summaryrefslogtreecommitdiffstats
path: root/source3/auth/auth_sam.c
Commit message (Collapse)AuthorAgeFilesLines
* r69: Global rename of 'nt_session_key' -> 'user_session_key'. The session ↵Andrew Bartlett2007-10-101-1/+1
| | | | | | | | key could be anything, and may not be based on anything 'NT'. This is also what microsoft calls it. (This used to be commit 724e8d3f33719543146280062435c69a835c491e)
* Fix most of bug #169.Andrew Bartlett2004-04-031-1/+2
| | | | | | | | | | | | | | | | For a (very) long time, we have had a bug in Samba were an NTLMv2-only PDC would fail, because it converted the password into NTLM format for checking. This patch performs the direct comparison required for interactive logons to function in this situation. It also removes the 'auth flags', which simply where not ever used. Natrually, this plays with the size of structures, so rebuild, rebuild rebuild... Andrew Bartlett (This used to be commit 9598593bcf2d877b1d08cd6a7323ee0bc160d4ba)
* Add calls to password lockout functions. Should now work against tdbsam only.Jim McDonough2004-02-211-0/+38
| | | | (This used to be commit 3e8a9c3584ff2a3c2e120c97569676ac45ec8e59)
* Move our basic password checking code from inside the authenticationAndrew Bartlett2003-12-301-345/+1
| | | | | | | | | | | | | | | | subsystem into a seperate file - ntlm_check.c. This allows us to call these routines from ntlm_auth. The purpose of this exercise is to allow ntlm_auth (when operating as an NTLMSSP server) to avoid talking to winbind. This should allow for easier debugging. ntlm_auth itself has been reorgainised, so as to share more code between the SPNEGO-wrapped and 'raw' NTLMSSP modes. A new 'client' NTLMSSP mode has been added, for use with a Cyrus-SASL module I am writing (based on vl's work) Andrew Bartlett (This used to be commit 48315e8fd227978e0161be293ad4411b45e3ea5b)
* Refactor our authentication and authentication testing code.Andrew Bartlett2003-12-301-148/+219
| | | | | | | | | | | The next move will be to remove our password checking code from the SAM authentication backend, and into a file where other parts of samba can use it. The ntlm_auth changes provide for better use of common code. Andrew Bartlett (This used to be commit 2375abfa0077a884248c84614d5109f57dfdf5b1)
* Changes all over the shop, but all towards:Andrew Bartlett2003-11-221-19/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
* Andrew Bartlett patch to cope with Exchange 5.5 cleartext pop password auth.Jeremy Allison2003-10-241-0/+16
| | | | | Jeremy. (This used to be commit 46e66ee950eee035ad008c189cd2378f734af605)
* Tidy up some formatting. Get ready for allowing bad password lockout. (basedJeremy Allison2003-09-081-49/+38
| | | | | | on a patch posted from Richard Renard <rrenard@idealx.com>. Jeremy. (This used to be commit abf54b58e95a949cb883d4485853dc560489c03f)
* More printf portability fixes. Got caught out by some gcc'isms lastTim Potter2003-07-251-6/+6
| | | | | time. )-: (This used to be commit 59dae1da66a5eb7e128263bd578f167d8746e9f0)
* More printf fixes - size_t is long on some architectures.Tim Potter2003-07-241-4/+4
| | | | (This used to be commit ba4d334b822248d8ab929c9568533431603d967e)
* Spelling.Tim Potter2003-07-081-1/+1
| | | | (This used to be commit a9a3339b2d99dcb64b675b27255d4aa5959a1caf)
* * rename samstrict auth method to samGerald Carter2003-06-301-56/+29
| | | | | | | | * rename original sam auth method to sam_ignoredomain * remove samstrict_dc auth method (now covered by 'sam') * fix wbinfo -a '...' and getent passwd bugs when running winbindd on a samba PDC (reported by Volker) (This used to be commit 52166faee793d337e045d64f7cb27ea7ac895f60)
* Add some static. Patch by Stefan Metzmacher <metze@metzemix.de>Jelmer Vernooij2003-06-041-3/+3
| | | | (This used to be commit e1a8e9b7f3e69c7271d2b715703b2d5b2412bd42)
* Spelling.Tim Potter2003-05-261-1/+2
| | | | (This used to be commit eda897306896b729129582fdf4fdd26af555f014)
* Add samstrict_dc from metze (been sitting in HEAD for way to long waiting forAndrew Bartlett2003-05-261-0/+46
| | | | | | | | | | me to review it). This patch works well for a DC running with trusted domains, becouse it lets you check the local SAM first, but only for this domain's users. Andrew Bartlett (This used to be commit e0bd4d2844e6073a83b72925bca1aec007a8dd0b)
* spellingTim Potter2003-05-141-2/+2
| | | | (This used to be commit 865c11275685c85124b506c9bbd2a8bde2e760b9)
* When we have a NT4SP0 PDC trust us, we first have to check theVolker Lendecke2003-05-111-2/+2
