Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-05-06 | s3: only include gen_ndr headers where needed. | Günther Deschner | 2 | -0/+2 | |
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time as follows: ccache build w/o patch real 4m21.529s ccache build with patch real 3m6.402s pch build w/o patch real 4m26.318s pch build with patch real 3m6.932s Guenther | |||||
2010-04-12 | s3: Apply some const | Volker Lendecke | 1 | -3/+5 | |
2010-04-12 | s3/s4:netlogon IDL - fix up "struct netr_SamInfo6" regarding the "forest" ↵ | Matthias Dieter Wallnöfer | 1 | -3/+3 | |
attribute According to MS-NRPC 2.2.1.4.13 this should be the DNS domainname, not the forest one. | |||||
2010-04-11 | s3: Move serverinfo_to_SamInfoX to auth/server_info.c | Volker Lendecke | 1 | -0/+287 | |
2010-04-11 | s3: Move [make|free]_user_info to auth/user_info.c | Volker Lendecke | 2 | -108/+131 | |
2010-04-11 | s3: Move make_server_info_sam to auth/server_info_sam.c | Volker Lendecke | 2 | -121/+151 | |
2010-04-11 | s3: Move sanitize_username to lib/util_str.c | Volker Lendecke | 1 | -8/+0 | |
2010-04-11 | s3: Move make_server_info to auth/server_info.c | Volker Lendecke | 2 | -32/+55 | |
2010-04-11 | s3: Move check_sam_security to auth/check_sam.c | Volker Lendecke | 2 | -485/+512 | |
2010-04-11 | s3: Make check_sam_security public | Volker Lendecke | 1 | -20/+28 | |
2010-04-11 | s3: Replace "auth_context" by "challenge" in need_to_increment_bad_pw_count args | Volker Lendecke | 1 | -5/+5 | |
2010-04-11 | s3: Replace "auth_context" by "challenge" in sam_password_ok args | Volker Lendecke | 1 | -7/+10 | |
2010-04-11 | s3: Move user_in_group() and create_token_from_username() to token_utils.c | Volker Lendecke | 2 | -315/+315 | |
Goal is to be able to call check_sam_security from winbind | |||||
2010-04-11 | s3: Use talloc_stackframe() in user_in_group | Volker Lendecke | 1 | -7/+1 | |
2010-04-11 | s3: Use talloc_stackframe() in user_in_group_sid | Volker Lendecke | 1 | -8/+1 | |
2010-04-11 | s3: Use talloc_stackframe() in create_token_from_username | Volker Lendecke | 1 | -7/+1 | |
2010-04-11 | s3: Fix a memleak in user_in_group_sid | Volker Lendecke | 1 | -0/+1 | |
2010-04-11 | s3: Remove the make_auth_methods routine | Volker Lendecke | 10 | -72/+101 | |
This was just TALLOC_ZERO_P | |||||
2010-04-11 | s3: Fix a typo | Volker Lendecke | 1 | -1/+1 | |
2010-04-11 | s3: Make "auth_context" its own talloc parent | Volker Lendecke | 4 | -15/+9 | |
Remove "mem_ctx" from "struct auth_context" | |||||
2010-04-11 | s3: Fix some nonempty lines | Volker Lendecke | 6 | -36/+35 | |
2010-04-09 | s3: Fix a typo | Volker Lendecke | 1 | -1/+1 | |
2010-03-24 | s3:ntlmssp: use client.netbios_name instead of workstation | Stefan Metzmacher | 1 | -2/+2 | |
metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-24 | s3:ntlmssp: rename void *auth_context; into void *callback_private; | Stefan Metzmacher | 1 | -5/+5 | |
metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-24 | s3:ntlmssp: pass names to ntlmssp_server_start() and store them in ntlmssp_state | Stefan Metzmacher | 1 | -6/+28 | |
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-24 | s3:ntlmssp: replace server_role by a server.is_standalone in ntlmssp_state | Stefan Metzmacher | 1 | -1/+5 | |
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-22 | Fix valgrind error when running under share level security. plaintext_password | Jeremy Allison | 1 | -2/+2 | |
is a data blob with a data pointer pointing to an allocation of length zero. Jeremy. | |||||
2010-02-20 | s3: Fix some nonempty blank lines | Volker Lendecke | 1 | -59/+57 | |
2010-01-24 | s3: Remove some calls to memset -- reduces text size by some bytes for me | Volker Lendecke | 1 | -8/+3 | |
2010-01-14 | s3:auth: fix account unlock regression introduced with fix for bug #4347 | Michael Adam | 1 | -7/+5 | |
By an oversight, the patchset for #4347 made the unlocking of a locked account after the lockout duration ineffective. Thanks to Björn for finding this! Michael | |||||
