samba-mirror

2010-01-12 19:05:16 +03:00

/*

first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)

2003-08-13 05:53:07 +04:00

								   Unix SMB/CIFS implementation.
							

r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)

2005-01-09 15:55:25 +03:00

								   Copyright (C) Andrew Bartlett   2001
							

Strip trailing spaces

2010-01-12 19:05:16 +03:00

first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)

2003-08-13 05:53:07 +04:00

								   This program is free software; you can redistribute it and/or modify
							

r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)

2007-07-10 06:07:03 +04:00

								   the Free Software Foundation; either version 3 of the License, or
							

first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)

2003-08-13 05:53:07 +04:00

								   (at your option) any later version.
							

Strip trailing spaces

2010-01-12 19:05:16 +03:00

first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)

2003-08-13 05:53:07 +04:00

								   This program is distributed in the hope that it will be useful,
							

Strip trailing spaces

2010-01-12 19:05:16 +03:00

first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)

2003-08-13 05:53:07 +04:00

								   You should have received a copy of the GNU General Public License
							

r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)

2007-07-10 06:07:03 +04:00

								   along with this program.  If not, see <http://www.gnu.org/licenses/>.

							

first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)

2003-08-13 05:53:07 +04:00

*/

- port AUTH and PASSDB subsystems to new SMB_SUBSYSTEM() scheme - some const fixes in ntvfs metze (This used to be commit af89a78123068767b1d134969c5651a0fd978b0d)

2004-02-03 14:10:56 +03:00

								#ifndef _SAMBA_AUTH_H

							

Heimdal provides Kerberos PAC parsing routines. Use them. This uses Heimdal's PAC parsing code in the: - LOCAL-PAC test - gensec_gssapi server - KDC (where is was already used, the support code refactored from here) In addition, the service and KDC checksums are recorded in the struct auth_serversupplied_info, allowing them to be extracted for validation across NETLOGON. Andrew Bartlett (This used to be commit 418b440a7b8cdb53035045f3981d47b078be6c1e)

2008-08-28 10:28:47 +04:00

								#include "librpc/gen_ndr/ndr_krb5pac.h"

							

s4-auth Add auth.idl to encode auth subsystem structures in IDL This is not only a useful way to encode stuff, it also allows python to handle the structures, and natrually allows them to be NDR encoded. Andrew Bartlett

2011-02-08 08:39:34 +03:00

								#include "librpc/gen_ndr/auth.h"

							

s4:auth Move struct auth_usersupplied_info to a common location This also changes the calling convention slightly - we should always allocate this with talloc_zero() to allow some elements to be optional. Some elements may only make sense in Samba3, which I hope will use this common structure. Andrew Bartlett

2010-05-04 10:44:08 +04:00

								#include "../auth/common_auth.h"

							

Heimdal provides Kerberos PAC parsing routines. Use them. This uses Heimdal's PAC parsing code in the: - LOCAL-PAC test - gensec_gssapi server - KDC (where is was already used, the support code refactored from here) In addition, the service and KDC checksums are recorded in the struct auth_serversupplied_info, allowing them to be extracted for validation across NETLOGON. Andrew Bartlett (This used to be commit 418b440a7b8cdb53035045f3981d47b078be6c1e)

2008-08-28 10:28:47 +04:00

s4:kdc Rework KDC to pull in less attributes for krbtgt lookups Each attribute we request from LDB comes with a small cost, so don't lookup any more than we must for the (very) frequent krbtgt lookup case. Similarly, we don't need to build a PAC for a server (as a target), so don't ask for the PAC attributes here either. Andrew Bartlett

2009-07-16 11:37:36 +04:00

								extern const char *krbtgt_attrs[];
							

r24061: Anther part of bug #4823, which is that until now Samba4 didn't parse the logon hours, even if set. This code happily stolen from the great work in Samba3 :-) Andrew Bartlett (This used to be commit a4939ab629e0af0615bcecf63c7cd55e6e833505)

2007-07-27 10:31:12 +04:00

								extern const char *user_attrs[];
							

r19598: Ahead of a merge to current lorikeet-heimdal: Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)

2006-11-07 03:48:36 +03:00

								union netr_Validation;
							

r19614: fix compiler warnings metze (This used to be commit 1ca8651a59e95eeca2942e5e66c2141e3f65dd9f)

2006-11-07 15:42:51 +03:00

								struct netr_SamBaseInfo;
							

r26221: Add loadparm_context parameter to auth_context_create. (This used to be commit a9a9634df8f3137ecb308adb90a755f12af94972)

2007-12-02 18:20:18 +03:00

								struct loadparm_context;
							

r3453: - split out the auth and popt includes - tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)

2004-11-02 05:57:18 +03:00

- port AUTH and PASSDB subsystems to new SMB_SUBSYSTEM() scheme - some const fixes in ntvfs metze (This used to be commit af89a78123068767b1d134969c5651a0fd978b0d)

2004-02-03 14:10:56 +03:00

/* modules can use the following to determine if the interface has changed

r443: Update Samba4 to the auth and NTLMSSP code from Samba3. Not all the auth code is merged - only those parts that are actually being used in Samba4. There is a lot more work to do in the NTLMSSP area, and I hope to develop that work here. There is a start on this here - splitting NTLMSSP into two parts that my operate in an async fashion (before and after the actual authentication) Andrew Bartlett (This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f)

2004-05-02 12:45:00 +04:00

/* version 3 - subsequent samba4 version - abartlet */

r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)

2005-01-09 15:55:25 +03:00

/* version 4 - subsequent samba4 version - metze */

r17270: split the logic of saying this auth backend wants to handle this request from the password checking. This will help to make the password checking hook async later metze (This used to be commit 5b26cbc3428b4c186235cc08c9ace1c23f59dd7f)

2006-07-27 15:24:18 +04:00

/* version 0 - till samba4 is stable - metze */

s4-auth Rename auth -> auth4 to avoid conflict with s3 auth

2011-05-07 10:14:06 +04:00

								#define AUTH4_INTERFACE_VERSION 0

							

first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)

2003-08-13 05:53:07 +04:00

r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)

2005-01-09 15:55:25 +03:00

								struct auth_method_context;
							

r17273: add an async version of auth_check_password() on the public auth interface and implement the sync version as wrapper to auth_check_password_send/recv() as next all callers need to be converted to the async interface and then the modules metze (This used to be commit ed40bb3c16279f9727be67e889270da5efb8ddb9)

