summaryrefslogtreecommitdiff
path: root/source3/auth/auth_info.c
AgeCommit message (Collapse)AuthorFilesLines
2001-12-30Add a pile of doxygen style comments to various parts of Samba. Many of theseAndrew Bartlett1-11/+26
probably will never actually be genearted, but I like the style in any case. Also fix a segfault in 'net rpc' when the login failed and a small memory leak on failure in the auth_info.c code. Andrew Bartlett (This used to be commit 2efae7cc522651c22fb120835bc800645559b63e)
2001-11-27another memory leak bites the dustAndrew Tridgell1-4/+0
(This used to be commit 982d6d447add2d4079c28c0b8ecb0e499f391a2a)
2001-11-27fix sense of lp_allow_trusted_domains()Andrew Tridgell1-9/+0
fix a memory leak (This used to be commit 1421f2fbcb296a894cb4e7548e0275e35e055b98)
2001-11-26A number of things to clean up the auth subsytem a bit...Andrew Bartlett1-9/+19
We now default encrypt passwords = yes We now check plaintext passwords (however aquired) with the 'sam' backend rather than unix, if encrypt passwords = yes. (this kills off the 'local' backed. The sam backend may be renamed in its place) The new 'samstrict' wrapper backend checks that the user's domain is one of our netbios aliases - this ensures that we don't get fallback crazies with security = domain. Similarly, the code in the 'ntdomain' and 'smbserver' backends now checks that the user was not local before contacting the DC. The default ordering has changed, we now check the local stuff first - but becouse of the changes above, we will really only ever contact one auth source. Andrew Bartlett (This used to be commit e89b47f65e7eaf5eb288a3d6ba2d3d115c628e7e)
2001-11-26add SEC_ADS auth methodAndrew Tridgell1-0/+12
(This used to be commit b175c42080b15f27589cb6b6d61af5cbbedf5d02)
2001-11-26challange -> challengeTim Potter1-34/+34
(This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)
2001-11-25Add the PDC end of the smbtorture test for creating an NT_STATUS -> DOS errorAndrew Bartlett1-0/+3
map. This little authentication module is #ifdef DEVELOPER, becouse it really is of no use execept as a development tool invoke by setting: auth methods = guest sam name_to_ntstatus in the smb.conf file (the SAM and guest elements are required for the member server to authenticate itself). Andrew Bartlett (This used to be commit 9807e66f34c1088399657060977e384c5a7f0664)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett1-0/+279
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)