summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r18533: Ensure we clear out the failed connection cache for an entireJeremy Allison1-2/+2
domain when going back online. Jeremy. (This used to be commit c7e4c8d0b4d109ec67d4424dd446b74b55246c72)
2007-10-10r18525: Be a little less agressive about going back online when requested.Jeremy Allison1-7/+15
Jeremy. (This used to be commit 9a0066278c30b123eeaed8213294b6d81a339524)
2007-10-10r18511: Ops, fix the build.Günther Deschner1-1/+1
Guenther (This used to be commit 20de0b4823abb59518b7ffb495120494e705df7a)
2007-10-10r18510: Protect against storing null-sids in the winbind cache.Günther Deschner1-0/+8
Guenther (This used to be commit b04c8d46efc67e013b976e0ba1be558b70a1f899)
2007-10-10r18509: We must always canonicalise the usernames to be UPPERCASE DOMAIN,Jeremy Allison1-2/+3
lowercase username. We cache names as keys in this form, and we weren't always returning this.... Jeremy. (This used to be commit 205aa2b70d647460ca5a273caad7717312f53aab)
2007-10-10r18507: Added debug log for returned username.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 7644fa70ba4f7c88d887930e23b5ee2e1632473b)
2007-10-10r18506: Fix online requests to cause an immediate DC connection.Jeremy Allison2-8/+38
Jeremy. (This used to be commit 03b1699fa7d94fd637ff8c3bd2c59358673d2607)
2007-10-10r18484: Start some cleanup on pam_winbind's syslogging:Günther Deschner2-114/+160
* as openlog() is non-reentrant and pam_winbind thereby overrides the syslog settings of the calling application, directly call syslog (or pam_vsyslog if available) * support the PAM_SILENT flag to avoid any log messages beeing created Guenther (This used to be commit 0f7e37ffc4759a4e29f63ab83f39ddb31c8240f6)
2007-10-10r18476: Protect ourselves from bad cached creds a littleJeremy Allison1-2/+30
better - don't just panic - delete them. Jeremy. (This used to be commit 4c54b75076442d239ae374b236c6f33aafece981)
2007-10-10r18473: Once we go online, trigger a "get krb5 ticket event"Jeremy Allison1-0/+6
immediately if we were waiting on one. Jeremy. (This used to be commit 6dc8f9042f057e1f9aff46042a0fe697cb8a912c)
2007-10-10r18411: Getting a zero length read is common. Don't log atJeremy Allison1-1/+1
debug level zero. Jeremy. (This used to be commit e23caeb7b57b0b1bbc2f8b6abf34166f271a88fa)
2007-10-10r18271: Big change:Gerald Carter14-77/+77
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r18259: Fix the non-krb5 builds.Günther Deschner1-1/+2
Guenther (This used to be commit 576488933b8e04ddd6cb45a7992374efe174a404)
2007-10-10r18239: THIS IS GUENTHER'S WORK !!! He's allowing me to mergeJeremy Allison3-51/+219
this at the moment as I'm working on this area. Thanks a lot Guenther. Add the capability to get krb5 tickets even if we log on in the offline state and have to cache the credentials. Once we go online we should start getting krb5 tickets again. Currently this code waits until lp_winbind_cache_time() seconds (5 minutes by default) before getting tickets. This is correct in the DC down case, but not in the global offline -> online case. I'll later add a trigger to force an immediate refresh on the offline -> online state transition. Jeremy. (This used to be commit 04fe034f4a222c83a8d788040f7edc370afe9fa6)
2007-10-10r18224: Paranoia - ensure the oplock event handler isJeremy Allison1-1/+10
removed immediately in the handler. Extra debug info tracking down winbindd DC selection. Jeremy. (This used to be commit 7ba9b6ce588f716589e9f88ed146fad36c4b3758)
2007-10-10r18199: Allow winbindd to delete a saf_ entry if it knowsJeremy Allison1-0/+4
it can't talk to it. Jeremy. (This used to be commit 7385a076f8fd351472d37d9363304948e88f9f99)
2007-10-10r18196: Fix debug message (this should be online not offline).Jeremy Allison1-1/+1
Jeremy. (This used to be commit 9c943dfe2d23e2d01df53ac81625278d4f870aa3)
2007-10-10r18192: Fix the build.Jeremy Allison1-1/+1
Jeremy. (This used to be commit aa62bb6b4ccb46a58bbe8f46d552a062ca06c238)
2007-10-10r18191: Fix the online/offline state handling of winbindd.Jeremy Allison5-24/+145
Instead of trying to do this in the winbindd_cache entries, add a timed even handler to probe every 5 mins when disconnected. Fix events to run all pending events, rather than only one. Jeremy. (This used to be commit 7bfbe1b4fb9a91c6678035f220bbf0b4f5afdcac)
