summaryrefslogtreecommitdiffstats
path: root/source3/auth/auth_domain.c
Commit message (Collapse)AuthorAgeFilesLines
* s3:auth_domain: make use of rpccli_netlogon_network_logon()Stefan Metzmacher2014-01-071-14/+22
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:auth_domain: make use of rpccli_{create,setup}_netlogon_creds()Stefan Metzmacher2014-01-071-51/+85
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:auth_domain: simplify connect_to_domain_password_server()Stefan Metzmacher2014-01-071-19/+12
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:auth_domain: remove dead code in check_trustdomain_security()Stefan Metzmacher2013-10-171-22/+0
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:auth_domain: try to use NETLOGON_NEG_SUPPORTS_AESStefan Metzmacher2013-08-101-1/+2
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth().Günther Deschner2013-08-051-1/+1
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_schannel().Günther Deschner2013-08-051-1/+1
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-auth Remove unused global_machine_account_needs_changingAndrew Bartlett2012-07-131-66/+0
| | | | | | | | | | | | | | This boolean was only set if the old machine account store (with an MD4 hash in it) was returned. We have not set that password type for years. If this call ever worked, it would store a plaintext password, so we could only ever be here if we had set a password using a version of Samba so old as not to store plaintext, and then never honered the flag anyway. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jul 13 07:52:40 CEST 2012 on sn-devel-104
* s3-auth Remove confusing reference to global_machine_password_needs_changingAndrew Bartlett2012-07-131-8/+0
| | | | | | This is in the trusted domain codepath, not the primary domain code path. Andrew Bartlett
* s3:auth: s/Undefined/SMB_SIGNING_DEFAULT/Stefan Metzmacher2011-11-031-1/+1
| | | | metze
* s3:auth_domain: we already have the dc_name, it's the same as cli->desthostStefan Metzmacher2011-07-221-1/+1
| | | | metze
* s3:auth_domain: add some const to sockaddr_storageStefan Metzmacher2011-07-221-2/+2
| | | | metze
* s3: Remove a use of cli_errstrVolker Lendecke2011-07-031-2/+3
| | | | All code above that might have failed sets result
* s3-param Remove special case for global_myname(), rename to lp_netbios_name()Andrew Bartlett2011-06-091-4/+4
| | | | | | | | There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett
* s3-talloc Change TALLOC_ZERO_P() to talloc_zero()Andrew Bartlett2011-06-091-2/+2
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_P isn't standard talloc.
* s3-libsmb: move protos to libsmb/proto.hGünther Deschner2011-05-061-0/+1
| | | | Guenther
* s3-auth: use auth.h where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-passdb: use passdb headers where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-rpc_client: Move client pipe functions to own header.Andreas Schneider2011-02-281-0/+1
|
* s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945)Günther Deschner2011-02-041-0/+1
| | | | | | | | | | | | | The benefit of this that it makes us more robust to secure channel resets triggered from tools outside the winbind process. Long term we need to have a shared tdb secure channel store though as well. Guenther Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Feb 4 18:11:04 CET 2011 on sn-devel-104
* s3: Remove unused "retry" from cli_full_connectionVolker Lendecke2010-12-201-1/+1
|
* s3: Always retry the DC connection in auth_domainVolker Lendecke2010-12-201-8/+4
| | | | | | | | | | | | The only condition that cli_full_connection marks as non-retryable is the basic name lookup and TCP connect. To me this is pretty fishy. For example if the negprot fails, this is supposed to be more retryable than a NetBIOS name lookup failure? I'd rather think the opposite is true. Jeremy, this is code from 2002, 389a16d9d533. If you have any comments from back then, let me know :-) Volker
* s3: Remove smb_pam_accountcheck from the auth modulesVolker Lendecke2010-08-191-15/+2
| | | | | We go through the same check in auth/auth.c line 287 after the module has done its job. So we don't have to do that check twice.
