summaryrefslogtreecommitdiff
path: root/source3/include/auth.h
AgeCommit message (Collapse)AuthorFilesLines
2011-07-20s3-auth Use guest boolean in auth_user_info_unixAndrew Bartlett1-1/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use struct auth_user_info_unix for unix_name and sanitized_usernameAndrew Bartlett1-10/+1
This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use *unix_token rather than utok in struct auth3_session_infoAndrew Bartlett1-1/+1
This brings this structure one step closer to the struct auth_session_info. A few SMB_ASSERT calls are added in some key places to ensure that this pointer is initialised, to make tracing any bugs here easier in future. NOTE: Many of the users of this structure should be reviewed, as unix and NT access checks are mixed in a way that should just be done using the NT ACL. This patch has not changed this behaviour however. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Add struct auth3_session_info to aid transition to auth_session infoAndrew Bartlett1-0/+49
This will allow a gradual conversion of the required elements from the current struct auth_serversupplied_info. This commit adds the structure definition and some helper functions to copy between the two structures. At this stage these structures and functions are IDENTICAL to the existing code, and so show the past history of that code. The plan is to slowly modify them over the course of the patch series, so that the changes being made a clear. By using a seperate structure to auth_serversupplied_info we can remove elements that are not needed after the authentication, and we can choose a layout that best reflects the needs of runtime users, rather than the internals of the authentication subsystem. By eventually using the auth_session_info from auth.idl, we will gain a single session authorization structure across the whole codebase, allowing more code to be shared, and a much more transparent process for forwarding authorization credentials over the named pipe proxy. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-04-05s3-auth Rename user_session_key -> session_key to match auth_session_infoAndrew Bartlett1-1/+1
2011-03-30s3-auth: move auth prototypes to auth/proto.h.Günther Deschner1-0/+2
Guenther
2011-03-01s3-auth struct security_unix_token replaces UNIX_USER_TOKENAndrew Bartlett1-1/+1
2011-02-10s3-auth Remove unused pam_handleAndrew Bartlett1-2/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-02-10s3-auth Rename cryptic 'ptok' to security_tokenAndrew Bartlett1-1/+1
This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Fix typo in commentAndrew Bartlett1-1/+1
2010-09-11s3:auth Remove NT_USER_TOKENAndrew Bartlett1-1/+1
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14s3:auth Make Samba3 use the new common struct auth_usersupplied_infoAndrew Bartlett1-22/+3
This common structure will make it much easier to produce an auth module for s3compat that calls Samba4's auth subsystem. In order the make the link work properly (and not map twice), we mark both that we did try and map the user, as well as if we changed the user during the mapping. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-07-19s3-auth: Simplify how we free the auth_contextSimo Sorce1-1/+0
Turn the freeing function into a destructor and attach it to the auth_context. Make all callers TALLOC_FREE() the auth_context instead of calling the free function. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth Rename user_info->domain -> user_info->mapped.domain_nameAndrew Bartlett1-1/+0
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->client_domain -> user_info->client.domain_nameAndrew Bartlett1-1/+1
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth fix header comment for internal_username -> mapped.account_nameAndrew Bartlett1-1/+1
2010-06-07s3:auth Rename user_info->internal_username -> user_info->mapped.account_nameAndrew Bartlett1-1/+1
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth Rename user_info->smb_name -> user_info->client.account_nameAndrew Bartlett1-1/+3
This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
2010-06-07s3:auth remove unused structure memberSimo Sorce1-4/+0
sids are now completely handled using info3, remove dead code that fills server info sids and the structure members themselves Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07s3:auth handle unix domain sids in samuSimo Sorce1-0/+12
When we generate a user out of thin air we may end up adding sids that are not part of the sam domain (unix domain sids). Handle the case and preserve these sids as extra sids. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-01s3:auth Rename wksta_name -> workstation_name in auth_usersupplied_infoAndrew Bartlett1-1/+1
2010-05-31s3-auth: add "system" bool flag to auth_serversupplied_info.Günther Deschner1-0/+1
Guenther
2010-05-31s3:auth Remove AUTH_NTLMSSP_STATE typedef.Andrew Bartlett1-1/+1
typedefs are no longer preferred Samba style. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31s3:auth Make AUTH_NTLMSSP_STATE a private structure.Andrew Bartlett1-6/+1
This makes it a little easier for it to writen in terms of GENSEC in future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-27s3:auth Add comment to clarify usage of session keys.Simo Sorce1-0/+10
Explain why we have what looks like a duplicate of session keys. It is in fact not a duplicate.
