sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Code
106,773 Commits 60 Branches 1,144 Tags 452 MiB
5b87e915dc
Commit Graph

212 Commits

Author SHA1 Message Date
Volker Lendecke
4e4228bd5d s3: Remove unused arg "user_sid" from winbindd_store_creds 
All callers have passed in NULL
 2010-09-09 06:19:23 +02:00
Volker Lendecke
4f0b190a30 s3: "== false" looks wrong :-) 2010-09-08 15:31:33 -07:00
Andrew Bartlett
8c15cf54ae s3-auth Rename NT_USER_TOKEN user_sids -> sids 
This is closer to the struct security_token from security.idl
 2010-08-31 10:20:14 +10:00
Andrew Bartlett
70211ea6a3 s3:auth Change winbindd -> auth interface to more standard structures 
This removes conversions to and from the source3 varient of the
server_info structure when replaced in s3compat, and presents a tidier
interface to winbindd in any case.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-08-14 11:58:13 +10:00
Andrew Bartlett
23994e1b53 s3:auth Make Samba3 use the new common struct auth_usersupplied_info 
This common structure will make it much easier to produce an auth
module for s3compat that calls Samba4's auth subsystem.

In order the make the link work properly (and not map twice), we mark
both that we did try and map the user, as well as if we changed the
user during the mapping.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-08-14 11:58:13 +10:00
Günther Deschner
257a1f1097 s3-krb5: include krb5pac.h where needed. 
Guenther
 2010-08-06 15:43:37 +02:00
Günther Deschner
e7a6a3ec0d s3: avoid global include of ads.h. 
Guenther
 2010-08-05 00:32:02 +02:00
Jeremy Allison
b7f029016a We should be using the winbindd separator in this case, not hardcoding a \\ value. 
Jeremy.
 2010-07-29 13:54:22 -07:00
Günther Deschner
0da5e15378 s3-winbindd: route samr chgpwd ops for own domain over internal samr pipe as well. 
Guenther
 2010-07-07 16:49:26 +02:00
Günther Deschner
bcd4077be6 s3: remove unused librpc/ndr/sid.c. 
Guenther
 2010-06-03 01:07:17 +02:00
Günther Deschner
2807ab358e s3-samr: move chgpasswd.c out of smbd and into the samr server. 
Guenther
 2010-05-26 22:17:02 +02:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid 
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-21 10:39:59 +02:00
Günther Deschner
5ed3654112 s3-rpc_client: move protos to cli_netlogon.h 
Guenther
 2010-05-18 21:42:37 +02:00
Günther Deschner
3f2719c202 s3-rpc_client: move protos to cli_samr.h 
Guenther
 2010-05-18 21:42:32 +02:00
Jelmer Vernooij
b8268cf7b0 s3: Remove use of iconv_convenience. 2010-05-18 11:45:31 +02:00
Günther Deschner
1d2dd47d31 s3-crypto: only include crypto headers when crypto is done. 
Guenther
 2010-05-18 00:44:27 +02:00
Günther Deschner
3b529d50be s3-rpc_misc: clean out include/rpc_misc.h. 
Well known rids don't really belong into an rpc header, just use the ones
defined in security.idl.

Guenther
 2010-05-18 00:44:26 +02:00
Andrew Bartlett
454b0b3f20 s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATA 
All the callers just want the PAC_LOGON_INFO, so search for that in
ads_verify_ticket(), and don't bother the callers with the rest of the
PAC.

This change makes sense on it's own (removing boilerplate wrappers
that just confuse the code), but it also makes it much easier to
implement a matching ads_verify_ticket() function in Samba4 for the
s3compat proposal.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-11 22:52:37 +02:00
Günther Deschner
c6ebab846d s3: only include gen_ndr headers where needed. 
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time
as follows:

ccache build w/o patch
real    4m21.529s
ccache build with patch
real    3m6.402s

pch build w/o patch
real    4m26.318s
pch build with patch
real    3m6.932s

Guenther
 2010-05-06 00:22:59 +02:00
Volker Lendecke
685b4625bc s3: Fix the code order in append_auth_data 
This is to comply with the comment

"currently, anything from here on potentially overwrites extra_data."

