summaryrefslogtreecommitdiff
path: root/source3/auth/auth_winbind.c
AgeCommit message (Collapse)AuthorFilesLines
2013-04-24BUG 9817: Fix 'map untrusted to domain' with NTLMv2.Andreas Schneider1-2/+8
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Apr 24 17:14:48 CEST 2013 on sn-devel-104
2011-06-09s3-talloc Change TALLOC_ZERO_P() to talloc_zero()Andrew Bartlett1-1/+1
Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_P isn't standard talloc.
2011-03-30s3-auth: use auth.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-winbind: remove global inclusion of libwbclient.Günther Deschner1-0/+1
Guenther
2011-01-17s3: Make sure we call wbcAuthenticateUserEx correctlyVolker Lendecke1-4/+14
There are cases where we fill in params.password.response.lm_data with non-NULL where params.password.response.lm_length is 0. wbcAuthenticateUserEx does not like that. I haven't been able to reproduce this with smbclient yet, I've seen it with a proprietary smb client implementation. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Jan 17 16:30:11 CET 2011 on sn-devel-104
2010-11-09s3: Quieten a bogus error messageVolker Lendecke1-3/+1
This happens if you set "auth methods = winbind" without a fallback method. The return NT_STATUS_LOGON_FAILURE; is not strictly require here, because we fall through to the equivalent statement a few lines down, but it makes the code a bit clearer IMO. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Nov 9 20:15:59 UTC 2010 on sn-devel-104
2010-08-14s3:auth Make Samba3 use the new common struct auth_usersupplied_infoAndrew Bartlett1-4/+4
This common structure will make it much easier to produce an auth module for s3compat that calls Samba4's auth subsystem. In order the make the link work properly (and not map twice), we mark both that we did try and map the user, as well as if we changed the user during the mapping. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-06-16s3-auth: fix debug message in check_winbind_security().Günther Deschner1-1/+1
Guenther
2010-06-16Revert "s4-smbtorture: only pull info when status code indicates success in ↵Günther Deschner1-11/+3
smbcli_rap_netprintqgetinfo()." This reverts commit 1f1c04010a55e67d8dc2110276eed4cf2a8a0afa.
2010-06-16s4-smbtorture: only pull info when status code indicates success in ↵Günther Deschner1-3/+11
smbcli_rap_netprintqgetinfo(). Guenther
2010-06-07s3:auth Rename user_info->domain -> user_info->mapped.domain_nameAndrew Bartlett1-4/+4
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->internal_username -> user_info->mapped.account_nameAndrew Bartlett1-2/+2
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->smb_name -> user_info->client.account_nameAndrew Bartlett1-2/+2
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-01s3:auth Rename wksta_name -> workstation_name in auth_usersupplied_infoAndrew Bartlett1-1/+1
2010-05-29s3:auth make it easier to trace auth modulesSimo Sorce1-0/+2
2010-04-11s3: Remove the make_auth_methods routineVolker Lendecke1-5/+9
This was just TALLOC_ZERO_P
2010-04-11s3: Fix some nonempty linesVolker Lendecke1-3/+3
2010-01-10s3: Remove the typedef for "auth_serversupplied_info"Volker Lendecke1-1/+1
2010-01-10s3: Remove the typedef for "auth_usersupplied_info"Volker Lendecke1-1/+1
2008-05-07Rename server_info->was_mapped to server_info->nss_tokenVolker Lendecke1-3/+1
"nss_token" from my point of view much better reflects what this flag actually represents (This used to be commit b121a5acb2ef0bb3067d953b028696175432f10d)
2008-03-26Add debug statement in auth_winbind to display wbcAuthenticateUserEx error code.Günther Deschner1-0/+5
Guenther (This used to be commit 0ad00a452f03d8af6e6b6fabd4a05ca26a9910d0)
2008-02-13auth_winbind: use wbcAuthenticateUserEx()Stefan Metzmacher1-69/+44
smbd doesn't need $(WBCOMMON_OBJ) anymore, it works with any libwbclient.so now and may talk to an older winbindd. metze (This used to be commit e3435930a307cff3066fe2047ed8c5c48911f001)
2008-01-04More logical operations on booleans. IBM checker.Jeremy Allison1-1/+3
Jeremy. (This used to be commit e289a0c8592f9e5c58100ddcde2577b452725b88)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r21940: Sorry Volker, I have to revert your revert in r21935.Gerald Carter1-1/+2
We can talk about this later if you still feel that strongly but I need to fix the build for now. (This used to be commit c7df0cad8257333c6a8dfd98818269a783ba7a26)
2007-10-10r21935: Revert obviously not sufficiently tested code -- sorry for the pain. ↵Volker Lendecke1-2/+1
I am afraid I was basically off the net for the day (This used to be commit 08c29abc03267b0dfb41cec3734653a536027a10)
2007-10-10r21878: Fix a bug with smbd serving a windows terminal server: If winbind ↵Volker Lendecke1-1/+2
decides smbd to be idle it might happen that smbd needs to do a winbind operation (for example sid2name) as non-root. This then fails to get the privileged pipe. When later on on the same connection another authentication request comes in, we try to do the CRAP auth via the non-privileged pipe. This adds a winbindd_priv_request_response() request that kills the existing winbind pipe connection if it's not privileged. Volker (This used to be commit e5741e27c4c22702c9f8b07877641fecc7eef39c)
