summaryrefslogtreecommitdiff
path: root/source4/auth/auth_util.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r1294: A nice, large, commit...Andrew Bartlett1-0/+17
This implements gensec for Samba's server side, and brings gensec up to the standards of a full subsystem. This means that use of the subsystem is by gensec_* functions, not function pointers in structures (this is internal). This causes changes in all the existing gensec users. Our RPC server no longer contains it's own generalised security scheme, and now calls gensec directly. Gensec has also taken over the role of auth/auth_ntlmssp.c An important part of gensec, is the output of the 'session_info' struct. This is now reference counted, so that we can correctly free it when a pipe is closed, no matter if it was inherited, or created by per-pipe authentication. The schannel code is reworked, to be in the same file for client and server. ntlm_auth is reworked to use gensec. The major problem with this code is the way it relies on subsystem auto-initialisation. The primary reason for this commit now.is to allow these problems to be looked at, and fixed. There are problems with the new code: - I've tested it with smbtorture, but currently don't have VMware and valgrind working (this I'll fix soon). - The SPNEGO code is client-only at this point. - We still do not do kerberos. Andrew Bartlett (This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
2007-10-10r1146: initially zero server infoAndrew Tridgell1-0/+1
(This used to be commit c1aeaf97b39e1769bd43b21225094bb5128eaab4)
2007-10-10r1142: I think this should fix the interactive logins for tridge - don't takeAndrew Bartlett1-4/+4
sizeof() a pointer... Andrew Bartlett (This used to be commit c1019e6df6aa4fcce7dc2ccbd404a4254ab5d1fb)
2007-10-10r1078: the dxesrv_crypto_* implementations should now explicit setStefan Metzmacher1-1/+15
the dce_conn->auth_state.session_info ( the ntlmssp one works fine, but the schannel one isn't implemented yet) this is also set by the ntvfs_ipc backend on the endpoint connect. metze (This used to be commit ad3dd1789e9f124493519cb4731d9f5a563fd051)
2007-10-10r1058: The start of work on the SamLogon call for NETLOGON.Andrew Bartlett1-90/+59
This starts to store information about the user in the server_info struct - like the account name, the full name etc. Also, continue to make the names of the structure elements in the logon reply more consistant with those in the SAMR pipe. Andrew Bartlett (This used to be commit 3ccd96bd945e0fd95e42c69ad8ff07055af2e62b)
2007-10-10r1027: More rename:Andrew Bartlett1-48/+48
pwd -> password (should fix the build). Andrew Bartlett (This used to be commit f9280f956eef19ad1a39e120cb3ed0e3982fe7d5)
2007-10-10r1019: Push the auth subsystem away from using typedef, and over to the 'allAndrew Bartlett1-37/+46
goodness and light' struct ;-) Break apart the auth subsystem's return strucutres, into the parts that a netlogon call cares about, and the parts that are for a local session. This is the 'struct session_info' and it will almost completly replace the current information stored on a vuid, but be generic to all login methods (RPC over TCP, for example). Andrew Bartlett (This used to be commit d199697014d9562f9439a30b950fda798c5ef419)
2007-10-10r995: - renamed many of our crypto routines to use the industry standardAndrew Tridgell1-2/+2
names rather than our crazy naming scheme. So DES is now called des_crypt() rather than smbhash() - added the code from the solution of the ADS crypto challenge that allows Samba to correctly handle a 128 bit session key in all of the netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard from PADL for solving this one! - restructured the server side rpc authentication to allow for other than NTLMSSP sign and seal. This commit just adds the structure, the next commit will add schannel server side support. - added 128 bit session key support to our client side code, and testing against w2k3 with smbtorture. Works well. (This used to be commit 729b2f41c924a0b435d44a14209e6dacc2304cee)
2007-10-10r961: convert 'uchar' to 'uint8_t'Stefan Metzmacher1-9/+9
metze (This used to be commit 9f914e4af99e18b469d4cf9d8b1514a2bd28ddec)
2007-10-10r943: change samba4 to use 'uint8_t' instead of 'unsigned char'Stefan Metzmacher1-6/+6
metze (This used to be commit b5378803fdcb3b3afe7c2932a38828e83470f61a)
2007-10-10r924: got rid of the global well-known SIDs, instead using const defines in ↵Andrew Tridgell1-14/+10
misc.idl (This used to be commit ce7920a5fac0dbccb01402129c341b410a032e60)
2007-10-10r890: convert samba4 to use [u]int8_t instead of [u]int8Stefan Metzmacher1-1/+1
metze (This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
2007-10-10r816: - Make use of tridge's new samdb_result_sid_prefix() helper function.Andrew Bartlett1-3/+11
- Remove legacy sid_to_string (which contained a memleak) - Remove some unused parts of lib/util_sid.c Andrew Bartlett (This used to be commit 7c69a85984e47c004ddfd9bb5eadcb3191b56f9d)
2007-10-10r719: Follow the trend - remove more unused functions.Andrew Bartlett1-15/+0
Andrew Bartlett (This used to be commit 62eef851fd79b2739b93b4ed7829514a3dcbf1d0)
2007-10-10r685: The SAM is dead! Long live the new SAM! ;-)Andrew Bartlett1-173/+62
This commit kills passdb, which was only hosting the auth subsystem. With the work tridge has done on Samba4's SAM backend, this can (and now is) all hosted on ldb. The auth_sam.c file now references this backend. You will need to assign your users passwords in ldb - adding a new line: unicodePwd: myPass to a record, using ldbedit, should be sufficient. Naturally, this assumes you have had your personal SAMR provisioning tutorial from tridge. Everybody else can still use the anonymous logins. Andrew Bartlett (This used to be commit 2aa0b55fb86648731d5f2201fa5a6aa993b7ca48)
2007-10-10r619: Remove more code that is no longer called.Andrew Bartlett1-44/+0
Andrew Bartlett (This used to be commit 4e614cbe922ddc591b17b2357e17eff8ce1d546c)
2007-10-10r614: Clean out the POSIX assumptions from the Samba4 auth subsystem.Andrew Bartlett1-157/+1
This removes the code that tried to lookup posix groups, as well as the code that was tied to the SAM_ACCOUNT. This should make auth_ldb much easier to write :-) Andrew Bartlett (This used to be commit e096ee2112adecaa69b6b3eb155a4e8f80dfc0f7)
2007-10-10r443: Update Samba4 to the auth and NTLMSSP code from Samba3.Andrew Bartlett1-133/+105
Not all the auth code is merged - only those parts that are actually being used in Samba4. There is a lot more work to do in the NTLMSSP area, and I hope to develop that work here. There is a start on this here - splitting NTLMSSP into two parts that my operate in an async fashion (before and after the actual authentication) Andrew Bartlett (This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f)
2003-12-01 * got rid of UNISTR2 and everything that depends on itAndrew Tridgell1-223/+0
* removed a bunch of code that needs to be rewritten using the new interfaces (This used to be commit 9b02b486ef5906516f8cad79dbff5e3dd54cde66)
2003-11-23reduced the number of magic types we need in mkproto.plAndrew Tridgell1-2/+2
In general I prefer "struct foo" to just "foo" for most structures. There are exceptions. (This used to be commit 04eb12b56c653f98801ab29411f47564ab32fa58)
2003-08-13first public release of samba4 codeAndrew Tridgell1-0/+1222
(This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)