summaryrefslogtreecommitdiff
path: root/source4/auth/ntlm
AgeCommit message (Collapse)AuthorFilesLines
2012-06-15lib/param: Create a seperate server role for "active directory domain ↵Andrew Bartlett2-1/+2
controller" This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett
2012-06-07build: Add missing deps and make MESSAGING a private libraryAndrew Bartlett1-1/+1
To remove finddcs_nbt these missing deps need to be added. These subsystems linked to to implicit dependencies provided by finddcs. Due to the new arrangmenet of subsystems, MESSAGING needs to be a private library to avoid being a source of duplicate symbols. Andrew Bartlett
2012-05-15s4:auth: remove unused auth_server.cStefan Metzmacher2-245/+0
metze
2012-02-24auth: Rename some elements of auth4_contextAndrew Bartlett1-3/+3
These operate on NTLM authentication, so make that clear. Andrew Bartlett
2012-02-18auth: Reorder arguments to generate_session_infoAndrew Bartlett2-8/+9
This matches check_ntlm_password() and generate_session_info_pac() Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Feb 18 02:19:35 CET 2012 on sn-devel-104
2012-02-13auth: Pass in the SMB username (for %U) into generate_session_infoAndrew Bartlett2-2/+7
This matches what Samba3 does. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Feb 13 01:25:59 CET 2012 on sn-devel-104
2012-01-30gensec: inline gensec_generate_session_info() into only callerAndrew Bartlett1-3/+9
This avoids casting to and from the struct auth_user_info_dc *user_info_dc to to this, the if (user_info_dc->info->authenticated) is moved into auth_generate_session_info_wrapper(), which is the function that gensec_security->auth_context->generate_session_info points to. Andrew Bartlett
2012-01-30auth: Make check_password and generate_session_info hook genericAndrew Bartlett1-3/+36
gensec_ntlmssp does not need to know the internal form of the struct user_info_dc or auth_serversupplied_info. This will allow the calling logic to be put in common. Andrew Bartlett
2011-12-29s4-auth: Rename memory contexts for greater clarityAndrew Bartlett1-9/+9
This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba. Thankyou Simo for the suggestion. Andrew Bartlett
2011-12-29s4-gensec: Move parsing of the PAC blob and creating the session_info into authAndrew Bartlett2-17/+84
This uses a single callback to handle the PAC from the DATA_BLOB format until it becomes a struct auth_session_info. This allows a seperation between the GSS acceptor code and the PAC interpretation code based on the supplied auth context. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 29 01:10:59 CET 2011 on sn-devel-104
2011-12-28s4-auth Remove unused auth_context_create_from_ldb()Andrew Bartlett1-26/+0
2011-12-03Revert making public of the samba-module library.Jelmer Vernooij2-4/+4
This library was tiny - containing just two public functions than were themselves trivial. The amount of overhead this causes isn't really worth the benefits of sharing the code with other projects like OpenChange. In addition, this code isn't really generically useful anyway, as it can only load from the module path set for Samba at configure time. Adding a new library was breaking the API/ABI anyway, so OpenChange had to be updated to cope with the new situation one way or another. I've added a simpler (compatible) routine for loading modules to OpenChange, which is less than 100 lines of code. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
2011-10-28lib/util Rename samba_init_module_fns_run -> samba_module_init_fns_runAndrew Bartlett1-1/+1
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-28lib/util Rename samba_init_module_fn -> samba_module_init_fnAndrew Bartlett1-1/+1
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-28lib/util Split samba-modules library into public and private partsAndrew Bartlett2-2/+2
This will allow OpenChange to get at the symbols it needs, without exposing any more of this as a public API than we must. Andrew Bartlett
2011-10-28lib/util Rename run_init_functions -> samba_init_module_fns_runAndrew Bartlett1-1/+1
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-28lib/util Rename init_module_fn to samba_init_module_fnAndrew Bartlett1-1/+1
This prepares for making the samba_module.h header public again, for OpenChange. I am keen to avoid too much API namespace pollution if we can.
