summaryrefslogtreecommitdiffstats
path: root/source/auth
Commit message (Collapse)AuthorAgeFilesLines
...
* Process the workstation trust account code INSIDE the authenticaion subsystem,Andrew Bartlett2001-09-261-5/+20
| | | | | | just like any other logon. Matching code removal in reply.c to follow. Andrew Bartlett
* Rearrange the order of the checks in auth_smbpasswd.c, always check passwordsAndrew Bartlett2001-09-261-73/+111
| | | | | | | first. Add password expiry and 'must change before first logon' support. - This requires that the passdb be up to the job to supply the info.
* Move pass_check.c over to NTSTATUS, allowing full NTSTATUS from PAM to wire!Andrew Bartlett2001-09-202-83/+121
| | | | | Add the ability for swat to run in non-root-mode (ie non-root from inetd). - we still need some of the am_root() calls fixed however.
* We are not meant to touch the username, so use the pass->pw_name output ratherAndrew Bartlett2001-09-201-6/+6
| | | | than Get_Pwnam(user, True).
* Fix for MiXed and UPPER case usernames with plaintext PAM passwords.Andrew Bartlett2001-09-201-1/+1
|
* Revert this one: The NTLMv2 checks need the original username as foundAndrew Bartlett2001-09-201-1/+1
| | | | on the wire.
* - Fix up to use sampass->username insted of user_info->smb_usernameAndrew Bartlett2001-09-191-7/+7
| | | | - Fix initial lookup to use the mapped username.
* Remove the ugly hacks to get around the Get_Pwnam() calls in pass_check.c byAndrew Bartlett2001-09-192-9/+16
| | | | | | | | | | | | | simply not doing Get_Pwnam() calls in pass_check.c We now make *one* sys_getpnam() call in cgi.c and we always call PAM no matter what it returns. We also no longer run the password cracker for these logins. The truly parinod will note the slight difference in call paths, in that we only call crypt for valid password structs (if not --with-pam). The truly parinoid don't run SWAT either, so I don't think this is an issue. Andrew Bartlett
* move to SAFE_FREE()Simo Sorce2001-09-172-3/+3
|
* move to SAFE_FREE()Simo Sorce2001-09-171-12/+9
|
* Fix up workstaion and kickoff time checks, moved to auth_smbpasswd.c whereAndrew Bartlett2001-09-162-13/+55
| | | | | | | | | they can have general effect. Fixed up workstaion support in the rest of samba, so that we can do these checks. Pass through the workstation for cli_net_logon(), if supplied.
* Now that we always get back an NTSTATUS code actually pass it on to theAndrew Bartlett2001-09-142-17/+5
| | | | | | auth subsytem. Also kill off the (unneeded) wrapper fuction. Andrew Bartlett
* Some patches to authentication:Tim Potter2001-09-124-17/+26
| | | | | | | | | - the usersupplied_info now contains a smb_username (as it comes across on the wire) and a unix_username (after being passed through mapping functions) - when doing security={server,domain} use the smb_username, otherwise use the unix_username
* made a couple of local fns staticAndrew Tridgell2001-09-101-1/+1
|
* cope with pam being offAndrew Tridgell2001-09-041-1/+1
|
* the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but ↵Andrew Tridgell2001-09-049-44/+44
| | | | the client code still needs some work
* Fixed silly typo.Jeremy Allison2001-08-301-3/+3
| | | | Jeremy.
* Fix from Paul Green to set correct lengths.Jeremy Allison2001-08-301-3/+3
| | | | Jeremy.
* converted another bunch of stuff to NTSTATUSAndrew Tridgell2001-08-278-27/+27
|
* started converting NTSTATUS to be a structure on systems with gcc in order ↵Andrew Tridgell2001-08-271-8/+9
| | | | to make it type incompatible with BOOL so we catch errors sooner. This has already found a number of bugs
* get rid of compiler warningsHerb Lewis2001-08-243-8/+8
|
* Fixed incorrect debug.Tim Potter2001-08-241-4/+1
|
* Fix up some unused variables and functions, fix up formattingAndrew Bartlett2001-08-231-1/+0
|
* Add a new option to disable our paranoid server check.Andrew Bartlett2001-08-211-1/+1
| | | | Defaults to ON, ie checking
* Add comment to clarify why we call this twice.Andrew Bartlett2001-08-201-0/+2
|
* two fixes for NT clients -> share level Samba serverAndrew Tridgell2001-08-201-1/+2
|
* smbd/auth_server: Doco, we want to use cli_nt_error here soonAndrew Bartlett2001-08-171-0/+1
| | | | | | | | | smbd/password.c: We don't use globals here anymore smbd/reply.c: Tidyness, global_myworkgroup must die! smbd/service.c: Move some of the make_connection code into a helper function.
