summaryrefslogtreecommitdiff
path: root/source3/auth
AgeCommit message (Collapse)AuthorFilesLines
2008-01-08Fix CID 460 - resource leak on error.Jeremy Allison1-0/+1
Jeremy. (This used to be commit d61831164b482d02e0eef3c28aeed93d3e44433f)
2008-01-09Convert add_sid_to_array() add_sid_to_array_unique() to return NTSTATUS.Michael Adam2-34/+52
Michael (This used to be commit 6b2b9a60ef857ec31da5fea631535205fbdede4a)
2008-01-04More logical operations on booleans. IBM checker.Jeremy Allison2-2/+6
Jeremy. (This used to be commit e289a0c8592f9e5c58100ddcde2577b452725b88)
2007-12-29Fix a panicVolker Lendecke1-1/+1
get_root_nt_token asks for "struct nt_user_token". talloc_get_type is not smart enough to see that this is the same as NT_USER_TOKEN... :-) (This used to be commit 22a98bf7b81fb89dce1f32ef65cfe6caaba985b3)
2007-12-28Convert get_root_nt_token to memcacheVolker Lendecke1-3/+15
(This used to be commit fada689893314bed2fc78588b3fd9b144f4c808a)
2007-12-28Remove static zerosVolker Lendecke1-3/+6
(This used to be commit dbcc213710a9af31b6094d4741a6f68f573dcdad)
2007-12-22Fix "may be used uninitialized" compiler warnings.James Peach1-3/+3
(This used to be commit 22ac34a329c9be9cf7d1e6749ebcfb50215378e4)
2007-12-21De-couple smbd from staticly linking against winbindd client files.Gerald (Jerry) Carter1-3/+3
Implements a wrapper layer in winbind_util.c which are just stubs if compiled --without-winbind. When building with winbindd, it is now required to build the libwbclient DSO first (in the Makefile) and then either set LD_LIBRARY_PATH or /etc/ld.so.conf to pick up the library PATH. (This used to be commit 42787bccff4fcffafc7aae6a678e792604ecaaa5)
2007-12-19Remove Get_Pwnam and its associated static variableVolker Lendecke1-1/+2
All callers are replaced by Get_Pwnam_alloc (This used to be commit 735f59315497113aebadcf9ad387e3dbfffa284a)
2007-12-17Correctly define prototypes for accessor functions.Jeremy Allison1-3/+3
Jeremy. (This used to be commit 299ea5d122e173adf6edb6399fc90798747b0c97)
2007-12-17More static fstring removal.Jeremy Allison1-33/+116
Jeremy. (This used to be commit dcf624aa02cf7415a4a55e6d45606e813ae6b91f)
2007-12-17Reformat: Remove trailing spaces.Michael Adam1-47/+47
Michael (This used to be commit 5249b3d204bf5f9191c2a4a7e81d09227eb5ddea)
2007-12-17Fix flags in caller of lookup_name() in create_builtin_administrators().Michael Adam1-1/+2
Michael (This used to be commit 46bfbf5c8af6c030e67219a29c49fd2d40003b18)
2007-12-16Remove another static string and static passwd.Jeremy Allison1-19/+22
Jeremy. (This used to be commit 2a700c5a57a417add3b1975b2c396d20c8a5f301)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke2-7/+8
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-12-15Use sid_string_talloc where we have a tmp talloc ctxVolker Lendecke1-2/+2
(This used to be commit f00ab810d2540679bec109498ac89e1eafe18f03)
2007-12-13Fix typo in debug statement.Michael Adam1-1/+1
Michael (This used to be commit da23684261f40c06dea30ab2df0c878ebb0d0d81)
2007-12-13Rename get_trust_pw() to get_trust_pw_hash().Michael Adam1-2/+2
Michael (This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
2007-12-13Let get_trust_pw() determine the machine_account_name to use.Michael Adam1-2/+5
Up to now each caller used its own logic. This eliminates code paths where there was a special treatment of the following situation: the domain given is not our workgroup (i.e. our own domain) and we are not a DC (i.e. it is not a typical trusted domain situation). In situation the given domain name was previously used as the machine account name, resulting in an account name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me. get_trust_pw would not have obtained a password in this situation anyways. I hope I have not missed an important point here! Michael (This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
2007-12-10Correctly unbecome_root() on errorVolker Lendecke1-0/+2