2007-10-10r18189: When tearing down a connection we can be harsherJeremy Allison1-5/+29
with timeouts. Also, wait for 5 seconds not 10 on connecting to a DC. Jeremy. (This used to be commit 6792460ba6a198646404abae10979489ca03ca5c)
2007-10-10r18188: merge 3.0-libndr branchJelmer Vernooij3-14/+14
(This used to be commit 1115745caed3093c25d6be01ffee21819fb0a675)
2007-10-10r18167: Adding DEBUG() to winbinds refresh seqnum to track down a failure.Günther Deschner1-0/+1
Guenther (This used to be commit 8bf197ee1658616448dcb752f51743365070901a)
2007-10-10r18158: Stop winbindd from accumulating memory creds infinitely when doingGünther Deschner2-16/+25
pam offline logons. Guenther (This used to be commit 95788cb291b89b431972e29e148b412992cc32a5)
2007-10-10r18128: Don't forget to set the ref count to 1 on a referenceJeremy Allison1-0/+1
counted struct. Doh ! Jeremy. (This used to be commit 8c78386e8da72108551cff72a6cc9da89264ddee)
2007-10-10r18107: Only do a SAF realm store if the logon was krb5.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 131682461c87973ac9ce0e2d097ad4d7b7afb23c)
2007-10-10r18063: When we get a successful connection using ADS,Jeremy Allison1-0/+3
cache the SAF name under both the domain name and the realm name, as we could be looking up under both. Jerry please check. Jeremy. (This used to be commit 9d954d2deb46698b3834c7caf5ee0cfe628086b5)
2007-10-10r18062: Fix to ensure the name used by pam matches theJeremy Allison2-8/+60
name that will be returned by winbindd. This (should) fix the bug where the user logs in with DOMAIN\user but winbindd returns only "user" for the username due to 'winbind use default domain' being set. Jeremy. (This used to be commit 1b2aa17354d50740902010f4a1e0217c8b1f7bdd)
2007-10-10r18047: More C++ stuffVolker Lendecke1-4/+7
(This used to be commit 86f4ca84f2df2aa8977eb24828e3aa840dda7201)
2007-10-10r18028: Fix warnings on non-krb5 systemsVolker Lendecke2-13/+21
(This used to be commit 30df6cb65f2dcc1829ea362ea0bc2a5e10f9819a)
2007-10-10r18019: Fix a C++ warnings: Don't use void * in libads/ for LDAPMessage anymore.Volker Lendecke1-11/+11
Compiled it on systems with and without LDAP, I hope it does not break the build farm too badly. If it does, I'll fix it tomorrow. Volker (This used to be commit b2ff9680ebe0979fbeef7f2dabc2e3f27c959d11)
2007-10-10r18015: Try and detect network failures immediately inJeremy Allison1-5/+12
set_dc_type_and_flags(). Fix problem when DC is down in ads_connect, where we fall back to NetBIOS and try exactly the same IP addresses we just put in the negative connection cache.... We can never succeed, so don't try lookups a second time. Jeremy. (This used to be commit 2d28f3e94a1a87bc9e9ed6630ef48b1ce17022e8)
2007-10-10r18010: Ensure we don't timeout twice to the sameJeremy Allison1-8/+11
server in winbindd when it's down and listed in the -ve connection cache. Fix memory leak, reduce timeout for cldap calls - minimum 3 secs. Jeremy. (This used to be commit 10b32cb6de234fa17fdd691bb294864d4d40f782)
2007-10-10r17997: Ensure lockdir exists for winbindd. Store tmpJeremy Allison1-0/+4
krb5.conf files under lockdir, not privatedir. Jeremy. (This used to be commit c59eff3e53f5bfae3a9fb136e8566628339863ad)
2007-10-10r17994: Add debugs that showed me why my site code wasn'tJeremy Allison1-0/+1
working right. Don't update the server site when we have a client one... Jeremy. (This used to be commit 7acbcf9a6c71f8e7f9167880488613c930cef4d9)
2007-10-10r17947: Remove extra const.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 86bfac33e35ee636581b88eb2ff55800c48b9a7b)
2007-10-10r17945: Store the server and client sitenames in the ADSJeremy Allison1-1/+1
struct so we can see when they match - only create the ugly krb5 hack when they do. Jeremy. (This used to be commit 9be4ecf24b6b5dacf4c2891bddb072fa7543753f)
2007-10-10r17943: The horror, the horror. Add KDC site support byJeremy Allison1-26/+37
writing out a custom krb5.conf file containing the KDC I need. This may suck.... Needs some testing :-). Jeremy. (This used to be commit d500e1f96d92dfcc6292c448d1b399195f762d89)
2007-10-10r17937: Move the saf_ cache into the tcp ad connection code.Jeremy Allison1-2/+16
Cause winbindd to set site support before doing the generic AD server lookup. Jeremy. (This used to be commit a9833941715472ece747bce69ef53ba8ad98d7a5)
2007-10-10r17897: Store the uid in the memory creds. Don't request theJeremy Allison4-11/+27
