samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00

Author	SHA1	Message	Date
Andrew Bartlett	26c0eb623f	auth: Split out badPwdCount update into a helper function This will allow password_hash to call this using dsdb_module_*() functions. Andrew Bartlett Change-Id: Ib6705300f3f12f4e5e9c73bfd041e6f72bb3ac4a Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2014-04-02 17:12:47 +02:00
Andrew Bartlett	7e653f5ae2	s4-auth: Add authsam_zero_bad_pwd_count to zero out badPwdCount and lockoutTime on successful login Change-Id: I2530f08a91f9b6484203dbdaba988f2df1a04ea1 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2014-04-02 17:12:47 +02:00
Andrew Bartlett	0f3dd921b3	s4-auth: Rework memory handling to use a tmp_ctx Change-Id: Iceb4a04dbd04f581d2bbade86213c8ecfa35d306 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2014-04-02 17:12:47 +02:00
Andrew Bartlett	3f07737fd4	s4:auth: Add password lockout support to the AD DC Including a fix by Arvid Requate <requate@univention.de> Change-Id: I25d10da50dd6119801cd37349cce970599531c6b Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2014-04-02 17:12:46 +02:00
Andrew Bartlett	a0de929009	dsdb: Put password lockout support in samdb_result_passwords() This seems to be the best choke point to check for locked out accounts, as aside from the KDC, all the password authentication and change callers use it. Andrew Bartlett Change-Id: I0f21a79697cb8b08ef639445bd05a896a2c9ee1b Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2014-04-02 17:12:46 +02:00
Andrew Bartlett	6f8fb163e0	dsdb: Rework samdb_result_acct_flags to use either userAccountControl or msDS-User-Account-Control-Computed This allows us to avoid the domain lookup in the constructed attribute when not required. By using msDS-User-Account-Control-Computed the lockout and password expiry checks are now handled in the operational ldb module. Andrew Bartlett Change-Id: I6eb94933e4602e2e50c2126062e9dfa83a46191b Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2014-04-02 17:12:46 +02:00
Stefan Metzmacher	9a36fabde0	s4:auth/sam: use a higher time resolution in authsam_account_ok() Change-Id: I2961e7311f31e239a6768f56437e5c112a7a9bb0 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-04-02 17:12:46 +02:00
Andrew Bartlett	60024cdd73	kerberos: Map KRB5KDC_ERR_CLIENT_REVOKED to NT_STATUS_ACCOUNT_LOCKED_OUT Change-Id: I333083e11a56d0f99ec36df25a96804d0ff2d110 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2014-04-02 17:12:46 +02:00
Stefan Metzmacher	daf6d0fb28	s4:auth/gensec: explicitly use allow_warnings=True for gssapi and sasl modules Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-04-02 09:03:46 +02:00
Stefan Metzmacher	fbc991c2e1	s4:auth/ntlm: add auth4_sam_init() prototype to avoid a warning Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-04-02 09:03:43 +02:00
Stefan Metzmacher	e1d5b8a734	s4:auth: avoid str_list related const warnings Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-04-02 09:03:43 +02:00
Stefan Metzmacher	876f0e03de	s4:auth/gensec: fix declaration after code warning in gensec_tstream.c Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-04-02 09:03:43 +02:00
Stefan Metzmacher	04c8c65e4c	s4:auth/gensec: include gensec_krb5_util.h in gensec_krb5_util.c This avoids missing prototype warnings. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-04-02 09:03:43 +02:00
Stefan Metzmacher	2103c373b4	auth/gensec: remove tevent_context argument from gensec_update() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-03-27 00:36:32 +01:00
Stefan Metzmacher	40cf17eee2	s4:pygensec: don't pass an explicit tevent_context to gensec_update() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-03-27 00:36:31 +01:00
Garming Sam	0b8213ae1c	Remove all uses of the NT_STATUS_NOT_OK_RETURN_AND_FREE macro from the codebase. Following the current coding guidelines, it is considered bad practice to return from within a macro and change control flow as they look like normal function calls. Change-Id: I421e169275fe323e2b019c6cc5d386289aec07f7 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-03-05 16:33:22 +01:00
