summaryrefslogtreecommitdiff
path: root/source3/auth
AgeCommit message (Collapse)AuthorFilesLines
2012-01-18s3-librpc Call GSSAPI via the auth_generic layer and gensecAndrew Bartlett1-1/+6
This simplifies a lot of code, as we know we are always dealing with a struct gensec_security, and allows the gensec module being used to implement GSSAPI to be swapped when required for AD-server operation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-auth Match session setup handling of krb5, store the PACAndrew Bartlett1-1/+4
This will allow non-krb5 services to get the full user groups without need to do an online s4u2self. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-auth Add auth hook for PAC parsingAndrew Bartlett1-2/+128
This will allow gensec_gse to parse the PAC. This is a copy from source3/rpc_server/dcesrv_generic.c to preserve behaviour. A future commit will enable the samlogon cache. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-12s3-waf: auth_netlogond depends on tldap.Andreas Schneider1-0/+1
Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Thu Jan 12 17:33:10 CET 2012 on sn-devel-104
2012-01-05s3-auth Remove more unused headersAndrew Bartlett1-3/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth remove unused ntlmssp.hAndrew Bartlett1-1/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth Remove ntlmssp_wrap.h which is no longer requiredAndrew Bartlett2-2/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth use gensec directly rather than via auth_generic_stateAndrew Bartlett2-44/+24
This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth Set remote address for both AD and s3 gensec modesAndrew Bartlett1-2/+0
2012-01-05s3-auth re-create the auth context in the s3 ntlmssp server moduleAndrew Bartlett4-61/+8
This removes the abstraction violation in auth_generic.c. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth Add TALLOC_CTX * to auth_generic_prepare()Andrew Bartlett2-3/+4
This makes the long term owner of this memory more clear. So far only the clear cases have been moved from NULL however. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth supply s3 ntlmssp module via gensec_settingsAndrew Bartlett1-24/+11
This will allow the supply of multiple modules in future without duplicating the module selection logic. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-28s3-auth Fix talloc parent for s4 event context in auth_samba4Andrew Bartlett1-1/+1
2011-12-28s3-auth: Remove protype for already-removed auth_ntlmssp_startAndrew Bartlett1-1/+0
2011-12-22s3-auth split the auth_generic functions into a seperate fileAndrew Bartlett3-158/+191
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth remove auth_ntlmssp_start(), call auth_generic_start() directlyAndrew Bartlett1-5/+0
This makes it clear that this can support more than just NTLMSSP. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()Andrew Bartlett2-3/+3
This function handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth rename auth_ntlmssp_state -> auth_generic_stateAndrew Bartlett2-10/+10
This structure handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth Restore shortcut for guest security tokenAndrew Bartlett1-11/+11
This was lost when the server_info and session_info structures were split. This helps avoid doing lookups for the guest account to determine the uid/gid and SID values. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Dec 22 15:51:09 CET 2011 on sn-devel-104
2011-11-03s3:auth: s/Undefined/SMB_SIGNING_DEFAULT/Stefan Metzmacher2-2/+3
metze
2011-11-02s3-waf: convert libcli_netlogon3 into a private library.Günther Deschner1-1/+1
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Nov 2 18:34:55 CET 2011 on sn-devel-104
2011-11-02s3-waf: move trusts_util.c code into a private library.Günther Deschner1-2/+2
Guenther
2011-10-24idl: Improve MS-PAC IDLSimo Sorce3-15/+15
Change some misleading variable names to reflect the actual function. Add missing field name/types previously marked as unkown. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
2011-10-21s3-auth remove auth_ntlmssp_session_info()Andrew Bartlett2-14/+0
Instead, call gensec_session_info() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-auth move the s3 auth context onto gensec_ntlmssp once we startAndrew Bartlett1-2/+2
