summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r21144: Create more accurate warning message when the pam_winbind chauthtok hasGünther Deschner1-12/+76
received NT_STATUS_PASSWORD_RESTRICTION. Guenther (This used to be commit 2ac9cb3bbd1980df54f1b6cc2cfb823be43f3230)
2007-10-10r21143: Fix wrong check for pam error codes for getpwnam and lookup winbindGünther Deschner1-13/+26
requests in pam_winbind (Bug #4094). Inspired by fix from Lars Heete. Guenther (This used to be commit 88e2185d2913e835e074dc3cc4ab1c631c3296a5)
2007-10-10r21130: Don't mix SAFE_FREE() and TALLOC_FREE().Gerald Carter1-1/+1
(This used to be commit 5c36d67d272a52f58532daa3c3c09b8f8b6a34e0)
2007-10-10r21122: Simplify code in pam_winbind a bit.Günther Deschner1-23/+20
Guenther (This used to be commit 08ca5ea6f1b09506055b2508aa79704f39b3bbd7)
2007-10-10r21112: fix const compile warningGerald Carter1-2/+2
(This used to be commit 6b754f7c96400d5d1f14e807aac0aa925c45eefb)
2007-10-10r21106: We neither need a account lockout policy handler nor a check domainGünther Deschner1-1/+2
online handler for internal (local SAM, BUILTIN) childs. Jeremy, please check. Guenther (This used to be commit 7d0e2e70684a7e3d377f56ed0244ed136b0b1a99)
2007-10-10r21101: Remove "unused" warning from Jerry's code. We stillJeremy Allison1-1/+0
have a build failure in 3.0.24 in event_add_timed ? Jeremy (This used to be commit ede30a8b4b705808d9c46ae848f5cbd89a808cdc)
2007-10-10r21098: When get_dc_name_via_netlogon() in get_dcs() fails to find a trusted DCGünther Deschner1-2/+2
we may not just assume that we look for our own realm's dcs next. Guenther (This used to be commit bf0c4ce7b1194e18cc16a044b042d0066463cf87)
2007-10-10r21070: * Add the new boolean 'winbind normalize names' option as discussedGerald Carter4-2/+49
on the samba-technical ml. The replacement character is hardcoded as a '_' for now. (This used to be commit bd8238417b8d692ed381a870901ff1ee4cfa80f6)
2007-10-10r21064: The core of this patch isVolker Lendecke3-21/+35
void message_register(int msg_type, void (*fn)(int msg_type, struct process_id pid, - void *buf, size_t len)) + void *buf, size_t len, + void *private_data), + void *private_data) { struct dispatch_fns *dfn; So this adds a (so far unused) private pointer that is passed from message_register to the message handler. A prerequisite to implement a tiny samba4-API compatible wrapper around our messaging system. That itself is necessary for the Samba4 notify system. Yes, I know, I could import the whole Samba4 messaging system, but I want to do it step by step and I think getting notify in is more important in this step. Volker (This used to be commit c8ae60ed65dcce9660ee39c75488f2838cf9a28b)
2007-10-10r21056: Moving the set_domain_online_request to fork_domain_child() (formerlyGünther Deschner1-9/+12
lived in trustdom_recv(). Jeremy, this is the better place I think but please check. Guenther (This used to be commit beed8b8b320ae9bd8aef669564a5403e4bb35bfd)
2007-10-10r21036: Fix the ad nss info backend to not abort the search when called ↵Gerald Carter1-16/+10
outside the idmap daemon (This used to be commit 57160e3dd96a7a776389da604393c20a738202ea)
2007-10-10r21033: To make the logs a bit more readable let the winbind dc connect childGünther Deschner1-0/+3
write to a separate logfile. Guenther (This used to be commit 0313edc0d66c26b5acb6250e0f146218a02b42cd)
2007-10-10r21020: Some pam_winbind fixes:Günther Deschner1-14/+13
* make debug_state also configurable from the config file * minor code cleanup Guenther (This used to be commit c562095953df55c91e3dad8f5c29c0b66664b62b)
2007-10-10r21019: Fix typo.Günther Deschner1-1/+1
Guenther (This used to be commit adb40884e04069e7de7580b6531675ebaed5c117)
2007-10-10r21018: Removing the set_domain_online_request again in trustdom_recv().Günther Deschner1-9/+0
Jeremy, we really can't do that. There are setups with hundred and more trusted domains out there, I have one customer who tells me it takes more then half an hour for him after winbind is up and running. That request registers the check_domain_online_handler which in turn forks off the child immediately. Also discussed with Volker. Guenther (This used to be commit ccd4812c0b436a12b809668d09c5681111125f3d)
2007-10-10r21016: Fix pam_sm_setcred again.Günther Deschner1-1/+1
Jerry, the switch statement must ignore the PAM_SILENT flag. Guenther (This used to be commit 46d23c72bf4f3bd04021a9caf8d6b1380352b811)
2007-10-10r21015: fix typo that breaks the buildGerald Carter1-1/+1
(This used to be commit f82a5175304a12b18abb2bc3d9fd9f7023998357)
2007-10-10r21014: move some functionss to winbindd_group.c and make staticGerald Carter2-148/+144
(This used to be commit af5a2fa9eccf753106cd944be31f38845363ace6)
