1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

160 Commits

Author SHA1 Message Date
Andreas Schneider
7e46a84bb7 s3-auth: Pass the remote_address down to user_info.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-07-04 18:28:02 +10:00
Günther Deschner
44a434a301 s3-winbind: Fix bug 7888 -- deal with buggy 3.0 based PDCs
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Jun 30 00:42:23 CEST 2011 on sn-devel-104
2011-06-30 00:42:23 +02:00
Andrew Bartlett
74eed8f3ed s3-param Remove special case for global_myname(), rename to lp_netbios_name()
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.

Andrew Bartlett
2011-06-09 12:40:09 +02:00
Jim McDonough
b58534f1fc s3-winbind: BUG 8166 - Don't lockout users when offline.
Windows does not track bad password attempts when offline.  We were locking users out but not honoring the lockout duration.

Autobuild-User: Jim McDonough <jmcd@samba.org>
Autobuild-Date: Wed May 25 18:11:10 CEST 2011 on sn-devel-104
2011-05-25 18:11:10 +02:00
Jeremy Allison
f85e095dd2 More simple const fixups. 2011-05-05 23:56:08 +02:00
Jeremy Allison
017e0c8d95 Fix simple uses of safe_strcpy -> strlcpy. Easy ones where we just remove -1. 2011-05-04 12:12:13 -07:00
Günther Deschner
0bb4701a74 s3: remove various references to server side dcerpc structs (which are not needed).
Guenther
2011-05-02 15:03:44 +02:00
Stefan Metzmacher
f7bc84409a s3:rpc_client: map fault codes to NTSTATUS with dcerpc_fault_to_nt_status()
Most fault codes have a NTSTATUS representation, so use that.

This brings the fault handling in common with the source4/librpc/rpc code,
which make it possible to share more highlevel code, between source3 and
source4 as the error checking can be the same now.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Apr 24 10:44:53 CEST 2011 on sn-devel-104
2011-04-24 10:44:53 +02:00
Günther Deschner
6e3f0d28a4 s3-includes: only include ntdomain.h where needed.
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
7e73214ebf s3-auth: use auth.h where needed.
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
235f148590 s3-passdb: use passdb headers where needed.
Guenther
2011-03-30 01:13:08 +02:00
Andreas Schneider
bf18403c81 s3-rpc_client: Move client pipe functions to own header. 2011-02-28 18:15:04 +01:00
Günther Deschner
f60398d7b2 s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945)
The benefit of this that it makes us more robust to secure channel resets
triggered from tools outside the winbind process. Long term we need to have a
shared tdb secure channel store though as well.

Guenther

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Feb  4 18:11:04 CET 2011 on sn-devel-104
2011-02-04 18:11:04 +01:00
Günther Deschner
6c20ba3f97 s3-winbind: prefer dcerpc_samr_X functions in winbindd/winbindd_pam.c.
Guenther
2011-02-02 13:30:04 +01:00
Volker Lendecke
c52c75338f s3: inline get_uid_from_state
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Jan 28 23:38:16 CET 2011 on sn-devel-104
2011-01-28 23:38:16 +01:00
Volker Lendecke
e099c91ef9 s3: Lift winbindd_cli_state from fillup_password_policy 2011-01-28 22:54:19 +01:00
Volker Lendecke
fe516a3fb7 s3: Do not use state->mem_ctx in fillup_password_policy 2011-01-28 22:54:19 +01:00
Volker Lendecke
2d174d49cd s3: Lift winbindd_cli_state from winbindd_dual_pam_auth_samlogon 2011-01-28 22:54:19 +01:00
Volker Lendecke
5d4bfc949b s3: Lift winbindd_cli_state from winbindd_raw_kerberos_login 2011-01-28 22:54:19 +01:00
Günther Deschner
abb7c07de5 s3-winbind: share a common winbind_samlogon_retry_loop().
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Jan 26 12:41:14 CET 2011 on sn-devel-104
2011-01-26 12:41:14 +01:00
Günther Deschner
035a0d2fb3 Revert "s3: These assignments are overwritten immediately"
This reverts commit 18962ea385.
2011-01-26 11:55:37 +01:00
Günther Deschner
36cfa1792e Revert "s3-winbind: fix winbindd_dual_pam_auth_samlogon() for NT4 domains."
This reverts commit cea36aeacf.
2011-01-26 11:55:36 +01:00
Günther Deschner
cea36aeacf s3-winbind: fix winbindd_dual_pam_auth_samlogon() for NT4 domains.
After failing the netr_LogonSamLogonEx, we failed to retry with
netr_LogonSamLogon.

