summaryrefslogtreecommitdiff
path: root/source3/auth/auth.c
AgeCommit message (Collapse)AuthorFilesLines
2011-03-30s3-auth: use auth.h where needed.Günther Deschner1-0/+1
Guenther
2010-09-26s3: Lift talloc_autofree_context() from make_auth_context_fixed()Volker Lendecke1-3/+4
2010-09-26s3: Lift talloc_autofree_context() from make_auth_context_subsystem()Volker Lendecke1-4/+6
2010-09-26s3: Lift talloc_autofree_context() from make_auth_context_text_list()Volker Lendecke1-3/+6
2010-09-26s3: Lift talloc_autofree_context() from make_auth_context()Volker Lendecke1-3/+7
2010-08-22s3: Pass the rhost through smb_pam_accountcheckVolker Lendecke1-1/+4
2010-08-22s3: Rename auth.c:backends to auth_backendsVolker Lendecke1-4/+4
2010-08-14s3:auth Whitespace fixes after auth mergeAndrew Bartlett1-1/+1
2010-08-14s3:auth Make Samba3 use the new common struct auth_usersupplied_infoAndrew Bartlett1-3/+3
This common structure will make it much easier to produce an auth module for s3compat that calls Samba4's auth subsystem. In order the make the link work properly (and not map twice), we mark both that we did try and map the user, as well as if we changed the user during the mapping. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-07-19s3-auth: Simplify how we free the auth_contextSimo Sorce1-16/+18
Turn the freeing function into a destructor and attach it to the auth_context. Make all callers TALLOC_FREE() the auth_context instead of calling the free function. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth Rename user_info->domain -> user_info->mapped.domain_nameAndrew Bartlett1-4/+4
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->client_domain -> user_info->client.domain_nameAndrew Bartlett1-1/+1
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->internal_username -> user_info->mapped.account_nameAndrew Bartlett1-7/+7
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->smb_name -> user_info->client.account_nameAndrew Bartlett1-7/+7
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-01s3:auth Rename wksta_name -> workstation_name in auth_usersupplied_infoAndrew Bartlett1-2/+2
2010-05-13s3:auth Make get_ntlm_challenge more like Samba4Andrew Bartlett1-2/+3
This helps with the upcoming NTLMSSP merge, and allows errors to be returned. Andrew Bartlett
2010-04-11s3: Make "auth_context" its own talloc parentVolker Lendecke1-12/+6
Remove "mem_ctx" from "struct auth_context"
2009-07-16Remove an unused talloc context.Jeremy Allison1-8/+2
Jeremy.
2009-02-21Fix some nonempty blank linesVolker Lendecke1-31/+31
2009-02-21Remove the static "chal" from ntlmssp.c:get_challenge()Volker Lendecke1-6/+8
2008-11-06Add wrapper str_list_make_v3() to replace the old S3 behavior ofJeremy Allison1-8/+8
str_list_make(). From Dan Sledz <dan.sledz@isilon.com>: In samba 3.2 passing NULL or an empty string returned NULL. In master, it now returns a list of length 1 with the first string set to NULL (an empty list). Jeremy.
2008-10-12Use common strlist implementation in Samba 3 and Samba 4.Jelmer Vernooij1-2/+2
2008-04-09Fix typos.Karolin Seeger1-1/+1
Karolin (This used to be commit 6cee34703503fbf3629057345fe221b866560648)
2008-02-04Always pass a TALLOC_CTX to str_list_make and str_list_copyVolker Lendecke1-10/+26
(This used to be commit e2c9fc4cf5f0ff725330fa44f53782db65fca37e)
2008-02-04tiny simplificationVolker Lendecke1-5/+3
(This used to be commit 22e49ef2c0c9b641068ac5419b9c82fb97d3e8e6)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-4/+4
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; andVolker Lendecke1-1/+1
replace all data_blob(NULL, 0) calls. (This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
2007-10-10r22001: change prototype of dump_data(), so that it takes unsigned char * now,Stefan Metzmacher1-4/+4
which matches what samba4 has. also fix all the callers to prevent compiler warnings metze (This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
2007-10-10r21870: Move sending auth_server keepalives out of the main loop into an ↵Volker Lendecke1-4/+1
idle event. Volker (This used to be commit 6226b30f38cd82531422815ba66a687aab50028d)
2007-10-10r18605: sync dlinklist.h with samba4, that means DLIST_ADD_END()Stefan Metzmacher1-2/+1
and DLIST_DEMOTE() now take the type of the tmp pointer not the tmp pointer itself anymore. metze (This used to be commit 2f58645b7094e81dff3734f11aa183ea2ab53d2d)
2007-10-10r15283: Oh yeah. The build farm doesn't do much with head. OK, here is the ↵Paul Green1-0/+2
