summaryrefslogtreecommitdiffstats
path: root/source4/auth
Commit message (Collapse)AuthorAgeFilesLines
* s4:credentials_krb5.c - quiet a Solaris warningMatthias Dieter Wallnöfer2010-08-271-1/+2
|
* s4:ntlm/auth.c - add a whitespace in a debug outputMatthias Dieter Wallnöfer2010-08-261-1/+1
|
* s4:security Change struct security_token->sids from struct dom_sid * to ↵Andrew Bartlett2010-08-231-11/+15
| | | | | | | | | struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
* s4:auth Change {anonymous,system}_session to use common session_info generationAndrew Bartlett2010-08-181-4/+4
| | | | | | | This also changes the primary group for anonymous to be the anonymous SID, and adds code to detect and ignore this when constructing the token. Andrew Bartlett
* s4:auth Avoid doing database lookups for NT AUTHORITY usersAndrew Bartlett2010-08-182-108/+122
|
* s4:auth Remove system_session_anon() from python bindingsAndrew Bartlett2010-08-184-56/+3
|
* s4:auth Remove the system:anonymous parameter used for the LDAP backendAndrew Bartlett2010-08-181-10/+4
| | | | This isn't needed any more, and just introduces complexity.
* s4:auth Remove special case constructor for admin_session()Andrew Bartlett2010-08-181-63/+13
| | | | | | There isn't a good reason why this code is duplicated. Andrew Bartlett
* s4:security Remove use of user_sid and group_sid from struct security_tokenAndrew Bartlett2010-08-181-10/+5
| | | | This makes the structure more like Samba3's NT_USER_TOKEN
* s4:auth Move struct auth_usersupplied_info to a common locationAndrew Bartlett2010-08-144-47/+6
| | | | | | | | | This also changes the calling convention slightly - we should always allocate this with talloc_zero() to allow some elements to be optional. Some elements may only make sense in Samba3, which I hope will use this common structure. Andrew Bartlett
* libcli/auth Make the source3/ implementation of the NTLMSSP server commonAndrew Bartlett2010-08-101-520/+1
| | | | | | | | | This means that the core logic (but not the initialisation) of the NTLMSSP server is in common, but uses different authentication backends. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
* libcli/auth Move some source3/ NTLMSSP functions to the common code.Andrew Bartlett2010-08-103-141/+6
| | | | | | | | libcli/auth Use true and false rather than True and False in common code Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
* s4-build: use @PACKAGE_VERSION@ in s4 pc.in filesAndrew Tridgell2010-08-091-1/+1
| | | | this gets replaced by vnum from the build rule
* s4:ntlmssp Merge more aspects of the source3/ NTLMSSP layerAndrew Bartlett2010-08-071-20/+21
| | | | | | | | | | | | This changes the talloc treatment of the session keys to avoid memory duplication - the session key has always been allocated onto the ntlmssp_context by the auth subsystem callback. The remainder of the changes are cosmetics, such as avoiding using lm_session_key as a pointer (and avoiding then doing an if statement on something that is always true). Andrew Bartlett
* s4:ntlmssp Re-add gensec_ntlmssp wrapper to allow merge with source3/Andrew Bartlett2010-08-072-20/+54
| | | | | | | | | By re-adding this wrapper, the actual guts of these functions are now very similar to that found in source3/libsmb/ntlmssp.c This should make it easier to merge the implementations. Andrew Bartlett
* s4:ntlmssp Always setup the session keys and signing stateAndrew Bartlett2010-08-071-9/+1
| | | | | | | | | | While it would save some CPU to only setup the session key when requested (like windows does), this instead matches the implementation in source3/libsmb/ntlmssp.c We could re-add this later after the codebase is merged. Andrew Bartlett
* s4:ntlmssp Adjust Samba4 ntlmssp code to look more like the code in Samba3.Andrew Bartlett2010-08-062-71/+119
| | | | | | | | This does not change behaviour, and some of the whitespace isn't ideal, but at the moment making this code more similar, even in cosmetics, will assist later merge efforts. Andrew Bartlett
* s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell2010-07-1622-88/+88
| | | | | | | this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* Fixed system_session_anon to actually make an anonymous sessionNadezhda Ivanova2010-07-141-1/+1
| | | | | It seems that because the flag is false, this always used the supplied credentials rhather than establish anonymous connection.
* s4:auth/session.c - suppress a warning when freeing "group_string"Matthias Dieter Wallnöfer2010-06-301-3/+5
|
* s4:auth/session.c - free "group_string" when not neededAnatoliy Atanasov2010-06-301-1/+1
| | | | Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
* Revert "s4/auth: Fixed authsam_expand_nested_groups() to find entry SID if ↵Matthias Dieter Wallnöfer2010-06-291-21/+4
| | | | | | | | not available in the DN." This reverts commit fa9557fee3ca546878d99b77f1ff37f724c37024. See post "Endi's Bug 7530 patches (LDAP backend)" on samba-technical.
