Index: source/nsswitch/winbindd_nss.h =================================================================== --- source/nsswitch/winbindd_nss.h (revision 17720) +++ source/nsswitch/winbindd_nss.h (working copy) @@ -42,8 +42,8 @@ between /lib/libnss_winbind.so.2 and /li64/libnss_winbind.so.2. The easiest way to do this is to always use 8byte values for time_t. */ -#if defined(uint64) -# define SMB_TIME_T uint64 +#if defined(int64) +# define SMB_TIME_T int64 #else # define SMB_TIME_T time_t #endif @@ -190,7 +190,7 @@ #define WBFLAG_PAM_KRB5 0x1000 #define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x2000 #define WBFLAG_PAM_CACHED_LOGIN 0x4000 -#define WBFLAG_PAM_GET_PWD_POLICY 0x8000 +#define WBFLAG_PAM_GET_PWD_POLICY 0x8000 /* not used */ #define WINBINDD_MAX_EXTRA_DATA (128*1024) Index: source/nsswitch/winbind_nss_config.h =================================================================== --- source/nsswitch/winbind_nss_config.h (revision 17720) +++ source/nsswitch/winbind_nss_config.h (working copy) @@ -24,12 +24,12 @@ #ifndef _WINBIND_NSS_CONFIG_H #define _WINBIND_NSS_CONFIG_H -/* shutup the compiler warnings due to krb5.h on i - 64-bit sles9 */ +/* shutup the compiler warnings due to krb5.h on 64-bit sles9 */ #ifdef SIZEOF_LONG #undef SIZEOF_LONG #endif + /* Include header files from data in config.h file */ #ifndef NO_CONFIG_H @@ -137,7 +137,16 @@ #endif /* don't lie. If we don't have it, then don't use it */ #endif +#if !defined(int64) +#if (SIZEOF_LONG == 8) +#define int64 long +#elif (SIZEOF_LONG_LONG == 8) +#define int64 long long +#endif /* don't lie. If we don't have it, then don't use it */ +#endif + + /* zero a structure */ #ifndef ZERO_STRUCT #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) Index: source/nsswitch/pam_winbind.c =================================================================== --- source/nsswitch/pam_winbind.c (revision 17720) +++ source/nsswitch/pam_winbind.c (working copy) @@ -348,7 +348,7 @@ request.data.auth.krb5_cc_type[0] = '\0'; request.data.auth.uid = -1; - request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_GET_PWD_POLICY; + request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_CONTACT_TRUSTDOM; if (ctrl & WINBIND_KRB5_AUTH) { @@ -546,7 +546,7 @@ } if (ctrl & WINBIND_KRB5_AUTH) { - request.flags = WBFLAG_PAM_KRB5; + request.flags = WBFLAG_PAM_KRB5 | WBFLAG_PAM_CONTACT_TRUSTDOM; } ret = pam_winbind_request_log(pamh, ctrl, WINBINDD_PAM_CHAUTHTOK, &request, &response, user); @@ -1132,7 +1132,7 @@ } request.data.logoff.uid = pwd->pw_uid; - request.flags = WBFLAG_PAM_KRB5; + request.flags = WBFLAG_PAM_KRB5 | WBFLAG_PAM_CONTACT_TRUSTDOM; retval = pam_winbind_request_log(pamh, ctrl, WINBINDD_PAM_LOGOFF, &request, &response, user); } @@ -1373,7 +1373,7 @@ * Copyright (c) Tim Potter 2000 * Copyright (c) Andrew Bartlettt 2002 * Copyright (c) Guenther Deschner 2005-2006 - * Copyright (c) Jan Rêkorajski 1999. + * Copyright (c) Jan Rêkorajski 1999. * Copyright (c) Andrew G. Morgan 1996-8. * Copyright (c) Alex O. Yuriev, 1996. * Copyright (c) Cristian Gafton 1996. Index: source/nsswitch/winbindd_pam.c =================================================================== --- source/nsswitch/winbindd_pam.c (revision 17720) +++ source/nsswitch/winbindd_pam.c (working copy) @@ -6,7 +6,7 @@ Copyright (C) Andrew Tridgell 2000 Copyright (C) Tim Potter 2001 Copyright (C) Andrew Bartlett 2001-2002 - Copyright (C) Guenther Deschner 2005-2006 + Copyright (C) Guenther Deschner 2005 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -222,44 +222,18 @@ return NULL; } - if (strequal(domain_name, lp_workgroup())) { - return find_our_domain(); - } - -#ifdef HAVE_ADS - - /* when trying to login using krb5 with a trusted domain account, we - * need to make sure that our and the remote domain are AD */ - - if ((state->request.flags & WBFLAG_PAM_KRB5) && - (lp_security() == SEC_ADS)) { - - struct winbindd_domain *our_domain = find_our_domain(); - - if (!our_domain->active_directory) { - DEBUG(3,("find_auth_domain: out domain is not AD\n")); - return NULL; - } - - if ((domain = find_domain_from_name_noinit(domain_name)) == NULL) { - return NULL; - } - - /* do we already know it's AD ? */ - if (domain->active_directory) { + /* we can auth against trusted domains */ + if (state->request.flags & WBFLAG_PAM_CONTACT_TRUSTDOM) { + domain = find_domain_from_name_noinit(domain_name); + if (domain == NULL) { + DEBUG(3, ("Authentication for domain [%s] skipped " + "as it is not a trusted domain\n", + domain_name)); + } else { return domain; } - - set_dc_type_and_flags(domain); - - if (!domain->active_directory) { - DEBUG(3,("find_auth_domain: remote domain is not AD\n")); - return NULL; } - return domain; - } -#endif return find_our_domain(); } @@ -1286,15 +1260,12 @@ } - /* this is required to provide password expiry warning */ - if (state->request.flags & WBFLAG_PAM_GET_PWD_POLICY) { result = fillup_password_policy(domain, state); if (!NT_STATUS_IS_OK(result)) { DEBUG(10,("Failed to get password policies: %s\n", nt_errstr(result))); goto done; } - } } Index: source/include/includes.h =================================================================== --- source/include/includes.h (revision 17720) +++ source/include/includes.h (working copy) @@ -667,7 +667,15 @@ #endif /* don't lie. If we don't have it, then don't use it */ #endif +#if !defined(int64) +#if (SIZEOF_LONG == 8) +#define int64 long +#elif (SIZEOF_LONG_LONG == 8) +#define int64 long long +#endif /* don't lie. If we don't have it, then don't use it */ +#endif + /* * Types for devices, inodes and offsets. */