2006-07-27 17:02:27 +04:00

								struct auth_check_password_request;
							

s4-auth Rename auth -> auth4 to avoid conflict with s3 auth

2011-05-07 10:14:06 +04:00

								struct auth4_context;
							

s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett

2010-04-13 06:00:06 +04:00

								struct auth_session_info;
							

s4:auth Allow the operational module to get a user's tokenGroups from auth This creates a new interface to the auth subsystem, to allow an auth_context to be created from the ldb, and then tokenGroups to be calculated in the same way that the auth subsystem would. Andrew Bartlett

2010-04-15 05:58:05 +04:00

								struct ldb_dn;
							

s4-gensec: Move parsing of the PAC blob and creating the session_info into auth This uses a single callback to handle the PAC from the DATA_BLOB format until it becomes a struct auth_session_info. This allows a seperation between the GSS acceptor code and the PAC interpretation code based on the supplied auth context. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 29 01:10:59 CET 2011 on sn-devel-104

2011-12-28 10:48:45 +04:00

								struct smb_krb5_context;
							

first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)

2003-08-13 05:53:07 +04:00

r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)

2005-01-09 15:55:25 +03:00

								struct auth_operations {
							

ntlmssp over rpc over tcp now fully works I needed to hack the ntlmssp code a little, as the auth code in samba4 is out of date relative to the samba3 auth code. I need to do a merge :) (This used to be commit 6ee0935afe9444bf9bb24eed4e02e8377dc746b7)

2003-12-14 13:45:50 +03:00

r17270: split the logic of saying this auth backend wants to handle this request from the password checking. This will help to make the password checking hook async later metze (This used to be commit 5b26cbc3428b4c186235cc08c9ace1c23f59dd7f)

2006-07-27 15:24:18 +04:00

									/* Given the user supplied info, check if this backend want to handle the password checking */
							

r6498: Add comments in line with those I already added to 3.0. Please don't re-invent security=server :-) Andrew Bartlett (This used to be commit b3a38e9c8ce9758db31aec53db29290a240868be)

2005-04-27 04:48:39 +04:00

/* Given the user supplied info, check a password */

r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)

2005-01-09 15:55:25 +03:00

									NTSTATUS (*check_password)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx,
							

s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett

2011-02-08 08:53:13 +03:00

												   struct auth_user_info_dc **interim_info);
							

s4-auth Rename auth -> auth4 to avoid conflict with s3 auth

2011-05-07 10:14:06 +04:00

														       struct auth4_context *auth_context,
							

s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett

2011-02-08 08:53:13 +03:00

														       const char *principal,
							

auth: Provide a way to use the auth stack for winbindd authentication This adds in flags that allow winbindd to request authentication without directly calling into the auth_sam module. That in turn will allow winbindd to call auth_samba4 and so permit winbindd operation in the AD DC. Andrew Bartlett Change-Id: I27d11075eb8e1a54f034ee2fdcb05360b4203567 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>

2014-03-27 03:58:05 +04:00

									uint32_t flags;
							

first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)

2003-08-13 05:53:07 +04:00

};

r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)

2005-01-09 15:55:25 +03:00

								struct auth_method_context {
							

s4-auth Rename auth -> auth4 to avoid conflict with s3 auth

2011-05-07 10:14:06 +04:00

									struct auth4_context *auth_ctx;
							

r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)

2005-01-09 15:55:25 +03:00

									const struct auth_operations *ops;
							

first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)

2003-08-13 05:53:07 +04:00

									void *private_data;
							

r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)

2005-01-09 15:55:25 +03:00

};

first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)

2003-08-13 05:53:07 +04:00

- port AUTH and PASSDB subsystems to new SMB_SUBSYSTEM() scheme - some const fixes in ntvfs metze (This used to be commit af89a78123068767b1d134969c5651a0fd978b0d)

2004-02-03 14:10:56 +03:00

								/* this structure is used by backends to determine the size of some critical types */
							

s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett

2011-02-08 08:53:13 +03:00

									int sizeof_auth_user_info_dc;
							

- port AUTH and PASSDB subsystems to new SMB_SUBSYSTEM() scheme - some const fixes in ntvfs metze (This used to be commit af89a78123068767b1d134969c5651a0fd978b0d)

2004-02-03 14:10:56 +03:00

};

s4-auth Rename auth -> auth4 to avoid conflict with s3 auth

2011-05-07 10:14:06 +04:00

								 NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth4_context *auth_context,
							

r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)

2005-07-22 08:10:07 +04:00

											   enum auth_password_state to_state,
							

r26127: Move session code out of auth_util.c. No longer making it part of auth but making it usable independently will be the next step. (This used to be commit b3fcb8e8103304fede865b02ca5169d5793a571d)

2007-11-26 04:25:20 +03:00

								#include "auth/session.h"

							

s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>

2011-07-21 11:06:17 +04:00

								#include "auth/unix_token_proto.h"

							

r26127: Move session code out of auth_util.c. No longer making it part of auth but making it usable independently will be the next step. (This used to be commit b3fcb8e8103304fede865b02ca5169d5793a571d)

2007-11-26 04:25:20 +03:00

								#include "auth/system_session_proto.h"

							

Fix public header not to include private (not installed) ones. Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Mon Mar 14 17:01:20 CET 2011 on sn-devel-104

2011-03-14 18:01:47 +03:00

								#include "libcli/security/security.h"

							

Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)

2008-04-02 06:53:27 +04:00

Remove auth/ntlm as a dependency of GENSEC by means of function pointers. When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett

2009-02-13 02:24:16 +03:00

								struct gensec_security;
							

s4-auth Move libcli/security/session.c to the top level This code is now useful in common, as the elements of the auth_session_info structure have now been defined in common IDL. Andrew Bartlett

2011-02-10 12:21:11 +03:00

								struct cli_credentials;
							

Remove auth/ntlm as a dependency of GENSEC by means of function pointers. When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett

2009-02-13 02:24:16 +03:00

s4-auth Rename auth -> auth4 to avoid conflict with s3 auth

2011-05-07 10:14:06 +04:00

								NTSTATUS auth_get_challenge(struct auth4_context *auth_ctx, uint8_t chal[8]);
							

Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)

2008-04-02 06:53:27 +04:00

								NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
							

Don't use crossRef records to find our own domain A single AD server can only host a single domain, so don't stuff about with looking up our crossRef record in the cn=Partitions container. We instead trust that lp_realm() and lp_workgroup() works correctly. Andrew Bartlett

