[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Sun Mar 4 17:11:03 MST 2012
The branch, master has been updated
via c23b2bd selftest: remove unused config.h check
via 2c7d77c s3-smbd: vuser and session_info cannot be NULL here
via 8b99c83 s3-rpc_server: consolidate rpc server init routines
via 50de3cf s3-auth Add make_session_info_from_pw to avoid multiple getpwnam() calls
via d7bb961 s3-auth: Remove security=share (depricated since 3.6).
from acfa107 s3:smbd/globals.h: remove unused pollfd pointer
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c23b2bdea1549af661dc483c1fb4a7ce0d8f2982
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Mar 2 13:37:49 2012 +1100
selftest: remove unused config.h check
Autobuild-User: Andrew Bartlett <abartlet at samba.org>
Autobuild-Date: Mon Mar 5 01:10:01 CET 2012 on sn-devel-104
commit 2c7d77c77f3709fc340a30cb48a6c289fe8d42dd
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Mar 5 07:47:50 2012 +1100
s3-smbd: vuser and session_info cannot be NULL here
The callers always supply it. (this is a hold-over from the
security=share removal).
Andrew Bartlett
commit 8b99c83d2fc25424a5cd021c9a65d0e235cea621
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Mar 2 16:11:55 2012 +1100
s3-rpc_server: consolidate rpc server init routines
This uses a helper function to reduce duplication.
Andrew Bartlett
commit 50de3cf9c0b95483263583d6f4762a77531a3004
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Feb 3 18:19:36 2012 +1100
s3-auth Add make_session_info_from_pw to avoid multiple getpwnam() calls
commit d7bb961859a3501aec4d28842bfffb6190d19a73
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Feb 3 18:03:10 2012 +1100
s3-auth: Remove security=share (depricated since 3.6).
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.
The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok. This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server
At the same time, this closes the door on one of the most arcane areas
of Samba authentication.
Naturally, full user-name/password authentication remain available in
security=user and above.
This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.
Andrew Bartlett
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SHARE |
| security=share |
| |
| |
| 5 March |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages-3/smb.conf.5.xml | 53 ---
docs-xml/smbdotconf/security/onlyuser.xml | 22 +-
docs-xml/smbdotconf/security/security.xml | 109 +------
docs-xml/smbdotconf/security/serverrole.xml | 3 -
docs-xml/smbdotconf/security/username.xml | 51 +---
lib/param/loadparm_server_role.c | 7 +-
lib/param/param_enums.c | 1 -
libds/common/roles.h | 21 +-
source3/Makefile.in | 2 +-
source3/auth/auth.c | 11 -
source3/auth/auth_compat.c | 169 --------
source3/auth/auth_util.c | 46 ++-
source3/auth/proto.h | 12 -
source3/auth/wscript_build | 2 +-
source3/libnet/libnet_join.c | 1 -
source3/param/loadparm.c | 17 +-
source3/rpc_server/rpc_service_setup.c | 548 +++-----------------------
source3/selftest/tests.py | 6 -
source3/smbd/globals.h | 4 -
source3/smbd/negprot.c | 1 -
source3/smbd/password.c | 397 -------------------
source3/smbd/process.c | 7 +-
source3/smbd/proto.h | 10 +-
source3/smbd/reply.c | 38 +--
source3/smbd/service.c | 178 +++------
source3/smbd/sesssetup.c | 80 ++---
source3/smbd/smb2_tcon.c | 2 +-
source3/smbd/uid.c | 23 +-
source3/utils/status.c | 4 -
source4/param/tests/loadparm.c | 10 -
30 files changed, 230 insertions(+), 1605 deletions(-)
delete mode 100644 source3/auth/auth_compat.c
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages-3/smb.conf.5.xml b/docs-xml/manpages-3/smb.conf.5.xml
index f5f252b..becea22 100644
--- a/docs-xml/manpages-3/smb.conf.5.xml
+++ b/docs-xml/manpages-3/smb.conf.5.xml
@@ -670,59 +670,6 @@ chmod 1770 /usr/local/samba/lib/usershares
</refsect1>
-<refsect1 id="VALIDATIONSECT">
- <title>NOTE ABOUT USERNAME/PASSWORD VALIDATION</title>
-
- <para>
- There are a number of ways in which a user can connect to a service. The server uses the following steps
- in determining if it will allow a connection to a specified service. If all the steps fail, the connection
- request is rejected. However, if one of the steps succeeds, the following steps are not checked.
