| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| | |
to allow Vista to upload printer drivers (it wants level 8
which we don't support yet). Downgrade in the same way
that Windows servers do.
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
as this is causing the WRONG_PASSWORD error in the SetUserInfo()
call during net ads join).
We are now back to always list RC4-HMAC first if supported by
the krb5 libraries.
|
| | |
| |
| |
| | |
outside the idmap daemon
|
| | |
| |
| |
| |
| |
| | |
mknod (fifo) unix extensions code. Problem
discovered by Anders Karlsson <anders.karlsson@redhat.com>.
Jeremy.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
write to a separate logfile.
Guenther
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| |
| |
| |
| | |
* make debug_state also configurable from the config file
* minor code cleanup
Guenther
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Jeremy, we really can't do that. There are setups with hundred and more
trusted domains out there, I have one customer who tells me it takes
more then half an hour for him after winbind is up and running. That
request registers the check_domain_online_handler which in turn forks
off the child immediately. Also discussed with Volker.
Guenther
|
| | |
| |
| |
| |
| |
| | |
Jerry, the switch statement must ignore the PAM_SILENT flag.
Guenther
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
* Remove anpther check for PAM_SILENT that prevents logging to syslog
* Add missing check for TRY_FIRST_PASS when using authtok (missed
from previous merge)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Details: Improve PAM logging
- The improved logging is far tracking down PAM-related bugs
- PAM_SILENT was being mis-used to suppress syslog output instead of
suppressing user output. This lets PAM_SILENT still log to syslog.
- Allow logging of item & data state via debug_state config file option.
- Logging tracks the pam handle used.
|
| | |
| |
| |
| |
| |
| |
| | |
Details: Reset the "new password prompt required" state whenever
we do a new auth. In more detail, in pam_sm_authenticate, if not
settting PAM_WINBIND_NEW_AUTHTOK_REQD, then clean any potentially
present PAM_WINBIND_NEW_AUTHTOK_REQD.
|
| | |
| |
| |
| | |
ntlm_auth
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Patch details:
Support most options in pam_winbind.conf; support comma-separated names in
require-membership-of. Details below:
1) Provides support for almost all config options in pam_winbind.conf
(all except for use_first_pass, use_authtok, and unknown_ok).
- That allows us to work well when invoked via call_modules from
pam_unix2.conf as well as allowing use of spaces in names used
w/require_membership_of.
2) Support for comma-separated list of names or SID strings in
require_membership_of/require-membership-of.
- Increased require_membership_of field in winbind request from fstring
(256) to pstring (1024).
- In PAM side, parse out multiple names or SID strings and convert
all of them to SID strings.
- In Winbind side, support membership check against multiple SID strings.
|
| | |
| |
| |
| | |
all other uses - merge from 3_0_24
|
| | |
| |
| |
| | |
Volker
|
| | |
| |
| |
| | |
sharemodes in gpfs.
|
| | |
| |
| |
| | |
Guenther
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
problems in the nss_info interface when HAVE_LDAP is undefined.
* Revert previous ifdef HAVE_ADS brakets
* Remove an unused init function wrapper.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
nss_info_methods API)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows a provider to supply the homedirectory, etc...
attributes for a user without requiring support in core
winbindd code. The idmap_ad.c module has been modified
to provide the idmap 'ad' library as well as the rfc2307 and sfu
"winbind nss info" support.
The SID/id mapping is working in idmap_ad but the nss_info
still has a few quirks that I'm in the process of resolving.
|
| | |
| |
| |
| | |
'pdbedit -L -w'
|
| | | |
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| |
| | |
are in daemon mode. If we are in inetd mode, there's really no point
in rechecking it so soon.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
domain SID lookups through the struct winbindd_domain *domain_list
by searching by name.
Refactor the order lookup when searching for the correct idmap_domain
to a single function and remove the requirement that the default
domain be listed first in the config file.
I would still like to make the idmap_domain array a linked list and
remove the existing code which makes use of indexes into the list.
Basic testing with tdb pans out ok.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
from being
complete, in particular the various mask bits are not correctly supported
yet. Checkin in now, I want to see how the build farm likes it.
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
event-driven
based approach. The only remaining hook into the backend is now
void *(*notify_add)(TALLOC_CTX *mem_ctx,
struct event_context *event_ctx,
files_struct *fsp, uint32 *filter);
(Should we put this through the VFS, so that others can more easily plug in?)
The trick here is that the backend can pick filter bits that the main smbd
should not handle anymore. Thanks to tridge for this idea.
The backend can notify the main smbd process via
void notify_fsp(files_struct *fsp, uint32 action, char *name);
The core patch is not big, what makes this more than 1800 lines are the
individual backends that are considerably changed but can be reviewed
one by one.
Based on this I'll continue with inotify now.
Volker
|
| | |
| |
| |
| |
| |
| | |
<ying.li2@hp.com>
Jeremy.
|
| | |
| |
| |
| |
| | |
with -DDEVELOPER.
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| | |
moving events around.
Jeremy.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
chnage fails due to policy settings where as 2003 (the chgpasswd3()
request) fails with NT_STATUS_PASSWORD_RESTRICTION. Thunk down
to the same return code so we correctly retreive the password policy
in both cases.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
is sharing the IDL for the SAMR pipe with Windows 2003
but returning NT_STATUS_NOT_SUPPORTED rather than a DCE/RCE
fault. We need to catch this in the general sense
by looking at the returned PDU size. But this immediate
change fixes password changes via pam_winbind against Windows 2000
DCs.
|
| | | |
|