2009-05-26 06:31:39 +04:00

											    struct ldb_dn *domain_dn,
							

Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)

2008-04-02 06:53:27 +04:00

											    struct ldb_message *msg,
							

s4:kdc: allow a trusted domain to get kerberos tickets metze

2008-12-04 17:09:21 +03:00

											    const char *name_for_logs,
							

s4:kdc Allow a password change when the password is expired This requires a rework on Heimdal's windc plugin layer, as we want full control over what tickets Heimdal will issue. (In particular, in case our requirements become more complex in future). The original problem was that Heimdal's check would permit the ticket, but Samba would then deny it, not knowing it was for kadmin/changepw Also (in hdb-samba4) be a bit more careful on what entries we will make the 'change_pw' service mark that this depends on. Andrew Bartlett

2009-06-18 05:08:46 +04:00

											    bool allow_domain_trust,
							

s4-auth: remove unused prototype

2011-05-06 18:49:38 +04:00

s4:auth Move BUILTIN group addition into session.c The group list in the PAC does not include 'enterprise DCs' and BUILTIN groups, so we should generate it on each server, not in the list we pass around in the PAC or SamLogon reply. Andrew Bartlett

2010-04-13 16:11:26 +04:00

								struct auth_session_info *system_session(struct loadparm_context *lp_ctx);
							

s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett

2011-02-08 08:53:13 +03:00

								NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
							

Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)

2008-04-02 06:53:27 +04:00

													   const char *netbios_name,
							

Don't use crossRef records to find our own domain A single AD server can only host a single domain, so don't stuff about with looking up our crossRef record in the cn=Partitions container. We instead trust that lp_realm() and lp_workgroup() works correctly. Andrew Bartlett

2009-05-26 06:31:39 +04:00

													   const char *domain_name,
							

s4:auth: fill user_principal_* and dns_domain_name in authsam_make_user_info_dc() This is required in order to support netr_SamInfo6 and PAC_UPN_DNS_INFO correctly. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>

2016-01-07 16:55:07 +03:00

													   const char *dns_domain_name,
							

Strip trailing spaces

2010-01-12 19:05:16 +03:00

													   struct ldb_dn *domain_dn,
							

Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)

2008-04-02 06:53:27 +04:00

													   struct ldb_message *msg,
							

s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett

2011-02-08 08:53:13 +03:00

												  struct auth_user_info_dc **_user_info_dc);
							

Strip trailing spaces

2010-01-12 19:05:16 +03:00

								NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
							

Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)

2008-04-02 06:53:27 +04:00

													   struct loadparm_context *lp_ctx,
							

auth: Allow auth_samba4 to be forced to run a specific auth module This will allow new tests to be written to validate winbindd authentication results Andrew Bartlett Change-Id: I008eba1de349b17ee4eb9f11be08338557dffecc Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>

2014-05-16 06:29:43 +04:00

								NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char * const *methods,
							

s4:lib/tevent: rename structs list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze

2008-12-29 22:24:57 +03:00

												     struct tevent_context *ev,
							

s4-messaging Rename messaging -> imessaging This avoid symbol and structure conflicts between Samba3 and Samba4, and chooses a less generic name. Andrew Bartlett

2011-05-03 04:40:33 +04:00

												     struct imessaging_context *msg,
							

Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)

2008-04-02 06:53:27 +04:00

												     struct loadparm_context *lp_ctx,
							

s4:auth Allow the operational module to get a user's tokenGroups from auth This creates a new interface to the auth subsystem, to allow an auth_context to be created from the ldb, and then tokenGroups to be calculated in the same way that the auth subsystem would. Andrew Bartlett

2010-04-15 05:58:05 +04:00

												     struct ldb_context *sam_ctx,
							

s4-auth Rename auth -> auth4 to avoid conflict with s3 auth

2011-05-07 10:14:06 +04:00

												     struct auth4_context **auth_ctx);
							

s4-auth Extend python bindings to allow ldb and message to be specified This will allow for some more tokenGroups tests in future. Andrew Bartlett

2011-01-18 11:13:19 +03:00

								const char **auth_methods_from_lp(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
							

Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)

2008-04-02 06:53:27 +04:00

Strip trailing spaces

2010-01-12 19:05:16 +03:00

								NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx,
							

s4:lib/tevent: rename structs list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze

2008-12-29 22:24:57 +03:00

											     struct tevent_context *ev,
							

s4-messaging Rename messaging -> imessaging This avoid symbol and structure conflicts between Samba3 and Samba4, and chooses a less generic name. Andrew Bartlett

2011-05-03 04:40:33 +04:00

											     struct imessaging_context *msg,
							

Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)

2008-04-02 06:53:27 +04:00

											     struct loadparm_context *lp_ctx,
							

s4-auth Rename auth -> auth4 to avoid conflict with s3 auth

2011-05-07 10:14:06 +04:00

											     struct auth4_context **auth_ctx);
							

Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)

2008-04-02 06:53:27 +04:00

auth: Make check_password and generate_session_info hook generic gensec_ntlmssp does not need to know the internal form of the struct user_info_dc or auth_serversupplied_info. This will allow the calling logic to be put in common. Andrew Bartlett

2012-01-30 04:17:44 +04:00

								NTSTATUS auth_check_password_wrapper(struct auth4_context *auth_ctx,
							

s4-auth Rename auth -> auth4 to avoid conflict with s3 auth

2011-05-07 10:14:06 +04:00

								NTSTATUS auth_check_password(struct auth4_context *auth_ctx,
							

Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)

2008-04-02 06:53:27 +04:00

											     TALLOC_CTX *mem_ctx,
							

auth: Make check_password and generate_session_info hook generic gensec_ntlmssp does not need to know the internal form of the struct user_info_dc or auth_serversupplied_info. This will allow the calling logic to be put in common. Andrew Bartlett

2012-01-30 04:17:44 +04:00

											     const struct auth_usersupplied_info *user_info, 
							

s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett

2011-02-08 08:53:13 +03:00

											     struct auth_user_info_dc **user_info_dc);
							

s4-auth: rename 'auth' subsystem to 'auth4' this prevents conflicts with the s3 auth modules. The auth modules in samba3 may appear in production smb.conf files, so it is preferable to rename the s4 modules for minimal disruption. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

2011-02-15 08:30:35 +03:00

								NTSTATUS auth4_init(void);
							

Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)

