summaryrefslogtreecommitdiffstats
path: root/auth
Commit message (Collapse)AuthorAgeFilesLines
* auth: fix space/tab mixup in cli_credentials_get_password()Michael Adam2013-09-201-2/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* gensec: check for NULL gensec_security in gensec_security_by_auth_type().Günther Deschner2013-09-191-2/+4
| | | | | | | | | | We have equivalent checks in other gensec_security_by_X calls already. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* gensec: remove duplicate gensec_security_by_authtype() call.Günther Deschner2013-09-191-27/+2
| | | | | | | | | | | We should use the equivalent gensec_security_by_auth_type() call which is exposed in the public header. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* gensec: move schannel module to toplevel.Günther Deschner2013-09-192-0/+338
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Add SASL/EXTERNAL gensec moduleHoward Chu2013-09-183-1/+91
| | | | | | Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* Prepare for SASL/EXTERNAL supportHoward Chu2013-09-181-0/+8
| | | | | | Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* auth/credentials: Add cli_credentials_{set,get}_forced_sasl_mech()Andrew Bartlett2013-09-165-0/+60
| | | | | | | | | | This will allow us to force the use of only DIGEST-MD5, for example, which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* gensec: Fix CID 1063258 Uninitialized scalar variableVolker Lendecke2013-08-191-0/+1
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: make sure cli_credentials_get_nt_hash() always returns a ↵Stefan Metzmacher2013-08-122-7/+16
| | | | | | | | talloc object Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: treat struct gensec_security_ops as const if possible.Stefan Metzmacher2013-08-103-34/+40
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: use 'const char * const *' for function parametersStefan Metzmacher2013-08-103-3/+3
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: make it possible to implement async backendsStefan Metzmacher2013-08-102-49/+160
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: avoid talloc_reference in gensec_security_mechs()Stefan Metzmacher2013-08-101-18/+9
| | | | | | | | We now always copy. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: avoid talloc_reference in gensec_use_kerberos_mechs()Stefan Metzmacher2013-08-101-18/+20
| | | | | | | | We now always copy. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: introduce gensec_internal.hStefan Metzmacher2013-08-1011-96/+140
| | | | | | | | | | We should treat most gensec related structures private. It's a long way, but this is a start. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: add gensec_security_by_auth_type()Stefan Metzmacher2013-08-102-0/+29
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: first check GENSEC_FEATURE_SESSION_KEY before returning ↵Stefan Metzmacher2013-08-101-3/+4
| | | | | | | | | | NOT_IMPLEMENTED Preferr NT_STATUS_NO_USER_SESSION_KEY as return value of gensec_session_key(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: use CRED_CALLBACK_RESULT after a callbackStefan Metzmacher2013-08-051-11/+23
| | | | | | | | | | | | We only do this if it's still CRED_CALLBACK after the callback, this allowes the callback to overwrite it. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Aug 5 09:36:05 CEST 2013 on sn-devel-104
* auth/credentials: simplify password_tries stateStefan Metzmacher2013-08-052-6/+15
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: get the old password from secrets.tdbStefan Metzmacher2013-08-051-0/+11
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: keep cli_credentials privateStefan Metzmacher2013-08-056-93/+126
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: add cli_credentials_shallow_copy()Stefan Metzmacher2013-08-052-0/+18
| | | | | | | | This is useful for testing. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: add cli_credentials_[set_]callback_data*Stefan Metzmacher2013-08-052-0/+19
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: remove pointless talloc_reference() from ↵Stefan Metzmacher2013-08-051-1/+1
| | | | | | | | cli_credentials_get_principal_and_obtained() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: remove pointless talloc_reference() from ↵Stefan Metzmacher2013-08-051-1/+1
| | | | | | | | cli_credentials_get_unparsed_name() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* build: Build with system md5.h on OpenIndianaAndrew Bartlett2013-06-193-3/+3
| | | | | | | | | | | | | | | | | | | | This changes (again...) our system md5 detection to cope with how OpenIndiana does md5. I'm becoming increasingly convinced this isn't worth our while (we should have just done samba_md5...), but for now this change seems to work on FreeBSD, OpenIndiana and Linux with libbsd. This needs us to rename struct MD5Context -> MD5_CTX, but we provide a config.h define to rename the type bad if MD5_CTX does not exist (it does however exist in the md5.h from libbsd). Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
* build: Remove unused credentials_samba3.cAndrew Bartlett2013-05-281-49/+0
| | | | | | | | | | This file was only used by the autoconf build system. Andrew Bartlett Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* gensec: Make gensec_security_oids_from_ops staticVolker Lendecke2013-05-151-4/+5