Günther, please check!
 2010-05-02 15:15:56 +02:00
Volker Lendecke
7099a3c446 s3: Allow pdb password change using WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP 2010-04-23 23:41:05 +02:00
Volker Lendecke
6eec46ec44 s3: replace some data_blob_talloc by data_blob_const 2010-04-23 23:41:04 +02:00
Volker Lendecke
f2f0fed8aa s3: Convert WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP to the new async API 2010-04-23 23:41:04 +02:00
Volker Lendecke
56b4aa3266 s3: Move the in-memory ccache to the parent 
None of this blocks, so there is no reason to keep this in
a winbind child process
 2010-04-19 14:27:24 +02:00
Volker Lendecke
9d0629d155 s3-winbind: Allow changing the password for pdb 2010-04-19 14:27:20 +02:00
Volker Lendecke
45eeed2893 s3: Convert WINBINDD_PAM_LOGOFF to the new async API 2010-04-19 14:27:20 +02:00
Volker Lendecke
518a4f5423 s3: Convert WINBINDD_PAM_CHAUTHTOK to the new async API 2010-04-19 14:27:20 +02:00
Volker Lendecke
d869e7a0d8 s3: Convert WINBINDD_PAM_AUTH_CRAP to the new async API 2010-04-19 14:27:19 +02:00
Volker Lendecke
61ec0f571a s3: Convert WINBINDD_PAM_AUTH to the new async API 2010-04-19 14:27:19 +02:00
Volker Lendecke
577bceb19b s3-winbind: Authenticate SAM users 2010-04-13 21:21:34 +02:00
Volker Lendecke
59d68899c4 s3: Use sizeof(chal) instead of a constant 2010-04-11 15:28:39 +02:00
Volker Lendecke
b91484a1a0 s3: Cosmetics -- I could not spot where "chal" was initialized 2010-04-11 11:15:44 +02:00
Volker Lendecke
f73e480e19 s3: Remove domain selection from dual_pam_auth 
We're in a child, the parent already has chosen the domain by
picking the right child to connect to.

Metze, you've done work on winbind lately, so it goes to you:

Please check :-)
 2010-04-10 22:42:25 +02:00
Volker Lendecke
3475c61179 s3: Ensure NULL termination before printing in winbindd_pam_logoff 2010-04-01 16:34:01 +02:00
Volker Lendecke
64c564291d s3: Fix a typo in winbindd_pam_logoff 2010-04-01 15:14:09 +02:00
Volker Lendecke
0e3f031e59 s3: Fix an error message in winbindd_pam_chauthtok() 2010-03-31 22:07:39 +02:00
Volker Lendecke
15d58f688f s3: Ensure null termination in winbindd_pam_chauthtok() 2010-03-31 22:07:38 +02:00
Volker Lendecke
6d9b2e62cb s3: Make check_info3_in_group static 2010-03-31 21:03:07 +02:00
Volker Lendecke
cf4a8f7639 s3-winbind: Make append_auth_data() static 2010-03-31 21:03:06 +02:00
Stefan Metzmacher
4c6cde99c0 s3:winbindd: correctly retry if the netlogon pipe gets disconnected during a logon call 
This fixes hopefully the last part of bug #7295.

metze
 2010-03-29 22:15:13 +02:00
Lars Müller
94074eb2e6 s3: go straight to winbindd_dual_pam_auth() in case of !NT_STATUS_OK 
At the formerly used process_result statement we have alone one
NT_STATUS_IS_OK() which never could be hit in our case as we only go here
if NT_STATUS_EQUAL is not ok.
 2010-02-17 19:00:01 +01:00
Volker Lendecke
3ea64e0ad8 s3: Replace most calls to sid_append_rid() by sid_compose() 2010-01-10 20:56:16 +01:00
Günther Deschner
04f8c229de s3-kerberos: only use krb5 headers where required. 
This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.

