summaryrefslogtreecommitdiff
path: root/source3/auth
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r19773: TALLOC_FREE checks for NULL itselfVolker Lendecke1-4/+1
(This used to be commit fb3983ae1fdd1935333ffee80bceb747228ac0f3)
2007-10-10r19058: Implement "user cannot change password", and complete "user must changeJim McDonough1-1/+1
password at next logon" code. The "password last set time" of zero now means "user must change password", because that's how windows seems to use it. The "can change" and "must change" times are now calculated based on the "last set" time and policies. We use the "can change" field now to indicate that a user cannot change a password by putting MAX_TIME_T in it (so long as "last set" time isn't zero). Based on this, we set the password-can-change bit in the faked secdesc. (This used to be commit 21abbeaee9b7f7cff1d34d048463c30cda44a2e3)
2007-10-10r19008: Fix a segfaultVolker Lendecke1-0/+1
(This used to be commit adfc82f0e6b12f8ccfe00f3ff49a089a4c936239)
2007-10-10r18665: Remove two type-punned warningsVolker Lendecke2-4/+6
(This used to be commit 157b2c0c262dc9b9ae2a8a3133479e66e6c8db07)
2007-10-10r18616: fix breakage after DLIST_ADD_END() changes for --with-pamGerald Carter1-2/+1
(This used to be commit 5c00b5497b7b2bb345429893d247cbb6bb0f4e20)
2007-10-10r18605: sync dlinklist.h with samba4, that means DLIST_ADD_END()Stefan Metzmacher1-2/+1
and DLIST_DEMOTE() now take the type of the tmp pointer not the tmp pointer itself anymore. metze (This used to be commit 2f58645b7094e81dff3734f11aa183ea2ab53d2d)
2007-10-10r18271: Big change:Gerald Carter1-2/+2
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r18029: More C++ stuffVolker Lendecke1-2/+2
(This used to be commit 089b51e28cc5e3674e4edf5464c7a15673c5ec0f)
2007-10-10r17924: Get rid of warnings now that talloc is merged.Volker Lendecke1-4/+1
Destructors now take a pointer to the "real" destroyed object as an argument. Volker (This used to be commit 70edd716ef0ccb218fe18d1233bd30abe46b62bf)
2007-10-10r17875: Fix (rather theoretical, but still...) null deref found byJeremy Allison1-8/+11
Stanford checker. Jeremy. (This used to be commit 45d77ae12235e6b39cc30845d69ac3777d3eefd0)
2007-10-10r17736: Apply the Unix group patch when creating the token for aGerald Carter1-1/+28
username map. (This used to be commit 0298a3466bc6c5e322db7dac386e4e5eef0e2702)
2007-10-10r17710: Thanks to Thomas Bork for testing and continued feedback on this.Gerald Carter1-2/+25
Comments from the patch: /* Add the "Unix Group" SID for each gid to catch mapped groups and their Unix equivalent. This is to solve the backwards compatibility problem of 'valid users = +ntadmin' where ntadmin has been paired with "Domain Admins" in the group mapping table. Otherwise smb.conf would need to be changed to 'valid user = "Domain Admins"'. --jerry */ (This used to be commit 3848199287c5829aef66d0dee38a79056fe1ff5c)
2007-10-10r17626: Some C++ WarningsVolker Lendecke2-6/+11
(This used to be commit 09e7c010f03ac3c621f7a7fad44685d278c1481a)
2007-10-10r17584: Some C++ WarningsVolker Lendecke1-1/+1
(This used to be commit f6194cf4b263454bbdf180a7d014ffc3498df497)
2007-10-10r17573: Fix typoVolker Lendecke1-1/+1
(This used to be commit fd6e3f133b267a9506699d1c2934a153dd732df2)
2007-10-10r17571: Change the return code of cli_session_setup from BOOL to NTSTATUSVolker Lendecke1-28/+27
Volker (This used to be commit 94817a8ef53589011bc4ead4e17807a101acf5c9)
2007-10-10r17402: Added lookup_name_smbconf() to be called when lookingJeremy Allison1-2/+2
up names from smb.conf. If the name is unqualified it causes the lookup to be done in WORKGROUP\name, then "Unix [users|groups]"\name rather than searching the domain. Should fix the problems with "force user" selecting a domain user by preference. Jeremy. (This used to be commit 1e1fcb5eb2ac4bd360461b29f85c07dbf460025d)
