1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

29 Commits

Author SHA1 Message Date
Andreas Schneider
7786919428 BUG #9295: Build standard auth modules as internal modules.
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-10-18 11:33:17 +02:00
Andrew Bartlett
4edd8b891a s3-auth: Remove auth_netlogond
auth_netlogond was an important module in the development of the
combined Samba 4.0, and was the first module to link smbd with the AD
authentication store, showing that it was possible for NTLM
authentication to be offloaded to the AD server components.

We now have auth_samba4, which provides the full GENSEC stack to smbd,
which also matches exactly the group membership and privileges
assignment and which is supported and tested as part of the official
Samba 4.0 release configuration.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jun 16 10:13:20 CEST 2012 on sn-devel-104
2012-06-16 10:13:20 +02:00
Alexander Bokovoy
2ddf89a2bc Introduce system MIT krb5 build with --with-system-mitkrb5 option.
System MIT krb5 build also enabled by specifying --without-ad-dc

When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level
configure in WAF build we are trying to detect and use system-wide MIT krb5
libraries. As result, Samba 4 DC functionality will be disabled due to the fact
that it is currently impossible to implement embedded KDC server with MIT krb5.

Thus, --with-system-mitkrb5/--without-ad-dc build will only produce
  * Samba 4 client libraries and their Python bindings
  * Samba 3 server (smbd, nmbd, winbindd from source3/)
  * Samba 3 client libraries

In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture.
This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
2012-05-23 17:51:50 +03:00
Stefan Metzmacher
413e1be773 s3:auth: remove unused auth_server.c
metze
2012-05-15 08:18:29 +02:00
Andrew Bartlett
d7bb961859 s3-auth: Remove security=share (depricated since 3.6).
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.

The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok.  This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server

At the same time, this closes the door on one of the most arcane areas
of Samba authentication.

Naturally, full user-name/password authentication remain available in
security=user and above.

This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.

Andrew Bartlett

                       --------------
                      /              \
                     /      REST      \
                    /        IN        \
                   /       PEACE        \
                  /                      \
                  |      SEC_SHARE       |
                  |    security=share    |
                  |                      |
                  |                      |
                  |       5 March        |
                  |                      |
                  |        2012          |
                 *|     *  *  *          | *
        _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-03-04 23:33:05 +01:00
Simo Sorce
e6c39a292c s3-pdb: Break SECRETS3 dependency on PDB.
This is causing circular depdnendcies that bring libpdb in all code and this is
BAD.

This change 'protects' the sid and guid of the domain by adding a special key
that makes them effectively read only.

Limit this temporarily to the samba 4 build, once it gets some good testing the
samba4 ifdefs can be dropped.

fix pdb dependencies

Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-27 18:11:10 +01:00
Andreas Schneider
103c1cb9bf s3-waf: auth_netlogond depends on tldap.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Jan 12 17:33:10 CET 2012 on sn-devel-104
2012-01-12 17:33:10 +01:00
Andrew Bartlett
5e038432f7 s3-auth split the auth_generic functions into a seperate file
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22 19:25:11 +01:00
Günther Deschner
1c72d3b513 s3-waf: convert libcli_netlogon3 into a private library.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Nov  2 18:34:55 CET 2011 on sn-devel-104
2011-11-02 18:34:54 +01:00
Günther Deschner
54f7667f49 s3-waf: move trusts_util.c code into a private library.
Guenther
2011-11-02 16:59:32 +01:00
Andrew Bartlett
5392491f77 s3-ntlmssp Implement the server-side auth_ntlmssp code as a GENSEC module
This uses the top level gensec_ntlmssp helper functions which are identical
to the parts of ntlmssp_wrap.c that are now not called.

(Includes formatting and correctness fixes from Metze)

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18 13:13:32 +11:00
Andrew Bartlett
63cb8059db s3-auth Add hook to start a GENSEC mech to auth_samba4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03 18:48:03 +10:00
Andrew Bartlett
6b97a3b1ff s3-build allow_undefined_symbols=False is the default now 2011-07-04 19:03:52 +10:00
Andrew Bartlett
5d4b197418 s3-auth libauth no longer requires undefined symbols 2011-07-04 18:58:32 +10:00
Andrew Bartlett
a3c9dd3d48 s3-build Prepare to require fully defined modules
This specifies some more deps for our modules, and ensures that the
subsystem that it links against is in fact a library, which will avoid
issues with introducing duplicate symbols.