Garming Sam	d2beff59ec	Remove the remaining uses of the macro NT_STATUS_HAVE_NO_MEMORY_AND_FREE in the codebase. Following the current coding guidelines, it is considered bad practice to return from within a macro and change control flow as they look like normal function calls. Change-Id: Id1b540cde127395a7b27385a7c0fe79f3a145c73 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-03-05 16:33:21 +01:00
Garming Sam	952bc3cad0	Remove a number of NT_STATUS_HAVE_NO_MEMORY_AND_FREE macros from the codebase. Following the current coding guidelines, it is considered bad practice to return from within a macro and change control flow as they look like normal function calls. Change-Id: I133eb5a699757ae57b87d3bd3ebbcf5b556b0268 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-03-05 16:33:21 +01:00
Volker Lendecke	13affa6109	auth4: Remove unused wbc_context Signed-off-by: Volker Lendecke <vl@samba.org> Change-Id: I07d9f7d8028429564d91da39f8d1e73cc13a646c Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-03-05 16:33:21 +01:00
Volker Lendecke	aa048f6e16	auth4: Do not generate just a temporary wbc_context Signed-off-by: Volker Lendecke <vl@samba.org> Change-Id: I16e116d7f1fdaf165e1239c10723c51f3828126d Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-03-05 16:33:21 +01:00
Volker Lendecke	b2c1394e04	auth4: auth_session_info_fill_unix only needs a tevent_context Signed-off-by: Volker Lendecke <vl@samba.org> Change-Id: Id453d68f57bd1dd15aa5778b317d258a6132d3d6 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-03-05 16:33:21 +01:00
Volker Lendecke	6edf7a3746	auth4: security_token_to_unix_token only needs a tevent_context Signed-off-by: Volker Lendecke <vl@samba.org> Change-Id: I27e5b38fcd3ac899c55c0632ea5d92fad686d9b1 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-03-05 16:33:21 +01:00
Volker Lendecke	7289d1c30b	source4: Use wbc_sids_to_xids Signed-off-by: Volker Lendecke <vl@samba.org> Change-Id: I86ea6587c436247ce66207c517f9c8d567ecac1d Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-03-05 16:33:21 +01:00
Volker Lendecke	c4efff1013	Revert "source4: Use wbc_sids_to_xids" This reverts commit de7122ddc356697777cce95d22b3fab7697b30db. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-02-18 10:29:24 +01:00
Volker Lendecke	c8fd40c1b6	Revert "auth4: security_token_to_unix_token only needs a tevent_context" This reverts commit 1de725c2926b526200032c4f46132c17533986c7. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-02-18 10:29:07 +01:00
Volker Lendecke	cb5d5ee247	Revert "auth4: auth_session_info_fill_unix only needs a tevent_context" This reverts commit 75d7c4609c1c743f84ca9f2d0666aece9e5200d4. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-02-18 10:29:04 +01:00
Volker Lendecke	97c6fd4010	Revert "auth4: Do not generate just a temporary wbc_context" This reverts commit 5124a9e1183de990ca3146cd355152094495a779. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-02-18 10:29:01 +01:00
Volker Lendecke	279ee16254	Revert "auth4: Remove unused wbc_context" This reverts commit 6b04558c5e0547a807ac0fcb5eeb1085cfe602ac. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-02-18 10:28:41 +01:00
Stefan Metzmacher	6f527c8706	s4:auth/gensec: only include "librpc/gen_ndr/dcerpc.h" We only need some DCERPC_ defines. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2014-02-13 11:54:13 +01:00
Volker Lendecke	6b04558c5e	auth4: Remove unused wbc_context Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Kai Blin <kai@samba.org>	2014-02-10 10:57:42 +01:00
Volker Lendecke	5124a9e118	auth4: Do not generate just a temporary wbc_context Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Kai Blin <kai@samba.org>	2014-02-10 10:57:25 +01:00
Volker Lendecke	75d7c4609c	auth4: auth_session_info_fill_unix only needs a tevent_context Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Kai Blin <kai@samba.org>	2014-02-10 10:57:22 +01:00
