summaryrefslogtreecommitdiffstats
path: root/source3/auth
Commit message (Collapse)AuthorAgeFilesLines
...
* s3-auth: Use the gensec-supplied DNS domain name and hostname.Andrew Bartlett2012-02-172-28/+76
| | | | | | | | Also have a reasonable fallback for when it is not set. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Allow NTLMSSP features to be disabled with smb.conf options for testingAndrew Bartlett2012-02-171-9/+23
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Use the lpcfg_ wrapper calls to set some variablesAndrew Bartlett2012-02-171-31/+10
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Remove a layer of indirection and reorder to match ↵Andrew Bartlett2012-02-171-18/+15
| | | | gensec_ntlmssp_server_start()
* s3-auth: Only allow LM_KEY cryptography when extra options are setAndrew Bartlett2012-02-171-1/+6
| | | | | | | | | | This crypto is incredibly poor, and can technically be enabled on an otherwise more secure connection that uses NTLM for the actual authentication leg. Therefore disable it by default. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Inline ntlmssp_server_start() into gensec_ntlmssp3_server_start()Andrew Bartlett2012-02-171-9/+60
| | | | | | | | This will help syncing this rotuine up with gensec_ntlmssp_server_start(). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Use the common gensec_ntlmssp_update in gensec_ntlmssp3_serverAndrew Bartlett2012-02-171-21/+1
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Use common gensec_ntlmssp server functions for more of ↵Andrew Bartlett2012-02-171-182/+2
| | | | | | | | | | | gensec_ntlmssp3_server This is possible because we now supply the auth4_context abstraction that this code is looking for. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Add extra error messages on authentication or authorization failureAndrew Bartlett2012-02-171-0/+16
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Hook checking passwords and generating session_info via the ↵Andrew Bartlett2012-02-173-59/+259
| | | | | | | | | | | | | | auth4_context This avoids creating a second auth_context, as it is a private pointer in the auth4_context that has already been passed in, and makes the gensec_ntlmssp code agnostic to the type of authentication backend behind it. This will in turn allow the ntlmssp server code to be further merged. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* Rename obscure defined constants.Christopher R. Hertel (crh)2012-02-161-2/+2
| | | | | | | | | | | | | | | Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT. Also replaced several hard-coded references to the well-known port numbers (139 and 445, respectively) as appropriate. Small changes to clarify some comments regarding the two transport types. Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
* s3-auth: On successful user mapping set mapped_to_guest to false.Sumit Bose2012-02-131-0/+1
| | | | | Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Mon Feb 13 13:09:10 CET 2012 on sn-devel-104
* s3-auth Add const to make_user_info_mapAndrew Bartlett2012-02-082-4/+4
|
* s3:auth: fill the sids array of the info3 in ↵Stefan Metzmacher2012-02-021-0/+53
| | | | | | | | | | | | | wbcAuthUserInfo_to_netr_SamInfo3() (bug #8739) Originally, only the rid array was filled and foreign domain sids were omitted. Pair-Programmed-With: Michael Adam <obnox@samba.org> metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Feb 2 12:59:32 CET 2012 on sn-devel-104
* s3:auth: fix potential gap creation in wbcsids_to_samr_RidWithAttributeArray()Stefan Metzmacher2012-02-021-4/+5
| | | | | | Pair-Programmed-With: Michael Adam <obnox@samba.org> metze
* s3:auth/auth_generic: make use of gensec_spnego in the serverStefan Metzmacher2012-01-311-4/+9
| | | | metze
* s3-auth: Remove duplicate check for NT_STATUS_IS_OK(nt_status)Andrew Bartlett2012-01-301-4/+0
| | | | | Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Jan 30 09:38:47 CET 2012 on sn-devel-104
* auth: Make check_password and generate_session_info hook genericAndrew Bartlett2012-01-301-14/+19
| | | | | | | | gensec_ntlmssp does not need to know the internal form of the struct user_info_dc or auth_serversupplied_info. This will allow the calling logic to be put in common. Andrew Bartlett
* s3-pdb: Break SECRETS3 dependency on PDB.Simo Sorce2012-01-271-1/+1
| | | | | | | | | | | | | | | This is causing circular depdnendcies that bring libpdb in all code and this is BAD. This change 'protects' the sid and guid of the domain by adding a special key that makes them effectively read only. Limit this temporarily to the samba 4 build, once it gets some good testing the samba4 ifdefs can be dropped. fix pdb dependencies Signed-off-by: Andreas Schneider <asn@samba.org>
* s3:auth/auth_generic: for now call sub_set_smb_name() and lp_load()Stefan Metzmacher2012-01-261-0/+6
| | | | | | | | | This matches the auth_ntlmssp case and the smbd/sesssetup.c code. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 26 17:58:17 CET 2012 on sn-devel-104
* s3-gensec: Add hook to allow gensec to know if kerberos is permittedAndrew Bartlett2012-01-181-0/+24
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-librpc Call GSSAPI via the auth_generic layer and gensecAndrew Bartlett2012-01-181-1/+6