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed May 15 20:05:34 CEST 2013 on sn-devel-104
* gensec: Make gensec_security_by_sasl_list staticVolker Lendecke2013-05-151-3/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* gensec: Make gensec_interface_version publicVolker Lendecke2013-05-152-1/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* secrets: use lpcfg_private_db_path() convenience helper.Rusty Russell2013-04-121-3/+1
| | | | | Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth/ntlmssp: Avoid use-after-free of user_info after logon failure at log ↵Andrew Bartlett2013-03-271-1/+1
| | | | | | level 5 Reviewed-by: Jeremy Allison <jra@samba.org>
* auth/pycredentials: make use of samba_tevent_context_init()Stefan Metzmacher2013-02-281-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* ntdb: switch between secrets.tdb and secrets.ntdb depending on 'use ntdb'Rusty Russell2013-02-201-1/+3
| | | | | | | | | | | Since we open with dbwrap, it auto-converts old tdbs (which it will rename to secrets.tdb.bak once it's done). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date(master): Wed Feb 20 07:09:19 CET 2013 on sn-devel-104
* gensec: Allow login without a PAC by default (bug #9581)Andrew Bartlett2013-01-241-1/+1
| | | | | | | | | The sense of this test was inverted. We only want to take the ACCESS_DENIED error if gensec:require_pac=true. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth: added cli_credentials_failed_kerberos_login()Andrew Tridgell2012-11-012-0/+64
| | | | | | | | this is used to support retrying kerberos connections after removing a ccache entry, to cope with a server being re-built while our client still has a valid service ticket Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* auth/kerberos: add HAVE_KRB5 guard to fix non-krb5 build after winbindd pac ↵Andrew Bartlett2012-09-221-0/+3
| | | | | | | changes Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Sep 22 02:44:07 CEST 2012 on sn-devel-104
* auth/kerberos: Adjust log level for failed PAC signature verificationChristof Schmitt2012-09-201-1/+1
| | | | | | | | With winbindd trying to verify the signature of an application provided PAC, this message can be easily triggered. Adjust the debug level to avoid filling up the logs. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* auth: Fix some nonempty blank linesVolker Lendecke2012-09-201-61/+59
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: Do not print passwords in a talloc memory dumpAndrew Bartlett2012-08-311-0/+8
| | | | | | | The fact that a password was created here is enough information, so overwrite with the function name and line. Andrew Bartlett
* auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds()Andrew Bartlett2012-08-301-3/+8
| | | | | | | | | | | | | This allows a password alone to be used to accept kerberos tickets. Of course, we need to have got the salt right, but we do not need also the correct kvno. This allows gensec_gssapi to accept tickets based on a secrets.tdb entry. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Aug 30 01:26:12 CEST 2012 on sn-devel-104
* auth/credentials: Remove unused, and un-declared cli_credentials_set_krbtgt()Andrew Bartlett2012-08-291-29/+0
|
* auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb recordsAndrew Bartlett2012-08-291-32/+61
| | | | | | | | By checking first if there is a secrets.tdb record and passing in the password and last change time we avoid setting one series of values and then replacing them. We also avoid the need to work around the setting of anonymous. Andrew Bartlett
* auth/credentials: Improve memory handling in cli_credentials_set_machine_accountAndrew Bartlett2012-08-291-26/+26
| | | | | | | | | By using a tempoary talloc context this is much tidier and more reliable code. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 29 03:11:10 CEST 2012 on sn-devel-104
* auth/credentials: Avoid double-free in the failure caseAndrew Bartlett2012-08-291-1/+1
| | | | | | This pointer is only valid if dbwrap_fetch returned success. Andrew Bartlett
* auth/credentials: Rework credentials handling to try and find the most ↵Andrew Bartlett2012-08-281-33/+71
| | | | | | | | recent machine pw As winbindd will update secrets.tdb but not secrets.ldb, we need to detect this and use secrets.tdb Andrew Bartlett
* auth/credentials: Expand secrets.tdb fetch of secrets to preserve ↵Andrew Bartlett2012-08-281-0/+4
| | | | | | | | workstation and realm These would otherwise be set during the fetch from the secrets.ldb, but are wiped when that fails. Andrew Bartlett
* build: rename security → samba-securityBjörn Jacke2012-08-102-2/+2
| | | | | | | | | there is a libsecurity on OSF1 which clasheѕ with our security lib. see bug #9023. Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Fri Aug 10 14:22:21 CEST 2012 on sn-devel-104
* auth/ntlmssp: avoid talloc_tos() in ntlmssp_client_initial()Stefan Metzmacher2012-08-041-1/+1
| | | | | | | This avoids a smb_panic at log level = 10. If we don't have a talloc stackframe yet. metze
* auth/kerberos: Do not do pointer arithmatic on a void *Andrew Bartlett2012-07-301-1/+1
| | | | | | Found with -Werror=pointer-arith Andrew Bartlett
generated by cgit (git 2.34.1) at 2026-04-27 16:27:50 +0000