summaryrefslogtreecommitdiff
path: root/source3/auth/auth.c
AgeCommit message (Collapse)AuthorFilesLines
2003-11-23(Merge from 3.0)Andrew Bartlett1-2/+13
Patch by emil@disksites.com <Emil Rasamat> to ensure we always always free() each auth method. (We had relied on the use of talloc() only, despite providing the free() callback) Andrew Bartlett (This used to be commit 58c4963a8389dff4d925548217fabed1c9932abd)
2003-11-22(merge from 3.0)Andrew Bartlett1-0/+3
Changes all over the shop, but all towards: - NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... Andrew Bartlett (This used to be commit 57a895aaabacc0c9147344d097d333793b77c947)
2003-09-09sync 3.0 into HEAD for the last timeGerald Carter1-4/+4
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
2003-08-02port latest changes from SAMBA_3_0 treeSimo Sorce1-1/+1
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
2003-07-16trying to get HEAD building again. If you want the codeGerald Carter1-23/+36
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE (This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
2003-05-15Patch from Luke Howard <lukeh@PADL.COM> that fixes some weird handling ofJelmer Vernooij1-9/+17
modules in auth/ (This used to be commit 3d804efe76335cd09640a82c0326dbf3eb83fe04)
2003-05-01Use ints for the version numbers in the smb_register_*() functions (patch by ↵Jelmer Vernooij1-1/+1
metze) (This used to be commit 3895571eeef81db7ce4c71e85b0be5c235b16efd)
2003-04-28Use NTSTATUS as return value for smb_register_*() functions and init_module()Jelmer Vernooij1-12/+19
function. Patch by metze with some minor modifications. (This used to be commit f4576757d1d52a8f1b96894c869bb76450003fd1)
2003-04-16Cause the winbind auth module to call the ntdomain module if winbind is notAndrew Bartlett1-40/+51
running. This causes Samba not to contact the NT domain controller if Winbind is there, but the user had the wrong password. Andrew Bartlett (This used to be commit 119a1c276a05d0017f39cc0b7118f12a4f51886e)
2003-04-07We never actually got an 'ads' auth module, so don't send the auth subsystemAndrew Bartlett1-1/+1
off on a wild probing spree looking for it. Andrew Bartlett (This used to be commit 7c7c5594b3dfd460d09bccd409ccbf64c6b42338)
2003-03-25Make auth.c compile again. I'm not sure what this does though...Volker Lendecke1-2/+3
Volker (This used to be commit 8e3f300f21e23b7e6b68ddcc45d581a962cd8aa4)
2003-03-24- Add support to auth/ for the new modules systemJelmer Vernooij1-35/+59
- Quite some small fixes (also fixes the build) (This used to be commit 3defbd5e0633acfa4631531b49601c7706072d86)
2003-02-28Doxygen janitor: check_domain_match parameter is spelledMartin Pool1-2/+2
"auth_context". (This used to be commit 571c3ce19344276aac1af56d2f69fcc5523f36eb)
2003-01-13Patch from metze to add what he feels is the correct semantics for a DomainAndrew Bartlett1-0/+1
Controller. As we have had a number of attempts at this over the last little while, I need to get my test rig going, and give this whole area a poke... Meanwhile, if you want to use this, just adjust your 'auth methods' line to use samstrict_dc... Andrew Bartlett (This used to be commit 18e598ec24493026008fcfe486057555b8832108)
2003-01-13Updates to our NTLMSSP code:Andrew Bartlett1-1/+9
This tries to extract our server-side code out of sessetup.c, and into a more general lib. I hope this is only a temporay resting place - I indend to refactor it again into an auth-subsystem independent lib, using callbacks. Move some of our our NTLMSSP #defines into a new file, and add two that I found in the COMsource docs - we seem to have a double-up, but I've verified from traces that the NTLMSSP_TARGET_TYPE_{DOMAIN,SERVER} is real. This code also copes with ASCII clients - not that we will ever see any here, but I hope to use this for HTTP, were we can get them. Win2k authenticates fine under forced ASCII, btw. Tested with Win2k, NTLMv2 and Samba's smbclient. Andrew Bartlett (This used to be commit b6641badcbb2fb3bfec9d00a6466318203ea33e1)
