summaryrefslogtreecommitdiff
path: root/source3/auth/auth_server.c
AgeCommit message (Collapse)AuthorFilesLines
2011-01-17s3: Avoid a few calls to cli_errstrVolker Lendecke1-3/+3
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Jan 17 08:47:25 CET 2011 on sn-devel-104
2010-11-10Remove fstring from map_username. Create a more sane interface than the ↵Jeremy Allison1-4/+5
called-parameter-is-modified. Jeremy.
2010-08-19s3: Remove smb_pam_accountcheck from the auth modulesVolker Lendecke1-9/+1
We go through the same check in auth/auth.c line 287 after the module has done its job. So we don't have to do that check twice.
2010-08-14s3:auth Add error paths for invalid password_state valuesAndrew Bartlett1-0/+3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14s3:auth Make Samba3 use the new common struct auth_usersupplied_infoAndrew Bartlett1-12/+14
This common structure will make it much easier to produce an auth module for s3compat that calls Samba4's auth subsystem. In order the make the link work properly (and not map twice), we mark both that we did try and map the user, as well as if we changed the user during the mapping. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-06-10s3:misc make use of server_[event/messaging]_context directlyAndreas Schneider1-1/+1
Untangle these functions from smbd specific dependencies so they can be freely used in multiple servers.
2010-06-07s3:auth Rename user_info->domain -> user_info->mapped.domain_nameAndrew Bartlett1-5/+5
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->internal_username -> user_info->mapped.account_nameAndrew Bartlett1-2/+2
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->smb_name -> user_info->client.account_nameAndrew Bartlett1-2/+2
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-05-29s3:auth make it easier to trace auth modulesSimo Sorce1-0/+2
2010-04-11s3: Remove the make_auth_methods routineVolker Lendecke1-4/+9
This was just TALLOC_ZERO_P
2010-04-11s3: Make "auth_context" its own talloc parentVolker Lendecke1-1/+1
Remove "mem_ctx" from "struct auth_context"
2010-04-11s3: Fix some nonempty linesVolker Lendecke1-6/+6
2010-01-10s3: Remove the typedef for "auth_serversupplied_info"Volker Lendecke1-1/+1
2010-01-10s3: Remove the typedef for "auth_usersupplied_info"Volker Lendecke1-1/+1
2009-07-28Added prefer_ipv4 bool parameter to resolve_name().Jeremy Allison1-1/+1
W2K3 DC's can have IPv6 addresses but won't serve krb5/ldap or cldap on those addresses. Make sure when we're asking for DC's we prefer IPv4. If you have an IPv6-only network this prioritizing code will be a no-op. And if you have a mixed network then you need to prioritize IPv4 due to W2K3 DC's. Jeremy.
2008-12-19Make cli_negprot return NTSTATUS instead of boolVolker Lendecke1-3/+6
2008-10-23Use sockaddr_storage only where we rely on the size, use sockaddrJelmer Vernooij1-1/+1
otherwise (to clarify we can also pass in structs smaller than sockaddr_storage, such as sockaddr_in).
2008-07-22Fix various build warningsZach Loafman1-1/+1
This fixes various build warnings on our platform. I'm sure I haven't caught them all, but it's a start. (This used to be commit 6b73f259cb67d9dda9127907d706f9244a871fa3)
2008-05-30Fix security=server, bug 5502Volker Lendecke1-2/+4
This has brown paper bag quality and is definitely needed for 3.2.0. Thanks to Orion Poplawski for reporting this! Volker (This used to be commit 3b31f8cce3703645a57778bc752bc9b9e853df5d)
2008-03-10Use a separate tdb for mutexesVolker Lendecke1-7/+9
Another preparation to convert secrets.c to dbwrap: The dbwrap API does not provide a sane tdb_lock_with_timeout abstraction. In the clustered case the DC mutex is needed per-node anyway, so it is perfectly fine to use a local mutex only. (This used to be commit f94a63cd8f94490780ad9331da229c0bcb2ca5d6)
2008-01-08Fix CID 460 - resource leak on error.Jeremy Allison1-0/+1
Jeremy. (This used to be commit d61831164b482d02e0eef3c28aeed93d3e44433f)
2007-12-16Remove another static string and static passwd.Jeremy Allison1-19/+22
Jeremy. (This used to be commit 2a700c5a57a417add3b1975b2c396d20c8a5f301)
2007-12-07Remove next_token - all uses must now be next_token_talloc.Jeremy Allison1-17/+22
No more temptations to use static length strings. Jeremy. (This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de)
2007-10-24This is a large patch (sorry). Migrate from struct in_addrJeremy Allison1-5/+5
to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-5/+5
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10Add start of IPv6 implementation. Currently most of this is avoidingJeremy Allison1-1/+1
