summaryrefslogtreecommitdiff
path: root/source3/auth/auth_winbind.c
AgeCommit message (Collapse)AuthorFilesLines
2008-03-26Add debug statement in auth_winbind to display wbcAuthenticateUserEx error code.Günther Deschner1-0/+5
Guenther (This used to be commit 0ad00a452f03d8af6e6b6fabd4a05ca26a9910d0)
2008-02-13auth_winbind: use wbcAuthenticateUserEx()Stefan Metzmacher1-69/+44
smbd doesn't need $(WBCOMMON_OBJ) anymore, it works with any libwbclient.so now and may talk to an older winbindd. metze (This used to be commit e3435930a307cff3066fe2047ed8c5c48911f001)
2008-01-04More logical operations on booleans. IBM checker.Jeremy Allison1-1/+3
Jeremy. (This used to be commit e289a0c8592f9e5c58100ddcde2577b452725b88)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r21940: Sorry Volker, I have to revert your revert in r21935.Gerald Carter1-1/+2
We can talk about this later if you still feel that strongly but I need to fix the build for now. (This used to be commit c7df0cad8257333c6a8dfd98818269a783ba7a26)
2007-10-10r21935: Revert obviously not sufficiently tested code -- sorry for the pain. ↵Volker Lendecke1-2/+1
I am afraid I was basically off the net for the day (This used to be commit 08c29abc03267b0dfb41cec3734653a536027a10)
2007-10-10r21878: Fix a bug with smbd serving a windows terminal server: If winbind ↵Volker Lendecke1-1/+2
decides smbd to be idle it might happen that smbd needs to do a winbind operation (for example sid2name) as non-root. This then fails to get the privileged pipe. When later on on the same connection another authentication request comes in, we try to do the CRAP auth via the non-privileged pipe. This adds a winbindd_priv_request_response() request that kills the existing winbind pipe connection if it's not privileged. Volker (This used to be commit e5741e27c4c22702c9f8b07877641fecc7eef39c)
2007-10-10r18665: Remove two type-punned warningsVolker Lendecke1-2/+3
(This used to be commit 157b2c0c262dc9b9ae2a8a3133479e66e6c8db07)
2007-10-10r17626: Some C++ WarningsVolker Lendecke1-2/+3
(This used to be commit 09e7c010f03ac3c621f7a7fad44685d278c1481a)
2007-10-10r15475: Ugly and disgusting patch to fix the username map problem I created byVolker Lendecke1-0/+3
changing the token generation. I *hate* this code! Jerry, you have been looking at this as well, can you double-check that I did not screw it up? Thanks, Volker (This used to be commit 2765c4ff8d44c970db3e075b0a2412662f1936c6)
2007-10-10r15472: Remove an unused function parameterVolker Lendecke1-1/+0
(This used to be commit d2f39ae7fe79fd31846c555849655023a2d1cbc7)
2007-10-10r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit ↵Gerald Carter1-3/+3
winbindd server (This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-11/+8
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r11573: Adding Andrew Bartlett's patch to make machine accountJeremy Allison1-0/+2
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes the auth module interface to 2 (from 1). The effect of this is that clients can access resources as a machine account if they set these flags. This is the same as Windows (think of a VPN where the vpn client authenticates itself to a VPN server using machine account credentials - the vpn server checks that the machine password was valid by performing a machine account check with the PDC in the same was as it would a user account check. I may add in a restriction (parameter) to allow this behaviour to be turned off (as it was previously). That may be on by default. Andrew Bartlett please review this change carefully. Jeremy. (This used to be commit d1caef866326346fb191f8129d13d98379f18cd8)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-1/+1
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison1-1/+1
safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10r3616: Merge for 3.0.8.Andrew Bartlett1-3/+3
In auth_winbind, remove the push_utf8 calls, as this is no longer a UTF8 interface. (Removed from everywhere else earlier). Tested with ASCII - I tried to load the weird charset for testing, but it doesn't seem to work any more. Andrew Bartlett (This used to be commit cb27c197ee44d2be09014598e3928642b59ef956)
2007-10-10r786: Memory leak fixes in (mostly) error code paths fromJeremy Allison1-3/+2
kawasa_r@itg.hitachi.co.jp. A couple of mem leak fixes in mainline code paths though :-). Jeremy. (This used to be commit 4695cc95fe576b6da0d0cb0686f208fc306b2646)
2003-12-19* add a few useful debug linesGerald Carter1-1/+2
* fix bug involving Win9x clients. Make sure we save the right case for the located username in fill_sam_account() (This used to be commit 850e4be29e185ebe890f094372aa8c2cc86de76a)
2003-10-07make sure to call get_user_groups() with the full winbindd name for a user ↵Gerald Carter1-8/+8
if he;she has one; bug 406 (This used to be commit 1737b36e9193e30285c598ad75d90f610bab47fe)
2003-08-15get rid of more compiler warningsHerb Lewis1-1/+1
(This used to be commit 398bd14fc6e2f8ab2f34211270e179b8928a6669)
2003-07-07and so it begins....Gerald Carter1-1/+1
