summaryrefslogtreecommitdiff
path: root/source4/auth/auth.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r25446: Merge some changes I made on the way home from SFO:Jelmer Vernooij1-1/+1
2007-09-29 More higher-level passing around of lp_ctx. 2007-09-29 Fix warning. 2007-09-29 Pass loadparm contexts on a higher level. 2007-09-29 Avoid using global loadparm context. (This used to be commit 3468952e771ab31f90b6c374ade01c5550810f42)
2007-10-10r25430: Add the loadparm context to all parametric options.Jelmer Vernooij1-3/+3
(This used to be commit fd697d77c9fe67a00939a1f04b35c451316fff58)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij1-1/+1
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25047: Fix more warnings.Jelmer Vernooij1-7/+8
(This used to be commit 69de86d2d2e49439760fbc61901eb87fb7fc5d55)
2007-10-10r25035: Fix some more warnings, use service pointer rather than service ↵Jelmer Vernooij1-3/+3
number in more places. (This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r25000: Fix some more C++ compatibility warnings.Jelmer Vernooij1-2/+1
(This used to be commit 08bb1ef643ab906f1645cf6f32763dc73b1884e4)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23680: Make it easier to setup a domain member server - the 'server role'Andrew Bartlett1-4/+29
will now control the auth methods, but an override is still available, ex: auth methods:domain controller = <methods> Andrew Bartlett (This used to be commit b7e727186ed8eda6a68c873e089f655dc24fe8ae)
2007-10-10r19507: Merge my DSO fixes branch. Building Samba's libraries as shared ↵Jelmer Vernooij1-1/+1
libraries works again now, by specifying --enable-dso to configure. (This used to be commit 7a01235067a4800b07b8919a6a475954bfb0b04c)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij1-1/+1
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17381: - we don't need debug messages twiceStefan Metzmacher1-12/+2
- also user_info->mapped is maybe uninitialized in auth_password_check() as it we do the mapping in auth_password_check_send() that to Kai Blin <kai.blin@gmail.com> and valgrind to find this bug metze (This used to be commit d88aabef64316cebca46037b67dd2df7cfd4d482)
2007-10-10r17341: pass a messaging context to auth_context_create()Stefan Metzmacher1-12/+15
and gensec_server_start(). calling them with NULL for event context or messaging context is no longer allowed! metze (This used to be commit 679ac74e71b111344f1097ab389c0b83a9247710)
2007-10-10r17273: add an async version of auth_check_password() on the publicStefan Metzmacher1-31/+184
auth interface and implement the sync version as wrapper to auth_check_password_send/recv() as next all callers need to be converted to the async interface and then the modules metze (This used to be commit ed40bb3c16279f9727be67e889270da5efb8ddb9)
2007-10-10r17270: split the logic of saying this auth backend wants to handle thisStefan Metzmacher1-8/+12
request from the password checking. This will help to make the password checking hook async later metze (This used to be commit 5b26cbc3428b4c186235cc08c9ace1c23f59dd7f)
2007-10-10r15298: Fix the build using a few hacks in the build system.Jelmer Vernooij1-0/+1
Recursive dependencies are now forbidden (the build system will bail out if there are any). I've split up auth_sam.c into auth_sam.c and sam.c. Andrew, please rename sam.c / move its contents to whatever/wherever you think suits best. (This used to be commit 6646384aaf3e7fa2aa798c3e564b94b0617ec4d0)
2007-10-10r14952: Make sure the auth subsystem gets initialized if a gensec module ↵Jelmer Vernooij1-2/+14
needs it. (This used to be commit ecf84248b48783fb0ccbeff4d37d930b21fb96df)
2007-10-10r14575: Move some path-related functions to libsamba-config so libsamba-utilJelmer Vernooij1-1/+1
doesn't have to depend on the lp_* functions. (This used to be commit f97df7d90a41b77a9edd2d6bdc47c27bf1b6bb07)
2007-10-10r13969: Make these names lowercase as well (just like they are now in the ↵Jelmer Vernooij1-1/+1
buildsystem) (This used to be commit 04c49e211fc4f80e03d9322b983bbde15baba640)
2007-10-10r13655: Use new name of build headerJelmer Vernooij1-1/+1
(This used to be commit bca0e8054f6d9c7adc9d92e0c30d4323f994c9e9)
2007-10-10r12499: Move smb_build.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit c92ace494f92084ddf178626cdf392d151043bc7)
2007-10-10r12494: Support loading modules from .so files for most subsystems.Jelmer Vernooij1-0/+8