* Style cleanup for the last vuid change.Andrew Bartlett2001-08-171-5/+8
| | | | | | | Style, doco and DEBUG() fixes for auth_smbpasswd.c (In particular for the account control call). Andrew Bartlett
* This patch does a number of things, mostly smaller than they look :-)Andrew Bartlett2001-08-125-420/+153
| | | | | | | | | | | | | | | In particuar, it moves the domain_client_validate stuff out of auth_domain.c to somwhere where they (I hope) they can be shared with winbind better. (This may need some work) The main purpose of this patch was however to improve some of the internal documentation and to correctly place become_root()/unbecome_root() calls within the code. Finally this patch moves some more of auth.c into other files, auth_unix.c in this case. Andrew Bartlett
* Use the new client error api.Tim Potter2001-08-101-1/+1
|
* a few cleanups while mergeing the passdb code into 2.2Gerald Carter2001-08-091-1/+1
|
* Record the NT_STATUS constant rather than its number in the logfilesAndrew Bartlett2001-08-061-1/+2
| | | | Fix typo in lmhosts manpage
* This is the fix for the PAM bug I probably introduced in the previous commit,Andrew Bartlett2001-08-031-0/+3
| | | | | | | | which I will confirm once I can find a box it would break on in the first place. (this is the pam accounts as nobody thing we had with 2.2.0) Andrew Bartlett
* This is my 'Authentication Rewrite' version 1.01, mostly as submitted toAndrew Bartlett2001-08-036-0/+1471
| | | | | | | | | | | | | | | | | | | | | | | | samba-technical a few weeks ago. The idea here is to standardize the checking of user names and passwords, thereby ensuring that all authtentications pass the same standards. The interface currently implemented in as nt_status = check_password(user_info, server_info) where user_info contains (mostly) the authentication data, and server_info contains things like the user-id they got, and their resolved user name. The current ugliness with the way the structures are created will be killed the next revision, when they will be created and malloced by creator functions. This patch also includes the first implementation of NTLMv2 in HEAD, but which needs some more testing. We also add a hack to allow plaintext passwords to be compared with smbpasswd, not the system password database. Finally, this patch probably reintroduces the PAM accounts bug we had in 2.2.0, I'll fix that once this hits the tree. (I've just finished testing it on a wide variety of platforms, so I want to get this patch in).
* Fix case insensitive password change code.Jeremy Allison2001-07-231-4/+2
| | | | | Fixed crash bug with un-zeroed talloced memory. Jeremy.
* This removes unused paramaters from various authtication functions, and shouldAndrew Bartlett2001-07-081-7/+2
| | | | | | | | | not change behaviour. This should make my later diffs smaller, where I actualy start cleaning up this mess... Andrew Bartlett
* Password changing via PAM works now. DONT CHANGE THIS UNLESS YOU RE-TEST !!!!!!Jeremy Allison2001-07-061-2/+19
| | | | Jeremy.
* Added Andrew's pam password change stuff. Needs some testing but looks good !Jeremy Allison2001-06-251-44/+140
| | | | Jeremy.
* Fixed up the oldpw prompts. Made the matching case insensitive.Jeremy Allison2001-05-091-5/+24
| | | | Jeremy.
* Had to add a "pam password change" parameter (defaults to "off") and inlinedJeremy Allison2001-05-021-10/+11
| | | | | | | | | | | the pam password change code to ensure that existing and working password chat scripts don't break with 2.2.1. PAM password changing has to be explicitly requested. Allowed wildcards in pam password change matching (matches password chat script matching). Had to add const (sorry Tim :-) to ms_fnmatch() to stop warnings. Don't worry - the const changes are isolated and don't cause any other warnings :-). Jeremy.
* Runtime check for broken PAM systems with no appdata_ptr support. ThisJeremy Allison2001-05-011-2/+22
| | | | | should eventually be an autoconf test with a #ifdef workaround. I *HATE* pam :-). Jeremy.
* Stop coredump on pam password change with pam_pwdb.so module on error.Jeremy Allison2001-05-011-1/+5
| | | | Jeremy.
* Added Andrew Bartlett's fixes to my changes to his original patch (at theJeremy Allison2001-05-012-3/+3
| | | | | court of king caractacus, was just passing by... :-). Jeremy.
* Allow pam code to compile on Solaris (which doesn't have ↵Jeremy Allison2001-05-011-0/+5
| | | | | | PAM_AUTHTOK_RECOVER_ERR). Jeremy.
* Fixing consts in pam code.Jeremy Allison2001-04-301-2/+2
| | | | Jeremy.
* Based on an original PAM patch by Andrew Bartlett, re-written by me toJeremy Allison2001-04-301-124/+417
| | | | | | | remove global static PAM variables, and to tidy up the PAM internals code. Now looks like the rest of Samba. Still needs testing. Jeremy.
* Added "obey pam restrictions" parameter - default to "off".Jeremy Allison2001-04-231-0/+17
| | | | | | | Only set this to "on" if you know you have your PAM set up correctly..... NB. Doesn't apply to plaintext password authentication, which must use pam when compiled in. Jeremy.
* Fix more free twice bugs.Jeremy Allison2001-04-231-2/+5
| | | | Jeremy.
* Fix for bug in code for pam_session failure - pam_end called twice.Jeremy Allison2001-04-231-12/+5
| | | | Jeremy.
* Added smb_ prefix to all Samba wrapper pam functions.Jeremy Allison2001-04-232-50/+48
| | | | | Fixed off by one bug using StrnCpy instead of strdup(). Jeremy.
generated by cgit (git 2.34.1) at 2025-09-26 19:35:13 +0000