summaryrefslogtreecommitdiffstats
path: root/source4/auth/gensec
Commit message (Collapse)AuthorAgeFilesLines
* s4:credentials Make the CCACHE in credentials depend on the things that built itAndrew Bartlett2010-05-022-1/+12
| | | | | | | | | This means that we consider the ccache only as reliable as the least specified of the inputs we used. This means that we will regenerate the ccache if any of the inputs change. Andrew Bartlett
* s4:gensec Use a different form of 'name' in GSSAPI import_name()Andrew Bartlett2010-04-271-3/+3
| | | | | | | The idea here is to make it not dependent on the system's default realm. Andrew Bartlett
* s4:auth Change auth_generate_session_info to take an auth contextAndrew Bartlett2010-04-144-4/+24
| | | | | | | | | | | | | | | | | | The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
* s4:auth Remove event context from anonymous_session()Andrew Bartlett2010-04-111-1/+1
| | | | | | | | This should always return a simple structure with no need to consult a DB, so remove the event context, and simplfy to call helper functions that don't look at privilages. Andrew Bartlett
* pynet: Create a net class.Jelmer Vernooij2010-04-081-1/+1
|
* s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell2010-04-061-0/+2
| | | | them
* s4-waf: enable the pc_files in the build rulesAndrew Tridgell2010-04-061-1/+1
|
* build: fixed the build without sasl librariesAndrew Tridgell2010-04-061-1/+2
| | | | We need to only enable the cyrus_sasl module if we have sasl/sasl.h
* build: waf quicktest nearly worksAndrew Tridgell2010-04-061-5/+1
| | | | | Rewrote wafsamba using a new dependency handling system, and started adding the waf test code
* build: commit all the waf build files in the treeAndrew Tridgell2010-04-061-0/+63
|
* Revert "s4:gensec_gssapi.c - make sure that "GSS_C_DELEG_POLICY_FLAG" is ↵Matthias Dieter Wallnöfer2010-04-051-5/+0
| | | | | | | | available" This reverts commit 3e091a82167f51b7d9abf00755bede9354932c6b. This should be fixed through the new build system when it lands in "master".
* s4:gensec_gssapi.c - make sure that "GSS_C_DELEG_POLICY_FLAG" is availableMatthias Dieter Wallnöfer2010-03-301-0/+5
| | | | FreeBSD 7.2 needs this.
* pytalloc: allow for using a system libtalloc-dev with pytallocAndrew Tridgell2010-03-291-1/+1
| | | | | | | | | When we have a system talloc library, we still need to grab pytalloc.h from lib/talloc. We don't want to just use -Ilib/talloc, as otherwise we'll get the in-tree talloc.h which may not be compatible with the system talloc.h So we need to give the path to pytalloc.h
* libutil: moved the networking defines to util_net.hAndrew Tridgell2010-03-262-0/+2
| | | | These were causing thousands of warnings on solaris8
* s4-gensec: Fixed wrong usage of error_string.Andreas Schneider2010-03-081-1/+1
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:python Add bindings to set GENSEC flags on credentials in pythonAndrew Bartlett2010-02-261-0/+9
| | | | | | | This should allow these to be manipulated by python scripts that need encrypted connections. Andrew Bartlett
* s4-krb5: propogate errors from a lot more kerberos functionsAndrew Tridgell2010-02-262-9/+15
| | | | | | | | We need to be able to give sensible error messages when a kerberos calls fails. This propogates the kerberos error up the stack to the caller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:cleanup remove unused schannel ldb codeSimo Sorce2010-02-231-67/+0
|
* s4:schannel merge code with s3Simo Sorce2010-02-232-22/+5
| | | | | | | | | | | | | | | | | After looking at the s4 side of the (s)channel :) I found out that it makes more sense to simply make it use the tdb based code than redo the same changes done to s3 to simplify the interface. Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet that does not solve the lookup speed, with ldb it is always going to be slower. Looking through the history it is evident that the schannel database doesn't really need greate expanadability. And lookups are always done with a single Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated. The schannel database is not really a persistent one. It can be discared during an upgrade without causing any real issue. all it contains is temproary session data.
* s4-auth: use TYPESAFE_QSORT() in gensecAndrew Tridgell2010-02-131-1/+2
|
* s4:Remove "Py_RETURN_NONE" compatibility codeMatthias Dieter Wallnöfer2010-02-091-4/+0
| | | | This was needed only by Python 2.3 which we no longer support.
