1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Commit Graph

138 Commits

Author SHA1 Message Date
Günther Deschner
cea36aeacf s3-winbind: fix winbindd_dual_pam_auth_samlogon() for NT4 domains.
After failing the netr_LogonSamLogonEx, we failed to retry with
netr_LogonSamLogon.

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Jan 24 12:35:42 CET 2011 on sn-devel-104
2011-01-24 12:35:42 +01:00
Volker Lendecke
92e138f920 s3: Use the right uid winbindd_raw_kerberos_login() 2010-12-19 23:25:06 +01:00
Volker Lendecke
a159958065 s3: wcache_invalidate_samlogon only needs the SID 2010-12-19 23:25:06 +01:00
Andrew Bartlett
6195dfc0eb s3-winbind Improve memory handling in NTLMv2-backend plaintext authentication
Andrew Bartlett
2010-12-10 16:09:06 +11:00
Andrew Bartlett
5cfe949108 s3-winbind Don't send the LM password to the server, ever
This is for the case where we have the plaintext password locally, and
can construct the challenge-response values here.

We should never ever use the LM password in domain authentication.
The last domain controller to only have LM passwords stored was NT
3.5.

Andrew Bartlett
2010-12-10 16:08:31 +11:00
Volker Lendecke
3b71f5df03 s3: Return the correct result from winbindd_dual_auth_passdb 2010-11-27 19:11:03 +01:00
Volker Lendecke
d1c1aaeb8b s3: Remove a reference to "winbindd_cli_state" from append_auth_data
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Nov 17 12:02:34 UTC 2010 on sn-devel-104
2010-11-17 12:02:34 +00:00
Volker Lendecke
bdf830ac61 s3: Remove a reference to "winbindd_cli_state" from append_info3_as_txt 2010-11-17 12:17:22 +01:00
Volker Lendecke
75f41c304a s3: Remove a reference to "winbindd_cli_state" from append_afs_token 2010-11-17 12:17:22 +01:00
Volker Lendecke
5b0724d228 s3: Remove a reference to "winbindd_cli_state" from append_info3_as_ndr 2010-11-17 12:17:22 +01:00
Volker Lendecke
3bfe6765b2 s3: Remove a reference to "winbindd_cli_state" from append_unix_username 2010-11-17 12:17:22 +01:00
Volker Lendecke
240edd07b3 s3: Remove a reference to "winbindd_cli_state" from append_auth_data 2010-11-17 12:17:21 +01:00
Andrew Bartlett
170b345e0c s3-auth Use security_token_debug() from common code
This prints the security token including the privileges as strings
instead of just a bitmap.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:04 +00:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Volker Lendecke
adfa071c5a s3: Remove a nesting level in winbindd_dual_pam_chauthtok 2010-09-12 18:30:38 +02:00
Andrew Bartlett
4bfc8d3b1a s3-auth Change struct nt_user_token -> struct security_token
This common structure is defined in security.idl

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Andrew Bartlett
4bf783d4d6 s3-auth Change type of num_sids to uint32_t
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.

This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Volker Lendecke
f76983ae3f s3: Simplify the logic in generate_krb5_ccache
gd, jra, others, please check!
2010-09-11 00:02:02 +02:00
Volker Lendecke
aa00d331a6 s3: Simplify generate_krb5_ccache slightly
strequal deals with a NULL string input just fine
2010-09-10 12:36:07 -07:00
Volker Lendecke
18962ea385 s3: These assignments are overwritten immediately
Dump them
2010-09-09 14:08:23 -07:00
Volker Lendecke
eedf476c24 s3: Remove "mem_ctx" from a few functions 2010-09-09 06:19:25 +02:00
Volker Lendecke
d38e1d13ea s3: Remove "mem_ctx" from lookup_cached_name() 2010-09-09 06:19:24 +02:00
Volker Lendecke
c7d6e6f571 s3: Remove a nested if-statement 2010-09-09 06:19:24 +02:00
Volker Lendecke
6f1916524b s3: Fill in workstation in winbindd_pam_auth_crap_send 2010-09-09 06:19:24 +02:00
Volker Lendecke
f506871538 s3: Fill in domain in winbindd_pam_auth_crap_send 2010-09-09 06:19:23 +02:00
Volker Lendecke
c2048db59d s3: Remove redundant flag checks
We're checking these in the parent already (winbindd_pam_auth_send and
winbindd_pam_auth_crap_send). No point in doing it in the child as well
2010-09-09 06:19:23 +02:00
Volker Lendecke
4e4228bd5d s3: Remove unused arg "user_sid" from winbindd_store_creds
All callers have passed in NULL
2010-09-09 06:19:23 +02:00
Volker Lendecke
4f0b190a30 s3: "== false" looks wrong :-) 2010-09-08 15:31:33 -07:00
Andrew Bartlett
8c15cf54ae s3-auth Rename NT_USER_TOKEN user_sids -> sids
This is closer to the struct security_token from security.idl
2010-08-31 10:20:14 +10:00
Andrew Bartlett
70211ea6a3 s3:auth Change winbindd -> auth interface to more standard structures
This removes conversions to and from the source3 varient of the
server_info structure when replaced in s3compat, and presents a tidier
interface to winbindd in any case.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14 11:58:13 +10:00
Andrew Bartlett
23994e1b53 s3:auth Make Samba3 use the new common struct auth_usersupplied_info
This common structure will make it much easier to produce an auth
module for s3compat that calls Samba4's auth subsystem.