- </para>
-
- <para>
- If the service is marked <quote>guest only = yes</quote> and the server is running with share-level
- security (<quote>security = share</quote>, steps 1 to 5 are skipped.
- </para>
-
-
- <orderedlist continuation="restarts" inheritnum="ignore" numeration="arabic">
- <listitem><para>
- If the client has passed a username/password pair and that username/password pair is validated by the UNIX
- system's password programs, the connection is made as that username. This includes the
- <literal>\\server\service</literal>%<replaceable>username</replaceable> method of passing a username.
- </para></listitem>
-
- <listitem><para>
- If the client has previously registered a username with the system and now supplies a correct password for that
- username, the connection is allowed.
- </para></listitem>
-
- <listitem><para>
- The client's NetBIOS name and any previously used usernames are checked against the supplied password. If
- they match, the connection is allowed as the corresponding user.
- </para></listitem>
-
- <listitem><para>
- If the client has previously validated a username/password pair with the server and the client has passed
- the validation token, that username is used.
- </para></listitem>
-
- <listitem><para>
- If a <literal>user = </literal> field is given in the <filename moreinfo="none">smb.conf</filename> file for the
- service and the client has supplied a password, and that password matches (according to the UNIX system's
- password checking) with one of the usernames from the <literal>user =</literal> field, the connection is made as
- the username in the <literal>user =</literal> line. If one of the usernames in the <literal>user =</literal> list
- begins with a <literal>@</literal>, that name expands to a list of names in the group of the same name.
- </para></listitem>
-
- <listitem><para>
- If the service is a guest service, a connection is made as the username given in the <literal>guest account
- =</literal> for the service, irrespective of the supplied password.
- </para></listitem>
- </orderedlist>
-
-</refsect1>
-
<refsect1>
<title>REGISTRY-BASED CONFIGURATION</title>
diff --git a/docs-xml/smbdotconf/security/onlyuser.xml b/docs-xml/smbdotconf/security/onlyuser.xml
index b1ef1b7..ed1bbd5 100644
--- a/docs-xml/smbdotconf/security/onlyuser.xml
+++ b/docs-xml/smbdotconf/security/onlyuser.xml
@@ -3,20 +3,16 @@
context="S"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This is a boolean option that controls whether
- connections with usernames not in the <parameter moreinfo="none">user</parameter>
- list will be allowed. By default this option is disabled so that a
- client can supply a username to be used by the server. Enabling
- this parameter will force the server to only use the login
- names from the <parameter moreinfo="none">user</parameter> list and is only really
- useful in <smbconfoption name="security">share</smbconfoption> level security.</para>
+ <para>To restrict a service to a particular set of users you
+ can use the <smbconfoption name="valid users"/> parameter.</para>
+
+ <para>This parameter is deprecated</para>
+
+ <para>However, it currently operates only in conjunction with
+ <smbconfoption name="username"/>. The supported way to restrict
+ a service to a particular set of users is the
+ <smbconfoption name="valid users"/> parameter.</para>
- <para>Note that this also means Samba won't try to deduce
- usernames from the service name. This can be annoying for
- the [homes] section. To get around this you could use <command moreinfo="none">user =
- %S</command> which means your <parameter moreinfo="none">user</parameter> list
- will be just the service name, which for home directories is the
- name of the user.</para>
</description>
<related>user</related>
diff --git a/docs-xml/smbdotconf/security/security.xml b/docs-xml/smbdotconf/security/security.xml
index 74ea569..2575d77 100644
--- a/docs-xml/smbdotconf/security/security.xml
+++ b/docs-xml/smbdotconf/security/security.xml
@@ -11,34 +11,18 @@
Samba and is one of the most important settings in the <filename moreinfo="none">
smb.conf</filename> file.</para>
- <para>The option sets the "security mode bit" in replies to
- protocol negotiations with <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> to turn share level security on or off. Clients decide
- based on this bit whether (and how) to transfer user and password
- information to the server.</para>
-
-
<para>The default is <command moreinfo="none">security = user</command>, as this is
- the most common setting needed when talking to Windows 98 and
- Windows NT.</para>
+ the most common setting, used for a standalone file server or a DC.</para>
<para>The alternatives are
<command moreinfo="none">security = ads</command> or <command moreinfo="none">security = domain
- </command>, which support joining Samba to a Windows domain, along with <command moreinfo="none">security = share</command> and <command moreinfo="none">security = server</command>, both of which are deprecated.</para>
-
- <para>In versions of Samba prior to 2.0.0, the default was
- <command moreinfo="none">security = share</command> mainly because that was
- the only option at one stage.</para>
+ </command>, which support joining Samba to a Windows domain, along with <command moreinfo="none">security = server</command>, which is deprecated.</para>
<para>You should use <command moreinfo="none">security = user</command> and
<smbconfoption name="map to guest"/> if you
want to mainly setup shares without a password (guest shares). This
is commonly used for a shared printer server. </para>
- <para>It is possible to use <command moreinfo="none">smbd</command> in a <emphasis>
- hybrid mode</emphasis> where it is offers both user and share
- level security under different <smbconfoption name="NetBIOS aliases"/>. </para>
-
<para>The different settings will now be explained.</para>
@@ -65,8 +49,6 @@
the server to automatically map unknown users into the <smbconfoption name="guest account"/>.