(This used to be commit aec5f1512660953168a2c55b2890cd6c076b8a92)
2007-12-08Fix two incompatible pointer warningsVolker Lendecke1-1/+1
Jeremy, please check (This used to be commit 60500fac30911500eade7c2a9aa13569dcab0911)
2007-12-07Remove next_token - all uses must now be next_token_talloc.Jeremy Allison3-31/+44
No more temptations to use static length strings. Jeremy. (This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de)
2007-11-27Remove pstrings from everything except srv_spoolss_nt.c.Jeremy Allison1-3/+3
Jeremy. (This used to be commit 0002a9e96b0ef78316295a6eb94ff29b64e2f988)
2007-11-14Remove pstring from auth/*Jeremy Allison2-16/+43
Jeremy. (This used to be commit 72c19d114b40ee307bbe45d9828667165a26d7a3)
2007-11-13Remove last pstring from smbd/*.cJeremy Allison1-1/+1
Jeremy. (This used to be commit f1680bada913af4eaf5c0d686983018d6c8b3e5f)
2007-11-03Remove most of the remaining globals out of lib/util_sock.c.Jeremy Allison1-2/+2
I have a plan for dealing with the remaining..... Watch this space. Jeremy. (This used to be commit 963fc7685212689f02b3adcc05b4273ee5c382d4)
2007-11-03I can't get away without a 'length' arg. :-).Jeremy Allison1-1/+1
Jeremy. (This used to be commit 95d01279a5def709d0a5d5ae7224d6286006d120)
2007-11-03Stop get_peer_addr() and client_addr() from using globalJeremy Allison1-1/+2
statics. Part of my library cleanups. Jeremy. (This used to be commit e848506c858bd16706c1d7f6b4b032005512b8ac)
2007-10-24This is a large patch (sorry). Migrate from struct in_addrJeremy Allison2-15/+15
to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison11-70/+70
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-12Add become_root/unbecome_root around one call of getsampwsid()Michael Adam1-1/+6
in create_token_from_username(). This caused set_nt_acl to partially fail in certain circumstances. This is expected to bring an improvement to bug #4308. Michael (This used to be commit e68671b59500d7e1b645c80ee264c49893f8df84)
2007-10-10Add start of IPv6 implementation. Currently most of this is avoidingJeremy Allison1-1/+1
IPv6 in winbindd, but moves most of the socket functions that were wrongly in lib/util.c into lib/util_sock.c and provides generic IPv4/6 independent versions of most things. Still lots of work to do, but now I can see how I'll fix the access check code. Nasty part that remains is the name resolution code which is used to returning arrays of in_addr structs. Jeremy. (This used to be commit 3f6bd0e1ec5cc6670f3d08f76fc2cd94c9cd1a08)
2007-10-10[GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch.Gerald (Jerry) Carter1-9/+4
(This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab)
2007-10-10r25598: Add missing become_root/unbecome_root around calls of add_aliases.Michael Adam1-0/+4
This triggered a "cannot access LDAP when not root"-bug with "passdb backend = ldap" and "winbind nested groups = yes". This *might* be a step towards fixing bug #4308, since the failure was observerd when triggered by acl code. Michael (This used to be commit ba8c48244e140403b728d9a2ca297b40e8888964)
2007-10-10r25407: Revert Longhorn join patch as it is not correct for the 3.2 tree.Gerald Carter1-1/+1
The translate_name() used by cli_session_setup_spnego() cann rely Winbindd since it is needed by the join process (and hence before Winbind can be run). (This used to be commit 00a93ed336c5f36643e6e33bd277608eaf05677c)
2007-10-10r25401: BUG 4982: Don't delete lanman hashes on invalid logins whenGerald Carter1-4/+6
using the "lanman auth = no". Tested by Guenter Kukkukk. (This used to be commit 611fdd95a583ebd22ffa17e2f39c5a1bb0936c63)
2007-10-10r25400: Windows 2008 (Longhorn) Interop fixes for AD specific auth2 flags,Gerald Carter1-1/+1
and client fixes. Patch from Todd Stetcher <todd.stetcher@isilon.com>. (This used to be commit 8304ccba7346597425307e260e88647e49081f68)