* s3:auth Whitespace fixes after auth mergeAndrew Bartlett2010-08-141-17/+17
|
* s3:auth Make Samba3 use the new common struct auth_usersupplied_infoAndrew Bartlett2010-08-141-2/+2
| | | | | | | | | | | | | This common structure will make it much easier to produce an auth module for s3compat that calls Samba4's auth subsystem. In order the make the link work properly (and not map twice), we mark both that we did try and map the user, as well as if we changed the user during the mapping. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-secrets: only include secrets.h when needed.Günther Deschner2010-08-051-0/+1
| | | | Guenther
* s3:auth Rename user_info->domain -> user_info->mapped.domain_nameAndrew Bartlett2010-06-071-11/+11
| | | | | | | This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
* s3:auth Rename user_info->client_domain -> user_info->client.domain_nameAndrew Bartlett2010-06-071-2/+2
| | | | | | | This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
* s3:auth Rename user_info->internal_username -> user_info->mapped.account_nameAndrew Bartlett2010-06-071-2/+2
| | | | | | | This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
* s3:auth Rename user_info->smb_name -> user_info->client.account_nameAndrew Bartlett2010-06-071-4/+4
| | | | | | | This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
* s3:auth Rename wksta_name -> workstation_name in auth_usersupplied_infoAndrew Bartlett2010-06-011-1/+1
|
* s3:auth make it easier to trace auth modulesSimo Sorce2010-05-291-0/+4
|
* s3-rpc_client: move protos to cli_netlogon.hGünther Deschner2010-05-181-0/+1
| | | | Guenther
* s3: only include gen_ndr headers where needed.Günther Deschner2010-05-061-0/+1
| | | | | | | | | | | | | | | | | This shrinks include/includes.h.gch by the size of 7 MB and reduces build time as follows: ccache build w/o patch real 4m21.529s ccache build with patch real 3m6.402s pch build w/o patch real 4m26.318s pch build with patch real 3m6.932s Guenther
* s3: Remove the make_auth_methods routineVolker Lendecke2010-04-111-6/+14
| | | | This was just TALLOC_ZERO_P
* s3: Fix some nonempty linesVolker Lendecke2010-04-111-11/+11
|
* s3: Remove the typedef for "auth_serversupplied_info"Volker Lendecke2010-01-101-3/+3
|
* s3: Remove the typedef for "auth_usersupplied_info"Volker Lendecke2010-01-101-3/+3
|
* s3-passdb: cleanup some callers of pdb_get_trusteddom_pw().Günther Deschner2009-11-031-3/+1
| | | | Guenther
* s3: use enum netr_SchannelType all over the place.Günther Deschner2009-10-131-1/+1
| | | | Guenther
* s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags.Günther Deschner2009-09-151-1/+1
| | | | Guenther
* s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel().Günther Deschner2009-09-111-1/+1
| | | | Guenther
* Rework Samba3 to use new libcli/auth code (partial)Andrew Bartlett2009-04-141-0/+1
| | | | | | | | | | | This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
* Simply our main loop processing. A lot :-). Correctly use events for all the ↵Jeremy Allison2008-10-031-0/+65
| | | | | | | | previous "special" cases. A step on the way to adding signals to the events and being able to merge the S3 event system with the S4 one. Jeremy.
* Refactoring: Change calling conventions for cli_rpc_pipe_open_schannelVolker Lendecke2008-07-201-2/+3
| | | | | Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 1fcfca007f33a2c4e979abf30c2ea0db65bac718)
* Refactoring: Change calling conventions for cli_rpc_pipe_open_noauthVolker Lendecke2008-07-201-2/+3
| | | | | Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779)
* Rename server_info->was_mapped to server_info->nss_tokenVolker Lendecke2008-05-071-3/+1
| | | | | | "nss_token" from my point of view much better reflects what this flag actually represents (This used to be commit b121a5acb2ef0bb3067d953b028696175432f10d)
* Fix NETLOGON credential chain with Windows 2008 all over the place.Günther Deschner2008-04-021-1/+1
| | | | | | | | | | | | In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8 netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate flags everywhere (not only when running in security=ads). Only for NT4 we need to do a downgrade to the returned negotiate flags. Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6. Guenther (This used to be commit 0970369ca0cb9ae465cff40e5c75739824daf1d0)
* Fix bug 5317Volker Lendecke2008-03-141-1/+1
| | | | | Thanks to oster@cs.usask.ca (This used to be commit f18a80575921a241c7243c5af5a0101a2956ff17)
* Use a separate tdb for mutexesVolker Lendecke2008-03-101-7/+9
| | | | | | | | Another preparation to convert secrets.c to dbwrap: The dbwrap API does not provide a sane tdb_lock_with_timeout abstraction. In the clustered case the DC mutex is needed per-node anyway, so it is perfectly fine to use a local mutex only. (This used to be commit f94a63cd8f94490780ad9331da229c0bcb2ca5d6)
generated by cgit (git 2.34.1) at 2024-06-20 01:15:24 +0000