2007-10-10r21013: * Remove "inline" keywordGerald Carter1-5/+5
* Remove anpther check for PAM_SILENT that prevents logging to syslog * Add missing check for TRY_FIRST_PASS when using authtok (missed from previous merge) (This used to be commit ed794f0872b749955f56112507fd3ae7a6c6e6f5)
2007-10-10r21012: Patch from Danilo Almeida @ Centeris (via me):Gerald Carter2-21/+168
Details: Improve PAM logging - The improved logging is far tracking down PAM-related bugs - PAM_SILENT was being mis-used to suppress syslog output instead of suppressing user output. This lets PAM_SILENT still log to syslog. - Allow logging of item & data state via debug_state config file option. - Logging tracks the pam handle used. (This used to be commit cc1a13a9f06e5c15c8df19d0fbb31dbdeb81a9cc)
2007-10-10r21011: Another patch from Danilo Almeida @ Centeris (via me):Gerald Carter1-4/+7
Details: Reset the "new password prompt required" state whenever we do a new auth. In more detail, in pam_sm_authenticate, if not settting PAM_WINBIND_NEW_AUTHTOK_REQD, then clean any potentially present PAM_WINBIND_NEW_AUTHTOK_REQD. (This used to be commit 402e8594759b42c1986f4f8d69273f68ec5160af)
2007-10-10r21009: Patch from Danilo Almeida @ Centeris (via me).Gerald Carter3-49/+236
Patch details: Support most options in pam_winbind.conf; support comma-separated names in require-membership-of. Details below: 1) Provides support for almost all config options in pam_winbind.conf (all except for use_first_pass, use_authtok, and unknown_ok). - That allows us to work well when invoked via call_modules from pam_unix2.conf as well as allowing use of spaces in names used w/require_membership_of. 2) Support for comma-separated list of names or SID strings in require_membership_of/require-membership-of. - Increased require_membership_of field in winbind request from fstring (256) to pstring (1024). - In PAM side, parse out multiple names or SID strings and convert all of them to SID strings. - In Winbind side, support membership check against multiple SID strings. (This used to be commit 4aca9864896b3e0890ffc9a6980d7ef1311138f7)
2007-10-10r21001: * Use a simple '#define LDAPMessage void' to fix the buildGerald Carter3-36/+3
problems in the nss_info interface when HAVE_LDAP is undefined. * Revert previous ifdef HAVE_ADS brakets * Remove an unused init function wrapper. (This used to be commit 2ba353848b6d8d36520e7fd82576653a39c602cd)
2007-10-10r20994: Remove unused code.James Peach1-122/+0
(This used to be commit 8052a18f29d32f37c52868b17143af8d76bf5e6e)
2007-10-10r20993: temporary build fix to get things going again on non-ADS systemsGerald Carter1-0/+4
(This used to be commit 8c23158f053b181421cb6206db7c8030ddcc2cea)
2007-10-10r20992: another attempt at fixing the build breakageGerald Carter2-22/+11
(This used to be commit 7011a1b5abc7d56da5beba904e3328014f315f0d)
2007-10-10r20986: Commit the prototype of the nss_info plugin interface.Gerald Carter10-389/+754
This allows a provider to supply the homedirectory, etc... attributes for a user without requiring support in core winbindd code. The idmap_ad.c module has been modified to provide the idmap 'ad' library as well as the rfc2307 and sfu "winbind nss info" support. The SID/id mapping is working in idmap_ad but the nss_info still has a few quirks that I'm in the process of resolving. (This used to be commit aaec0115e2c96935499052d9a637a20c6445986e)
2007-10-10r20951: Remove the DOM_SID field in the struct idmap_domain and bounceGerald Carter2-141/+128
domain SID lookups through the struct winbindd_domain *domain_list by searching by name. Refactor the order lookup when searching for the correct idmap_domain to a single function and remove the requirement that the default domain be listed first in the config file. I would still like to make the idmap_domain array a linked list and remove the existing code which makes use of indexes into the list. Basic testing with tdb pans out ok. (This used to be commit e6c300829ff08dd354f6e9460d396261681e4809)
2007-10-10r20915: Fixed the bad merge from 3.0.24.Jeremy Allison1-6/+8
Jeremy. (This used to be commit 018d7805b5ecb17e21e1a55b6cc65efaab4b3f63)
2007-10-10r20914: Sync up incorrect differences between 3.0.24 and 3.0Jeremy Allison1-12/+11
Jeremy. (This used to be commit a2222a565c658fe5154d9321edab69a95ddeed15)
2007-10-10r20911: Fix copyright message in winbindd to use the macro from smb.hGerald Carter1-2/+3
(This used to be commit e635bad00ecf083c34da339e3616c945a140e478)
2007-10-10r20905: Windows 2000 returns NT_STATUS_ACCOUNT_RESTRICTION if the pwGerald Carter1-3/+11
chnage fails due to policy settings where as 2003 (the chgpasswd3() request) fails with NT_STATUS_PASSWORD_RESTRICTION. Thunk down to the same return code so we correctly retreive the password policy in both cases. (This used to be commit 262bb80e9cf7fb6dbf93144ae0b939c84ec0ea04)
