summaryrefslogtreecommitdiffstats
path: root/source3/auth
Commit message (Collapse)AuthorAgeFilesLines
* s3: auth: Add previously missing allocation fail check.Jeremy Allison2015-01-141-0/+4
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3: auth: Plumb in the SamInfo3_handle_sids() utility function into ↵Jeremy Allison2015-01-143-5/+17
| | | | | | | | | | | | | passwd_to_SamInfo3(). Core fix for: https://bugzilla.samba.org/show_bug.cgi?id=11044 Based on code from Michael Zeis <mzeis.quantum@gmail.com> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3: auth: Convert samu_to_SamInfo3() to use the new utility function.Jeremy Allison2015-01-141-57/+9
| | | | | | | | | Based on code from Michael Zeis <mzeis.quantum@gmail.com> https://bugzilla.samba.org/show_bug.cgi?id=11044 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3: auth: Add a utility function - SamInfo3_handle_sids() that factors out ↵Jeremy Allison2015-01-141-0/+70
| | | | | | | | | | | the code to handle "Unix Users" and "Unix Groups". Based on code from Michael Zeis <mzeis.quantum@gmail.com> https://bugzilla.samba.org/show_bug.cgi?id=11044 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3:auth: add some const to user_in_list()Stefan Metzmacher2014-11-142-3/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:auth: add missing auth_samba4_init() prototypeStefan Metzmacher2014-11-141-0/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Don't drop any error codes just because we think there cannot be any errors ↵root2014-10-301-0/+3
| | | | | | | | | | we didn't think of if the user asked for a level 10 log. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Oct 30 09:14:51 CET 2014 on sn-devel-104
* s3-winbindd: Attempt to connect to NETLOGON over NCACN_IP_TCP if we canAndrew Bartlett2014-10-081-1/+1
| | | | | | | | | | | | This is very helpful in the trusted domain situation, as we may not have a two-way trust but we can use our domain trust account to set up a connection to NETLOGON Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Oct 8 12:48:15 CEST 2014 on sn-devel-104
* lib/util: move memcache.[ch] to the toplevel 'samba-util' libraryStefan Metzmacher2014-07-181-1/+1
| | | | | | | | | | This is generic enough that it could be used in all code. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Jul 18 15:43:33 CEST 2014 on sn-devel-104
* auth: Fix an incompatible pointer assignmentVolker Lendecke2014-07-071-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Jul 7 10:58:30 CEST 2014 on sn-devel-104
* s4-auth: Do not override the NT_STATUS_NOT_IMPLEMENTED error for winbinddAndrew Bartlett2014-07-041-0/+7
| | | | | | | | | This changes the auth code in winbindd to use this as a flag, and to therefore contact the RW DC. Change-Id: If4164d27b57b453b398642fdf7d46d03cd0e65f2 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
* s3: auth: Change auth3_generate_session_info_pac() to use a copy of the ↵Jeremy Allison2014-06-181-2/+9
| | | | | | | | | | | info3 struct from the struct PAC_LOGON_INFO. Call create_info3_from_pac_logon_info() to add in any resource SIDs from the struct PAC_LOGON_INFO to the info3. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com> Reviewed-by: Simo Sorce <idra@samba.org>
* s3: auth: Add create_info3_from_pac_logon_info() to create a new info3 and ↵Jeremy Allison2014-06-182-0/+80
| | | | | | | | | | merge resource group SIDs into it. Originally written by Richard Sharpe Richard Sharpe <realrichardsharpe@gmail.com>. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com> Reviewed-by: Simo Sorce <idra@samba.org>
* s3: auth: Change make_server_info_info3() to take a const struct ↵Jeremy Allison2014-06-183-6/+6
| | | | | | | | | | netr_SamInfo3 pointer instead of a struct PAC_LOGON_INFO. make_server_info_info3() only reads from the info3 pointer. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com> Reviewed-by: Simo Sorce <idra@samba.org>
* s3: auth: Add some const to the struct netr_SamInfo3 * arguments of ↵Jeremy Allison2014-06-183-4/+4
| | | | | | | | | | copy_netr_SamInfo3() and make_server_info_info3() Both functions only read from the struct netr_SamInfo3 * argument. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com> Reviewed-by: Simo Sorce <idra@samba.org>
* auth: Provide a way to use the auth stack for winbindd authenticationAndrew Bartlett2014-06-113-10/+28
| | | | | | | | | | | | | | This adds in flags that allow winbindd to request authentication without directly calling into the auth_sam module. That in turn will allow winbindd to call auth_samba4 and so permit winbindd operation in the AD DC. Andrew Bartlett Change-Id: I27d11075eb8e1a54f034ee2fdcb05360b4203567 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* smbd: fix creation of BUILTIN\{Administrators,Users} when "tdbsam:map ↵Michael Adam2014-05-191-3/+13
