#endif /* don't lie. If we don't have it, then don't use it */
#endif
+#if !defined(int64)
+#if (SIZEOF_LONG == 8)
+#define int64 long
+#elif (SIZEOF_LONG_LONG == 8)
+#define int64 long long
+#endif /* don't lie. If we don't have it, then don't use it */
+#endif
+
/*
* Types for devices, inodes and offsets.
request.data.auth.krb5_cc_type[0] = '\0';
request.data.auth.uid = -1;
- request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_GET_PWD_POLICY;
+ request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_CONTACT_TRUSTDOM;
if (ctrl & WINBIND_KRB5_AUTH) {
}
if (ctrl & WINBIND_KRB5_AUTH) {
- request.flags = WBFLAG_PAM_KRB5;
+ request.flags = WBFLAG_PAM_KRB5 | WBFLAG_PAM_CONTACT_TRUSTDOM;
}
ret = pam_winbind_request_log(pamh, ctrl, WINBINDD_PAM_CHAUTHTOK, &request, &response, user);
}
request.data.logoff.uid = pwd->pw_uid;
- request.flags = WBFLAG_PAM_KRB5;
+ request.flags = WBFLAG_PAM_KRB5 | WBFLAG_PAM_CONTACT_TRUSTDOM;
retval = pam_winbind_request_log(pamh, ctrl, WINBINDD_PAM_LOGOFF, &request, &response, user);
}
* Copyright (c) Tim Potter <tpot@samba.org> 2000
* Copyright (c) Andrew Bartlettt <abartlet@samba.org> 2002
* Copyright (c) Guenther Deschner <gd@samba.org> 2005-2006
- * Copyright (c) Jan Rêkorajski 1999.
+ * Copyright (c) Jan Rêkorajski 1999.
* Copyright (c) Andrew G. Morgan 1996-8.
* Copyright (c) Alex O. Yuriev, 1996.
* Copyright (c) Cristian Gafton 1996.
#ifndef _WINBIND_NSS_CONFIG_H
#define _WINBIND_NSS_CONFIG_H
-/* shutup the compiler warnings due to krb5.h on i
- 64-bit sles9 */
+/* shutup the compiler warnings due to krb5.h on 64-bit sles9 */
#ifdef SIZEOF_LONG
#undef SIZEOF_LONG
#endif
+
/* Include header files from data in config.h file */
#ifndef NO_CONFIG_H
#endif /* don't lie. If we don't have it, then don't use it */
#endif
+#if !defined(int64)
+#if (SIZEOF_LONG == 8)
+#define int64 long
+#elif (SIZEOF_LONG_LONG == 8)
+#define int64 long long
+#endif /* don't lie. If we don't have it, then don't use it */
+#endif
+
+
/* zero a structure */
#ifndef ZERO_STRUCT
between /lib/libnss_winbind.so.2 and /li64/libnss_winbind.so.2.
The easiest way to do this is to always use 8byte values for time_t. */
-#if defined(uint64)
-# define SMB_TIME_T uint64
+#if defined(int64)
+# define SMB_TIME_T int64
#else
# define SMB_TIME_T time_t
#endif
#define WBFLAG_PAM_KRB5 0x1000
#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x2000
#define WBFLAG_PAM_CACHED_LOGIN 0x4000
-#define WBFLAG_PAM_GET_PWD_POLICY 0x8000
+#define WBFLAG_PAM_GET_PWD_POLICY 0x8000 /* not used */
#define WINBINDD_MAX_EXTRA_DATA (128*1024)
Copyright (C) Andrew Tridgell 2000
Copyright (C) Tim Potter 2001
Copyright (C) Andrew Bartlett 2001-2002
- Copyright (C) Guenther Deschner 2005-2006
+ Copyright (C) Guenther Deschner 2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
return NULL;
}
- if (strequal(domain_name, lp_workgroup())) {
- return find_our_domain();
- }
-
-#ifdef HAVE_ADS
-
- /* when trying to login using krb5 with a trusted domain account, we
- * need to make sure that our and the remote domain are AD */
-
- if ((state->request.flags & WBFLAG_PAM_KRB5) &&
- (lp_security() == SEC_ADS)) {
-
- struct winbindd_domain *our_domain = find_our_domain();
-
- if (!our_domain->active_directory) {
- DEBUG(3,("find_auth_domain: out domain is not AD\n"));
- return NULL;
- }
-
- if ((domain = find_domain_from_name_noinit(domain_name)) == NULL) {
- return NULL;
- }
-
- /* do we already know it's AD ? */
- if (domain->active_directory) {
+ /* we can auth against trusted domains */
+ if (state->request.flags & WBFLAG_PAM_CONTACT_TRUSTDOM) {
+ domain = find_domain_from_name_noinit(domain_name);
+ if (domain == NULL) {
+ DEBUG(3, ("Authentication for domain [%s] skipped "
+ "as it is not a trusted domain\n",
+ domain_name));
+ } else {
return domain;
}
-
- set_dc_type_and_flags(domain);
-
- if (!domain->active_directory) {
- DEBUG(3,("find_auth_domain: remote domain is not AD\n"));
- return NULL;
}
- return domain;
- }
-#endif
return find_our_domain();
}
}
- /* this is required to provide password expiry warning */
- if (state->request.flags & WBFLAG_PAM_GET_PWD_POLICY) {
result = fillup_password_policy(domain, state);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result)));
goto done;
}
- }
}
git.samba.org / samba.git / commitdiff