2008-04-02 06:53:27 +04:00

								NTSTATUS auth_register(const struct auth_operations *ops);
							

s4:auth Add dependency from the operational module onto auth We had to split up the auth module into a module loaded by main deamon and a subsystem we manually init in the operational module. Andrew Bartlett

2010-04-16 02:42:12 +04:00

								NTSTATUS server_service_auth_init(void);
							

Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)

2008-04-02 06:53:27 +04:00

								NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
							

s4/auth: Add logon_parameters to authenticate_username_pw We need to be able to set the logon parameters in the same way as in the ntlm server so we can handle openldap simple authentication call correctly. Autobuild-User: Anatoliy Atanasov <anatoliy@samba.org> Autobuild-Date: Fri Nov 5 06:32:43 UTC 2010 on sn-devel-104

2010-11-05 01:00:13 +03:00

												  struct tevent_context *ev,
							

s4-messaging Rename messaging -> imessaging This avoid symbol and structure conflicts between Samba3 and Samba4, and chooses a less generic name. Andrew Bartlett

2011-05-03 04:40:33 +04:00

												  struct imessaging_context *msg,
							

s4/auth: Add logon_parameters to authenticate_username_pw We need to be able to set the logon parameters in the same way as in the ntlm server so we can handle openldap simple authentication call correctly. Autobuild-User: Anatoliy Atanasov <anatoliy@samba.org> Autobuild-Date: Fri Nov 5 06:32:43 UTC 2010 on sn-devel-104

2010-11-05 01:00:13 +03:00

												  struct loadparm_context *lp_ctx,
							

s4:auth: change auth_check_password_send/recv to tevent_req metze

2009-12-23 11:09:37 +03:00

s4-auth Rename auth -> auth4 to avoid conflict with s3 auth

2011-05-07 10:14:06 +04:00

													    struct auth4_context *auth_ctx,
							

s4:auth: change auth_check_password_send/recv to tevent_req metze

2009-12-23 11:09:37 +03:00

													    const struct auth_usersupplied_info *user_info);
							

Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)

2008-04-02 06:53:27 +04:00

												  TALLOC_CTX *mem_ctx,
							

s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett

2011-02-08 08:53:13 +03:00

												  struct auth_user_info_dc **user_info_dc);
							

Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)

2008-04-02 06:53:27 +04:00

s4-auth Rename auth -> auth4 to avoid conflict with s3 auth

2011-05-07 10:14:06 +04:00

								bool auth_challenge_may_be_modified(struct auth4_context *auth_ctx);
							

r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)

2005-07-22 08:10:07 +04:00

s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett

2011-02-08 08:53:13 +03:00

								NTSTATUS auth_get_user_info_dc_principal(TALLOC_CTX *mem_ctx,
							

s4-auth Rename auth -> auth4 to avoid conflict with s3 auth

2011-05-07 10:14:06 +04:00

													struct auth4_context *auth_ctx,
							

s4:auth: add auth_get_server_info_principal() prototype to auth.h metze

2009-12-29 13:50:46 +03:00

													const char *principal,
							

s4:auth Allow the operational module to get a user's tokenGroups from auth This creates a new interface to the auth subsystem, to allow an auth_context to be created from the ldb, and then tokenGroups to be calculated in the same way that the auth subsystem would. Andrew Bartlett

2010-04-15 05:58:05 +04:00

													struct ldb_dn *user_dn,
							

s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett

2011-02-08 08:53:13 +03:00

													struct auth_user_info_dc **user_info_dc);
							

s4:auth: add auth_get_server_info_principal() prototype to auth.h metze

2009-12-29 13:50:46 +03:00

Remove auth/ntlm as a dependency of GENSEC by means of function pointers. When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett

2009-02-13 02:24:16 +03:00

								NTSTATUS samba_server_gensec_start(TALLOC_CTX *mem_ctx,
							

s4-messaging Rename messaging -> imessaging This avoid symbol and structure conflicts between Samba3 and Samba4, and chooses a less generic name. Andrew Bartlett

2011-05-03 04:40:33 +04:00

												   struct imessaging_context *msg_ctx,
							

Remove auth/ntlm as a dependency of GENSEC by means of function pointers. When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett

2009-02-13 02:24:16 +03:00

												   struct loadparm_context *lp_ctx,
							

r443: Update Samba4 to the auth and NTLMSSP code from Samba3. Not all the auth code is merged - only those parts that are actually being used in Samba4. There is a lot more work to do in the NTLMSSP area, and I hope to develop that work here. There is a start on this here - splitting NTLMSSP into two parts that my operate in an async fashion (before and after the actual authentication) Andrew Bartlett (This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f)

2004-05-02 12:45:00 +04:00

								#endif /* _SMBAUTH_H_ */

							

Strip trailing spaces 2010-01-12 19:05:16 +03:00			`/*`
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f) 2003-08-13 05:53:07 +04:00			`Unix SMB/CIFS implementation.`
			`Standardised Authentication types`
r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847) 2005-01-09 15:55:25 +03:00			`Copyright (C) Andrew Bartlett 2001`
			`Copyright (C) Stefan Metzmacher 2005`
Strip trailing spaces 2010-01-12 19:05:16 +03:00
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f) 2003-08-13 05:53:07 +04:00			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) 2007-07-10 06:07:03 +04:00			`the Free Software Foundation; either version 3 of the License, or`
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f) 2003-08-13 05:53:07 +04:00			`(at your option) any later version.`
Strip trailing spaces 2010-01-12 19:05:16 +03:00
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f) 2003-08-13 05:53:07 +04:00			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`
Strip trailing spaces 2010-01-12 19:05:16 +03:00
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f) 2003-08-13 05:53:07 +04:00			`You should have received a copy of the GNU General Public License`
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) 2007-07-10 06:07:03 +04:00			`along with this program. If not, see <http://www.gnu.org/licenses/>.`
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f) 2003-08-13 05:53:07 +04:00			`*/`

- port AUTH and PASSDB subsystems to new SMB_SUBSYSTEM() scheme - some const fixes in ntvfs metze (This used to be commit af89a78123068767b1d134969c5651a0fd978b0d) 2004-02-03 14:10:56 +03:00			`#ifndef _SAMBA_AUTH_H`
			`#define _SAMBA_AUTH_H`