See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
- <para>See also the section <link linkend="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
-
<para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN</emphasis></para>
<para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle>
@@ -94,93 +76,9 @@
the server to automatically map unknown users into the <smbconfoption name="guest account"/>.
See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
- <para>See also the section <link linkend="VALIDATIONSECT">
- NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
-
<para>See also the <smbconfoption name="password server"/> parameter and
the <smbconfoption name="encrypted passwords"/> parameter.</para>
- <para><anchor id="SECURITYEQUALSSHARE"/><emphasis>SECURITY = SHARE</emphasis></para>
-
- <note><para>This option is deprecated as it is incompatible with SMB2</para></note>
-
- <para>When clients connect to a share level security server, they
- need not log onto the server with a valid username and password before
- attempting to connect to a shared resource (although modern clients
- such as Windows 95/98 and Windows NT will send a logon request with
- a username but no password when talking to a <command moreinfo="none">security = share
- </command> server). Instead, the clients send authentication information
- (passwords) on a per-share basis, at the time they attempt to connect
- to that share.</para>
-
- <para>Note that <command moreinfo="none">smbd</command> <emphasis>ALWAYS</emphasis>
- uses a valid UNIX user to act on behalf of the client, even in
- <command moreinfo="none">security = share</command> level security.</para>
-
- <para>As clients are not required to send a username to the server
- in share level security, <command moreinfo="none">smbd</command> uses several
- techniques to determine the correct UNIX user to use on behalf
- of the client.</para>
-
- <para>A list of possible UNIX usernames to match with the given
- client password is constructed using the following methods :</para>
-
- <itemizedlist>
- <listitem>
- <para>If the <smbconfoption name="guest only"/> parameter is set, then all the other
- stages are missed and only the <smbconfoption name="guest account"/> username is checked.
- </para>
- </listitem>
-
- <listitem>
- <para>Is a username is sent with the share connection
- request, then this username (after mapping - see <smbconfoption name="username map"/>),
- is added as a potential username.
- </para>
- </listitem>
-
- <listitem>
- <para>If the client did a previous <emphasis>logon
- </emphasis> request (the SessionSetup SMB call) then the
- username sent in this SMB will be added as a potential username.
- </para>
- </listitem>
-
- <listitem>
- <para>The name of the service the client requested is
- added as a potential username.
- </para>
- </listitem>
-
- <listitem>
- <para>The NetBIOS name of the client is added to
- the list as a potential username.
- </para>
- </listitem>
-
- <listitem>
- <para>Any users on the <smbconfoption name="user"/> list are added as potential usernames.
- </para>
- </listitem>
- </itemizedlist>
-
- <para>If the <parameter moreinfo="none">guest only</parameter> parameter is
- not set, then this list is then tried with the supplied password.
- The first user for whom the password matches will be used as the
- UNIX user.</para>
-
- <para>If the <parameter moreinfo="none">guest only</parameter> parameter is
- set, or no username can be determined then if the share is marked
- as available to the <parameter moreinfo="none">guest account</parameter>, then this
- guest user will be used, otherwise access is denied.</para>
-
- <para>Note that it can be <emphasis>very</emphasis> confusing
- in share-level security as to which UNIX username will eventually
- be used in granting access.</para>
-
- <para>See also the section <link linkend="VALIDATIONSECT">
- NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
-
<para><anchor id="SECURITYEQUALSSERVER"/><emphasis>SECURITY = SERVER</emphasis></para>
<para>
@@ -221,9 +119,6 @@
the server to automatically map unknown users into the <smbconfoption name="guest account"/>.