We do not need it on the auth_ntlmssp_state any longer. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 18 13:54:36 CEST 2011 on sn-devel-104
2011-10-18s3:auth_util: add the uid with WBC_ID_TYPE_BOTH also to the group arrayStefan Metzmacher1-2/+4
This will help with having "sidHistory" support in future. metze
2011-10-18gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett1-1/+2
This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-ntlmssp Implement the server-side auth_ntlmssp code as a GENSEC moduleAndrew Bartlett2-85/+228
This uses the top level gensec_ntlmssp helper functions which are identical to the parts of ntlmssp_wrap.c that are now not called. (Includes formatting and correctness fixes from Metze) Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett1-1/+1
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-auth Add my copyrightAndrew Bartlett1-1/+1
I have done plenty of work here, I deserve some of the blame :-) Andrew Bartlett
2011-10-17Fix uninitialized memory problem in group_sids_to_info3 (fixes bug #8455).Wilco Baan Hofman1-2/+2
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Oct 17 23:32:58 CEST 2011 on sn-devel-104
2011-10-17s3-auth: remove dead prototype.Günther Deschner1-1/+0
Guenther
2011-10-14s3-auth: token_util needs system/passwd.h.Günther Deschner1-0/+1
Guenther
2011-10-13s4-messaging: Pass the loadparm context, not just the messaging pathAndrew Bartlett1-1/+1
This will allow the TDB layer to get at the lp_ctx for tdb options. Andrew Bartlett
2011-10-11auth: move credentials layer to the top levelAndrew Bartlett1-1/+1
This will allow gensec_start.c to move to the top level. This does not change what code uses the cli_credentials code, but allows the gensec code to be more broadly. Andrew Bartlett
2011-09-23s3-winbindd: add support for idmap type WBC_ID_TYPE_BOTHAndrew Tridgell1-1/+2
this allows the s3 code to understand and cache responses from the s4 winbindd which may include a single SID mapped to both a uid and a gid Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Fri Sep 23 01:47:54 CEST 2011 on sn-devel-104
2011-09-19s4:auth - remove unused variablesMatthias Dieter Wallnöfer1-1/+0
Reviewed-by: Jelmer
2011-09-17s3: Fix bug 8455 -- Samba PDC is looking up only primary user groupVolker Lendecke1-7/+7
group_sids_to_info3 does a sid_peek_check_rid on the domain sid before adding the rids to the array. If the domain sid is 0x0, then the check will always fail. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sat Sep 17 00:51:27 CEST 2011 on sn-devel-104
2011-09-15s3:auth_server: make use of cli_state_server_challenge()Stefan Metzmacher1-7/+5
metze
2011-09-15s3:libsmb: pass max_protocol to cli_negprot()Stefan Metzmacher1-1/+1
metze
2011-09-13s3:auth_server: make use of cli_state_security_mode()Stefan Metzmacher1-3/+9
metze
2011-09-12Move the talloc_move call until *after* the check on status. Don't want to ↵Jeremy Allison1-3/+3
move something that might be invalid. Makes the code match what is currently in 3.6.x. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Sep 12 22:21:24 CEST 2011 on sn-devel-104
2011-09-12s3-auth: fix uninitialized server_infoSumit Bose1-0/+4
Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Sep 12 17:44:46 CEST 2011 on sn-devel-104
2011-09-08s3:libsmb: pass CLI_FULL_CONNECTION_* flags via cli_connect_nb()Stefan Metzmacher1-4/+3
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Sep 8 10:21:50 CEST 2011 on sn-devel-104
2011-08-03s3-ntlmssp Remove a level of nesting in if/else statementAndrew Bartlett1-3/+2
2011-08-03selftest: test plugin_s4_dc against all ncacn_np testsAndrew Bartlett4-1/+41
Changes to the s3 epmapper behaviour seem to have fixed the rest of these tests. Andrew Bartlett
2011-08-03s3-ntlmssp clarify session key behaviour after create_local_token() changesAndrew Bartlett1-2/+1
2011-08-03s3-ntlmssp Remove auth_ntlmssp_state_destructor, use the talloc tree insteadAndrew Bartlett1-16/+5
2011-08-03s3-auth directly return the result of make_server_info_guest()Andrew Bartlett1-2/+2
2011-08-03s3-auth rename auth_ntlmssp_steal_session_info()Andrew Bartlett2-6/+6
There is no longer any theft of memory as the underlying routines now produce a new auth_session_info for this caller, allocating it on the supplied memory context. Andrew Bartlett