summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_pam.c
AgeCommit message (Collapse)AuthorFilesLines
2012-02-27s3-winbindd: Close netlogon connection if the status returned by the ↵Matthieu Patou1-1/+20
NetrSamLogonEx call is timeout in the pam_auth_crap path If not the child process would hang for quite a long time up to the moment when the connection is cleaned by the kernel (took ~ 20 minutes) in my tests. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Feb 27 23:10:03 CET 2012 on sn-devel-104
2012-02-20s3-winbindd: pass logon parmeters down to check_sam_security()Andrew Bartlett1-2/+6
This allows ntlm_auth --diagnostics to work against the local DC, just as it works against a member server. Andrew Bartlett
2012-01-30s3-winbind: don't try to do clever thing if the username is not found while ↵Matthieu Patou1-1/+2
authenticating through winbind This could cause that we authenticate a user with a bogus domain to winbind's domain if the password supplied for the PAM_AUTH match. The problem was reported by Jeff Venable (jvenable@juniper.net). Patch from Andrew Bartlett (abartlett@samba.org). Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Mon Jan 30 18:58:12 CET 2012 on sn-devel-104
2011-10-28Fix bug #8548 - winbind_samlogon_retry_loop ignores logon_parameters flags.Jeremy Allison1-2/+2
Fix confirmed by reporter. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Oct 28 23:04:47 CEST 2011 on sn-devel-104
2011-10-24idl: Improve MS-PAC IDLSimo Sorce1-7/+7
Change some misleading variable names to reflect the actual function. Add missing field name/types previously marked as unkown. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
2011-07-04s3-auth: Pass the remote_address down to user_info.Andreas Schneider1-2/+13
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-06-30s3-winbind: Fix bug 7888 -- deal with buggy 3.0 based PDCsGünther Deschner1-7/+19
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Thu Jun 30 00:42:23 CEST 2011 on sn-devel-104
2011-06-09s3-param Remove special case for global_myname(), rename to lp_netbios_name()Andrew Bartlett1-3/+3
There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett
2011-05-25s3-winbind: BUG 8166 - Don't lockout users when offline.Jim McDonough1-1/+4
Windows does not track bad password attempts when offline. We were locking users out but not honoring the lockout duration. Autobuild-User: Jim McDonough <jmcd@samba.org> Autobuild-Date: Wed May 25 18:11:10 CEST 2011 on sn-devel-104
2011-05-05More simple const fixups.Jeremy Allison1-3/+3
2011-05-04Fix simple uses of safe_strcpy -> strlcpy. Easy ones where we just remove -1.Jeremy Allison1-2/+2
2011-05-02s3: remove various references to server side dcerpc structs (which are not ↵Günther Deschner1-1/+0
needed). Guenther
2011-04-24s3:rpc_client: map fault codes to NTSTATUS with dcerpc_fault_to_nt_status()Stefan Metzmacher1-5/+5
Most fault codes have a NTSTATUS representation, so use that. This brings the fault handling in common with the source4/librpc/rpc code, which make it possible to share more highlevel code, between source3 and source4 as the error checking can be the same now. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sun Apr 24 10:44:53 CEST 2011 on sn-devel-104
2011-03-30s3-includes: only include ntdomain.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-auth: use auth.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-passdb: use passdb headers where needed.Günther Deschner1-0/+1
Guenther
2011-02-28s3-rpc_client: Move client pipe functions to own header.Andreas Schneider1-0/+1
2011-02-04s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945)Günther Deschner1-2/+57
The benefit of this that it makes us more robust to secure channel resets triggered from tools outside the winbind process. Long term we need to have a shared tdb secure channel store though as well. Guenther Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Feb 4 18:11:04 CET 2011 on sn-devel-104
2011-02-02s3-winbind: prefer dcerpc_samr_X functions in winbindd/winbindd_pam.c.Günther Deschner1-13/+37
Guenther
2011-01-28s3: inline get_uid_from_stateVolker Lendecke1-6/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Jan 28 23:38:16 CET 2011 on sn-devel-104
2011-01-28s3: Lift winbindd_cli_state from fillup_password_policyVolker Lendecke1-4/+6
2011-01-28s3: Do not use state->mem_ctx in fillup_password_policyVolker Lendecke1-4/+8
2011-01-28s3: Lift winbindd_cli_state from winbindd_dual_pam_auth_samlogonVolker Lendecke1-21/+27
2011-01-28s3: Lift winbindd_cli_state from winbindd_raw_kerberos_loginVolker Lendecke1-18/+26
2011-01-26s3-winbind: share a common winbind_samlogon_retry_loop().Günther Deschner1-168/+147
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Jan 26 12:41:14 CET 2011 on sn-devel-104
2011-01-26Revert "s3: These assignments are overwritten immediately"Günther Deschner1-0/+4
This reverts commit 18962ea3852d0d0fc7371e99813bebd54fae0a19.