Heimdal provides Kerberos PAC parsing routines. Use them. This uses Heimdal's PAC parsing code in the: - LOCAL-PAC test - gensec_gssapi server - KDC (where is was already used, the support code refactored from here) In addition, the service and KDC checksums are recorded in the struct auth_serversupplied_info, allowing them to be extracted for validation across NETLOGON. Andrew Bartlett (This used to be commit 418b440a7b8cdb53035045f3981d47b078be6c1e) 2008-08-28 10:28:47 +04:00			`#include "librpc/gen_ndr/ndr_krb5pac.h"`
s4-auth Add auth.idl to encode auth subsystem structures in IDL This is not only a useful way to encode stuff, it also allows python to handle the structures, and natrually allows them to be NDR encoded. Andrew Bartlett 2011-02-08 08:39:34 +03:00			`#include "librpc/gen_ndr/auth.h"`
s4:auth Move struct auth_usersupplied_info to a common location This also changes the calling convention slightly - we should always allocate this with talloc_zero() to allow some elements to be optional. Some elements may only make sense in Samba3, which I hope will use this common structure. Andrew Bartlett 2010-05-04 10:44:08 +04:00			`#include "../auth/common_auth.h"`
Heimdal provides Kerberos PAC parsing routines. Use them. This uses Heimdal's PAC parsing code in the: - LOCAL-PAC test - gensec_gssapi server - KDC (where is was already used, the support code refactored from here) In addition, the service and KDC checksums are recorded in the struct auth_serversupplied_info, allowing them to be extracted for validation across NETLOGON. Andrew Bartlett (This used to be commit 418b440a7b8cdb53035045f3981d47b078be6c1e) 2008-08-28 10:28:47 +04:00
s4:kdc Rework KDC to pull in less attributes for krbtgt lookups Each attribute we request from LDB comes with a small cost, so don't lookup any more than we must for the (very) frequent krbtgt lookup case. Similarly, we don't need to build a PAC for a server (as a target), so don't ask for the PAC attributes here either. Andrew Bartlett 2009-07-16 11:37:36 +04:00			`extern const char *krbtgt_attrs[];`
			`extern const char *server_attrs[];`
r24061: Anther part of bug #4823, which is that until now Samba4 didn't parse the logon hours, even if set. This code happily stolen from the great work in Samba3 :-) Andrew Bartlett (This used to be commit a4939ab629e0af0615bcecf63c7cd55e6e833505) 2007-07-27 10:31:12 +04:00			`extern const char *user_attrs[];`

r19598: Ahead of a merge to current lorikeet-heimdal: Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9) 2006-11-07 03:48:36 +03:00			`union netr_Validation;`
r19614: fix compiler warnings metze (This used to be commit 1ca8651a59e95eeca2942e5e66c2141e3f65dd9f) 2006-11-07 15:42:51 +03:00			`struct netr_SamBaseInfo;`
			`struct netr_SamInfo3;`
r26221: Add loadparm_context parameter to auth_context_create. (This used to be commit a9a9634df8f3137ecb308adb90a755f12af94972) 2007-12-02 18:20:18 +03:00			`struct loadparm_context;`
r3453: - split out the auth and popt includes - tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64) 2004-11-02 05:57:18 +03:00
- port AUTH and PASSDB subsystems to new SMB_SUBSYSTEM() scheme - some const fixes in ntvfs metze (This used to be commit af89a78123068767b1d134969c5651a0fd978b0d) 2004-02-03 14:10:56 +03:00			`/* modules can use the following to determine if the interface has changed`
			`* please increment the version number after each interface change`
			`* with a comment and maybe update struct auth_critical_sizes.`
			`*/`
			`/* version 1 - version from samba 3.0 - metze */`
			`/* version 2 - initial samba4 version - metze */`
r443: Update Samba4 to the auth and NTLMSSP code from Samba3. Not all the auth code is merged - only those parts that are actually being used in Samba4. There is a lot more work to do in the NTLMSSP area, and I hope to develop that work here. There is a start on this here - splitting NTLMSSP into two parts that my operate in an async fashion (before and after the actual authentication) Andrew Bartlett (This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f) 2004-05-02 12:45:00 +04:00			`/* version 3 - subsequent samba4 version - abartlet */`
r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847) 2005-01-09 15:55:25 +03:00			`/* version 4 - subsequent samba4 version - metze */`
r17270: split the logic of saying this auth backend wants to handle this request from the password checking. This will help to make the password checking hook async later metze (This used to be commit 5b26cbc3428b4c186235cc08c9ace1c23f59dd7f) 2006-07-27 15:24:18 +04:00			`/* version 0 - till samba4 is stable - metze */`
s4-auth Rename auth -> auth4 to avoid conflict with s3 auth 2011-05-07 10:14:06 +04:00			`#define AUTH4_INTERFACE_VERSION 0`
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f) 2003-08-13 05:53:07 +04:00
r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847) 2005-01-09 15:55:25 +03:00			`struct auth_method_context;`
r17273: add an async version of auth_check_password() on the public auth interface and implement the sync version as wrapper to auth_check_password_send/recv() as next all callers need to be converted to the async interface and then the modules metze (This used to be commit ed40bb3c16279f9727be67e889270da5efb8ddb9) 2006-07-27 17:02:27 +04:00			`struct auth_check_password_request;`
s4-auth Rename auth -> auth4 to avoid conflict with s3 auth 2011-05-07 10:14:06 +04:00			`struct auth4_context;`
s4:auth Change auth_generate_session_info to take an auth context The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett 2010-04-13 06:00:06 +04:00			`struct auth_session_info;`
s4:auth Allow the operational module to get a user's tokenGroups from auth This creates a new interface to the auth subsystem, to allow an auth_context to be created from the ldb, and then tokenGroups to be calculated in the same way that the auth subsystem would. Andrew Bartlett 2010-04-15 05:58:05 +04:00			`struct ldb_dn;`
s4-gensec: Move parsing of the PAC blob and creating the session_info into auth This uses a single callback to handle the PAC from the DATA_BLOB format until it becomes a struct auth_session_info. This allows a seperation between the GSS acceptor code and the PAC interpretation code based on the supplied auth context. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 29 01:10:59 CET 2011 on sn-devel-104 2011-12-28 10:48:45 +04:00			`struct smb_krb5_context;`
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f) 2003-08-13 05:53:07 +04:00
r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847) 2005-01-09 15:55:25 +03:00			`struct auth_operations {`
			`const char *name;`
ntlmssp over rpc over tcp now fully works I needed to hack the ntlmssp code a little, as the auth code in samba4 is out of date relative to the samba3 auth code. I need to do a merge :) (This used to be commit 6ee0935afe9444bf9bb24eed4e02e8377dc746b7) 2003-12-14 13:45:50 +03:00
r17270: split the logic of saying this auth backend wants to handle this request from the password checking. This will help to make the password checking hook async later metze (This used to be commit 5b26cbc3428b4c186235cc08c9ace1c23f59dd7f) 2006-07-27 15:24:18 +04:00			`/* Given the user supplied info, check if this backend want to handle the password checking */`