* s4:gensec: change gensec_update_send/recv to tevent_reqStefan Metzmacher2009-12-243-58/+83
| | | | metze
* s4:gensec: allow clearing local and remote address by passing NULLStefan Metzmacher2009-12-161-0/+10
| | | | metze
* s4-gensec: Remove obsolete socket_address vars and fns.Andreas Schneider2009-12-162-35/+0
|
* s4-gensec: Replace gensec_get_peer_addr with new tsocket based fn.Andreas Schneider2009-12-164-27/+21
|
* s4-gensec: Replace gensec_set_peer_addr with new tsocket based fn.Andreas Schneider2009-12-162-11/+0
|
* s4-gensec: Replace gensec_get_my_addr with new tsocket based fn.Andreas Schneider2009-12-163-23/+24
|
* s4-gensec: Replace gensec_set_my_addr() with new tsocket based fn.Andreas Schneider2009-12-162-10/+0
|
* s4-gensec: Added remote and local setter/getter using tsocket.Andreas Schneider2009-12-163-4/+127
|
* s4:gensec/schannel: remove unused talloc_reference() in schannel_update()Stefan Metzmacher2009-10-241-1/+1
| | | | | | We never expose creds to the caller in schannel_update(). metze
* s4-python: we need to include Python.h firstAndrew Tridgell2009-10-231-1/+1
| | | | | If we don't include Python.h first then we get a pile of warnings due to broken redefines of XOPEN_SOURCE in the Python includes.
* s4:gensec Use an index on computerName in schannel.ldbAndrew Bartlett2009-10-231-1/+4
|
* s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()Andrew Tridgell2009-10-231-1/+1
| | | | | | | | | This allows us to reuse a ldb context if it is open twice, instead of going through the expensive process of a full ldb open. We can reuse it if all of the parameters are the same. The change relies on callers using talloc_unlink() or free of a parent to close a ldb context.
* s4-dsdb: create a static system_session contextAndrew Tridgell2009-10-231-2/+2
| | | | | | This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
* s4: ran minimal_includes.pl on source4/auth/gensecAndrew Tridgell2009-10-206-12/+0
|
* s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where neededMatthias Dieter Wallnöfer2009-10-141-9/+5
| | | | | | For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way.
* s4-pygensec: a bit closer to workingAndrew Tridgell2009-10-023-9/+56
| | | | | I'll need help from Andrew on how to get gensec to initialise it's ops element
* gensec: Avoid exposing lp_ctx on the API level.Jelmer Vernooij2009-09-263-14/+12
|
* pygensec: Add initial work on a gensec Python module.Jelmer Vernooij2009-09-263-0/+184
|
* s4:auth/gensec/schannel - fix a const warningMatthias Dieter Wallnöfer2009-09-251-1/+2
|
* s4:schannel: fix some compiler warningsStefan Metzmacher2009-09-251-2/+4
| | | | | | If we only do signing we can pass down a const data buffer. metze
* spnego: Support ASN.1 BIT STRING and use it in SPNEGO.Kouhei Sutou2009-09-171-2/+4
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* spnego: share spnego_parse.Günther Deschner2009-09-174-475/+2
| | | | Guenther
* libcli/auth: rewrite schannel sign/seal code to be more genericStefan Metzmacher2009-09-161-33/+56
| | | | | | This prepares support for HMAC-SHA256/AES. metze
* schannel: move schannel_sign to main directory.Günther Deschner2009-09-164-312/+3
| | | | Guenther
* s4-schannel: try to fix the build.Günther Deschner2009-09-161-1/+1
| | | | Guenther
* s4-schannel: first step of decoupling schannel from gensec.Günther Deschner2009-09-162-20/+51
| | | | Guenther
* s4-schannel: strip trailing whitespace.Günther Deschner2009-09-161-36/+36
| | | | Guenther
* s4-schannel: use NL_AUTH_MESSAGE for schannel.Günther Deschner2009-09-131-23/+35
| | | | Guenther
* s4-schannel: strip trailing whitespace.Günther Deschner2009-09-131-26/+26
| | | | Guenther
generated by cgit (git 2.34.1) at 2025-09-26 15:10:06 +0000