summaryrefslogtreecommitdiff
path: root/source3/auth/auth_winbind.c
AgeCommit message (Collapse)AuthorFilesLines
2025-04-03s3:auth: let auth_winbind pass WBC_AUTH_PARAM_FLAGS_FOR_NETLOGON if neededStefan Metzmacher1-0/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2024-03-27winbind: Log NOT_IMPLEMENTED as debugDavid Mulder1-1/+5
This message happens frequently when running a PDC/NT4 mode w/out winbind. Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Mar 27 02:15:31 UTC 2024 on atb-devel-224
2023-07-05s3:auth: Fix code spellingAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2020-01-06auth: Remove the "typedef auth_methods"Volker Lendecke1-1/+4
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-12-20s3:auth_winbind: ignore a missing winbindd as NT4 PDC/BDC without trustsStefan Metzmacher1-1/+32
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Thu Dec 20 12:15:09 CET 2018 on sn-devel-144
2018-12-20s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not availableStefan Metzmacher1-1/+1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13723 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2018-12-20s3:auth_winbind: remove fallback to optional backendStefan Metzmacher1-16/+0
This is not possible anymore, as the trustdomain backend was removed in commit 75c152c0d764165a4a9dd0a85390af063dd0192a. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13723 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2017-04-22lib: modules: Change XXX_init interface from XXX_init(void) to ↵Jeremy Allison1-1/+1
XXX_init(TALLOC_CTX *) Not currently used - no logic changes inside. This will make it possible to pass down a long-lived talloc context from the loading function for modules to use instead of having them internally all use talloc_autofree_context() which is a hidden global. Updated all known module interface numbers, and added a WHATSNEW. Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
2017-03-10auth_winbind3: Correctly handle !authoritativeVolker Lendecke1-0/+9
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-04-24BUG 9817: Fix 'map untrusted to domain' with NTLMv2.Andreas Schneider1-2/+8
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Apr 24 17:14:48 CEST 2013 on sn-devel-104
2011-06-09s3-talloc Change TALLOC_ZERO_P() to talloc_zero()Andrew Bartlett1-1/+1
Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_P isn't standard talloc.
2011-03-30s3-auth: use auth.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-winbind: remove global inclusion of libwbclient.Günther Deschner1-0/+1
Guenther
2011-01-17s3: Make sure we call wbcAuthenticateUserEx correctlyVolker Lendecke1-4/+14
There are cases where we fill in params.password.response.lm_data with non-NULL where params.password.response.lm_length is 0. wbcAuthenticateUserEx does not like that. I haven't been able to reproduce this with smbclient yet, I've seen it with a proprietary smb client implementation. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Jan 17 16:30:11 CET 2011 on sn-devel-104
2010-11-09s3: Quieten a bogus error messageVolker Lendecke1-3/+1
This happens if you set "auth methods = winbind" without a fallback method. The return NT_STATUS_LOGON_FAILURE; is not strictly require here, because we fall through to the equivalent statement a few lines down, but it makes the code a bit clearer IMO. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Nov 9 20:15:59 UTC 2010 on sn-devel-104
2010-08-14s3:auth Make Samba3 use the new common struct auth_usersupplied_infoAndrew Bartlett1-4/+4
This common structure will make it much easier to produce an auth module for s3compat that calls Samba4's auth subsystem. In order the make the link work properly (and not map twice), we mark both that we did try and map the user, as well as if we changed the user during the mapping. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-06-16s3-auth: fix debug message in check_winbind_security().Günther Deschner1-1/+1
Guenther
2010-06-16Revert "s4-smbtorture: only pull info when status code indicates success in ↵Günther Deschner1-11/+3
smbcli_rap_netprintqgetinfo()." This reverts commit 1f1c04010a55e67d8dc2110276eed4cf2a8a0afa.
