Age | Commit message (Collapse) | Author | Files | Lines |
|
functions return NTSTATUS.
Jeremy.
(This used to be commit 1f3c2b2abca6f1b3b59b73df038832e14106ff76)
|
|
Jeremy.
(This used to be commit da4ce69d4057c241cf7b4b6b0dd2bf711dd28a43)
|
|
into functions.
Jeremy.
(This used to be commit 461db3c8ed045cac70eccf3200bf9163dbce5826)
|
|
statements that do early return. Next will be case
statements that need post processing, finally on to
qfilepathinfo and do the same.
Jeremy.
(This used to be commit c961d5ce94a8bf2e2ffba645e522f0e2e372e351)
|
|
Jeremy.
(This used to be commit fe2d7cb2dcd7c4d25d71f196aa557ce3e287bb4c)
|
|
lived in trustdom_recv().
Jeremy, this is the better place I think but please check.
Guenther
(This used to be commit beed8b8b320ae9bd8aef669564a5403e4bb35bfd)
|
|
Jeremy.
(This used to be commit b6f43e9509cfedbf77c883cff793c469d6f86370)
|
|
on a pathname is ignored).
Jeremy.
(This used to be commit 3c7a876c909d3ba1fdf8f0e38735279a874ab245)
|
|
Jeremy.
(This used to be commit 9e31d7dba383c5c14f746537a631a4119dac0cd0)
|
|
questionable practice (ignoring bad fsp on
handle based call).
Jeremy.
(This used to be commit 5a8c9286c30319f2d2685d4ae29db37679b87e02)
|
|
intent is to factor out all cases where we
always return from the case.
Jeremy.
(This used to be commit 3eca52ba435954f338281f0a9d00b942bab28bab)
|
|
into separate functions (tridge mailed me a fresh
batch) to make it easier to add the POSIX open we'll
need soon.
Jeremy.
(This used to be commit 63bd8759fefe6af80186ab15b470658614690b48)
|
|
to allow Vista to upload printer drivers (it wants level 8
which we don't support yet). Downgrade in the same way
that Windows servers do.
Jeremy.
(This used to be commit 01c659692c3e054904f1af815cf243b8a1dde109)
|
|
as this is causing the WRONG_PASSWORD error in the SetUserInfo()
call during net ads join).
We are now back to always list RC4-HMAC first if supported by
the krb5 libraries.
(This used to be commit 4fb57bce87588ac4898588ea4988eadff3a7f435)
|
|
outside the idmap daemon
(This used to be commit 57160e3dd96a7a776389da604393c20a738202ea)
|
|
mknod (fifo) unix extensions code. Problem
discovered by Anders Karlsson <anders.karlsson@redhat.com>.
Jeremy.
(This used to be commit ec6033ad7c8d343969e3dcf59232cb16d075364f)
|
|
(This used to be commit 9e2118969d444d2ffd1e9818cbbb155238fab719)
|
|
write to a separate logfile.
Guenther
(This used to be commit 0313edc0d66c26b5acb6250e0f146218a02b42cd)
|
|
Guenther
(This used to be commit 4e622572eb7939c6aa8e99fd9595bf28836bd5a3)
|
|
* make debug_state also configurable from the config file
* minor code cleanup
Guenther
(This used to be commit c562095953df55c91e3dad8f5c29c0b66664b62b)
|
|
Guenther
(This used to be commit adb40884e04069e7de7580b6531675ebaed5c117)
|
|
Jeremy, we really can't do that. There are setups with hundred and more
trusted domains out there, I have one customer who tells me it takes
more then half an hour for him after winbind is up and running. That
request registers the check_domain_online_handler which in turn forks
off the child immediately. Also discussed with Volker.
Guenther
(This used to be commit ccd4812c0b436a12b809668d09c5681111125f3d)
|
|
Jerry, the switch statement must ignore the PAM_SILENT flag.
Guenther
(This used to be commit 46d23c72bf4f3bd04021a9caf8d6b1380352b811)
|
|
(This used to be commit f82a5175304a12b18abb2bc3d9fd9f7023998357)
|
|
(This used to be commit af5a2fa9eccf753106cd944be31f38845363ace6)
|
|
* Remove anpther check for PAM_SILENT that prevents logging to syslog
* Add missing check for TRY_FIRST_PASS when using authtok (missed
from previous merge)
(This used to be commit ed794f0872b749955f56112507fd3ae7a6c6e6f5)
|
|
Details: Improve PAM logging
- The improved logging is far tracking down PAM-related bugs
- PAM_SILENT was being mis-used to suppress syslog output instead of
suppressing user output. This lets PAM_SILENT still log to syslog.
