summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_pam.c
AgeCommit message (Collapse)AuthorFilesLines
2011-05-25s3-winbind: BUG 8166 - Don't lockout users when offline.Jim McDonough1-1/+4
Windows does not track bad password attempts when offline. We were locking users out but not honoring the lockout duration. Autobuild-User: Jim McDonough <jmcd@samba.org> Autobuild-Date: Wed May 25 18:11:10 CEST 2011 on sn-devel-104
2011-05-05More simple const fixups.Jeremy Allison1-3/+3
2011-05-04Fix simple uses of safe_strcpy -> strlcpy. Easy ones where we just remove -1.Jeremy Allison1-2/+2
2011-05-02s3: remove various references to server side dcerpc structs (which are not ↵Günther Deschner1-1/+0
needed). Guenther
2011-04-24s3:rpc_client: map fault codes to NTSTATUS with dcerpc_fault_to_nt_status()Stefan Metzmacher1-5/+5
Most fault codes have a NTSTATUS representation, so use that. This brings the fault handling in common with the source4/librpc/rpc code, which make it possible to share more highlevel code, between source3 and source4 as the error checking can be the same now. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sun Apr 24 10:44:53 CEST 2011 on sn-devel-104
2011-03-30s3-includes: only include ntdomain.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-auth: use auth.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-passdb: use passdb headers where needed.Günther Deschner1-0/+1
Guenther
2011-02-28s3-rpc_client: Move client pipe functions to own header.Andreas Schneider1-0/+1
2011-02-04s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945)Günther Deschner1-2/+57
The benefit of this that it makes us more robust to secure channel resets triggered from tools outside the winbind process. Long term we need to have a shared tdb secure channel store though as well. Guenther Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Feb 4 18:11:04 CET 2011 on sn-devel-104
2011-02-02s3-winbind: prefer dcerpc_samr_X functions in winbindd/winbindd_pam.c.Günther Deschner1-13/+37
Guenther
2011-01-28s3: inline get_uid_from_stateVolker Lendecke1-6/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Jan 28 23:38:16 CET 2011 on sn-devel-104
2011-01-28s3: Lift winbindd_cli_state from fillup_password_policyVolker Lendecke1-4/+6
2011-01-28s3: Do not use state->mem_ctx in fillup_password_policyVolker Lendecke1-4/+8
2011-01-28s3: Lift winbindd_cli_state from winbindd_dual_pam_auth_samlogonVolker Lendecke1-21/+27
2011-01-28s3: Lift winbindd_cli_state from winbindd_raw_kerberos_loginVolker Lendecke1-18/+26
2011-01-26s3-winbind: share a common winbind_samlogon_retry_loop().Günther Deschner1-168/+147
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Jan 26 12:41:14 CET 2011 on sn-devel-104
2011-01-26Revert "s3: These assignments are overwritten immediately"Günther Deschner1-0/+4
This reverts commit 18962ea3852d0d0fc7371e99813bebd54fae0a19.
2011-01-26Revert "s3-winbind: fix winbindd_dual_pam_auth_samlogon() for NT4 domains."Günther Deschner1-1/+0
This reverts commit cea36aeacf8778493463f31e6afc3f58384639e2.
2011-01-24s3-winbind: fix winbindd_dual_pam_auth_samlogon() for NT4 domains.Günther Deschner1-0/+1
After failing the netr_LogonSamLogonEx, we failed to retry with netr_LogonSamLogon. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Jan 24 12:35:42 CET 2011 on sn-devel-104
2010-12-19s3: Use the right uid winbindd_raw_kerberos_login()Volker Lendecke1-1/+1
2010-12-19s3: wcache_invalidate_samlogon only needs the SIDVolker Lendecke1-4/+10
2010-12-10s3-winbind Improve memory handling in NTLMv2-backend plaintext authenticationAndrew Bartlett1-17/+6
Andrew Bartlett
2010-12-10s3-winbind Don't send the LM password to the server, everAndrew Bartlett1-11/+1
This is for the case where we have the plaintext password locally, and can construct the challenge-response values here. We should never ever use the LM password in domain authentication. The last domain controller to only have LM passwords stored was NT 3.5. Andrew Bartlett
2010-11-27s3: Return the correct result from winbindd_dual_auth_passdbVolker Lendecke1-2/+3
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_auth_dataVolker Lendecke1-13/+14
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Nov 17 12:02:34 UTC 2010 on sn-devel-104
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_info3_as_txtVolker Lendecke1-28/+29
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_afs_tokenVolker Lendecke1-8/+6
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_info3_as_ndrVolker Lendecke1-4/+5
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_unix_usernameVolker Lendecke1-6/+6
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_auth_dataVolker Lendecke1-11/+11
2010-10-14s3-auth Use security_token_debug() from common codeAndrew Bartlett1-1/+1
This prints the security token including the privileges as strings instead of just a bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-1/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-09-12s3: Remove a nesting level in winbindd_dual_pam_chauthtokVolker Lendecke1-18/+19
2010-09-11s3-auth Change struct nt_user_token -> struct security_tokenAndrew Bartlett1-2/+2
This common structure is defined in security.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change type of num_sids to uint32_tAndrew Bartlett1-1/+1
size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3: Simplify the logic in generate_krb5_ccacheVolker Lendecke1-51/+28
gd, jra, others, please check!
2010-09-10s3: Simplify generate_krb5_ccache slightlyVolker Lendecke1-4/+0
strequal deals with a NULL string input just fine
2010-09-09s3: These assignments are overwritten immediatelyVolker Lendecke1-4/+0
Dump them
2010-09-09s3: Remove "mem_ctx" from a few functionsVolker Lendecke1-5/+1
2010-09-09s3: Remove "mem_ctx" from lookup_cached_name()Volker Lendecke1-2/+1
2010-09-09s3: Remove a nested if-statementVolker Lendecke1-5/+3
2010-09-09s3: Fill in workstation in winbindd_pam_auth_crap_sendVolker Lendecke1-6/+1
2010-09-09s3: Fill in domain in winbindd_pam_auth_crap_sendVolker Lendecke1-11/+1
2010-09-09s3: Remove redundant flag checksVolker Lendecke1-10/+0
We're checking these in the parent already (winbindd_pam_auth_send and winbindd_pam_auth_crap_send). No point in doing it in the child as well
2010-09-09s3: Remove unused arg "user_sid" from winbindd_store_credsVolker Lendecke1-1/+1
All callers have passed in NULL
2010-09-08s3: "== false" looks wrong :-)Volker Lendecke1-1/+1
2010-08-31s3-auth Rename NT_USER_TOKEN user_sids -> sidsAndrew Bartlett1-1/+1
This is closer to the struct security_token from security.idl
2010-08-14s3:auth Change winbindd -> auth interface to more standard structuresAndrew Bartlett1-24/+5
This removes conversions to and from the source3 varient of the server_info structure when replaced in s3compat, and presents a tidier interface to winbindd in any case. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14s3:auth Make Samba3 use the new common struct auth_usersupplied_infoAndrew Bartlett1-1/+1
This common structure will make it much easier to produce an auth module for s3compat that calls Samba4's auth subsystem. In order the make the link work properly (and not map twice), we mark both that we did try and map the user, as well as if we changed the user during the mapping. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>