summaryrefslogtreecommitdiff
path: root/source3/nsswitch
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r15562: Attempt to fix Coverity bug # 283Volker Lendecke1-0/+8
(This used to be commit 3762effca5e1e2bbb2d1d9dd8504c502485eca7d)
2007-10-10r15546: When debugging is enabled be just a little more verbose in logging inGünther Deschner1-6/+6
pam_winbind. Guenther (This used to be commit bf077fb2268b79faffd1fdda04847c37ffead32d)
2007-10-10r15543: New implementation of 'net ads join' to be more like Windows XP.Gerald Carter1-8/+1
The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
2007-10-10r15541: Only ever store a user's password in a WINBINDD_CCACHE_ENTRY struct whenGünther Deschner1-1/+1
we have a reason to do so. Guenther (This used to be commit 4da79bd10c17277171aad26ee0278f8e5b64abdb)
2007-10-10r15539: Use portable wrapper functions instead of seteuidJeremy Allison2-7/+7
directly in winbindd. Jeremy. (This used to be commit 2e65fcc9def5f1386a33ca4a76e494838e3a0632)
2007-10-10r15528: Make the existance of the /etc/security/pam_winbind.conf fileGünther Deschner1-3/+5
non-critical and fallback to only parse the argv options in that case. Guenther (This used to be commit 9dac3ab328e9c7ba374e0efc3fe16d940ecc9d3b)
2007-10-10r15526: Avoid double \n.Günther Deschner1-1/+1
Guenther (This used to be commit 3546187bb4a74b14071e2c23561e70e57ad13e86)
2007-10-10r15523: Honour the time_offset also when verifying kerberos tickets. ThisGünther Deschner1-0/+1
prevents a nasty failure condition in winbindd's pam_auth where a tgt and a service ticket could have been succefully retrieved, but just not validated. Guenther (This used to be commit a75dd80c6210d01aff104a86b0a9d39d65f2c348)
2007-10-10r15479: Check in patch from bug # 3746 -- Thanks TimurVolker Lendecke1-0/+1
(This used to be commit ac79bba1a118635ed18d23cf84bdf15923b354c0)
2007-10-10r15478: Likewise for bug # 3763Volker Lendecke1-4/+4
(This used to be commit 7188ec6bd81715c4df17528bca2b2e658173043f)
2007-10-10r15460: Prefer to use the indexed objectCategory attribute (instead ofGünther Deschner1-2/+2
objectClass which is not indexed on AD) in LDAP queries. Guenther (This used to be commit 847882a98328b91a2157959c5dad0a2023223846)
2007-10-10r15428: Add "smbcontrol winbind onlinestatus" for debugging purpose.Günther Deschner3-0/+82
Guenther (This used to be commit 9e15b1659c105b0be846e8f71c27b20eab961bd2)
2007-10-10r15425: Use dynamic buffers in the IRIX nsswithch module to prevent truncationJames Peach1-78/+182
of long group lists. (This used to be commit d348d796c16679297e1f0304b8b2ba0f42010733)
2007-10-10r15417: Don't use cached credentials when changing passwords.Günther Deschner1-1/+5
Guenther (This used to be commit 34b29c30b2f4b5a3c40a65ca8338c87a4c16f3ff)
2007-10-10r15411: Small debug fixes for the PAM module.Günther Deschner1-2/+2
Guenther (This used to be commit 1856dc0f52b2a2ba2e59f1a7a77ccd32c27928c0)
2007-10-10r15399: Fix the build, sorry, Jerry :)Günther Deschner1-2/+2
Guenther (This used to be commit cc800ced60e5e6bbd923a3a0b7d58650c6e14121)
2007-10-10r15398: Attempt to send the correct warning when a password change was attemptedGünther Deschner3-13/+38
too early. Guenther (This used to be commit 7f64a66d25f2a4aa48c2639da8e783c1759c5dd4)
2007-10-10r15396: Cleanup credential caches from winbind's linked list.Günther Deschner2-1/+18
Guenther (This used to be commit 7420b095077689fee4b5c9fb76cdb6533be1d465)
2007-10-10r15307: Ignore builtin groups we're a member of on the DC as those membershipsGünther Deschner1-1/+6
are not valid locally. Guenther (This used to be commit 177da7754b53348d8754d46098dbd11300234bb5)
2007-10-10r15306: Be consistent between rpc and ads winbind backend: let the ads backendGünther Deschner3-20/+60
query the samlogon cache first as well. Guenther (This used to be commit aa52b11dd450ca3ec1f156e17822b1c4971ef915)
2007-10-10r15305: Let winbind search by sid directly (or in windows terms: "bind to aGünther Deschner1-6/+16
