summaryrefslogtreecommitdiff
path: root/source3/auth
AgeCommit message (Collapse)AuthorFilesLines
2002-07-31the ads_connect() here doesn't need to actually succeed, as its onlyAndrew Tridgell1-3/+1
needed to find the DC IP. Just don't check its return value! (This used to be commit ab144cd8af1622894d446ce48dde99babeb30bd6)
2002-07-30Fix the build for now..Jim McDonough1-1/+1
Tridge, please look at this. Did you mean to take out the last parm? (This used to be commit f70886df942e8b37fecb503b2d87f39f19c9bdab)
2002-07-30net ads info now reports the IP of the LDAP server as well as its name - ↵Andrew Tridgell1-4/+6
very useful in scripts (This used to be commit fc0d5479b575c1f495b9251413eed18ec1e37e02)
2002-07-30a couple more minor tweaks. This now allows us to operate in ADS modeAndrew Tridgell1-4/+3
without any 'realm =' or 'ads server =' options at all, as long as DNS is working right. (This used to be commit d3fecdd04241ed7b9248e52415693cd54a1faecf)
2002-07-302nd try at a fix for netbiosless connections to a ADS DC. This alsoAndrew Tridgell1-31/+90
make the code a fair bit cleaner as it splits up the ADS and RPC cases, which really are very different. (This used to be commit 5a11c432afebe84b17820396476f48a6a6f6411b)
2002-07-30removed a gratuitous standard_sub_basic() on the 'password server'Andrew Tridgell1-2/+0
field. This has got to be pointless. (This used to be commit fd02adab54b66a19c1b81b8ae91e66713691b060)
2002-07-30- if we are in ADS mode then avoid an expensive netbios lookup to findAndrew Tridgell1-7/+16
the servers netbios name when we don't need it. This also fixes ADS mode when the DC has netbios disabled. - if the password server is specified as an IP then actually use that IP, don't do a lookup for the servers name :) (This used to be commit 72042e94ef0f6841afcfa48eafb9809545860725)
2002-07-28found nasty bug in intl/lang_tdb.c tdb structure was not tested to not be ↵Simo Sorce1-7/+7
null before close this one fixes swat not working with browsers that set more then one language. along the way implemented language priority in web/neg_lang.c with bubble sort also changet str_list_make to be able to use a different separator string Simo. (This used to be commit 69765e4faa8aaae74c97afc917891fc72d80703d)
2002-07-21Renamed all the new_cli_netlogon_* functions to cli_netlogon_*Tim Potter1-1/+1
as they're no longer new! (This used to be commit 277f6bbb9a63541a473a80a7994e9bde5c6f22dc)
2002-07-20Try to fix up warnings - particularly on the IRIX 64 bit compiler (which had aAndrew Bartlett1-1/+1
distinction between uchar and char). Lots of const etc. Andrew Bartlett (This used to be commit 8196ee908e10db2119e480fe1b0a71b31a16febc)
2002-07-20Add support for a weird behaviour apparently used by Win9X pass-throughAndrew Bartlett1-2/+17
authentication - we can have an NT hash in the LM hash feild. (I need to double-check this fix with tpot, who discovered it). Also remove silly casts back and forth between uchar and char. Andrew Bartlett (This used to be commit 07e2b36311f91d7a20865a2ccc94716772e53fd7)
2002-07-20NT_STATUS_UNSUCCESSFUL just gets clients confused - move to NO_LOGON_SERVERSAndrew Bartlett1-11/+11
becouse thats what Win2k gives when the PDC is down. Some of these might better go to other errors, but the Win2k text message for 'unsuccessful' is not particularly useful. (A device attached to the system is not functioning...) Andrew Bartlett (This used to be commit 656f1d68e8579f1bd0a7118caf9e0373d5980a69)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell12-232/+501
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-09Make it clear that the debug comment is the same as the command being testedAndrew Bartlett1-1/+1
for failure. Andrew Bartlett (This used to be commit 6e22f39df8c386781a4f51207a3ccd9c94d151f1)
2002-07-02Address the string_sub problem by changing len = 0 to mean "no expand".Jeremy Allison3-3/+3
Went through and checked all string_subs I could to ensure they're being used correctly. Jeremy. (This used to be commit 17cae0d683be404be69554cd0e84117bdcc56c87)
2002-06-25Update cli_full_connection() to take a 'flags' paramater, and try to get aAndrew Bartlett1-1/+1
few more places to use it. Andrew Bartlett (This used to be commit 23689b0746d5ab030d8693abf71dd2e80ec1d7c7)
2002-06-24Try to get security=domain at least slightly working.Andrew Bartlett2-8/+13