Volker Lendecke	1de725c292	auth4: security_token_to_unix_token only needs a tevent_context Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Kai Blin <kai@samba.org>	2014-02-10 10:57:18 +01:00
Volker Lendecke	de7122ddc3	source4: Use wbc_sids_to_xids Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Kai Blin <kai@samba.org>	2014-02-10 10:57:04 +01:00
Matthias Dieter Wallnöfer	0c2fbe5a0c	samba:python - Py_RETURN_NONE remove compatibility code for releases < 2.4 http://www.python.org/doc//current/c-api/none.html Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date(master): Thu Jan 9 16:27:47 CET 2014 on sn-devel-104	2014-01-09 16:27:47 +01:00
Stefan Metzmacher	54b5b3067f	s4:gensec_gssapi: make sure gensec_gssapi_[un]seal_packet() rejects header signing If header signing is requested we should error out instead of silently ignoring it, our peer would hopefully reject it, but we should also do that. TODO: we should implement header signing using gss_wrap_iov(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 00:27:11 +01:00
Stefan Metzmacher	14f6c41754	s4:auth/gensec_gssapi: handle GENSEC_FEATURE_SIGN_PKT_HEADER in have_feature() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 00:27:11 +01:00
Matthieu Patou	9c1c3bb4ec	auth-kerberos: add the credentials.h so that enum credentials_obtained is defined We had a warning about the enum being defined in the parameter list: warning: ‘enum credentials_obtained’ declared inside parameter list Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Sun Oct 27 02:25:47 CET 2013 on sn-devel-104	2013-10-27 02:25:46 +01:00
Volker Lendecke	13495c7eb3	auth4: Remove an unused variable Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2013-10-15 10:58:23 +13:00
Günther Deschner	4d2ec9e37e	gensec: move schannel module to toplevel. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2013-09-19 11:08:44 +02:00
Stefan Metzmacher	71c63e85e7	auth/gensec: introduce gensec_internal.h We should treat most gensec related structures private. It's a long way, but this is a start. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2013-08-10 09:19:02 +02:00
Stefan Metzmacher	e90e1b5c76	s4:gensec/schannel: only require librpc/gen_ndr/dcerpc.h We just need DCERPC_AUTH_TYPE_SCHANNEL Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2013-08-10 09:19:01 +02:00
Stefan Metzmacher	9b9ab1ae69	s4:gensec/schannel: there's no point in having schannel_session_key() gensec_session_key() will return NT_STATUS_NO_USER_SESSION_KEY before calling schannel_session_key(), as we don't provide GENSEC_FEATURE_SESSION_KEY. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2013-08-10 09:19:01 +02:00
Stefan Metzmacher	a07049a839	s4:gensec/schannel: GENSEC_FEATURE_ASYNC_REPLIES is not supported There's a sequence number attached to the connection, which needs to be incremented with each message... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2013-08-10 09:19:01 +02:00
Stefan Metzmacher	b510476822	s4:gensec/schannel: use the correct computer_name from netlogon_creds_CredentialState We need to use the same computer_name we used in the netr_Authenticate3 request. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2013-08-10 09:19:00 +02:00
Stefan Metzmacher	49f347eb11	s4:gensec/schannel: simplify the code by using netsec_create_state() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2013-08-10 09:19:00 +02:00
Stefan Metzmacher	4cad5dcb6d	s4:gensec/schannel: remove unused dcerpc_schannel_creds() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2013-08-10 09:18:59 +02:00
Andrew Bartlett	9430310dc3	gensec: Make the no-hostname status message much less scary Reviewed-by: Stefan Metzmacher <metze@samba.org>	2013-05-16 19:02:00 +02:00
Karolin Seeger	30be42073a	source4/auth/kerberos/kerberos-notes.txt: Fix typo. Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2013-05-15 21:04:42 -07:00
Andreas Schneider	ceb1d8b84a	gensec: recv_handler can't be NULL at that point. We probably want to segfault here if it is NULL. Reviewed-by: David Disseldorp <ddiss@samba.org>	2013-03-05 23:30:05 +01:00

1 2 3 4 5 ...

1699 Commits