summaryrefslogtreecommitdiffstats
path: root/source3/auth
Commit message (Collapse)AuthorAgeFilesLines
...
* s3-librpc Call GSSAPI via the auth_generic layer and gensecAndrew Bartlett2012-01-181-1/+6
| | | | | | | | | | This simplifies a lot of code, as we know we are always dealing with a struct gensec_security, and allows the gensec module being used to implement GSSAPI to be swapped when required for AD-server operation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Match session setup handling of krb5, store the PACAndrew Bartlett2012-01-181-1/+4
| | | | | | | | | This will allow non-krb5 services to get the full user groups without need to do an online s4u2self. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Add auth hook for PAC parsingAndrew Bartlett2012-01-181-2/+128
| | | | | | | | | | | This will allow gensec_gse to parse the PAC. This is a copy from source3/rpc_server/dcesrv_generic.c to preserve behaviour. A future commit will enable the samlogon cache. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-waf: auth_netlogond depends on tldap.Andreas Schneider2012-01-121-0/+1
| | | | | Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Thu Jan 12 17:33:10 CET 2012 on sn-devel-104
* s3-auth Remove more unused headersAndrew Bartlett2012-01-051-3/+0
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth remove unused ntlmssp.hAndrew Bartlett2012-01-051-1/+0
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Remove ntlmssp_wrap.h which is no longer requiredAndrew Bartlett2012-01-052-2/+0
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth use gensec directly rather than via auth_generic_stateAndrew Bartlett2012-01-052-44/+24
| | | | | | | | | This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Set remote address for both AD and s3 gensec modesAndrew Bartlett2012-01-051-2/+0
|
* s3-auth re-create the auth context in the s3 ntlmssp server moduleAndrew Bartlett2012-01-054-61/+8
| | | | | | | | This removes the abstraction violation in auth_generic.c. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Add TALLOC_CTX * to auth_generic_prepare()Andrew Bartlett2012-01-052-3/+4
| | | | | | | | | This makes the long term owner of this memory more clear. So far only the clear cases have been moved from NULL however. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth supply s3 ntlmssp module via gensec_settingsAndrew Bartlett2012-01-051-24/+11
| | | | | | | | | This will allow the supply of multiple modules in future without duplicating the module selection logic. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Fix talloc parent for s4 event context in auth_samba4Andrew Bartlett2011-12-281-1/+1
|
* s3-auth: Remove protype for already-removed auth_ntlmssp_startAndrew Bartlett2011-12-281-1/+0
|
* s3-auth split the auth_generic functions into a seperate fileAndrew Bartlett2011-12-223-158/+191
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth remove auth_ntlmssp_start(), call auth_generic_start() directlyAndrew Bartlett2011-12-221-5/+0
| | | | | | | | This makes it clear that this can support more than just NTLMSSP. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()Andrew Bartlett2011-12-222-3/+3
| | | | | | | | | This function handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth rename auth_ntlmssp_state -> auth_generic_stateAndrew Bartlett2011-12-222-10/+10
| | | | | | | | | This structure handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Restore shortcut for guest security tokenAndrew Bartlett2011-12-221-11/+11
| | | | | | | | | | | | | | This was lost when the server_info and session_info structures were split. This helps avoid doing lookups for the guest account to determine the uid/gid and SID values. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Dec 22 15:51:09 CET 2011 on sn-devel-104
* s3:auth: s/Undefined/SMB_SIGNING_DEFAULT/Stefan Metzmacher2011-11-032-2/+3
| | | | metze
* s3-waf: convert libcli_netlogon3 into a private library.Günther Deschner2011-11-021-1/+1
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Nov 2 18:34:55 CET 2011 on sn-devel-104
* s3-waf: move trusts_util.c code into a private library.Günther Deschner2011-11-021-2/+2
| | | | Guenther
* idl: Improve MS-PAC IDLSimo Sorce2011-10-243-15/+15
| | | | | | | | | | Change some misleading variable names to reflect the actual function. Add missing field name/types previously marked as unkown. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
* s3-auth remove auth_ntlmssp_session_info()Andrew Bartlett2011-10-212-14/+0
| | | | | | | | Instead, call gensec_session_info() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth move the s3 auth context onto gensec_ntlmssp once we startAndrew Bartlett2011-10-181-2/+2