sid"); works in all AD versions I tested. Also add "net ads sid" search tool. Guenther (This used to be commit 5557ada6943b817d28a5471c613c7291febe2ad5)
2007-10-10r15244: Fix debug typo.Günther Deschner1-1/+1
Guenther (This used to be commit 01787bd45b4186d3e997f750b08c50df9d3cbbe1)
2007-10-10r15240: Correctly disallow unauthorized access when logging on with theGünther Deschner2-0/+2
kerberized pam_winbind and workstation restrictions are in effect. The krb5 AS-REQ needs to add the host netbios-name in the address-list. We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from the edata of the KRB_ERROR but the login at least fails when the local machine is not in the workstation list on the DC. Guenther (This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
2007-10-10r15229: Save useless roundtrips in pam_auth (fallback to samlogon) when we knowGünther Deschner1-1/+3
that the DC is not available. Guenther (This used to be commit 77407c021997db1b2a86ca26a5d125fa6b782949)
2007-10-10r15228: Fix -n winbind option which has become meaningless with the persistentGünther Deschner1-0/+6
cache. Guenther (This used to be commit e85558f4a457609f3661446dad8134e80f10bbe6)
2007-10-10r15175: Try to get Stratus VOS back to build. Thanks, Paul.Volker Lendecke1-0/+1
Volker (This used to be commit 74511aed221d7f9856fed7532f24c789c49c8175)
2007-10-10r15174: Check in Ronan Waide's wbinfo -i. Thanks :-)Volker Lendecke1-0/+40
Volker (This used to be commit c4cdb8086a3aa8a2e1f724e70616143adfea6e87)
2007-10-10r15160: Fix from William Jojo I thought had already been added (butJeremy Allison1-8/+6
hadn't). Jeremy. (This used to be commit dcbece8254e5de861d04b691d733616fc25cd585)
2007-10-10r15150: Adding winbind debug class to the main daemon.Günther Deschner1-0/+3
Guenther (This used to be commit 37d03695c6fb4aa02522c1739b9783c5dc7bf735)
2007-10-10r15132: Fix some shadowed variable warningsVolker Lendecke2-28/+28
(This used to be commit 97d2c20b0b37ac07b6e37e9614ff41ab7e131c98)
2007-10-10r15116: Allow the user to set winbind nss timeouts in seconds on IRIX. Don'tJames Peach2-9/+7
convert the default timeout to milliseconds twice. (This used to be commit 853ebd6e84cf52a309945f39cdf188ca346da8eb)
2007-10-10r15107: 64 bit fixes. size_t on a 64-bit box is not uint32.Jeremy Allison1-3/+12
Jeremy. (This used to be commit 634e0dc3c73968da8f1f50186ca15f8873f380ce)
2007-10-10r15084: Try and squeeze more out of the non-read/write code path.Jeremy Allison1-2/+3
Jeremy. (This used to be commit 23dcff4d50d1d35b7ddee0d0cb79c16a312f179c)
2007-10-10r15072: Last bit of 32/64 bit portabilities fixes for winbindGerald Carter2-9/+14
clients and aservers. Strange compiler-fu on 64-bit SLES9 says sizeof(time_t) == 4 but the memory alignment is on 8 bytes. Change time_t to uint32 to fix alignment. Remove 'char **gr_mem' from struct winbindd_gr since it was not being used. (This used to be commit b68e66d5c4f7348e674b8a009656ebfbbc06e288)
2007-10-10r15068: Fix a shadowed variable warningVolker Lendecke1-2/+2
(This used to be commit 066f69fe88b360b856f3dc49089f8c21b721cce9)
2007-10-10r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit ↵Gerald Carter17-121/+144
winbindd server (This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
2007-10-10r15040: Stripping the parametric options in pam_winbind and useGünther Deschner2-10/+12
/etc/security/pam_winbind.conf as config file for the PAM module by default. Guenther (This used to be commit 41b79ee80c7b0f4836ded51d42c7dc91cba75ccd)
2007-10-10r15039: Fix an uninitialized variable. I _think_ this should default toVolker Lendecke1-1/+1
PAM_SUCCESS. Günther, could you take a look? Thanks, Volker (This used to be commit fc6effcd9c2bb2d15b7e8fba85cc3193d2d7ce1f)
2007-10-10r15038: Replace all code in pam_winbind that relied on access to sambaGünther Deschner2-86/+169