2007-10-10r17399: Some C++ warningsVolker Lendecke1-7/+8
(This used to be commit d12b08fc619f7b566ef5c4cc7294174e887014fe)
2007-10-10r17393: Remove Volker's ASSERT that num_groupsids > 0.Jeremy Allison1-3/+5
For guest connection they may well be zero. This should fix up the buildfarm (fingers crossed). Jeremy. (This used to be commit 16ebccbc5889c3b4c1a20bf3453bd523ddf6f5b0)
2007-10-10r17392: Commit Volker's fix for the valid users problem.Jeremy Allison1-30/+22
Let's look at the build farm now... :-). Jeremy. (This used to be commit 6d822b85676f033a1a2e422e2d5ac92aaf566aef)
2007-10-10r17391: Revert the second part of the valid users fix - theJeremy Allison1-23/+5
netlogon code uses pdb_get_group_sid() which could return a S-1-1-22 unix sid. Who knew.... :-(. I'm going to test Volker's fix instead. Once 3.0.23b is out we *have* to rip out the pdb_set_group_sid() code.... Jeremy. (This used to be commit 65003e1b251b4762cef2b3cdcc895269f9319eb8)
2007-10-10r17388: Fix the "valid users"/token issue for now. Volker,Jeremy Allison1-5/+23
please come in and fix it in a less ugly way once you have some time. Thanks, Jeremy. (This used to be commit 79b1e668e2ce263c84ff8fafaafb3e57b06717ab)
2007-10-10r17378: Fix the issues people have been having with mappedJeremy Allison1-2/+2
users (username map) and failure to connect to a share. Essentially, even on a standalone system we were going into the create_token_from_username() code (I think by mistake) if the username was mapped. Fixes bug #3991. Volker & Jerry - please go over this with a very careful eye and let me know if this isn't correct (I think it is, but this isn't my code and it's a dangerous area for me to be playing in :-). Jeremy (This used to be commit 0b5b2b53ec6e4c25b5f6645451dfce4aa7ae8a61)
2007-10-10r17022: Fix the build farm -- maybe this is the real fix, testing moreVolker Lendecke1-1/+2
(This used to be commit 19d02690002a35cb6e0204db236d2b768e48c6d8)
2007-10-10r17016: Different and smaller fix for the valid users = username problem.Volker Lendecke1-1/+7
If no winbind is around, the best we can do to get the user's token correct is to ask unix via create_token_from_username. More investigation is needed if this also fixes the +groupname for unmapped groups problems more cleanly. Volker (This used to be commit f6e3ee147ffde572532fb44b619dda01388d4a31)
2007-10-10r17011: Back out r17010 after talking to Jerry. Another fix pending...Volker Lendecke1-34/+9
Volker (This used to be commit 7a629118ee6f468505172147724f7f532f0f4a4f)
2007-10-10r17010: If winbind is not around, add S-1-22-1-<uid> to the user's token.Volker Lendecke1-9/+34
See the comment in the patch for the reason. Volker (This used to be commit 5e07ab750af3744e1ee5bfc813d5c6532aff4ecb)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison3-29/+95
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16865: This is a proposal to fix bug 3915. Before sending patches around, ↵Volker Lendecke1-6/+17
this is what svn is for. The idea is that we fall back to a pure unix user with S-1-22 SIDs in the token in case anything weird is going on with the 'force user'. Volker (This used to be commit 9ec5ccfe851ac8a1f88b88c8c8461a5cf75b4c57)
2007-10-10r16864: Intermediate checkin -- swap the sid_check_is_in_unix_users andVolker Lendecke1-38/+38
sid_check_is_in_our_domain cases. Volker (This used to be commit dc403cec88d91fdeb09cbd04321d88bbdc0f490c)
2007-10-10r16766: A warning found by RHEL3. This might actually be 3.0.23 code, maybe ↵Volker Lendecke1-1/+1
there are vasprintf implementations that don't like a NULL format. Volker (This used to be commit 03c665c307e518c9ff66096904873266b145637c)
2007-10-10r16749: BUG 3905: don't fail in create_local_nt_token() when aGerald Carter1-3/+4
checking for the builtin Administrators group membership. security = server has no domain info in secrets.tdb (This used to be commit fa477969fbbcd9f707461a2d9015bebf719ddfbb)