Guenther
 2009-11-27 16:36:00 +01:00
Günther Deschner
3d679a3b5f s3-rpc: Avoid including every pipe's client and server stubs everywhere in samba. 
Guenther
 2009-11-26 20:03:17 +01:00
Günther Deschner
5e26622510 s3-kerberos: add impersonate_principal for kerberos_return_pac_X calls. 
Guenther
 2009-11-06 12:44:15 +01:00
Bo Yang
dde1c42003 s3: Fix kerberos refresh chain. 
Signed-off-by: Bo Yang <boyang@samba.org>
 2009-11-06 08:24:51 +08:00
Jeremy Allison
1c1a883bd0 Fix the build, missing ->. 
Jeremy.
 2009-10-14 12:36:02 -07:00
Jeremy Allison
ce4542fbde Final part of fix for bug 6793 - winbindd crash with "INTERNAL ERROR: Signal 6" 
Don't use mapped_user uninitialized.
Jeremy.
 2009-10-14 11:16:03 -07:00
Volker Lendecke
db29d3eb40 s3:winbind: Fix bug 6793 -- segfault in winbindd_pam_auth 2009-10-14 11:14:57 -07:00
Matthias Dieter Wallnöfer
607ceff234 s3/s4 - Adapt the IDL changes on various locations 2009-10-08 09:50:19 +02:00
Volker Lendecke
80ef513e90 s3:winbind: remove a pointless initialization 2009-09-28 19:50:51 +02:00
Volker Lendecke
dc8538b405 s3:winbind: Make check_info3_in_group, sanitize its memory handling 2009-09-28 17:54:20 +02:00
Volker Lendecke
f18d0b036c s3:winbind: Make "check_request_flags" publically available 2009-09-28 17:54:20 +02:00
Volker Lendecke
def5bf57c5 s3:winbind: Sanitize the args for find_auth_domain: It only needs the flags 2009-09-28 17:54:20 +02:00
Volker Lendecke
93db77adcb s3:winbind: Make append_data publically available as append_auth_data 2009-09-28 17:54:20 +02:00
Volker Lendecke
0cfc2f19ef s3:winbind: Use fstr_sprintf, it is simpler than talloc_asprintf->fstrcpy 2009-09-05 17:14:45 +02:00
Volker Lendecke
c52fa95b95 s3:winbind: Remove pointless <cond> ? true : false; 2009-09-05 17:05:30 +02:00
Volker Lendecke
1abf692312 s3:winbind: Make the pam_auth subfunctions static 2009-09-05 17:00:21 +02:00
Volker Lendecke
97ba4f6efd Make winbindd_cli_state->response a pointer instead of a struct member 
Same comment as in baa6084378: This is just a preparatory checkin.

Volker
 2009-06-14 22:22:10 +02:00
Volker Lendecke
baa6084378 Make winbindd_cli_state->request a pointer instead of a struct member 
In itself, this is pretty pointless. But in the next steps I'll convert the
winbind internal communication to wb_reqtrans which allocates the request
properly. This minimizes the later diff.

Volker
 2009-06-14 11:25:44 +02:00
Volker Lendecke
3fa69438b9 Convert response.extra_data.data from malloc to talloc 2009-05-12 18:02:00 +02:00
Jeremy Allison
b4c9cfb2af Fix a bunch of compiler warnings about wrong format types. 
Should make Solaris 10 builds look cleaner.
Jeremy.
 2009-05-11 21:56:57 -07:00
Andrew Bartlett
f28f113d8e Rework Samba3 to use new libcli/auth code (partial) 
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).

