summaryrefslogtreecommitdiffstats
path: root/source3/auth/auth.c
Commit message (Collapse)AuthorAgeFilesLines
* s4-auth: Do not override the NT_STATUS_NOT_IMPLEMENTED error for winbinddAndrew Bartlett2014-07-041-0/+7
| | | | | | | | | This changes the auth code in winbindd to use this as a flag, and to therefore contact the RW DC. Change-Id: If4164d27b57b453b398642fdf7d46d03cd0e65f2 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
* auth: Provide a way to use the auth stack for winbindd authenticationAndrew Bartlett2014-06-111-1/+9
| | | | | | | | | | | | | | This adds in flags that allow winbindd to request authentication without directly calling into the auth_sam module. That in turn will allow winbindd to call auth_samba4 and so permit winbindd operation in the AD DC. Andrew Bartlett Change-Id: I27d11075eb8e1a54f034ee2fdcb05360b4203567 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-auth: Pass mem_ctx to auth_check_ntlm_password().Andreas Schneider2014-02-191-19/+31
| | | | | | | | | | Coverity-Id: 1168009 BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598 Signed-off-by: Andreas Schneider <asn@samba.org> Change-Id: Ie01674561a6a75239a13918d3190c2f21c3efc7a Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* param: rename lp function and variable from "encrypted_passwords" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "encrypt_passwords" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth: Remove .get_challenge (only used for security=server)Andrew Bartlett2012-07-031-48/+6
| | | | | | | | | | | | | With NTLMSSP, for NTLM2 we need to be able to set the effective challenge, so if we ever did use a module that needed this functionlity, we would downgrade to just NTLM. Now that security=server has been removed, we have no such module. This will make it easier to make the auth subsystem async, as we will not need to consider making .get_challenge async. Andrew Bartlett
* s3-auth: rework default auth methods around the lp_server_role() parameterAndrew Bartlett2012-06-151-17/+23
| | | | | | | | To cover all the enum values, ROLE_ACTIVE_DIRECTORY_DOMAIN_CONTROLLER is mapped to the samba4 auth module, and this is no longer required to be specified in fileserver.conf. Andrew Bartlett
* s3-auth: Merge SEC_DOMAIN and SEC_ADS cases in creating the default auth ↵Andrew Bartlett2012-06-151-7/+2
| | | | module list
* s3-auth: remove "security=server" (depricated since 3.6)Stefan Metzmacher2012-05-151-6/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | "security=server" has a lot of problems in the world with modern security (ntlmv2 and krb5). It was also not very reliable, as it needed a stable connection to the password server for the lifetime of the whole client connection! Please use "security=domain" or "security=ads" is you authentication against remote servers (domain controllers). metze -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SERVER | | security=server | | | | | | 12 May | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
* s3-auth: Remove single-implementation plugin layerAndrew Bartlett2012-03-081-8/+5
| | | | | | | | The ->get_ntlm_challenge and ->check_ntlm_password elements of struct auth_context were only ever initialised to a single value. Make it easier to follow by just calling the function directly. Andrew Bartlett
* s3-auth: Remove security=share (depricated since 3.6).Andrew Bartlett2012-03-041-11/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
* s3-auth: Add a way to get an auth4_context from the auth stackAndrew Bartlett2012-02-241-2/+4
| | | | | | | | This will allow us to use the same layer that auth_ntlmssp does in the non-SPNEGO session setup, which will in turn make the authentication code more consistent in the AD server case. Andrew Bartlett
* s3-auth re-create the auth context in the s3 ntlmssp server moduleAndrew Bartlett2012-01-051-2/+0
| | | | | | | | This removes the abstraction violation in auth_generic.c. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* selftest: test plugin_s4_dc against all ncacn_np testsAndrew Bartlett2011-08-031-1/+2
| | | | | | | Changes to the s3 epmapper behaviour seem to have fixed the rest of these tests. Andrew Bartlett
* s3-ntlmssp Split calls to gensec plugin into prepare and startAndrew Bartlett2011-08-031-2/+3
| | | | | | | | | | GENSEC has the concept of starting the GENSEC subsystem before starting the actual mechansim. Between these two stages is when most context methods are called, to specify credentials and features. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Allow auth modules to provide an initialised GENSEC contextAndrew Bartlett2011-08-031-2/+9
| | | | | | | | | This will allow auth plugins such as auth_samba4 to provide an initialised GENSEC context to auth subsystem callers. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth: Fix account check over ncalrpc.Andreas Schneider2011-07-131-5/+9
|
* s3:auth: remove unused variableStefan Metzmacher2011-07-081-1/+0
| | | | metze
* s3-auth: Pass the remote_address down to user_info.Andreas Schneider2011-07-041-4/+12