We now use a different system for initializing the modules for a subsystem. Most subsystems now have an init function that looks something like this: init_module_fn static_init[] = STATIC_AUTH_MODULES; init_module_fn *shared_init = load_samba_modules(NULL, "auth"); run_init_functions(static_init); run_init_functions(shared_init); talloc_free(shared_init); I hope to eliminate the other init functions later on (the init_programname_subsystems; defines). (This used to be commit b6d2ad4ce0a91c4be790dd258820c492ff1787ea)
2007-10-10r8700: Propmted by tridge's need to do plaintext auth in ejs, rework theAndrew Bartlett1-13/+13
user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2007-10-10r8520: fixed a pile of warnings from the build farm gcc -Wall output onAndrew Tridgell1-2/+2
S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell1-1/+14
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r4620: - add interface functions to the auth subsystem so that callers ↵Stefan Metzmacher1-281/+122
doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
2007-10-10r4052: fixed a bunch of code to use the type safe _p allocation macrosAndrew Tridgell1-2/+3
(This used to be commit 80d15fa3402a9d1183467463f6b21c0b674bc442)
2007-10-10r3876: fix compiler warningsStefan Metzmacher1-2/+2
metze (This used to be commit 9ad3837dbad6dbf5ee0122be2bbffac325ece9be)
2007-10-10r3737: - Get rid of the register_subsystem() and register_backend() functions.Jelmer Vernooij1-19/+1
- Re-disable tdbtool (it was building fine on my Debian box but other machines were having problems) (This used to be commit 0d7bb2c40b7a9ed59df3f8944133ea562697e814)
2007-10-10r3586: Fix some of the issues with the module init functions.Jelmer Vernooij1-14/+5
Both subsystems and modules can now have init functions, which can be specified in .mk files (INIT_FUNCTION = ...) The build system will define : - SUBSYSTEM_init_static_modules that calls the init functions of all statically compiled modules. Failing to load will generate an error which is not fatal - BINARY_init_subsystems that calls the init functions (if defined) for the subsystems the binary depends on This removes the hack with the "static bool Initialised = " and the "lazy_init" functions (This used to be commit 7a8244761bfdfdfb48f8264d76951ebdfbf7bd8a)
2007-10-10r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ↵Andrew Tridgell1-0/+1
ioctl.h) (This used to be commit b97e395c814762024336c1cf4d7c25be8da5813a)
2007-10-10r3453: - split out the auth and popt includesAndrew Tridgell1-0/+1
- tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
2007-10-10r3361: Allow Samba4 (I'm interested in ntlm_auth in particular) to useAndrew Bartlett1-0/+4
Samba3's winbind. This is also the start of domain membership code in Samba4, as we now (partially) parse the info3, and use it like Samba3 does. Andrew Bartlett (This used to be commit c1b7303c1c7d9fb815006c3bd2af20a0010d15a8)
2007-10-10r2648: - use a destructor on struct server_connection to simplify theAndrew Tridgell1-17/+14
connection termination cleanup, and to ensure that the event contexts are properly removed for every process model - gave auth_context the new talloc treatment, which removes another source of memory leaks. (This used to be commit 230e1cd777b0fba82dffcbd656cfa23c155d0560)
2007-10-10r1982: i is not initialised or usedAndrew Tridgell1-2/+1
(This used to be commit db4bc88f9aeaa59f08b9b447a8b2256c9c9c5fb0)
2007-10-10r1498: (merge from 3.0)Andrew Bartlett1-1/+1
Rework our random number generation system. On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). This also requires that we start the secrets subsystem, as that is where the reseed value is stored, for systems without /dev/urandom. In order to aviod identical streams in forked children, the random state is re-initialised after the fork(), at the same point were we do that to the tdbs. Andrew Bartlett (This used to be commit b97d3cb2efd68310b1aea8a3ac40a64979c8cdae)
2007-10-10r1486: commit the start of the generic server infastructureStefan Metzmacher1-0/+5
the idea is to have services as modules (smb, dcerpc, swat, ...) the process_model don't know about the service it self anymore. TODO: - the smbsrv should use the smbsrv_send function - the service subsystem init should be done like for other modules - we need to have a generic socket subsystem, which handle stream, datagram, and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server , or for smb or dcerpc or whatever to connect to a server wide auth service) - and other fixes... NOTE: process model pthread seems to be broken( but also before this patch!) metze (This used to be commit bbe5e00715ca4013ff0dbc345aa97adc6b5c2458)
