summaryrefslogtreecommitdiffstats
path: root/source3/auth/auth_ntlmssp.c
Commit message (Collapse)AuthorAgeFilesLines
* s3:auth: allow special SYSTEM and ANONYMOUS handling in ↵Stefan Metzmacher2014-04-241-2/+43
| | | | | | | | | | auth3_generate_session_info() auth_ctx->generate_session_info() will be used by the SCHANNEL and NCALRPC_AS_SYSTEM gensec modules in future. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-auth: Finally change make_user_info_*() use a parent talloc contextAndrew Bartlett2014-04-021-2/+3
| | | | | | Change-Id: Iedf516e8c24e0d18064aeedd8e287ed692d3c5b4 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* s3-auth: Pass mem_ctx to do_map_to_guest_server_info().Andreas Schneider2014-02-191-3/+4
| | | | | | | | Change-Id: If53117023e3ab37c810193edd00a81d247fdde7a Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Feb 19 01:28:14 CET 2014 on sn-devel-104
* s3-auth: Pass mem_ctx to auth_check_ntlm_password().Andreas Schneider2014-02-191-2/+4
| | | | | | | | | | Coverity-Id: 1168009 BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598 Signed-off-by: Andreas Schneider <asn@samba.org> Change-Id: Ie01674561a6a75239a13918d3190c2f21c3efc7a Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth: Remove .get_challenge (only used for security=server)Andrew Bartlett2012-07-031-12/+0
| | | | | | | | | | | | | With NTLMSSP, for NTLM2 we need to be able to set the effective challenge, so if we ever did use a module that needed this functionlity, we would downgrade to just NTLM. Now that security=server has been removed, we have no such module. This will make it easier to make the auth subsystem async, as we will not need to consider making .get_challenge async. Andrew Bartlett
* s3-auth: Remove single-implementation plugin layerAndrew Bartlett2012-03-081-3/+3
| | | | | | | | The ->get_ntlm_challenge and ->check_ntlm_password elements of struct auth_context were only ever initialised to a single value. Make it easier to follow by just calling the function directly. Andrew Bartlett
* auth: Reorder arguments to generate_session_infoAndrew Bartlett2012-02-181-2/+2
| | | | | | | | | This matches check_ntlm_password() and generate_session_info_pac() Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Feb 18 02:19:35 CET 2012 on sn-devel-104
* s3-auth: Use common gensec_ntlmsspAndrew Bartlett2012-02-171-36/+0
| | | | | | | | There is no longer any samba3-specific code left here. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Use common gensec_ntlmssp_server_startAndrew Bartlett2012-02-171-127/+1
| | | | | | | | This is now identical code, so there is no need to duplicate it. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Use the gensec-supplied DNS domain name and hostname.Andrew Bartlett2012-02-171-28/+44
| | | | | | | | Also have a reasonable fallback for when it is not set. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Allow NTLMSSP features to be disabled with smb.conf options for testingAndrew Bartlett2012-02-171-9/+23
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Use the lpcfg_ wrapper calls to set some variablesAndrew Bartlett2012-02-171-31/+10
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Remove a layer of indirection and reorder to match ↵Andrew Bartlett2012-02-171-18/+15
| | | | gensec_ntlmssp_server_start()
* s3-auth: Only allow LM_KEY cryptography when extra options are setAndrew Bartlett2012-02-171-1/+6
| | | | | | | | | | This crypto is incredibly poor, and can technically be enabled on an otherwise more secure connection that uses NTLM for the actual authentication leg. Therefore disable it by default. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Inline ntlmssp_server_start() into gensec_ntlmssp3_server_start()Andrew Bartlett2012-02-171-9/+60
| | | | | | | | This will help syncing this rotuine up with gensec_ntlmssp_server_start(). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Use the common gensec_ntlmssp_update in gensec_ntlmssp3_serverAndrew Bartlett2012-02-171-21/+1
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Use common gensec_ntlmssp server functions for more of ↵Andrew Bartlett2012-02-171-182/+2
| | | | | | | | | | | gensec_ntlmssp3_server This is possible because we now supply the auth4_context abstraction that this code is looking for. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Add extra error messages on authentication or authorization failureAndrew Bartlett2012-02-171-0/+16
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Hook checking passwords and generating session_info via the ↵Andrew Bartlett2012-02-171-58/+229
| | | | | | | | | | | | | | auth4_context This avoids creating a second auth_context, as it is a private pointer in the auth4_context that has already been passed in, and makes the gensec_ntlmssp code agnostic to the type of authentication backend behind it. This will in turn allow the ntlmssp server code to be further merged. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* Rename obscure defined constants.Christopher R. Hertel (crh)2012-02-161-2/+2
| | | | | | | | | | | | | | | Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT. Also replaced several hard-coded references to the well-known port numbers (139 and 445, respectively) as appropriate. Small changes to clarify some comments regarding the two transport types. Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
* s3-auth: Remove duplicate check for NT_STATUS_IS_OK(nt_status)Andrew Bartlett2012-01-301-4/+0
| | | | | Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Jan 30 09:38:47 CET 2012 on sn-devel-104
* auth: Make check_password and generate_session_info hook genericAndrew Bartlett2012-01-301-14/+19
| | | | | | | | gensec_ntlmssp does not need to know the internal form of the struct user_info_dc or auth_serversupplied_info. This will allow the calling logic to be put in common. Andrew Bartlett
* s3-auth Remove ntlmssp_wrap.h which is no longer requiredAndrew Bartlett2012-01-051-1/+0
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth re-create the auth context in the s3 ntlmssp server moduleAndrew Bartlett2012-01-051-0/+5
