summaryrefslogtreecommitdiff
path: root/source4/scripting/ejs/smbcalls_auth.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r24012: Remove duplicate code block (from bad merge).Andrew Bartlett1-17/+0
Andrew Bartlett (This used to be commit 68bdbd732fc02ce5a8ef8eb0107459ff3b7eb723)
2007-10-10r23966: It isn't great, but at least now we have some access control in SWATAndrew Bartlett1-0/+45
This patch prevents non-root and non-administrator users from running the provision, upgrade and vampire pages. *I think* the rest of SWAT is LDB operations, or otherwise authenticated, so we should now be secure. I wish I had a better way to 'prove' we got this right, but this is better than nothing, and moves us closer to an alpha. Andrew Bartlett (This used to be commit d61061052dc4711f886199e49bc303002c8f9b11)
2007-10-10r23848: Thanks to derrell for pointing out that I had not finished my patch toAndrew Bartlett1-2/+6
split out the auth methods. This caused all SWAT logins to fail, except when using local system authentication. Andrew Bartlett (This used to be commit b5a9d507a37cd46bd325ff3118c08b4362f267f2)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23680: Make it easier to setup a domain member server - the 'server role'Andrew Bartlett1-1/+1
will now control the auth methods, but an override is still available, ex: auth methods:domain controller = <methods> Andrew Bartlett (This used to be commit b7e727186ed8eda6a68c873e089f655dc24fe8ae)
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett1-0/+1
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2007-10-10r17341: pass a messaging context to auth_context_create()Stefan Metzmacher1-1/+5
and gensec_server_start(). calling them with NULL for event context or messaging context is no longer allowed! metze (This used to be commit 679ac74e71b111344f1097ab389c0b83a9247710)
2007-10-10r17339: pass the event context and messaging context together to theStefan Metzmacher1-2/+11
smb ejs functions metze (This used to be commit 0397911b414518d54f6dba2a8c81a5872b90a034)
2007-10-10r15731: module init functions should return NTSTATUS, not voidAndrew Tridgell1-1/+2
(This used to be commit c6d20c22454b87b4dea3527f0efcecd373679848)
2007-10-10r12997: Feed the right event context to libnet in ejsnet and the auth code.Andrew Bartlett1-8/+9
This should give better behaviour in SWAT. Fix authentication as Samba, rather than System, users in SWAT. Andrew Bartlett (This used to be commit 498d72c4ad4d57d10f43ca58830d6ee8292a55f4)
2007-10-10r12931: Remove some prefixes. We have:Andrew Bartlett1-2/+1
Login failed: Login Failed: Logon failure - please try again In SWAT currently... Andrew Bartlett (This used to be commit 51eded818093320e7d6b9e95ad11fa21a81c3f93)
2007-10-10r12918: Don't tell the user the difference between 'no such user' and 'wrongAndrew Bartlett1-0/+5
password'. Andrew Bartlett (This used to be commit e13cb0ab175069eb670c8b2f57379ababacfcce3)
2007-10-10r12823: Fix up the provison and newuser code in SWAT. This also cleans up theAndrew Bartlett1-1/+5
main provision script a bit, as the argument list was getting out of control. (It has been replaced in part with an object). This also returns the session_info from the auth code into ejs. We still need access control allowing only root to re-provision. Andrew Bartlett (This used to be commit 002cdcf3cab6563909d31edc5d825e857dc0a732)
2007-10-10r12819: Fix swat authentication again. We need to pass the socket_addressAndrew Bartlett1-8/+17
structure around, so the auth code knows where the request came from. Andrew Bartlett (This used to be commit 7a7b2668c00d4d22bcf8aa3ba256af88f70c38c4)
2007-10-10r12804: This patch reworks the Samba4 sockets layer to use a socket_addressAndrew Bartlett1-14/+7
structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
2007-10-10r12746: An initial version of the kludge_acls module.Andrew Bartlett1-0/+17
This should be replaced with real ACLs, which tridge is working on. In the meantime, the rules are very simple: - SYSTEM and Administrators can read all. - Users and anonymous cannot read passwords, can read everything else - list of 'password' attributes is hard-coded Most of the difficult work in this was fighting with the C/js interface to add a system_session() all, as it still doesn't get on with me :-) Andrew Bartlett (This used to be commit be9d0cae8989429ef47a713d8f0a82f12966fc78)
2007-10-10r12596: This variable is unused.Andrew Bartlett1-3/+0
Andrew Bartlett (This used to be commit 2853ccfc8ad58c6af751e01487b8a9e7e68a01e7)