| | | | | | | | | | This simplifies a lot of code, as we know we are always dealing with a struct gensec_security, and allows the gensec module being used to implement GSSAPI to be swapped when required for AD-server operation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Match session setup handling of krb5, store the PACAndrew Bartlett2012-01-181-1/+4
| | | | | | | | | This will allow non-krb5 services to get the full user groups without need to do an online s4u2self. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Add auth hook for PAC parsingAndrew Bartlett2012-01-181-2/+128
| | | | | | | | | | | This will allow gensec_gse to parse the PAC. This is a copy from source3/rpc_server/dcesrv_generic.c to preserve behaviour. A future commit will enable the samlogon cache. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-waf: auth_netlogond depends on tldap.Andreas Schneider2012-01-121-0/+1
| | | | | Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Thu Jan 12 17:33:10 CET 2012 on sn-devel-104
* s3-auth Remove more unused headersAndrew Bartlett2012-01-051-3/+0
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth remove unused ntlmssp.hAndrew Bartlett2012-01-051-1/+0
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Remove ntlmssp_wrap.h which is no longer requiredAndrew Bartlett2012-01-052-2/+0
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth use gensec directly rather than via auth_generic_stateAndrew Bartlett2012-01-052-44/+24
| | | | | | | | | This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Set remote address for both AD and s3 gensec modesAndrew Bartlett2012-01-051-2/+0
|
* s3-auth re-create the auth context in the s3 ntlmssp server moduleAndrew Bartlett2012-01-054-61/+8
| | | | | | | | This removes the abstraction violation in auth_generic.c. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Add TALLOC_CTX * to auth_generic_prepare()Andrew Bartlett2012-01-052-3/+4
| | | | | | | | | This makes the long term owner of this memory more clear. So far only the clear cases have been moved from NULL however. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth supply s3 ntlmssp module via gensec_settingsAndrew Bartlett2012-01-051-24/+11
| | | | | | | | | This will allow the supply of multiple modules in future without duplicating the module selection logic. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Fix talloc parent for s4 event context in auth_samba4Andrew Bartlett2011-12-281-1/+1
|
* s3-auth: Remove protype for already-removed auth_ntlmssp_startAndrew Bartlett2011-12-281-1/+0
|
* s3-auth split the auth_generic functions into a seperate fileAndrew Bartlett2011-12-223-158/+191
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth remove auth_ntlmssp_start(), call auth_generic_start() directlyAndrew Bartlett2011-12-221-5/+0
| | | | | | | | This makes it clear that this can support more than just NTLMSSP. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()Andrew Bartlett2011-12-222-3/+3
| | | | | | | | | This function handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth rename auth_ntlmssp_state -> auth_generic_stateAndrew Bartlett2011-12-222-10/+10
| | | | | | | | | This structure handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Restore shortcut for guest security tokenAndrew Bartlett2011-12-221-11/+11
| | | | | | | | | | | | | | This was lost when the server_info and session_info structures were split. This helps avoid doing lookups for the guest account to determine the uid/gid and SID values. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Dec 22 15:51:09 CET 2011 on sn-devel-104
* s3:auth: s/Undefined/SMB_SIGNING_DEFAULT/Stefan Metzmacher2011-11-032-2/+3
| | | | metze
* s3-waf: convert libcli_netlogon3 into a private library.Günther Deschner2011-11-021-1/+1
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Nov 2 18:34:55 CET 2011 on sn-devel-104
* s3-waf: move trusts_util.c code into a private library.Günther Deschner2011-11-021-2/+2
| | | | Guenther
* idl: Improve MS-PAC IDLSimo Sorce2011-10-243-15/+15
| | | | | | | | | | Change some misleading variable names to reflect the actual function. Add missing field name/types previously marked as unkown. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
* s3-auth remove auth_ntlmssp_session_info()Andrew Bartlett2011-10-212-14/+0
| | | | | | | | Instead, call gensec_session_info() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth move the s3 auth context onto gensec_ntlmssp once we startAndrew Bartlett2011-10-181-2/+2
| | | | | | | | | We do not need it on the auth_ntlmssp_state any longer. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 18 13:54:36 CEST 2011 on sn-devel-104
* s3:auth_util: add the uid with WBC_ID_TYPE_BOTH also to the group arrayStefan Metzmacher2011-10-181-2/+4
| | | | | | This will help with having "sidHistory" support in future. metze
* gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett2011-10-181-1/+2
| | | | | | | | | | | | This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-ntlmssp Implement the server-side auth_ntlmssp code as a GENSEC moduleAndrew Bartlett2011-10-182-85/+228
| | | | | | | | | | | This uses the top level gensec_ntlmssp helper functions which are identical to the parts of ntlmssp_wrap.c that are now not called. (Includes formatting and correctness fixes from Metze) Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett2011-10-181-1/+1
| | | | | | | | | This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
generated by cgit (git 2.34.1) at 2025-09-30 08:13:48 +0000