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-07-03This patch takes the work the jerry did for beta2, and generalises it:Andrew Bartlett1-3/+11
- The 'not implmented' checks are now done by all auth modules - the ntdomain/trustdomain/winbind modules are more presise as to what domain names they can and cannot handle - The become_root() calls are now around the winbind pipe opening only, not the entire auth call - The unix username is kept seperate from the NT username, removing the need for 'clean off the domain\' in parse_net.c - All sid->uid translations are now validated with getpwuid() to put a very basic stop to logins with 'half deleted' accounts. Andrew Bartlett (This used to be commit 85f88191b9927cc434645ef4c1eaf5ec0e8af2ec)
2003-06-30Valgrind found a bug (subtracting a pointer from a length rather than theJeremy Allison1-1/+1
length of what the pointer points to). Jeremy. (This used to be commit 492a96e9922c1ef96b967f2965f8bba1f5bc8f23)
2003-06-04Add some static. Patch by Stefan Metzmacher <metze@metzemix.de>Jelmer Vernooij1-1/+1
(This used to be commit e1a8e9b7f3e69c7271d2b715703b2d5b2412bd42)
2003-05-27volker's fix for crash when my_private_data == NULLGerald Carter1-2/+8
(This used to be commit 40127404e3a664539de516723cf1239f47adc442)
2003-05-26Correctly initialize winbind auth method.Volker Lendecke1-0/+3
(This used to be commit b9e7ce9d85c4203779d6b9bfb2e65a4ed5fe33ff)
2003-04-28Use NTSTATUS as return value for smb_register_*() functions and init_module()Jelmer Vernooij1-2/+2
function. Patch by metze with some minor modifications. (This used to be commit bc4b51bcb2daa7271c884cb83bf8bdba6d3a9b6d)
2003-04-28Add cast for compilerAndrew Bartlett1-1/+1
(This used to be commit 456eb5d05a442ee380cfa756be54619b1d68fa48)
2003-04-24Merge auth changes from HEAD:Andrew Bartlett1-2/+14
- better error codes than NT_STATUS_UNSUCCESSFUL for domain logon errors - make auth_winbind load the ntdomain module if winbind isn't there. - use new trusted domains cache to determine if the domain is valid. Andrew Bartlett (This used to be commit ec8d6524c6b0c70927a2b57aab71d9e3a7f8a150)
2003-04-16Add support for the new modules system to auth/ (merge from HEAD)Jelmer Vernooij1-0/+5
(This used to be commit c7a1de090db35835be1a1623bfc80c04065c5dd9)
2003-02-14Ensure that only parse_prs.c access internal members of the prs_struct.Jeremy Allison1-2/+2
Needed to move to disk based i/o later. Jeremy. (This used to be commit a823fee5b41a5b6cd4ef05aa1f85f7725bd272a5)
2002-12-23Finish adding strings to all talloc_init() calls.Jeremy Allison1-2/+1
Jeremy. (This used to be commit aa8439a49ec4b9f433745fefa1e769e45398f4df)
2002-11-15Updates from HEAD:Andrew Bartlett1-7/+1
- const for PACKS() in lanman.c - change auth to 'account before password' - add help to net rpc {vampire,samsync} - configure updates for sun workshop cc - become_root() around pdb_ calls in auth_util for guest login. Andrew Bartlett (This used to be commit 43e90eb6e331d478013a9c038292f245edc51bd0)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-1/+1
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-21/+49
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-3/+7
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-25Bring auth_winbind into line with the protocol changesAndrew Bartlett1-0/+3
Andrew Bartlett (This used to be commit c796799afd69fe627b1c8e51fb47957d30da9fae)
2002-01-05I've decided to move the auth code around a bit more...Andrew Bartlett1-12/+9
The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
2002-01-01A farily large commit:Andrew Bartlett1-3/+4
- Move rpc_client/cli_trust.c to smbd/change_trust_pw.c - It hasn't been used by anything else since smbpasswd lost its -j - Add a TALLOC_CTX to the auth subsytem. These are only valid for the length of the calls to the individual modules, if you want a longer context hide it in your private data. Similarly, all returns (like the server_info) should still be malloced. - Move the 'ntdomain' module (security=domain in oldspeak) over to use the new libsmb domain logon code. Also rework much of the code to use some better helper functions for the connection - getting us much better error returns (the new code is NTSTATUS). The only remaining thing to do is to figure out if tpot's 0xdead 0xbeef for the LUID feilds is sufficient, or if we should do random LUIDs as per the old code. Similarly, I'll move winbind over to this when I get a chance. This leaves the SPOOLSS code and some cli_pipe code as the only stuff still in rpc_client, at least as far as smbd is concerned. While I've given this a basic rundown, any testing is as always appriciated. Andrew Bartlett (This used to be commit d870edce76ecca259230fbdbdacd0c86793b4837)
2001-11-26challange -> challengeTim Potter1-2/+2
(This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)
2001-11-24And add the winbind module I missed in the last run.Andrew Bartlett1-0/+111
(large change to modularise the auth subsystem) Andrew Bartlett (This used to be commit 324c4676280641fee0647221dba1e826e03ba9ab)