summaryrefslogtreecommitdiff
path: root/source3/auth/auth.c
AgeCommit message (Collapse)AuthorFilesLines
2012-06-15s3-auth: rework default auth methods around the lp_server_role() parameterAndrew Bartlett1-17/+23
To cover all the enum values, ROLE_ACTIVE_DIRECTORY_DOMAIN_CONTROLLER is mapped to the samba4 auth module, and this is no longer required to be specified in fileserver.conf. Andrew Bartlett
2012-06-15s3-auth: Merge SEC_DOMAIN and SEC_ADS cases in creating the default auth ↵Andrew Bartlett1-7/+2
module list
2012-05-15s3-auth: remove "security=server" (depricated since 3.6)Stefan Metzmacher1-6/+0
"security=server" has a lot of problems in the world with modern security (ntlmv2 and krb5). It was also not very reliable, as it needed a stable connection to the password server for the lifetime of the whole client connection! Please use "security=domain" or "security=ads" is you authentication against remote servers (domain controllers). metze -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SERVER | | security=server | | | | | | 12 May | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-03-08s3-auth: Remove single-implementation plugin layerAndrew Bartlett1-8/+5
The ->get_ntlm_challenge and ->check_ntlm_password elements of struct auth_context were only ever initialised to a single value. Make it easier to follow by just calling the function directly. Andrew Bartlett
2012-03-04s3-auth: Remove security=share (depricated since 3.6).Andrew Bartlett1-11/+0
This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-02-24s3-auth: Add a way to get an auth4_context from the auth stackAndrew Bartlett1-2/+4
This will allow us to use the same layer that auth_ntlmssp does in the non-SPNEGO session setup, which will in turn make the authentication code more consistent in the AD server case. Andrew Bartlett
2012-01-05s3-auth re-create the auth context in the s3 ntlmssp server moduleAndrew Bartlett1-2/+0
This removes the abstraction violation in auth_generic.c. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-08-03selftest: test plugin_s4_dc against all ncacn_np testsAndrew Bartlett1-1/+2
Changes to the s3 epmapper behaviour seem to have fixed the rest of these tests. Andrew Bartlett
2011-08-03s3-ntlmssp Split calls to gensec plugin into prepare and startAndrew Bartlett1-2/+3
GENSEC has the concept of starting the GENSEC subsystem before starting the actual mechansim. Between these two stages is when most context methods are called, to specify credentials and features. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-auth Allow auth modules to provide an initialised GENSEC contextAndrew Bartlett1-2/+9
This will allow auth plugins such as auth_samba4 to provide an initialised GENSEC context to auth subsystem callers. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-13s3-auth: Fix account check over ncalrpc.Andreas Schneider1-5/+9
2011-07-08s3:auth: remove unused variableStefan Metzmacher1-1/+0
metze
2011-07-04s3-auth: Pass the remote_address down to user_info.Andreas Schneider1-4/+12
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-03-30s3-auth: use auth.h where needed.Günther Deschner1-0/+1
Guenther
2010-09-26s3: Lift talloc_autofree_context() from make_auth_context_fixed()Volker Lendecke1-3/+4
2010-09-26s3: Lift talloc_autofree_context() from make_auth_context_subsystem()Volker Lendecke1-4/+6
2010-09-26s3: Lift talloc_autofree_context() from make_auth_context_text_list()Volker Lendecke1-3/+6
2010-09-26s3: Lift talloc_autofree_context() from make_auth_context()Volker Lendecke1-3/+7
2010-08-22s3: Pass the rhost through smb_pam_accountcheckVolker Lendecke1-1/+4
2010-08-22s3: Rename auth.c:backends to auth_backendsVolker Lendecke1-4/+4
2010-08-14s3:auth Whitespace fixes after auth mergeAndrew Bartlett1-1/+1
2010-08-14s3:auth Make Samba3 use the new common struct auth_usersupplied_infoAndrew Bartlett1-3/+3
This common structure will make it much easier to produce an auth module for s3compat that calls Samba4's auth subsystem. In order the make the link work properly (and not map twice), we mark both that we did try and map the user, as well as if we changed the user during the mapping. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-07-19s3-auth: Simplify how we free the auth_contextSimo Sorce1-16/+18
Turn the freeing function into a destructor and attach it to the auth_context. Make all callers TALLOC_FREE() the auth_context instead of calling the free function. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth Rename user_info->domain -> user_info->mapped.domain_nameAndrew Bartlett1-4/+4
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->client_domain -> user_info->client.domain_nameAndrew Bartlett1-1/+1
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->internal_username -> user_info->mapped.account_nameAndrew Bartlett1-7/+7
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->smb_name -> user_info->client.account_nameAndrew Bartlett1-7/+7
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-01s3:auth Rename wksta_name -> workstation_name in auth_usersupplied_infoAndrew Bartlett1-2/+2
2010-05-13s3:auth Make get_ntlm_challenge more like Samba4Andrew Bartlett1-2/+3
This helps with the upcoming NTLMSSP merge, and allows errors to be returned. Andrew Bartlett
2010-04-11s3: Make "auth_context" its own talloc parentVolker Lendecke1-12/+6
Remove "mem_ctx" from "struct auth_context"
2009-07-16Remove an unused talloc context.Jeremy Allison1-8/+2
Jeremy.
