summaryrefslogtreecommitdiff
path: root/source3/auth/auth_generic.c
AgeCommit message (Collapse)AuthorFilesLines
2012-07-06auth: Common function for retrieving PAC_LOGIN_INFO from PACChristof Schmitt1-26/+2
Several functions use the same logic as kerberos_pac_logon_info. Move kerberos_pac_logon_info to common code and reuse it to remove the code duplication. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-07-03auth: Remove .get_challenge (only used for security=server)Andrew Bartlett1-1/+0
With NTLMSSP, for NTLM2 we need to be able to set the effective challenge, so if we ever did use a module that needed this functionlity, we would downgrade to just NTLM. Now that security=server has been removed, we have no such module. This will make it easier to make the auth subsystem async, as we will not need to consider making .get_challenge async. Andrew Bartlett
2012-06-27s3-param: Rename loadparm_s3_context -> loadparm_s3_helpersAndrew Bartlett1-1/+1
This helps clarify the role of this structure and wrapper function. The purpose here is to provide helper functions to the lib/param loadparm_context that point back at the s3 lp_ functions. This allows a struct loadparm_context to be passed to any point in the code, and always refer to the correct loadparm system. If this has not been set, the variables loaded in the lib/param code will be returned. As requested by Michael Adam. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 27 17:11:16 CEST 2012 on sn-devel-104
2012-04-12auth-krb: Move pac related util functions in a single place.Simo Sorce1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-03s3-auth: Order GENSEC mechs by priority, krb5 before NTLMSSPAndrew Bartlett1-2/+3
Otherwise, really simple clients (such as the current ntlm_auth gss-spnego client) will not select krb5. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-03-15s3-krb5: Remove GSS_WRAP_IOV conditionalAndrew Bartlett1-1/+1
We already confirm that we have this functionality before we set HAVE_KRB5 at configure time. Andrew Bartlett
2012-02-24s3-auth: Provide helper routine to check password and return session_infoAndrew Bartlett1-0/+26
2012-02-24auth: Rename some elements of auth4_contextAndrew Bartlett1-3/+3
These operate on NTLM authentication, so make that clear. Andrew Bartlett
2012-02-24s3-auth: Add a way to get an auth4_context from the auth stackAndrew Bartlett1-9/+49
This will allow us to use the same layer that auth_ntlmssp does in the non-SPNEGO session setup, which will in turn make the authentication code more consistent in the AD server case. Andrew Bartlett
2012-02-17s3-auth: Use common gensec_ntlmsspAndrew Bartlett1-2/+3
There is no longer any samba3-specific code left here. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth: Use the gensec-supplied DNS domain name and hostname.Andrew Bartlett1-0/+32
Also have a reasonable fallback for when it is not set. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth Hook checking passwords and generating session_info via the ↵Andrew Bartlett1-0/+6
auth4_context This avoids creating a second auth_context, as it is a private pointer in the auth4_context that has already been passed in, and makes the gensec_ntlmssp code agnostic to the type of authentication backend behind it. This will in turn allow the ntlmssp server code to be further merged. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-31s3:auth/auth_generic: make use of gensec_spnego in the serverStefan Metzmacher1-4/+9
metze
2012-01-26s3:auth/auth_generic: for now call sub_set_smb_name() and lp_load()Stefan Metzmacher1-0/+6
This matches the auth_ntlmssp case and the smbd/sesssetup.c code. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 26 17:58:17 CET 2012 on sn-devel-104
2012-01-18s3-gensec: Add hook to allow gensec to know if kerberos is permittedAndrew Bartlett1-0/+24
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Call GSSAPI via the auth_generic layer and gensecAndrew Bartlett1-1/+6
This simplifies a lot of code, as we know we are always dealing with a struct gensec_security, and allows the gensec module being used to implement GSSAPI to be swapped when required for AD-server operation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-auth Match session setup handling of krb5, store the PACAndrew Bartlett1-1/+4
This will allow non-krb5 services to get the full user groups without need to do an online s4u2self. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-auth Add auth hook for PAC parsingAndrew Bartlett1-2/+128
This will allow gensec_gse to parse the PAC. This is a copy from source3/rpc_server/dcesrv_generic.c to preserve behaviour. A future commit will enable the samlogon cache. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth Remove more unused headersAndrew Bartlett1-3/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth remove unused ntlmssp.hAndrew Bartlett1-1/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth Remove ntlmssp_wrap.h which is no longer requiredAndrew Bartlett1-1/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth use gensec directly rather than via auth_generic_stateAndrew Bartlett1-39/+23
This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth Set remote address for both AD and s3 gensec modesAndrew Bartlett1-2/+0
2012-01-05s3-auth re-create the auth context in the s3 ntlmssp server moduleAndrew Bartlett1-57/+3
This removes the abstraction violation in auth_generic.c. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth Add TALLOC_CTX * to auth_generic_prepare()Andrew Bartlett1-2/+3
This makes the long term owner of this memory more clear. So far only the clear cases have been moved from NULL however. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth supply s3 ntlmssp module via gensec_settingsAndrew Bartlett1-24/+11
This will allow the supply of multiple modules in future without duplicating the module selection logic. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth split the auth_generic functions into a seperate fileAndrew Bartlett1-0/+189
Signed-off-by: Stefan Metzmacher <metze@samba.org>