1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/source3/winbindd
Jeremy Allison 4f43030482 Fix bug #7589 - ntlm_auth fails to use cached credentials.
In handling the WINBINDD_PAM_AUTH message winbindd canonicalizes a *copy*
of the mapped username, but fails to canonicalize the actual username
sent to the backend domain process. When "winbind default domain"
is set this can lead to credentials being cached with an index of
user: user, not DOMAIN\user. All other code paths that use
canonicalize_username() (WINBINDD_PAM_CHAUTHTOK, WINBINDD_PAM_LOGOFF)
correctly canonicalize the data sent to the backend. All calls
the can cause credentials to be looked up (PAM_CHAUTHTOK etc.)
correctly call canonicalize_username() to create the credential
lookup key.

Jeremy.
2010-07-29 12:44:00 -07:00
..
idmap_adex s3-nss_info: only include nss_info.h where needed. 2010-07-01 23:20:40 +02:00
idmap_hash s3-nss_info: only include nss_info.h where needed. 2010-07-01 23:20:40 +02:00
idmap_ad.c s3-nss_info: only include nss_info.h where needed. 2010-07-01 23:20:40 +02:00
idmap_ldap.c s3:idmap_ldap: remove unreached code (and explicit error return code) 2010-06-21 12:38:25 +02:00
idmap_nss.c
idmap_passdb.c
idmap_rid.c
idmap_tdb2.c s3:winbind:idmap_tdb2_set_mapping: untangle assignment from check 2010-05-20 09:18:59 +02:00
idmap_tdb.c s3:dom_sid Global replace of DOM_SID with struct dom_sid 2010-05-21 10:39:59 +02:00
idmap_util.c s3:dom_sid Global replace of DOM_SID with struct dom_sid 2010-05-21 10:39:59 +02:00
idmap.c s3:winbindd: make sure we only call static_init_idmap once 2010-06-01 10:33:13 +02:00
nss_info_template.c s3:dom_sid Global replace of DOM_SID with struct dom_sid 2010-05-21 10:39:59 +02:00
nss_info.c s3:dom_sid Global replace of DOM_SID with struct dom_sid 2010-05-21 10:39:59 +02:00
wb_dsgetdcname.c s3:winbind: Add async wb_dsgetdcname 2009-08-29 19:42:26 +02:00
wb_fill_pwent.c s3:winbind: Move fillup_pw_field() as static to wb_fill_pwent.c 2009-10-17 17:13:02 +02:00
wb_getgrsid.c s3: Move a lp_winbind_trusted_domains_only() check to wb_getgrsid() 2009-12-28 23:20:02 +01:00
wb_getpwsid.c s3:winbind: use wb_fill_pwent in wb_getpwsid 2009-10-04 00:14:01 +02:00
wb_gettoken.c s3: Check for lp_winbind_trusted_domains_only in wb_gettoken() 2009-12-28 23:35:07 +01:00
wb_gid2sid.c s3:winbind: Add async wb_gid2sid 2009-08-05 03:21:22 -04:00
wb_group_members.c s3-build: only use ndr_security.h where needed. 2010-05-31 11:32:37 +02:00
wb_lookupname.c s3:winbind: Remove the manual caching for the async wb_ functions 2009-08-27 15:04:09 +02:00
wb_lookupsid.c s3:winbind: Remove the manual caching for the async wb_ functions 2009-08-27 15:04:09 +02:00
wb_lookupuseraliases.c s3:winbind: Remove the manual caching for the async wb_ functions 2009-08-27 15:04:09 +02:00
wb_lookupusergroups.c s3:winbind: Remove the manual caching for the async wb_ functions 2009-08-27 15:04:09 +02:00
wb_next_grent.c s3: Fix bug 7212, "getent group does not return group members" 2010-03-29 15:03:18 +02:00
wb_next_pwent.c s3: Fix but 7145 -- duplicate sam and unix accounts 2010-02-28 14:40:25 +01:00
wb_ping.c s3:winbind: The get[gr|pw]end functions need access to the client state 2009-08-16 13:28:14 +02:00
wb_query_user_list.c s3:winbind: Add async query_user_list 2009-08-29 19:42:26 +02:00
wb_queryuser.c s3:winbind: Remove the manual caching for the async wb_ functions 2009-08-27 15:04:09 +02:00
wb_seqnum.c s3:winbind: Add async wb_seqnum 2009-08-16 10:38:24 +02:00
wb_seqnums.c s3:winbind: simplify wb_seqnums_done a bit 2009-08-29 19:42:26 +02:00