2010-05-27s3:auth remove login_server from server infoSimo Sorce1-2/+0
It is not used anymore, we have that information in info3->base.logon_server already
2010-05-28s3:auth use info3 in auth_serversupplied_infoSimo Sorce1-1/+1
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-1/+1
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-13s3:auth Make get_ntlm_challenge more like Samba4Andrew Bartlett1-2/+2
This helps with the upcoming NTLMSSP merge, and allows errors to be returned. Andrew Bartlett
2010-04-11s3: Make "auth_context" its own talloc parentVolker Lendecke1-1/+0
Remove "mem_ctx" from "struct auth_context"
2010-01-10s3: Remove the typedef for "auth_serversupplied_info"Volker Lendecke1-3/+3
2010-01-10s3: Remove the typedef for "auth_usersupplied_info"Volker Lendecke1-2/+2
2009-02-21Remove the static "chal" from ntlmssp.c:get_challenge()Volker Lendecke1-1/+2
2009-01-20Fix some nonempty blank linesVolker Lendecke1-11/+11
2008-06-19Wrap the unix token info in a unix_user_token in auth_serversupplied_infoVolker Lendecke1-7/+2
No functional change, this is a preparation for more current_user ref removal (This used to be commit dcaedf345e62ab74ea87f0a3fa1e3199c75c5445)
2008-05-07Rename server_info->was_mapped to server_info->nss_tokenVolker Lendecke1-1/+5
"nss_token" from my point of view much better reflects what this flag actually represents (This used to be commit b121a5acb2ef0bb3067d953b028696175432f10d)
2008-05-05Remove "userdom_struct user" from "struct user_struct"Volker Lendecke1-1/+9
(This used to be commit 420de035237bb08bc470c9eb820f3da2edaa6805)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-5/+5
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r21870: Move sending auth_server keepalives out of the main loop into an ↵Volker Lendecke1-6/+0
idle event. Volker (This used to be commit 6226b30f38cd82531422815ba66a687aab50028d)
2007-10-10r15475: Ugly and disgusting patch to fix the username map problem I created byVolker Lendecke1-0/+2
changing the token generation. I *hate* this code! Jerry, you have been looking at this as well, can you double-check that I did not screw it up? Thanks, Volker (This used to be commit 2765c4ff8d44c970db3e075b0a2412662f1936c6)
2007-10-10r13576: This is the beginnings of moving the SAM_ACCOUNT data structureGerald Carter1-1/+1
to make full use of the new talloc() interface. Discussed with Volker and Jeremy. * remove the internal mem_ctx and simply use the talloc() structure as the context. * replace the internal free_fn() with a talloc_destructor() function * remove the unnecessary private nested structure * rename SAM_ACCOUNT to 'struct samu' to indicate the current an upcoming changes. Groups will most likely be replaced with a 'struct samg' in the future. Note that there are now passbd API changes. And for the most part, the wrapper functions remain the same. While this code has been tested on tdb and ldap based Samba PDC's as well as Samba member servers, there are probably still some bugs. The code also needs more testing under valgrind to ensure it's not leaking memory. But it's a start...... (This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-19/+10
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13095: Fix warnings assigning int to a size_t.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 1ca4abffd04bcc46b61acdc12444f3e2aad0afed)
2007-10-10r11573: Adding Andrew Bartlett's patch to make machine accountJeremy Allison1-10/+8
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes the auth module interface to 2 (from 1). The effect of this is that clients can access resources as a machine account if they set these flags. This is the same as Windows (think of a VPN where the vpn client authenticates itself to a VPN server using machine account credentials - the vpn server checks that the machine password was valid by performing a machine account check with the PDC in the same was as it would a user account check. I may add in a restriction (parameter) to allow this behaviour to be turned off (as it was previously). That may be on by default. Andrew Bartlett please review this change carefully. Jeremy. (This used to be commit d1caef866326346fb191f8129d13d98379f18cd8)
2007-10-10r8432: Fix #2077 - login to trusted domain doesn't allow home drive map and ↵Jim McDonough1-0/+2
login scripts to be executed. We were filling in our name as the server which processed the login, even when it was done by a trusted DC. Thanks to John Janosik <jpjanosi@us.ibm.com> for the fix. (This used to be commit 0446319a3b8096df385978449ffaa231bc5cfd0c)
2007-10-10r4976: Try to scare people off from trying to write authentication modulesAndrew Bartlett1-0/+4
that only acheive as much as 'security=server' does. Andrew Bartlett (This used to be commit fb694f2b1a809d221f48f9b9b0e54e9512325bae)
2007-10-10r69: Global rename of 'nt_session_key' -> 'user_session_key'. The session ↵Andrew Bartlett1-1/+1
key could be anything, and may not be based on anything 'NT'. This is also what microsoft calls it. (This used to be commit 724e8d3f33719543146280062435c69a835c491e)
2004-04-03Fix most of bug #169.Andrew Bartlett1-22/+2
For a (very) long time, we have had a bug in Samba were an NTLMv2-only PDC would fail, because it converted the password into NTLM format for checking. This patch performs the direct comparison required for interactive logons to function in this situation. It also removes the 'auth flags', which simply where not ever used. Natrually, this plays with the size of structures, so rebuild, rebuild rebuild... Andrew Bartlett (This used to be commit 9598593bcf2d877b1d08cd6a7323ee0bc160d4ba)
generated by cgit (git 2.34.1) at 2024-07-12 04:20:26 +0000