summaryrefslogtreecommitdiffstats
path: root/source/auth
Commit message (Collapse)AuthorAgeFilesLines
* r7024: reverting mistaken commitGerald Carter2005-05-271-13/+5
|
* r7020: fixing printer ace values and getting rid of false compiler warning ↵Gerald Carter2005-05-271-5/+13
| | | | about unitialized variable
* r6445: Make us survive the PARANOID_MALLOC_CHECKER. Should we enable that forVolker Lendecke2005-04-232-6/+6
| | | | | | --enable-developer=yes? Volker
* r6263: Get rid of generate_wellknown_sids, they are const static and ↵Volker Lendecke2005-04-091-5/+0
| | | | | | | | initializable statically. Volker
* r6225: get rid of warnings from my compiler about nested externsHerb Lewis2005-04-062-3/+5
|
* r5655: Added support for Novell NDS universal password. Code donated byJeremy Allison2005-03-051-1/+7
| | | | | | | | Vince Brimhall <vbrimhall@novell.com> - slight tidyup by me to use Samba conventions. Vince - thanks a *lot* for this code - please test to make sure I haven't messed anything up. Jeremy.
* r5647: Caches are good for performance, but you get a consistency problem.Volker Lendecke2005-03-031-0/+1
| | | | | | Fix bug # 2401. Volker
* r5562: * bump version to 3.0.12pre2Gerald Carter2005-02-251-1/+1
| | | | | | * change special character in gd's valid workstation check to a '+' to be more in line with the characters used by valid users
* r5528: Expand the invalid-workstation-scheme. Workstation-Names with leadingGünther Deschner2005-02-241-1/+13
| | | | | | | '@'-sign are expanded on-the-fly as posix-groups of workstations. This allows optional, more flexible login-control in larger networks. Guenther
* r5431: couple of cimpile fixes from Jason Mader <jason@ncac.gwu.edu> -- BUGS ↵Gerald Carter2005-02-171-2/+0
| | | | 2341 & 2342
* r5385: when operating in security = domain, allow domain admins to manage ↵Gerald Carter2005-02-141-1/+13
| | | | rigths assignments
* r5331: Support SIDs as %s replacements in the afs username map parameter.Volker Lendecke2005-02-111-0/+33
| | | | | | | Add 'log nt token command' parameter. If set, %s is replaced with the user sid, and %t takes all the group sids. Volker
* r5264: Log with loglevel 0 when account-administration scripts fail.Günther Deschner2005-02-071-1/+1
| | | | Guenther
* r4972: Fix a warning and some debugging-outputs.Günther Deschner2005-01-251-1/+1
| | | | Guenther
* r4805: Last planned change to the privileges infrastructure:Gerald Carter2005-01-171-12/+3
| | | | | | | | | | | * rewrote the tdb layout of privilege records in account_pol.tdb (allow for 128 bits instead of 32 bit flags) * migrated to using SE_PRIV structure instead of the PRIVILEGE_SET structure. The latter is now used for parsing routines mainly. Still need to incorporate some client support into 'net' so for setting privileges. And make use of the SeAddUserPrivilege right.
* r4724: Add support for Windows privileges in Samba 3.0Gerald Carter2005-01-131-15/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4.
* r4579: small changes to allow the members og the Domain Admins group on the ↵Gerald Carter2005-01-061-0/+29
| | | | Samba DC to join clients to the domain -- needs more testing and security review but does work with initial testing
* r4286: Give back 8 byte lm_session_key in Netrsamlogon-reply.Günther Deschner2004-12-201-3/+4
| | | | | | | | | | | | | | | | The old #ifdef JRATEST-block was copying 16 bytes and thus overwriting acct_flags with bizarre values, breaking a lot of things. This patch is successfully running in a production environment for quite some time now and is required to finally allow Exchange 5.5 to access another Exchange Server when both are running on NT4 in a samba-controlled domain. This also allows Exchange Replication to take place, Exchange Administrator to access other Servers in the network, etc. Fixes Bugzilla #1136. Thanks abartlet for helping me with that one. Guenther
* r4236: More *alloc fixes.Jeremy Allison2004-12-161-1/+1
| | | | Jeremy.
* r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison2004-12-073-17/+17
| | | | | | | | | allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy.