IPv6 in winbindd, but moves most of the socket functions that were wrongly in lib/util.c into lib/util_sock.c and provides generic IPv4/6 independent versions of most things. Still lots of work to do, but now I can see how I'll fix the access check code. Nasty part that remains is the name resolution code which is used to returning arrays of in_addr structs. Jeremy. (This used to be commit 3f6bd0e1ec5cc6670f3d08f76fc2cd94c9cd1a08)
2007-10-10[GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch.Gerald (Jerry) Carter1-9/+4
(This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23554: Fix bug #4711 by makeing cli_connect return an NTSTATUS.Jeremy Allison1-1/+6
Long overdue fix.... Jeremy. (This used to be commit 073fdc5a58139796dbaa7ea9833dca5308f11282)
2007-10-10r22956: Fix security=server (bug #4622). Volker's patchJeremy Allison1-6/+0
(slightly truncated by me). Will be in 3.0.25a. Jeremy. (This used to be commit 039fb906af883a7ca1a68955f1b36b583fe1b698)
2007-10-10r22953: Well, this apparently has never been tested. But *this* code never saw aVolker Lendecke1-6/+5
release yet .... ;-)) (This used to be commit f93b6353fe18e2c992a3dad96afd1a4c16032c55)
2007-10-10r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; andVolker Lendecke1-4/+4
replace all data_blob(NULL, 0) calls. (This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
2007-10-10r21870: Move sending auth_server keepalives out of the main loop into an ↵Volker Lendecke1-25/+60
idle event. Volker (This used to be commit 6226b30f38cd82531422815ba66a687aab50028d)
2007-10-10r20237: Replace exit_server with exit_server_cleanly where appropriate. AllJames Peach1-1/+1
send_smb failures should be clean exits. All times when we exit as a matter of policy should also be clean exits. (This used to be commit d6382092e72120a3c89ffe81975e8898d454bf06)
2007-10-10r19980: Implement pam account stack checks when obey pam restrictions is true.Simo Sorce1-1/+9
It was missing for security=server/domain/ads Simo. (This used to be commit 550f651499c22c3c11594a0a39061a8a9b438d82)
2007-10-10r17571: Change the return code of cli_session_setup from BOOL to NTSTATUSVolker Lendecke1-28/+27
Volker (This used to be commit 94817a8ef53589011bc4ead4e17807a101acf5c9)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-4/+5
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter1-1/+1
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-8/+8
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r7372: abartet's patch for BUG 2391 (segv caused by free a static pointer)Gerald Carter1-0/+1
(This used to be commit 4cda2bd035276bd090bf0fbd4e3b2eff657a80cb)
2004-03-16BUG 1165, 1126: Fix bug with secondary groups (security = ads) and winbind ↵Gerald Carter1-11/+10
use default domain = yes (This used to be commit f2eaa14b1eb7e89c945b2b06a48e17998c75d620)
2003-11-23Patch by emil@disksites.com <Emil Rasamat> to ensure we always alwaysAndrew Bartlett1-0/+2
free() each auth method. (We had relied on the use of talloc() only, despite providing the free() callback) Andrew Bartlett (This used to be commit 5872c0e26e3407c7c1dcf2074a36896a3ca1325a)
2003-11-10Patch from Andrew Bartlett <abartlet@samba.org> for security=server coreJeremy Allison1-6/+8
dump if server goes away. Jeremy. (This used to be commit e61324cc6a222ca714530827068104f7a74c0911)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-1/+1
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-07-03This patch takes the work the jerry did for beta2, and generalises it:Andrew Bartlett1-2/+2
- The 'not implmented' checks are now done by all auth modules - the ntdomain/trustdomain/winbind modules are more presise as to what domain names they can and cannot handle - The become_root() calls are now around the winbind pipe opening only, not the entire auth call - The unix username is kept seperate from the NT username, removing the need for 'clean off the domain\' in parse_net.c - All sid->uid translations are now validated with getpwuid() to put a very basic stop to logins with 'half deleted' accounts. Andrew Bartlett (This used to be commit 85f88191b9927cc434645ef4c1eaf5ec0e8af2ec)
2003-06-04Add some static. Patch by Stefan Metzmacher <metze@metzemix.de>Jelmer Vernooij1-1/+1
(This used to be commit e1a8e9b7f3e69c7271d2b715703b2d5b2412bd42)
2003-05-25Get 'add user script' working again for Samba 3.0.Andrew Bartlett1-2/+9
I'm still not convinced that sharing the option name with the administrative code is the best idea, but anyway... Tested by vl, bug #41. Andrew Bartlett (This used to be commit 9d78f064c5e4e6b340f994204977aaac6513320b)
2003-04-28Use NTSTATUS as return value for smb_register_*() functions and init_module()Jelmer Vernooij1-2/+2
function. Patch by metze with some minor modifications. (This used to be commit bc4b51bcb2daa7271c884cb83bf8bdba6d3a9b6d)
generated by cgit (git 2.34.1) at 2024-07-03 18:26:02 +0000