summaryrefslogtreecommitdiffstats
path: root/source3/auth
Commit message (Collapse)AuthorAgeFilesLines
* s3: Make sure we call wbcAuthenticateUserEx correctlyVolker Lendecke2011-01-172-8/+29
| | | | | | | | | | | | There are cases where we fill in params.password.response.lm_data with non-NULL where params.password.response.lm_length is 0. wbcAuthenticateUserEx does not like that. I haven't been able to reproduce this with smbclient yet, I've seen it with a proprietary smb client implementation. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Jan 17 16:30:11 CET 2011 on sn-devel-104
* s3: Avoid a few calls to cli_errstrVolker Lendecke2011-01-171-3/+3
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Jan 17 08:47:25 CET 2011 on sn-devel-104
* s3: Remove unused "retry" from cli_full_connectionVolker Lendecke2010-12-201-1/+1
|
* s3: Always retry the DC connection in auth_domainVolker Lendecke2010-12-201-8/+4
| | | | | | | | | | | | The only condition that cli_full_connection marks as non-retryable is the basic name lookup and TCP connect. To me this is pretty fishy. For example if the negprot fails, this is supposed to be more retryable than a NetBIOS name lookup failure? I'd rather think the opposite is true. Jeremy, this is code from 2002, 389a16d9d533. If you have any comments from back then, let me know :-) Volker
* s3: Fix bug 7066 -- wbcAuthenticateEx gives unix timesVolker Lendecke2010-12-191-3/+5
| | | | | We might eventually want to change this, but right now we get unix times out of the winbind pipe struct
* s3-waf: avoid module name uppercasing.Günther Deschner2010-12-011-18/+18
| | | | | | | | | | This finally allows mixed case module names like the classic build (./configure --shared_modules=charset_CP850) Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Dec 1 18:39:14 CET 2010 on sn-devel-104
* s3-waf: convert TOKEN_UTIL into a subsystem.Günther Deschner2010-11-301-2/+6
| | | | Guenther
* Fix memleak I accidently introduced when reading from tdb.Jeremy Allison2010-11-101-0/+1
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Nov 10 01:56:21 UTC 2010 on sn-devel-104
* Ensure we check the return from make_user_info before dereferencing the ↵Jeremy Allison2010-11-101-2/+2
| | | | | | value returned by it. Jeremy.
* Remove fstring from map_username. Create a more sane interface than the ↵Jeremy Allison2010-11-104-77/+155
| | | | | | called-parameter-is-modified. Jeremy.
* s3: Quieten a bogus error messageVolker Lendecke2010-11-091-3/+1
| | | | | | | | | | | This happens if you set "auth methods = winbind" without a fallback method. The return NT_STATUS_LOGON_FAILURE; is not strictly require here, because we fall through to the equivalent statement a few lines down, but it makes the code a bit clearer IMO. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Nov 9 20:15:59 UTC 2010 on sn-devel-104
* s3: Make proper use of sid_check_is_in_xx routinesVolker Lendecke2010-11-051-2/+2
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Nov 5 15:35:59 UTC 2010 on sn-devel-104
* s3: Fix a typoVolker Lendecke2010-11-051-1/+1
|
* Make getpwnam_alloc() static to lib/username.c, and ensure all username ↵Jeremy Allison2010-10-203-6/+6
| | | | | | | | | | | | lookups go through Get_Pwnam_alloc(), which is the correct wrapper function. We were using it *some* of the time anyway, so this just makes us properly consistent. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104
* s3-waf: move RPC_CLIENT_SCHANNEL into a subsystem.Günther Deschner2010-10-201-0/+1
| | | | Guenther
* s3-rpc_server: Make auth_serversupplied_info const.Andreas Schneider2010-10-151-1/+1
|
* s3-auth Use security_token_debug() from common codeAndrew Bartlett2010-10-142-27/+1
| | | | | | | | | This prints the security token including the privileges as strings instead of just a bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth use security_token_has_sid() from the common codeAndrew Bartlett2010-10-141-9/+2
| | | | | | | | | The wrapper call is left here to avoid changing semantics for the NULL parameter case. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett2010-10-123-3/+3
| | | | | | | | | | | | | | This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
* s3-waf: slowly getting modules to match how they look like in old build.Günther Deschner2010-10-081-19/+19
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Oct 8 09:31:01 UTC 2010 on sn-devel-104