We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server

Andrew Bartlett
 2009-04-14 16:23:35 +10:00
Björn Jacke
f4aec7b590 ѕ3/winbind_pam: fix gcc 4.4 compile warning 2009-03-23 13:10:54 +01:00
Günther Deschner
531af136f9 s3: remove POLICY_HND. 
Guenther
 2009-03-18 23:22:29 +01:00
Günther Deschner
6a61580617 s3-winbindd: workaround for samr_ChangePasswordUser3 to User2 fallback for w2k dcs. 
Guenther
 2008-11-13 17:33:18 +01:00
Kai Blin
7d8787c915 ntlm_auth: Put huge NTLMv2 blobs into extra_data on CRAP auth. 
This fixes bug #5865
 2008-11-10 12:50:02 +01:00
Günther Deschner
c48186f507 s3: use samba4 prototype for ndr_push/pull_struct_blob. 
Guenther
 2008-09-23 09:37:23 +02:00
Gerald (Jerry) Carter
544cd1b4b9 winbindd: Update the calls to ws_name_XX() to reflect API changes. 
* Ensures that all points an which a name is received or returned
  to/from a client passes through the name aliases layer (users
  and groups).
 2008-09-16 10:27:59 -07:00
Jeremy Allison
29af730964 Fix the wcache_invalidate_samlogon calls. 
Jeremy.
(This used to be commit 7c820899ed)
 2008-08-27 17:29:10 -07:00
Günther Deschner
66fa77ba9e winbindd: move set_auth_errors to util functions. 
Guenther
(This used to be commit ae3fa60c45)
 2008-08-25 13:18:01 +02:00
Günther Deschner
477e6bb40d winbindd: consistently use false/true. 
Guenther
(This used to be commit e8619121d1)
 2008-08-19 22:01:00 +02:00
Günther Deschner
d9484d4331 winbindd: use set_auth_errors (avoid code duplication). 
Guenther
(This used to be commit ae35a5110e)
 2008-08-19 22:00:48 +02:00
Günther Deschner
4289e4b878 winbindd: fill_in_password_policy (to avoid redundant code). 
Guenther
(This used to be commit dbfa7ba14c)
 2008-08-19 22:00:36 +02:00
Günther Deschner
9f28b99ba8 winbindd: kill some trailing/leading whitespace. 
Guenther
(This used to be commit b5bb784495)
 2008-08-19 15:20:07 +02:00
Zach Loafman
06d0790c07 Fix various build warnings 
This fixes various build warnings on our platform. I'm sure I haven't
caught them all, but it's a start.
(This used to be commit 6b73f259cb)
 2008-07-22 15:00:48 +02:00
Jeremy Allison
06b3a79d1f Allow authentication and memory credential refresh after password change from gdm/xdm. Patch from boyang <boyang@novell.com>. 
Jeremy.
(This used to be commit 8cfc6afc7b)
 2008-07-07 11:26:16 -07:00
Günther Deschner
14d500c0e7 rename rpccli_samr_chgpasswd3 to rpccli_samr_chgpasswd_user3. 
Guenther
(This used to be commit b1209a039b)
 2008-06-25 23:58:50 +02:00
Günther Deschner
059293cbf4 rename rpccli_samr_chgpasswd_user to rpccli_samr_chgpasswd_user2. 
Guenther
(This used to be commit 5b4650d56c)
 2008-06-25 23:58:50 +02:00
Jeremy Allison
cfde5c8d47 Get rid of "shadowed local var" warnings with gcc. 
Jeremy.
(This used to be commit 0bc18967aa)
 2008-05-22 14:19:14 -07:00
Andrew Bartlett
154f4837b3 Add in a nice big comment explaining why SamLogonEx matters. 
Andrew Bartlett
(This used to be commit 87232351b5)
 2008-04-21 17:48:31 +02:00
Günther Deschner
bea4541e11 Use sid_array_from_info3 in lookup_usergroups_cached(). 
Guenther
(This used to be commit 65b4cb20ea)
 2008-04-04 02:53:40 +02:00
Günther Deschner
1b9c4763ee Fix typo. 
Guenther
(This used to be commit fed6443729)
 2008-03-27 18:05:02 +01:00
Gerald W. Carter
9c169e9e42 Don't fill password policy structure for any domain other than our own. 
The samr connects will fail.  This is not independent of the CONTACT_TRUSTDOM
flag neede by krb5 logins.
(This used to be commit 4de4949e3b)
 2008-03-27 11:56:29 -05:00
Günther Deschner
cba8dcf759 Move LOGON_KRB5_FAIL_CLOCK_SKEW to winbindd_pam. 
Guenther
(This used to be commit fa64c76ac8)
 2008-03-27 13:06:43 +01:00
Volker Lendecke
689cd9e101 Fix a segfault 
When we get a NT_STATUS_WRONG_PASSWORD for example, my_info3 is not initialized
at all. So first check that we have NT_STATUS_IS_OK(status) before we
dereference my_info3.
(This used to be commit 559cd9e5a7)
 2008-03-25 23:36:06 +01:00
Volker Lendecke
ca63c6e079 Merge dd9e0bea31751 from 3-0-ctdb -- use NetSamLogonEx when possible 
NetSamLogonEx has the advantage that it does not use the credential chain
(This used to be commit cfceb063f5)
 2008-03-19 17:00:53 +01:00
Stefan Metzmacher
76de025c72 winbind: use a struct element for WBFLAG_PAM_UNIX_NAME 
To not conflict with WBFLAG_PAM_INFO3_TEXT.

This should fix pam_winbind.

metze
(This used to be commit 1b8ed6c0ff)
 2008-02-28 23:00:42 +01:00
Günther Deschner
c25958a046 Use netr_SamInfo3 everywhere in winbindd. 
Guenther
(This used to be commit d9502eb753)
 2008-02-17 02:12:00 +01:00
Günther Deschner
c6f82f1cc4 Getting rid of net_io_user_info3() when sending an NDR encoded netr_SamInfo3. 
Guenther
(This used to be commit f22ba8aee2)
 2008-02-17 02:12:00 +01:00
Stefan Metzmacher
3649f728ed winbindd: add rids and other_sids arrays in WBFLAG_PAM_INFO3_TEXT mode 
metze
(This used to be commit c5e6dd1ca9)
 2008-02-13 13:30:15 +01:00
Günther Deschner
4c42f7999a Use rpccli_samr_QueryUserInfo in net and winbindd. 
Guenther
(This used to be commit a9ff676090)
 2008-02-12 18:16:56 +01:00
Günther Deschner
9c22a27aad Let rpccli_samr_chgpasswd3 use rpccli_samr_ChangePasswordUser3 internally. 
Guenther
(This used to be commit ffbfd19ad7)
 2008-02-07 10:07:00 +01:00
Günther Deschner
742fd39b7a Use rpccli_samr_QueryDomainInfo() in winbindd. 
Guenther
(This used to be commit dd9fa33e96)
 2008-02-06 02:09:44 +01:00
Michael Adam
30dcc73d96 Fix a typo in a debug message. 
Michael
(This used to be commit 3865a7e6a1)
 2008-02-04 16:42:08 +01:00
Günther Deschner
37b56c0113 Use rpccli_samr_OpenUser() all over the place. 
Guenther
(This used to be commit da90eb7653)
 2008-02-01 12:30:15 +01:00
Günther Deschner
5334b364c2 Remove rpccli_samr_close and use pidl generated function instead. 
Guenther
(This used to be commit 64f0889401)
 2008-01-31 11:09:11 +01:00
Günther Deschner
80b2e330f9 Remove include/rpc_ds.h and all references to it completly. 
Jerry, please have a look if you're fine with that.

