1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-21 18:04:06 +03:00

23 Commits

Author SHA1 Message Date
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10 12:28:20 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10 11:06:23 -05:00
Jeremy Allison
bb0598faf5 Put strcasecmp/strncasecmp on the banned list (except for needed calls
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at
all and I really want to discourage that.
Jeremy.
(This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
2003-10-22 23:38:20 +00:00
Jeremy Allison
ce72beb2b5 Removed strupper/strlower macros that automatically map to strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-07-03 19:11:31 +00:00
Andrew Bartlett
61116049ca This patch takes the work the jerry did for beta2, and generalises it:
- The 'not implmented' checks are now done by all auth modules
 - the ntdomain/trustdomain/winbind modules are more presise as to
   what domain names they can and cannot handle
 - The become_root() calls are now around the winbind pipe opening only,
   not the entire auth call
 - The unix username is kept seperate from the NT username, removing the
   need for 'clean off the domain\' in parse_net.c
 - All sid->uid translations are now validated with getpwuid() to put a very
   basic stop to logins with 'half deleted' accounts.

Andrew Bartlett
(This used to be commit 85f88191b9927cc434645ef4c1eaf5ec0e8af2ec)
2003-07-03 14:36:42 +00:00
Jelmer Vernooij
17a3acafa8 Use NTSTATUS as return value for smb_register_*() functions and init_module()
function. Patch by metze with some minor modifications.
(This used to be commit bc4b51bcb2daa7271c884cb83bf8bdba6d3a9b6d)
2003-04-28 17:48:48 +00:00
Andrew Bartlett
59e0836b7f Merge auth changes from HEAD:
- better error codes than NT_STATUS_UNSUCCESSFUL for domain logon errors
 - make auth_winbind load the ntdomain module if winbind isn't there.
 - use new trusted domains cache to determine if the domain is valid.

Andrew Bartlett
(This used to be commit ec8d6524c6b0c70927a2b57aab71d9e3a7f8a150)
2003-04-24 11:56:09 +00:00
Jelmer Vernooij
a8c95d79f8 Add support for the new modules system to auth/ (merge from HEAD)
(This used to be commit c7a1de090db35835be1a1623bfc80c04065c5dd9)
2003-04-16 12:13:07 +00:00
Jelmer Vernooij
11fb38cfb8 Fix typo
(This used to be commit 738a2b055a0757002e8cdcbf744c8663e0e26bc2)
2003-04-14 21:19:18 +00:00
Jelmer Vernooij
702e76dd3e Fix some comment typos
(This used to be commit 051b33e98f94ad09b4d8816a88e78715e7dc2a5e)
2003-03-19 15:24:17 +00:00
Jeremy Allison
39c78bf516 Fixed auth module code. Added VALGRIND defines to reduce spurious warnings.
Jeremy.
(This used to be commit ec4ed45563f9d8e25fcfd88840944a90b3139c3e)
2002-12-11 23:54:40 +00:00
Tim Potter
f3e3a56ea9 Merge a bunch of trivial changes from HEAD. The difference remaining
should actual functional differences between HEAD and 3.0.

 - Mostly reformatting
 - Removal of unecessary #include "smb.h"
 - Merge of dyn_DRIVERFILE removal
 - Silly bug fix for python code
(This used to be commit d3998307adc50ba50defe610cb656c73799ae3b9)
2002-11-29 02:58:59 +00:00
Gerald Carter
a834a73e34 sync'ing up for 3.0alpha20 release
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-09-25 15:19:00 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 10:35:28 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-30 06:08:46 +00:00
Andrew Bartlett
2e28f8ff0e I've decided to move the auth code around a bit more...
The auth_authsupplied_info typedef is now just a plain struct - auth_context,
but it has been modified to contain the function pointers to the rest
of the auth subsystem's components.

(Who needs non-static functions anyway?)

In working all this mess out, I fixed a number of memory leaks and moved the
entire auth subsystem over to talloc().

Note that the TALLOC_CTX attached to the auth_context can be rather long-lived,
it is provided for things that are intended to live as long.  (The
global_negprot_auth_context lasts the whole life of the smbd).

I've also adjusted a few things in auth_domain.c, mainly passing the domain as
a paramater to a few functions instead of looking up lp_workgroup().  I'm
hopign to make this entire thing a bit more trusted domains (as PDC) freindly
in the near future.