In order the make the link work properly (and not map twice), we mark
both that we did try and map the user, as well as if we changed the
user during the mapping.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14 11:58:13 +10:00
Günther Deschner
257a1f1097 s3-krb5: include krb5pac.h where needed.
Guenther
2010-08-06 15:43:37 +02:00
Günther Deschner
e7a6a3ec0d s3: avoid global include of ads.h.
Guenther
2010-08-05 00:32:02 +02:00
Jeremy Allison
b7f029016a We should be using the winbindd separator in this case, not hardcoding a \\ value.
Jeremy.
2010-07-29 13:54:22 -07:00
Günther Deschner
0da5e15378 s3-winbindd: route samr chgpwd ops for own domain over internal samr pipe as well.
Guenther
2010-07-07 16:49:26 +02:00
Günther Deschner
bcd4077be6 s3: remove unused librpc/ndr/sid.c.
Guenther
2010-06-03 01:07:17 +02:00
Günther Deschner
2807ab358e s3-samr: move chgpasswd.c out of smbd and into the samr server.
Guenther
2010-05-26 22:17:02 +02:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 10:39:59 +02:00
Günther Deschner
5ed3654112 s3-rpc_client: move protos to cli_netlogon.h
Guenther
2010-05-18 21:42:37 +02:00
Günther Deschner
3f2719c202 s3-rpc_client: move protos to cli_samr.h
Guenther
2010-05-18 21:42:32 +02:00
Jelmer Vernooij
b8268cf7b0 s3: Remove use of iconv_convenience. 2010-05-18 11:45:31 +02:00
Günther Deschner
1d2dd47d31 s3-crypto: only include crypto headers when crypto is done.
Guenther
2010-05-18 00:44:27 +02:00
Günther Deschner
3b529d50be s3-rpc_misc: clean out include/rpc_misc.h.
Well known rids don't really belong into an rpc header, just use the ones
defined in security.idl.

Guenther
2010-05-18 00:44:26 +02:00
Andrew Bartlett
454b0b3f20 s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATA
All the callers just want the PAC_LOGON_INFO, so search for that in
ads_verify_ticket(), and don't bother the callers with the rest of the
PAC.

This change makes sense on it's own (removing boilerplate wrappers
that just confuse the code), but it also makes it much easier to
implement a matching ads_verify_ticket() function in Samba4 for the
s3compat proposal.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-11 22:52:37 +02:00
Günther Deschner
c6ebab846d s3: only include gen_ndr headers where needed.
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time
as follows:

ccache build w/o patch
real    4m21.529s
ccache build with patch
real    3m6.402s

pch build w/o patch
real    4m26.318s
pch build with patch
real    3m6.932s

Guenther
2010-05-06 00:22:59 +02:00
Volker Lendecke
685b4625bc s3: Fix the code order in append_auth_data
This is to comply with the comment

"currently, anything from here on potentially overwrites extra_data."

Günther, please check!
2010-05-02 15:15:56 +02:00
Volker Lendecke
7099a3c446 s3: Allow pdb password change using WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP 2010-04-23 23:41:05 +02:00
Volker Lendecke
6eec46ec44 s3: replace some data_blob_talloc by data_blob_const 2010-04-23 23:41:04 +02:00
Volker Lendecke
f2f0fed8aa s3: Convert WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP to the new async API 2010-04-23 23:41:04 +02:00
Volker Lendecke
56b4aa3266 s3: Move the in-memory ccache to the parent
None of this blocks, so there is no reason to keep this in
a winbind child process
2010-04-19 14:27:24 +02:00