summaryrefslogtreecommitdiffstats
path: root/source/auth
Commit message (Collapse)AuthorAgeFilesLines
* Revert "Split lookup_name() and create a new functiong called"Simo Sorce2008-09-032-7/+17
| | | | This reverts commit 8594edf666c29fd4ddf1780da842683dd81483b6.
* Merge branch 'v3-devel' of ssh://git.samba.org/data/git/samba into v3-develSimo Sorce2008-08-261-2/+3
|\
| * auth: Fix build warning.Günther Deschner2008-08-251-2/+3
| | | | | | | | Guenther
* | Split lookup_name() and create a new functiong calledSimo Sorce2008-08-172-17/+7
|/ | | | | lookup_domain_name(). This new function accept separated strings for domain and name.
* Fix show-stopper for 3.2. Smbd depends on group SIDJeremy Allison2008-08-141-0/+34
| | | | | | | | | | position zero being the primary group sid. Authenicating via winbindd call returned a non-sorted sid list. This fixes is for both a winbindd call and a pac list from an info3 struct. Without this we mess up the primary group associated with created files. Found by Herb. Jeremy.
* Make it clear that this is a temporary context byusing a talloc stackframe ↵Jeremy Allison2008-08-141-22/+16
| | | | | | instead. Jeremy
* Removed redundant logging from create_builtin_users and ↵Tim Prouty2008-07-301-16/+4
| | | | | | | create_builtin_administrators The Debug messages in create_builtin_users and create_builtin_users have now been encapsulated in add_sid_to_builtin.
* Enabled domain groups to be added to builtin groups at domain join timeTim Prouty2008-07-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Previously this was done at token creation time if the Administrators and Users builtins hadn't been created yet. A major drawback to this approach is that if a customer is joined to a domain and decides they want to join a different domain, the domain groups from this new domain will not be added to the builtins. It would be ideal if these groups could be added exclusively at domain join time, but we can't rely solely on that because there are cases where winbindd must be running to allocate new gids for the builtins. In the future if there is a way to allocate gids for builtins without running winbindd, this code can be removed from create_local_nt_token. - Made create_builtin_users and create_builtin_administrators non-static so they can be called from libnet - Added a new function to libnet_join that will make a best effort to add domain administrators and domain users to BUILTIN\Administrators and BUILTIN\Users, respectively. If the builtins don't exist yet, winbindd must be running to allocate new gids, but if the builtins already exist, the domain groups will be added even if winbindd is not running. In the case of a failure the error will be logged, but the join will not be failed. - Plumbed libnet_join_add_dom_rids_to_builtins into the join post processing.
* Refactored the code that adds Domain Admins to BUILTIN\Administrators to use ↵Tim Prouty2008-07-301-26/+30
| | | | | | | | | | | | the new helper functions. - Modified create_builtin_administrators and add_builtin_administrators to take in the domain sid to reduce the number of times it needs to be looked up. - Changed create_builtin_administrators to call the new helper functions. - Changed create_local_nt_token to call the new version of create_builtin_administrators and handle the new error that can be returned. - Made it more explicit that add_builtin_administrators is only called when winbindd can't be pinged.
* Refactored the code that adds Domain Users to BUILTIN\Users to use the new ↵Tim Prouty2008-07-301-17/+22
| | | | | | | | | | helper functions. - Modified create_builtin_users to take in the domain sid to reduce the number of times it needs to be looked up. - Changed create_builtin_users to call the new helper functions. - Changed create_local_nt_token to call the new version of create_builtin_users and handle the new error that can be returned.
* Helper functions to enable domain groups to be added to builtin groups at ↵Tim Prouty2008-07-301-0/+59
| | | | | | | domain join time Added two new helper functions which wrap the raw pdb alias functions so they can be more conveniently called while adding domain groups to builtin groups.
* Fix various build warningsZach Loafman2008-07-221-1/+1
| | | | | This fixes various build warnings on our platform. I'm sure I haven't caught them all, but it's a start.
* Refactoring: Change calling conventions for cli_rpc_pipe_open_schannelVolker Lendecke2008-07-201-2/+3
| | | | Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS
* Refactoring: Change calling conventions for cli_rpc_pipe_open_noauthVolker Lendecke2008-07-201-2/+3
| | | | Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS
* Fix the non-LDAP, non-krb5 build, fix gcc -O3 warnings.Jeremy Allison2008-06-261-1/+1
| | | | Jeremy.
* Add server_info to pipes_structVolker Lendecke2008-06-261-0/+16
|
* Fix for bug #5551, smbd recursing back into winbindd from a winbindd call.Jeremy Allison2008-06-241-13/+66
| | | | Jeremy.
* Fix bug #5555. Don't return NT_STATUS_PASSWORD_MUST_CHANGE error on machine ↵Jeremy Allison2008-06-241-2/+3
| | | | | | account logon. Jeremy.