| | | | | | | | | We do not need it on the auth_ntlmssp_state any longer. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 18 13:54:36 CEST 2011 on sn-devel-104
* s3:auth_util: add the uid with WBC_ID_TYPE_BOTH also to the group arrayStefan Metzmacher2011-10-181-2/+4
| | | | | | This will help with having "sidHistory" support in future. metze
* gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett2011-10-181-1/+2
| | | | | | | | | | | | This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-ntlmssp Implement the server-side auth_ntlmssp code as a GENSEC moduleAndrew Bartlett2011-10-182-85/+228
| | | | | | | | | | | This uses the top level gensec_ntlmssp helper functions which are identical to the parts of ntlmssp_wrap.c that are now not called. (Includes formatting and correctness fixes from Metze) Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett2011-10-181-1/+1
| | | | | | | | | This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Add my copyrightAndrew Bartlett2011-10-181-1/+1
| | | | | | I have done plenty of work here, I deserve some of the blame :-) Andrew Bartlett
* Fix uninitialized memory problem in group_sids_to_info3 (fixes bug #8455).Wilco Baan Hofman2011-10-171-2/+2
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Oct 17 23:32:58 CEST 2011 on sn-devel-104
* s3-auth: remove dead prototype.Günther Deschner2011-10-171-1/+0
| | | | Guenther
* s3-auth: token_util needs system/passwd.h.Günther Deschner2011-10-141-0/+1
| | | | Guenther
* s4-messaging: Pass the loadparm context, not just the messaging pathAndrew Bartlett2011-10-131-1/+1
| | | | | | This will allow the TDB layer to get at the lp_ctx for tdb options. Andrew Bartlett
* auth: move credentials layer to the top levelAndrew Bartlett2011-10-111-1/+1
| | | | | | | | This will allow gensec_start.c to move to the top level. This does not change what code uses the cli_credentials code, but allows the gensec code to be more broadly. Andrew Bartlett
* s3-winbindd: add support for idmap type WBC_ID_TYPE_BOTHAndrew Tridgell2011-09-231-1/+2
| | | | | | | | | | | | this allows the s3 code to understand and cache responses from the s4 winbindd which may include a single SID mapped to both a uid and a gid Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Fri Sep 23 01:47:54 CEST 2011 on sn-devel-104
* s4:auth - remove unused variablesMatthias Dieter Wallnöfer2011-09-191-1/+0
| | | | Reviewed-by: Jelmer
* s3: Fix bug 8455 -- Samba PDC is looking up only primary user groupVolker Lendecke2011-09-171-7/+7
| | | | | | | | | group_sids_to_info3 does a sid_peek_check_rid on the domain sid before adding the rids to the array. If the domain sid is 0x0, then the check will always fail. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sat Sep 17 00:51:27 CEST 2011 on sn-devel-104
* s3:auth_server: make use of cli_state_server_challenge()Stefan Metzmacher2011-09-151-7/+5
| | | | metze
* s3:libsmb: pass max_protocol to cli_negprot()Stefan Metzmacher2011-09-151-1/+1
| | | | metze
* s3:auth_server: make use of cli_state_security_mode()Stefan Metzmacher2011-09-131-3/+9
| | | | metze
* Move the talloc_move call until *after* the check on status. Don't want to ↵Jeremy Allison2011-09-121-3/+3
| | | | | | | | | move something that might be invalid. Makes the code match what is currently in 3.6.x. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Sep 12 22:21:24 CEST 2011 on sn-devel-104
* s3-auth: fix uninitialized server_infoSumit Bose2011-09-121-0/+4
| | | | | | | Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Sep 12 17:44:46 CEST 2011 on sn-devel-104
* s3:libsmb: pass CLI_FULL_CONNECTION_* flags via cli_connect_nb()Stefan Metzmacher2011-09-081-4/+3
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Sep 8 10:21:50 CEST 2011 on sn-devel-104
* s3-ntlmssp Remove a level of nesting in if/else statementAndrew Bartlett2011-08-031-3/+2
|
* selftest: test plugin_s4_dc against all ncacn_np testsAndrew Bartlett2011-08-034-1/+41
| | | | | | | Changes to the s3 epmapper behaviour seem to have fixed the rest of these tests. Andrew Bartlett
* s3-ntlmssp clarify session key behaviour after create_local_token() changesAndrew Bartlett2011-08-031-2/+1
|
* s3-ntlmssp Remove auth_ntlmssp_state_destructor, use the talloc tree insteadAndrew Bartlett2011-08-031-16/+5
|
* s3-auth directly return the result of make_server_info_guest()Andrew Bartlett2011-08-031-2/+2
|
* s3-auth rename auth_ntlmssp_steal_session_info()Andrew Bartlett2011-08-032-6/+6
| | | | | | | | There is no longer any theft of memory as the underlying routines now produce a new auth_session_info for this caller, allocating it on the supplied memory context. Andrew Bartlett
generated by cgit (git 2.34.1) at 2025-09-01 04:04:37 +0000