2011-10-24idl: Improve MS-PAC IDLSimo Sorce1-5/+9
Change some misleading variable names to reflect the actual function. Add missing field name/types previously marked as unkown. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
2011-10-11lib/param move source4 param code to the top levelAndrew Bartlett1-1/+1
This is done so that the lpcfg_ functions are available across the whole build, either with the struct loadparm_context loaded from an smb.conf directly or as a wrapper around the source3 param code. This is not the final, merged loadparm, but simply one step to make it easier to solve other problems while we make our slow progress on this difficult problem. Andrew Bartlett
2011-10-06lib/util: consolidate module loading into common codeAndrew Bartlett2-1/+2
This creates a samba-modules private libary that handles the details. Andrew Bartlett
2011-10-04s4-auth: rework map_user_info() to use cracknamesAndrew Tridgell2-13/+215
to properly support multi-domain forests we need to determine if an incoming username is part of a known forest domain or not. To do this for all possible SPN forms, we need to use CrackNames. This changes map_user_info() to use CrackNames if a SAM context is available, and asks the CrackNames services to parse the incoming username and domain into a NT4 form, which can then be used in the SAM. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-08-18credentials: Rename library to samba-credentials to avoid name clashes.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu Aug 18 22:16:38 CEST 2011 on sn-devel-104
2011-08-08build: provide tevent-util as a public libraryAndrew Bartlett1-1/+1
This is needed so that OpenChange can get at _tevent_req_nterr(), which is referenced by generated PIDL output. Andrew Bartlett
2011-07-29s4-auth Fill in the remainder of the unix info in auth_session_infoAndrew Bartlett1-5/+7
Signed-off-by: Andrew Tridgell <tridge@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Jul 29 05:33:03 CEST 2011 on sn-devel-104
2011-07-29s4-auth Move conversion of security_token to unix_token to authAndrew Bartlett2-6/+25
This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20auth: Split out make_user_info_SamBaseInfo and add authenticated argumentAndrew Bartlett1-2/+5
This will allow the source3 auth code to call this without needing to double-parse the SIDs Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-11s4:auth/ntlm/auth_unix.c - remove unused variablesMatthias Dieter Wallnöfer1-2/+0
Relicts from commit 323c7445713d17989452b99bbb541248bb2388eb Reviewed-by: Jelmer
2011-06-09s4:auth/ntlm/auth.c - fix incompatible pointer type warningMatthias Dieter Wallnöfer1-2/+2
Reviewed-by: Tridge
2011-06-07s4-auth Move default auth methods back into auth.cAndrew Bartlett1-4/+6
This changes auth_methods_from_lp to no longer use the parametric options, and to cope with ROLE_DOMAIN_BDC and ROLE_DOMAIN_PDC. This will assist in calling the source4 auth subsystem with a source3 derived lp_ctx. Andrew Bartlett
2011-05-08s4-auth Rename auth -> auth4 to avoid conflict with s3 authAndrew Bartlett10-38/+38
2011-05-05s4-auth: removed the password combinations code in auth_unixAndrew Tridgell1-39/+4
this code never did anything due to a typo, and was untested. We should not be inluding a password cracker in Samba anyway. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu May 5 07:00:14 CEST 2011 on sn-devel-104
2011-05-03s4-messaging Rename messaging -> imessagingAndrew Bartlett2-3/+3
This avoid symbol and structure conflicts between Samba3 and Samba4, and chooses a less generic name. Andrew Bartlett
2011-03-19source4/auth/ntlm: Fix prototypes for all functions.Jelmer Vernooij7-0/+13
2011-03-04s4-nterr: move auth_nt_status_squash to nt_status_squash and move to nterr.cGünther Deschner1-24/+0
Guenther
2011-02-24build: moved libcli/auth/ntlmssp*.c into a common libcliauth.so libraryAndrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-18s4-auth: rename 'auth' subsystem to 'auth4'Andrew Tridgell3-20/+20
this prevents conflicts with the s3 auth modules. The auth modules in samba3 may appear in production smb.conf files, so it is preferable to rename the s4 modules for minimal disruption. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-10ldb: use #include <ldb.h> for ldbAndrew Tridgell1-1/+1
thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-09s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett8-165/+180
This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
2011-02-08pam: share pam errors in a common location.Günther Deschner4-166/+1
Guenther
2011-01-20s4-auth Remove special case for account_sid from auth_serversupplied_infoAndrew Bartlett3-21/+12
This makes everything reference a server_info->sids list, which is now a struct dom_sid *, not a struct dom_sid **. This is in keeping with the other sid lists in the security_token etc. In the process, I also tidy up the talloc tree (move more structures under their logical parents) and check for some possible overflows in situations with a pathological number of sids. Andrew Bartlett
2011-01-19s4-auth Allow NULL methods to be specified to auth_context_create_methods()Andrew Bartlett1-14/+3
This allows us to init an auth context that isn't going to do any NTLM authentication, but is used by other subsystems. Andrew Bartlett
2011-01-18s4-auth Extend python bindings to allow ldb and message to be specifiedAndrew Bartlett1-1/+1
This will allow for some more tokenGroups tests in future. Andrew Bartlett
2011-01-15s4:auth/ntlm/auth_sam.c - fix call to "get_server_info_principal"Matthias Dieter Wallnöfer1-7/+7
This should obviously point to the wrapper not the call itself. Found out by Tru64 host build warning. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Jan 15 18:05:59 CET 2011 on sn-devel-104
2011-01-14s4-auth Add function to obtain any user's session_info from a given LDBAndrew Bartlett1-79/+8
This will be a building block for a tokenGroups test, which can compare against a remote server (in particular the rootDSE) against what we would calculate the tokenGroups to be. (this meant moving some parts out of the auth_sam code into the containing library) Andrew Bartlett
2010-12-21s4-auth rework session_info handling not to require an auth contextAndrew Bartlett1-1/+14
This reverts a previous move to have this based around the auth subsystem, which just spread auth deps all over unrelated code. Andrew Bartlett
2010-11-15auth/ntlm: Use name consistent with other service names.Jelmer Vernooij1-1/+1
2010-11-07credentials: Lowercase library name,Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Nov 7 01:48:44 UTC 2010 on sn-devel-104
2010-11-07samdb: Lowercase library name.Jelmer Vernooij1-2/+2
2010-11-05s4/auth: Add logon_parameters to authenticate_username_pwAnatoliy Atanasov1-1/+4
We need to be able to set the logon parameters in the same way as in the ntlm server so we can handle openldap simple authentication call correctly. Autobuild-User: Anatoliy Atanasov <anatoliy@samba.org> Autobuild-Date: Fri Nov 5 06:32:43 UTC 2010 on sn-devel-104
2010-11-03s4:waf - fix the build on Gentoo platformsPhilip M. White1-2/+4
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>