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3-auth: use auth.h where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3: Lift talloc_autofree_context() from make_auth_context_fixed()Volker Lendecke2010-09-261-3/+4
|
* s3: Lift talloc_autofree_context() from make_auth_context_subsystem()Volker Lendecke2010-09-261-4/+6
|
* s3: Lift talloc_autofree_context() from make_auth_context_text_list()Volker Lendecke2010-09-261-3/+6
|
* s3: Lift talloc_autofree_context() from make_auth_context()Volker Lendecke2010-09-261-3/+7
|
* s3: Pass the rhost through smb_pam_accountcheckVolker Lendecke2010-08-221-1/+4
|
* s3: Rename auth.c:backends to auth_backendsVolker Lendecke2010-08-221-4/+4
|
* s3:auth Whitespace fixes after auth mergeAndrew Bartlett2010-08-141-1/+1
|
* s3:auth Make Samba3 use the new common struct auth_usersupplied_infoAndrew Bartlett2010-08-141-3/+3
| | | | | | | | | | | | | This common structure will make it much easier to produce an auth module for s3compat that calls Samba4's auth subsystem. In order the make the link work properly (and not map twice), we mark both that we did try and map the user, as well as if we changed the user during the mapping. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth: Simplify how we free the auth_contextSimo Sorce2010-07-191-16/+18
| | | | | | | | | Turn the freeing function into a destructor and attach it to the auth_context. Make all callers TALLOC_FREE() the auth_context instead of calling the free function. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3:auth Rename user_info->domain -> user_info->mapped.domain_nameAndrew Bartlett2010-06-071-4/+4
| | | | | | | This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
* s3:auth Rename user_info->client_domain -> user_info->client.domain_nameAndrew Bartlett2010-06-071-1/+1
| | | | | | | This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
* s3:auth Rename user_info->internal_username -> user_info->mapped.account_nameAndrew Bartlett2010-06-071-7/+7
| | | | | | | This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
* s3:auth Rename user_info->smb_name -> user_info->client.account_nameAndrew Bartlett2010-06-071-7/+7
| | | | | | | This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
* s3:auth Rename wksta_name -> workstation_name in auth_usersupplied_infoAndrew Bartlett2010-06-011-2/+2
|
* s3:auth Make get_ntlm_challenge more like Samba4Andrew Bartlett2010-05-131-2/+3
| | | | | | This helps with the upcoming NTLMSSP merge, and allows errors to be returned. Andrew Bartlett
* s3: Make "auth_context" its own talloc parentVolker Lendecke2010-04-111-12/+6
| | | | Remove "mem_ctx" from "struct auth_context"
* Remove an unused talloc context.Jeremy Allison2009-07-161-8/+2
| | | | Jeremy.
* Fix some nonempty blank linesVolker Lendecke2009-02-211-31/+31
|
* Remove the static "chal" from ntlmssp.c:get_challenge()Volker Lendecke2009-02-211-6/+8
|
* Add wrapper str_list_make_v3() to replace the old S3 behavior ofJeremy Allison2008-11-061-8/+8
| | | | | | | | str_list_make(). From Dan Sledz <dan.sledz@isilon.com>: In samba 3.2 passing NULL or an empty string returned NULL. In master, it now returns a list of length 1 with the first string set to NULL (an empty list). Jeremy.
* Use common strlist implementation in Samba 3 and Samba 4.Jelmer Vernooij2008-10-121-2/+2
|
* Fix typos.Karolin Seeger2008-04-091-1/+1
| | | | | Karolin (This used to be commit 6cee34703503fbf3629057345fe221b866560648)
* Always pass a TALLOC_CTX to str_list_make and str_list_copyVolker Lendecke2008-02-041-10/+26
| | | | (This used to be commit e2c9fc4cf5f0ff725330fa44f53782db65fca37e)
* tiny simplificationVolker Lendecke2008-02-041-5/+3
| | | | (This used to be commit 22e49ef2c0c9b641068ac5419b9c82fb97d3e8e6)
* RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison2007-10-181-4/+4
| | | | | | | | bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
* r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell2007-10-101-2/+1
| | | | (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
* r23779: Change from v2 or later to v3 or later.Jeremy Allison2007-10-101-1/+1
| | | | | Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
* r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; andVolker Lendecke2007-10-101-1/+1
| | | | | replace all data_blob(NULL, 0) calls. (This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
* r22001: change prototype of dump_data(), so that it takes unsigned char * now,Stefan Metzmacher2007-10-101-4/+4
| | | | | | | | | which matches what samba4 has. also fix all the callers to prevent compiler warnings metze (This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
* r21870: Move sending auth_server keepalives out of the main loop into an ↵Volker Lendecke2007-10-101-4/+1
| | | | | | | idle event. Volker (This used to be commit 6226b30f38cd82531422815ba66a687aab50028d)
* r18605: sync dlinklist.h with samba4, that means DLIST_ADD_END()Stefan Metzmacher2007-10-101-2/+1
| | | | | | | | and DLIST_DEMOTE() now take the type of the tmp pointer not the tmp pointer itself anymore. metze (This used to be commit 2f58645b7094e81dff3734f11aa183ea2ab53d2d)
generated by cgit (git 2.34.1) at 2025-09-25 10:15:34 +0000