summaryrefslogtreecommitdiffstats
path: root/source4/auth/credentials
Commit message (Collapse)AuthorAgeFilesLines
...
* Add missing dependencies for com_err.Jelmer Vernooij2010-10-051-1/+1
|
* heimdal: Fix library name of gssapi.Jelmer Vernooij2010-10-051-1/+1
|
* s4-pycredentials: avoid a tallloc_free on refAndrew Tridgell2010-09-251-1/+1
| | | | with the new py object structure, we need to unlink not free
* s4-kerberos Move 'set key into keytab' code out of credentials.Andrew Bartlett2010-09-243-69/+5
| | | | | | | | This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
* s4-selftest: Move credentials tests to standard python directory.Jelmer Vernooij2010-09-221-100/+0
|
* s4-param: Fix more memory leaks, invalid memory context.Jelmer Vernooij2010-09-221-10/+38
|
* s4-param: Check type when converting python object to lp_ctx, fix someJelmer Vernooij2010-09-221-2/+7
| | | | memory leaks.
* s4-pycredentials: expose forwardable setting via pythonAndrew Tridgell2010-09-161-0/+16
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-credentials: added ability to control forwardable attribute on krb5 ticketsAndrew Tridgell2010-09-162-0/+24
| | | | | | | with the latest bind9 nsupdate, we need to be able to control if the ticket we use is forwardable Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-credentials: get all attributes in cli_credentials_set_secrets()Andrew Tridgell2010-09-111-17/+1
| | | | | This ensures we get whenChanged, which is needed by the s3 winbind code to ensure we don't repeatedly try to change the password
* s4:credentials_krb5.c - quiet a Solaris warningMatthias Dieter Wallnöfer2010-08-271-1/+2
|
* s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell2010-07-164-18/+18
| | | | | | | this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-python: python is not always in /usr/binAndrew Tridgell2010-06-241-1/+1
| | | | | | | | Using "#!/usr/bin/env python" is more portable. It still isn't ideal though, as we should really use the python path found at configure time. We do that in many places already, but some don't. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* python: Use samba.tests.TestCase, make sure base class tearDown andJelmer Vernooij2010-06-191-2/+4
| | | | setUp methods are called, fix formatting.
* s4:auth/credentials/credentials.c - initialise "password_last_changed_time"Matthias Dieter Wallnöfer2010-05-301-0/+2
| | | | Otherwise it could remain uninitialised.
* s4:credentials Add in tracking of the password last set timeAndrew Bartlett2010-05-183-1/+33
| | | | | | | | We perhaps need a more general API here, but for now extend the credentials API to return the password last changed time that the s3compat layer will need. Andrew Bartlett
* s4:credentials Allow setting of an empty Kerberos CCACHEAndrew Bartlett2010-05-141-18/+12
| | | | | | | This allows us to tell the credentials code where we want the credentials put. Andrew Bartlett
* s4:credentials Make the CCACHE in credentials depend on the things that built itAndrew Bartlett2010-05-023-20/+81
| | | | | | | | | This means that we consider the ccache only as reliable as the least specified of the inputs we used. This means that we will regenerate the ccache if any of the inputs change. Andrew Bartlett
* s4:kerberos Give a better error message than "Could not allocate memory"Andrew Bartlett2010-04-271-3/+3
| | | | Andrew Bartlett
* pytalloc: ensure talloc_ctx is directly after PyObject_HEADAndrew Tridgell2010-04-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | the talloc python interface for tp_alloc and tp_dealloc relies on a cast to a py_talloc_Object to find the talloc_ctx (see py_talloc_dealloc). This means we rely on the talloc_ctx for the object being directly after the PyObject_HEAD This fixes the talloc free with references bug in samba_dnsupdate The actual problem was the tp_alloc() call in PyCredentialCacheContainer_from_ccache_container() which used a cast from a py_talloc_Object to a PyCredentialCacheContainerObject. That case effectively changed the parent/child relationship between the talloc_ctx and the ccc ptr. This patch changes all the structures that follow this pattern to put the TALLOC_CTX directly after the PyObject_HEAD, to ensure that if anyone else decides to do a dangerous cast like this that it won't cause the same sort of subtle breakage. Pair-Programmed-With: Rusty Russell <rusty@samba.org>
* s4-python: PyErr_SetString() will crash on NULL stringsAndrew Tridgell2010-04-191-1/+1
| | | | use nt_errstr() when no error available
* s4:credentials Add the functions needed to do S4U2Self with cli_credentialsAndrew Bartlett2010-04-103-0/+47
| | | | | | A torture test to demonstrate will be added soon. Andrew Bartlett
* s4:credentials talloc_free() any previous salt_principalAndrew Bartlett2010-04-102-1/+2
| | | | | | | This isn't used often, but it is generally better not to leak it onto what may be a longer-term context. Andrew Bartlett
* pynet: Create a net class.Jelmer Vernooij2010-04-081-6/+17
|
* s4-waf: removed the AUTOGENERATED markersAndrew Tridgell2010-04-061-4/+0
| | | | we won't be using the mk -> wscript generator again
* s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell2010-04-061-0/+2
| | | | them
* build: commit all the waf build files in the treeAndrew Tridgell2010-04-061-0/+19
|
* s4-python: Remove convenience macro PyErr_SetStringError.Jelmer Vernooij2010-04-041-1/+1
| | | | This macro assumed that all errors were runtime errors.
