summaryrefslogtreecommitdiffstats
path: root/source4/auth/gensec
Commit message (Collapse)AuthorAgeFilesLines
* auth/gensec Handle incorrect username or password in Kerberos client codeAndrew Bartlett2010-11-152-0/+3
| | | | | | | Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Nov 15 02:09:40 UTC 2010 on sn-devel-104
* s4-auth Supply more useful error messages on Kerberos failureAndrew Bartlett2010-11-083-13/+28
| | | | | | | | | The practice of returning only NT_STATUS_INVALID_PARAMETER hasn't helped our users to debug problems effectivly, and so we now return more errors and try and give a more useful debug message when then happen. Andrew Bartlett
* s4-auth Fix typos in samba4 auth codeBrad Hards2010-11-081-7/+7
|
* credentials: Lowercase library name,Jelmer Vernooij2010-11-071-5/+5
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Nov 7 01:48:44 UTC 2010 on sn-devel-104
* s4-modules: get rid of the remaining static prototypes for modulesAndrew Tridgell2010-11-011-11/+2
| | | | the waf build now generates the prototype declarations for us
* s4-auth: added a dependency on com_errAndrew Tridgell2010-10-311-1/+1
| | | | | | | | | | | this helps with the gentoo build. The problem is that without the depenency, we don't add the cflags from the pkgconfig for com_err to the build of auth/gensec. That really reflects a more general problem with propogation of include dependencies, but this simple fix should be enough for now. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sun Oct 31 13:13:33 UTC 2010 on sn-devel-104
* s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij2010-10-312-84/+0
| | | | | | | | The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
* s4-auth: make KERBEROS subsystem into authkrb5 private libraryAndrew Tridgell2010-10-301-2/+2
| | | | | | this fixes some double linking. The name 'KERBEROS' was also a bit confusing, as it sounded like a base kerberos library, when it is in fact part of auth
* talloc: change pytalloc-util to be a public library.Jelmer Vernooij2010-10-261-1/+1
|
* waf: Remove lib prefix from libraries manually.Jelmer Vernooij2010-10-261-2/+2
|
* s4: Drop duplicate 'lib' prefix for private libraries.Jelmer Vernooij2010-10-261-1/+1
|
* s4: Rename LIBSAMBA-* to libsamba-*Jelmer Vernooij2010-10-241-1/+1
|
* s4-waf: removed the XATTR and SASL aliasesAndrew Tridgell2010-10-211-1/+1
| | | | | | these were hangovers from the old build system names Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-gensec Don't give more to sasl_encode() than it will permitAndrew Bartlett2010-10-191-3/+10
| | | | | | | | | We need to ask the library how much data to pass in at any time. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 19 08:37:45 UTC 2010 on sn-devel-104
* s4-gensec Don't upgrade all DIGEST-MD5 connections to sealAndrew Bartlett2010-10-191-12/+21
| | | | | | | | The issue here is that when props.max_ssf = UINT_MAX was always set, as was the maxbufsize, and the connection would always be upgraded, regardless of the callers wishes. Andrew Bartlett
* s4-gensec: Add dependency on com_err to GENSEC_KRB5.Andreas Schneider2010-10-181-1/+1
|
* s4-credentials Add explicit event context handling to Kerberos calls (only)Andrew Bartlett2010-10-112-16/+32
| | | | | | | | | | | | | | By setting the event context to use for this operation (only) onto the krb5_context just before we call that operation, we can try and emulate the specification of an event context to the actual send_to_kdc() This eliminates the specification of an event context to many other cli_credentials calls, and the last use of event_context_find() Special care is taken to restore the event context in the event of nesting in the send_to_kdc function. Andrew Bartlett
* credentials: Split up into several subsystems.Jelmer Vernooij2010-10-111-3/+3
|
* gensec: Support building without any linked-in modules.Jelmer Vernooij2010-10-101-0/+4
|
* Add missing dependencies for com_err.Jelmer Vernooij2010-10-051-0/+1
|
* heimdal: Fix library name of gssapi.Jelmer Vernooij2010-10-051-1/+1
|
* s4-gensec Always honour the set server principalAndrew Bartlett2010-10-021-1/+1
| | | | | | | | | | The spengo code won't set this unless it is allowed to by this same option, but other callers may need it. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Oct 2 02:27:39 UTC 2010 on sn-devel-104
* s4:gensec_tstream: remove plain socket handlingStefan Metzmacher2010-09-281-124/+12
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 04:54:24 UTC 2010 on sn-devel-104
* s4:gensec: add gensec_create_tstream()Stefan Metzmacher2010-09-283-1/+764
| | | | | | Based on the initial patch from Andreas Schneider <asn@redhat.com>. metze
* s4-gensec: fixed a valgrind error in gensecAndrew Tridgell2010-09-261-12/+2
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:schannel: handle move flag combinations in the serverStefan Metzmacher2010-09-261-13/+23
| | | | | | This fixes some testsuites in the CIFS plugfest. metze
* s4-gensec: fixed a client side bug in GENSEC/SASL/SSF negotiationAndrew Tridgell2010-09-231-7/+10
| | | | | | this is the client side equivalent change for the previous fix Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-gensec: prevent a double free in the error path of GSSAPI authAndrew Tridgell2010-09-231-1/+0
| | | | | | the caller frees mem_ctx, so we shouldn't Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-gensec: fixed a GSSAPI SASL negotiation bugAndrew Tridgell2010-09-231-11/+14
| | | | | | | | | | Fixed a bug that affected mismatched negotiation between the GSSAPI layer and the SASL SSF subsequent negotiation. This caused some ldap clients to hang when trying to authentication with a Samba LDAP server. The client thought the connection should be signed, the server thought it should be in plain text Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-param: Fix more memory leaks, invalid memory context.Jelmer Vernooij2010-09-221-1/+1
|
* s4-param: Check type when converting python object to lp_ctx, fix someJelmer Vernooij2010-09-221-0/+18
| | | | memory leaks.