2007-10-10r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldbAndrew Bartlett1-4/+16
backend. The idea is that every time we open an LDB, we can provide a session_info and/or credentials. This would allow any ldb to be remote to LDAP. We should also support provisioning to a authenticated ldap server. (They are separate so we can say authenticate as foo for remote, but here we just want a token of SYSTEM). Andrew Bartlett (This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)
2007-10-10r11439: Make presedence on strcmp comparison clear, and fill inAndrew Bartlett1-1/+3
logon_parameters for the auth subsystem. Andrew Bartlett (This used to be commit 767c5ca7bec3737d1261e209cd895d1300354f25)
2007-10-10r10402: Make the RPC-SAMLOGON test pass against Win2k3 SP0 again.Andrew Bartlett1-1/+1
I still have issues with Win2k3 SP1, and Samba4 doesn't pass it's own test for the moment, but I'm working on these issues :-) This required a change to the credentials API, so that the special case for NTLM logins using a principal was indeed handled as a special, not general case. Also don't set the realm from a ccache, as then it overrides --option=realm=. Andrew Bartlett (This used to be commit 194e8f07c0cb4685797c5a7a074577c62dfdebe3)
2007-10-10r9755: Fix crash bug in SWAT loginJelmer Vernooij1-1/+4
(This used to be commit 6e3e964fb4529260c2fcb09b41eda1a100e690eb)
2007-10-10r9728: A *major* update to the credentials system, to incorporate theAndrew Bartlett1-1/+1
Kerberos CCACHE into the system. This again allows the use of the system ccache when no username is specified, and brings more code in common between gensec_krb5 and gensec_gssapi. It also has a side-effect that may (or may not) be expected: If there is a ccache, even if it is not used (perhaps the remote server didn't want kerberos), it will change the default username. Andrew Bartlett (This used to be commit 6202267f6ec1446d6bd11d1d37d05a977bc8d315)
2007-10-10r9500: userAuth() takes a creds object, not a general object now ...Andrew Tridgell1-1/+1
(This used to be commit 57e6eb9c66ba539a593524d8cfd8836a840ac1ba)
2007-10-10r9499: added error checking to the userAuth() call. SWAT is still failing, ↵Andrew Tridgell1-1/+5
but at least it now tells us why (This used to be commit 4afb16d7b24b1d1ed359048a89950924b363e44a)
2007-10-10r9477: Convert popt options to an ejs object. Doesn't seem to break anythingRafal Szczesniak1-4/+7
except of popt help (-h) option (unexpected ?). rafal (This used to be commit 1990793b23d6198a85ce1bdf6ad43e12015db203)
2007-10-10r8700: Propmted by tridge's need to do plaintext auth in ejs, rework theAndrew Bartlett1-10/+25
user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2007-10-10r8633: check for valid input to ejs_userAuth()Andrew Tridgell1-0/+5
(This used to be commit 8e788ae3094220e5ea195cdf85abb6763a834abd)
2007-10-10r8629: - moved the getDomainList() call out of smbcalls_auth.c and into ↵Andrew Tridgell1-27/+8
libjs/auth.js - tried to make the ejs_userAuth() call work for the sam, not just for unix auth. I didn't get this working. Andrew, when you get a chance can you see what I'm doing wrong? I suspect its because we aren't supplying a challenge, but a challenge doesn't really make sense in a 'is this username/password' correct call. (This used to be commit 9e07c08a71908e99c2f44efc40a3249facd6850f)
2007-10-10r8399: move the ejs and esp code closer to the directory layout used by theAndrew Tridgell1-1/+1
upstream sources. This makes it much easier to keep it up to date. I will separate out the mpr code into lib/appweb/mpr next (This used to be commit 52db7a052baeb0f11361ed69b71cb790039e3cc9)
2007-10-10r8340: - added sys_gmtime()Andrew Tridgell1-6/+6
- added sys_unlink() - added sys_file_load() and sys_file_save() - use mprString() instead of mprCreateStringVar() to cope with NULL strings - removed smbcalls_irpc.c as its not needed any more - allow ldbAdd() and ldbModify() to take multiple ldif records - added a sprintf() function to ejs. Quite complex, but very useful! (This used to be commit 625628a3f6e78349d2240ebcc79081f350672070)
2007-10-10r8320: make sure all our returned objects are full objects, which means theyAndrew Tridgell1-2/+2
have the toString() and valueOf() default attributes this allows all our returned objects to be used in logical expressions (This used to be commit 570f071b1544b497d5f480b8ad50df097fe4c843)
2007-10-10r8296: - split out the ejs auth functions into a separate fileAndrew Tridgell1-0/+144
- got rid of the one line ejs_returnlist() (This used to be commit 6961fe29058cffd8e69d9ce7e7d3902f973411c0)