			`NTSTATUS (want_check)(struct auth_method_context ctx, TALLOC_CTX *mem_ctx,`
			`const struct auth_usersupplied_info *user_info);`

r6498: Add comments in line with those I already added to 3.0. Please don't re-invent security=server :-) Andrew Bartlett (This used to be commit b3a38e9c8ce9758db31aec53db29290a240868be) 2005-04-27 04:48:39 +04:00			`/* Given the user supplied info, check a password */`

r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847) 2005-01-09 15:55:25 +03:00			`NTSTATUS (check_password)(struct auth_method_context ctx, TALLOC_CTX *mem_ctx,`
			`const struct auth_usersupplied_info *user_info,`
s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett 2011-02-08 08:53:13 +03:00			`struct auth_user_info_dc **interim_info);`

			`/* Lookup a 'session info interim' return based only on the principal or DN */`
			`NTSTATUS (get_user_info_dc_principal)(TALLOC_CTX mem_ctx,`
s4-auth Rename auth -> auth4 to avoid conflict with s3 auth 2011-05-07 10:14:06 +04:00			`struct auth4_context *auth_context,`
s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett 2011-02-08 08:53:13 +03:00			`const char *principal,`
			`struct ldb_dn *user_dn,`
			`struct auth_user_info_dc **interim_info);`
auth: Provide a way to use the auth stack for winbindd authentication This adds in flags that allow winbindd to request authentication without directly calling into the auth_sam module. That in turn will allow winbindd to call auth_samba4 and so permit winbindd operation in the AD DC. Andrew Bartlett Change-Id: I27d11075eb8e1a54f034ee2fdcb05360b4203567 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 2014-03-27 03:58:05 +04:00			`uint32_t flags;`
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f) 2003-08-13 05:53:07 +04:00			`};`

r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847) 2005-01-09 15:55:25 +03:00			`struct auth_method_context {`
			`struct auth_method_context prev, next;`
s4-auth Rename auth -> auth4 to avoid conflict with s3 auth 2011-05-07 10:14:06 +04:00			`struct auth4_context *auth_ctx;`
r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847) 2005-01-09 15:55:25 +03:00			`const struct auth_operations *ops;`
			`int depth;`
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f) 2003-08-13 05:53:07 +04:00			`void *private_data;`
r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847) 2005-01-09 15:55:25 +03:00			`};`
first public release of samba4 code (This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f) 2003-08-13 05:53:07 +04:00
- port AUTH and PASSDB subsystems to new SMB_SUBSYSTEM() scheme - some const fixes in ntvfs metze (This used to be commit af89a78123068767b1d134969c5651a0fd978b0d) 2004-02-03 14:10:56 +03:00			`/* this structure is used by backends to determine the size of some critical types */`
			`struct auth_critical_sizes {`
			`int interface_version;`
			`int sizeof_auth_operations;`
			`int sizeof_auth_methods;`
			`int sizeof_auth_context;`
			`int sizeof_auth_usersupplied_info;`
s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett 2011-02-08 08:53:13 +03:00			`int sizeof_auth_user_info_dc;`
- port AUTH and PASSDB subsystems to new SMB_SUBSYSTEM() scheme - some const fixes in ntvfs metze (This used to be commit af89a78123068767b1d134969c5651a0fd978b0d) 2004-02-03 14:10:56 +03:00			`};`

s4-auth Rename auth -> auth4 to avoid conflict with s3 auth 2011-05-07 10:14:06 +04:00			`NTSTATUS encrypt_user_info(TALLOC_CTX mem_ctx, struct auth4_context auth_context,`
r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88) 2005-07-22 08:10:07 +04:00			`enum auth_password_state to_state,`
			`const struct auth_usersupplied_info *user_info_in,`
			`const struct auth_usersupplied_info **user_info_encrypted);`