Andrew Bartlett
2011-07-03 09:20:02 +02:00
Andrew Bartlett
5db74b9607 lib/util Remove samba-util-common!
All of this code is now in common, so we don't need the second
'-common' library any more!

Andrew Bartlett
2011-06-21 09:36:22 +10:00
Andrew Bartlett
4e374d1679 s3-build: Move user_util.c into it's own subsystem 2011-05-31 00:32:07 +02:00
Sean Finney
0f8018676a Fix numerous missing dependencies in WAF build scripts
With the recent consolidation of code between s3 and s4, a number of new
dependencies have been implicitly introduced.  For example, previous s3
code gained an implicit dependency on talloc after the charset related
consolidation (lib/util/charset/charset.h now includes talloc.h).  When
building against the embedded version of talloc this isn't a problem
since the paths are automatically added to the search path, but when
building against the external libraries build failures will occur for
all components that don't directly or indirectly include talloc as
a dependency.

Since charset.h is included from util.h, which in turn is included from
includes.h, this means most of the codebase (s3 and s4) has such an
undeclared dependency.

Therefore, samba-util-common and samba-util have been added as
dependencies to the s3 and s4 code respectively, for all cases where
the source would otherwise fail to build.  Additionally, a few other
dependencies are added in specific wscript_build files to address
similar dependency-related problems.

https://bugzilla.samba.org/show_bug.cgi?id=8128

Signed-off-by: Sean Finney <seanius@seanius.net>
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed May 25 19:22:13 CEST 2011 on sn-devel-104
2011-05-25 19:22:13 +02:00
Andrew Bartlett
d17367bd68 build: Add depenencies needed by Samba3 subsystems 2011-05-18 16:12:08 +02:00
Andrew Bartlett
f52c6eeacc s3-auth Add auth_samba4 module
This module makes a direct call into the Samba4 auth stack to
authenticate Samba4 uses in a Samba3 file server.  The direct call
avoids the need to obtain schannel credentials.

Andrew Bartlett

Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2011-05-08 19:00:28 +02:00
Günther Deschner
67e72f5204 s3-waf: move some parts of auth to AUTH_COMMON to avoid duplicate symbols with winbindd.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb 23 02:16:23 CET 2011 on sn-devel-104
2011-02-23 02:16:23 +01:00
Andrew Tridgell
c8b2b10976 s3-waf: use SAMBA3_*() build rules in source3/build
this brings the s3 waf build much closer to the proposed s3build top
level build, using the same bld.SAMBA3_*() rules

There are a few renames of subsystems in here, with a 3 suffix where
it would create a conflict.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-18 16:46:41 +11:00
Günther Deschner
133a2ffd00 s3-waf: avoid module name uppercasing.
This finally allows mixed case module names like the classic build
(./configure --shared_modules=charset_CP850)

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Dec  1 18:39:14 CET 2010 on sn-devel-104
2010-12-01 18:39:14 +01:00
Günther Deschner
33c82cd5dd s3-waf: convert TOKEN_UTIL into a subsystem.
Guenther
2010-11-30 18:12:29 +01:00
Günther Deschner
4a2e47b74a s3-waf: move RPC_CLIENT_SCHANNEL into a subsystem.
Guenther
2010-10-20 16:21:12 +02:00
Günther Deschner
4e9508172d s3-waf: slowly getting modules to match how they look like in old build.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Oct  8 09:31:01 UTC 2010 on sn-devel-104
2010-10-08 09:31:01 +00:00
Günther Deschner
9d3046f098 s3-waf: add AUTH_SCRIPT module to AUTH subsystem (which is build as shared
module by default).

Guenther
2010-09-28 20:03:54 +02:00
Günther Deschner
2a1891a9d6 s3-waf: fix dependencies in most of our module subsystems.
Guenther
2010-09-28 09:41:54 +02:00
Günther Deschner
fa8971d90f s3-waf: move auth subsystem to auth/wscript_build.
Guenther
2010-09-27 00:39:37 +02:00