summaryrefslogtreecommitdiff
path: root/source3/auth/auth_domain.c
AgeCommit message (Collapse)AuthorFilesLines
2012-07-13s3-auth Remove unused global_machine_account_needs_changingAndrew Bartlett1-66/+0
This boolean was only set if the old machine account store (with an MD4 hash in it) was returned. We have not set that password type for years. If this call ever worked, it would store a plaintext password, so we could only ever be here if we had set a password using a version of Samba so old as not to store plaintext, and then never honered the flag anyway. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jul 13 07:52:40 CEST 2012 on sn-devel-104
2012-07-13s3-auth Remove confusing reference to global_machine_password_needs_changingAndrew Bartlett1-8/+0
This is in the trusted domain codepath, not the primary domain code path. Andrew Bartlett
2011-11-03s3:auth: s/Undefined/SMB_SIGNING_DEFAULT/Stefan Metzmacher1-1/+1
metze
2011-07-22s3:auth_domain: we already have the dc_name, it's the same as cli->desthostStefan Metzmacher1-1/+1
metze
2011-07-22s3:auth_domain: add some const to sockaddr_storageStefan Metzmacher1-2/+2
metze
2011-07-03s3: Remove a use of cli_errstrVolker Lendecke1-2/+3
All code above that might have failed sets result
2011-06-09s3-param Remove special case for global_myname(), rename to lp_netbios_name()Andrew Bartlett1-4/+4
There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett
2011-06-09s3-talloc Change TALLOC_ZERO_P() to talloc_zero()Andrew Bartlett1-2/+2
Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_P isn't standard talloc.
2011-05-06s3-libsmb: move protos to libsmb/proto.hGünther Deschner1-0/+1
Guenther
2011-03-30s3-auth: use auth.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-passdb: use passdb headers where needed.Günther Deschner1-0/+1
Guenther
2011-02-28s3-rpc_client: Move client pipe functions to own header.Andreas Schneider1-0/+1
2011-02-04s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945)Günther Deschner1-0/+1
The benefit of this that it makes us more robust to secure channel resets triggered from tools outside the winbind process. Long term we need to have a shared tdb secure channel store though as well. Guenther Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Feb 4 18:11:04 CET 2011 on sn-devel-104
2010-12-20s3: Remove unused "retry" from cli_full_connectionVolker Lendecke1-1/+1
2010-12-20s3: Always retry the DC connection in auth_domainVolker Lendecke1-8/+4
The only condition that cli_full_connection marks as non-retryable is the basic name lookup and TCP connect. To me this is pretty fishy. For example if the negprot fails, this is supposed to be more retryable than a NetBIOS name lookup failure? I'd rather think the opposite is true. Jeremy, this is code from 2002, 389a16d9d533. If you have any comments from back then, let me know :-) Volker
2010-08-19s3: Remove smb_pam_accountcheck from the auth modulesVolker Lendecke1-15/+2
We go through the same check in auth/auth.c line 287 after the module has done its job. So we don't have to do that check twice.
2010-08-14s3:auth Whitespace fixes after auth mergeAndrew Bartlett1-17/+17
2010-08-14s3:auth Make Samba3 use the new common struct auth_usersupplied_infoAndrew Bartlett1-2/+2
This common structure will make it much easier to produce an auth module for s3compat that calls Samba4's auth subsystem. In order the make the link work properly (and not map twice), we mark both that we did try and map the user, as well as if we changed the user during the mapping. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-05s3-secrets: only include secrets.h when needed.Günther Deschner1-0/+1
Guenther
2010-06-07s3:auth Rename user_info->domain -> user_info->mapped.domain_nameAndrew Bartlett1-11/+11
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->client_domain -> user_info->client.domain_nameAndrew Bartlett1-2/+2
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->internal_username -> user_info->mapped.account_nameAndrew Bartlett1-2/+2
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->smb_name -> user_info->client.account_nameAndrew Bartlett1-4/+4
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-01s3:auth Rename wksta_name -> workstation_name in auth_usersupplied_infoAndrew Bartlett1-1/+1
2010-05-29s3:auth make it easier to trace auth modulesSimo Sorce1-0/+4
2010-05-18s3-rpc_client: move protos to cli_netlogon.hGünther Deschner1-0/+1
Guenther
2010-05-06s3: only include gen_ndr headers where needed.Günther Deschner1-0/+1
