summaryrefslogtreecommitdiff
path: root/source3/auth
AgeCommit message (Collapse)AuthorFilesLines
2012-02-17s3-auth: Inline ntlmssp_server_start() into gensec_ntlmssp3_server_start()Andrew Bartlett1-9/+60
This will help syncing this rotuine up with gensec_ntlmssp_server_start(). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth Use the common gensec_ntlmssp_update in gensec_ntlmssp3_serverAndrew Bartlett1-21/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth: Use common gensec_ntlmssp server functions for more of ↵Andrew Bartlett1-182/+2
gensec_ntlmssp3_server This is possible because we now supply the auth4_context abstraction that this code is looking for. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth: Add extra error messages on authentication or authorization failureAndrew Bartlett1-0/+16
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth Hook checking passwords and generating session_info via the ↵Andrew Bartlett3-59/+259
auth4_context This avoids creating a second auth_context, as it is a private pointer in the auth4_context that has already been passed in, and makes the gensec_ntlmssp code agnostic to the type of authentication backend behind it. This will in turn allow the ntlmssp server code to be further merged. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-16Rename obscure defined constants.Christopher R. Hertel (crh)1-2/+2
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT. Also replaced several hard-coded references to the well-known port numbers (139 and 445, respectively) as appropriate. Small changes to clarify some comments regarding the two transport types. Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
2012-02-13s3-auth: On successful user mapping set mapped_to_guest to false.Sumit Bose1-0/+1
Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Mon Feb 13 13:09:10 CET 2012 on sn-devel-104
2012-02-08s3-auth Add const to make_user_info_mapAndrew Bartlett2-4/+4
2012-02-02s3:auth: fill the sids array of the info3 in ↵Stefan Metzmacher1-0/+53
wbcAuthUserInfo_to_netr_SamInfo3() (bug #8739) Originally, only the rid array was filled and foreign domain sids were omitted. Pair-Programmed-With: Michael Adam <obnox@samba.org> metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Feb 2 12:59:32 CET 2012 on sn-devel-104
2012-02-02s3:auth: fix potential gap creation in wbcsids_to_samr_RidWithAttributeArray()Stefan Metzmacher1-4/+5
Pair-Programmed-With: Michael Adam <obnox@samba.org> metze
2012-01-31s3:auth/auth_generic: make use of gensec_spnego in the serverStefan Metzmacher1-4/+9
metze
2012-01-30s3-auth: Remove duplicate check for NT_STATUS_IS_OK(nt_status)Andrew Bartlett1-4/+0
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Jan 30 09:38:47 CET 2012 on sn-devel-104
2012-01-30auth: Make check_password and generate_session_info hook genericAndrew Bartlett1-14/+19
gensec_ntlmssp does not need to know the internal form of the struct user_info_dc or auth_serversupplied_info. This will allow the calling logic to be put in common. Andrew Bartlett
2012-01-27s3-pdb: Break SECRETS3 dependency on PDB.Simo Sorce1-1/+1
This is causing circular depdnendcies that bring libpdb in all code and this is BAD. This change 'protects' the sid and guid of the domain by adding a special key that makes them effectively read only. Limit this temporarily to the samba 4 build, once it gets some good testing the samba4 ifdefs can be dropped. fix pdb dependencies Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-26s3:auth/auth_generic: for now call sub_set_smb_name() and lp_load()Stefan Metzmacher1-0/+6
This matches the auth_ntlmssp case and the smbd/sesssetup.c code. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 26 17:58:17 CET 2012 on sn-devel-104
2012-01-18s3-gensec: Add hook to allow gensec to know if kerberos is permittedAndrew Bartlett1-0/+24
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Call GSSAPI via the auth_generic layer and gensecAndrew Bartlett1-1/+6
This simplifies a lot of code, as we know we are always dealing with a struct gensec_security, and allows the gensec module being used to implement GSSAPI to be swapped when required for AD-server operation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-auth Match session setup handling of krb5, store the PACAndrew Bartlett1-1/+4
This will allow non-krb5 services to get the full user groups without need to do an online s4u2self. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-auth Add auth hook for PAC parsingAndrew Bartlett1-2/+128
This will allow gensec_gse to parse the PAC. This is a copy from source3/rpc_server/dcesrv_generic.c to preserve behaviour. A future commit will enable the samlogon cache. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-12s3-waf: auth_netlogond depends on tldap.Andreas Schneider1-0/+1
Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Thu Jan 12 17:33:10 CET 2012 on sn-devel-104
2012-01-05s3-auth Remove more unused headersAndrew Bartlett1-3/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth remove unused ntlmssp.hAndrew Bartlett1-1/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth Remove ntlmssp_wrap.h which is no longer requiredAndrew Bartlett2-2/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth use gensec directly rather than via auth_generic_stateAndrew Bartlett2-44/+24
This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth Set remote address for both AD and s3 gensec modesAndrew Bartlett1-2/+0
2012-01-05s3-auth re-create the auth context in the s3 ntlmssp server moduleAndrew Bartlett4-61/+8
This removes the abstraction violation in auth_generic.c. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth Add TALLOC_CTX * to auth_generic_prepare()Andrew Bartlett2-3/+4
This makes the long term owner of this memory more clear. So far only the clear cases have been moved from NULL however. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth supply s3 ntlmssp module via gensec_settingsAndrew Bartlett1-24/+11
This will allow the supply of multiple modules in future without duplicating the module selection logic. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-28s3-auth Fix talloc parent for s4 event context in auth_samba4Andrew Bartlett1-1/+1
2011-12-28s3-auth: Remove protype for already-removed auth_ntlmssp_startAndrew Bartlett1-1/+0
2011-12-22s3-auth split the auth_generic functions into a seperate fileAndrew Bartlett3-158/+191
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth remove auth_ntlmssp_start(), call auth_generic_start() directlyAndrew Bartlett1-5/+0
This makes it clear that this can support more than just NTLMSSP. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()Andrew Bartlett2-3/+3
This function handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth rename auth_ntlmssp_state -> auth_generic_stateAndrew Bartlett2-10/+10
This structure handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth Restore shortcut for guest security tokenAndrew Bartlett1-11/+11
This was lost when the server_info and session_info structures were split. This helps avoid doing lookups for the guest account to determine the uid/gid and SID values. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Dec 22 15:51:09 CET 2011 on sn-devel-104
2011-11-03s3:auth: s/Undefined/SMB_SIGNING_DEFAULT/Stefan Metzmacher2-2/+3
metze
2011-11-02s3-waf: convert libcli_netlogon3 into a private library.Günther Deschner1-1/+1
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Nov 2 18:34:55 CET 2011 on sn-devel-104
2011-11-02s3-waf: move trusts_util.c code into a private library.Günther Deschner1-2/+2
Guenther
2011-10-24idl: Improve MS-PAC IDLSimo Sorce3-15/+15
Change some misleading variable names to reflect the actual function. Add missing field name/types previously marked as unkown. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
2011-10-21s3-auth remove auth_ntlmssp_session_info()Andrew Bartlett2-14/+0
Instead, call gensec_session_info() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-auth move the s3 auth context onto gensec_ntlmssp once we startAndrew Bartlett1-2/+2
We do not need it on the auth_ntlmssp_state any longer. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 18 13:54:36 CEST 2011 on sn-devel-104
2011-10-18s3:auth_util: add the uid with WBC_ID_TYPE_BOTH also to the group arrayStefan Metzmacher1-2/+4
This will help with having "sidHistory" support in future. metze
2011-10-18gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett1-1/+2
This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-ntlmssp Implement the server-side auth_ntlmssp code as a GENSEC moduleAndrew Bartlett2-85/+228
This uses the top level gensec_ntlmssp helper functions which are identical to the parts of ntlmssp_wrap.c that are now not called. (Includes formatting and correctness fixes from Metze) Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett1-1/+1
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-auth Add my copyrightAndrew Bartlett1-1/+1
I have done plenty of work here, I deserve some of the blame :-) Andrew Bartlett
2011-10-17Fix uninitialized memory problem in group_sids_to_info3 (fixes bug #8455).Wilco Baan Hofman1-2/+2
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Oct 17 23:32:58 CEST 2011 on sn-devel-104
2011-10-17s3-auth: remove dead prototype.Günther Deschner1-1/+0
Guenther
2011-10-14s3-auth: token_util needs system/passwd.h.Günther Deschner1-0/+1
Guenther
2011-10-13s4-messaging: Pass the loadparm context, not just the messaging pathAndrew Bartlett1-1/+1
This will allow the TDB layer to get at the lp_ctx for tdb options. Andrew Bartlett