summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_pam.c
AgeCommit message (Collapse)AuthorFilesLines
2010-12-19s3: Use the right uid winbindd_raw_kerberos_login()Volker Lendecke1-1/+1
2010-12-19s3: wcache_invalidate_samlogon only needs the SIDVolker Lendecke1-4/+10
2010-12-10s3-winbind Improve memory handling in NTLMv2-backend plaintext authenticationAndrew Bartlett1-17/+6
Andrew Bartlett
2010-12-10s3-winbind Don't send the LM password to the server, everAndrew Bartlett1-11/+1
This is for the case where we have the plaintext password locally, and can construct the challenge-response values here. We should never ever use the LM password in domain authentication. The last domain controller to only have LM passwords stored was NT 3.5. Andrew Bartlett
2010-11-27s3: Return the correct result from winbindd_dual_auth_passdbVolker Lendecke1-2/+3
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_auth_dataVolker Lendecke1-13/+14
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Nov 17 12:02:34 UTC 2010 on sn-devel-104
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_info3_as_txtVolker Lendecke1-28/+29
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_afs_tokenVolker Lendecke1-8/+6
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_info3_as_ndrVolker Lendecke1-4/+5
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_unix_usernameVolker Lendecke1-6/+6
2010-11-17s3: Remove a reference to "winbindd_cli_state" from append_auth_dataVolker Lendecke1-11/+11
2010-10-14s3-auth Use security_token_debug() from common codeAndrew Bartlett1-1/+1
This prints the security token including the privileges as strings instead of just a bitmap. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-1/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-09-12s3: Remove a nesting level in winbindd_dual_pam_chauthtokVolker Lendecke1-18/+19
2010-09-11s3-auth Change struct nt_user_token -> struct security_tokenAndrew Bartlett1-2/+2
This common structure is defined in security.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change type of num_sids to uint32_tAndrew Bartlett1-1/+1
size_t is overkill here, and in struct security_token in the num_sids is uint32_t. This includes a change to the prototype of add_sid_to_array() and add_sid_to_array_unique(), which has had a number of consequnetial changes as I try to sort out all the callers using a pointer to the number of sids. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3: Simplify the logic in generate_krb5_ccacheVolker Lendecke1-51/+28
gd, jra, others, please check!
2010-09-10s3: Simplify generate_krb5_ccache slightlyVolker Lendecke1-4/+0
strequal deals with a NULL string input just fine
2010-09-09s3: These assignments are overwritten immediatelyVolker Lendecke1-4/+0
Dump them
2010-09-09s3: Remove "mem_ctx" from a few functionsVolker Lendecke1-5/+1
2010-09-09s3: Remove "mem_ctx" from lookup_cached_name()Volker Lendecke1-2/+1
2010-09-09s3: Remove a nested if-statementVolker Lendecke1-5/+3
2010-09-09s3: Fill in workstation in winbindd_pam_auth_crap_sendVolker Lendecke1-6/+1
2010-09-09s3: Fill in domain in winbindd_pam_auth_crap_sendVolker Lendecke1-11/+1
2010-09-09s3: Remove redundant flag checksVolker Lendecke1-10/+0
We're checking these in the parent already (winbindd_pam_auth_send and winbindd_pam_auth_crap_send). No point in doing it in the child as well
2010-09-09s3: Remove unused arg "user_sid" from winbindd_store_credsVolker Lendecke1-1/+1
All callers have passed in NULL
2010-09-08s3: "== false" looks wrong :-)Volker Lendecke1-1/+1
2010-08-31s3-auth Rename NT_USER_TOKEN user_sids -> sidsAndrew Bartlett1-1/+1
This is closer to the struct security_token from security.idl
2010-08-14s3:auth Change winbindd -> auth interface to more standard structuresAndrew Bartlett1-24/+5
This removes conversions to and from the source3 varient of the server_info structure when replaced in s3compat, and presents a tidier interface to winbindd in any case. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14s3:auth Make Samba3 use the new common struct auth_usersupplied_infoAndrew Bartlett1-1/+1
This common structure will make it much easier to produce an auth module for s3compat that calls Samba4's auth subsystem. In order the make the link work properly (and not map twice), we mark both that we did try and map the user, as well as if we changed the user during the mapping. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-06s3-krb5: include krb5pac.h where needed.Günther Deschner1-0/+1
Guenther
2010-08-05s3: avoid global include of ads.h.Günther Deschner1-0/+1
Guenther
2010-07-29We should be using the winbindd separator in this case, not hardcoding a \\ ↵Jeremy Allison1-1/+3
value. Jeremy.
2010-07-07s3-winbindd: route samr chgpwd ops for own domain over internal samr pipe as ↵Günther Deschner1-65/+26
well. Guenther
2010-06-03s3: remove unused librpc/ndr/sid.c.Günther Deschner1-0/+1
Guenther
2010-05-26s3-samr: move chgpasswd.c out of smbd and into the samr server.Günther Deschner1-0/+1
Guenther
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-5/+5
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18s3-rpc_client: move protos to cli_netlogon.hGünther Deschner1-0/+1
Guenther
2010-05-18s3-rpc_client: move protos to cli_samr.hGünther Deschner1-0/+1
Guenther
2010-05-18s3: Remove use of iconv_convenience.Jelmer Vernooij1-1/+1
2010-05-18s3-crypto: only include crypto headers when crypto is done.Günther Deschner1-0/+1
Guenther
2010-05-18s3-rpc_misc: clean out include/rpc_misc.h.Günther Deschner1-1/+1
Well known rids don't really belong into an rpc header, just use the ones defined in security.idl. Guenther
2010-05-11s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATAAndrew Bartlett1-14/+15
All the callers just want the PAC_LOGON_INFO, so search for that in ads_verify_ticket(), and don't bother the callers with the rest of the PAC. This change makes sense on it's own (removing boilerplate wrappers that just confuse the code), but it also makes it much easier to implement a matching ads_verify_ticket() function in Samba4 for the s3compat proposal. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-06s3: only include gen_ndr headers where needed.Günther Deschner1-0/+1
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time as follows: ccache build w/o patch real 4m21.529s ccache build with patch real 3m6.402s pch build w/o patch real 4m26.318s pch build with patch real 3m6.932s Guenther
2010-05-02s3: Fix the code order in append_auth_dataVolker Lendecke1-7/+7
This is to comply with the comment "currently, anything from here on potentially overwrites extra_data." Günther, please check!
2010-04-23s3: Allow pdb password change using WINBINDD_PAM_CHNG_PSWD_AUTH_CRAPVolker Lendecke1-0/+15
2010-04-23s3: replace some data_blob_talloc by data_blob_constVolker Lendecke1-8/+4
2010-04-23s3: Convert WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP to the new async APIVolker Lendecke1-42/+0
2010-04-19s3: Move the in-memory ccache to the parentVolker Lendecke1-41/+7
None of this blocks, so there is no reason to keep this in a winbind child process
2010-04-19s3-winbind: Allow changing the password for pdbVolker Lendecke1-0/+47
generated by cgit (git 2.34.1) at 2024-07-04 08:19:52 +0000