summaryrefslogtreecommitdiffstats
path: root/source3/auth/auth_sam.c
Commit message (Collapse)AuthorAgeFilesLines
* auth: Provide a way to use the auth stack for winbindd authenticationAndrew Bartlett2014-06-111-1/+1
| | | | | | | | | | | | | | This adds in flags that allow winbindd to request authentication without directly calling into the auth_sam module. That in turn will allow winbindd to call auth_samba4 and so permit winbindd operation in the AD DC. Andrew Bartlett Change-Id: I27d11075eb8e1a54f034ee2fdcb05360b4203567 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth: Ensure auth_sam is not used on the AD DCAndrew Bartlett2013-05-161-0/+7
| | | | | | | Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu May 16 22:51:26 CEST 2013 on sn-devel-104
* s3-talloc Change TALLOC_ZERO_P() to talloc_zero()Andrew Bartlett2011-06-091-2/+2
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_P isn't standard talloc.
* s3-auth: run minimal_includes.plGünther Deschner2011-05-051-1/+0
| | | | Guenther
* s3-auth: use auth.h where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3:auth Rename user_info->domain -> user_info->mapped.domain_nameAndrew Bartlett2010-06-071-4/+4
| | | | | | | This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
* s3:auth Rename user_info->internal_username -> user_info->mapped.account_nameAndrew Bartlett2010-06-071-1/+1
| | | | | | | This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
* s3:auth make it easier to trace auth modulesSimo Sorce2010-05-291-0/+2
|
* s3: Move check_sam_security to auth/check_sam.cVolker Lendecke2010-04-111-485/+0
|
* s3: Make check_sam_security publicVolker Lendecke2010-04-111-20/+28
|
* s3: Replace "auth_context" by "challenge" in need_to_increment_bad_pw_count argsVolker Lendecke2010-04-111-5/+5
|
* s3: Replace "auth_context" by "challenge" in sam_password_ok argsVolker Lendecke2010-04-111-7/+10
|
* s3: Remove the make_auth_methods routineVolker Lendecke2010-04-111-6/+14
| | | | This was just TALLOC_ZERO_P
* s3:auth: fix account unlock regression introduced with fix for bug #4347Michael Adam2010-01-141-7/+5
| | | | | | | | By an oversight, the patchset for #4347 made the unlocking of a locked account after the lockout duration ineffective. Thanks to Björn for finding this! Michael
* s3:auth: add comment to nulling out stolen sampassMichael Adam2010-01-121-0/+4
| | | | | | | | | | Adding this comment makes me think, I could also have changed make_server_info_sam() talloc_move instead of talloc_steal, but that would have changed the signature... Well the comment is a first step. :-) Michael
* s3: Remove the typedef for "auth_serversupplied_info"Volker Lendecke2010-01-101-2/+2
|
* s3: Remove the typedef for "auth_usersupplied_info"Volker Lendecke2010-01-101-5/+5
|
* s3:auth: don't update the bad pw count if pw is among last 2 history entriesMichael Adam2010-01-071-1/+73
| | | | | | | | | This conforms to the behaviour of Windows 2003: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx This is supposed to fixes Bug #4347 . Michael
* s3:auth:check_sam_security: introduce a bool var to control pad_pw_count ↵Michael Adam2010-01-071-1/+7
| | | | | | | | incrementation This is a preparatory patch for the last part in fixing bug #4347 . Michael
* s3:auth:check_sam_security: improve calling and logging of ↵Michael Adam2010-01-071-4/+16
| | | | | | | | | pdb_update_sam_account Log what went wrongl, and also call pdb_update_sam_account inside become_root/unbecome_root: do the logging outside. Michael
* s3:auth:check_sam_security: fix a leading tab/ws mixupMichael Adam2010-01-071-1/+1
| | | | Michael
* s3:auth:check_sam_security: create (and use) a common exit pointMichael Adam2010-01-071-11/+7
| | | | | | for use after sam_password_ok() has been called. Michael
* s3:auth:check_sam_security: null out sampass after it has been stolen.Michael Adam2010-01-071-0/+1
| | | | | | | | So that a later talloc_free would not harm. I could have used talloc_move instead of talloc steal in make_server_info_sam(), but this would have required a change of the signature. Michael
* s3:auth:sam_password_ok: take username, acct_ctrl and nt/lm hashes, not sampassMichael Adam2010-01-071-14/+20
| | | | | | | | This is in preparation to extending check_sam_security to also check against the password history before updating the bad password count. This way, sam_password_ok can more easily be reused for that purpose. Michael
* s3:auth: use data_blob_null instead of data_blob(NULL, 0) in sam_password_ok()Michael Adam2010-01-071-2/+2
| | | | | | | This way it is more explicit that there is no allocated data here that may leak. Michael
* s3:auth:sam_password_ok: fix allocation of a data blob.Michael Adam2010-01-071-1/+1
| | | | | | | | | | | | data_blob(mem_ctx, 16) does not use mem_ctx as a talloc ctx but copies 16 bytes from mem_ctx into the newly allocated data blob. This can not have been intentional. A blank uint8_t array of length 16 is allocated by passing NULL instead of mem_ctx. And using data_blob_talloc(mem_ctx, NULL, 16) adds the allocated blank 16 byte array to mem_ctx - so this is what must have been intended. Michael
* s3:auth:sam_password_ok: enhance readability (imho) by adding some pointersMichael Adam2010-01-071-17/+24
| | | | | | and removing bool variables and several checks. Michael
* s3:check_sam_security: untangle assignment from statementMichael Adam2010-01-071-1/+2
| | | | Michael
* s3:auth: Fix typo in debug message.Karolin Seeger2009-12-071-2/+2
| | | | Karolin
* Tidyup prompted by #6554 - Wrong deallocation in sam_account_ok.Jeremy Allison2009-07-161-2/+3
| | | | Jeremy.
