summaryrefslogtreecommitdiff
path: root/source3/auth/auth_domain.c
AgeCommit message (Collapse)AuthorFilesLines
2002-03-17Renamed get_nt_error_msg() to nt_errstr().Tim Potter1-2/+2
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
2002-03-02Allow Samba to trust NT4 Domains.Andrew Bartlett1-16/+121
This commit builds on the auth subsystem to give Samba support for trusting NT4 domains. It is off by default, but is enabled by adding 'trustdomain' to the 'auth methods' smb.conf paramater. Tested against NT4 only - there are still some issues with the join code for Win2k servers (spnego stuff). The main work TODO involves enumerating the trusted domains (including the RPC calls to match), and getting winbind to run on the PDC correctly. Similarly, work remains on getting NT4 to trust Samba domains. Andrew Bartlett (This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)
2002-03-01SECURITY FIXES:Andrew Bartlett1-6/+4
Remove a stray 'unbecome_root()' in the ntdomain an auth failure case. Only allow trust accounts to request a challange in srv_netlogon_nt.c. Currently any user can be the 'machine' for the domain logon. MERGE for 2.2. Andrew Bartlett (This used to be commit 0242d0e17827b05d8cd270f675d2595fa67fd5b9)
2002-02-28Ensure that winbindd and smbd both use identical logic to find dc's.Jeremy Allison1-11/+12
Fix bug where zeroip addresses were being checked. Jeremy. (This used to be commit 8ed49fe0df201833329c17b2afe1e3aa70646558)
2002-02-18serialise all domain auth requestsAndrew Tridgell1-1/+10
this is needed because W2K will send a TCP reset to any open connections that have not done a negprot when a second connection is made. This meant that under heavy netlogon load a Samba domain member would fail authentications. Jeremy, you may wish to port this to 2.2.x (This used to be commit eb196070e62b45b113e5712f27198c50c5c95657)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-26Fix up a security issue with the way we handle domain groups retuned on theAndrew Bartlett1-16/+2
info3. These are RIDs, and it only makes sense to combine them with the domain SID returned with them. This is important for trusted domains, where that sid might be other than the one we currently reterive from the secrets.tdb. Also remove the become_root()/unbecome_root() wrapper from around both remaining TDB users: Both are now initialised at smbd startup. Andrew Bartlett (This used to be commit 554842e0a55155193f25aefca6480b89d5c512ca)
2002-01-25Remove check for passwordserver = "*" as we now initialise it.Tim Potter1-1/+6
Added TODO about perhaps doing a SAMLOGON udp/138 request before a cli_full_connection in connect_to_domain_password_server() (This used to be commit b61e40a5be3b8bacc74399902169755dbc4c7fca)
2002-01-14Fix a segfault in auth/auth_domain.c error cases.Andrew Bartlett1-2/+1
This occured when the attempt to contact the PDC failed. The connection code has already shut down the connection, and 'free'ed the cli or has never initialised it in the first place. Andrew Bartlett (This used to be commit 37ce7630434c1afae5164c64438f428dd8e1b731)
2002-01-12Many thanks to Alexander Bokovoy <a.bokovoy@sam-solutions.net>.Andrew Bartlett1-0/+4
This work was sponsored by Optifacio Software Services, Inc. Andrew Bartlett (various e-mails announcements merged into some form of commit message below:) This patch which adds basics of universal groups support into Samba 3. Currently, only Winbind with RPC calls supports this, ADS support requires additional (possibly huge) work on KRB5 PAC. However, basic infrastructure is here. This patch adds: 1. Storing of universal groups for particular user logged into Samba software (smbd/ two winbind-pam methods) into netlogon_unigrp.tdb as array of uint32 supplemental group rids keyed as DOMAIN_SID/USER_RID in tdb. 2. Fetching of unversal groups for given user rid and domain sid from netlogon_unigrp.tdb. Since this is used in both smbd and winbindd, main code is in source/lib/netlogon_uingrp.c. Dependencies are added to AUTH_OBJ as UNIGRP_OBJ and WINBINDD_OBJ as UNIGRP_OBJ. This patch has had a few versions, the final version in particular: Many thanks to Andrew Bartlett for critics and comments, and partly rewritten code. New: - updated fetching code to changed byte order macros - moved functions to proper namespace - optimized memory usage by reusing caller's memory context - enhanced code to more follow Samba coding rules Todo: - proper universal group expiration after timeout (This used to be commit 80c2aefbe7c1aa363dd286a47d50c5d8b4595f43)
2002-01-11fixed a crash bug in domain auth caused by an uninitialised nt_statusAndrew Tridgell1-1/+1
(This used to be commit 0b0b937b58f4bf4e005fb622f0db19175fc46a47)
2002-01-11The DC is meant to be sent the *unmapped* username...Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit d7fca1806a304cb6eeecfe34d6c5c012c745114f)
2002-01-05I've decided to move the auth code around a bit more...Andrew Bartlett1-18/+33
The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
2002-01-01A farily large commit:Andrew Bartlett1-147/+99
- Move rpc_client/cli_trust.c to smbd/change_trust_pw.c - It hasn't been used by anything else since smbpasswd lost its -j - Add a TALLOC_CTX to the auth subsytem. These are only valid for the length of the calls to the individual modules, if you want a longer context hide it in your private data. Similarly, all returns (like the server_info) should still be malloced. - Move the 'ntdomain' module (security=domain in oldspeak) over to use the new libsmb domain logon code. Also rework much of the code to use some better helper functions for the connection - getting us much better error returns (the new code is NTSTATUS). The only remaining thing to do is to figure out if tpot's 0xdead 0xbeef for the LUID feilds is sufficient, or if we should do random LUIDs as per the old code. Similarly, I'll move winbind over to this when I get a chance. This leaves the SPOOLSS code and some cli_pipe code as the only stuff still in rpc_client, at least as far as smbd is concerned. While I've given this a basic rundown, any testing is as always appriciated. Andrew Bartlett (This used to be commit d870edce76ecca259230fbdbdacd0c86793b4837)
