summaryrefslogtreecommitdiff
path: root/source3/include/auth.h
AgeCommit message (Collapse)AuthorFilesLines
2012-03-13s3-rpc: Decrypt with the proper session key in CreateTrustedDomainEx2.Alexander Bokovoy1-0/+6
On LSA and SAMR pipes session_key is truncated to 16 byte when doing encryption/decryption. However, this was not done for trusted domain-related modifying operations. As result, Samba 4 client libraries do not work against Samba 3 while working against Windows 2008 r2. Solved this by introducing "session_extract_session_key()" function that allows to specify intent of use of the key. Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Tue Mar 13 12:23:44 CET 2012 on sn-devel-104
2012-03-08s3-auth: Remove single-implementation plugin layerAndrew Bartlett1-6/+0
The ->get_ntlm_challenge and ->check_ntlm_password elements of struct auth_context were only ever initialised to a single value. Make it easier to follow by just calling the function directly. Andrew Bartlett
2012-02-24s3-auth: Add a way to get an auth4_context from the auth stackAndrew Bartlett1-1/+6
This will allow us to use the same layer that auth_ntlmssp does in the non-SPNEGO session setup, which will in turn make the authentication code more consistent in the AD server case. Andrew Bartlett
2012-02-01s3-auth Remove unused nt_status_squash from auth_contextAndrew Bartlett1-1/+0
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Feb 1 04:18:50 CET 2012 on sn-devel-104
2012-01-05s3-auth Remove ntlmssp_wrap.h which is no longer requiredAndrew Bartlett1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth use gensec directly rather than via auth_generic_stateAndrew Bartlett1-1/+1
This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth re-create the auth context in the s3 ntlmssp server moduleAndrew Bartlett1-9/+0
This removes the abstraction violation in auth_generic.c. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth rename auth_ntlmssp_state -> auth_generic_stateAndrew Bartlett1-1/+1
This structure handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-auth: use typedefs in auth.hAndrew Bartlett1-8/+14
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-08-03selftest: test plugin_s4_dc against all ncacn_np testsAndrew Bartlett1-0/+2
Changes to the s3 epmapper behaviour seem to have fixed the rest of these tests. Andrew Bartlett
2011-08-03s3-auth clarify the role of these session keysAndrew Bartlett1-8/+6
This comment can be clarified now the auth subsystem does not use the same structure as the rest of the code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-auth remove sanitized_username from auth_serversupplied_infoAndrew Bartlett1-9/+0
This structure element was only written to, not read. It is filled into the companion structure, auth_session_info() by create_local_token(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Split calls to gensec plugin into prepare and startAndrew Bartlett1-4/+5
GENSEC has the concept of starting the GENSEC subsystem before starting the actual mechansim. Between these two stages is when most context methods are called, to specify credentials and features. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-auth Allow auth modules to provide an initialised GENSEC contextAndrew Bartlett1-0/+9
This will allow auth plugins such as auth_samba4 to provide an initialised GENSEC context to auth subsystem callers. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth import auth3_session_info into IDLAndrew Bartlett1-24/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth remove extra from auth3_session_infoAndrew Bartlett1-7/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Remove unused nss_token variableAndrew Bartlett1-5/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth: Remove unused lm_session_key from auth3_session_infoAndrew Bartlett1-1/+0
The long term authorization state needs only the final, negotiated session key, and not the original LM key that may possibly have been an input. The special case of the guest account simply needs both values filled back in with the zeros to avoid changing behaviour in the cached server_info. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use system boolean in auth_user_info_unixAndrew Bartlett1-2/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use guest boolean in auth_user_info_unixAndrew Bartlett1-1/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use struct auth_user_info_unix for unix_name and sanitized_usernameAndrew Bartlett1-10/+1
This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use *unix_token rather than utok in struct auth3_session_infoAndrew Bartlett1-1/+1
This brings this structure one step closer to the struct auth_session_info. A few SMB_ASSERT calls are added in some key places to ensure that this pointer is initialised, to make tracing any bugs here easier in future. NOTE: Many of the users of this structure should be reviewed, as unix and NT access checks are mixed in a way that should just be done using the NT ACL. This patch has not changed this behaviour however. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Add struct auth3_session_info to aid transition to auth_session infoAndrew Bartlett1-0/+49