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Jan 24 12:35:42 CET 2011 on sn-devel-104
2011-01-24 12:35:42 +01:00
Volker Lendecke
92e138f920 s3: Use the right uid winbindd_raw_kerberos_login() 2010-12-19 23:25:06 +01:00
Volker Lendecke
a159958065 s3: wcache_invalidate_samlogon only needs the SID 2010-12-19 23:25:06 +01:00
Andrew Bartlett
6195dfc0eb s3-winbind Improve memory handling in NTLMv2-backend plaintext authentication
Andrew Bartlett
2010-12-10 16:09:06 +11:00
Andrew Bartlett
5cfe949108 s3-winbind Don't send the LM password to the server, ever
This is for the case where we have the plaintext password locally, and
can construct the challenge-response values here.

We should never ever use the LM password in domain authentication.
The last domain controller to only have LM passwords stored was NT
3.5.

Andrew Bartlett
2010-12-10 16:08:31 +11:00
Volker Lendecke
3b71f5df03 s3: Return the correct result from winbindd_dual_auth_passdb 2010-11-27 19:11:03 +01:00
Volker Lendecke
d1c1aaeb8b s3: Remove a reference to "winbindd_cli_state" from append_auth_data
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Nov 17 12:02:34 UTC 2010 on sn-devel-104
2010-11-17 12:02:34 +00:00
Volker Lendecke
bdf830ac61 s3: Remove a reference to "winbindd_cli_state" from append_info3_as_txt 2010-11-17 12:17:22 +01:00
Volker Lendecke
75f41c304a s3: Remove a reference to "winbindd_cli_state" from append_afs_token 2010-11-17 12:17:22 +01:00
Volker Lendecke
5b0724d228 s3: Remove a reference to "winbindd_cli_state" from append_info3_as_ndr 2010-11-17 12:17:22 +01:00
Volker Lendecke
3bfe6765b2 s3: Remove a reference to "winbindd_cli_state" from append_unix_username 2010-11-17 12:17:22 +01:00
Volker Lendecke
240edd07b3 s3: Remove a reference to "winbindd_cli_state" from append_auth_data 2010-11-17 12:17:21 +01:00
Andrew Bartlett
170b345e0c s3-auth Use security_token_debug() from common code
This prints the security token including the privileges as strings
instead of just a bitmap.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:04 +00:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Volker Lendecke
adfa071c5a s3: Remove a nesting level in winbindd_dual_pam_chauthtok 2010-09-12 18:30:38 +02:00
Andrew Bartlett
4bfc8d3b1a s3-auth Change struct nt_user_token -> struct security_token
This common structure is defined in security.idl

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Andrew Bartlett
4bf783d4d6 s3-auth Change type of num_sids to uint32_t
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.

This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Volker Lendecke
f76983ae3f s3: Simplify the logic in generate_krb5_ccache
gd, jra, others, please check!
2010-09-11 00:02:02 +02:00
Volker Lendecke
aa00d331a6 s3: Simplify generate_krb5_ccache slightly
strequal deals with a NULL string input just fine
2010-09-10 12:36:07 -07:00
Volker Lendecke
18962ea385 s3: These assignments are overwritten immediately
Dump them
2010-09-09 14:08:23 -07:00
Volker Lendecke
eedf476c24 s3: Remove "mem_ctx" from a few functions 2010-09-09 06:19:25 +02:00
Volker Lendecke
d38e1d13ea s3: Remove "mem_ctx" from lookup_cached_name() 2010-09-09 06:19:24 +02:00
Volker Lendecke
c7d6e6f571 s3: Remove a nested if-statement 2010-09-09 06:19:24 +02:00
Volker Lendecke
6f1916524b s3: Fill in workstation in winbindd_pam_auth_crap_send 2010-09-09 06:19:24 +02:00
Volker Lendecke
f506871538 s3: Fill in domain in winbindd_pam_auth_crap_send 2010-09-09 06:19:23 +02:00
Volker Lendecke
c2048db59d s3: Remove redundant flag checks
We're checking these in the parent already (winbindd_pam_auth_send and
winbindd_pam_auth_crap_send). No point in doing it in the child as well
2010-09-09 06:19:23 +02:00
Volker Lendecke
4e4228bd5d s3: Remove unused arg "user_sid" from winbindd_store_creds
All callers have passed in NULL
2010-09-09 06:19:23 +02:00
Volker Lendecke
4f0b190a30 s3: "== false" looks wrong :-) 2010-09-08 15:31:33 -07:00