summaryrefslogtreecommitdiff
path: root/source4/auth/auth.h
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r8700: Propmted by tridge's need to do plaintext auth in ejs, rework theAndrew Bartlett1-13/+29
user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell1-0/+3
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r7224: add some more usefull data to the auth_usersupplied_info structSimo Sorce1-0/+7
(This used to be commit e40c44e9cdc0be7c52207f8479568804e7d9cff2)
2007-10-10r6498: Add comments in line with those I already added to 3.0.Andrew Bartlett1-0/+7
Please don't re-invent security=server :-) Andrew Bartlett (This used to be commit b3a38e9c8ce9758db31aec53db29290a240868be)
2007-10-10r6458: Split up NTLMSSP into a new directory, and into seperate files for theAndrew Bartlett1-1/+0
client and server logic code. In future, this may allow us to build only the NTLMSSP client, and not the server, but in the short-term, it allows me greater sainity in moving around these files. Andrew Bartlett (This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
2007-10-10r6113: Move GENSEC and the kerberos code out of libcli/auth, and intoAndrew Bartlett1-3/+3
auth/gensec and auth/kerberos. This also pulls the kerberos configure code out of libads (which is otherwise dead), and into auth/kerberos/kerberos.m4 Andrew Bartlett (This used to be commit e074d63f3dcf4f84239a10879112ebaf1cfa6c4f)
2007-10-10r5137: fix typesStefan Metzmacher1-3/+3
metze (This used to be commit add1c579375d08040f722946da31ee3862f9e7ac)
2007-10-10r4620: - add interface functions to the auth subsystem so that callers ↵Stefan Metzmacher1-75/+46
doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
2007-10-10r4147: converted from NT_USER_TOKEN to struct security_tokenAndrew Tridgell1-7/+2
this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
2007-10-10r3571: rough guesses at what abartlet really wanted to do in his last commitAndrew Tridgell1-0/+1
(which I suspect was missing some pieces) this at least fixes the build so i can keep going on pvfs. Please review/fix Andrew. (This used to be commit bffd18d09df04c1e492ef12f744ff4b6c561d53c)
2007-10-10r3453: - split out the auth and popt includesAndrew Tridgell1-0/+5
- tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
2007-10-10r3361: Allow Samba4 (I'm interested in ntlm_auth in particular) to useAndrew Bartlett1-0/+1
Samba3's winbind. This is also the start of domain membership code in Samba4, as we now (partially) parse the info3, and use it like Samba3 does. Andrew Bartlett (This used to be commit c1b7303c1c7d9fb815006c3bd2af20a0010d15a8)
2007-10-10r2648: - use a destructor on struct server_connection to simplify theAndrew Tridgell1-1/+0
connection termination cleanup, and to ensure that the event contexts are properly removed for every process model - gave auth_context the new talloc treatment, which removes another source of memory leaks. (This used to be commit 230e1cd777b0fba82dffcbd656cfa23c155d0560)
2007-10-10r2643: convert more of the auth subsyystem to the new talloc methods. ThisAndrew Tridgell1-4/+0
also fixes a memory leak found with --leak-check. (This used to be commit f19201ea274f0a542314c61c4af676197bf154ad)
2007-10-10r1334: remove unused stuffStefan Metzmacher1-11/+0
metze (This used to be commit 7a8786269b4f9e4962b51dd734171adf04021c15)
2007-10-10r1294: A nice, large, commit...Andrew Bartlett1-12/+4
This implements gensec for Samba's server side, and brings gensec up to the standards of a full subsystem. This means that use of the subsystem is by gensec_* functions, not function pointers in structures (this is internal). This causes changes in all the existing gensec users. Our RPC server no longer contains it's own generalised security scheme, and now calls gensec directly. Gensec has also taken over the role of auth/auth_ntlmssp.c An important part of gensec, is the output of the 'session_info' struct. This is now reference counted, so that we can correctly free it when a pipe is closed, no matter if it was inherited, or created by per-pipe authentication. The schannel code is reworked, to be in the same file for client and server. ntlm_auth is reworked to use gensec. The major problem with this code is the way it relies on subsystem auto-initialisation. The primary reason for this commit now.is to allow these problems to be looked at, and fixed. There are problems with the new code: - I've tested it with smbtorture, but currently don't have VMware and valgrind working (this I'll fix soon). - The SPNEGO code is client-only at this point. - We still do not do kerberos. Andrew Bartlett (This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
