1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

25 Commits

Author SHA1 Message Date
Tim Potter
3400a3a3ed Got rid of that stupid parse_domain_user() warning when compiling
winbindd.
(This used to be commit 72060a6f5a)
2001-11-23 04:37:41 +00:00
Tim Potter
5788899a48 Fixed check machine account function.
(This used to be commit 8f01a8b078)
2001-11-23 00:14:04 +00:00
Tim Potter
93fb9f76e2 Use cli_nt_login_network() instead of domain_client_validate() to perform
pam authentication.  This allows us to link in less other crap.

Authenticating with a challenge/response doesn't seem to work though - we
always get back NT_STATUS_WRONG_PASSWORD.
(This used to be commit d85aa1ce83)
2001-11-05 00:21:17 +00:00
Tim Potter
f7cf10b6d8 Removed unneeded extern.
(This used to be commit c80641b6f3)
2001-10-31 12:45:50 +00:00
Andrew Bartlett
60f0627afb This is a farily large patch (3300 lines) and reworks most of the AuthRewrite
code.

In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.

Major Changes:
	- Fully malloc'ed structures.
	  - Massive rework of the code so that all structures are made and destroyed
	    using malloc and free, rather than hanging around on the stack.
	- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
	   to be declared 'invalid' without the chance that people might get ROOT by
	   default.

	- kill off some of the "DOMAIN\user" lookups.  These can be readded at a more
	  appropriate place (probably domain_client_validate.c) in the future. They
	  don't belong in session setups.

	- Massive introduction of DATA_BLOB structures, particularly for passwords.

	- Use NTLMSSP flags to tell the backend what its getting, rather than magic
	  lenghths.

	- Fix winbind back up again, but tpot is redoing this soon anyway.

	- Abstract much of the work in srv_netlog_nt back into auth helper functions.

This is a LARGE change, and any assistance is testing it is appriciated.

Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.

Needs testing with a wide variety of MS clients.

Andrew Bartlett
(This used to be commit f70fb819b2)
2001-10-31 10:46:25 +00:00
Tim Potter
6f0b8a38ec Added some extra fields to the auth_serversupplied_info structure.
To obtain the full group membership of a user (i.e nested groups on a
win2k native mode server) it is necessary to merge this list of groups
with the groups returned by winbindd when creating an nt access token.

This breaks winbindd linking while AB and I sync up our changes to the
authentication subsystem.
(This used to be commit 4eeb7bcd78)
2001-10-31 06:20:58 +00:00
Tim Potter
482a9ef278 This is the start of a bit of a rewrite of winbindd's connection handling.
I've wrapped up all the decisions about managing, making and closing
connections into a connection manager in nsswitch/winbindd_cm.c.

It's rather incomplete at the moment - only querying basic user info works
at the moment (i.e finger -m DOMAIN/user) and everything else is broken.

Jeremy, please take a look and I'll start moving across the rest of
winbindd to this new system.
(This used to be commit c369cf5af7)
2001-10-05 00:20:06 +00:00
Tim Potter
b800a36b1c Some patches to authentication:
- the usersupplied_info now contains a smb_username (as it comes across on
   the wire) and a unix_username (after being passed through mapping
   functions)