2003-01-02BIG patch...Andrew Bartlett1-2/+2
This patch makes Samba compile cleanly with -Wwrite-strings. - That is, all string literals are marked as 'const'. These strings are always read only, this just marks them as such for passing to other functions. What is most supprising is that I didn't need to change more than a few lines of code (all in 'net', which got a small cleanup of net.h and extern variables). The rest is just adding a lot of 'const'. As far as I can tell, I have not added any new warnings - apart from making all of tdbutil.c's function const (so they warn for adding that const string to struct). Andrew Bartlett (This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison1-4/+4
named. Ensure we can query them. Jeremy. (This used to be commit 842e08e52a665ae678eea239759bb2de1a0d7b33)
2002-12-11Fixed auth module code. Added VALGRIND defines to reduce spurious warnings.Jeremy Allison1-55/+44
Jeremy. (This used to be commit ff3a8d37289216a2cb808406044a7abef1e564d0)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-1/+1
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
2002-07-31Let everybody enjoy my new toy - make it the default!Andrew Bartlett1-2/+2
Authenticaions will now attempt to use winbind, and only fall back to 'ntdomain' (the old security=domain) code if that fails (for any reason, including wrong password). I'll fix up the authenticaion code to better handle the different types of failures in the near future. Andrew Bartlett (This used to be commit 78f0d4337bd263d26d7b349eaf8148e863c62f69)
2002-07-28found nasty bug in intl/lang_tdb.c tdb structure was not tested to not be ↵Simo Sorce1-7/+7
null before close this one fixes swat not working with browsers that set more then one language. along the way implemented language priority in web/neg_lang.c with bubble sort also changet str_list_make to be able to use a different separator string Simo. (This used to be commit 69765e4faa8aaae74c97afc917891fc72d80703d)
2002-06-15It appears that to match NT we should not use the 'samstrict' behaviour,Andrew Bartlett1-3/+5
and that local accounts are perfectly fine. (This used to be commit 9fe8da6dd1b7fecfee0a2778fec0b7dd0fd40bfb)
2002-06-14moved lp_list_* functions away from param/loadparm.c, put int lib/util_str.cSimo Sorce1-10/+10
and renamed to str_list_* as it is a better name. Elrond should be satisfied now :) (This used to be commit 4ae260adb9505384fcccfb4c9929cb60a45f2e84)
2002-05-28Spelling fixes.Tim Potter1-7/+7
(This used to be commit 3d0f4acad2f0c57d0a255e90e5f674ba582251e2)
2002-05-24Move the authenticaion subsystem over to the same 'module:options' syntaxAndrew Bartlett1-3/+20
that the passdb code now uses. Similarly, move the 'pluggable' stuff over from passdb as well, allowing runtime loading of new authenticaion modules. (NOTE: The interfaces here can *and do* change - module writers are not assured source-level compatibilty, and certainly not binary compatibility). (This used to be commit 3897cf5e048f50be91ae434f636affc6d539d0d1)
2002-05-22Nobody uses this function, and there really doesn't seem much point toAndrew Bartlett1-20/+0
it, so we may as well reduce the complexity. Andrew Bartlett (This used to be commit 31e074cea50111a150db220603c3cfccaaf4339c)
2002-05-21typo, sorrySimo Sorce1-1/+1
(This used to be commit d222bc8c4b620095a21ba327940d4750d5dee753)
2002-05-21debug classizedSimo Sorce1-0/+3
(This used to be commit ae5d24873ad0fb3df970cc9912e18e6a5067ae2d)
2002-03-17Renamed get_nt_error_msg() to nt_errstr().Tim Potter1-3/+3
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
2002-03-02Allow Samba to trust NT4 Domains.Andrew Bartlett1-0/+1
This commit builds on the auth subsystem to give Samba support for trusting NT4 domains. It is off by default, but is enabled by adding 'trustdomain' to the 'auth methods' smb.conf paramater. Tested against NT4 only - there are still some issues with the join code for Win2k servers (spnego stuff). The main work TODO involves enumerating the trusted domains (including the RPC calls to match), and getting winbind to run on the PDC correctly. Similarly, work remains on getting NT4 to trust Samba domains. Andrew Bartlett (This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-20Spelling fixes.Tim Potter1-6/+6
