summaryrefslogtreecommitdiff
path: root/source3/auth/auth_domain.c
AgeCommit message (Collapse)AuthorFilesLines
2011-02-04s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945)Günther Deschner1-0/+1
The benefit of this that it makes us more robust to secure channel resets triggered from tools outside the winbind process. Long term we need to have a shared tdb secure channel store though as well. Guenther Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Feb 4 18:11:04 CET 2011 on sn-devel-104
2010-12-20s3: Remove unused "retry" from cli_full_connectionVolker Lendecke1-1/+1
2010-12-20s3: Always retry the DC connection in auth_domainVolker Lendecke1-8/+4
The only condition that cli_full_connection marks as non-retryable is the basic name lookup and TCP connect. To me this is pretty fishy. For example if the negprot fails, this is supposed to be more retryable than a NetBIOS name lookup failure? I'd rather think the opposite is true. Jeremy, this is code from 2002, 389a16d9d533. If you have any comments from back then, let me know :-) Volker
2010-08-19s3: Remove smb_pam_accountcheck from the auth modulesVolker Lendecke1-15/+2
We go through the same check in auth/auth.c line 287 after the module has done its job. So we don't have to do that check twice.
2010-08-14s3:auth Whitespace fixes after auth mergeAndrew Bartlett1-17/+17
2010-08-14s3:auth Make Samba3 use the new common struct auth_usersupplied_infoAndrew Bartlett1-2/+2
This common structure will make it much easier to produce an auth module for s3compat that calls Samba4's auth subsystem. In order the make the link work properly (and not map twice), we mark both that we did try and map the user, as well as if we changed the user during the mapping. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-05s3-secrets: only include secrets.h when needed.Günther Deschner1-0/+1
Guenther
2010-06-07s3:auth Rename user_info->domain -> user_info->mapped.domain_nameAndrew Bartlett1-11/+11
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->client_domain -> user_info->client.domain_nameAndrew Bartlett1-2/+2
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->internal_username -> user_info->mapped.account_nameAndrew Bartlett1-2/+2
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->smb_name -> user_info->client.account_nameAndrew Bartlett1-4/+4
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-01s3:auth Rename wksta_name -> workstation_name in auth_usersupplied_infoAndrew Bartlett1-1/+1
2010-05-29s3:auth make it easier to trace auth modulesSimo Sorce1-0/+4
2010-05-18s3-rpc_client: move protos to cli_netlogon.hGünther Deschner1-0/+1
Guenther
2010-05-06s3: only include gen_ndr headers where needed.Günther Deschner1-0/+1
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time as follows: ccache build w/o patch real 4m21.529s ccache build with patch real 3m6.402s pch build w/o patch real 4m26.318s pch build with patch real 3m6.932s Guenther
2010-04-11s3: Remove the make_auth_methods routineVolker Lendecke1-6/+14
This was just TALLOC_ZERO_P
2010-04-11s3: Fix some nonempty linesVolker Lendecke1-11/+11
2010-01-10s3: Remove the typedef for "auth_serversupplied_info"Volker Lendecke1-3/+3
2010-01-10s3: Remove the typedef for "auth_usersupplied_info"Volker Lendecke1-3/+3
2009-11-03s3-passdb: cleanup some callers of pdb_get_trusteddom_pw().Günther Deschner1-3/+1
Guenther
2009-10-13s3: use enum netr_SchannelType all over the place.Günther Deschner1-1/+1
Guenther
2009-09-15s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags.Günther Deschner1-1/+1
Guenther
2009-09-11s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel().Günther Deschner1-1/+1
Guenther
2009-04-14Rework Samba3 to use new libcli/auth code (partial)Andrew Bartlett1-0/+1
This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
2008-10-03Simply our main loop processing. A lot :-). Correctly use events for all the ↵Jeremy Allison1-0/+65
previous "special" cases. A step on the way to adding signals to the events and being able to merge the S3 event system with the S4 one. Jeremy.