| | | | | | | | | | | | | | | | builtin = false" In this case, passdb/group mapping is not responsible for the id mapping of the builtins, so the check whether the SID maps to a unix ID is not valid for checking whether the builtin has been created as a proper group. So this patch changes the check to whether we find the builtin in the group mapping database. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon May 19 16:41:41 CEST 2014 on sn-devel-104
* auth: Allow auth_samba4 to be forced to run a specific auth moduleAndrew Bartlett2014-05-162-12/+27
| | | | | | | | | | This will allow new tests to be written to validate winbindd authentication results Andrew Bartlett Change-Id: I008eba1de349b17ee4eb9f11be08338557dffecc Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-auth: Register ncalrpc_as_system gensec module.Andreas Schneider2014-04-241-1/+3
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:auth: allow special SYSTEM and ANONYMOUS handling in ↵Stefan Metzmacher2014-04-241-2/+43
| | | | | | | | | | auth3_generate_session_info() auth_ctx->generate_session_info() will be used by the SCHANNEL and NCALRPC_AS_SYSTEM gensec modules in future. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth: Move wbcAuthUserInfo_to_netr_SamInfo3 to the top levelAndrew Bartlett2014-04-182-192/+0
| | | | | | | | | This allows auth_winbind in source4 to use this more correct conversion routine. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth: Remove support for HAVE_TRUNCATED_SALT from pass_check.cAndrew Bartlett2014-04-151-14/+0
| | | | | | | | | | | The comments indicate that this was needed for HP-UX at one point, but the configure code was never ported to WAF. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Apr 15 12:32:09 CEST 2014 on sn-devel-104
* auth: Remove USE_BOTH_CRYPT_CALLS block from pass_check.cAndrew Bartlett2014-04-151-20/+0
| | | | | | | | This code is dead since the move to the WAF build system, but was set for HP-UX 9, 10 and 11 in the autoconf build system. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth: Remove linux_bigcrypt support from pass_check.cAndrew Bartlett2014-04-151-32/+0
| | | | | | | This is dead code, and probably has been for quite some time. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth: Remove support for plaintext auth on systems that use getprpwnam()Andrew Bartlett2014-04-151-10/+0
| | | | | | | | The WAF build does not have the code to detect getprpwnam, so this is dead code. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth: Remove plaintext OSF1 password supportAndrew Bartlett2014-04-151-64/+0
| | | | | | | | The WAF build does not have the code to detect getprpwnam on which this is based, and so this is dead code. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth: Remove afs_auth() from pass_check.c and s4's auth_unixAndrew Bartlett2014-04-151-35/+0
| | | | | | | | The waf build does not have code to detect support for AFS plaintext authentication, so this is dead code. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth: Remove dfs_auth() from pass_check.c and s4's auth_unixAndrew Bartlett2014-04-151-315/+0
| | | | | | | | The waf build has no logic to detect DCE/DFS, so this plaintext authentication mechanism is dead code. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth: Remove unused PASSWORD_LENTH macro from pass_check.cAndrew Bartlett2014-04-151-6/+0
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth: Remove static variable ths_user from password_check() codeAndrew Bartlett2014-04-151-36/+9
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-auth: Do not reset bad password count to 0 if account is disabledAndrew Bartlett2014-04-021-11/+11
| | | | | | Change-Id: I895435fb278eae5d92b4a8e15d062769c0e8a71a Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Only call pdb_get_acct_ctrl() once in check_sam_securityAndrew Bartlett2014-04-021-4/+6
| | | | | | Change-Id: I43792711543e25c50c29ab5a24d16f614c670cca Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Add prototype for plugin function to reduce warnings in auth_samba4Andrew Bartlett2014-04-021-0/+1
| | | | | | Change-Id: I0aa703bb2766f1353a176a0c3f25424bbc4953f5 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* s3-auth: Remember to always free the talloc_stackframe() in auth_samba4Andrew Bartlett2014-04-021-0/+2
| | | | | | Change-Id: I94469de9d463ee90365bae43094231efaf0a7d8c Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* auth_samba4: Fix auth_samba4 to correctly provide a messaging context for itselfAndrew Bartlett2014-04-021-16/+9