2007-10-10r1292: Add const to the subsystem/module registration code.Andrew Bartlett1-2/+9
Add some 'multi init' code, until we get a better set of infrustructure. Andrew Bartlett (This used to be commit 982422b2d286335378531ae9523e74192340af3c)
2007-10-10r1067: fix compiler warningsStefan Metzmacher1-1/+1
metze (This used to be commit e5d338821e590c49947a18a5d5c361122571988d)
2007-10-10r1058: The start of work on the SamLogon call for NETLOGON.Andrew Bartlett1-3/+7
This starts to store information about the user in the server_info struct - like the account name, the full name etc. Also, continue to make the names of the structure elements in the logon reply more consistant with those in the SAMR pipe. Andrew Bartlett (This used to be commit 3ccd96bd945e0fd95e42c69ad8ff07055af2e62b)
2007-10-10r1019: Push the auth subsystem away from using typedef, and over to the 'allAndrew Bartlett1-6/+6
goodness and light' struct ;-) Break apart the auth subsystem's return strucutres, into the parts that a netlogon call cares about, and the parts that are for a local session. This is the 'struct session_info' and it will almost completly replace the current information stored on a vuid, but be generic to all login methods (RPC over TCP, for example). Andrew Bartlett (This used to be commit d199697014d9562f9439a30b950fda798c5ef419)
2007-10-10r961: convert 'uchar' to 'uint8_t'Stefan Metzmacher1-2/+2
metze (This used to be commit 9f914e4af99e18b469d4cf9d8b1514a2bd28ddec)
2007-10-10r890: convert samba4 to use [u]int8_t instead of [u]int8Stefan Metzmacher1-1/+1
metze (This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
2007-10-10r719: Follow the trend - remove more unused functions.Andrew Bartlett1-3/+0
Andrew Bartlett (This used to be commit 62eef851fd79b2739b93b4ed7829514a3dcbf1d0)
2007-10-10r614: Clean out the POSIX assumptions from the Samba4 auth subsystem.Andrew Bartlett1-6/+0
This removes the code that tried to lookup posix groups, as well as the code that was tied to the SAM_ACCOUNT. This should make auth_ldb much easier to write :-) Andrew Bartlett (This used to be commit e096ee2112adecaa69b6b3eb155a4e8f80dfc0f7)
2007-10-10r448: Fix 'auth' in Samba4, by making 'auth methods' a normal smb.confAndrew Bartlett1-41/+0
paramter, without special links to other variables. When we get 'server role' ideas back into Samba4, we can fix this properly. The default is: guest, sam_ignoredomain which is the expected behaviour for a stand-alone server. Andrew Bartlett (This used to be commit 56ebc4275fedc8141d43a4ae9a4f4f0e1eccaf49)
2007-10-10r443: Update Samba4 to the auth and NTLMSSP code from Samba3.Andrew Bartlett1-34/+43
Not all the auth code is merged - only those parts that are actually being used in Samba4. There is a lot more work to do in the NTLMSSP area, and I hope to develop that work here. There is a start on this here - splitting NTLMSSP into two parts that my operate in an async fashion (before and after the actual authentication) Andrew Bartlett (This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f)
2004-02-03- port AUTH and PASSDB subsystems to newStefan Metzmacher1-48/+126
SMB_SUBSYSTEM() scheme - some const fixes in ntvfs metze (This used to be commit af89a78123068767b1d134969c5651a0fd978b0d)
2003-12-12 * the RPC-ECHO pipe now works in smbd, as long as the data sizesAndrew Tridgell1-2/+1
don't cause fragmented pdus (I'll add fragments shortly) * change data_blob_talloc() to not zero memory when the 2nd argument is NULL. The zeroing just masks bugs, and can't even allow a DOS attack * modified pidl to ensure that [ref] arguments to the out side of functions are allocated when parsing the in side. This allows rpc backends to assume that [ref] variables are all setup. Doesn't work correctly for [ref] arrays yet * changed DLIST_ADD_END() to take the type instead of a tmp variable. This means you don't need to declare a silly tmp variable in the caller (This used to be commit 46e0a358198eeb9af1907ee2a29025d3ab23b6d1)
2003-10-30- a few portability fixes from Jim MyersAndrew Tridgell1-8/+8
- added SMBD_LISTEN_BACKLOG in local.h - added the beginnings of a ndr/rpc parsing framework for Samba4. It currently correctly parses security descriptors for the nttrans QUERY_SECDESC call, but I hope it will become a reasonable framework that an idl based generator can work to (This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)