Age | Commit message (Collapse) | Author | Files | Lines |
|
Instead, call gensec_session_info() directly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
We do not need it on the auth_ntlmssp_state any longer.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 18 13:54:36 CEST 2011 on sn-devel-104
|
|
This will help with having "sidHistory" support in future.
metze
|
|
This avoids keeping the event context around on a the gensec_security
context structure long term.
In the Samba3 server, the event context we either supply is a NULL
pointer as no server-side modules currently use the event context.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This uses the top level gensec_ntlmssp helper functions which are identical
to the parts of ntlmssp_wrap.c that are now not called.
(Includes formatting and correctness fixes from Metze)
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This brings in the code from both libcli/auth and
source4/auth/ntlmssp.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
I have done plenty of work here, I deserve some of the blame :-)
Andrew Bartlett
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Oct 17 23:32:58 CEST 2011 on sn-devel-104
|
|
Guenther
|
|
Guenther
|
|
This will allow the TDB layer to get at the lp_ctx for tdb options.
Andrew Bartlett
|
|
This will allow gensec_start.c to move to the top level. This does not change
what code uses the cli_credentials code, but allows the gensec code to be
more broadly.
Andrew Bartlett
|
|
this allows the s3 code to understand and cache responses from the s4
winbindd which may include a single SID mapped to both a uid and a gid
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Fri Sep 23 01:47:54 CEST 2011 on sn-devel-104
|
|
Reviewed-by: Jelmer
|
|
group_sids_to_info3 does a sid_peek_check_rid on the domain sid before adding
the rids to the array. If the domain sid is 0x0, then the check will always
fail.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Sep 17 00:51:27 CEST 2011 on sn-devel-104
|
|
metze
|
|
metze
|
|
metze
|
|
move something that might be invalid.
Makes the code match what is currently in 3.6.x.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Sep 12 22:21:24 CEST 2011 on sn-devel-104
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Sep 12 17:44:46 CEST 2011 on sn-devel-104
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Sep 8 10:21:50 CEST 2011 on sn-devel-104
|
|
|
|
Changes to the s3 epmapper behaviour seem to have fixed the rest of these
tests.
Andrew Bartlett
|
|
|
|
|
|
|
|
There is no longer any theft of memory as the underlying routines now
produce a new auth_session_info for this caller, allocating it
on the supplied memory context.
Andrew Bartlett
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This structure element was only written to, not read.
It is filled into the companion structure, auth_session_info()
by create_local_token().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Rather than passing this value around the callers, and eventually
setting it in register_existing_vuid(), we simply pass it to
create_local_token(). This also removes the need for
auth_ntlmssp_get_username().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This helps map on to the GENSEC semantics better, and ensures that the
full set of desired features are set before the mechanism starts.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
GENSEC has the concept of starting the GENSEC subsystem before starting the
actual mechansim. Between these two stages is when most context methods
are called, to specify credentials and features.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This allows the current behaviour of the NTLMSSP code to be unchanged
while adding a way to hook in an alternate implementation via an auth
module.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This will allow auth plugins such as auth_samba4 to provide an initialised
GENSEC context to auth subsystem callers.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This means we can't ever call make_server_info_guest() twice.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This means we no longer need two different map to guest functions
and have consistent logic with fewer layering violations.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
metze
|
|
All other auth modules code with being called with
auth_method->private_data being NULL, make the auth_server
module cope with this too.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Jul 23 02:55:01 CEST 2011 on sn-devel-104
|
|
metze
|
|
metze
|
|
metze
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jul 22 01:58:39 CEST 2011 on sn-devel-104
|
|
|
|
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Jul 20 02:31:15 CEST 2011 on sn-devel-104
|
|
|
|
|
|
All the callers allocate ->info3 as a talloc child already.
As regardes the TALLOC_ZERO(), I added this originally out of parinoia
many years ago. We do not consistantly zero session keys in memory,
and for NTLMv2 and Kerberos they are random for each sesssion, so
breaking into smbd far enough to read an old session key isn't a
particularly interesting attack, compared with (say) reading the
keytab or the password database. (NTLM and LM session keys are fixed
derivitives of the passwords however).
Andrew Bartlett
|
|
|
|
Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|