* s3:auth Fix segfault: Always initialise returned session keysAndrew Bartlett2009-04-191-1/+3
|
* Make Samba3 use the new common libcli/auth codeAndrew Bartlett2009-04-141-8/+42
| | | | | This is particuarly in the netlogon client (but not server at this stage)
* Rework Samba3 to use new libcli/auth code (partial)Andrew Bartlett2009-04-141-0/+1
| | | | | | | | | | | This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
* Fix some nonempty blank linesVolker Lendecke2009-02-101-9/+9
|
* Cope with changed signature of http_timestring().Jelmer Vernooij2008-10-111-1/+1
|
* Fix bug #5555. Don't return NT_STATUS_PASSWORD_MUST_CHANGE error on machine ↵Jeremy Allison2008-06-241-2/+3
| | | | | | | account logon. Jeremy. (This used to be commit 10da498a2349bf5944183adf5a9284eafa2b8b74)
* Rename server_info->was_mapped to server_info->nss_tokenVolker Lendecke2008-05-071-1/+1
| | | | | | "nss_token" from my point of view much better reflects what this flag actually represents (This used to be commit b121a5acb2ef0bb3067d953b028696175432f10d)
* Fix crash bug in check_sam_security() when make_server_info_sam() did aGünther Deschner2008-03-201-1/+0
| | | | | | | talloc_steal and talloc_free on the sam account already. Guenther (This used to be commit dbc7237a8a566f3e86bd6e4b48593b93c5bfb94e)
* Fix typo.Karolin Seeger2008-02-051-1/+1
| | | | | Karolin (This used to be commit 906e19bad40ba0c0a473ec2601e9eb0fff169f83)
* Remove next_token - all uses must now be next_token_talloc.Jeremy Allison2007-12-071-7/+8
| | | | | | No more temptations to use static length strings. Jeremy. (This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de)
* RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison2007-10-181-5/+5
| | | | | | | | bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
* r25401: BUG 4982: Don't delete lanman hashes on invalid logins whenGerald Carter2007-10-101-4/+6
| | | | | using the "lanman auth = no". Tested by Guenter Kukkukk. (This used to be commit 611fdd95a583ebd22ffa17e2f39c5a1bb0936c63)
* r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell2007-10-101-2/+1
| | | | (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
* r23779: Change from v2 or later to v3 or later.Jeremy Allison2007-10-101-1/+1
| | | | | Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
* r23358: Fix from Justin Maggard <jmaggard@infrant.com> - ensure we don'tJeremy Allison2007-10-101-1/+1
| | | | | | expire a password if it's explicitly set as ACB_PWNOTREQ. Jeremy. (This used to be commit 2ea5a6bd334e31201aa6f93f5c51e42924d36ebd)
* r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; andVolker Lendecke2007-10-101-2/+2
| | | | | replace all data_blob(NULL, 0) calls. (This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
* r22022: - Clarify the commentsAndrew Bartlett2007-10-101-2/+2
| | | | | | | | | - make sure never to free an uninitialised variable - ensure to free result on getpwnam_alloc failure Andrew Bartlett (This used to be commit 5fe3328e66661371182cc1c3b6e239797c3b4f93)
* r22020: Make it more clear that both the vuser struct and it's contents areAndrew Bartlett2007-10-101-1/+1
| | | | | | | | | | talloc_free()'ed at the end of a session. Rework the passwd cache code to use talloc_unlink and talloc_reference, to more carefully manage the cache. Andrew Bartlett (This used to be commit e3e0ec25e67308de314aa61852905ee42aa2c8fe)
* r19058: Implement "user cannot change password", and complete "user must changeJim McDonough2007-10-101-1/+1
| | | | | | | | | | | | | password at next logon" code. The "password last set time" of zero now means "user must change password", because that's how windows seems to use it. The "can change" and "must change" times are now calculated based on the "last set" time and policies. We use the "can change" field now to indicate that a user cannot change a password by putting MAX_TIME_T in it (so long as "last set" time isn't zero). Based on this, we set the password-can-change bit in the faked secdesc. (This used to be commit 21abbeaee9b7f7cff1d34d048463c30cda44a2e3)
* r16230: Fix Klocwork #861 and others. localtime and asctimeJeremy Allison2007-10-101-3/+18
| | | | | | can return NULL. Ensure we check all returns correctly. Jeremy. (This used to be commit 6c61dc8ed6d84f310ef391fb7700e93ef42c4afc)
generated by cgit (git 2.34.1) at 2024-06-22 13:00:04 +0000