diff options
author | Andrew Bartlett <abartlet@samba.org> | 2001-08-03 13:09:23 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2001-08-03 13:09:23 +0000 |
commit | 986372901e85a79343ba32f590a4a3e7658d2565 (patch) | |
tree | 19c863631c1c0da0535adf090dbb4c566e7e9d3b /source3/param | |
parent | 8dad2a1310c6dc908934ac836377cbfed8f7a010 (diff) | |
download | samba-986372901e85a79343ba32f590a4a3e7658d2565.tar.gz samba-986372901e85a79343ba32f590a4a3e7658d2565.tar.bz2 samba-986372901e85a79343ba32f590a4a3e7658d2565.zip |
This is my 'Authentication Rewrite' version 1.01, mostly as submitted to
samba-technical a few weeks ago.
The idea here is to standardize the checking of user names and passwords,
thereby ensuring that all authtentications pass the same standards. The
interface currently implemented in as
nt_status = check_password(user_info, server_info)
where user_info contains (mostly) the authentication data, and server_info
contains things like the user-id they got, and their resolved user name.
The current ugliness with the way the structures are created will be killed
the next revision, when they will be created and malloced by creator functions.
This patch also includes the first implementation of NTLMv2 in HEAD, but which
needs some more testing. We also add a hack to allow plaintext passwords to be
compared with smbpasswd, not the system password database.
Finally, this patch probably reintroduces the PAM accounts bug we had in
2.2.0, I'll fix that once this hits the tree. (I've just finished testing
it on a wide variety of platforms, so I want to get this patch in).
(This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)
Diffstat (limited to 'source3/param')
-rw-r--r-- | source3/param/loadparm.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index c4073569a3..3fdb884a51 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -252,6 +252,8 @@ typedef struct BOOL bAllowTrustedDomains; BOOL bRestrictAnonymous; BOOL bLanmanAuth; + BOOL bNTLMAuth; + BOOL bPlaintextToSmbpasswd; BOOL bDebugHiresTimestamp; BOOL bDebugPid; BOOL bDebugUid; @@ -676,6 +678,8 @@ static struct parm_struct parm_table[] = { {"unix password sync", P_BOOL, P_GLOBAL, &Globals.bUnixPasswdSync, NULL, NULL, 0}, {"restrict anonymous", P_BOOL, P_GLOBAL, &Globals.bRestrictAnonymous, NULL, NULL, 0}, {"lanman auth", P_BOOL, P_GLOBAL, &Globals.bLanmanAuth, NULL, NULL, 0}, + {"ntlm auth", P_BOOL, P_GLOBAL, &Globals.bNTLMAuth, NULL, NULL, 0}, + {"plaintext to smbpasswd", P_BOOL, P_GLOBAL, &Globals.bPlaintextToSmbpasswd, NULL, NULL, 0}, {"use rhosts", P_BOOL, P_GLOBAL, &Globals.bUseRhosts, NULL, NULL, 0}, {"username", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE}, @@ -1265,6 +1269,8 @@ static void init_globals(void) Globals.bStatCache = True; /* use stat cache by default */ Globals.bRestrictAnonymous = False; Globals.bLanmanAuth = True; /* Do use the LanMan hash if it is available */ + Globals.bNTLMAuth = True; /* Do use NTLMv1 if it is available (otherwise NTLMv2) */ + Globals.bPlaintextToSmbpasswd = False; /* Check the passwords with smbpasswd, even if in plaintext */ Globals.map_to_guest = 0; /* By Default, "Never" */ Globals.min_passwd_length = MINPASSWDLENGTH; /* By Default, 5. */ Globals.oplock_break_wait_time = 0; /* By Default, 0 msecs. */ @@ -1540,6 +1546,8 @@ FN_GLOBAL_BOOL(lp_stat_cache, &Globals.bStatCache) FN_GLOBAL_BOOL(lp_allow_trusted_domains, &Globals.bAllowTrustedDomains) FN_GLOBAL_BOOL(lp_restrict_anonymous, &Globals.bRestrictAnonymous) FN_GLOBAL_BOOL(lp_lanman_auth, &Globals.bLanmanAuth) +FN_GLOBAL_BOOL(lp_ntlm_auth, &Globals.bNTLMAuth) +FN_GLOBAL_BOOL(lp_plaintext_to_smbpasswd, &Globals.bPlaintextToSmbpasswd) FN_GLOBAL_BOOL(lp_host_msdfs, &Globals.bHostMSDfs) FN_GLOBAL_BOOL(lp_kernel_oplocks, &Globals.bKernelOplocks) FN_GLOBAL_BOOL(lp_enhanced_browsing, &Globals.enhanced_browsing) |