2007-10-10r16632: Fix bug #3882 reported by jason@ncac.gwu.edu.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 6b39f53e43572fe29fc037a36328387a0b1bb423)
2007-10-10r16471: Bug reported by Vitaly Protsko <villy@sft.ru> in 3.0.23rc1.Gerald Carter1-0/+25
Add missing automatic add of the Administrators SID in the absence of winbindd and precense of Domain Admins SID in the user's token. (This used to be commit ce7846d6f19f63ca99179b75e6f2195cc593795f)
2007-10-10r16241: Fix Klocwork #106 and others like it.Jeremy Allison1-10/+30
Make 2 important changes. pdb_get_methods() returning NULL is a *fatal* error. Don't try and cope with it just call smb_panic. This removes a *lot* of pointless "if (!pdb)" handling code. Secondly, ensure that if samu_init() fails we *always* back out of a function. That way we are never in a situation where the pdb_XXX() functions need to start with a "if (sampass)" test - this was just bad design, not defensive programming. Jeremy. (This used to be commit a0d368197d6ae6777b7c2c3c6e970ab8ae7ca2ae)
2007-10-10r16230: Fix Klocwork #861 and others. localtime and asctimeJeremy Allison2-5/+26
can return NULL. Ensure we check all returns correctly. Jeremy. (This used to be commit 6c61dc8ed6d84f310ef391fb7700e93ef42c4afc)
2007-10-10r16209: Klocwork bug #66, ensure no null deref.Jeremy Allison1-1/+8
Jeremy. (This used to be commit 79e693798cf322071ea64a4014a01ad9eaba73e8)
2007-10-10r16204: Fix Klocwork # 14Volker Lendecke1-3/+5
localtime() can return NULL. Volker (This used to be commit 07c5dcb8633e6fadb596dc5a22d8d31b2e16a3ef)
2007-10-10r16150: Fix possible NULL dereference found by Klocwork ID # 17Volker Lendecke1-3/+2
(This used to be commit 3159bd3a4e3ad70c60fea4cacc892be9f1d71ab9)
2007-10-10r16141: Dummy commit to make the build farm re-test against Samba4 16140Volker Lendecke1-2/+1
(This used to be commit a1fcacf75683e4c08236bb4cc4164678ea1a1ce4)
2007-10-10r16076: Fix for machine password timeout overflow from Shlomi YaakobovichJeremy Allison1-1/+1
<Shlomi@exanet.com>. Jeremy. (This used to be commit 5cd234a1fff1e9d025eea6600649e56c997eafc2)
2007-10-10r15676: Fix meaningless debug statement from uninitialized variable.Jeremy Allison1-3/+1
Spotted by "John E. Malmberg" <wb8tyw@qsl.net>. Jeremy. (This used to be commit ff3fe39b837e0d0de2edaa284c2dd7d1c8161c46)
2007-10-10r15600: Correctly fill in the gid for local users.Volker Lendecke1-0/+6
Volker (This used to be commit 6071dd5db0dbb79a80b248ab93942911bf08fd2b)
2007-10-10r15549: removing rhosts and 'hosts equiv' authentication featuresGerald Carter1-293/+0
(This used to be commit d19dad88155f985f113c667b6bdad5a1b25eca18)
2007-10-10r15476: Transfer the was_mapped flag from user_info to server_info also in ↵Volker Lendecke2-0/+6
auth_sam and auth_domain. Thanks for Simo to point this out. Volker (This used to be commit 293b89dfb109d6e220ced433f025cf987aa1f500)
2007-10-10r15475: Ugly and disgusting patch to fix the username map problem I created byVolker Lendecke3-13/+46
changing the token generation. I *hate* this code! Jerry, you have been looking at this as well, can you double-check that I did not screw it up? Thanks, Volker (This used to be commit 2765c4ff8d44c970db3e075b0a2412662f1936c6)
2007-10-10r15472: Remove an unused function parameterVolker Lendecke3-3/+0
(This used to be commit d2f39ae7fe79fd31846c555849655023a2d1cbc7)
2007-10-10r15393: remove extra call to fallback user creation on member servers; it's ↵Gerald Carter1-7/+2
handled by the smb_getpwnam() call deeper in (This used to be commit 7433dba78bda27cd6366a49b0efc10a387439ccd)
2007-10-10r15368: Remove some dead code. -- paulgPaul Green1-8/+0
(This used to be commit e1bd357fe87a66861d092fcdbdde1ff6ffcc8cf2)
2007-10-10r15285: Fix the build.Paul Green1-1/+2
(This used to be commit 2270a5196db071bbf15aed92637a24f81d179cd5)