samba.git/source3/auth, branch ldb-1.2.3 Unnamed repository; edit this file 'description' to name the repository. auth3: prepare the logic for "map untrusted to domain = auto" 2017-06-16T01:21:29+00:00 Stefan Metzmacher metze@samba.org 2017-03-22T11:08:20+00:00 bd69a3e2e9a57713c6641de4f92e7e23488e457b This implements the same behavior as Windows, we should pass the domain and account names given by the client directly to the auth backends, they can decide if they are able to process the authentication pass it to the next backend. BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
This implements the same behavior as Windows,
we should pass the domain and account names given
by the client directly to the auth backends,
they can decide if they are able to process the
authentication pass it to the next backend.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
auth3: call is_trusted_domain() as the last condition make_user_info_map() 2017-06-16T01:21:29+00:00 Stefan Metzmacher metze@samba.org 2017-03-16T14:09:26+00:00 a4839defc2000d4d18e1f5d479e4e2048c4fab0a We should avoid contacting winbind if we already know the domain is our local sam or our primary domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
We should avoid contacting winbind if we already know the domain is our
local sam or our primary domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s3-auth: remove some dead prototypes 2017-05-10T13:53:20+00:00 Günther Deschner gd@samba.org 2017-05-05T13:21:03+00:00 693716d7e6cd7144d7087731a20d424c2dc785ca Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
lib: modules: Change XXX_init interface from XXX_init(void) to XXX_init(TALLOC_CTX *) 2017-04-21T23:17:00+00:00 Jeremy Allison jra@samba.org 2017-04-20T19:24:43+00:00 306783d6f5d577a0b8bd31d659d8c802f22f0333 Not currently used - no logic changes inside. This will make it possible to pass down a long-lived talloc context from the loading function for modules to use instead of having them internally all use talloc_autofree_context() which is a hidden global. Updated all known module interface numbers, and added a WHATSNEW. Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144 
Not currently used - no logic changes inside.

This will make it possible to pass down a long-lived talloc
context from the loading function for modules to use instead
of having them internally all use talloc_autofree_context()
which is a hidden global.

Updated all known module interface numbers, and added a
WHATSNEW.

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Böhme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
auth3: fallback to "sam_ignoredomain" in make_auth3_context_for_ntlm() 2017-04-10T03:04:03+00:00 Volker Lendecke vl@samba.org 2017-02-19T14:37:51+00:00 56df7cf3d95dd3de9b6e3d581cbc8d3663817b7f This is in the spirit of the "map untrusted to domain" parameter: We fall back to the local SAM when we get a non-authoritative NO_SUCH_USER from our domain controller. With this change we can implement "map untrusted to domain = auto". We should not strictly need 'sam' before 'winbind', but it makes it clearer to read and has the same effect. BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976 BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Apr 10 05:04:03 CEST 2017 on sn-devel-144 
This is in the spirit of the "map untrusted to domain" parameter: We
fall back to the local SAM when we get a non-authoritative NO_SUCH_USER
from our domain controller. With this change we can implement
"map untrusted to domain = auto".

We should not strictly need 'sam' before 'winbind', but it makes
it clearer to read and has the same effect.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Apr 10 05:04:03 CEST 2017 on sn-devel-144
auth3: merge make_auth_context_subsystem() into make_auth3_context_for_ntlm() 2017-04-09T23:11:20+00:00 Stefan Metzmacher metze@samba.org 2017-03-17T15:53:27+00:00 45227b301fba492edfb57fb52e66564c1ee2de6b make_auth3_context_for_ntlm() was the only caller of make_auth_context_subsystem(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12710 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
make_auth3_context_for_ntlm() was the only caller of
make_auth_context_subsystem().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12710

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
auth3: only use "sam_netlogon3 winbind:trustdomain" in make_auth3_context_for_netlogon 2017-04-09T23:11:20+00:00 Stefan Metzmacher metze@samba.org 2017-03-17T15:51:45+00:00 f23af921dfb8876ded0094adb6f7832fb41e6147 If some needs the old behavior for a while, the deprecated "auth methods = guest sam winbind:trustdomain" option can be used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12710 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
If some needs the old behavior for a while, the deprecated
"auth methods = guest sam winbind:trustdomain" option can be used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12710

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
auth3: add "sam_netlogon3" which only reacts on lp_workgroup() as NT4 PDC/BDC 2017-04-09T23:11:20+00:00 Stefan Metzmacher metze@samba.org 2017-03-16T14:45:32+00:00 9ad3b43d03ce94cb03321612db8ccd86cddba9e1 This will be used in the s3 netlogon server in future. BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12710 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
This will be used in the s3 netlogon server in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12710

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
auth: Add hooks for notification of authentication events over the message bus 2017-03-29T00:37:28+00:00 Andrew Bartlett abartlet@samba.org 2017-03-24T02:18:46+00:00 d0041960363c981224552d4ce7ac3092679ee2c6 This will allow tests to be written to confirm the correct events are triggered. We pass in a messaging context from the callers Signed-off-by: Andrew Bartlett <abartlet@samba.org> 
This will allow tests to be written to confirm the correct events are triggered.

We pass in a messaging context from the callers

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
auth: Log the transport connection for the authorization 2017-03-29T00:37:27+00:00 Andrew Bartlett abartlet@samba.org 2017-03-06T01:10:17+00:00 366f8cf0903e3583fda42696df62a5337f22131f We also log if a simple bind was over TLS, as this particular case matters to a lot of folks Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> 
We also log if a simple bind was over TLS, as this particular case matters to a lot of folks

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>