* pygensec: Implement start_mech_by_name().Jelmer Vernooij2010-09-222-8/+30
|
* s4-selftest: Move more tests to scripting/python, simplifies running of tests.Jelmer Vernooij2010-09-211-39/+0
|
* s4: Fix two typosVolker Lendecke2010-09-141-2/+2
|
* s4:gensec Put the "NTLM" string for NTLMSSP's SASL name in a headerAndrew Bartlett2010-09-111-0/+2
|
* s4-build: use @PACKAGE_VERSION@ in s4 pc.in filesAndrew Tridgell2010-08-091-1/+1
| | | | this gets replaced by vnum from the build rule
* s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell2010-07-165-12/+12
| | | | | | | this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:auth/gensec/gensec_gssapi.c - reorder constructorMatthias Dieter Wallnöfer2010-06-241-30/+38
| | | | To have the same order as in the structure definition.
* s4-python: python is not always in /usr/binAndrew Tridgell2010-06-241-1/+1
| | | | | | | | Using "#!/usr/bin/env python" is more portable. It still isn't ideal though, as we should really use the python path found at configure time. We do that in many places already, but some don't. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* python: Use samba.tests.TestCase, make sure base class tearDown andJelmer Vernooij2010-06-191-4/+4
| | | | setUp methods are called, fix formatting.
* ldb: Only build standard ldb modules when building bundled ldb.Jelmer Vernooij2010-06-151-1/+1
|
* s4-test: Use smb.conf path set in environment rather than usingJelmer Vernooij2010-06-131-2/+2
| | | | | | command-line options. This is the first step towards supporting custom test runners.
* s4:auth Remove un-needed headers.Andrew Bartlett2010-05-211-1/+0
|
* s4:auth Change auth_generate_session_info to take flagsAndrew Bartlett2010-05-201-1/+7
| | | | | | | | | | | | | | This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
* s4:auth Allow the operational module to get a user's tokenGroups from authAndrew Bartlett2010-05-202-1/+2
| | | | | | | | This creates a new interface to the auth subsystem, to allow an auth_context to be created from the ldb, and then tokenGroups to be calculated in the same way that the auth subsystem would. Andrew Bartlett
* Finish removal of iconv_convenience in public API's.Jelmer Vernooij2010-05-185-12/+3
|
* s4:gensec expose gensec_set_target_principal for use outside GENSECAndrew Bartlett2010-05-144-3/+8
| | | | | | | | This allows for the rare case where the caller knows the target principal. The check for lp_client_use_spnego_principal() is moved to the spengo code to make this work. Andrew Bartlett
* s4:credentials Make the CCACHE in credentials depend on the things that built itAndrew Bartlett2010-05-022-1/+12
| | | | | | | | | This means that we consider the ccache only as reliable as the least specified of the inputs we used. This means that we will regenerate the ccache if any of the inputs change. Andrew Bartlett
* s4:gensec Use a different form of 'name' in GSSAPI import_name()Andrew Bartlett2010-04-271-3/+3
| | | | | | | The idea here is to make it not dependent on the system's default realm. Andrew Bartlett
* s4:auth Change auth_generate_session_info to take an auth contextAndrew Bartlett2010-04-144-4/+24
| | | | | | | | | | | | | | | | | | The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
generated by cgit (git 2.34.1) at 2026-04-02 01:19:40 +0000