summaryrefslogtreecommitdiffstats
path: root/source4/auth
Commit message (Collapse)AuthorAgeFilesLines
...
* librpc: make NDR_KRB5PAC a shared library (libndr-krb5pac.so).Günther Deschner2011-02-141-1/+1
| | | | | | | | | Simo, please check. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Feb 14 18:54:38 CET 2011 on sn-devel-104
* ldb: use #include <ldb.h> for ldbAndrew Tridgell2011-02-104-4/+4
| | | | | | | | thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-krb5: authkrb5 should depend on ldbAndrew Tridgell2011-02-101-1/+1
| | | | | | this fixes the include path to add ldb Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* libcli/named_pipe_auth Change from 'info3' to auth_session_info_transportAndrew Bartlett2011-02-102-0/+157
| | | | | | | | | | | | | | | This changes the structure being used to convey the current user state from the netlogon-derived 'netr_SamInfo3' structure to a purpose-built structure that matches the internals of the Samba auth subsystem and contains the final group list, as well as the final privilege set and session key. These previously had to be re-created on the server side of the pipe each time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* auth Move auth_sam_reply into the top level.Andrew Bartlett2011-02-102-397/+0
| | | | | | | | | These functions provide conversions between some netlogon.idl and auth.idl structures Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-auth Fix setting of bad_password_count in ↵Andrew Bartlett2011-02-091-1/+1
| | | | | | | | auth_convert_user_info_dc_sambaseinfo() Discovered during the convertion to auth_user_info. Andrew Bartlett
* s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett2011-02-0922-666/+705
| | | | | | | | | | | | | This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
* s4-auth Add auth.idl to encode auth subsystem structures in IDLAndrew Bartlett2011-02-091-0/+1
| | | | | | | This is not only a useful way to encode stuff, it also allows python to handle the structures, and natrually allows them to be NDR encoded. Andrew Bartlett
* pam: share pam errors in a common location.Günther Deschner2011-02-084-166/+1
| | | | Guenther
* s4-python Ensure we add the Samba python path first.Andrew Bartlett2011-02-021-1/+1
| | | | | | | This exact form of the construction is important, and we match on it in the installation scripts. Andrew Bartlett
* s4:auth/pyauth.c - temporarily add compatibility code for Python 2.4Matthias Dieter Wallnöfer2011-01-301-0/+11
| | | | | | | This patch has been commited by request of Jelmer. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Jan 30 19:07:57 CET 2011 on sn-devel-104
* s4-auth Remove special case for account_sid from auth_serversupplied_infoAndrew Bartlett2011-01-208-222/+206
| | | | | | | | | | | | This makes everything reference a server_info->sids list, which is now a struct dom_sid *, not a struct dom_sid **. This is in keeping with the other sid lists in the security_token etc. In the process, I also tidy up the talloc tree (move more structures under their logical parents) and check for some possible overflows in situations with a pathological number of sids. Andrew Bartlett
* s4-gensec Add prototype for gensec_ntlmssp_init()Andrew Bartlett2011-01-201-0/+2
| | | | Andrew Bartlett
* libcli/auth move ntlmssp_wrap() and ntlmssp_unwrap() into common code.Andrew Bartlett2011-01-201-123/+12
| | | | | | | The idea here is to allow the source3/libads/sasl.c code to call this instead of the lower level ntlmssp_* functions. Andrew Bartlett
* s4-pyauth Fix AuthContext wrapperAndrew Bartlett2011-01-191-2/+13
|
* s4-auth Allow NULL methods to be specified to auth_context_create_methods()Andrew Bartlett2011-01-191-14/+3
| | | | | | | This allows us to init an auth context that isn't going to do any NTLM authentication, but is used by other subsystems. Andrew Bartlett
* s4-gensec Remove special case 'for SASL' that is not required any more.Andrew Bartlett2011-01-191-13/+0
| | | | | | | | I've examined the code paths involved, and it appears an alternative fix has been made in the ldap_server/ldap_bind.c code, and there is no code path that uses this behaviour. Andrew Bartlett
* pygensec: remove special case handling for None for buffersAndrew Tridgell2011-01-191-35/+28
