Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This will allow the auth_serversupplied_info struct to be migrated
to auth_session_info easier.
Adnrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Guenther
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb 6 20:43:03 CET 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb 6 17:30:48 CET 2011 on sn-devel-104
|
|
|
|
The benefit of this that it makes us more robust to secure channel resets
triggered from tools outside the winbind process. Long term we need to have a
shared tdb secure channel store though as well.
Guenther
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Feb 4 18:11:04 CET 2011 on sn-devel-104
|
|
Guenther
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
There are cases where we fill in params.password.response.lm_data with non-NULL
where params.password.response.lm_length is 0. wbcAuthenticateUserEx does not
like that.
I haven't been able to reproduce this with smbclient yet, I've seen it with a
proprietary smb client implementation.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jan 17 16:30:11 CET 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jan 17 08:47:25 CET 2011 on sn-devel-104
|
|
|
|
The only condition that cli_full_connection marks as non-retryable is the basic
name lookup and TCP connect. To me this is pretty fishy. For example if the
negprot fails, this is supposed to be more retryable than a NetBIOS name lookup
failure? I'd rather think the opposite is true.
Jeremy, this is code from 2002, 389a16d9d533. If you have any comments from
back then, let me know :-)
Volker
|
|
We might eventually want to change this, but right now we get unix times
out of the winbind pipe struct
|
|
This finally allows mixed case module names like the classic build
(./configure --shared_modules=charset_CP850)
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Dec 1 18:39:14 CET 2010 on sn-devel-104
|
|
Guenther
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 10 01:56:21 UTC 2010 on sn-devel-104
|
|
value returned by it.
Jeremy.
|
|
called-parameter-is-modified.
Jeremy.
|
|
This happens if you set "auth methods = winbind" without a fallback method.
The return NT_STATUS_LOGON_FAILURE; is not strictly require here, because we
fall through to the equivalent statement a few lines down, but it makes the
code a bit clearer IMO.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Nov 9 20:15:59 UTC 2010 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Nov 5 15:35:59 UTC 2010 on sn-devel-104
|
|
|
|
lookups go
through Get_Pwnam_alloc(), which is the correct wrapper function. We were using
it *some* of the time anyway, so this just makes us properly consistent.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104
|
|
Guenther
|
|
|
|
This prints the security token including the privileges as strings
instead of just a bitmap.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The wrapper call is left here to avoid changing semantics for
the NULL parameter case.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Oct 8 09:31:01 UTC 2010 on sn-devel-104
|
|
module by default).
Guenther
|
|
Guenther
|
|
Without this, all security descriptor checks for the winreg spoolss backend fail
and make our spoolss system in its current shape basically unusable.
Andreas, please check.
Guenther
|
|
Guenther
|
|
The memcache_add_talloc() later on steals it anyway
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Guenther
|
|
Guenther
|
|
The previous API was not clear as to who owned the returned session key.
This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code,
and avoids making allocations - we steal and zero instead.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This avoids as much direct modifiction of the bitmask as possible.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The previous 128 bit structure needed this helper function.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This common structure is defined in security.idl
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.
This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
Guenther
|