summaryrefslogtreecommitdiffstats
path: root/source3/auth
Commit message (Collapse)AuthorAgeFilesLines
...
* s3-auth Use the common gensec_ntlmssp_update in gensec_ntlmssp3_serverAndrew Bartlett2012-02-171-21/+1
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Use common gensec_ntlmssp server functions for more of ↵Andrew Bartlett2012-02-171-182/+2
| | | | | | | | | | | gensec_ntlmssp3_server This is possible because we now supply the auth4_context abstraction that this code is looking for. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Add extra error messages on authentication or authorization failureAndrew Bartlett2012-02-171-0/+16
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Hook checking passwords and generating session_info via the ↵Andrew Bartlett2012-02-173-59/+259
| | | | | | | | | | | | | | auth4_context This avoids creating a second auth_context, as it is a private pointer in the auth4_context that has already been passed in, and makes the gensec_ntlmssp code agnostic to the type of authentication backend behind it. This will in turn allow the ntlmssp server code to be further merged. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* Rename obscure defined constants.Christopher R. Hertel (crh)2012-02-161-2/+2
| | | | | | | | | | | | | | | Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT. Also replaced several hard-coded references to the well-known port numbers (139 and 445, respectively) as appropriate. Small changes to clarify some comments regarding the two transport types. Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
* s3-auth: On successful user mapping set mapped_to_guest to false.Sumit Bose2012-02-131-0/+1
| | | | | Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Mon Feb 13 13:09:10 CET 2012 on sn-devel-104
* s3-auth Add const to make_user_info_mapAndrew Bartlett2012-02-082-4/+4
|
* s3:auth: fill the sids array of the info3 in ↵Stefan Metzmacher2012-02-021-0/+53
| | | | | | | | | | | | | wbcAuthUserInfo_to_netr_SamInfo3() (bug #8739) Originally, only the rid array was filled and foreign domain sids were omitted. Pair-Programmed-With: Michael Adam <obnox@samba.org> metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Feb 2 12:59:32 CET 2012 on sn-devel-104
* s3:auth: fix potential gap creation in wbcsids_to_samr_RidWithAttributeArray()Stefan Metzmacher2012-02-021-4/+5
| | | | | | Pair-Programmed-With: Michael Adam <obnox@samba.org> metze
* s3:auth/auth_generic: make use of gensec_spnego in the serverStefan Metzmacher2012-01-311-4/+9
| | | | metze
* s3-auth: Remove duplicate check for NT_STATUS_IS_OK(nt_status)Andrew Bartlett2012-01-301-4/+0
| | | | | Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Jan 30 09:38:47 CET 2012 on sn-devel-104
* auth: Make check_password and generate_session_info hook genericAndrew Bartlett2012-01-301-14/+19
| | | | | | | | gensec_ntlmssp does not need to know the internal form of the struct user_info_dc or auth_serversupplied_info. This will allow the calling logic to be put in common. Andrew Bartlett
* s3-pdb: Break SECRETS3 dependency on PDB.Simo Sorce2012-01-271-1/+1
| | | | | | | | | | | | | | | This is causing circular depdnendcies that bring libpdb in all code and this is BAD. This change 'protects' the sid and guid of the domain by adding a special key that makes them effectively read only. Limit this temporarily to the samba 4 build, once it gets some good testing the samba4 ifdefs can be dropped. fix pdb dependencies Signed-off-by: Andreas Schneider <asn@samba.org>
* s3:auth/auth_generic: for now call sub_set_smb_name() and lp_load()Stefan Metzmacher2012-01-261-0/+6
| | | | | | | | | This matches the auth_ntlmssp case and the smbd/sesssetup.c code. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 26 17:58:17 CET 2012 on sn-devel-104
* s3-gensec: Add hook to allow gensec to know if kerberos is permittedAndrew Bartlett2012-01-181-0/+24
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-librpc Call GSSAPI via the auth_generic layer and gensecAndrew Bartlett2012-01-181-1/+6
| | | | | | | | | | This simplifies a lot of code, as we know we are always dealing with a struct gensec_security, and allows the gensec module being used to implement GSSAPI to be swapped when required for AD-server operation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Match session setup handling of krb5, store the PACAndrew Bartlett2012-01-181-1/+4
| | | | | | | | | This will allow non-krb5 services to get the full user groups without need to do an online s4u2self. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Add auth hook for PAC parsingAndrew Bartlett2012-01-181-2/+128
| | | | | | | | | | | This will allow gensec_gse to parse the PAC. This is a copy from source3/rpc_server/dcesrv_generic.c to preserve behaviour. A future commit will enable the samlogon cache. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-waf: auth_netlogond depends on tldap.Andreas Schneider2012-01-121-0/+1
| | | | | Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Thu Jan 12 17:33:10 CET 2012 on sn-devel-104
* s3-auth Remove more unused headersAndrew Bartlett2012-01-051-3/+0
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth remove unused ntlmssp.hAndrew Bartlett2012-01-051-1/+0