wb_sid2gid.c s3: Replace IS_DOMAIN_OFFLINE by a function 2009-12-26 12:26:07 +01:00
wb_sid2uid.c s3: Replace IS_DOMAIN_OFFLINE by a function 2009-12-26 12:26:07 +01:00
wb_uid2sid.c s3:winbind: Add async wb_uid2sid 2009-08-05 03:21:21 -04:00
winbindd_ads.c s3: Fix another winbind crash 2010-07-06 14:21:41 +02:00
winbindd_allocate_gid.c w3:winbind: Convert WINBINDD_ALLOCATE_GID to the new API 2009-08-30 09:48:28 +02:00
winbindd_allocate_uid.c w3:winbind: Convert WINBINDD_ALLOCATE_UID to the new API 2009-08-30 09:48:28 +02:00
winbindd_async.c s3:dom_sid Global replace of DOM_SID with struct dom_sid 2010-05-21 10:39:59 +02:00
winbindd_cache.c s3-winbind: Don't cache queries to builtin and own sam domain. 2010-07-13 19:17:41 +02:00
winbindd_ccache_access.c s3-ntlmssp: Remove ntlmssp_end and let the talloc hierarchy handle it. 2010-07-19 14:19:47 +10:00
winbindd_change_machine_acct.c s3-winbindd: add wbint_ChangeMachineAccount implementation. 2009-10-13 12:42:44 +02:00
winbindd_check_machine_acct.c s3 winbindd: Get WINBINDD_CHECK_MACHACC torture test to work again. 2010-01-14 15:18:34 +01:00
winbindd_cm.c s3-winbindd: route samr chgpwd ops for own domain over internal samr pipe as well. 2010-07-07 16:49:26 +02:00
winbindd_cred_cache.c s3-winbind: Make KRB5_EVENT_REFRESH_TIME a function 2010-06-21 17:44:23 +02:00
winbindd_creds.c s3:dom_sid Global replace of DOM_SID with struct dom_sid 2010-05-21 10:39:59 +02:00
winbindd_domain.c s3: Move the in-memory ccache to the parent 2010-04-19 14:27:24 +02:00
winbindd_dsgetdcname.c s3:winbind: Convert winbindd_dsgetdcname to the new API 2009-08-29 19:42:26 +02:00
winbindd_dual_ndr.c s3-winbind: Use struct pipes_struct. 2010-07-28 10:39:25 +02:00
winbindd_dual_srv.c s3-winbind: Use struct pipes_struct. 2010-07-28 10:39:25 +02:00
winbindd_dual.c s3: Remove a direct use of procid_self() 2010-07-18 21:22:41 +02:00
winbindd_endgrent.c s3:winbind: Convert the getgrent functions to the new API 2009-08-29 19:42:27 +02:00
winbindd_endpwent.c s3:winbind: Convert the GETPWENT routines to the new API 2009-08-29 19:42:26 +02:00
winbindd_getdcname.c s3:winbind: Convert the GETDCNAME routines to the new API 2009-08-29 19:42:26 +02:00
winbindd_getgrent.c s3:winbind: Convert the getgrent functions to the new API 2009-08-29 19:42:27 +02:00
winbindd_getgrgid.c s3:winbind: Add some missing error checks 2009-08-29 19:42:27 +02:00
winbindd_getgrnam.c s3: Move a lp_winbind_trusted_domains_only() check to wb_getgrsid() 2009-12-28 23:20:02 +01:00
winbindd_getgroups.c s3: Check for lp_winbind_trusted_domains_only in wb_gettoken() 2009-12-28 23:35:07 +01:00
winbindd_getpwent.c s3:winbind: Fix a typo 2009-08-29 19:42:27 +02:00
winbindd_getpwnam.c s3:winbind: The get[gr|pw]end functions need access to the client state 2009-08-16 13:28:14 +02:00
winbindd_getpwsid.c s3:winbind: The get[gr|pw]end functions need access to the client state 2009-08-16 13:28:14 +02:00
winbindd_getpwuid.c s3:winbind: The get[gr|pw]end functions need access to the client state 2009-08-16 13:28:14 +02:00
winbindd_getsidaliases.c s3: Add some debug to GETSIDALIASES 2010-04-19 14:27:18 +02:00
winbindd_getuserdomgroups.c s3:winbind: The get[gr|pw]end functions need access to the client state 2009-08-16 13:28:14 +02:00
winbindd_getusersids.c s3:winbind: Convert WINBINDD_GETUSERSIDS to the new API 2009-08-27 15:04:09 +02:00
winbindd_gid_to_sid.c s3:winbind: The get[gr|pw]end functions need access to the client state 2009-08-16 13:28:14 +02:00
winbindd_group.c s3: Remove unused get_sam_group_entries 2009-12-21 16:27:19 +01:00
winbindd_idmap.c s3: Remove some unused dual functions 2009-12-21 16:27:19 +01:00
