern declaration warningsHerb Lewis5-13/+15
(This used to be commit ac3eb7813e33b9a2e78c9158433f7ed62c3b62bb)
2007-10-10r20118: Fix some more warningsSimo Sorce2-8/+3
(This used to be commit b6db21ff65139f45a1789105241e4018b61ca472)
2007-10-10r20117: 1st Error in the mergeSimo Sorce1-1/+1
(This used to be commit 5e46c43a2e4b9a3ee8f1f219c96a6b132bb09322)
2007-10-10r20116: Start merging in the work done to create the new idmap subsystem.Simo Sorce20-1021/+6580
Simo. (This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)
2007-10-10r20090: Fix a class of bugs found by James Peach. EnsureJeremy Allison6-35/+93
we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2007-10-10r20087: Ensure we clean up any random pending events weJeremy Allison1-2/+8
may have inherited from our parent in the winbindd forked child. Jeremy. (This used to be commit 0a1352f440a9d9b974ad8d571b2e48a43a15b6cc)
2007-10-10r20082: When fork_domain_child is forked when we're offlineJeremy Allison1-0/+11
the child inherits *all* active check_online timout handlers. This is bad when it's not our domain (ie. BUILTIN). Jeremy. (This used to be commit 8d815ec4c103a83ef7cea0ae5fc64681f6bcb48a)