patch to SAMBA_3_0 to declare prototypes for the initialization functions. These are the same changes I just made to head. --paulg (This used to be commit 17774387ad879b6a72dd1cf406326318add31b04)
2007-10-10r13576: This is the beginnings of moving the SAM_ACCOUNT data structureGerald Carter1-1/+1
to make full use of the new talloc() interface. Discussed with Volker and Jeremy. * remove the internal mem_ctx and simply use the talloc() structure as the context. * replace the internal free_fn() with a talloc_destructor() function * remove the unnecessary private nested structure * rename SAM_ACCOUNT to 'struct samu' to indicate the current an upcoming changes. Groups will most likely be replaced with a 'struct samg' in the future. Note that there are now passbd API changes. And for the most part, the wrapper functions remain the same. While this code has been tested on tdb and ldap based Samba PDC's as well as Samba member servers, there are probably still some bugs. The code also needs more testing under valgrind to ensure it's not leaking memory. But it's a start...... (This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-10/+10
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison1-2/+2
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-1/+1
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r7450: fix my bone head mistake with ntlm authentcation and 'map to guest = ↵Gerald Carter1-9/+4
bad uid'; make sure the authentication suceeds (This used to be commit 5de1ffce2f2a0a340f6591939b8f63a3d96a627e)
2007-10-10r7395: * new feature 'map to guest = bad uid' (based on patch fromGerald Carter1-5/+15
aruna.prabakar@hp.com). This re-enables the Samba 2.2 behavior where a user that was successfully authenticated by a remote DC would be mapped to the guest account if there was not existing UNIX account for that user and we could not create one. (This used to be commit b7455fbf81f4e47c087c861f70d492a328730a9b)
2007-10-10r7024: reverting mistaken commitGerald Carter1-13/+5
(This used to be commit c70c5c4ee9b14fbdb174f542607aceebe0e88470)
2007-10-10r7020: fixing printer ace values and getting rid of false compiler warning ↵Gerald Carter1-5/+13
about unitialized variable (This used to be commit 3a91b20e4bcc78c91932e6c4394b3f6f153b2ff5)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-2/+2
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r1492: Rework our random number generation system.Andrew Bartlett1-1/+1
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). Andrew Bartlett (This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
2003-11-23Patch by emil@disksites.com <Emil Rasamat> to ensure we always alwaysAndrew Bartlett1-2/+13
free() each auth method. (We had relied on the use of talloc() only, despite providing the free() callback) Andrew Bartlett (This used to be commit 5872c0e26e3407c7c1dcf2074a36896a3ca1325a)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-0/+3
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-09-05More tuning from cachegrind. Change most trim_string() calls to trim_char(0,Jeremy Allison1-2/+2
as that's what they do. Fix string_replace() to fast-path ascii. Jeremy. (This used to be commit f35e9a8b909d3c74be47083ccc4a4e91a14938db)
2003-08-15get rid of more compiler warningsHerb Lewis1-2/+2
(This used to be commit 398bd14fc6e2f8ab2f34211270e179b8928a6669)
2003-07-18Fix memleakVolker Lendecke1-1/+1
(This used to be commit 228fe54f0d65b895bef9e095ad996a48edf964df)
2003-07-05PAM should operate on the Unix username, not the NT username (which might notAndrew Bartlett1-6/+6
have the domain\ qualification). Andrew Bartlett (This used to be commit 7cfa1e7c4abee10fe8c75e36aee68ee9f557656e)
2003-07-03This patch takes the work the jerry did for beta2, and generalises it:Andrew Bartlett1-10/+11
- The 'not implmented' checks are now done by all auth modules - the ntdomain/trustdomain/winbind modules are more presise as to what domain names they can and cannot handle - The become_root() calls are now around the winbind pipe opening only, not the entire auth call - The unix username is kept seperate from the NT username, removing the need for 'clean off the domain\' in parse_net.c - All sid->uid translations are now validated with getpwuid() to put a very basic stop to logins with 'half deleted' accounts. Andrew Bartlett (This used to be commit 85f88191b9927cc434645ef4c1eaf5ec0e8af2ec)