2007-10-10r23928: Merge all "copy-info3-groups-to-sid-array" blocks to a ↵Günther Deschner1-32/+6
sid_array_from_info3() function. Guenther (This used to be commit 1e1e480115e37b3f4c85f979ddd800b8de0b9c57)
2007-10-10r23801: The FSF has moved around a lot. This fixes their Mass Ave address.Andrew Tridgell1-2/+1
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell13-26/+13
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison14-14/+14
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23554: Fix bug #4711 by makeing cli_connect return an NTSTATUS.Jeremy Allison1-1/+6
Long overdue fix.... Jeremy. (This used to be commit 073fdc5a58139796dbaa7ea9833dca5308f11282)
2007-10-10r23530: Fix bugs #4678 and #4697 which had the same root cause.Jeremy Allison1-0/+54
In make_server_info_pw() we assign a user SID in our authoritative SAM, even though this may be from a pure "Unix User" that doesn't exist in the SAM. This causes lookups on "[in]valid users" to fail as they will lookup this name as a "Unix User" SID to check against the user token. Fix this by adding the "Unix User"\unix_username SID to the sid array. The correct fix should probably be changing the server_info->sam_account user SID to be a S-1-22 Unix SID, but this might break old configs where plaintext passwords were used with no SAM backend. Jeremy (This used to be commit 80d1da7e6cce451d3934751feaa6ad60a337e3db)
2007-10-10r23485: This checkin consists mostly of refactorings in preparation of theMichael Adam1-41/+0
activation of global registry options in loadparm.c, mainly to extract functionality from net_conf.c to be made availabel elsewhere and to minimize linker dependencies. In detail: * move functions registry_push/pull_value from lib/util_reg.c to new file lib/util_reg_api.c * create a fake user token consisting of builtin administrators sid and se_disk_operators privilege by hand instead of using get_root_nt_token() to minimize linker deps for bin/net. + new function registry_create_admin_token() in new lib/util_reg_smbconf.c + move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c + adapt net_conf.c and Makefile.in accordingly. * split lib/profiles.c into two parts: new file lib/profiles_basic.c takes all the low level mask manipulation and format conversion functions (se_priv, privset, luid). the privs array is completely hidden from profiles.c by adding some access-functions. some mask-functions are not static anymore. Generally, SID- and LUID-related stuff that has more dependencies is kept in lib/profiles.c * Move initialization of regdb from net_conf.c into a function registry_init_regdb() in lib/util_reg_smbconf.c. Michael (This used to be commit efd3e2bfb756ac5c4df7984791c67e7ae20a582e)
2007-10-10r23358: Fix from Justin Maggard <jmaggard@infrant.com> - ensure we don'tJeremy Allison1-1/+1
expire a password if it's explicitly set as ACB_PWNOTREQ. Jeremy. (This used to be commit 2ea5a6bd334e31201aa6f93f5c51e42924d36ebd)
2007-10-10r23095: Support systems that have their PAM headers in /usr/include/pam.James Peach1-0/+4
(This used to be commit f1e8de4b576b3954d456cb64c02417908bab8da4)
2007-10-10r22956: Fix security=server (bug #4622). Volker's patchJeremy Allison1-6/+0
(slightly truncated by me). Will be in 3.0.25a. Jeremy. (This used to be commit 039fb906af883a7ca1a68955f1b36b583fe1b698)
2007-10-10r22953: Well, this apparently has never been tested. But *this* code never saw aVolker Lendecke1-6/+5
release yet .... ;-)) (This used to be commit f93b6353fe18e2c992a3dad96afd1a4c16032c55)
2007-10-10r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; andVolker Lendecke5-13/+13
replace all data_blob(NULL, 0) calls. (This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
2007-10-10r22819: Fix Bug 4613. We just dumped the must change & friends. With theVolker Lendecke1-0/+24
pass_last_changed == 0 we now return "Change now!" instead of "Change never" (This used to be commit 450e4d94f64f86a3dd709265d15ed5082d4b53e8)