(This used to be commit e67c7c5852624bcdd5c565ea5f00b143aaf7fee4)
2002-01-05I've decided to move the auth code around a bit more...Andrew Bartlett1-107/+258
The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
2002-01-01A farily large commit:Andrew Bartlett1-4/+10
- Move rpc_client/cli_trust.c to smbd/change_trust_pw.c - It hasn't been used by anything else since smbpasswd lost its -j - Add a TALLOC_CTX to the auth subsytem. These are only valid for the length of the calls to the individual modules, if you want a longer context hide it in your private data. Similarly, all returns (like the server_info) should still be malloced. - Move the 'ntdomain' module (security=domain in oldspeak) over to use the new libsmb domain logon code. Also rework much of the code to use some better helper functions for the connection - getting us much better error returns (the new code is NTSTATUS). The only remaining thing to do is to figure out if tpot's 0xdead 0xbeef for the LUID feilds is sufficient, or if we should do random LUIDs as per the old code. Similarly, I'll move winbind over to this when I get a chance. This leaves the SPOOLSS code and some cli_pipe code as the only stuff still in rpc_client, at least as far as smbd is concerned. While I've given this a basic rundown, any testing is as always appriciated. Andrew Bartlett (This used to be commit d870edce76ecca259230fbdbdacd0c86793b4837)
2001-12-30Add a pile of doxygen style comments to various parts of Samba. Many of theseAndrew Bartlett1-29/+56
probably will never actually be genearted, but I like the style in any case. Also fix a segfault in 'net rpc' when the login failed and a small memory leak on failure in the auth_info.c code. Andrew Bartlett (This used to be commit 2efae7cc522651c22fb120835bc800645559b63e)
2001-12-19added trusted realm support to ADS authenticationAndrew Tridgell1-13/+15
the method used for checking if a domain is a trusted domain is very crude, we should really call a backend fn of some sort. For now I'm using winbindd to do the dirty work. (This used to be commit adf44a9bd0d997ba4dcfadc564a29149531525af)
2001-11-27fixed the panics on basicsmb-sharelist on sun1Andrew Tridgell1-1/+3
(This used to be commit 1bd3235744bebefa6ba09795438400b4674c165c)
2001-11-27fix sense of lp_allow_trusted_domains()Andrew Tridgell1-1/+1
fix a memory leak (This used to be commit 1421f2fbcb296a894cb4e7548e0275e35e055b98)
2001-11-26A number of things to clean up the auth subsytem a bit...Andrew Bartlett1-1/+1
We now default encrypt passwords = yes We now check plaintext passwords (however aquired) with the 'sam' backend rather than unix, if encrypt passwords = yes. (this kills off the 'local' backed. The sam backend may be renamed in its place) The new 'samstrict' wrapper backend checks that the user's domain is one of our netbios aliases - this ensures that we don't get fallback crazies with security = domain. Similarly, the code in the 'ntdomain' and 'smbserver' backends now checks that the user was not local before contacting the DC. The default ordering has changed, we now check the local stuff first - but becouse of the changes above, we will really only ever contact one auth source. Andrew Bartlett (This used to be commit e89b47f65e7eaf5eb288a3d6ba2d3d115c628e7e)
2001-11-26challange -> challengeTim Potter1-4/+4
(This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett1-79/+86
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-11Minor updates. A small dose of const.Andrew Bartlett1-1/+1
(This used to be commit 80667cb0dd1a2cdef17711c8580af9f524971cea)
2001-11-08Change to guest logon code.Andrew Bartlett1-24/+43