2009-02-21Fix some nonempty blank linesVolker Lendecke1-31/+31
2009-02-21Remove the static "chal" from ntlmssp.c:get_challenge()Volker Lendecke1-6/+8
2008-11-06Add wrapper str_list_make_v3() to replace the old S3 behavior ofJeremy Allison1-8/+8
str_list_make(). From Dan Sledz <dan.sledz@isilon.com>: In samba 3.2 passing NULL or an empty string returned NULL. In master, it now returns a list of length 1 with the first string set to NULL (an empty list). Jeremy.
2008-10-12Use common strlist implementation in Samba 3 and Samba 4.Jelmer Vernooij1-2/+2
2008-04-09Fix typos.Karolin Seeger1-1/+1
Karolin (This used to be commit 6cee34703503fbf3629057345fe221b866560648)
2008-02-04Always pass a TALLOC_CTX to str_list_make and str_list_copyVolker Lendecke1-10/+26
(This used to be commit e2c9fc4cf5f0ff725330fa44f53782db65fca37e)
2008-02-04tiny simplificationVolker Lendecke1-5/+3
(This used to be commit 22e49ef2c0c9b641068ac5419b9c82fb97d3e8e6)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-4/+4
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; andVolker Lendecke1-1/+1
replace all data_blob(NULL, 0) calls. (This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
2007-10-10r22001: change prototype of dump_data(), so that it takes unsigned char * now,Stefan Metzmacher1-4/+4
which matches what samba4 has. also fix all the callers to prevent compiler warnings metze (This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
2007-10-10r21870: Move sending auth_server keepalives out of the main loop into an ↵Volker Lendecke1-4/+1
idle event. Volker (This used to be commit 6226b30f38cd82531422815ba66a687aab50028d)
2007-10-10r18605: sync dlinklist.h with samba4, that means DLIST_ADD_END()Stefan Metzmacher1-2/+1
and DLIST_DEMOTE() now take the type of the tmp pointer not the tmp pointer itself anymore. metze (This used to be commit 2f58645b7094e81dff3734f11aa183ea2ab53d2d)
2007-10-10r15283: Oh yeah. The build farm doesn't do much with head. OK, here is the ↵Paul Green1-0/+2
patch to SAMBA_3_0 to declare prototypes for the initialization functions. These are the same changes I just made to head. --paulg (This used to be commit 17774387ad879b6a72dd1cf406326318add31b04)
2007-10-10r13576: This is the beginnings of moving the SAM_ACCOUNT data structureGerald Carter1-1/+1
to make full use of the new talloc() interface. Discussed with Volker and Jeremy. * remove the internal mem_ctx and simply use the talloc() structure as the context. * replace the internal free_fn() with a talloc_destructor() function * remove the unnecessary private nested structure * rename SAM_ACCOUNT to 'struct samu' to indicate the current an upcoming changes. Groups will most likely be replaced with a 'struct samg' in the future. Note that there are now passbd API changes. And for the most part, the wrapper functions remain the same. While this code has been tested on tdb and ldap based Samba PDC's as well as Samba member servers, there are probably still some bugs. The code also needs more testing under valgrind to ensure it's not leaking memory. But it's a start...... (This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-10/+10
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison1-2/+2
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-1/+1
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)