1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

31 Commits

Author SHA1 Message Date
Andrew Bartlett
23159453d3 s3:auth Rename user_info->smb_name -> user_info->client.account_name
This is closer to the structure I want for a common struct
auth_usersupplied_info.

Andrew Bartlett
2010-06-07 23:34:28 +10:00
Simo Sorce
33c633df0b s3:auth make it easier to trace auth modules 2010-05-29 17:08:10 -04:00
Volker Lendecke
a2d1e5e0f7 s3: Remove the make_auth_methods routine
This was just TALLOC_ZERO_P
2010-04-11 13:53:19 +02:00
Volker Lendecke
bc619586f2 s3: Fix a typo 2010-04-11 13:53:19 +02:00
Volker Lendecke
e35a2f89b2 s3: Fix some nonempty lines 2010-04-11 13:53:18 +02:00
Volker Lendecke
081573091b s3: Remove the typedef for "auth_serversupplied_info" 2010-01-10 20:56:16 +01:00
Volker Lendecke
9bb4766bba s3: Remove the typedef for "auth_usersupplied_info" 2010-01-10 20:56:16 +01:00
Volker Lendecke
0283e95a7c Add a mem_ctx argument to make_server_info_guest()
(This used to be commit e4a9492967)
2008-05-10 11:16:59 +02:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Jeremy Allison
bb0598faf5 Put strcasecmp/strncasecmp on the banned list (except for needed calls
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at
all and I really want to discourage that.
Jeremy.
(This used to be commit d7e35dfb92)
2003-10-22 23:38:20 +00:00
Jeremy Allison
ce72beb2b5 Removed strupper/strlower macros that automatically map to strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a0)
2003-07-03 19:11:31 +00:00
Andrew Bartlett
61116049ca This patch takes the work the jerry did for beta2, and generalises it:
- The 'not implmented' checks are now done by all auth modules
 - the ntdomain/trustdomain/winbind modules are more presise as to
   what domain names they can and cannot handle
 - The become_root() calls are now around the winbind pipe opening only,
   not the entire auth call
 - The unix username is kept seperate from the NT username, removing the
   need for 'clean off the domain\' in parse_net.c
 - All sid->uid translations are now validated with getpwuid() to put a very
   basic stop to logins with 'half deleted' accounts.

Andrew Bartlett
(This used to be commit 85f88191b9)
2003-07-03 14:36:42 +00:00
Jelmer Vernooij
17a3acafa8 Use NTSTATUS as return value for smb_register_*() functions and init_module()
function. Patch by metze with some minor modifications.
(This used to be commit bc4b51bcb2)
2003-04-28 17:48:48 +00:00
Andrew Bartlett
59e0836b7f Merge auth changes from HEAD:
- better error codes than NT_STATUS_UNSUCCESSFUL for domain logon errors
 - make auth_winbind load the ntdomain module if winbind isn't there.
 - use new trusted domains cache to determine if the domain is valid.

Andrew Bartlett
(This used to be commit ec8d6524c6)
2003-04-24 11:56:09 +00:00
Jelmer Vernooij
a8c95d79f8 Add support for the new modules system to auth/ (merge from HEAD)
(This used to be commit c7a1de090d)
2003-04-16 12:13:07 +00:00
Jelmer Vernooij
11fb38cfb8 Fix typo
(This used to be commit 738a2b055a)
2003-04-14 21:19:18 +00:00
Jelmer Vernooij
702e76dd3e Fix some comment typos
(This used to be commit 051b33e98f)
2003-03-19 15:24:17 +00:00
Jeremy Allison
39c78bf516 Fixed auth module code. Added VALGRIND defines to reduce spurious warnings.
Jeremy.
(This used to be commit ec4ed45563)
2002-12-11 23:54:40 +00:00
Tim Potter
f3e3a56ea9 Merge a bunch of trivial changes from HEAD. The difference remaining
should actual functional differences between HEAD and 3.0.

 - Mostly reformatting
 - Removal of unecessary #include "smb.h"
 - Merge of dyn_DRIVERFILE removal
 - Silly bug fix for python code
(This used to be commit d3998307ad)
2002-11-29 02:58:59 +00:00
Gerald Carter
a834a73e34 sync'ing up for 3.0alpha20 release
(This used to be commit 65e7b5273b)
2002-09-25 15:19:00 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06)
2002-01-30 06:08:46 +00:00
Andrew Bartlett
2e28f8ff0e I've decided to move the auth code around a bit more...
The auth_authsupplied_info typedef is now just a plain struct - auth_context,
but it has been modified to contain the function pointers to the rest
of the auth subsystem's components.

(Who needs non-static functions anyway?)