2001-12-14If domain SID can't be fetched, we shouldn't return NT_STATUS_NO_MEMORY. It ↵Jim McDonough1-1/+1
causes a confusing client error. Changed to NT_STATUS_CANT_ACCESS_DOMAIN_INFO. (This used to be commit 07ea83e6f0f03ba4706c98abb58346a4f4ec983c)
2001-12-06again an intrusive patch:Jean-François Micouleau1-1/+2
- removed the ugly as hell sam_logon_in_ssb variable, I changed a bit the definition of standard_sub_basic() to cope with that. - removed the smb.conf: 'domain admin group' and 'domain guest group' parameters ! We're not playing anymore with the user's group RIDs ! - in get_domain_user_groups(), if the user's gid is a group, put it first in the group RID list. I just have to write an HOWTO now ;-) J.F. (This used to be commit fef52c4b96c987115fb1818c00c2352c67790e50)
2001-11-29I think the lookup_pdc_name() should be called lookup_dc_name() and theTim Potter1-1/+1
name_status_find() call here should look up a #1c name instead of #1d. This fixes some bugs currently with BDC authentication in winbindd and in smbd as you can't query the #1d name with the ip address of a BDC. Who is Uncle Tom Cobbley anyway? (This used to be commit 4215048f7b20a8f9e5877bdbb2f54841b2f7fa64)
2001-11-27fix sense of lp_allow_trusted_domains()Andrew Tridgell1-1/+1
fix a memory leak (This used to be commit 1421f2fbcb296a894cb4e7548e0275e35e055b98)
2001-11-26A number of things to clean up the auth subsytem a bit...Andrew Bartlett1-11/+16
We now default encrypt passwords = yes We now check plaintext passwords (however aquired) with the 'sam' backend rather than unix, if encrypt passwords = yes. (this kills off the 'local' backed. The sam backend may be renamed in its place) The new 'samstrict' wrapper backend checks that the user's domain is one of our netbios aliases - this ensures that we don't get fallback crazies with security = domain. Similarly, the code in the 'ntdomain' and 'smbserver' backends now checks that the user was not local before contacting the DC. The default ordering has changed, we now check the local stuff first - but becouse of the changes above, we will really only ever contact one auth source. Andrew Bartlett (This used to be commit e89b47f65e7eaf5eb288a3d6ba2d3d115c628e7e)
2001-11-26challange -> challengeTim Potter1-1/+1
(This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)
2001-11-26Got medieval on another pointless extern. Removed extern struct ipzeroTim Potter1-5/+3
and replaced with two functions: void zero_ip(struct in_adder *ip); BOOL is_zero_ip(struct in_addr ip); (This used to be commit 778f5f77a66cda76348a7c6f64cd63afe2bfe077)
2001-11-26This compleats the of the authenticaion subystem into the new 'auth'Andrew Bartlett1-1/+410
subdirectory. (The insertion of these files was done with some CVS backend magic, hence the lack of a commit message). This also moves libsmb/domain_client_validate.c back into auth_domain.c, becouse we no longer share it with winbind. Andrew Bartlett (This used to be commit 782835470cb68da2188a57007d6f55c17b094d08)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett1-3/+15
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-11This extra check isn't needed, we can only get here if secuirty=domainAndrew Bartlett1-3/+0
(This used to be commit 600d83e43f61eb138115731ce089ba42d63e0924)
2001-10-31This is a farily large patch (3300 lines) and reworks most of the AuthRewriteAndrew Bartlett1-1/+1
code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-2/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-04the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but ↵Andrew Tridgell1-3/+3
the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-08-24Fixed incorrect debug.Tim Potter1-4/+1
(This used to be commit cec051cf5fb93d9f45eca3f9cf462f78a7d7040d)
2001-08-12This patch does a number of things, mostly smaller than they look :-)Andrew Bartlett1-355/+19
In particuar, it moves the domain_client_validate stuff out of auth_domain.c to somwhere where they (I hope) they can be shared with winbind better. (This may need some work) The main purpose of this patch was however to improve some of the internal documentation and to correctly place become_root()/unbecome_root() calls within the code. Finally this patch moves some more of auth.c into other files, auth_unix.c in this case. Andrew Bartlett (This used to be commit ea1c547ac880def29f150de2172c95213509350e)
2001-08-10Use the new client error api.Tim Potter1-1/+1
(This used to be commit 688da3c41dd944f7f69083518d25e9edbc55406f)
2001-08-03This is my 'Authentication Rewrite' version 1.01, mostly as submitted toAndrew Bartlett1-0/+417
samba-technical a few weeks ago. The idea here is to standardize the checking of user names and passwords, thereby ensuring that all authtentications pass the same standards. The interface currently implemented in as nt_status = check_password(user_info, server_info) where user_info contains (mostly) the authentication data, and server_info contains things like the user-id they got, and their resolved user name. The current ugliness with the way the structures are created will be killed the next revision, when they will be created and malloced by creator functions. This patch also includes the first implementation of NTLMv2 in HEAD, but which needs some more testing. We also add a hack to allow plaintext passwords to be compared with smbpasswd, not the system password database. Finally, this patch probably reintroduces the PAM accounts bug we had in 2.2.0, I'll fix that once this hits the tree. (I've just finished testing it on a wide variety of platforms, so I want to get this patch in). (This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)