Guenther
(This used to be commit beae25c808)
 2008-01-29 17:51:05 +01:00
Stefan Metzmacher
2b9ed4700a winbindd: remove useless strcpy 
metze
(This used to be commit df08708fc1)
 2008-01-21 13:15:10 +01:00
Günther Deschner
a92eb76688 Finally enable pidl generated SAMR & NETLOGON headers and clients. 
Guenther
(This used to be commit f7100156a7)
 2008-01-17 16:54:46 +01:00
Michael Adam
f3603d5a5a Convert add_sid_to_array() add_sid_to_array_unique() to return NTSTATUS. 
Michael
(This used to be commit 6b2b9a60ef)
 2008-01-09 01:47:10 +01:00
Michael Adam
e3bb148b94 Only retrieve password policies in pam_auth when WBFLAG_PAM_GET_PWD_POLICY is set. 
This essentially re-establishes r14496 (2155bb0535)
which was undone in r17723 (43bd8c00ab) for
reasons that are unclear to me. Maybe I am being too naive.

Now we do again only retrieve the password policy when called from
the pam_winbind module. This fixes logons delegated to AD trusted
domain controllers: We need to connect to the sam to retrieve the
password policy. But auhtenticated session setup is not possible
when contacting the trusted domain dc and afterwards, SamrConnect
also fails with whatever credentials and method used.

Michael
(This used to be commit 6d765e0de5)
 2007-12-20 02:05:55 +01:00
Volker Lendecke
2e07c2ade8 s/sid_to_string/sid_to_fstring/ 
least surprise for callers
(This used to be commit eb523ba776)
 2007-12-15 22:47:30 +01:00
Volker Lendecke
900288a2b8 Replace sid_string_static by sid_string_dbg in DEBUGs 
(This used to be commit bb35e794ec)
 2007-12-15 22:09:36 +01:00
Jeremy Allison
42cfffae80 Remove next_token - all uses must now be next_token_talloc. 
No more temptations to use static length strings.
Jeremy.
(This used to be commit ec003f3936)
 2007-12-07 17:32:32 -08:00
Jeremy Allison
6b6655edd9 Remove pstrings from everything except srv_spoolss_nt.c. 
Jeremy.
(This used to be commit 0002a9e96b)
 2007-11-27 14:35:30 -08:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting 
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
 2007-10-18 17:40:25 -07:00
Gerald (Jerry) Carter
e5a951325a [GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch. 
(This used to be commit 5c6c8e1fe9)
 2007-10-10 15:34:30 -05:00
Michael Adam
6873d5446e r25287: Eliminate a handful of red bars and overly long lines I just 
came across.

Michael
(This used to be commit bf12f0c0f8)
 2007-10-10 12:30:57 -05:00
Jeremy Allison
c1284b8eb8 r25273: unistrX_to_ascii calls pull_ucs2 - ensure it's never 
called with -1 (these calls were wrong anyway, target
was an fstring, not a pstring). Found by  Michael Adam <ma@sernet.de>,
now to check all other uses.
Michael - this version uses sizeof(target) not sizeof(fstring).
This way is more future proof.
Jeremy.
(This used to be commit 9ed3046633)
 2007-10-10 12:30:56 -05:00
Michael Adam
4fab9cf625 r25272: Fix a bunch of callers of pull_ucs2 that passed -1 for dest_len. 
Michael
(This used to be commit a4f53fe225)
 2007-10-10 12:30:56 -05:00
Stefan Metzmacher
28aa4bff8d r25154: move winbindd code into winbindd/ 
metze
(This used to be commit 3ac7566ae1)
 2007-10-10 12:30:46 -05:00