2011-01-26Revert "s3-winbind: fix winbindd_dual_pam_auth_samlogon() for NT4 domains."Günther Deschner1-1/+0
This reverts commit cea36aeacf8778493463f31e6afc3f58384639e2.
2011-01-24s3-winbind: fix winbindd_dual_pam_auth_samlogon() for NT4 domains.Günther Deschner1-0/+1
After failing the netr_LogonSamLogonEx, we failed to retry with netr_LogonSamLogon. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Jan 24 12:35:42 CET 2011 on sn-devel-104
2010-12-19s3: Use the right uid winbindd_raw_kerberos_login()Volker Lendecke1-1/+1
2010-12-19s3: wcache_invalidate_samlogon only needs the SIDVolker Lendecke1-4/+10
2010-12-10s3-winbind Improve memory handling in NTLMv2-backend plaintext authenticationAndrew Bartlett1-17/+6
Andrew Bartlett
2010-12-10s3-winbind Don't send the LM password to the server, everAndrew Bartlett1-11/+1
This is for the case where we have the plaintext password locally, and can construct the challenge-response values here. We should never ever use the LM password in domain authentication. The last domain controller to only have LM passwords stored was NT 3.5. Andrew Bartlett
2010-11-27s3: Return the correct result from winbindd_dual_auth_passdbVolker Lendecke1-2/+3
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_auth_dataVolker Lendecke1-13/+14
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Nov 17 12:02:34 UTC 2010 on sn-devel-104
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_info3_as_txtVolker Lendecke1-28/+29
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_afs_tokenVolker Lendecke1-8/+6
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_info3_as_ndrVolker Lendecke1-4/+5
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_unix_usernameVolker Lendecke1-6/+6
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_auth_dataVolker Lendecke1-11/+11
2010-10-14s3-auth Use security_token_debug() from common codeAndrew Bartlett1-1/+1
This prints the security token including the privileges as strings instead of just a bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-1/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-09-12s3: Remove a nesting level in winbindd_dual_pam_chauthtokVolker Lendecke1-18/+19
2010-09-11s3-auth Change struct nt_user_token -> struct security_tokenAndrew Bartlett1-2/+2
This common structure is defined in security.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change type of num_sids to uint32_tAndrew Bartlett1-1/+1
size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3: Simplify the logic in generate_krb5_ccacheVolker Lendecke1-51/+28
gd, jra, others, please check!
2010-09-10s3: Simplify generate_krb5_ccache slightlyVolker Lendecke1-4/+0
strequal deals with a NULL string input just fine
2010-09-09s3: These assignments are overwritten immediatelyVolker Lendecke1-4/+0
Dump them
2010-09-09s3: Remove "mem_ctx" from a few functionsVolker Lendecke1-5/+1
2010-09-09s3: Remove "mem_ctx" from lookup_cached_name()Volker Lendecke1-2/+1
2010-09-09s3: Remove a nested if-statementVolker Lendecke1-5/+3