2007-10-10r20874: We need to distinguish client sitenames per realm. We were overwritingGünther Deschner1-2/+2
the stored client sitename with the sitename from each sucessfull CLDAP connection. Guenther (This used to be commit 6a13e878b5d299cb3b3d7cb33ee0d51089d9228d)
2007-10-10r20860: Adding some small tweaks. When we have no sitename, there is no need toGünther Deschner1-9/+11
ask for the list of DCs twice. Guenther (This used to be commit a9baf27e1348dd6dadd7a2fafdf9c269087b80ac)
2007-10-10r20857: Silence gives assent :-). Checking in the fix forJeremy Allison1-4/+31
site support in a network where many DC's are down. I heard via Volker there is still a bug w.r.t the wrong site being chosen with trusted domains but we'll have to layer that fix on top of this. Gd - complain if this doesn't work for you. Jeremy. (This used to be commit 97e248f89ac6548274f03f2ae7583a255da5ddb3)
2007-10-10r20848: Minor typo.Günther Deschner1-1/+1
Guenther (This used to be commit fb730e1e7bb83d7dcf8a78302268e384fb9676ee)
2007-10-10r20846: Before this gets out of control...Volker Lendecke4-30/+48
This add a struct event_context and infrastructure for fd events to smbd. This is step zero to import lib/events. Jeremy, I rely on you to watch the change in receive_message_or_smb() closely. For the normal code path this should be the only relevant change. The rest is either not yet used or is cosmetic. Volker (This used to be commit cd07f93a8aecb24c056e33b1ad3447a41959810f)
2007-10-10r20824: Send access to the trusted domain passwords through the pdb backend, ↵Volker Lendecke2-3/+2
so that in the next step we can store them in LDAP to be replicated across DCs. Thanks to Michael Adam <ma@sernet.de> Volker (This used to be commit 3c879745cfc39be6128b63a88ecdbfa3d9ce6c2d)
2007-10-10r20774: I thought I committed this before Xmas holidays ...Simo Sorce11-93/+138
This change is needed to make it possible to not expire caches in disconnected mode. Jerry, please can you look at this and confirm it is ok? Simo. (This used to be commit 9e8715e4e15d9cede8f4aa9652642995392617e6)
2007-10-10r20738: Remove unused variableVolker Lendecke1-1/+0
(This used to be commit c16ce9ebaab0175e7f1dc13798d5599388fa35d6)
2007-10-10r20725: Get rid of a bool passed down -- gd, please checkVolker Lendecke2-4/+1
(This used to be commit 1ef910f423a9ec69af6abf5a4e2137e8a4e81755)
2007-10-10r20687: Implement grace logons for offline authentications in pam_winbind.Günther Deschner3-21/+45
In case a user authenticated sucessfully and his password just expired while beeing disconnected, we should allow a user to logon (given a clear warning). We currently forced the user into a password change dialogue in that scenario; this did not make much sense while offline. Guenther (This used to be commit 668b278653acfc4de7807834988f7af557e608a5)
2007-10-10r20651: Fix "password expires soon" warning message for pam_winbind.Günther Deschner1-12/+67
We were incorrectly calculating the days until the password expires and we also need to look at the info3 pass_must_change_time for expiry calculation. Guenther (This used to be commit 22d79237127a064a934928d175182adecc6300de)
2007-10-10r20536: In the offline PAM session close case the attempt to delete aGünther Deschner1-1/+5
non-existing krb5 credential cache should not generate an error. Guenther (This used to be commit 11c6f573af5c1d3387e60f3fc44b00e28cd87813)
2007-10-10r20530: Don't want this call to get inadvertently re-added :-).Jeremy Allison1-3/+0
Jeremy. (This used to be commit 68c4fbcf3397d6c43a3e5809b20a23116b1f8a31)
2007-10-10r20489: Missed patch ofthe forest_name patch for lookupnameGerald Carter1-4/+8
(This used to be commit 25c4ebb55f425816e033491138f1216125de6edb)
2007-10-10r20488: When joined to a child domain in a multi-domain/single domain tree,Gerald Carter3-6/+89
the child domain cannot always resolve SIDs in sibling domains. Windows tries to contact a DC in its own domain and then the root domain in the forest. This async changes makes winbindd's name2sid() call do the same. (This used to be commit 7b2bf0e5a6b8d4119657c7a34aa53c9a0c1d5723)
2007-10-10r20355: Fix some C++ warningsVolker Lendecke2-3/+3
(This used to be commit f103c301b18f2eeb5203634cb6b50fa79f57a93b)
2007-10-10r20330: And here's the fix for the parent winbindd crashingJeremy Allison1-0/+5
after it's child died unexpectedly whilst the parent was waiting for a reply. We need to clean up the request we're not going to service, plus we still need to call the continuation function with a "False" flag so it can clean things up. Still testing this, but I think I'm right. Jeremy (This used to be commit 9b04ac0c8104d626697978697d4d8bae791a7edd)