 - when doing security={server,domain} use the smb_username, otherwise use
   the unix_username
(This used to be commit d34fd8ec07)
2001-09-12 06:39:50 +00:00
Andrew Tridgell
7844aa868b more warning fixes on solaris
(This used to be commit c04c67fec8)
2001-09-05 08:11:17 +00:00
Andrew Tridgell
19fea3242c the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work
(This used to be commit dcd6e735f7)
2001-09-04 07:13:01 +00:00
Andrew Tridgell
b031af348c converted another bunch of stuff to NTSTATUS
(This used to be commit 1d36250e33)
2001-08-27 19:46:22 +00:00
Tim Potter
31b6b7aecd Make domain_client_validate return a status code instead of a boolean.
(This used to be commit b4e79ab34b)
2001-08-24 19:09:37 +00:00
Tim Potter
9168c29a03 Added copyright for me and AB.
(This used to be commit 19cd6a1dc4)
2001-08-23 02:55:42 +00:00
Tim Potter
b0f167cdf2 Added another authentication interface to winbindd. The Challenge Response
Authentication Protocol (CRAP) takes a tuple of (username, random
challenge, encrypted lm password, encrypted nt password) where the
passwords are encrypted with the random challenge ala ntlmssp.
(This used to be commit 11f72a78e3)
2001-08-22 02:48:16 +00:00
Andrew Bartlett
6ad80352dd This patch does a number of things, mostly smaller than they look :-)
In particuar, it moves the domain_client_validate stuff out of
auth_domain.c to somwhere where they (I hope) they can be shared
with winbind better.  (This may need some work)

The main purpose of this patch was however to improve some of the
internal documentation and to correctly place become_root()/unbecome_root()
calls within the code.

Finally this patch moves some more of auth.c into other files, auth_unix.c
in this case.

Andrew Bartlett
(This used to be commit ea1c547ac8)
2001-08-12 11:19:57 +00:00
Andrew Bartlett
986372901e This is my 'Authentication Rewrite' version 1.01, mostly as submitted to
samba-technical a few weeks ago.

The idea here is to standardize the checking of user names and passwords,
thereby ensuring that all authtentications pass the same standards.  The
interface currently implemented in as

nt_status = check_password(user_info, server_info)

where user_info contains (mostly) the authentication data, and server_info
contains things like the user-id they got, and their resolved user name.

The current ugliness with the way the structures are created will be killed
the next revision, when they will be created and malloced by creator functions.

This patch also includes the first implementation of NTLMv2 in HEAD, but which
needs some more testing.  We also add a hack to allow plaintext passwords to be
compared with smbpasswd, not the system password database.

Finally, this patch probably reintroduces the PAM accounts bug we had in
2.2.0, I'll fix that once this hits the tree.  (I've just finished testing
it on a wide variety of platforms, so I want to get this patch in).
(This used to be commit b30b6202f3)
2001-08-03 13:09:23 +00:00
Andrew Tridgell
e8c2eeb0d8 the nss and pam modules in winbind don't have strchr_m() yet, so use
strchr() for the moment
(This used to be commit c2c1f2027e)
2001-07-18 21:50:20 +00:00
Andrew Tridgell
527e824293 strchr and strrchr are macros when compiling with optimisation in gcc, so we can't redefine them. damn.
(This used to be commit c41fc06376)
2001-07-04 07:36:09 +00:00
Tim Potter
24dd11dd69 Added comment about possible optimisation to winbindd_pam_auth()
(This used to be commit bb01d2151c)
2001-06-07 04:35:01 +00:00
Tim Potter
2d27d8c720 Fixes to get pam_auth() functionality working again.
(This used to be commit 083b74c743)
2001-05-17 06:08:49 +00:00
Tim Potter
a36f9250e7 Preliminary merge of winbind into HEAD. Note that this compiles and links
but I haven't actually run it yet so it probably doesn't work.  (-:
(This used to be commit 59f95416b6)
2001-05-07 04:32:40 +00:00
Jeremy Allison
f9a15ce1a6 Got "medieval on our ass" about adding the -1 to slprintf.
Jeremy.
(This used to be commit 94747b4639)
2001-04-08 20:22:39 +00:00
Andrew Tridgell
988810879e moved secrets handling into secrets.c
(This used to be commit e49550b975)
2000-06-03 06:16:11 +00:00
Andrew Tridgell
7738941ccf use "winbind separator" in tng as well
(This used to be commit 0189af5442)
2000-05-12 06:27:34 +00:00
Andrew Tridgell
32cb0660d2 brought the winbindd code into head
this does not yet compile, but I'm working on that.
(This used to be commit 3fb862531a)
2000-05-09 11:43:00 +00:00