Other than that, I moved a bit of the code around, hence the rather messy diff.

Andrew Bartlett
(This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
2002-01-05 04:55:41 +00:00
Andrew Bartlett
03aea8fc90 Allow usernames in the form of 'NT_STATUS_....' to map to that as the error
when using the 'name_to_ntstatus' auth module.

This could be useful in testing.

Andrew Bartlett
(This used to be commit 5cdc67d0bda8ef41305cae9c5be70d11593ffdd8)
2002-01-01 05:51:03 +00:00
Andrew Bartlett
4a6d1318bd A farily large commit:
- Move rpc_client/cli_trust.c to smbd/change_trust_pw.c
  - It hasn't been used by anything else since smbpasswd lost its -j

 - Add a TALLOC_CTX to the auth subsytem.  These are only valid for the length
   of the calls to the individual modules, if you want a longer context hide it
   in your private data.

   Similarly, all returns (like the server_info) should still be malloced.

 - Move the 'ntdomain' module (security=domain in oldspeak) over to use the new
   libsmb domain logon code.  Also rework much of the code to use some better
   helper functions for the connection - getting us much better error returns
   (the new code is NTSTATUS).

   The only remaining thing to do is to figure out if tpot's 0xdead 0xbeef for
   the LUID feilds is sufficient, or if we should do random LUIDs as per the old
   code.

   Similarly, I'll move winbind over to this when I get a chance.

This leaves the SPOOLSS code and some cli_pipe code as the only stuff still in
rpc_client, at least as far as smbd is concerned.

While I've given this a basic rundown, any testing is as always appriciated.

Andrew Bartlett
(This used to be commit d870edce76ecca259230fbdbdacd0c86793b4837)
2002-01-01 03:10:32 +00:00
Andrew Bartlett
f6e6c678ad Add a pile of doxygen style comments to various parts of Samba. Many of these
probably will never actually be genearted, but I like the style in any case.

Also fix a segfault in 'net rpc' when the login failed and a small memory leak
on failure in the auth_info.c code.

Andrew Bartlett
(This used to be commit 2efae7cc522651c22fb120835bc800645559b63e)
2001-12-30 10:54:58 +00:00
Andrew Bartlett
4499007e45 A number of things to clean up the auth subsytem a bit...
We now default encrypt passwords = yes

We now check plaintext passwords (however aquired) with the 'sam' backend
rather than unix, if encrypt passwords = yes.

(this kills off the 'local' backed.  The sam backend may be renamed in its
place)

The new 'samstrict' wrapper backend checks that the user's domain is one of
our netbios aliases - this ensures that we don't get fallback crazies with
security = domain.

Similarly, the code in the 'ntdomain' and 'smbserver' backends now checks
that the user was not local before contacting the DC.

The default ordering has changed, we now check the local stuff first - but
becouse of the changes above, we will really only ever contact one
auth source.

Andrew Bartlett
(This used to be commit e89b47f65e7eaf5eb288a3d6ba2d3d115c628e7e)
2001-11-26 06:47:04 +00:00
Andrew Bartlett
1b1b8e39b2 Add the PDC end of the smbtorture test for creating an NT_STATUS -> DOS error
map.

This little authentication module is #ifdef DEVELOPER, becouse it really is of
no use execept as a development tool

invoke by setting:

auth methods = guest sam name_to_ntstatus

in the smb.conf file (the SAM and guest elements are required for the member
server to authenticate itself).

Andrew Bartlett
(This used to be commit 9807e66f34c1088399657060977e384c5a7f0664)
2001-11-25 03:01:14 +00:00
Andrew Bartlett
d0a2faf78d This is another rather major change to the samba authenticaion
subystem.

The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.

This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality.  While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.

This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists.  It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.

Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.

While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.

The following parameters have changed:
 - use rhosts =

  This has been replaced by the 'rhosts' authentication method,
 and can be specified like 'auth methods = guest rhosts'

 - hosts equiv =

  This needs both this parameter and an 'auth methods' entry
  to be effective.  (auth methods = guest hostsequiv ....)

 - plaintext to smbpasswd =

  This is replaced by specifying 'sam' rather than 'local'
  in the auth methods.

The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.

The available auth methods are:

guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)


Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.

Andrew Bartlett
(This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-24 12:12:38 +00:00