1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-06 13:18:07 +03:00
Commit Graph

14 Commits

Author SHA1 Message Date
Noel Power
be6ed28f02 s3/winbindd: in winbindd_pam_auth_send use canonicalize_username
replace use of canonicalize_username_fstr with canonicalize_username

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-24 12:43:37 +00:00
Noel Power
7e1f210b9a s3/winbindd: rename canonicalize_username to canonicalize_username_fstr
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-24 12:43:37 +00:00
Pavel Filipenský
4f63a3b731 s3:winbind: Improve logging in winbindd_pam_auth.c
Test scenario:
$ bin/wbinfo --pam-logon=ADDOMAIN/alice%Secret007

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-07-15 14:25:38 +00:00
Samuel Cabrero
ddc551f447 s3:winbind: Convert PamAuth from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-08 20:13:37 +00:00
Volker Lendecke
d82acf7685 lib: give global_contexts.c its own header file
It's a bit shocking how many references we have to global
contexts. Make this a bit more obvious.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-08 20:31:33 +00:00
Matthew DeVore
c2ac923c6a s3: safe_string: do not include string_wrappers.h
Rather than have safe_string.h #include string_wrappers.h, make users of
string_wrappers.h include it explicitly.

includes.h now no longer includes string_wrappers.h transitively. Still
allow includes.h to #include safe_string.h for now so that as many
modules as possible get the safety checks in it.

Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-28 00:56:34 +00:00
Andreas Schneider
f49b62b44d s3:winbind: Log client process name for PAM auth
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-12 09:50:25 +01:00
Christof Schmitt
ae7db3e543 s3: Rename server_event_context() to global_event_context()
This reflects that the event context is also used outside of the server
processes.

The command used for the rename:
find . -name '*.[hc]' -print0 | xargs -0 sed -i 's/server_event_context/global_event_context/'

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-09-07 17:26:17 +02:00
Andreas Schneider
1766f77493 winbind: Fix UPN handling in canonicalize_username()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 11 12:02:37 CEST 2018 on sn-devel-144
2018-05-11 12:02:37 +02:00
Ralph Boehme
939592c660 winbindd: use add_trusted_domain_from_auth
After a successfully authentication, ensure we have the users domain in our
domain list and the TDC.

Signed-off-by: Ralph Boehme <slow@samba.org>
2018-01-13 12:55:08 +01:00
Volker Lendecke
7e83d14894 winbind: Replace winbind_event_context with server_event_context
There's no point in having two global event contexts

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-18 00:09:16 +01:00
Jeremy Allison
4f43030482 Fix bug #7589 - ntlm_auth fails to use cached credentials.
In handling the WINBINDD_PAM_AUTH message winbindd canonicalizes a *copy*
of the mapped username, but fails to canonicalize the actual username
sent to the backend domain process. When "winbind default domain"
is set this can lead to credentials being cached with an index of
user: user, not DOMAIN\user. All other code paths that use
canonicalize_username() (WINBINDD_PAM_CHAUTHTOK, WINBINDD_PAM_LOGOFF)
correctly canonicalize the data sent to the backend. All calls
the can cause credentials to be looked up (PAM_CHAUTHTOK etc.)
correctly call canonicalize_username() to create the credential
lookup key.

Jeremy.
2010-07-29 12:44:00 -07:00
Volker Lendecke
56b4aa3266 s3: Move the in-memory ccache to the parent
None of this blocks, so there is no reason to keep this in
a winbind child process
2010-04-19 14:27:24 +02:00
Volker Lendecke
61ec0f571a s3: Convert WINBINDD_PAM_AUTH to the new async API 2010-04-19 14:27:19 +02:00