| | | | | | | | | | | | password. On NT4, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT means the password was correct. So the PDC believed that he had his trust account correctly added. Later the auth2 naturally failed. BTW, setting up an interdom trust account is not what I would call well documented and easy to handle... Working on that now :-) Volker (This used to be commit e4e44cf3b18231ec5d7326fb42edec741caa147b)
* Cleanups. My NTLMv2 changes also changed the preference from using an implicitAndrew Bartlett2003-05-091-42/+42
| | | | | | | | | | | | structure-memcpy for DATA_BLOB parameters to using a pointer to that DATA_BLOB. auth_sam calls some of these functions, so I've cleaned it all up to use this format now. Also clean up some debug statements to make them easier to read. Andrew Bartlett (This used to be commit 0c355c274a6ac084e4bf15a15613dfc007d6c5fc)
* Make sure we always have some client data, not just the hash. An NTLMv2 orAndrew Bartlett2003-05-091-2/+3
| | | | | | | LMv2 response less than 24 bytes is just silly. Andrew Bartlett (This used to be commit b4ecdb2e582376d2713f81e8e32a668014905d70)
* Use NTSTATUS as return value for smb_register_*() functions and init_module()Jelmer Vernooij2003-04-281-4/+4
| | | | | function. Patch by metze with some minor modifications. (This used to be commit bc4b51bcb2daa7271c884cb83bf8bdba6d3a9b6d)
* Add support for the new modules system to auth/ (merge from HEAD)Jelmer Vernooij2003-04-161-1/+6
| | | | (This used to be commit c7a1de090db35835be1a1623bfc80c04065c5dd9)
* Merge from HEAD - allow "" as a domain in the NLTMv2 hash calculations. FixesAndrew Bartlett2003-02-161-2/+22
| | | | | | | interop with clients not in our domain. Andrew Bartlett (This used to be commit 6aa3aba3db604d481dc96c3befe066938cb1b0f3)
* Merge HEAD: check both the account and password...Andrew Bartlett2003-02-041-2/+2
| | | | | Andrew Bartlett (This used to be commit 830de56bf2f47412acfebf6c6353ab4b98c8517e)
* Merge from HEAD - updates to correctly recognise LMv2, and NT# in LM feild.Andrew Bartlett2003-01-051-33/+58
| | | | | Andrew Bartlett (This used to be commit 32a1802a99a51b033eee034d3d2ce5cf409441dc)
* Updates from HEAD:Andrew Bartlett2002-11-151-2/+2
| | | | | | | | | | | - const for PACKS() in lanman.c - change auth to 'account before password' - add help to net rpc {vampire,samsync} - configure updates for sun workshop cc - become_root() around pdb_ calls in auth_util for guest login. Andrew Bartlett (This used to be commit 43e90eb6e331d478013a9c038292f245edc51bd0)
* Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison2002-11-121-2/+2
| | | | | | | dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
* Merge from HEAD:Andrew Bartlett2002-11-081-8/+9
| | | | | | | | | | | | | | - change auth_sam to use the initialisation flags to determine if the password attributes are set - add const to secrets.c, cliconnect.c - passdb: fix spelling in pdb_ldap, add group mapping back to smbpasswd - SAMR: add debugs to show what fails for group enum. Andrew Bartlett (This used to be commit 4e74d00b3634abf52aa24bfaa6dbe88202aa57a1)
* sync'ing up for 3.0alpha20 releaseGerald Carter2002-09-251-8/+11
| | | | (This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
* sync 3.0 branch with headJelmer Vernooij2002-08-171-2/+17
| | | | (This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
* updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell2002-07-151-7/+12
| | | | (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
* "user doesn't exist" isn't worthy of a level 1 debug. Make it level 3.Andrew Bartlett2002-02-271-1/+1
| | | | (This used to be commit 339e3982bc1d2998022545e02456ec35c3b278a8)
* Removed version number from file header.Tim Potter2002-01-301-2/+1
| | | | | Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
* Commit the auth associated changes I missed from the last commit.Andrew Bartlett2002-01-151-2/+4
| | | | | | | | | Also set the default value of all the allocated strings to "" to avoid changing the interface (becouse pdb_get...() would point to a null string, rather than a null pointer and parts of samba rely on that). Andrew Bartlett (This used to be commit 5b4079f748e25f21162e21b439063249baf8dca6)
* Back out the crazy notion that the NTLMSSP flags actually mean anything...Andrew Bartlett2002-01-111-7/+7
| | | | | | | | | Replace this with some flags that *we* define. We can do a mapping later if we actually get some more reliable info about what passwords are actually valid. Andrew Bartlett (This used to be commit 7f7a42c3e4d5798ac87ea16a42e4976c3778a76b)
* I've decided to move the auth code around a bit more...Andrew Bartlett2002-01-051-28/+30
| | | | | | | | | | | | | | | | | | | | | | | | | The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
* debug statement fixups.Jeremy Allison2002-01-021-16/+16