* pytalloc: allow for using a system libtalloc-dev with pytallocAndrew Tridgell2010-03-291-1/+1
| | | | | | | | | When we have a system talloc library, we still need to grab pytalloc.h from lib/talloc. We don't want to just use -Ilib/talloc, as otherwise we'll get the in-tree talloc.h which may not be compatible with the system talloc.h So we need to give the path to pytalloc.h
* s4:auth/credentials/credentials.c - initialise more contentMatthias Dieter Wallnöfer2010-03-261-0/+3
| | | | Now all data should be initialised
* s4:python Add bindings to set GENSEC flags on credentials in pythonAndrew Bartlett2010-02-261-0/+23
| | | | | | | This should allow these to be manipulated by python scripts that need encrypted connections. Andrew Bartlett
* s4-krb5: propogate errors from a lot more kerberos functionsAndrew Tridgell2010-02-265-56/+91
| | | | | | | | We need to be able to give sensible error messages when a kerberos calls fails. This propogates the kerberos error up the stack to the caller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:credentials Add hooks to extract a named Kerberos credentials cacheAndrew Bartlett2010-02-205-63/+162
| | | | | | | | | | | | This allows the integration of external tools that can't be linked into C or python, but need to authenticate as the local machine account. The machineaccountccache script demonstrates this, and debugging has been improved in cli_credentials_set_secrets() by passing back and error string. Andrew Bartlett
* s4:auth/credentials/credentials.c - Initialise the "lm_response" and ↵Matthias Dieter Wallnöfer2010-02-121-0/+5
| | | | | | | "nt_response" structures In some cases those structures are not initialised and the whole authentication system crashes with a SIGSEGV. Bug discovered by Matthieu Patou in bug #6755.
* s4:Remove "Py_RETURN_NONE" compatibility codeMatthias Dieter Wallnöfer2010-02-091-4/+0
| | | | This was needed only by Python 2.3 which we no longer support.
* dsdb: Fix dependencies when building against system ldb.Jelmer Vernooij2009-12-291-1/+1
|
* s4:credentials Put the 'secrets.keytab' in the same directory as secrets.ldbAndrew Bartlett2009-11-021-1/+3
| | | | | | | This avoids trouble when the secrets.ldb is updated with ldbedit but an smb.conf is not specified. Andrew Bartlett
* s4-python: we need to include Python.h firstAndrew Tridgell2009-10-231-1/+1
| | | | | If we don't include Python.h first then we get a pile of warnings due to broken redefines of XOPEN_SOURCE in the Python includes.
* s4:auth - fixed problem reading bind DN from secrets databaseEndi S. Dewata2009-10-162-0/+8
|
* s4:auth/credentials/credentials - fix uninitalised pointersMatthias Dieter Wallnöfer2009-10-151-7/+35
| | | | This should fix bug #6755.
* pycredentials: Raise MemoryError when unable to create objects.Jelmer Vernooij2009-06-171-1/+6
|
* pycredentials: Fix memory leak.Jelmer Vernooij2009-06-171-1/+7
|
* s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵Andrew Bartlett2009-06-121-3/+0
| | | | | | | | | | | 904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
* Fix more unresolved symbols.Jelmer Vernooij2009-06-022-10/+1
|
* python: Move helper functions for using param into a separate file ratherJelmer Vernooij2009-06-021-1/+1
| | | | than linking against the python module.
* Rework Samba4 to use the new common libcli/auth codeAndrew Bartlett2009-04-142-5/+5
| | | | | | | In particular, this is the rename from creds_ to netlogon_creds_, as well as other links to use the new common crypto. Andrew Bartlett
* s4:auth/credentials: include gssapi/gssapi_krb5.hStefan Metzmacher2009-03-261-0/+1
| | | | metze
* s4:pycredentials: fix compiler warningsStefan Metzmacher2009-02-052-26/+25
| | | | metze
* s4:auth/credentials: the python bindings don't use swig anymoreStefan Metzmacher2009-02-021-4/+2
| | | | metze
* Add prototypes required by samba-gtk.Jelmer Vernooij2009-01-251-0/+9
|
generated by cgit (git 2.34.1) at 2025-09-26 07:26:30 +0000