* s3-waf: add AUTH_SCRIPT module to AUTH subsystem (which is build as sharedGünther Deschner2010-09-281-0/+7
| | | | | | module by default). Guenther
* s3-waf: fix dependencies in most of our module subsystems.Günther Deschner2010-09-281-6/+2
| | | | Guenther
* s3-auth_util: make sure the system server info actually contains S-1-5-18.Günther Deschner2010-09-281-0/+9
| | | | | | | | | Without this, all security descriptor checks for the winreg spoolss backend fail and make our spoolss system in its current shape basically unusable. Andreas, please check. Guenther
* s3-waf: move auth subsystem to auth/wscript_build.Günther Deschner2010-09-271-0/+84
| | | | Guenther
* s3: Remove talloc_autofree_context() from get_root_nt_token()Volker Lendecke2010-09-261-1/+1
| | | | The memcache_add_talloc() later on steals it anyway
* s3: Lift talloc_autofree_context() from make_auth_context_fixed()Volker Lendecke2010-09-261-3/+4
|
* s3: Lift talloc_autofree_context() from make_auth_context_subsystem()Volker Lendecke2010-09-263-6/+11
|
* s3: Lift talloc_autofree_context() from make_auth_context_text_list()Volker Lendecke2010-09-261-3/+6
|
* s3: Lift talloc_autofree_context() from make_auth_context()Volker Lendecke2010-09-261-3/+7
|
* s3: Fix a memleak in make_new_server_info_system()Volker Lendecke2010-09-261-0/+1
|
* s3: Remove talloc_autofree_context() from init_system_info()Volker Lendecke2010-09-261-1/+2
|
* s3: Fix a typoVolker Lendecke2010-09-251-1/+1
|
* s3-util: use shared dom_sid_dup.Günther Deschner2010-09-202-6/+7
| | | | Guenther
* s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.Günther Deschner2010-09-202-4/+5
| | | | Guenther
* libcli/auth/ntlmssp Be clear about talloc parents for session keysAndrew Bartlett2010-09-161-9/+16
| | | | | | | | | | The previous API was not clear as to who owned the returned session key. This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code, and avoids making allocations - we steal and zero instead. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-privs Call security_token_set_privilege() rather than manual assignmentAndrew Bartlett2010-09-111-1/+1
| | | | | | | | This avoids as much direct modifiction of the bitmask as possible. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-privs Inline dump_se_priv into callers now that it's just a uint64_tAndrew Bartlett2010-09-111-1/+1
| | | | | | | | The previous 128 bit structure needed this helper function. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3:auth Remove NT_USER_TOKENAndrew Bartlett2010-09-112-8/+8
| | | | | | | | | The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Change struct nt_user_token -> struct security_tokenAndrew Bartlett2010-09-111-14/+14
| | | | | | | | This common structure is defined in security.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Change type of num_sids to uint32_tAndrew Bartlett2010-09-111-5/+7
| | | | | | | | | | | | | | size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth: Added get_server_info_system function.Andreas Schneider2010-09-091-0/+5
|
* s3-auth: fix uninitialized error code in get_guest_info3().Günther Deschner2010-09-011-2/+1
| | | | Guenther
* s3-auth: remove global include of krb5pac.h.Günther Deschner2010-08-312-0/+2
| | | | Guenther
* s3-auth: remove unused variable in check_sam_security().Günther Deschner2010-08-311-1/+1
| | | | Guenther
* s3-auth Rename NT_USER_TOKEN privileges -> privilege_maskAndrew Bartlett2010-08-311-3/+3
| | | | | | This is closer to the struct security_token from security.idl Andrew Bartlett
* s3-auth Rename NT_USER_TOKEN user_sids -> sidsAndrew Bartlett2010-08-312-29/+29
| | | | This is closer to the struct security_token from security.idl
* s3-auth: The unlock of the account is now done by the get_sampwnam call.Andreas Schneider2010-08-301-5/+2
| | | | Signed-off-by: Simo Sorce <idra@samba.org>
* s3-auth: Use SamInfo3_for_guest to create guest server_info.Andreas Schneider2010-08-301-19/+70
| | | | Signed-off-by: Simo Sorce <idra@samba.org>
* s3-auth: add helper to get server_info out of kerberos infoSimo Sorce2010-08-301-0/+100
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* s3-auth: Add helper function to retrieve the unix user from a kerberos ticketSimo Sorce2010-08-301-0/+172
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
generated by cgit (git 2.34.1) at 2025-01-17 19:40:20 +0000