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Remove ntlmssp_wrap.h which is no longer requiredAndrew Bartlett2012-01-052-2/+0
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth use gensec directly rather than via auth_generic_stateAndrew Bartlett2012-01-052-44/+24
| | | | | | | | | This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Set remote address for both AD and s3 gensec modesAndrew Bartlett2012-01-051-2/+0
|
* s3-auth re-create the auth context in the s3 ntlmssp server moduleAndrew Bartlett2012-01-054-61/+8
| | | | | | | | This removes the abstraction violation in auth_generic.c. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Add TALLOC_CTX * to auth_generic_prepare()Andrew Bartlett2012-01-052-3/+4
| | | | | | | | | This makes the long term owner of this memory more clear. So far only the clear cases have been moved from NULL however. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth supply s3 ntlmssp module via gensec_settingsAndrew Bartlett2012-01-051-24/+11
| | | | | | | | | This will allow the supply of multiple modules in future without duplicating the module selection logic. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Fix talloc parent for s4 event context in auth_samba4Andrew Bartlett2011-12-281-1/+1
|
* s3-auth: Remove protype for already-removed auth_ntlmssp_startAndrew Bartlett2011-12-281-1/+0
|
* s3-auth split the auth_generic functions into a seperate fileAndrew Bartlett2011-12-223-158/+191
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth remove auth_ntlmssp_start(), call auth_generic_start() directlyAndrew Bartlett2011-12-221-5/+0
| | | | | | | | This makes it clear that this can support more than just NTLMSSP. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()Andrew Bartlett2011-12-222-3/+3
| | | | | | | | | This function handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth rename auth_ntlmssp_state -> auth_generic_stateAndrew Bartlett2011-12-222-10/+10
| | | | | | | | | This structure handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Restore shortcut for guest security tokenAndrew Bartlett2011-12-221-11/+11
| | | | | | | | | | | | | | This was lost when the server_info and session_info structures were split. This helps avoid doing lookups for the guest account to determine the uid/gid and SID values. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Dec 22 15:51:09 CET 2011 on sn-devel-104
* s3:auth: s/Undefined/SMB_SIGNING_DEFAULT/Stefan Metzmacher2011-11-032-2/+3
| | | | metze
* s3-waf: convert libcli_netlogon3 into a private library.Günther Deschner2011-11-021-1/+1
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Nov 2 18:34:55 CET 2011 on sn-devel-104
* s3-waf: move trusts_util.c code into a private library.Günther Deschner2011-11-021-2/+2
| | | | Guenther
* idl: Improve MS-PAC IDLSimo Sorce2011-10-243-15/+15
| | | | | | | | | | Change some misleading variable names to reflect the actual function. Add missing field name/types previously marked as unkown. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
* s3-auth remove auth_ntlmssp_session_info()Andrew Bartlett2011-10-212-14/+0
| | | | | | | | Instead, call gensec_session_info() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth move the s3 auth context onto gensec_ntlmssp once we startAndrew Bartlett2011-10-181-2/+2
| | | | | | | | | We do not need it on the auth_ntlmssp_state any longer. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 18 13:54:36 CEST 2011 on sn-devel-104
* s3:auth_util: add the uid with WBC_ID_TYPE_BOTH also to the group arrayStefan Metzmacher2011-10-181-2/+4
| | | | | | This will help with having "sidHistory" support in future. metze
* gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett2011-10-181-1/+2
| | | | | | | | | | | | This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-ntlmssp Implement the server-side auth_ntlmssp code as a GENSEC moduleAndrew Bartlett2011-10-182-85/+228
| | | | | | | | | | | This uses the top level gensec_ntlmssp helper functions which are identical to the parts of ntlmssp_wrap.c that are now not called. (Includes formatting and correctness fixes from Metze) Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett2011-10-181-1/+1
| | | | | | | | | This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Add my copyrightAndrew Bartlett2011-10-181-1/+1
| | | | | | I have done plenty of work here, I deserve some of the blame :-) Andrew Bartlett
* Fix uninitialized memory problem in group_sids_to_info3 (fixes bug #8455).Wilco Baan Hofman2011-10-171-2/+2
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Oct 17 23:32:58 CEST 2011 on sn-devel-104
* s3-auth: remove dead prototype.Günther Deschner2011-10-171-1/+0
| | | | Guenther
* s3-auth: token_util needs system/passwd.h.Günther Deschner2011-10-141-0/+1
| | | | Guenther
* s4-messaging: Pass the loadparm context, not just the messaging pathAndrew Bartlett2011-10-131-1/+1
| | | | | | This will allow the TDB layer to get at the lp_ctx for tdb options. Andrew Bartlett
* auth: move credentials layer to the top levelAndrew Bartlett2011-10-111-1/+1
| | | | | | | | This will allow gensec_start.c to move to the top level. This does not change what code uses the cli_credentials code, but allows the gensec code to be more broadly. Andrew Bartlett
generated by cgit (git 2.34.1) at 2025-09-27 16:03:23 +0000