* Wrap the unix token info in a unix_user_token in auth_serversupplied_infoVolker Lendecke2008-06-191-23/+25
| | | | No functional change, this is a preparation for more current_user ref removal
* Fix security=server, bug 5502Volker Lendecke2008-05-301-2/+4
| | | | | | | | This has brown paper bag quality and is definitely needed for 3.2.0. Thanks to Orion Poplawski for reporting this! Volker
* Make sure we have serversupplied_info->sanitized_username everywhereVolker Lendecke2008-05-111-10/+53
|
* Add function make_serverinfo_from_username()Volker Lendecke2008-05-101-0/+38
| | | | This will be used for 'security=share' and 'force user'
* Add a mem_ctx argument to make_server_info_guest()Volker Lendecke2008-05-102-5/+6
|
* Make copy_serverinfo non-static, add mem_ctxVolker Lendecke2008-05-101-3/+4
|
* Rename server_info->was_mapped to server_info->nss_tokenVolker Lendecke2008-05-075-11/+7
| | | | | "nss_token" from my point of view much better reflects what this flag actually represents
* Remove "userdom_struct user" from "struct user_struct"Volker Lendecke2008-05-051-0/+10
|
* Fix a typoVolker Lendecke2008-05-051-1/+1
|
* Remove unused set_current_user_guest()Volker Lendecke2008-05-051-33/+0
|
* BUG 5429: Clarify log msgs re: failure to create BUILTIN\{Administrators,Users}Gerald W. Carter2008-04-301-7/+9
| | | | | Raise the debug msgs from Lvl 0 in the create_builtin_XX() functions to prevent unnecessary panic from people reading the logs.
* auth: add SeDiskOperatorsPrivilege to get_root_nt_token to fix registry shares.Michael Adam2008-04-151-0/+2
| | | | Michael
* Fix typos.Karolin Seeger2008-04-091-1/+1
| | | | Karolin
* Use sid_array_from_info3 in lookup_usergroups_cached().Günther Deschner2008-04-041-1/+1
| | | | Guenther
* Fix NETLOGON credential chain with Windows 2008 all over the place.Günther Deschner2008-04-021-1/+1
| | | | | | | | | | | In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8 netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate flags everywhere (not only when running in security=ads). Only for NT4 we need to do a downgrade to the returned negotiate flags. Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6. Guenther
* Add debug statement in auth_winbind to display wbcAuthenticateUserEx error code.Günther Deschner2008-03-261-0/+5
| | | | Guenther
* Fix crash bug in check_sam_security() when make_server_info_sam() did aGünther Deschner2008-03-201-1/+0
| | | | | | talloc_steal and talloc_free on the sam account already. Guenther
* Fix bug 5317Volker Lendecke2008-03-141-1/+1
| | | | Thanks to oster@cs.usask.ca
* Use a separate tdb for mutexesVolker Lendecke2008-03-102-14/+18
| | | | | | | Another preparation to convert secrets.c to dbwrap: The dbwrap API does not provide a sane tdb_lock_with_timeout abstraction. In the clustered case the DC mutex is needed per-node anyway, so it is perfectly fine to use a local mutex only.
* Be more verbose why create local token has failed duringGünther Deschner2008-03-061-1/+2
| | | | | | NTLMSSP and Kerberos session setup Guenther
* Use netr_SamInfo3 in remaining places.Günther Deschner2008-02-171-5/+5
| | | | Guenther
* Use netr_SamInfo3 in make_server_info_info3().Günther Deschner2008-02-171-25/+27
| | | | Guenther
* Allow auth_ntlmssp_end() to ignore null pointers passed in.Jeremy Allison2008-02-141-1/+6
| | | | Jeremy.
* auth_winbind: use wbcAuthenticateUserEx()Stefan Metzmacher2008-02-132-69/+277
| | | | | | | | smbd doesn't need $(WBCOMMON_OBJ) anymore, it works with any libwbclient.so now and may talk to an older winbindd. metze
* Fix typo.Karolin Seeger2008-02-051-1/+1
| | | | Karolin
* Always pass a TALLOC_CTX to str_list_make and str_list_copyVolker Lendecke2008-02-041-10/+26
|
* tiny simplificationVolker Lendecke2008-02-041-5/+3
|
* Windows 2008 (Longhorn) auth2 flag fixes.Andreas Schneider2008-01-231-1/+1
| | | | Interop fixes for AD specific flags. Original patch from Todd Stetcher.
* Fix CID 460 - resource leak on error.Jeremy Allison2008-01-081-0/+1
| | | | Jeremy.
* Convert add_sid_to_array() add_sid_to_array_unique() to return NTSTATUS.Michael Adam2008-01-092-34/+52
| | | | Michael
* More logical operations on booleans. IBM checker.Jeremy Allison2008-01-042-2/+6
| | | | Jeremy.
* Fix a panicVolker Lendecke2007-12-291-1/+1
| | | | | get_root_nt_token asks for "struct nt_user_token". talloc_get_type is not smart enough to see that this is the same as NT_USER_TOKEN... :-)
generated by cgit (git 2.34.1) at 2025-08-28 21:34:24 +0000