| | | | | | | | This is done by calling make_auth4_context_s4(), avoiding code duplication. Change-Id: I3a3bf4e4273f27078c308d55102e4a1f4b052d17 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* s3-auth: Finally change make_user_info_*() use a parent talloc contextAndrew Bartlett2014-04-024-34/+40
| | | | | | Change-Id: Iedf516e8c24e0d18064aeedd8e287ed692d3c5b4 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* s3: smbd: Factor out code that calls getgroups_unix_user() into a separate ↵Jeremy Allison2014-03-251-52/+92
| | | | | | | | | | | | | | | | | | | | | | function. This code needs to special-case the guest user, as this token can have the token_sid[0] set to the Guest SID, not the mapping of UNIX uid -> SID. Other users that may have a well-known SID set in token_sid[0] (like SYSTEM) are usually not mappable to UNIX users and can be ignored when adding local groups from /etc/group. Found by <linux@kukkukk.com>. Second part of the bugfix for: https://bugzilla.samba.org/show_bug.cgi?id=10508 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3: smbd: Ensure we always go via getgroups_unix_user() when creating an NT ↵Jeremy Allison2014-03-211-0/+61
| | | | | | | | | | | | | | | token. This has to be done in every code path that creates an NT token, as remote users may have been added to the local /etc/group database. Tokens created merely from the info3 structs (via the DC or via the krb5 PAC) won't have these local groups. https://bugzilla.samba.org/show_bug.cgi?id=10508 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo Sorce <idra@samba.org>
* s3-auth: Steal the memory to avoid duplication.Andreas Schneider2014-03-131-5/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-auth: Do not leak tmp_ctx if make_server_info() fails.Andreas Schneider2014-03-131-1/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-auth: Make is_null_sid() check easier to read.Simo Sorce2014-03-131-2/+3
| | | | | | Signed-off-by: Simo Sorce <idra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case.Stefan Metzmacher2014-03-131-0/+1
| | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: Iabf22753effd80086d7956619a3dae830e487da8 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-on: https://gerrit.samba.org/161
* Remove all uses of the NT_STATUS_NOT_OK_RETURN_AND_FREE macro from the codebase.Garming Sam2014-03-051-2/+8
| | | | | | | | | | Following the current coding guidelines, it is considered bad practice to return from within a macro and change control flow as they look like normal function calls. Change-Id: I421e169275fe323e2b019c6cc5d386289aec07f7 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Remove a number of NT_STATUS_HAVE_NO_MEMORY_AND_FREE macros from the codebase.Garming Sam2014-03-051-11/+44
| | | | | | | | | | | Following the current coding guidelines, it is considered bad practice to return from within a macro and change control flow as they look like normal function calls. Change-Id: I133eb5a699757ae57b87d3bd3ebbcf5b556b0268 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-auth: Pass mem_ctx to do_map_to_guest_server_info().Andreas Schneider2014-02-193-11/+16
| | | | | | | | Change-Id: If53117023e3ab37c810193edd00a81d247fdde7a Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Feb 19 01:28:14 CET 2014 on sn-devel-104
* s3-auth: Pass mem_ctx to auth_check_ntlm_password().Andreas Schneider2014-02-193-24/+40
| | | | | | | | | | Coverity-Id: 1168009 BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598 Signed-off-by: Andreas Schneider <asn@samba.org> Change-Id: Ie01674561a6a75239a13918d3190c2f21c3efc7a Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-auth: Pass mem_ctx to make_server_info_sam().Andreas Schneider2014-02-194-28/+47
| | | | | | | | | | Coverity-Id: 1168009 BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598 Signed-off-by: Andreas Schneider <asn@samba.org> Change-Id: Ie614b0654c3a7eec1ebb10dbb9763696eec795bd Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth: Make new_server_id_task() static to auth_samba4Volker Lendecke2014-02-121-0/+42
| | | | | | | | This is not used in other parts of source3, so this patch improves modularity and isolation of features. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* param: rename lp function and variable from "encrypted_passwords" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "encrypt_passwords" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "adduser_script" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "add_user_script" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
generated by cgit (git 2.34.1) at 2025-06-15 07:34:28 +0000