2007-10-10r18665: Remove two type-punned warningsVolker Lendecke1-2/+3
(This used to be commit 157b2c0c262dc9b9ae2a8a3133479e66e6c8db07)
2007-10-10r17626: Some C++ WarningsVolker Lendecke1-2/+3
(This used to be commit 09e7c010f03ac3c621f7a7fad44685d278c1481a)
2007-10-10r15475: Ugly and disgusting patch to fix the username map problem I created byVolker Lendecke1-0/+3
changing the token generation. I *hate* this code! Jerry, you have been looking at this as well, can you double-check that I did not screw it up? Thanks, Volker (This used to be commit 2765c4ff8d44c970db3e075b0a2412662f1936c6)
2007-10-10r15472: Remove an unused function parameterVolker Lendecke1-1/+0
(This used to be commit d2f39ae7fe79fd31846c555849655023a2d1cbc7)
2007-10-10r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit ↵Gerald Carter1-3/+3
winbindd server (This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-11/+8
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r11573: Adding Andrew Bartlett's patch to make machine accountJeremy Allison1-0/+2
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes the auth module interface to 2 (from 1). The effect of this is that clients can access resources as a machine account if they set these flags. This is the same as Windows (think of a VPN where the vpn client authenticates itself to a VPN server using machine account credentials - the vpn server checks that the machine password was valid by performing a machine account check with the PDC in the same was as it would a user account check. I may add in a restriction (parameter) to allow this behaviour to be turned off (as it was previously). That may be on by default. Andrew Bartlett please review this change carefully. Jeremy. (This used to be commit d1caef866326346fb191f8129d13d98379f18cd8)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-1/+1
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison1-1/+1
safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10r3616: Merge for 3.0.8.Andrew Bartlett1-3/+3
In auth_winbind, remove the push_utf8 calls, as this is no longer a UTF8 interface. (Removed from everywhere else earlier). Tested with ASCII - I tried to load the weird charset for testing, but it doesn't seem to work any more. Andrew Bartlett (This used to be commit cb27c197ee44d2be09014598e3928642b59ef956)
2007-10-10r786: Memory leak fixes in (mostly) error code paths fromJeremy Allison1-3/+2
kawasa_r@itg.hitachi.co.jp. A couple of mem leak fixes in mainline code paths though :-). Jeremy. (This used to be commit 4695cc95fe576b6da0d0cb0686f208fc306b2646)
2003-12-19* add a few useful debug linesGerald Carter1-1/+2
* fix bug involving Win9x clients. Make sure we save the right case for the located username in fill_sam_account() (This used to be commit 850e4be29e185ebe890f094372aa8c2cc86de76a)
2003-10-07make sure to call get_user_groups() with the full winbindd name for a user ↵Gerald Carter1-8/+8
if he;she has one; bug 406 (This used to be commit 1737b36e9193e30285c598ad75d90f610bab47fe)
2003-08-15get rid of more compiler warningsHerb Lewis1-1/+1
(This used to be commit 398bd14fc6e2f8ab2f34211270e179b8928a6669)
2003-07-07and so it begins....Gerald Carter1-1/+1
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-07-03This patch takes the work the jerry did for beta2, and generalises it:Andrew Bartlett1-3/+11
- The 'not implmented' checks are now done by all auth modules - the ntdomain/trustdomain/winbind modules are more presise as to what domain names they can and cannot handle - The become_root() calls are now around the winbind pipe opening only, not the entire auth call - The unix username is kept seperate from the NT username, removing the need for 'clean off the domain\' in parse_net.c - All sid->uid translations are now validated with getpwuid() to put a very basic stop to logins with 'half deleted' accounts. Andrew Bartlett (This used to be commit 85f88191b9927cc434645ef4c1eaf5ec0e8af2ec)
2003-06-30Valgrind found a bug (subtracting a pointer from a length rather than theJeremy Allison1-1/+1
length of what the pointer points to). Jeremy. (This used to be commit 492a96e9922c1ef96b967f2965f8bba1f5bc8f23)
2003-06-04Add some static. Patch by Stefan Metzmacher <metze@metzemix.de>Jelmer Vernooij1-1/+1
(This used to be commit e1a8e9b7f3e69c7271d2b715703b2d5b2412bd42)
2003-05-27volker's fix for crash when my_private_data == NULLGerald Carter1-2/+8
(This used to be commit 40127404e3a664539de516723cf1239f47adc442)
2003-05-26Correctly initialize winbind auth method.Volker Lendecke1-0/+3
(This used to be commit b9e7ce9d85c4203779d6b9bfb2e65a4ed5fe33ff)
2003-04-28Use NTSTATUS as return value for smb_register_*() functions and init_module()Jelmer Vernooij1-2/+2
function. Patch by metze with some minor modifications. (This used to be commit bc4b51bcb2daa7271c884cb83bf8bdba6d3a9b6d)
2003-04-28Add cast for compilerAndrew Bartlett1-1/+1
(This used to be commit 456eb5d05a442ee380cfa756be54619b1d68fa48)