* r3705: Nobody has commented, so I'll take this as an ack...Volker Lendecke2004-11-121-36/+16
| | | | | | | | | | | | | | | | | abartlet, I'd like to ask you to take a severe look at this! We have solved the problem to find the global groups a user is in twice: Once in auth_util.c and another time for the corresponding samr call. The attached patch unifies these and sends them through the passdb backend (new function pdb_enum_group_memberships). Thus it gives pdb_ldap.c the chance to further optimize the corresponding call if the samba and posix accounts are unified by issuing a specialized ldap query. The parameter to activate this ldapsam behaviour is ldapsam:trusted = yes Volker
* r3616: Merge for 3.0.8.Andrew Bartlett2004-11-081-3/+3
| | | | | | | | | | In auth_winbind, remove the push_utf8 calls, as this is no longer a UTF8 interface. (Removed from everywhere else earlier). Tested with ASCII - I tried to load the weird charset for testing, but it doesn't seem to work any more. Andrew Bartlett
* r3563: During a typical logon a modern workstation makes a lot of anonymous ↵Volker Lendecke2004-11-051-1/+44
| | | | | | | | | | | session setups on its way to open a pipe. This gets rid of many round-trips to the LDAP server during logon by setting up the server_info_guest once and not asking the LDAP server and nss every time. Make sure that the ldap connection is reopened in the child. (I did not look at the sql backends.) Volker
* r3140: * try to ensure consistent usage of the username map.Gerald Carter2004-10-221-11/+23
| | | | | | | | | Use the fully qualified DOMAIN\user format for 'security = domain|ads' and apply after authentication has succeeded. * also change fill_domain_username() to only lowercase the username and not the domain+username. This was a cosmetic fix only. makes the output more consistent with %D and %U.
* r2899: Change some #if DEBUG_PASSWORD's to #ifdef DEBUG_PASSWORD.Tim Potter2004-10-111-1/+1
| | | | Bugzilla #1903.
* r2703: Fix typo noticed by Igor Belyi <sambauser@katehok.ac93.org>Jeremy Allison2004-09-281-1/+1
| | | | Jeremy.
* r2086: fix bug with winbindd_getpwnam() caused by Microsoft DC's not filling ↵Gerald Carter2004-08-271-1/+1
| | | | in the username in the user_info3
* r1780: Remove the UTC comment as it isn't.Jeremy Allison2004-08-121-2/+2
| | | | Jeremy.
* r1778: Fix based on code from Richard Renard <rrenard@idealx.com> toJeremy Allison2004-08-121-0/+42
| | | | | enforce logon hours. ldap fixes to follow. Jeremy.
* r1492: Rework our random number generation system.Andrew Bartlett2004-07-141-1/+1
| | | | | | | | | | On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). Andrew Bartlett
* r1414: Memory leak fixes found by valgrind whilst checking the password ↵Jeremy Allison2004-07-091-0/+6
| | | | | | | history code. Error code paths were not freeing up some memory. Jeremy.
* r1370: BUG 1297 - prevent map_username() from being called twice during logonGerald Carter2004-07-061-15/+17
|
* r1175: Nowadays we actually do have local groups, so add the corresponding ↵Volker Lendecke2004-06-171-8/+11
| | | | | | | | | | SIDs to the NT token we build. Thanks to Guenther Deschner <gd@sernet.de>. Volker
* r991: Allow winbindd to use the domain trust account passwordGerald Carter2004-06-031-1/+3
| | | | | | for setting up an schannel connection. This solves the problem of a Samba DC running winbind, trusting a native mode AD domain, and needing to enumerate AD users via wbinfo -u.
* r786: Memory leak fixes in (mostly) error code paths fromJeremy Allison2004-05-192-3/+5
| | | | | | kawasa_r@itg.hitachi.co.jp. A couple of mem leak fixes in mainline code paths though :-). Jeremy.
* r86: This function was moved to lib/nterr.hAndrew Bartlett2004-04-061-28/+0
| | | | Andrew Bartlett
* r69: Global rename of 'nt_session_key' -> 'user_session_key'. The session ↵Andrew Bartlett2004-04-063-11/+11
| | | | | | | key could be anything, and may not be based on anything 'NT'. This is also what microsoft calls it.
* r4: merge in the SAMBA_3_0 branch from cvsCVS Import User2004-04-043-122/+90
| | | | | | | | to checkout try this: svn co svn+ssh://svn.samba.org/home/svn/samba/branches/SAMBA_3_0 samba-3_0-work metze
* r2: import HEAD into svn+ssh://svn.samba.org/home/svn/samba/trunkCVS Import User2004-04-0413-0/+5937
metze
generated by cgit (git 2.34.1) at 2025-09-29 17:42:11 +0000