summaryrefslogtreecommitdiff
path: root/source3/auth
AgeCommit message (Collapse)AuthorFilesLines
2010-09-20s3-util: use shared dom_sid_dup.Günther Deschner2-6/+7
Guenther
2010-09-20s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.Günther Deschner2-4/+5
Guenther
2010-09-16libcli/auth/ntlmssp Be clear about talloc parents for session keysAndrew Bartlett1-9/+16
The previous API was not clear as to who owned the returned session key. This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code, and avoids making allocations - we steal and zero instead. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Call security_token_set_privilege() rather than manual assignmentAndrew Bartlett1-1/+1
This avoids as much direct modifiction of the bitmask as possible. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-privs Inline dump_se_priv into callers now that it's just a uint64_tAndrew Bartlett1-1/+1
The previous 128 bit structure needed this helper function. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:auth Remove NT_USER_TOKENAndrew Bartlett2-8/+8
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change struct nt_user_token -> struct security_tokenAndrew Bartlett1-14/+14
This common structure is defined in security.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change type of num_sids to uint32_tAndrew Bartlett1-5/+7
size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-09s3-auth: Added get_server_info_system function.Andreas Schneider1-0/+5
2010-09-01s3-auth: fix uninitialized error code in get_guest_info3().Günther Deschner1-2/+1
Guenther
2010-08-31s3-auth: remove global include of krb5pac.h.Günther Deschner2-0/+2
Guenther
2010-08-31s3-auth: remove unused variable in check_sam_security().Günther Deschner1-1/+1
Guenther
2010-08-31s3-auth Rename NT_USER_TOKEN privileges -> privilege_maskAndrew Bartlett1-3/+3
This is closer to the struct security_token from security.idl Andrew Bartlett
2010-08-31s3-auth Rename NT_USER_TOKEN user_sids -> sidsAndrew Bartlett2-29/+29
This is closer to the struct security_token from security.idl
2010-08-30s3-auth: The unlock of the account is now done by the get_sampwnam call.Andreas Schneider1-5/+2
Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-30s3-auth: Use SamInfo3_for_guest to create guest server_info.Andreas Schneider1-19/+70
Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-30s3-auth: add helper to get server_info out of kerberos infoSimo Sorce1-0/+100
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-30s3-auth: Add helper function to retrieve the unix user from a kerberos ticketSimo Sorce1-0/+172
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-29s3: Remove a use of smbd_server_fdVolker Lendecke1-1/+1
This disables different socket options per user for ntlmssp authentiation, a change in behaviour which is exotic enough I believe.
2010-08-28s3: Remove smbd_server_conn() from check_unix_securityVolker Lendecke1-7/+2
2010-08-28s3: Lift smbd_server_fd() from pass_check()Volker Lendecke2-7/+8
2010-08-28s3: Lift smbd_server_fd() from password_check()Volker Lendecke1-11/+13
2010-08-28s3: Fix some nonempty blank linesVolker Lendecke1-15/+15
2010-08-28s3: Fix smb_pam_passcheckVolker Lendecke1-2/+2
2010-08-28s3: Those functions are no macros anymore :-)Volker Lendecke1-4/+0
2010-08-27s3: Lift smbd_server_fd() from smb_pam_passcheckVolker Lendecke2-8/+10
2010-08-27s3: Lift smbd_server_fd() from smb_pam_startVolker Lendecke1-16/+9
smb_pam_passcheck() is the only caller that fills in NULL, all other callers now properly fill rhost
2010-08-27s3: Pass "private_data" through string_combinations()Volker Lendecke1-12/+24
2010-08-27s3: Pass rhost through to smb_pam_passchangeVolker Lendecke1-2/+3
2010-08-26s3: Fix typosVolker Lendecke1-2/+2
2010-08-26s3-build: only include nsswitch header where needed.Günther Deschner1-0/+1
Guenther
2010-08-26s3-build: only include memcache.h where needed.Günther Deschner1-0/+1
Guenther
2010-08-24pam: fix unused variable warningBjörn Jacke1-1/+1
2010-08-23s3: PAM_RHOST and PAM_TTY are enums on FreeBSDVolker Lendecke1-3/+3
2010-08-22s3: Turn two macros into functionsVolker Lendecke1-6/+24
2010-08-22s3: Pass the rhost through smb_pam_accountcheckVolker Lendecke2-4/+7
2010-08-22s3: Rename auth.c:backends to auth_backendsVolker Lendecke1-4/+4
2010-08-22s3: Fix some nonemtpy blank linesVolker Lendecke1-10/+9
2010-08-20Fix const warning.Jeremy Allison1-1/+1
2010-08-19s3: Remove smb_pam_accountcheck from the auth modulesVolker Lendecke3-32/+4
We go through the same check in auth/auth.c line 287 after the module has done its job. So we don't have to do that check twice.
2010-08-18s3: Lift smbd_server_fd from reload_services()Volker Lendecke1-1/+1
2010-08-16s3: Remove get_client_fd()Volker Lendecke1-2/+3
2010-08-16s3-auth: Remove obsolete 'update encrypted' option.Andreas Schneider2-66/+5
2010-08-14s3:auth Add error paths for invalid password_state valuesAndrew Bartlett3-2/+10
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14s3:auth Change winbindd -> auth interface to more standard structuresAndrew Bartlett1-0/+37
This removes conversions to and from the source3 varient of the server_info structure when replaced in s3compat, and presents a tidier interface to winbindd in any case. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14s3:auth Change 'make_user_info' to be talloc basedAndrew Bartlett1-72/+58
This is an ideal candidate, as it already uses a free function. It now uses talloc destructors to clear the passwords if required. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14s3:auth Whitespace fixes after auth mergeAndrew Bartlett3-20/+20
2010-08-14s3:auth Make Samba3 use the new common struct auth_usersupplied_infoAndrew Bartlett14-152/+191
This common structure will make it much easier to produce an auth module for s3compat that calls Samba4's auth subsystem. In order the make the link work properly (and not map twice), we mark both that we did try and map the user, as well as if we changed the user during the mapping. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-08s3: Lift the smbd_messaging_context from reload_servicesVolker Lendecke1-1/+1
2010-08-06s3-netlogon: remove global include of netlogon.h.Günther Deschner3-0/+4
This reduces precompiled headers by another 4 MB and also slightly speeds up the build. Guenther