r26127: Move session code out of auth_util.c. No longer making it part of auth but making it usable independently will be the next step. (This used to be commit b3fcb8e8103304fede865b02ca5169d5793a571d) 2007-11-26 04:25:20 +03:00			`#include "auth/session.h"`
s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> 2011-07-21 11:06:17 +04:00			`#include "auth/unix_token_proto.h"`
r26127: Move session code out of auth_util.c. No longer making it part of auth but making it usable independently will be the next step. (This used to be commit b3fcb8e8103304fede865b02ca5169d5793a571d) 2007-11-26 04:25:20 +03:00			`#include "auth/system_session_proto.h"`
Fix public header not to include private (not installed) ones. Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Mon Mar 14 17:01:20 CET 2011 on sn-devel-104 2011-03-14 18:01:47 +03:00			`#include "libcli/security/security.h"`
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) 2008-04-02 06:53:27 +04:00
			`struct ldb_message;`
			`struct ldb_context;`
Remove auth/ntlm as a dependency of GENSEC by means of function pointers. When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett 2009-02-13 02:24:16 +03:00			`struct gensec_security;`
s4-auth Move libcli/security/session.c to the top level This code is now useful in common, as the elements of the auth_session_info structure have now been defined in common IDL. Andrew Bartlett 2011-02-10 12:21:11 +03:00			`struct cli_credentials;`
Remove auth/ntlm as a dependency of GENSEC by means of function pointers. When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett 2009-02-13 02:24:16 +03:00
s4-auth Rename auth -> auth4 to avoid conflict with s3 auth 2011-05-07 10:14:06 +04:00			`NTSTATUS auth_get_challenge(struct auth4_context *auth_ctx, uint8_t chal[8]);`
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) 2008-04-02 06:53:27 +04:00			`NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,`
			`struct ldb_context *sam_ctx,`
			`uint32_t logon_parameters,`
Don't use crossRef records to find our own domain A single AD server can only host a single domain, so don't stuff about with looking up our crossRef record in the cn=Partitions container. We instead trust that lp_realm() and lp_workgroup() works correctly. Andrew Bartlett 2009-05-26 06:31:39 +04:00			`struct ldb_dn *domain_dn,`
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) 2008-04-02 06:53:27 +04:00			`struct ldb_message *msg,`
			`const char *logon_workstation,`
s4:kdc: allow a trusted domain to get kerberos tickets metze 2008-12-04 17:09:21 +03:00			`const char *name_for_logs,`
s4:kdc Allow a password change when the password is expired This requires a rework on Heimdal's windc plugin layer, as we want full control over what tickets Heimdal will issue. (In particular, in case our requirements become more complex in future). The original problem was that Heimdal's check would permit the ticket, but Samba would then deny it, not knowing it was for kadmin/changepw Also (in hdb-samba4) be a bit more careful on what entries we will make the 'change_pw' service mark that this depends on. Andrew Bartlett 2009-06-18 05:08:46 +04:00			`bool allow_domain_trust,`
			`bool password_change);`
s4-auth: remove unused prototype 2011-05-06 18:49:38 +04:00
s4:auth Move BUILTIN group addition into session.c The group list in the PAC does not include 'enterprise DCs' and BUILTIN groups, so we should generate it on each server, not in the list we pass around in the PAC or SamLogon reply. Andrew Bartlett 2010-04-13 16:11:26 +04:00			`struct auth_session_info system_session(struct loadparm_context lp_ctx);`
s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett 2011-02-08 08:53:13 +03:00			`NTSTATUS authsam_make_user_info_dc(TALLOC_CTX mem_ctx, struct ldb_context sam_ctx,`
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) 2008-04-02 06:53:27 +04:00			`const char *netbios_name,`
Don't use crossRef records to find our own domain A single AD server can only host a single domain, so don't stuff about with looking up our crossRef record in the cn=Partitions container. We instead trust that lp_realm() and lp_workgroup() works correctly. Andrew Bartlett 2009-05-26 06:31:39 +04:00			`const char *domain_name,`
s4:auth: fill user_principal_* and dns_domain_name in authsam_make_user_info_dc() This is required in order to support netr_SamInfo6 and PAC_UPN_DNS_INFO correctly. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 2016-01-07 16:55:07 +03:00			`const char *dns_domain_name,`
Strip trailing spaces 2010-01-12 19:05:16 +03:00			`struct ldb_dn *domain_dn,`
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) 2008-04-02 06:53:27 +04:00			`struct ldb_message *msg,`
			`DATA_BLOB user_sess_key, DATA_BLOB lm_sess_key,`
s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett 2011-02-08 08:53:13 +03:00			`struct auth_user_info_dc **_user_info_dc);`
Strip trailing spaces 2010-01-12 19:05:16 +03:00			`NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,`
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) 2008-04-02 06:53:27 +04:00			`struct loadparm_context *lp_ctx,`
			`struct auth_session_info **_session_info) ;`

auth: Allow auth_samba4 to be forced to run a specific auth module This will allow new tests to be written to validate winbindd authentication results Andrew Bartlett Change-Id: I008eba1de349b17ee4eb9f11be08338557dffecc Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 2014-05-16 06:29:43 +04:00			`NTSTATUS auth_context_create_methods(TALLOC_CTX mem_ctx, const char const *methods,`
s4:lib/tevent: rename structs list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s \| cut -d ':' -f1` n=`echo $s \| cut -d ':' -f2` r=`git grep "struct $o" \|cut -d ':' -f1 \|sort -u` files=`echo "$r" \| grep -v source3 \| grep -v nsswitch \| grep -v packaging4` for f in $files; do cat $f \| sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze 2008-12-29 22:24:57 +03:00			`struct tevent_context *ev,`
s4-messaging Rename messaging -> imessaging This avoid symbol and structure conflicts between Samba3 and Samba4, and chooses a less generic name. Andrew Bartlett 2011-05-03 04:40:33 +04:00			`struct imessaging_context *msg,`
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) 2008-04-02 06:53:27 +04:00			`struct loadparm_context *lp_ctx,`
s4:auth Allow the operational module to get a user's tokenGroups from auth This creates a new interface to the auth subsystem, to allow an auth_context to be created from the ldb, and then tokenGroups to be calculated in the same way that the auth subsystem would. Andrew Bartlett 2010-04-15 05:58:05 +04:00			`struct ldb_context *sam_ctx,`
s4-auth Rename auth -> auth4 to avoid conflict with s3 auth 2011-05-07 10:14:06 +04:00			`struct auth4_context **auth_ctx);`
s4-auth Extend python bindings to allow ldb and message to be specified This will allow for some more tokenGroups tests in future. Andrew Bartlett 2011-01-18 11:13:19 +03:00			`const char *auth_methods_from_lp(TALLOC_CTX mem_ctx, struct loadparm_context *lp_ctx);`
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) 2008-04-02 06:53:27 +04:00
Strip trailing spaces 2010-01-12 19:05:16 +03:00			`NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx,`
s4:lib/tevent: rename structs list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s \| cut -d ':' -f1` n=`echo $s \| cut -d ':' -f2` r=`git grep "struct $o" \|cut -d ':' -f1 \|sort -u` files=`echo "$r" \| grep -v source3 \| grep -v nsswitch \| grep -v packaging4` for f in $files; do cat $f \| sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze 2008-12-29 22:24:57 +03:00			`struct tevent_context *ev,`
s4-messaging Rename messaging -> imessaging This avoid symbol and structure conflicts between Samba3 and Samba4, and chooses a less generic name. Andrew Bartlett 2011-05-03 04:40:33 +04:00			`struct imessaging_context *msg,`
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) 2008-04-02 06:53:27 +04:00			`struct loadparm_context *lp_ctx,`
s4-auth Rename auth -> auth4 to avoid conflict with s3 auth 2011-05-07 10:14:06 +04:00			`struct auth4_context **auth_ctx);`
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) 2008-04-02 06:53:27 +04:00
auth: Make check_password and generate_session_info hook generic gensec_ntlmssp does not need to know the internal form of the struct user_info_dc or auth_serversupplied_info. This will allow the calling logic to be put in common. Andrew Bartlett 2012-01-30 04:17:44 +04:00			`NTSTATUS auth_check_password_wrapper(struct auth4_context *auth_ctx,`
			`TALLOC_CTX *mem_ctx,`
			`const struct auth_usersupplied_info *user_info,`
			`void **server_returned_info,`
			`DATA_BLOB user_session_key, DATA_BLOB lm_session_key);`