2010-01-12 | s3:auth: add comment to nulling out stolen sampass | Michael Adam | 1 | -0/+4 | |
Adding this comment makes me think, I could also have changed make_server_info_sam() talloc_move instead of talloc_steal, but that would have changed the signature... Well the comment is a first step. :-) Michael | |||||
2010-01-10 | s3: Replace most calls to sid_append_rid() by sid_compose() | Volker Lendecke | 1 | -6/+4 | |
2010-01-10 | s3: Remove the typedef for "auth_serversupplied_info" | Volker Lendecke | 11 | -34/+36 | |
2010-01-10 | s3: Remove the typedef for "auth_usersupplied_info" | Volker Lendecke | 12 | -30/+30 | |
2010-01-07 | s3:auth: don't update the bad pw count if pw is among last 2 history entries | Michael Adam | 1 | -1/+73 | |
This conforms to the behaviour of Windows 2003: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx This is supposed to fixes Bug #4347 . Michael | |||||
2010-01-07 | s3:auth:check_sam_security: introduce a bool var to control pad_pw_count ↵ | Michael Adam | 1 | -1/+7 | |
incrementation This is a preparatory patch for the last part in fixing bug #4347 . Michael | |||||
2010-01-07 | s3:auth:check_sam_security: improve calling and logging of ↵ | Michael Adam | 1 | -4/+16 | |
pdb_update_sam_account Log what went wrongl, and also call pdb_update_sam_account inside become_root/unbecome_root: do the logging outside. Michael | |||||
2010-01-07 | s3:auth:check_sam_security: fix a leading tab/ws mixup | Michael Adam | 1 | -1/+1 | |
Michael | |||||
2010-01-07 | s3:auth:check_sam_security: create (and use) a common exit point | Michael Adam | 1 | -11/+7 | |
for use after sam_password_ok() has been called. Michael | |||||
2010-01-07 | s3:auth:check_sam_security: null out sampass after it has been stolen. | Michael Adam | 1 | -0/+1 | |
So that a later talloc_free would not harm. I could have used talloc_move instead of talloc steal in make_server_info_sam(), but this would have required a change of the signature. Michael | |||||
2010-01-07 | s3:auth:sam_password_ok: take username, acct_ctrl and nt/lm hashes, not sampass | Michael Adam | 1 | -14/+20 | |
This is in preparation to extending check_sam_security to also check against the password history before updating the bad password count. This way, sam_password_ok can more easily be reused for that purpose. Michael | |||||
2010-01-07 | s3:auth: use data_blob_null instead of data_blob(NULL, 0) in sam_password_ok() | Michael Adam | 1 | -2/+2 | |
This way it is more explicit that there is no allocated data here that may leak. Michael | |||||
2010-01-07 | s3:auth:sam_password_ok: fix allocation of a data blob. | Michael Adam | 1 | -1/+1 | |
data_blob(mem_ctx, 16) does not use mem_ctx as a talloc ctx but copies 16 bytes from mem_ctx into the newly allocated data blob. This can not have been intentional. A blank uint8_t array of length 16 is allocated by passing NULL instead of mem_ctx. And using data_blob_talloc(mem_ctx, NULL, 16) adds the allocated blank 16 byte array to mem_ctx - so this is what must have been intended. Michael | |||||
2010-01-07 | s3:auth:sam_password_ok: enhance readability (imho) by adding some pointers | Michael Adam | 1 | -17/+24 | |
and removing bool variables and several checks. Michael | |||||
2010-01-07 | s3:check_sam_security: untangle assignment from statement | Michael Adam | 1 | -1/+2 | |
Michael | |||||
2009-12-29 | s3:ntlmssp: change get_challange() to return NTSTATUS | Stefan Metzmacher | 1 | -2/+3 | |
metze | |||||
2009-12-22 | s3:ntlmssp: only include ntlmssp.h where actually needed | Andrew Bartlett | 1 | -0/+1 | |
Andrew Bartlett | |||||
2009-12-07 | s3:auth: Fix typo in debug message. | Karolin Seeger | 1 | -2/+2 | |
Karolin | |||||
2009-11-14 | s3:fix a comment typo | Michael Adam | 1 | -1/+1 | |
Michael | |||||
2009-11-14 | s3:is_trusted_domain: shortcut if domain name == global_sam_name | Michael Adam | 1 | -0/+4 | |
A domain can't have a trust with itself. This saves some roundtrips to the ldap server for ldapsam. Michael |