| | | | | | | | This removes the abstraction violation in auth_generic.c. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth split the auth_generic functions into a seperate fileAndrew Bartlett2011-12-221-157/+1
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth remove auth_ntlmssp_start(), call auth_generic_start() directlyAndrew Bartlett2011-12-221-5/+0
| | | | | | | | This makes it clear that this can support more than just NTLMSSP. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()Andrew Bartlett2011-12-221-2/+2
| | | | | | | | | This function handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth rename auth_ntlmssp_state -> auth_generic_stateAndrew Bartlett2011-12-221-6/+6
| | | | | | | | | This structure handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth remove auth_ntlmssp_session_info()Andrew Bartlett2011-10-211-11/+0
| | | | | | | | Instead, call gensec_session_info() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth move the s3 auth context onto gensec_ntlmssp once we startAndrew Bartlett2011-10-181-2/+2
| | | | | | | | | We do not need it on the auth_ntlmssp_state any longer. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 18 13:54:36 CEST 2011 on sn-devel-104
* gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett2011-10-181-1/+2
| | | | | | | | | | | | This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-ntlmssp Implement the server-side auth_ntlmssp code as a GENSEC moduleAndrew Bartlett2011-10-181-84/+227
| | | | | | | | | | | This uses the top level gensec_ntlmssp helper functions which are identical to the parts of ntlmssp_wrap.c that are now not called. (Includes formatting and correctness fixes from Metze) Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett2011-10-181-1/+1
| | | | | | | | | This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Add my copyrightAndrew Bartlett2011-10-181-1/+1
| | | | | | I have done plenty of work here, I deserve some of the blame :-) Andrew Bartlett
* s3-ntlmssp Remove a level of nesting in if/else statementAndrew Bartlett2011-08-031-3/+2
|
* selftest: test plugin_s4_dc against all ncacn_np testsAndrew Bartlett2011-08-031-0/+36
| | | | | | | Changes to the s3 epmapper behaviour seem to have fixed the rest of these tests. Andrew Bartlett
* s3-ntlmssp clarify session key behaviour after create_local_token() changesAndrew Bartlett2011-08-031-2/+1
|
* s3-ntlmssp Remove auth_ntlmssp_state_destructor, use the talloc tree insteadAndrew Bartlett2011-08-031-16/+5
|
* s3-auth rename auth_ntlmssp_steal_session_info()Andrew Bartlett2011-08-031-3/+3
| | | | | | | | There is no longer any theft of memory as the underlying routines now produce a new auth_session_info for this caller, allocating it on the supplied memory context. Andrew Bartlett
* s3-auth Add function to start any GENSEC mech by OIDAndrew Bartlett2011-08-031-2/+18
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth set session_info->sanitized_username in create_local_token()Andrew Bartlett2011-08-031-0/+1
| | | | | | | | | | | Rather than passing this value around the callers, and eventually setting it in register_existing_vuid(), we simply pass it to create_local_token(). This also removes the need for auth_ntlmssp_get_username(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-ntlmssp Split auth_ntlmssp_start into two functionsAndrew Bartlett2011-08-031-12/+15
| | | | | | | | | This helps map on to the GENSEC semantics better, and ensures that the full set of desired features are set before the mechanism starts. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-ntlmssp Split calls to gensec plugin into prepare and startAndrew Bartlett2011-08-031-4/+10
| | | | | | | | | | GENSEC has the concept of starting the GENSEC subsystem before starting the actual mechansim. Between these two stages is when most context methods are called, to specify credentials and features. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-ntlmssp Add hooks to optionally call into GENSEC in auth_ntlmsspAndrew Bartlett2011-08-031-13/+36
| | | | | | | | | | This allows the current behaviour of the NTLMSSP code to be unchanged while adding a way to hook in an alternate implementation via an auth module. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Move map to guest to directly after the check_password callsAndrew Bartlett2011-08-031-0/+4
| | | | | | | | | This means we no longer need two different map to guest functions and have consistent logic with fewer layering violations. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use the common auth_session_infoAndrew Bartlett2011-07-201-1/+1
| | | | | | | | | | | This patch finally has the same structure being used to describe the authorization data of a user across the whole codebase. This will allow of our session handling to be accomplished with common code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use struct auth3_session_info outside the auth subsystemAndrew Bartlett2011-07-201-1/+1
| | | | | | | | | | | | | | | This seperation between the structure used inside the auth modules and in the wider codebase allows for a gradual migration from struct auth_serversupplied_info -> struct auth_session_info (from auth.idl) The idea here is that we keep a clear seperation between the structure before and after the local groups, local user lookup and the session key modifications have been processed, as the lack of this seperation has caused issues in the past. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth: Pass the remote_address down to user_info.Andreas Schneider2011-07-041-2/+2
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3-auth: Added remote_address to ntlmssp server.Andreas Schneider2011-07-041-1/+10
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3-auth: Only reload the config file.Andreas Schneider2011-07-041-1/+1
| | | | | | | We only need to reload the config file. This removes a dependency to smbd. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit (git 2.34.1) at 2025-09-28 03:02:07 +0000