| | | | | | Merge SAFE_FREE fix in tdb from 2.2, and IRIX fix. Jeremy. (This used to be commit eb6607466565bcd5b3800492d0bc1ae8a44da4f6)
* A farily large commit:Andrew Bartlett2002-01-011-15/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Move rpc_client/cli_trust.c to smbd/change_trust_pw.c - It hasn't been used by anything else since smbpasswd lost its -j - Add a TALLOC_CTX to the auth subsytem. These are only valid for the length of the calls to the individual modules, if you want a longer context hide it in your private data. Similarly, all returns (like the server_info) should still be malloced. - Move the 'ntdomain' module (security=domain in oldspeak) over to use the new libsmb domain logon code. Also rework much of the code to use some better helper functions for the connection - getting us much better error returns (the new code is NTSTATUS). The only remaining thing to do is to figure out if tpot's 0xdead 0xbeef for the LUID feilds is sufficient, or if we should do random LUIDs as per the old code. Similarly, I'll move winbind over to this when I get a chance. This leaves the SPOOLSS code and some cli_pipe code as the only stuff still in rpc_client, at least as far as smbd is concerned. While I've given this a basic rundown, any testing is as always appriciated. Andrew Bartlett (This used to be commit d870edce76ecca259230fbdbdacd0c86793b4837)
* A number of things to clean up the auth subsytem a bit...Andrew Bartlett2001-11-261-1/+36
| | | | | | | | | | | | | | | | | | | | | | | | We now default encrypt passwords = yes We now check plaintext passwords (however aquired) with the 'sam' backend rather than unix, if encrypt passwords = yes. (this kills off the 'local' backed. The sam backend may be renamed in its place) The new 'samstrict' wrapper backend checks that the user's domain is one of our netbios aliases - this ensures that we don't get fallback crazies with security = domain. Similarly, the code in the 'ntdomain' and 'smbserver' backends now checks that the user was not local before contacting the DC. The default ordering has changed, we now check the local stuff first - but becouse of the changes above, we will really only ever contact one auth source. Andrew Bartlett (This used to be commit e89b47f65e7eaf5eb288a3d6ba2d3d115c628e7e)
* challange -> challengeTim Potter2001-11-261-4/+4
| | | | (This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)
* This is another rather major change to the samba authenticaionAndrew Bartlett2001-11-241-31/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
* Add back the not null checks in a better place.Andrew Bartlett2001-11-111-1/+7
| | | | | Check the pdb_init_sam() for failure. (This used to be commit 1808cd5210258bddc349f13a7bcf20a3f46aa672)
* make sam_account_ok static.Andrew Bartlett2001-11-111-32/+29
| | | | | | | remove rudundent not null checks fix indenting (This used to be commit 3eada888fddb1f0cb7c0ed7037eb1c60e7988ad9)
* Minor cleanups/fixes in the NTLMv2 codeAndrew Bartlett2001-11-031-6/+2
| | | | (This used to be commit 253790f6d71653b572c0174113b8559820de6bdd)
* This is a farily large patch (3300 lines) and reworks most of the AuthRewriteAndrew Bartlett2001-10-311-75/+153
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
* Fix up auth_smbpasswd.c to use the password interface, rather than theAndrew Bartlett2001-10-291-8/+8
| | | | | | | structures directly. Andrew Bartlett (This used to be commit c2dc24ab6370236437b72b929e2a56e174163d78)
* This commit is number 4 of 4.Andrew Bartlett2001-10-291-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In particular this commit focuses on: Actually adding the 'const' to the passdb interface, and the flow-on changes. Also kill off the 'disp_info' stuff, as its no longer used. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes introduces a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username --- This finishes this line of commits off, your tree should now compile again :-) Andrew Bartlett (This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
* more compiler warningsHerb Lewis2001-10-231-1/+1
| | | | (This used to be commit 12c10e876ea528fdf33e8ecfe42ab0ebb346b143)
* print in a human readable format when the password expired.Jean-François Micouleau2001-10-191-1/+1
| | | | | J.F. (This used to be commit 255b197a5c92bfc18a567613bbffb013fd0a834d)
* Fix up indenting in out SAM password check code.Andrew Bartlett2001-10-061-46/+49
| | | | (This used to be commit ac11a23125270dd136290370b1cf0124e943a101)
* Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter2001-10-021-5/+0
| | | | (This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)