See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
- <para>See also the section <link linkend="VALIDATIONSECT">
- NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
-
<para>See also the <smbconfoption name="password server"/> parameter and the
<smbconfoption name="encrypted passwords"/> parameter.</para>
diff --git a/docs-xml/smbdotconf/security/serverrole.xml b/docs-xml/smbdotconf/security/serverrole.xml
index 5832887..e4e65c2 100644
--- a/docs-xml/smbdotconf/security/serverrole.xml
+++ b/docs-xml/smbdotconf/security/serverrole.xml
@@ -51,9 +51,6 @@
exist as well as the account on the Domain Controller to allow
Samba to have a valid UNIX account to map file access to. Winbind can provide this.</para>
- <para>See also the section <link linkend="VALIDATIONSECT">
- NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
-
<para><anchor id="DC"/><emphasis>SERVER ROLE = DOMAIN CONTROLLER</emphasis></para>
<para>This mode of operation runs Samba as a domain controller, providing domain logon services to Windows and Samba clients of the domain. Clients must be joined to the domain to create a secure, trusted path across the network.</para>
diff --git a/docs-xml/smbdotconf/security/username.xml b/docs-xml/smbdotconf/security/username.xml
index 19d8a2e..a85076c 100644
--- a/docs-xml/smbdotconf/security/username.xml
+++ b/docs-xml/smbdotconf/security/username.xml
@@ -5,57 +5,16 @@
<synonym>user</synonym>
<synonym>users</synonym>
<description>
- <para>Multiple users may be specified in a comma-delimited
- list, in which case the supplied password will be tested against
- each username in turn (left to right).</para>
-
- <para>The deprecated <parameter moreinfo="none">username</parameter> line is needed only when
- the PC is unable to supply its own username. This is the case
- for the COREPLUS protocol or where your users have different WfWg
- usernames to UNIX usernames. In both these cases you may also be
- better using the \\server\share%user syntax instead.</para>
-
- <para>The <parameter moreinfo="none">username</parameter> line is not a great
- solution in many cases as it means Samba will try to validate
- the supplied password against each of the usernames in the
- <parameter moreinfo="none">username</parameter> line in turn. This is slow and
- a bad idea for lots of users in case of duplicate passwords.
- You may get timeouts or security breaches using this parameter
- unwisely.</para>
-
- <para>Samba relies on the underlying UNIX security. This
- parameter does not restrict who can login, it just offers hints
- to the Samba server as to what usernames might correspond to the
- supplied password. Users can login as whoever they please and
- they will be able to do no more damage than if they started a
- telnet session. The daemon runs as the user that they log in as,
- so they cannot do anything that user cannot do.</para>
-
<para>To restrict a service to a particular set of users you
can use the <smbconfoption name="valid users"/> parameter.</para>
- <para>If any of the usernames begin with a '@' then the name
- will be looked up first in the NIS netgroups list (if Samba
- is compiled with netgroup support), followed by a lookup in
- the UNIX groups database and will expand to a list of all users
- in the group of that name.</para>
-
- <para>If any of the usernames begin with a '+' then the name
- will be looked up only in the UNIX groups database and will
- expand to a list of all users in the group of that name.</para>
-
- <para>If any of the usernames begin with a '&' then the name
- will be looked up only in the NIS netgroups database (if Samba
- is compiled with netgroup support) and will expand to a list
- of all users in the netgroup group of that name.</para>
+ <para>This parameter is deprecated</para>
- <para>Note that searching though a groups database can take
- quite some time, and some clients may time out during the
- search.</para>
+ <para>However, it currently operates only in conjunction with
+ <smbconfoption name="only user"/>. The supported way to restrict
+ a service to a particular set of users is the
+ <smbconfoption name="valid users"/> parameter.</para>
- <para>See the section <link linkend="VALIDATIONSECT">NOTE ABOUT
- USERNAME/PASSWORD VALIDATION</link> for more information on how
- this parameter determines access to the services.</para>
</description>
<value type="default"><comment>The guest account if a guest service,
diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c
index 3655159..4ba54b9 100644
--- a/lib/param/loadparm_server_role.c
+++ b/lib/param/loadparm_server_role.c