This will allow a gradual conversion of the required elements from the current struct auth_serversupplied_info. This commit adds the structure definition and some helper functions to copy between the two structures. At this stage these structures and functions are IDENTICAL to the existing code, and so show the past history of that code. The plan is to slowly modify them over the course of the patch series, so that the changes being made a clear. By using a seperate structure to auth_serversupplied_info we can remove elements that are not needed after the authentication, and we can choose a layout that best reflects the needs of runtime users, rather than the internals of the authentication subsystem. By eventually using the auth_session_info from auth.idl, we will gain a single session authorization structure across the whole codebase, allowing more code to be shared, and a much more transparent process for forwarding authorization credentials over the named pipe proxy. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-04-05s3-auth Rename user_session_key -> session_key to match auth_session_infoAndrew Bartlett1-1/+1
2011-03-30s3-auth: move auth prototypes to auth/proto.h.Günther Deschner1-0/+2
Guenther
2011-03-01s3-auth struct security_unix_token replaces UNIX_USER_TOKENAndrew Bartlett1-1/+1
2011-02-10s3-auth Remove unused pam_handleAndrew Bartlett1-2/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-02-10s3-auth Rename cryptic 'ptok' to security_tokenAndrew Bartlett1-1/+1
This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Fix typo in commentAndrew Bartlett1-1/+1
2010-09-11s3:auth Remove NT_USER_TOKENAndrew Bartlett1-1/+1
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14s3:auth Make Samba3 use the new common struct auth_usersupplied_infoAndrew Bartlett1-22/+3
This common structure will make it much easier to produce an auth module for s3compat that calls Samba4's auth subsystem. In order the make the link work properly (and not map twice), we mark both that we did try and map the user, as well as if we changed the user during the mapping. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-07-19s3-auth: Simplify how we free the auth_contextSimo Sorce1-1/+0
Turn the freeing function into a destructor and attach it to the auth_context. Make all callers TALLOC_FREE() the auth_context instead of calling the free function. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth Rename user_info->domain -> user_info->mapped.domain_nameAndrew Bartlett1-1/+0
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->client_domain -> user_info->client.domain_nameAndrew Bartlett1-1/+1
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth fix header comment for internal_username -> mapped.account_nameAndrew Bartlett1-1/+1
2010-06-07s3:auth Rename user_info->internal_username -> user_info->mapped.account_nameAndrew Bartlett1-1/+1
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->smb_name -> user_info->client.account_nameAndrew Bartlett1-1/+3
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth remove unused structure memberSimo Sorce1-4/+0
sids are now completely handled using info3, remove dead code that fills server info sids and the structure members themselves Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth handle unix domain sids in samuSimo Sorce1-0/+12
When we generate a user out of thin air we may end up adding sids that are not part of the sam domain (unix domain sids). Handle the case and preserve these sids as extra sids. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-01s3:auth Rename wksta_name -> workstation_name in auth_usersupplied_infoAndrew Bartlett1-1/+1
2010-05-31s3-auth: add "system" bool flag to auth_serversupplied_info.Günther Deschner1-0/+1
Guenther
2010-05-31s3:auth Remove AUTH_NTLMSSP_STATE typedef.Andrew Bartlett1-1/+1
typedefs are no longer preferred Samba style. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31s3:auth Make AUTH_NTLMSSP_STATE a private structure.Andrew Bartlett1-6/+1
This makes it a little easier for it to writen in terms of GENSEC in future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-27s3:auth Add comment to clarify usage of session keys.Simo Sorce1-0/+10
Explain why we have what looks like a duplicate of session keys. It is in fact not a duplicate.
2010-05-27s3:auth remove login_server from server infoSimo Sorce1-2/+0
It is not used anymore, we have that information in info3->base.logon_server already
2010-05-28s3:auth use info3 in auth_serversupplied_infoSimo Sorce1-1/+1
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-1/+1
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-13s3:auth Make get_ntlm_challenge more like Samba4Andrew Bartlett1-2/+2
This helps with the upcoming NTLMSSP merge, and allows errors to be returned. Andrew Bartlett
2010-04-11s3: Make "auth_context" its own talloc parentVolker Lendecke1-1/+0
Remove "mem_ctx" from "struct auth_context"
2010-01-10s3: Remove the typedef for "auth_serversupplied_info"Volker Lendecke1-3/+3