The previous code both had basic logic flaws in it, and some subtle issues regarding the Win2k info3 response. I've tested this against Samba (it looks like that was missed last time due to the 'called name' corruption - which broke my testsuite) and accomidated what I've seen from a info3 printout jmcd gave me. I'll get this tested fully as soon as I get my VMware going again. Andrew Bartlett (This used to be commit 87eba4c811293d2428bfb9bc36de22e66dce7f8b)
2002-06-15This patch does 2 things:Andrew Bartlett3-96/+225
It extends the 'server mutex' to conver security=server, becouse the connection race condition exists here too, and while people *should* use security=domain, some sites don't.... (This probably should be done in 2.2 as well). Also, start to actually extract and use the information that the remote server returns in the info3 struct. The server mutex code is now in a new file. Andrew Bartlett (This used to be commit 9b0dabdf4ec3bb45879caae76e03b57ccdad8b4b)
2002-06-15Add another 'trivial' built in authentication module - this one is aAndrew Bartlett1-0/+50
deveopers hack to always send a fixed challange, for the benifit of tutorials and packet sniffing etc. Enabling this module removes all security, so its a --enable-developer option. Andrew Bartlett (This used to be commit 622e6b64dfb0a2c53d2c9dbd7b8ff438492eaf02)
2002-06-15It appears that to match NT we should not use the 'samstrict' behaviour,Andrew Bartlett1-3/+5
and that local accounts are perfectly fine. (This used to be commit 9fe8da6dd1b7fecfee0a2778fec0b7dd0fd40bfb)
2002-06-14moved lp_list_* functions away from param/loadparm.c, put int lib/util_str.cSimo Sorce1-10/+10
and renamed to str_list_* as it is a better name. Elrond should be satisfied now :) (This used to be commit 4ae260adb9505384fcccfb4c9929cb60a45f2e84)
2002-06-12Spelling.Tim Potter1-1/+1
(This used to be commit bfd8a33c68a3747cbad21667d7515aebd61ec537)
2002-06-12Spelling fixes.Tim Potter1-1/+1
(This used to be commit de18c785ab9a253cc8bf8d7e4066de0133225c6c)
2002-06-01More cleanup work preparing for SMB signing.Jeremy Allison1-3/+3
Jeremy. (This used to be commit 3c05f7c06fc8c45307ea75128b160a5945fc5197)
2002-05-28Spelling fixes.Tim Potter1-7/+7
(This used to be commit 3d0f4acad2f0c57d0a255e90e5f674ba582251e2)
2002-05-25Clean up a few unused functions, add a bit of static etc.Andrew Bartlett1-28/+0
Importantly: The removal of the silly 'delete user script' behaviour when secuity=domain. I have left the name the same - as it still does the (previously documented, but not in smb.conf(5)) sane behaviour of deleting users on request. When we decide what to do with the 'add user' functionality, we might rename it. Andrew Bartlett (This used to be commit cdcfe3671eb7570e15649b77f708e6579055e7bc)
2002-05-24Name the authentication modules, and therfore fix up both the build farmAndrew Bartlett4-0/+6
and secuirty=server. I *love* automated testing... Andrew Bartlett (This used to be commit c92f4f4d72ffd307ca2d4d792b5e4154f1b85b91)
2002-05-24Remove the password length paramater from cli_full_connection - it reallyAndrew Bartlett1-1/+1
didn't make any sense, and its was always just strlen(password) anyway. This fixes it to be strlen(password)+1 Andrew Bartlett (This used to be commit c205b18bd6b9b69200ff3db55f2c641631d4ab40)
2002-05-24Move the authenticaion subsystem over to the same 'module:options' syntaxAndrew Bartlett8-38/+106
that the passdb code now uses. Similarly, move the 'pluggable' stuff over from passdb as well, allowing runtime loading of new authenticaion modules. (NOTE: The interfaces here can *and do* change - module writers are not assured source-level compatibilty, and certainly not binary compatibility). (This used to be commit 3897cf5e048f50be91ae434f636affc6d539d0d1)
2002-05-22Nobody uses this function, and there really doesn't seem much point toAndrew Bartlett1-20/+0
it, so we may as well reduce the complexity. Andrew Bartlett (This used to be commit 31e074cea50111a150db220603c3cfccaaf4339c)
2002-05-22Cleanups!Andrew Bartlett3-44/+30
Make some code static, add some const to the PAM code, and make the plaintext password code actually function - particulary without the requirement to modify the 'struct passwd' (which it assumed was made up of fstrings) This kills some particularly ugly code in lib/util_pw.c Andrew Bartlett (This used to be commit 302dad4990ba5194f072e435465d9adaa089ae06)