2010-06-16s4-smbtorture: only pull info when status code indicates success in ↵Günther Deschner1-3/+11
smbcli_rap_netprintqgetinfo(). Guenther
2010-06-07s3:auth Rename user_info->domain -> user_info->mapped.domain_nameAndrew Bartlett1-4/+4
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->internal_username -> user_info->mapped.account_nameAndrew Bartlett1-2/+2
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->smb_name -> user_info->client.account_nameAndrew Bartlett1-2/+2
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-01s3:auth Rename wksta_name -> workstation_name in auth_usersupplied_infoAndrew Bartlett1-1/+1
2010-05-29s3:auth make it easier to trace auth modulesSimo Sorce1-0/+2
2010-04-11s3: Remove the make_auth_methods routineVolker Lendecke1-5/+9
This was just TALLOC_ZERO_P
2010-04-11s3: Fix some nonempty linesVolker Lendecke1-3/+3
2010-01-10s3: Remove the typedef for "auth_serversupplied_info"Volker Lendecke1-1/+1
2010-01-10s3: Remove the typedef for "auth_usersupplied_info"Volker Lendecke1-1/+1
2008-05-07Rename server_info->was_mapped to server_info->nss_tokenVolker Lendecke1-3/+1
"nss_token" from my point of view much better reflects what this flag actually represents (This used to be commit b121a5acb2ef0bb3067d953b028696175432f10d)
2008-03-26Add debug statement in auth_winbind to display wbcAuthenticateUserEx error code.Günther Deschner1-0/+5
Guenther (This used to be commit 0ad00a452f03d8af6e6b6fabd4a05ca26a9910d0)
2008-02-13auth_winbind: use wbcAuthenticateUserEx()Stefan Metzmacher1-69/+44
smbd doesn't need $(WBCOMMON_OBJ) anymore, it works with any libwbclient.so now and may talk to an older winbindd. metze (This used to be commit e3435930a307cff3066fe2047ed8c5c48911f001)
2008-01-04More logical operations on booleans. IBM checker.Jeremy Allison1-1/+3
Jeremy. (This used to be commit e289a0c8592f9e5c58100ddcde2577b452725b88)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r21940: Sorry Volker, I have to revert your revert in r21935.Gerald Carter1-1/+2
We can talk about this later if you still feel that strongly but I need to fix the build for now. (This used to be commit c7df0cad8257333c6a8dfd98818269a783ba7a26)
2007-10-10r21935: Revert obviously not sufficiently tested code -- sorry for the pain. ↵Volker Lendecke1-2/+1
I am afraid I was basically off the net for the day (This used to be commit 08c29abc03267b0dfb41cec3734653a536027a10)
2007-10-10r21878: Fix a bug with smbd serving a windows terminal server: If winbind ↵Volker Lendecke1-1/+2
decides smbd to be idle it might happen that smbd needs to do a winbind operation (for example sid2name) as non-root. This then fails to get the privileged pipe. When later on on the same connection another authentication request comes in, we try to do the CRAP auth via the non-privileged pipe. This adds a winbindd_priv_request_response() request that kills the existing winbind pipe connection if it's not privileged. Volker (This used to be commit e5741e27c4c22702c9f8b07877641fecc7eef39c)
2007-10-10r18665: Remove two type-punned warningsVolker Lendecke1-2/+3
(This used to be commit 157b2c0c262dc9b9ae2a8a3133479e66e6c8db07)
2007-10-10r17626: Some C++ WarningsVolker Lendecke1-2/+3
(This used to be commit 09e7c010f03ac3c621f7a7fad44685d278c1481a)
2007-10-10r15475: Ugly and disgusting patch to fix the username map problem I created byVolker Lendecke1-0/+3
changing the token generation. I *hate* this code! Jerry, you have been looking at this as well, can you double-check that I did not screw it up? Thanks, Volker (This used to be commit 2765c4ff8d44c970db3e075b0a2412662f1936c6)
2007-10-10r15472: Remove an unused function parameterVolker Lendecke1-1/+0
(This used to be commit d2f39ae7fe79fd31846c555849655023a2d1cbc7)
2007-10-10r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit ↵Gerald Carter1-3/+3
winbindd server (This used to be commit a95d11345e76948b147bbc1f29a05c978d99a47a)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-11/+8
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r11573: Adding Andrew Bartlett's patch to make machine accountJeremy Allison1-0/+2
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes the auth module interface to 2 (from 1). The effect of this is that clients can access resources as a machine account if they set these flags. This is the same as Windows (think of a VPN where the vpn client authenticates itself to a VPN server using machine account credentials - the vpn server checks that the machine password was valid by performing a machine account check with the PDC in the same was as it would a user account check. I may add in a restriction (parameter) to allow this behaviour to be turned off (as it was previously). That may be on by default. Andrew Bartlett please review this change carefully. Jeremy. (This used to be commit d1caef866326346fb191f8129d13d98379f18cd8)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-1/+1
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison1-1/+1
safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10r3616: Merge for 3.0.8.Andrew Bartlett1-3/+3
In auth_winbind, remove the push_utf8 calls, as this is no longer a UTF8 interface. (Removed from everywhere else earlier). Tested with ASCII - I tried to load the weird charset for testing, but it doesn't seem to work any more. Andrew Bartlett (This used to be commit cb27c197ee44d2be09014598e3928642b59ef956)
2007-10-10r786: Memory leak fixes in (mostly) error code paths fromJeremy Allison1-3/+2
kawasa_r@itg.hitachi.co.jp. A couple of mem leak fixes in mainline code paths though :-). Jeremy. (This used to be commit 4695cc95fe576b6da0d0cb0686f208fc306b2646)
2003-12-19* add a few useful debug linesGerald Carter1-1/+2
* fix bug involving Win9x clients. Make sure we save the right case for the located username in fill_sam_account() (This used to be commit 850e4be29e185ebe890f094372aa8c2cc86de76a)
2003-10-07make sure to call get_user_groups() with the full winbindd name for a user ↵Gerald Carter1-8/+8
if he;she has one; bug 406 (This used to be commit 1737b36e9193e30285c598ad75d90f610bab47fe)
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-07 08:01:55 +0000