summaryrefslogtreecommitdiff
path: root/source4/auth/ntlm/auth.c
AgeCommit message (Collapse)AuthorFilesLines
2012-02-24auth: Rename some elements of auth4_contextAndrew Bartlett1-3/+3
These operate on NTLM authentication, so make that clear. Andrew Bartlett
2012-02-18auth: Reorder arguments to generate_session_infoAndrew Bartlett1-7/+7
This matches check_ntlm_password() and generate_session_info_pac() Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Feb 18 02:19:35 CET 2012 on sn-devel-104
2012-02-13auth: Pass in the SMB username (for %U) into generate_session_infoAndrew Bartlett1-2/+6
This matches what Samba3 does. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Feb 13 01:25:59 CET 2012 on sn-devel-104
2012-01-30gensec: inline gensec_generate_session_info() into only callerAndrew Bartlett1-3/+9
This avoids casting to and from the struct auth_user_info_dc *user_info_dc to to this, the if (user_info_dc->info->authenticated) is moved into auth_generate_session_info_wrapper(), which is the function that gensec_security->auth_context->generate_session_info points to. Andrew Bartlett
2012-01-30auth: Make check_password and generate_session_info hook genericAndrew Bartlett1-3/+36
gensec_ntlmssp does not need to know the internal form of the struct user_info_dc or auth_serversupplied_info. This will allow the calling logic to be put in common. Andrew Bartlett
2011-12-29s4-auth: Rename memory contexts for greater clarityAndrew Bartlett1-9/+9
This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba. Thankyou Simo for the suggestion. Andrew Bartlett
2011-12-29s4-gensec: Move parsing of the PAC blob and creating the session_info into authAndrew Bartlett1-16/+83
This uses a single callback to handle the PAC from the DATA_BLOB format until it becomes a struct auth_session_info. This allows a seperation between the GSS acceptor code and the PAC interpretation code based on the supplied auth context. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 29 01:10:59 CET 2011 on sn-devel-104
2011-12-28s4-auth Remove unused auth_context_create_from_ldb()Andrew Bartlett1-26/+0
2011-12-03Revert making public of the samba-module library.Jelmer Vernooij1-3/+3
This library was tiny - containing just two public functions than were themselves trivial. The amount of overhead this causes isn't really worth the benefits of sharing the code with other projects like OpenChange. In addition, this code isn't really generically useful anyway, as it can only load from the module path set for Samba at configure time. Adding a new library was breaking the API/ABI anyway, so OpenChange had to be updated to cope with the new situation one way or another. I've added a simpler (compatible) routine for loading modules to OpenChange, which is less than 100 lines of code. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
2011-10-28lib/util Rename samba_init_module_fns_run -> samba_module_init_fns_runAndrew Bartlett1-1/+1
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-28lib/util Rename samba_init_module_fn -> samba_module_init_fnAndrew Bartlett1-1/+1
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-28lib/util Split samba-modules library into public and private partsAndrew Bartlett1-1/+1
This will allow OpenChange to get at the symbols it needs, without exposing any more of this as a public API than we must. Andrew Bartlett
2011-10-28lib/util Rename run_init_functions -> samba_init_module_fns_runAndrew Bartlett1-1/+1
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-28lib/util Rename init_module_fn to samba_init_module_fnAndrew Bartlett1-1/+1
This prepares for making the samba_module.h header public again, for OpenChange. I am keen to avoid too much API namespace pollution if we can.
2011-10-06lib/util: consolidate module loading into common codeAndrew Bartlett1-0/+1
This creates a samba-modules private libary that handles the details. Andrew Bartlett
2011-10-04s4-auth: rework map_user_info() to use cracknamesAndrew Tridgell1-1/+1
to properly support multi-domain forests we need to determine if an incoming username is part of a known forest domain or not. To do this for all possible SPN forms, we need to use CrackNames. This changes map_user_info() to use CrackNames if a SAM context is available, and asks the CrackNames services to parse the incoming username and domain into a NT4 form, which can then be used in the SAM. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-07-29s4-auth Fill in the remainder of the unix info in auth_session_infoAndrew Bartlett1-5/+7
Signed-off-by: Andrew Tridgell <tridge@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Jul 29 05:33:03 CEST 2011 on sn-devel-104
2011-07-29s4-auth Move conversion of security_token to unix_token to authAndrew Bartlett1-5/+24
This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-09s4:auth/ntlm/auth.c - fix incompatible pointer type warningMatthias Dieter Wallnöfer1-2/+2
Reviewed-by: Tridge
2011-06-07s4-auth Move default auth methods back into auth.cAndrew Bartlett1-4/+6
This changes auth_methods_from_lp to no longer use the parametric options, and to cope with ROLE_DOMAIN_BDC and ROLE_DOMAIN_PDC. This will assist in calling the source4 auth subsystem with a source3 derived lp_ctx. Andrew Bartlett