* s4:auth Query LDB for msds-SupportedEncryptionTypes for the KDCAndrew Bartlett2010-06-291-0/+1
| | | | | | The KDC needs this to determine what encryption types an entry supports Andrew Bartlett
* s4:kerberos Add functions to convert msDS-SupportedEncryptionTypesAndrew Bartlett2010-06-292-0/+60
| | | | | | This will allow us to interpret this attibute broadly in Samba. Andrew Bartlett
* s4:provision Add an msDS-SupportedEncryptionTypes entry to our DCAndrew Bartlett2010-06-291-0/+3
| | | | | | | | This ensures that our DC will use all the available encyption types. (The KDC reads this entry to determine what the server supports) Andrew Bartlett
* s4:auth/sam.c - "authsam_expand_nested_groups" - small performance improvementMatthias Dieter Wallnöfer2010-06-281-3/+7
| | | | | We can save one search operation if "only_childs" is false and when we had no SID passed as extended DN component.
* s4:auth/sam.c - "authsam_expand_nested_groups" - cosmetic/commentsMatthias Dieter Wallnöfer2010-06-281-9/+11
|
* s4:auth/sam.c - "authsam_expand_nested_groups" - use "dsdb_search_dn" where ↵Matthias Dieter Wallnöfer2010-06-281-3/+11
| | | | | | possible And always catch LDB errors
* s4/auth: Fixed authsam_expand_nested_groups() to find entry SID if not ↵Endi S. Dewata2010-06-281-1/+8
| | | | | | available in the DN. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
* s4:auth/gensec/gensec_gssapi.c - reorder constructorMatthias Dieter Wallnöfer2010-06-241-30/+38
| | | | To have the same order as in the structure definition.
* s4-python: python is not always in /usr/binAndrew Tridgell2010-06-243-3/+3
| | | | | | | | Using "#!/usr/bin/env python" is more portable. It still isn't ideal though, as we should really use the python path found at configure time. We do that in many places already, but some don't. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* Revert "Add old functionality back which was removed in commit 589a42e2."Wilco Baan Hofman2010-06-202-21/+2
| | | | | | This reverts commit 94e3b4a0d8b714c101803886d60ae6c484740d2f. Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
* Add old functionality back which was removed in commit 589a42e2.Wilco Baan Hofman2010-06-202-2/+21
| | | | | | Andrew, please review! Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
* python: Use samba.tests.TestCase, make sure base class tearDown andJelmer Vernooij2010-06-193-8/+11
| | | | setUp methods are called, fix formatting.
* ldb: Only build standard ldb modules when building bundled ldb.Jelmer Vernooij2010-06-151-1/+1
|
* s4-test: Use smb.conf path set in environment rather than usingJelmer Vernooij2010-06-131-2/+2
| | | | | | command-line options. This is the first step towards supporting custom test runners.
* s4:ntlmssp Use common code for ntlmssp_sign.cAndrew Bartlett2010-06-012-508/+2
| | | | | | | | | | The common code does not have a mem_ctx on ntlmssp_check_packet() and ntlmssp_unseal_packet(). We do however need some internal working of the code exposed, so some structures are moved to ntlmssp_sign.h Andrew Bartlett
* s4:ntlmssp Use the new common ntlmssp.hAndrew Bartlett2010-06-011-117/+1
|
* s4:ntlmssp Merge ntlmssp structures with version from source3/Andrew Bartlett2010-06-012-74/+21
| | | | | | | Use this as an excuse to get rid of ntlmssp_set_domain() etc, which don't do anything useful now that msrpc_parse() use talloc anyway. Andrew Bartlett
* ldb: Fix dependencies when building with system ldb.Jelmer Vernooij2010-05-311-1/+1
|
* s4:auth/credentials/credentials.c - initialise "password_last_changed_time"Matthias Dieter Wallnöfer2010-05-301-0/+2
| | | | Otherwise it could remain uninitialised.
* Add in support for the NTLMSSP version reply.Jeremy Allison2010-05-242-4/+31
| | | | Jeremy.
* s4:auth Remove un-needed headers.Andrew Bartlett2010-05-215-9/+0
|
* s4:auth Fix previous commit - segfault in determinging a user's groupsAndrew Bartlett2010-05-211-5/+3
| | | | | | The previous commit didn't include these vital fixes. Andrew Bartlett
* s4:auth Error out when a memberOf DN does not have a SIDAndrew Bartlett2010-05-211-13/+8
| | | | | | We previously segfaulted if this was not the case. Andrew Bartlett
* s4:auth handle addition of nested aliases of domain groups.Andrew Bartlett2010-05-201-8/+8
| | | | | | | | | The challenge here is that we are asked not to add the domain groups again, but we need to search inside them for any aliases that we need to add. So, we can't short-circuit the operation just because we found the domain group. Andrew Bartlett
* s4:auth Change auth_generate_session_info to take flagsAndrew Bartlett2010-05-206-12/+29
| | | | | | | | | | | | | | This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
* s4:auth Push check for messaging context into winbind backendAndrew Bartlett2010-05-202-5/+5
| | | | | | | If we don't use the winbind backend, we don't (for now) need a messaging context- and we don't have one in LDB at the moment. Andrew Bartlett
* s4:auth Add dependency from the operational module onto authAndrew Bartlett2010-05-204-7/+34
| | | | | | | We had to split up the auth module into a module loaded by main deamon and a subsystem we manually init in the operational module. Andrew Bartlett
* s4:auth Allow the operational module to get a user's tokenGroups from authAndrew Bartlett2010-05-205-41/+131
| | | | | | | | This creates a new interface to the auth subsystem, to allow an auth_context to be created from the ldb, and then tokenGroups to be calculated in the same way that the auth subsystem would. Andrew Bartlett
generated by cgit (git 2.34.1) at 2025-09-26 13:24:59 +0000