Age | Commit message (Collapse) | Author | Files | Lines |
|
This implements gensec for Samba's server side, and brings gensec up
to the standards of a full subsystem.
This means that use of the subsystem is by gensec_* functions, not
function pointers in structures (this is internal). This causes
changes in all the existing gensec users.
Our RPC server no longer contains it's own generalised security
scheme, and now calls gensec directly.
Gensec has also taken over the role of auth/auth_ntlmssp.c
An important part of gensec, is the output of the 'session_info'
struct. This is now reference counted, so that we can correctly free
it when a pipe is closed, no matter if it was inherited, or created by
per-pipe authentication.
The schannel code is reworked, to be in the same file for client and
server.
ntlm_auth is reworked to use gensec.
The major problem with this code is the way it relies on subsystem
auto-initialisation. The primary reason for this commit now.is to
allow these problems to be looked at, and fixed.
There are problems with the new code:
- I've tested it with smbtorture, but currently don't have VMware and
valgrind working (this I'll fix soon).
- The SPNEGO code is client-only at this point.
- We still do not do kerberos.
Andrew Bartlett
(This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
|
|
(This used to be commit c1aeaf97b39e1769bd43b21225094bb5128eaab4)
|
|
sizeof() a pointer...
Andrew Bartlett
(This used to be commit c1019e6df6aa4fcce7dc2ccbd404a4254ab5d1fb)
|
|
the dce_conn->auth_state.session_info
( the ntlmssp one works fine, but the schannel one isn't implemented yet)
this is also set by the ntvfs_ipc backend on the endpoint connect.
metze
(This used to be commit ad3dd1789e9f124493519cb4731d9f5a563fd051)
|
|
This starts to store information about the user in the server_info
struct - like the account name, the full name etc.
Also, continue to make the names of the structure elements in the
logon reply more consistant with those in the SAMR pipe.
Andrew Bartlett
(This used to be commit 3ccd96bd945e0fd95e42c69ad8ff07055af2e62b)
|
|
pwd -> password
(should fix the build).
Andrew Bartlett
(This used to be commit f9280f956eef19ad1a39e120cb3ed0e3982fe7d5)
|
|
goodness and light' struct ;-)
Break apart the auth subsystem's return strucutres, into the parts
that a netlogon call cares about, and the parts that are for a local
session. This is the 'struct session_info' and it will almost
completly replace the current information stored on a vuid, but be
generic to all login methods (RPC over TCP, for example).
Andrew Bartlett
(This used to be commit d199697014d9562f9439a30b950fda798c5ef419)
|
|
names rather than our crazy naming scheme. So DES is now called
des_crypt() rather than smbhash()
- added the code from the solution of the ADS crypto challenge that
allows Samba to correctly handle a 128 bit session key in all of the
netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard
from PADL for solving this one!
- restructured the server side rpc authentication to allow for other
than NTLMSSP sign and seal. This commit just adds the structure, the
next commit will add schannel server side support.
- added 128 bit session key support to our client side code, and
testing against w2k3 with smbtorture. Works well.
(This used to be commit 729b2f41c924a0b435d44a14209e6dacc2304cee)
|
|
metze
(This used to be commit 9f914e4af99e18b469d4cf9d8b1514a2bd28ddec)
|
|
metze
(This used to be commit b5378803fdcb3b3afe7c2932a38828e83470f61a)
|
|
misc.idl
(This used to be commit ce7920a5fac0dbccb01402129c341b410a032e60)
|
|
metze
(This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
|
|
- Remove legacy sid_to_string (which contained a memleak)
- Remove some unused parts of lib/util_sid.c
Andrew Bartlett
(This used to be commit 7c69a85984e47c004ddfd9bb5eadcb3191b56f9d)
|
|
Andrew Bartlett
(This used to be commit 62eef851fd79b2739b93b4ed7829514a3dcbf1d0)
|
|
This commit kills passdb, which was only hosting the auth subsystem.
With the work tridge has done on Samba4's SAM backend, this can (and
now is) all hosted on ldb. The auth_sam.c file now references this
backend.
You will need to assign your users passwords in ldb - adding a new line:
unicodePwd: myPass
to a record, using ldbedit, should be sufficient. Naturally, this
assumes you have had your personal SAMR provisioning tutorial from
tridge. Everybody else can still use the anonymous logins.
Andrew Bartlett
(This used to be commit 2aa0b55fb86648731d5f2201fa5a6aa993b7ca48)
|
|
Andrew Bartlett
(This used to be commit 4e614cbe922ddc591b17b2357e17eff8ce1d546c)
|
|
This removes the code that tried to lookup posix groups, as well as
the code that was tied to the SAM_ACCOUNT.
This should make auth_ldb much easier to write :-)
Andrew Bartlett
(This used to be commit e096ee2112adecaa69b6b3eb155a4e8f80dfc0f7)
|
|
Not all the auth code is merged - only those parts that are actually
being used in Samba4.
There is a lot more work to do in the NTLMSSP area, and I hope to
develop that work here. There is a start on this here - splitting
NTLMSSP into two parts that my operate in an async fashion (before and
after the actual authentication)
Andrew Bartlett
(This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f)
|
|
* removed a bunch of code that needs to be rewritten using the new
interfaces
(This used to be commit 9b02b486ef5906516f8cad79dbff5e3dd54cde66)
|
|
In general I prefer "struct foo" to just "foo" for most
structures. There are exceptions.
(This used to be commit 04eb12b56c653f98801ab29411f47564ab32fa58)
|
|
(This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
|