1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

16 Commits

Author SHA1 Message Date
Stefan Metzmacher
541d687347 auth: let auth4_context->check_ntlm_password() return pauthoritative
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-03-24 11:57:10 +01:00
Andrew Bartlett
0b77cd969c s4-auth: Do not override the NT_STATUS_NOT_IMPLEMENTED error for winbindd
This changes the auth code in winbindd to use this as a flag, and to
therefore contact the RW DC.

Change-Id: If4164d27b57b453b398642fdf7d46d03cd0e65f2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
2014-07-04 02:52:35 +02:00
Andrew Bartlett
597d2a7a29 auth: Provide a way to use the auth stack for winbindd authentication
This adds in flags that allow winbindd to request authentication
without directly calling into the auth_sam module.

That in turn will allow winbindd to call auth_samba4 and so permit
winbindd operation in the AD DC.

Andrew Bartlett

Change-Id: I27d11075eb8e1a54f034ee2fdcb05360b4203567
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-11 10:18:26 +02:00
Andrew Bartlett
eba8799514 auth: Remove .get_challenge (only used for security=server)
With NTLMSSP, for NTLM2 we need to be able to set the effective challenge,
so if we ever did use a module that needed this functionlity, we would
downgrade to just NTLM.

Now that security=server has been removed, we have no such module.

This will make it easier to make the auth subsystem async, as we will
not need to consider making .get_challenge async.

Andrew Bartlett
2012-07-03 08:13:01 +10:00
Andrew Bartlett
e3cebef0cf auth: Rename some elements of auth4_context
These operate on NTLM authentication, so make that clear.

Andrew Bartlett
2012-02-24 11:23:18 +11:00
Andrew Bartlett
e786e8fef9 auth: Reorder arguments to generate_session_info
This matches check_ntlm_password() and generate_session_info_pac()

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Feb 18 02:19:35 CET 2012 on sn-devel-104
2012-02-18 02:19:35 +01:00
Andrew Bartlett
caf485a2bd auth: Pass in the SMB username (for %U) into generate_session_info
This matches what Samba3 does.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Feb 13 01:25:59 CET 2012 on sn-devel-104
2012-02-13 01:25:59 +01:00
Andrew Bartlett
a647df4607 auth: Make check_password and generate_session_info hook generic
gensec_ntlmssp does not need to know the internal form of the
struct user_info_dc or auth_serversupplied_info.  This will allow the
calling logic to be put in common.

Andrew Bartlett
2012-01-30 08:05:14 +01:00
Andrew Bartlett
697a6e9504 auth: provide private pointer and do not return original PAC signatures
There is no need to return the PAC signatures via the special-purpose
torture element.  Instead, use a private pointer on the auth_context
in conjunction with the private PAC processing method.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun Jan 29 23:52:50 CET 2012 on sn-devel-104
2012-01-29 23:52:50 +01:00
Andrew Bartlett
f5a117172e gensec: move gensec_util.c to the top level
To do this some defines need to move to common_auth.h

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11 09:02:41 +01:00
Andrew Bartlett
14c8a13d3e auth: make auth4_context common to provide access to generate_session_info_pac()
By providing this context, a function pointer for
generate_session_info_pac() can be inserted into gensec, allowing the
s3 PAC processing in an otherwise more generic gensec module.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11 08:59:34 +01:00
Andrew Bartlett
a39187f0f5 auth: include auth.idl structures into common_auth.h
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:10 +10:00
Andrew Bartlett
6990536000 auth: allow auth_common.h to be included multiple times without error 2011-05-08 10:56:27 +02:00
Günther Deschner
95f9542e05 s3-auth: remove global include of krb5pac.h.
Guenther
2010-08-31 23:17:40 +02:00
Andrew Bartlett
23994e1b53 s3:auth Make Samba3 use the new common struct auth_usersupplied_info
This common structure will make it much easier to produce an auth
module for s3compat that calls Samba4's auth subsystem.

In order the make the link work properly (and not map twice), we mark
both that we did try and map the user, as well as if we changed the
user during the mapping.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14 11:58:13 +10:00
Andrew Bartlett
272e49e85c s4:auth Move struct auth_usersupplied_info to a common location
This also changes the calling convention slightly - we should always
allocate this with talloc_zero() to allow some elements to be
optional.  Some elements may only make sense in Samba3, which I hope
will use this common structure.

Andrew Bartlett
2010-08-14 11:58:13 +10:00