In working all this mess out, I fixed a number of memory leaks and moved the
entire auth subsystem over to talloc().

Note that the TALLOC_CTX attached to the auth_context can be rather long-lived,
it is provided for things that are intended to live as long.  (The
global_negprot_auth_context lasts the whole life of the smbd).

I've also adjusted a few things in auth_domain.c, mainly passing the domain as
a paramater to a few functions instead of looking up lp_workgroup().  I'm
hopign to make this entire thing a bit more trusted domains (as PDC) freindly
in the near future.

Other than that, I moved a bit of the code around, hence the rather messy diff.

Andrew Bartlett
(This used to be commit 12f5515f55)
2002-01-05 04:55:41 +00:00
Andrew Bartlett
03aea8fc90 Allow usernames in the form of 'NT_STATUS_....' to map to that as the error
when using the 'name_to_ntstatus' auth module.

This could be useful in testing.

Andrew Bartlett
(This used to be commit 5cdc67d0bd)
2002-01-01 05:51:03 +00:00
Andrew Bartlett
4a6d1318bd A farily large commit:
- Move rpc_client/cli_trust.c to smbd/change_trust_pw.c
  - It hasn't been used by anything else since smbpasswd lost its -j

 - Add a TALLOC_CTX to the auth subsytem.  These are only valid for the length
   of the calls to the individual modules, if you want a longer context hide it
   in your private data.

   Similarly, all returns (like the server_info) should still be malloced.

 - Move the 'ntdomain' module (security=domain in oldspeak) over to use the new
   libsmb domain logon code.  Also rework much of the code to use some better
   helper functions for the connection - getting us much better error returns
   (the new code is NTSTATUS).

   The only remaining thing to do is to figure out if tpot's 0xdead 0xbeef for
   the LUID feilds is sufficient, or if we should do random LUIDs as per the old
   code.

   Similarly, I'll move winbind over to this when I get a chance.

This leaves the SPOOLSS code and some cli_pipe code as the only stuff still in
rpc_client, at least as far as smbd is concerned.

While I've given this a basic rundown, any testing is as always appriciated.

Andrew Bartlett
(This used to be commit d870edce76)
2002-01-01 03:10:32 +00:00
Andrew Bartlett
f6e6c678ad Add a pile of doxygen style comments to various parts of Samba. Many of these
probably will never actually be genearted, but I like the style in any case.

Also fix a segfault in 'net rpc' when the login failed and a small memory leak
on failure in the auth_info.c code.

Andrew Bartlett
(This used to be commit 2efae7cc52)
2001-12-30 10:54:58 +00:00
Andrew Bartlett
4499007e45 A number of things to clean up the auth subsytem a bit...
We now default encrypt passwords = yes

We now check plaintext passwords (however aquired) with the 'sam' backend
rather than unix, if encrypt passwords = yes.

(this kills off the 'local' backed.  The sam backend may be renamed in its
place)

The new 'samstrict' wrapper backend checks that the user's domain is one of
our netbios aliases - this ensures that we don't get fallback crazies with
security = domain.

Similarly, the code in the 'ntdomain' and 'smbserver' backends now checks
that the user was not local before contacting the DC.

The default ordering has changed, we now check the local stuff first - but
becouse of the changes above, we will really only ever contact one
auth source.

Andrew Bartlett
(This used to be commit e89b47f65e)
2001-11-26 06:47:04 +00:00
Andrew Bartlett
1b1b8e39b2 Add the PDC end of the smbtorture test for creating an NT_STATUS -> DOS error
map.

This little authentication module is #ifdef DEVELOPER, becouse it really is of
no use execept as a development tool

invoke by setting:

auth methods = guest sam name_to_ntstatus

in the smb.conf file (the SAM and guest elements are required for the member
server to authenticate itself).

Andrew Bartlett
(This used to be commit 9807e66f34)
2001-11-25 03:01:14 +00:00
Andrew Bartlett
d0a2faf78d This is another rather major change to the samba authenticaion
subystem.

The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.

This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality.  While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.

This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists.  It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.

Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.

While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.

The following parameters have changed:
 - use rhosts =

  This has been replaced by the 'rhosts' authentication method,
 and can be specified like 'auth methods = guest rhosts'

 - hosts equiv =

  This needs both this parameter and an 'auth methods' entry
  to be effective.  (auth methods = guest hostsequiv ....)

 - plaintext to smbpasswd =

  This is replaced by specifying 'sam' rather than 'local'
  in the auth methods.

The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.

The available auth methods are:

guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)


Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.

Andrew Bartlett
(This used to be commit 8d31eae52a)
2001-11-24 12:12:38 +00:00