- Allow logging of item & data state via debug_state config file option.
- Logging tracks the pam handle used.
(This used to be commit cc1a13a9f06e5c15c8df19d0fbb31dbdeb81a9cc)
|
|
Details: Reset the "new password prompt required" state whenever
we do a new auth. In more detail, in pam_sm_authenticate, if not
settting PAM_WINBIND_NEW_AUTHTOK_REQD, then clean any potentially
present PAM_WINBIND_NEW_AUTHTOK_REQD.
(This used to be commit 402e8594759b42c1986f4f8d69273f68ec5160af)
|
|
ntlm_auth
(This used to be commit 2d877e41d1fdf71b45074f257930062539e379d8)
|
|
Patch details:
Support most options in pam_winbind.conf; support comma-separated names in
require-membership-of. Details below:
1) Provides support for almost all config options in pam_winbind.conf
(all except for use_first_pass, use_authtok, and unknown_ok).
- That allows us to work well when invoked via call_modules from
pam_unix2.conf as well as allowing use of spaces in names used
w/require_membership_of.
2) Support for comma-separated list of names or SID strings in
require_membership_of/require-membership-of.
- Increased require_membership_of field in winbind request from fstring
(256) to pstring (1024).
- In PAM side, parse out multiple names or SID strings and convert
all of them to SID strings.
- In Winbind side, support membership check against multiple SID strings.
(This used to be commit 4aca9864896b3e0890ffc9a6980d7ef1311138f7)
|
|
all other uses - merge from 3_0_24
(This used to be commit 99172f56c0041d43890167150cfc575d7c1b59f1)
|
|
Volker
(This used to be commit 70c589a8323637ff8e1f96a56f8acaf550a58dc4)
|
|
sharemodes in gpfs.
(This used to be commit 61841b225c2a09dcdb4b1242cb0ad0429ec1948e)
|
|
Guenther
(This used to be commit fb5830f87a16dbec16893348080bcdfc61e27ab0)
|
|
(This used to be commit 9d23cf0cc4a8974bf0cf74b219a1138383083360)
|
|
problems in the nss_info interface when HAVE_LDAP is undefined.
* Revert previous ifdef HAVE_ADS brakets
* Remove an unused init function wrapper.
(This used to be commit 2ba353848b6d8d36520e7fd82576653a39c602cd)
|
|
(This used to be commit a5a1c8c785939e7cf6108adb573ac277726f584b)
|
|
(This used to be commit 91fdbd4cf5f8fe44adcbe8dc8ef38579a8306c39)
|
|
(This used to be commit 8052a18f29d32f37c52868b17143af8d76bf5e6e)
|
|
(This used to be commit 8c23158f053b181421cb6206db7c8030ddcc2cea)
|
|
(This used to be commit 7011a1b5abc7d56da5beba904e3328014f315f0d)
|
|
nss_info_methods API)
(This used to be commit 4982be312151c4d9b97f06afe88c30d8065be4be)
|
|
This allows a provider to supply the homedirectory, etc...
attributes for a user without requiring support in core
winbindd code. The idmap_ad.c module has been modified
to provide the idmap 'ad' library as well as the rfc2307 and sfu
"winbind nss info" support.
The SID/id mapping is working in idmap_ad but the nss_info
still has a few quirks that I'm in the process of resolving.
(This used to be commit aaec0115e2c96935499052d9a637a20c6445986e)
|
|
'pdbedit -L -w'
(This used to be commit 2a7311db272b5a504e2db672d92adbb3cf2bea15)
|
|
(This used to be commit 4984b0627c84cc192868238c0936ca1a38628cd8)
|
|
Guenther
(This used to be commit 5d4747fdf2e5874cb5d2238ee62e4fcac1676134)
|
|
are in daemon mode. If we are in inetd mode, there's really no point
in rechecking it so soon.
(This used to be commit 029d4bb5e3ea02a8a396adc3ca564a714bcdfdb8)
|
|
(This used to be commit 0eb19b57286f176dd4b7e86504d004e1450f6a10)
|
|
domain SID lookups through the struct winbindd_domain *domain_list
by searching by name.
Refactor the order lookup when searching for the correct idmap_domain
to a single function and remove the requirement that the default
domain be listed first in the config file.
I would still like to make the idmap_domain array a linked list and
remove the existing code which makes use of indexes into the list.
Basic testing with tdb pans out ok.
(This used to be commit e6c300829ff08dd354f6e9460d396261681e4809)
|
|
(This used to be commit 4587d8097255c8b8fb8990bc8a13f8145986d29d)
|