2011-05-08s4-auth Rename auth -> auth4 to avoid conflict with s3 authAndrew Bartlett1-15/+15
2011-05-03s4-messaging Rename messaging -> imessagingAndrew Bartlett1-2/+2
This avoid symbol and structure conflicts between Samba3 and Samba4, and chooses a less generic name. Andrew Bartlett
2011-02-18s4-auth: rename 'auth' subsystem to 'auth4'Andrew Tridgell1-4/+4
this prevents conflicts with the s3 auth modules. The auth modules in samba3 may appear in production smb.conf files, so it is preferable to rename the s4 modules for minimal disruption. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-09s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett1-25/+25
This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
2011-01-19s4-auth Allow NULL methods to be specified to auth_context_create_methods()Andrew Bartlett1-14/+3
This allows us to init an auth context that isn't going to do any NTLM authentication, but is used by other subsystems. Andrew Bartlett
2011-01-18s4-auth Extend python bindings to allow ldb and message to be specifiedAndrew Bartlett1-1/+1
This will allow for some more tokenGroups tests in future. Andrew Bartlett
2010-12-21s4-auth rework session_info handling not to require an auth contextAndrew Bartlett1-1/+14
This reverts a previous move to have this based around the auth subsystem, which just spread auth deps all over unrelated code. Andrew Bartlett
2010-11-01s4-modules: get rid of the remaining static prototypes for modulesAndrew Tridgell1-7/+2
the waf build now generates the prototype declarations for us
2010-10-10samdb: Add flags argument to samdb_connect().Jelmer Vernooij1-1/+1
2010-09-15s4-auth: allow multiple active auth backendsAndrew Tridgell1-35/+43
when we are an RODC we need to be able to allow multiple auth backends to process a single auth request. First the sam backend will try to authenticate, using locally stored passwords. If this backend can't find local passwords then it will try the winbind backend and authenticate via a writeable DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-26s4:ntlm/auth.c - add a whitespace in a debug outputMatthias Dieter Wallnöfer1-1/+1
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-5/+5
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-05-20s4:auth Push check for messaging context into winbind backendAndrew Bartlett1-5/+0
If we don't use the winbind backend, we don't (for now) need a messaging context- and we don't have one in LDB at the moment. Andrew Bartlett
2010-05-20s4:auth Add dependency from the operational module onto authAndrew Bartlett1-5/+0
We had to split up the auth module into a module loaded by main deamon and a subsystem we manually init in the operational module. Andrew Bartlett
2010-05-20s4:auth Allow the operational module to get a user's tokenGroups from authAndrew Bartlett1-22/+74
This creates a new interface to the auth subsystem, to allow an auth_context to be created from the ldb, and then tokenGroups to be calculated in the same way that the auth subsystem would. Andrew Bartlett
2010-04-14s4:auth Change auth_generate_session_info to take an auth contextAndrew Bartlett1-0/+5
The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2009-12-29s4:auth: make auth_challenge_may_be_modified() publicStefan Metzmacher1-1/+1
metze
2009-12-24s4:auth: change auth_check_password_send/recv to tevent_reqStefan Metzmacher1-107/+135
metze
2009-12-22s4:auth Change 'get_challenge' API to be more like Samba3Andrew Bartlett1-17/+8
It is just easier to fill in the known to be 8 byte challenge than stuff about with allocated pointers. Andrew Bartlett
2009-02-13Push sam_get_server_info_principal into the auth subsystemAndrew Bartlett1-0/+31
This means it must be accessed via the supplied auth_context in the GENSEC server, and should remove the hard depenceny of GENSEC on the auth subsystem and ldb (allowing LDB not to rely on LDB is considered a good thing, apparently) Andrew Bartlett
2009-02-13Remove auth/ntlm as a dependency of GENSEC by means of function pointers.Andrew Bartlett1-0/+7
When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett
2009-02-05s4:auth/ntlm: fix c++ warningStefan Metzmacher1-1/+1
metze
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher1-4/+4
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-05-10Clean up some git merges gone wrong.Jelmer Vernooij1-1/+1
(This used to be commit 42eb6b33462228467e65a51bbf624c481802b090)
2008-05-10Merge branch 'v4-0-test' into v4-0-gmake3Jelmer Vernooij1-0/+538
Conflicts: source/auth/config.mk source/auth/gensec/config.mk source/torture/smbtorture.c (This used to be commit edfd02e59bba86b977bd60848f57a614691fff7a)
2008-05-05Fix the build after the auth/ -> auth/ntlm/ renameAndrew Bartlett1-1/+1
I need to fix up the header inclusion, but this fixes things for now. Andrew Bartlett (This used to be commit 7c07edb24b31e7dc3e9b836ec4a6680ee2b04276)
2008-05-05Move NTLM authentication details into auth/ntlmAndrew Bartlett1-0/+539
This should help clarify the role of the various files around here (done on Jelmer's request). Andrew Bartlett (This used to be commit efa399037511ced8978f2e7661a71aac7a384883)