samba.git/source3/auth/auth_generic.c, branch talloc-2.1.13 Unnamed repository; edit this file 'description' to name the repository. auth/common: add support for auth4_ctx->check_ntlm_password_send/recv() 2017-08-07T13:20:03+00:00 Stefan Metzmacher metze@samba.org 2017-06-16T15:18:17+00:00 e8264d9678dff1cf56f7ac97d8a1a59b9532b6b8 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
auth: Add hooks for notification of authentication events over the message bus 2017-03-29T00:37:28+00:00 Andrew Bartlett abartlet@samba.org 2017-03-24T02:18:46+00:00 d0041960363c981224552d4ce7ac3092679ee2c6 This will allow tests to be written to confirm the correct events are triggered. We pass in a messaging context from the callers Signed-off-by: Andrew Bartlett <abartlet@samba.org> 
This will allow tests to be written to confirm the correct events are triggered.

We pass in a messaging context from the callers

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
auth: Log the transport connection for the authorization 2017-03-29T00:37:27+00:00 Andrew Bartlett abartlet@samba.org 2017-03-06T01:10:17+00:00 366f8cf0903e3583fda42696df62a5337f22131f We also log if a simple bind was over TLS, as this particular case matters to a lot of folks Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> 
We also log if a simple bind was over TLS, as this particular case matters to a lot of folks

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
s3-auth: Log SMB authorization for bare NTLM (NTLMSSP/krb5 already done) 2017-03-29T00:37:27+00:00 Andrew Bartlett abartlet@samba.org 2017-03-01T03:27:51+00:00 d017e2eb2a69b0f759e9ab912a0a5e8aaef5701d gensec_session_info() is not called for bare NTLM, so we have to log manually Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> 
gensec_session_info() is not called for bare NTLM, so we have to log manually

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
auth: Always supply both the remote and local address to the auth subsystem 2017-03-29T00:37:26+00:00 Andrew Bartlett abartlet@samba.org 2017-02-23T01:31:52+00:00 85536c1ff3513840728ba281de2b6f003e49f227 This ensures that gensec, and then the NTLM auth subsystem under it, always gets the remote and local address pointers for potential logging. The local address allows us to know which interface an authentication is on Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> 
This ensures that gensec, and then the NTLM auth subsystem under it, always gets the
remote and local address pointers for potential logging.

The local address allows us to know which interface an authentication is on

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
s3-auth: Pass service_description into gensec via auth_generic_prepare() 2017-03-29T00:37:25+00:00 Andrew Bartlett abartlet@samba.org 2017-02-20T01:17:34+00:00 d82ac32eb744a0e3883b1d09832131ff9bc9bcad This allows the GENSEC service description to be set from the various callers that go via this function. The RPC service description is the name of the interface from the IDL. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> 
This allows the GENSEC service description to be set from the various callers
that go via this function.

The RPC service description is the name of the interface from the IDL.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
auth: Add SID_NT_NTLM_AUTHENTICATION / S-1-5-64-10 to the token during NTLM auth 2017-03-27T18:08:18+00:00 Andrew Bartlett abartlet@samba.org 2017-03-05T23:11:18+00:00 a2f6327f9f6ee760ef28a024fb26a49ca2aa43e6 So far this is only on the AD DC Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> 
So far this is only on the AD DC

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
auth: let auth4_context->check_ntlm_password() return pauthoritative 2017-03-24T10:57:10+00:00 Stefan Metzmacher metze@samba.org 2017-03-17T10:52:51+00:00 541d6873479b2e7843c6ebc31e8fa238403f0416 BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
auth3: make use of make_auth3_context_for_ntlm() 2017-03-24T10:57:09+00:00 Stefan Metzmacher metze@samba.org 2017-03-17T08:17:45+00:00 8fba95f362cfd7862b76de7b2bee0cba010311d0 BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s3: auth: Use wbcAuthenticateUserEx to prime the caches. 2016-09-28T20:45:27+00:00 Jeremy Allison jra@samba.org 2016-09-27T00:07:44+00:00 ccfba2537d0ea081fbeeee0feecf8e2774850300 Idea by Volker - use WBC_AUTH_USER_LEVEL_PAC to pass the PAC to winbind from smbd on auth, this allows winbind to prime the user info via netsamlogon_cache_store() and the name2sid cache *before* smbd looks up the user. Note that as this is merely a cache prime having winbind not available is not an error. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Sep 28 22:45:27 CEST 2016 on sn-devel-144 
Idea by Volker - use WBC_AUTH_USER_LEVEL_PAC to pass
the PAC to winbind from smbd on auth, this allows
winbind to prime the user info via netsamlogon_cache_store()
and the name2sid cache *before* smbd looks up the user.

Note that as this is merely a cache prime having
winbind not available is not an error.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 28 22:45:27 CEST 2016 on sn-devel-144