2002-05-21typo day :-(Simo Sorce1-1/+1
(This used to be commit 5b3b65aafe38e767e9b7206ffe6d7c89edb267ba)
2002-05-21typo, sorrySimo Sorce11-11/+11
(This used to be commit d222bc8c4b620095a21ba327940d4750d5dee753)
2002-05-21debug classizedSimo Sorce12-0/+36
(This used to be commit ae5d24873ad0fb3df970cc9912e18e6a5067ae2d)
2002-04-22Ensure auth requests from the same machine are completely serialized.Jeremy Allison1-5/+40
NT4.x DC's require this. Jeremy. (This used to be commit d162b6285d549370a24a926ab1c46cef7e7f630a)
2002-04-14Partly based on the work by mimir (Rafal SzczesniakAndrew Bartlett1-1/+1
<mimir@diament.ists.pwr.wroc.pl>) this patch allows samba to correctly enumerate its trusted domains - by exaimining the keys in the secrets.tdb file. This patch has been tested with both NT4 and rpcclient/wbinfo, and adds some extra functionality to talloc and rpc_parse to allow it to deal with already unicode strings. Finally, this cleans up some const warnings that were in net_rpc.c by pushing another dash of const into the rpc client code. Andrew Bartlett (This used to be commit 0bdd94cb992b40942aaf2e5e0efd2868b4686296)
2002-04-07Spelling.Tim Potter1-1/+1
(This used to be commit 423985ed569ac9692f3cb5872a15c74f983121b6)
2002-03-27Moved debug messages for grabbing/releasing mutex.Jeremy Allison1-2/+0
Jeremy. (This used to be commit e144c174eafc18f236c848b8f3a2c6382796f5a9)
2002-03-26Don't hold the mutex for more than 20 seconds.Jeremy Allison1-2/+4
Jeremy. (This used to be commit 1b9f1a368f2f37700cef357ab4bbc0389ec06378)
2002-03-24Spelling fixes.Tim Potter1-1/+1
(This used to be commit a5ac2ac4ada48ee3be061a32ba40bd8c4b3b3865)
2002-03-23Extra parinoa and DEBUG()s for the make_user_info_map() code.Andrew Bartlett1-4/+18
(This used to be commit aa5f125bc0efeee99254e03f36426420db676527)
2002-03-17Renamed get_nt_error_msg() to nt_errstr().Tim Potter2-5/+5
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
2002-03-13Ensure we never use "" as a domain name (Win9X apparently does this for 'net ↵Andrew Bartlett1-1/+6
use' duirng login). Picked up from a post to a TNG list by Volker. Andrew Bartlett (This used to be commit f81882fc9510aadd7d1db77753b307800ab50f9b)
2002-03-02Allow Samba to trust NT4 Domains.Andrew Bartlett2-16/+122
This commit builds on the auth subsystem to give Samba support for trusting NT4 domains. It is off by default, but is enabled by adding 'trustdomain' to the 'auth methods' smb.conf paramater. Tested against NT4 only - there are still some issues with the join code for Win2k servers (spnego stuff). The main work TODO involves enumerating the trusted domains (including the RPC calls to match), and getting winbind to run on the PDC correctly. Similarly, work remains on getting NT4 to trust Samba domains. Andrew Bartlett (This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)
2002-03-01SECURITY FIXES:Andrew Bartlett1-6/+4
Remove a stray 'unbecome_root()' in the ntdomain an auth failure case. Only allow trust accounts to request a challange in srv_netlogon_nt.c. Currently any user can be the 'machine' for the domain logon. MERGE for 2.2. Andrew Bartlett (This used to be commit 0242d0e17827b05d8cd270f675d2595fa67fd5b9)
2002-03-01Various comment fixes from Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>Andrew Bartlett1-1/+1
(This used to be commit 3bf4b42771d115500941be374bfdd9b8c2fdba4a)
2002-02-28Ensure that winbindd and smbd both use identical logic to find dc's.Jeremy Allison1-11/+12
Fix bug where zeroip addresses were being checked. Jeremy. (This used to be commit 8ed49fe0df201833329c17b2afe1e3aa70646558)
2002-02-27"user doesn't exist" isn't worthy of a level 1 debug. Make it level 3.Andrew Bartlett1-1/+1
(This used to be commit 339e3982bc1d2998022545e02456ec35c3b278a8)
2002-02-18serialise all domain auth requestsAndrew Tridgell1-1/+10
this is needed because W2K will send a TCP reset to any open connections that have not done a negprot when a second connection is made. This meant that under heavy netlogon load a Samba domain member would fail authentications. Jeremy, you may wish to port this to 2.2.x (This used to be commit eb196070e62b45b113e5712f27198c50c5c95657)
2002-02-05Fix use of uninitialsed variable in PAM codeAndrew Bartlett1-2/+2
(This used to be commit 6c08c233e6675056c0ee0bbc4ecdcbc205950f54)
generated by cgit (git 2.34.1) at 2024-07-26 15:07:04 +0000