krb5 refresh creds when doing cached NTLM auth, request the memory creds instead. Jeremy. (This used to be commit 310ac0b226edcfd5bedc2c3305a05993db20c7af)
2007-10-10r17881: Another microstep towards better error reporting: Make ↵Volker Lendecke1-1/+2
get_sorted_dc_list return NTSTATUS. If we want to differentiate different name resolution problems we might want to introduce yet another error class for Samba-internal errors. Things like no route to host to the WINS server, a DNS server explicitly said host not found etc might be worth passing up. Because we can not stash everything into the existing NT_STATUS codes, what about a Samba-specific error class like NT_STATUS_DOS and NT_STATUS_LDAP? Volker (This used to be commit 60a166f0347170dff38554bed46193ce1226c8c1)
2007-10-10r17837: Split out the storing of memory cached credentialsJeremy Allison4-201/+422
from the krb5 ticket renewal code. This allows cached credentials to be stored for single sign-on via ntlm_auth for machines in a domain still using NTLM. Also (hopefully) fixes the reference counting problem with pam_logon/logoff so multiple logons/logoffs won't lose cached credentials. This compiles, but I'm intending to test it over the weekend so don't complain too much :-). I also want it in the tree so Coverity can scan it for errors. Guenther, check this over please - I ran through the architecture with Jerry and he's ok with it, but this is modifying your code a lot. Jeremy. (This used to be commit 679eeeb91155dad3942efde6ae9f8d81faf18c5b)
2007-10-10r17723: * BUG 3969: Fix unsigned time comparison with expiration policy from ↵Gerald Carter4-47/+27
AD DC * Merge patches from SLES10 to make sure we talk to the correct winbindd process when performing pam_auth (and pull the password policy info). (This used to be commit 43bd8c00abb38eb23a1497a255d194fb1bbffffb)
2007-10-10r17630: Looks like getpeerid() is a system function onJeremy Allison1-1/+1
FreeBSD. Change to sys_getpeerid(). Thanks to vl for pointing this out. Jeremy. (This used to be commit dd0069cfcabb25dc7dc0d336696a5f2580abb5a1)
2007-10-10r17618: Not using a cache version number (yet). We really should...Jeremy Allison1-1/+0
Jeremy (This used to be commit b711587f6e33bc5781b15da7bc49b31db4653073)
2007-10-10r17617: Take Andrew Bartletts excellent advice and don't storeJeremy Allison3-10/+63
the nt hash directly in the winbindd cache, store a salted version (MD5 of salt + nt_hash). This is what we do in the LDAP password history code. We store this salted cache entry under the same name as an old entry (CRED/<sid>) but detect it on read by checking if there are 17 bytes of data after the first stored hash (1 byte len, 16 bytes hash). GD PLEASE CHECK. Jeremy. (This used to be commit 89d0163a97edaa46049406ea3e2152bee4e0d1b2)
2007-10-10r17616: Add the lm and nt hashes to the cached credentialsJeremy Allison3-28/+52
stored - only store the password if we're going to be doing a krb5 refresh. GD please review this change ! Now to add code to reference count the cached creds (to allow multiple pam_logon/pam_logoffs to keep the creds around), ensure that the cred cache is called on all successful pam_logons (if we have winbindd cache pam credentials = true, set this by default) and finally ensure the creds cache is changed on successful password change. GD - you *really* need to review this :-). Jeremy. (This used to be commit 017e7e14958d29246a1b221e33755bb91e96b08f)
2007-10-10r17610: Added the ability for firefox to drive the winbinddJeremy Allison5-4/+310
ntlm_auth module to allow it to use winbindd cached credentials.The credentials are currently only stored in a krb5 MIT environment - we need to add an option to winbindd to allow passwords to be stored even in an NTLM-only environment. Patch from Robert O'Callahan, modified with some fixes by me. Jeremy. (This used to be commit ae7cc298a113d8984557684bd6ad216cbb27cff3)
2007-10-10r17605: Some C++ warningsVolker Lendecke9-28/+48
(This used to be commit 05268d7a731861b10ce8556fd32a004808383923)
2007-10-10r17584: Some C++ WarningsVolker Lendecke1-1/+1
(This used to be commit f6194cf4b263454bbdf180a7d014ffc3498df497)
2007-10-10r17571: Change the return code of cli_session_setup from BOOL to NTSTATUSVolker Lendecke1-8/+10
Volker (This used to be commit 94817a8ef53589011bc4ead4e17807a101acf5c9)