2008-07-20Refactoring: Change calling conventions for cli_rpc_pipe_open_schannelVolker Lendecke1-2/+3
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 1fcfca007f33a2c4e979abf30c2ea0db65bac718)
2008-07-20Refactoring: Change calling conventions for cli_rpc_pipe_open_noauthVolker Lendecke1-2/+3
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779)
2008-05-07Rename server_info->was_mapped to server_info->nss_tokenVolker Lendecke1-3/+1
"nss_token" from my point of view much better reflects what this flag actually represents (This used to be commit b121a5acb2ef0bb3067d953b028696175432f10d)
2008-04-02Fix NETLOGON credential chain with Windows 2008 all over the place.Günther Deschner1-1/+1
In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8 netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate flags everywhere (not only when running in security=ads). Only for NT4 we need to do a downgrade to the returned negotiate flags. Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6. Guenther (This used to be commit 0970369ca0cb9ae465cff40e5c75739824daf1d0)
2008-03-14Fix bug 5317Volker Lendecke1-1/+1
Thanks to oster@cs.usask.ca (This used to be commit f18a80575921a241c7243c5af5a0101a2956ff17)
2008-03-10Use a separate tdb for mutexesVolker Lendecke1-7/+9
Another preparation to convert secrets.c to dbwrap: The dbwrap API does not provide a sane tdb_lock_with_timeout abstraction. In the clustered case the DC mutex is needed per-node anyway, so it is perfectly fine to use a local mutex only. (This used to be commit f94a63cd8f94490780ad9331da229c0bcb2ca5d6)
2008-02-17Use netr_SamInfo3 in remaining places.Günther Deschner1-5/+5
Guenther (This used to be commit 92fca97951bf7adf8caaeabdaff21682b18dd91f)
2008-01-23Windows 2008 (Longhorn) auth2 flag fixes.Andreas Schneider1-1/+1
Interop fixes for AD specific flags. Original patch from Todd Stetcher. (This used to be commit 5aadfcdaacd6f136eab9e107a88b8544e6d2105f)
2008-01-04More logical operations on booleans. IBM checker.Jeremy Allison1-1/+3
Jeremy. (This used to be commit e289a0c8592f9e5c58100ddcde2577b452725b88)
2007-12-13Rename get_trust_pw() to get_trust_pw_hash().Michael Adam1-2/+2
Michael (This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
2007-12-13Let get_trust_pw() determine the machine_account_name to use.Michael Adam1-2/+5
Up to now each caller used its own logic. This eliminates code paths where there was a special treatment of the following situation: the domain given is not our workgroup (i.e. our own domain) and we are not a DC (i.e. it is not a typical trusted domain situation). In situation the given domain name was previously used as the machine account name, resulting in an account name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me. get_trust_pw would not have obtained a password in this situation anyways. I hope I have not missed an important point here! Michael (This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
2007-10-24This is a large patch (sorry). Migrate from struct in_addrJeremy Allison1-10/+10
to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-3/+3
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r25407: Revert Longhorn join patch as it is not correct for the 3.2 tree.Gerald Carter1-1/+1
The translate_name() used by cli_session_setup_spnego() cann rely Winbindd since it is needed by the join process (and hence before Winbind can be run). (This used to be commit 00a93ed336c5f36643e6e33bd277608eaf05677c)
2007-10-10r25400: Windows 2008 (Longhorn) Interop fixes for AD specific auth2 flags,Gerald Carter1-1/+1
and client fixes. Patch from Todd Stetcher <todd.stetcher@isilon.com>. (This used to be commit 8304ccba7346597425307e260e88647e49081f68)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r21642: Fix bug 4365. Please note that this was only tested with Vista so ↵Volker Lendecke1-1/+1
far, it needs testing with other clients as well. I'm afraid I'm visiting a conference tomorrow and saturday, so I'd be happy to get support in this. Thanks, Volker (This used to be commit 2186e276a0f15457ee6b29ecf2d109d812628ff9)
2007-10-10r20824: Send access to the trusted domain passwords through the pdb backend, ↵Volker Lendecke1-2/+2
so that in the next step we can store them in LDAP to be replicated across DCs. Thanks to Michael Adam <ma@sernet.de> Volker (This used to be commit 3c879745cfc39be6128b63a88ecdbfa3d9ce6c2d)
2007-10-10r19980: Implement pam account stack checks when obey pam restrictions is true.Simo Sorce1-0/+11
It was missing for security=server/domain/ads Simo. (This used to be commit 550f651499c22c3c11594a0a39061a8a9b438d82)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-0/+11
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16076: Fix for machine password timeout overflow from Shlomi YaakobovichJeremy Allison1-1/+1
<Shlomi@exanet.com>. Jeremy. (This used to be commit 5cd234a1fff1e9d025eea6600649e56c997eafc2)
2007-10-10r15476: Transfer the was_mapped flag from user_info to server_info also in ↵Volker Lendecke1-0/+4
auth_sam and auth_domain. Thanks for Simo to point this out. Volker (This used to be commit 293b89dfb109d6e220ced433f025cf987aa1f500)
2007-10-10r15472: Remove an unused function parameterVolker Lendecke1-1/+0
(This used to be commit d2f39ae7fe79fd31846c555849655023a2d1cbc7)
2007-10-10r13382: added server affinity cache stores for 'net rpc join' and trusted ↵Gerald Carter1-0/+4
domain code (This used to be commit 9eb743584d32cdb67e0512ac915c34565bce1c01)