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time as follows: ccache build w/o patch real 4m21.529s ccache build with patch real 3m6.402s pch build w/o patch real 4m26.318s pch build with patch real 3m6.932s Guenther
2010-04-11s3: Remove the make_auth_methods routineVolker Lendecke1-6/+14
This was just TALLOC_ZERO_P
2010-04-11s3: Fix some nonempty linesVolker Lendecke1-11/+11
2010-01-10s3: Remove the typedef for "auth_serversupplied_info"Volker Lendecke1-3/+3
2010-01-10s3: Remove the typedef for "auth_usersupplied_info"Volker Lendecke1-3/+3
2009-11-03s3-passdb: cleanup some callers of pdb_get_trusteddom_pw().Günther Deschner1-3/+1
Guenther
2009-10-13s3: use enum netr_SchannelType all over the place.Günther Deschner1-1/+1
Guenther
2009-09-15s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags.Günther Deschner1-1/+1
Guenther
2009-09-11s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel().Günther Deschner1-1/+1
Guenther
2009-04-14Rework Samba3 to use new libcli/auth code (partial)Andrew Bartlett1-0/+1
This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
2008-10-03Simply our main loop processing. A lot :-). Correctly use events for all the ↵Jeremy Allison1-0/+65
previous "special" cases. A step on the way to adding signals to the events and being able to merge the S3 event system with the S4 one. Jeremy.
2008-07-20Refactoring: Change calling conventions for cli_rpc_pipe_open_schannelVolker Lendecke1-2/+3
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 1fcfca007f33a2c4e979abf30c2ea0db65bac718)
2008-07-20Refactoring: Change calling conventions for cli_rpc_pipe_open_noauthVolker Lendecke1-2/+3
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779)
2008-05-07Rename server_info->was_mapped to server_info->nss_tokenVolker Lendecke1-3/+1
"nss_token" from my point of view much better reflects what this flag actually represents (This used to be commit b121a5acb2ef0bb3067d953b028696175432f10d)
2008-04-02Fix NETLOGON credential chain with Windows 2008 all over the place.Günther Deschner1-1/+1
In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8 netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate flags everywhere (not only when running in security=ads). Only for NT4 we need to do a downgrade to the returned negotiate flags. Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6. Guenther (This used to be commit 0970369ca0cb9ae465cff40e5c75739824daf1d0)
2008-03-14Fix bug 5317Volker Lendecke1-1/+1
Thanks to oster@cs.usask.ca (This used to be commit f18a80575921a241c7243c5af5a0101a2956ff17)
2008-03-10Use a separate tdb for mutexesVolker Lendecke1-7/+9
Another preparation to convert secrets.c to dbwrap: The dbwrap API does not provide a sane tdb_lock_with_timeout abstraction. In the clustered case the DC mutex is needed per-node anyway, so it is perfectly fine to use a local mutex only. (This used to be commit f94a63cd8f94490780ad9331da229c0bcb2ca5d6)
2008-02-17Use netr_SamInfo3 in remaining places.Günther Deschner1-5/+5
Guenther (This used to be commit 92fca97951bf7adf8caaeabdaff21682b18dd91f)
2008-01-23Windows 2008 (Longhorn) auth2 flag fixes.Andreas Schneider1-1/+1
Interop fixes for AD specific flags. Original patch from Todd Stetcher. (This used to be commit 5aadfcdaacd6f136eab9e107a88b8544e6d2105f)
2008-01-04More logical operations on booleans. IBM checker.Jeremy Allison1-1/+3
Jeremy. (This used to be commit e289a0c8592f9e5c58100ddcde2577b452725b88)
2007-12-13Rename get_trust_pw() to get_trust_pw_hash().Michael Adam1-2/+2
Michael (This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
2007-12-13Let get_trust_pw() determine the machine_account_name to use.Michael Adam1-2/+5
Up to now each caller used its own logic. This eliminates code paths where there was a special treatment of the following situation: the domain given is not our workgroup (i.e. our own domain) and we are not a DC (i.e. it is not a typical trusted domain situation). In situation the given domain name was previously used as the machine account name, resulting in an account name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me. get_trust_pw would not have obtained a password in this situation anyways. I hope I have not missed an important point here! Michael (This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
2007-10-24This is a large patch (sorry). Migrate from struct in_addrJeremy Allison1-10/+10
to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-3/+3
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)