This changes the way we process guest logons - we now treat them as normal logons, but set the 'guest' flag. In particular this is needed becouse Win2k will do an NTLMSSP login with username "", therefore missing our previous guest connection code - this is getting a pain to do as a special case all over the shop. Tridge: We don't seem to be setting a guest bit for NTLMSSP, in either the anonymous or authenticated case, can you take a look at this? Also some cleanups in the check_password() code that should make some of the debugs clearer. Various other minor cleanups: - change the session code to just take a vuser, rather than having to do a vuid lookup on vuser.vuid - Change some of the global_client_caps linking - Better debug in authorise_login(): show the vuid. Andrew Bartlett (This used to be commit 62f4e4bd0aef9ade653b3f8d575d2864c166ab4d)
2001-10-31This is a farily large patch (3300 lines) and reworks most of the AuthRewriteAndrew Bartlett1-145/+118
code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
2001-10-31Added some extra fields to the auth_serversupplied_info structure.Tim Potter1-1/+13
To obtain the full group membership of a user (i.e nested groups on a win2k native mode server) it is necessary to merge this list of groups with the groups returned by winbindd when creating an nt access token. This breaks winbindd linking while AB and I sync up our changes to the authentication subsystem. (This used to be commit 4eeb7bcd783d7cfb3ac232f1faa035773007401d)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-3/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-29Fix up a number of intertwined issues:Andrew Bartlett1-0/+4
The big one is a global change to allow us to NULLify the free'ed pointer to a former passdb object. This was done to allow idra's SAFE_FREE() macro to do its magic, and to satisfy the input test in pdb_init_sam() for a NULL pointer to start with. This NULL pointer test was what was breaking the adding of accounts up until now, and this code has been reworked to avoid duplicating work - I hope this will avoid a similar mess-up in future. Finally, I fixed a few nasty bugs where the pdb_ fuctions's return codes were being ignored. Some of these functions malloc() and are permitted to fail. Also, this caught a nasty bug where pdb_set_lanman_password(sam, NULL) acheived precisely didilly-squat, just returning False. Now that we check the returns this bug was spotted. This could allow different LM and NT passwords. - the pdbedit code needs to start checking these too, but I havn't had a chance to fix it. I have also fixed up where some of the password changing code was using the pdb_set functions to store *internal* data. I assume this is from a previous lot of mass conversion work... Most likally (and going on past experience) I have missed somthing, probably in the LanMan password change code which I havn't yet been able to test, but this lot is in much better shape than it was before. If all this is too much to swallow (particularly for 2.2.2) then just adding a sam_pass = NULL to the particular line of passdb.c should do the trick for the ovbious bug. Andrew Bartlett (This used to be commit 762c8758a7869809d89b4da9c2a5249678942930)
2001-09-16Fix up workstaion and kickoff time checks, moved to auth_smbpasswd.c whereAndrew Bartlett1-10/+13
they can have general effect. Fixed up workstaion support in the rest of samba, so that we can do these checks. Pass through the workstation for cli_net_logon(), if supplied. (This used to be commit 7f04a139b2ee34b4c282590509cdf21395815a7a)
2001-09-12Some patches to authentication:Tim Potter1-13/+20
- the usersupplied_info now contains a smb_username (as it comes across on the wire) and a unix_username (after being passed through mapping functions) - when doing security={server,domain} use the smb_username, otherwise use the unix_username (This used to be commit d34fd8ec0716127c7a68eeb8e77d1ae8cc07b547)
2001-09-04the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but ↵Andrew Tridgell1-8/+8
the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)