2007-10-10r1136: - added IDL for netr_LogonGetDomainInfo()Andrew Tridgell1-0/+3
- added workstation to auth_session_info in rpc servers - added session key fetch hook in crypto backends in dcesrv - store and fetch seed as well as a session key in schannel ldb - when a client uses schannel to setup a netlogon pipe connection we also need to setup the credentials from the schannel negotiation so credentials chaining works - added server side netr_LogonGetDomainInfo() call (This used to be commit a35459387de3b6a422c5af6f658338fc7e4314b0)
2007-10-10r1067: fix compiler warningsStefan Metzmacher1-1/+1
metze (This used to be commit e5d338821e590c49947a18a5d5c361122571988d)
2007-10-10r1058: The start of work on the SamLogon call for NETLOGON.Andrew Bartlett1-14/+15
This starts to store information about the user in the server_info struct - like the account name, the full name etc. Also, continue to make the names of the structure elements in the logon reply more consistant with those in the SAMR pipe. Andrew Bartlett (This used to be commit 3ccd96bd945e0fd95e42c69ad8ff07055af2e62b)
2007-10-10r1023: Prepare the auth subsystem interfaces for netlogon SamLogon to use.Andrew Bartlett1-8/+20
Andrew Bartlett (This used to be commit b5fa2baaa9e110aa93107b13744e1fc5a64adbb5)
2007-10-10r1019: Push the auth subsystem away from using typedef, and over to the 'allAndrew Bartlett1-10/+24
goodness and light' struct ;-) Break apart the auth subsystem's return strucutres, into the parts that a netlogon call cares about, and the parts that are for a local session. This is the 'struct session_info' and it will almost completly replace the current information stored on a vuid, but be generic to all login methods (RPC over TCP, for example). Andrew Bartlett (This used to be commit d199697014d9562f9439a30b950fda798c5ef419)
2007-10-10r1001: in samba4 we don't(shouldn't) use typedef's anymore...Stefan Metzmacher1-2/+2
metze (This used to be commit ac5f6f7e511a730448012c8a709887827aea2281)
2007-10-10r890: convert samba4 to use [u]int8_t instead of [u]int8Stefan Metzmacher1-1/+1
metze (This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
2007-10-10r685: The SAM is dead! Long live the new SAM! ;-)Andrew Bartlett1-0/+2
This commit kills passdb, which was only hosting the auth subsystem. With the work tridge has done on Samba4's SAM backend, this can (and now is) all hosted on ldb. The auth_sam.c file now references this backend. You will need to assign your users passwords in ldb - adding a new line: unicodePwd: myPass to a record, using ldbedit, should be sufficient. Naturally, this assumes you have had your personal SAMR provisioning tutorial from tridge. Everybody else can still use the anonymous logins. Andrew Bartlett (This used to be commit 2aa0b55fb86648731d5f2201fa5a6aa993b7ca48)
2007-10-10r614: Clean out the POSIX assumptions from the Samba4 auth subsystem.Andrew Bartlett1-9/+0
This removes the code that tried to lookup posix groups, as well as the code that was tied to the SAM_ACCOUNT. This should make auth_ldb much easier to write :-) Andrew Bartlett (This used to be commit e096ee2112adecaa69b6b3eb155a4e8f80dfc0f7)
2007-10-10r443: Update Samba4 to the auth and NTLMSSP code from Samba3.Andrew Bartlett1-22/+22
Not all the auth code is merged - only those parts that are actually being used in Samba4. There is a lot more work to do in the NTLMSSP area, and I hope to develop that work here. There is a start on this here - splitting NTLMSSP into two parts that my operate in an async fashion (before and after the actual authentication) Andrew Bartlett (This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f)
2004-02-03- port AUTH and PASSDB subsystems to newStefan Metzmacher1-0/+175
SMB_SUBSYSTEM() scheme - some const fixes in ntvfs metze (This used to be commit af89a78123068767b1d134969c5651a0fd978b0d)