s4-auth Rename auth -> auth4 to avoid conflict with s3 auth 2011-05-07 10:14:06 +04:00			`NTSTATUS auth_check_password(struct auth4_context *auth_ctx,`
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) 2008-04-02 06:53:27 +04:00			`TALLOC_CTX *mem_ctx,`
auth: Make check_password and generate_session_info hook generic gensec_ntlmssp does not need to know the internal form of the struct user_info_dc or auth_serversupplied_info. This will allow the calling logic to be put in common. Andrew Bartlett 2012-01-30 04:17:44 +04:00			`const struct auth_usersupplied_info *user_info,`
s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett 2011-02-08 08:53:13 +03:00			`struct auth_user_info_dc **user_info_dc);`
s4-auth: rename 'auth' subsystem to 'auth4' this prevents conflicts with the s3 auth modules. The auth modules in samba3 may appear in production smb.conf files, so it is preferable to rename the s4 modules for minimal disruption. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> 2011-02-15 08:30:35 +03:00			`NTSTATUS auth4_init(void);`
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) 2008-04-02 06:53:27 +04:00			`NTSTATUS auth_register(const struct auth_operations *ops);`
s4:auth Add dependency from the operational module onto auth We had to split up the auth module into a module loaded by main deamon and a subsystem we manually init in the operational module. Andrew Bartlett 2010-04-16 02:42:12 +04:00			`NTSTATUS server_service_auth_init(void);`
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) 2008-04-02 06:53:27 +04:00			`NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,`
s4/auth: Add logon_parameters to authenticate_username_pw We need to be able to set the logon parameters in the same way as in the ntlm server so we can handle openldap simple authentication call correctly. Autobuild-User: Anatoliy Atanasov <anatoliy@samba.org> Autobuild-Date: Fri Nov 5 06:32:43 UTC 2010 on sn-devel-104 2010-11-05 01:00:13 +03:00			`struct tevent_context *ev,`
s4-messaging Rename messaging -> imessaging This avoid symbol and structure conflicts between Samba3 and Samba4, and chooses a less generic name. Andrew Bartlett 2011-05-03 04:40:33 +04:00			`struct imessaging_context *msg,`
s4/auth: Add logon_parameters to authenticate_username_pw We need to be able to set the logon parameters in the same way as in the ntlm server so we can handle openldap simple authentication call correctly. Autobuild-User: Anatoliy Atanasov <anatoliy@samba.org> Autobuild-Date: Fri Nov 5 06:32:43 UTC 2010 on sn-devel-104 2010-11-05 01:00:13 +03:00			`struct loadparm_context *lp_ctx,`
			`const char *nt4_domain,`
			`const char *nt4_username,`
			`const char *password,`
			`const uint32_t logon_parameters,`
			`struct auth_session_info **session_info);`
s4:auth: change auth_check_password_send/recv to tevent_req metze 2009-12-23 11:09:37 +03:00
			`struct tevent_req auth_check_password_send(TALLOC_CTX mem_ctx,`
			`struct tevent_context *ev,`
s4-auth Rename auth -> auth4 to avoid conflict with s3 auth 2011-05-07 10:14:06 +04:00			`struct auth4_context *auth_ctx,`
s4:auth: change auth_check_password_send/recv to tevent_req metze 2009-12-23 11:09:37 +03:00			`const struct auth_usersupplied_info *user_info);`
			`NTSTATUS auth_check_password_recv(struct tevent_req *req,`
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) 2008-04-02 06:53:27 +04:00			`TALLOC_CTX *mem_ctx,`
s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett 2011-02-08 08:53:13 +03:00			`struct auth_user_info_dc **user_info_dc);`
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) 2008-04-02 06:53:27 +04:00
s4-auth Rename auth -> auth4 to avoid conflict with s3 auth 2011-05-07 10:14:06 +04:00			`bool auth_challenge_may_be_modified(struct auth4_context *auth_ctx);`
			`NTSTATUS auth_context_set_challenge(struct auth4_context auth_ctx, const uint8_t chal[8], const char set_by);`
r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88) 2005-07-22 08:10:07 +04:00
s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett 2011-02-08 08:53:13 +03:00			`NTSTATUS auth_get_user_info_dc_principal(TALLOC_CTX *mem_ctx,`
s4-auth Rename auth -> auth4 to avoid conflict with s3 auth 2011-05-07 10:14:06 +04:00			`struct auth4_context *auth_ctx,`
s4:auth: add auth_get_server_info_principal() prototype to auth.h metze 2009-12-29 13:50:46 +03:00			`const char *principal,`
s4:auth Allow the operational module to get a user's tokenGroups from auth This creates a new interface to the auth subsystem, to allow an auth_context to be created from the ldb, and then tokenGroups to be calculated in the same way that the auth subsystem would. Andrew Bartlett 2010-04-15 05:58:05 +04:00			`struct ldb_dn *user_dn,`
s4-auth Rework auth subsystem to remove struct auth_serversupplied_info This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett 2011-02-08 08:53:13 +03:00			`struct auth_user_info_dc **user_info_dc);`
s4:auth: add auth_get_server_info_principal() prototype to auth.h metze 2009-12-29 13:50:46 +03:00
Remove auth/ntlm as a dependency of GENSEC by means of function pointers. When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett 2009-02-13 02:24:16 +03:00			`NTSTATUS samba_server_gensec_start(TALLOC_CTX *mem_ctx,`
			`struct tevent_context *event_ctx,`
s4-messaging Rename messaging -> imessaging This avoid symbol and structure conflicts between Samba3 and Samba4, and chooses a less generic name. Andrew Bartlett 2011-05-03 04:40:33 +04:00			`struct imessaging_context *msg_ctx,`
Remove auth/ntlm as a dependency of GENSEC by means of function pointers. When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett 2009-02-13 02:24:16 +03:00			`struct loadparm_context *lp_ctx,`
			`struct cli_credentials *server_credentials,`
			`const char *target_service,`
			`struct gensec_security **gensec_context);`

r443: Update Samba4 to the auth and NTLMSSP code from Samba3. Not all the auth code is merged - only those parts that are actually being used in Samba4. There is a lot more work to do in the NTLMSSP area, and I hope to develop that work here. There is a start on this here - splitting NTLMSSP into two parts that my operate in an async fashion (before and after the actual authentication) Andrew Bartlett (This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f) 2004-05-02 12:45:00 +04:00			`#endif /* _SMBAUTH_H_ */`

198 lines 7.0 KiB C Raw Normal View History Unescape Escape

198 lines

7.0 KiB

C

Raw Normal View History