winbindd_list_groups.c winbindd: Fill in num_entries where available 2010-04-19 14:27:18 +02:00
winbindd_list_users.c winbindd: Fill in num_entries where available 2010-04-19 14:27:18 +02:00
winbindd_locator.c s3:winbind: Fix bug 5626 2009-08-30 11:13:18 +02:00
winbindd_lookupname.c s3:winbind: Fix a typo 2009-08-27 15:04:09 +02:00
winbindd_lookuprids.c w3:winbind: Convert WINBINDD_LOOKUPRIDS to the new API 2009-08-29 19:42:26 +02:00
winbindd_lookupsid.c s3:winbind: Fix a typo 2009-08-29 10:44:13 +02:00
winbindd_misc.c winbindd: Fill in num_entries where available 2010-04-19 14:27:18 +02:00
winbindd_msrpc.c s3-winbind: Set status before we leave in some msrpc functions. 2010-07-13 19:17:41 +02:00
winbindd_ndr.c s3-build: only use ndr_security.h where needed. 2010-05-31 11:32:37 +02:00
winbindd_pam_auth_crap.c s3: Convert WINBINDD_PAM_AUTH_CRAP to the new async API 2010-04-19 14:27:19 +02:00
winbindd_pam_auth.c Fix bug #7589 - ntlm_auth fails to use cached credentials. 2010-07-29 12:44:00 -07:00
winbindd_pam_chauthtok.c s3: Move the in-memory ccache to the parent 2010-04-19 14:27:24 +02:00
winbindd_pam_chng_pswd_auth_crap.c s3: Convert WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP to the new async API 2010-04-23 23:41:04 +02:00
winbindd_pam_logoff.c s3: Move the in-memory ccache to the parent 2010-04-19 14:27:24 +02:00
winbindd_pam.c s3-winbindd: route samr chgpwd ops for own domain over internal samr pipe as well. 2010-07-07 16:49:26 +02:00
winbindd_ping_dc.c s3:winbind: Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc 2009-12-21 23:23:52 +01:00
winbindd_proto.h s3-winbindd: route samr chgpwd ops for own domain over internal samr pipe as well. 2010-07-07 16:49:26 +02:00
winbindd_reconnect.c s3:dom_sid Global replace of DOM_SID with struct dom_sid 2010-05-21 10:39:59 +02:00
winbindd_remove_mapping.c s3:winbind: Fix some enum type mismatches found by the Solaris compiler 2009-09-18 03:31:22 +02:00
winbindd_rpc.c s3-winbind: Handle aliases in rpc_lookup_groupmem(). 2010-07-06 18:38:14 +02:00
winbindd_rpc.h s3-winbind: Added a common rpc_trusted_domains function. 2010-07-05 15:59:14 +02:00
winbindd_samr.c s3-rpc: when using rpc_pipe_open_internal, make sure to go through NDR. 2010-07-08 16:35:26 +02:00
winbindd_set_hwm.c s3:winbind: Fix some enum type mismatches found by the Solaris compiler 2009-09-18 03:31:22 +02:00
winbindd_set_mapping.c s3:winbind: Fix some enum type mismatches found by the Solaris compiler 2009-09-18 03:31:22 +02:00
winbindd_setgrent.c s3:winbind: Convert the getgrent functions to the new API 2009-08-29 19:42:27 +02:00
winbindd_setpwent.c s3:winbind: Convert the GETPWENT routines to the new API 2009-08-29 19:42:26 +02:00
winbindd_show_sequence.c s3:winbind: The get[gr|pw]end functions need access to the client state 2009-08-16 13:28:14 +02:00
winbindd_sid_to_gid.c s3:winbind: The get[gr|pw]end functions need access to the client state 2009-08-16 13:28:14 +02:00
winbindd_sid_to_uid.c s3:winbind: The get[gr|pw]end functions need access to the client state 2009-08-16 13:28:14 +02:00
winbindd_uid_to_sid.c s3:winbind: The get[gr|pw]end functions need access to the client state 2009-08-16 13:28:14 +02:00
winbindd_util.c s3-winbind: Fixed the winbind caching. 2010-07-06 18:38:14 +02:00
winbindd_wins.c Make winbindd_cli_state->response a pointer instead of a struct member 2009-06-14 22:22:10 +02:00
winbindd.c s3-rpc_server: Added callbacks for init and shutdown of a rpc service. 2010-07-19 12:59:18 +02:00
winbindd.h s3:winbindd use common server context functions 2010-06-10 17:30:45 -04:00