/***************************************************************************
Make a auth_info struct for the auth subsystem
+ - Allow the caller to specify the methods to use
***************************************************************************/
-NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, const char **methods,
- struct event_context *ev,
- struct messaging_context *msg,
- struct auth_context **auth_ctx)
+NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods,
+ struct event_context *ev,
+ struct messaging_context *msg,
+ struct auth_context **auth_ctx)
{
int i;
struct auth_context *ctx;
return NT_STATUS_OK;
}
+/***************************************************************************
+ Make a auth_info struct for the auth subsystem
+ - Uses default auth_methods, depending on server role and smb.conf settings
+***************************************************************************/
+NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct messaging_context *msg,
+ struct auth_context **auth_ctx)
+{
+ const char **auth_methods = NULL;
+ switch (lp_server_role()) {
+ case ROLE_STANDALONE:
+ auth_methods = lp_parm_string_list(-1, "auth methods", "standalone", NULL);
+ break;
+ case ROLE_DOMAIN_MEMBER:
+ auth_methods = lp_parm_string_list(-1, "auth methods", "member server", NULL);
+ break;
+ case ROLE_DOMAIN_CONTROLLER:
+ auth_methods = lp_parm_string_list(-1, "auth methods", "domain controller", NULL);
+ break;
+ }
+ return auth_context_create_methods(mem_ctx, auth_methods, ev, msg, auth_ctx);
+}
+
/* the list of currently registered AUTH backends */
static struct auth_backend {
return NT_STATUS_NO_MEMORY;
}
- nt_status = auth_context_create(tmp_ctx, lp_auth_methods(),
+ nt_status = auth_context_create(tmp_ctx,
ev, msg,
&auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
- nt_status = auth_context_create(gensec_ntlmssp_state, lp_auth_methods(),
+ nt_status = auth_context_create(gensec_ntlmssp_state,
gensec_security->event_ctx,
gensec_security->msg_ctx,
&gensec_ntlmssp_state->auth_context);
{"Security Options", P_SEP, P_SEPARATOR},
{"security", P_ENUM, P_GLOBAL, &Globals.security, NULL, enum_security, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
- {"auth methods", P_LIST, P_GLOBAL, &Globals.AuthMethods, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"encrypt passwords", P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD | FLAG_DEVELOPER},
{"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"obey pam restrictions", P_BOOL, P_GLOBAL, &Globals.bObeyPamRestrictions, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
do_parameter("dcerpc endpoint servers", "epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup unixinfo", NULL);
do_parameter("server services", "smb rpc nbt wrepl ldap cldap web kdc drepl winbind", NULL);
do_parameter("ntptr providor", "simple_ldb", NULL);
- do_parameter("auth methods", "anonymous sam_ignoredomain", NULL);
+ do_parameter("auth methods:domain controller", "anonymous sam_ignoredomain", NULL);
+ do_parameter("auth methods:member server", "anonymous sam winbind", NULL);
+ do_parameter("auth methods:standalone", "anonymous sam_ignoredomain", NULL);
do_parameter("private dir", dyn_PRIVATE_DIR, NULL);
do_parameter("sam database", "sam.ldb", NULL);
do_parameter("secrets database", "secrets.ldb", NULL);
}
/* TODO: we need to deny anonymous access here */
- nt_status = auth_context_create(mem_ctx, lp_auth_methods(),
+ nt_status = auth_context_create(mem_ctx,
dce_call->event_ctx, dce_call->msg_ctx,
&auth_context);
NT_STATUS_NOT_OK_RETURN(nt_status);
case 6:
/* TODO: we need to deny anonymous access here */
- nt_status = auth_context_create(mem_ctx, lp_auth_methods(),
+ nt_status = auth_context_create(mem_ctx,
dce_call->event_ctx, dce_call->msg_ctx,
&auth_context);
NT_STATUS_NOT_OK_RETURN(nt_status);
msg = messaging_client_init(tmp_ctx, ev);
}
- nt_status = auth_context_create(tmp_ctx, auth_types, ev, msg, &auth_context);
+ nt_status = auth_context_create_methods(tmp_ctx, auth_types, ev, msg, &auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
mprSetPropertyValue(auth, "result", mprCreateBoolVar(False));
mprSetPropertyValue(auth, "report", mprString("Auth System Failure"));
mkdir($_, 0777) foreach ($privatedir, $etcdir, $piddir, $ncalrpcdir, $lockdir,
$tmpdir);
- my $auth_methods = "anonymous sam_ignoredomain";
- $auth_methods = "anonymous sam winbind" if $server_role eq "member server";
my $localdomain = $domain;
$localdomain = $netbiosname if $server_role eq "member server";
panic action = $srcdir/script/gdb_backtrace \%PID% \%PROG%
wins support = yes
server role = $server_role
- auth methods = $auth_methods
max xmit = 32K
server max protocol = SMB2
notify:inotify = false
DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
- nt_status = auth_context_create(smb_conn, lp_auth_methods(),
+ nt_status = auth_context_create(smb_conn,
smb_conn->connection->event.ctx,
smb_conn->connection->msg_ctx,
&smb_conn->negotiate.auth_context);
}
/* TODO: should we use just "anonymous" here? */
- status = auth_context_create(req, lp_auth_methods(),
+ status = auth_context_create(req,
req->smb_conn->connection->event.ctx,
req->smb_conn->connection->msg_ctx,
&auth_context);
git.samba.org / ira / wip.git / commitdiff