internals, mostly with the code that was in pam_winbind before. Also switch from using loadparm to use iniParser to read the new pam_winbind options from a configuration file. That still uses the old (parametric) option names which will be replaced next (as iniParser does not support parametric options). Guenther (This used to be commit 6f668ce67318f17bba79cd98b5d169cd19eafcd4)
2007-10-10r15003: patch based on code from Arkady Glabek <aglabek@centeris.com> to ↵Gerald Carter1-0/+10
ensure that global memory is freed when unloading pam_winbind.so (needs more testing on non-linux platforms) (This used to be commit 1e0b79e591d70352a96e0a0487d8f394dc7b36ba)
2007-10-10r14954: Fix #3569 based on William Jojo's work. AIX alsoJeremy Allison1-1/+1
has the linear posix locking issue which causes CLEAR_IF_FIRST to cause performance problems. As we know we're in a daemon architecture with long-lived parent we can avoid this in the Samba case. Add a comment explaining this. Jeremy. (This used to be commit 3cd5c3df0d1b98dfa90663973ab13b5d3dbf737e)
2007-10-10r14940: Remove pam_winbind's ability to create home directories on it's own.Günther Deschner2-59/+0
Guenther (This used to be commit 87293802f3e0666c9a50eb3ca63bb1a7dccc50dc)
2007-10-10r14898: This change is an attempt to improve the quality of the information thatJames Peach1-40/+1
is produced when a process exits abnormally. First, we coalesce the core dumping code so that we greatly improve our odds of being able to produce a core file, even in the case of a memory fault. I've removed duplicates of dump_core() and split it in two to reduce the amount of work needed to actually do the dump. Second, we refactor the exit_server code path to always log an explanation and a stack trace. My goal is to always produce enough log information for us to be able to explain any server exit, though there is a risk that this could produce too much log information on a flaky network. Finally, smbcontrol has gained a smbd fault injection operation to test the changes above. This is only enabled for developer builds. (This used to be commit 56bc02d64498eb3faf89f0c5452b9299daea8e95)
2007-10-10r14896: Remove unused filesVolker Lendecke1-646/+0
(This used to be commit cc1bdbbc41bd6626ee53abf3f2ab35c454e036b7)
2007-10-10r14895: Merge the 3.0.22 changeVolker Lendecke1-1/+1
(This used to be commit 62d60a04cd85dc521e7d63726b856f38287466ad)
2007-10-10r14868: I will not write code when changing to Daylight Savings Time.Gerald Carter2-8/+10
I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. ... Fix my brain dead inverted logic for turning winbindd on and off when run on a DC or when calling pdb functions from within winbindd. (This used to be commit 021b3dc2db9fb422ede4657a1f27ef7ef2d22cee)
2007-10-10r14855: Various fixes:Gerald Carter4-25/+45
* depreacte 'acl group control' after discussion with Jeremy and implement functionality as part of 'dos filemode' * fix winbindd on a non-member server to expand local groups * prevent code previously only used by smbd from blindly turning _NO_WINBINDD back on (This used to be commit 4ab372f4cab22225716b5c9a9a08f0c1dbc9928d)
2007-10-10r14841: Fix IRIX build --with-pam.Günther Deschner1-1/+1
Guenther (This used to be commit 99158406b47dc07961c4f6536181da868cf276ca)
2007-10-10r14760: Fix #3642, ensure we don't call FD_SET on read with fd == -1.Jeremy Allison1-0/+4
Jeremy. (This used to be commit 6ae15544ccfc3ff5d97565ad41ba7f57c7d29b0f)
2007-10-10r14753: Fix the kerberized pam_auth: As we could have created a new credentialGünther Deschner1-14/+26
cache with a valid TGT in it but we werent able to get or verify the service ticket for this local host afterwards and therefor didn't get the PAC, we need to remove that ccache entirely. Also remove an ugly pair of (not needed) seteuid calls around the ticket destroy wrapper. Guenther (This used to be commit 25a2fb3896596380d9eecac80defbf247a35e6bb)
generated by cgit (git 2.34.1) at 2024-10-19 14:20:13 +0000