@@ -73,11 +73,6 @@ int lp_find_server_role(int server_role, int security, int domain_logons, int do
role = ROLE_STANDALONE;
switch (security) {
- case SEC_SHARE:
- if (domain_logons) {
- DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n"));
- }
- break;
case SEC_SERVER:
if (domain_logons) {
DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n"));
@@ -162,7 +157,7 @@ bool lp_is_security_and_server_role_valid(int server_role, int security)
valid = true;
break;
case ROLE_STANDALONE:
- if (security == SEC_SHARE || security == SEC_SERVER || security == SEC_USER) {
+ if (security == SEC_SERVER || security == SEC_USER) {
valid = true;
}
break;
diff --git a/lib/param/param_enums.c b/lib/param/param_enums.c
index 6065208..42839b4 100644
--- a/lib/param/param_enums.c
+++ b/lib/param/param_enums.c
@@ -44,7 +44,6 @@ static const struct enum_list enum_protocol[] = {
static const struct enum_list enum_security[] = {
{SEC_AUTO, "AUTO"},
- {SEC_SHARE, "SHARE"},
{SEC_USER, "USER"},
{SEC_SERVER, "SERVER"},
{SEC_DOMAIN, "DOMAIN"},
diff --git a/libds/common/roles.h b/libds/common/roles.h
index 19ea1c4..90281ba 100644
--- a/libds/common/roles.h
+++ b/libds/common/roles.h
@@ -42,9 +42,26 @@ enum server_role {
*/
#define ROLE_DOMAIN_CONTROLLER ROLE_DOMAIN_BDC
-/* security levels for 'security =' option */
+/* security levels for 'security =' option
+
+ --------------
+ / \
+ / REST \
+ / IN \
+ / PEACE \
+ / \
+ | SEC_SHARE |
+ | security=share |
+ | |
+ | |
+ | 5 March |
+ | |
+ | 2012 |
+ *| * * * | *
+ _________)/\\_//(\/(/\)/\//\/\///|_)_______
+
+ */
enum security_types {SEC_AUTO = 0,
- SEC_SHARE = 1,
SEC_USER = 2,
SEC_SERVER = 3,
SEC_DOMAIN = 4,
diff --git a/source3/Makefile.in b/source3/Makefile.in
index d64c502..2b0002b 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -912,7 +912,7 @@ AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/token_util.o \
auth/user_info.o \
auth/user_util.o \
auth/user_krb5.o \
- auth/auth_compat.o auth/auth_ntlmssp.o auth/auth_generic.o \
+ auth/auth_ntlmssp.o auth/auth_generic.o \
$(PLAINTEXT_AUTH_OBJ) $(SLCACHE_OBJ) $(DCUTIL_OBJ)
MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_hash2.o
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 1c813a4..0c91065 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -523,17 +523,6 @@ NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx,
talloc_tos(), "guest unix", NULL);
}
break;
- case SEC_SHARE:
- if (lp_encrypted_passwords()) {
- DEBUG(5,("Making default auth method list for security=share, encrypt passwords = yes\n"));
- auth_method_list = str_list_make_v3(
- talloc_tos(), "guest sam", NULL);
- } else {
- DEBUG(5,("Making default auth method list for security=share, encrypt passwords = no\n"));
- auth_method_list = str_list_make_v3(
- talloc_tos(), "guest unix", NULL);
- }
- break;
case SEC_ADS:
DEBUG(5,("Making default auth method list for security=ADS\n"));
auth_method_list = str_list_make_v3(
diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c
deleted file mode 100644
index e7225a2..0000000
--- a/source3/auth/auth_compat.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Password and authentication handling
- Copyright (C) Andrew Bartlett 2001-2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "auth.h"
-#include "../lib/tsocket/tsocket.h"
-
-extern struct auth_context *negprot_global_auth_context;
-extern bool global_encrypted_passwords_negotiated;
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_AUTH
-
-/****************************************************************************
- COMPATIBILITY INTERFACES:
- ***************************************************************************/
-
-/****************************************************************************
-check if a username/password is OK assuming the password is in plaintext
-return True if the password is correct, False otherwise
-****************************************************************************/
-
-NTSTATUS check_plaintext_password(const char *smb_name,
- const struct tsocket_address *remote_address,
- DATA_BLOB plaintext_blob,
- struct auth_serversupplied_info **server_info)
-{
- struct auth_context *plaintext_auth_context = NULL;
- struct auth_usersupplied_info *user_info = NULL;
- uint8_t chal[8];
- NTSTATUS nt_status;
-
- nt_status = make_auth_context_subsystem(talloc_tos(),
- &plaintext_auth_context);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-
- plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context,
- chal);
--
Samba Shared Repository
More information about the samba-cvs
mailing list