| | | | | | always returning a buffer makes life easier for callers Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-gensec Extend python bindings for GENSEC and the associated testAndrew Bartlett2011-01-181-21/+223
| | | | | | | | | | This now tests a real GENSEC exchange, including wrap and unwrap, using GSSAPI. Therefore, it now needs to access a KDC. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Jan 18 11:41:26 CET 2011 on sn-devel-104
* s4-auth Extend python bindings to allow ldb and message to be specifiedAndrew Bartlett2011-01-183-11/+61
| | | | | | This will allow for some more tokenGroups tests in future. Andrew Bartlett
* s4-pygensec Fix indentation of py_gensec_start_mech_by_name()Andrew Bartlett2011-01-181-11/+11
|
* s4-pygensec Add bindings for server_start() and update()Andrew Bartlett2011-01-181-4/+96
|
* s4-pyauth Add bindings for auth_context_create() as AuthContext()Andrew Bartlett2011-01-182-1/+81
|
* s4-pyauth Use py_talloc_get_type() for greater talloc binding safetyAndrew Bartlett2011-01-182-12/+15
| | | | | | This does a talloc check of the returned pointer before casting it. Andrew Bartlett
* s4-gensec Don't steal the auth_context, reference it.Andrew Bartlett2011-01-182-6/+17
| | | | | | | We don't want to steal this pointer away from the caller if it's been set up from python. Andrew Bartlett
* s4:auth/ntlm/auth_sam.c - fix call to "get_server_info_principal"Matthias Dieter Wallnöfer2011-01-151-7/+7
| | | | | | | | | This should obviously point to the wrapper not the call itself. Found out by Tru64 host build warning. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Jan 15 18:05:59 CET 2011 on sn-devel-104
* s4-auth: fixed status return Andrew Tridgell2011-01-141-1/+1
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-auth Add get and set methods for auth_session_info python wrapperAndrew Bartlett2011-01-142-7/+73
| | | | | | | | | This allows the session key, security_token and credentials to be manipulated from python. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
* s4-auth Add function to obtain any user's session_info from a given LDBAndrew Bartlett2011-01-146-81/+209
| | | | | | | | | | | This will be a building block for a tokenGroups test, which can compare against a remote server (in particular the rootDSE) against what we would calculate the tokenGroups to be. (this meant moving some parts out of the auth_sam code into the containing library) Andrew Bartlett
* s4-auth use new dsdb_expand_nested_groups()Andrew Bartlett2011-01-142-152/+11
| | | | | | | | This isn't quite as good as using tokenGroups, but that is only available for BASE searches, and this isn't how the all the callers work at the moment. Andrew Bartlett
* s4:gensec/schannel: use netsec_outgoing_sig_size() to get the signature sizeStefan Metzmacher2011-01-031-1/+6
| | | | metze
* heimdal_build: Add missing dependencies when building with system heimdal.Jelmer Vernooij2011-01-011-1/+1
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Jan 1 04:46:35 CET 2011 on sn-devel-104
* s4:auth/session.h - use a forward declaration for type "struct ldb_context"Matthias Dieter Wallnöfer2010-12-211-1/+1
| | | | | | | And remove the now obsolete one for "struct tevent_context" Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Dec 21 11:17:34 CET 2010 on sn-devel-104
* s4-auth Ensure that we always copy across domain groupsAndrew Bartlett2010-12-211-13/+13
| | | | | | | | | | | Even if we can't calculate the local groups (because we don't have a local SAM to do it with) we still need to include the domain groups in the session_info token. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Dec 21 05:56:22 CET 2010 on sn-devel-104
* s4-auth Remove duplicate copies of session_info creation codeAndrew Bartlett2010-12-213-153/+24
| | | | | | | | | We now just do or do not call into LDB based on some flags. This means there may be some more link time dependencies, but we seem to deal with those better now. Andrew Bartlett
* s4-auth rework session_info handling not to require an auth contextAndrew Bartlett2010-12-214-13/+26
| | | | | | | This reverts a previous move to have this based around the auth subsystem, which just spread auth deps all over unrelated code. Andrew Bartlett
* s4-auth Remove event context from privilage database handlingAndrew Bartlett2010-12-211-1/+0
| | | | | | | These local TDB operations can quite safely be handled in a new/nested event context, rather than using the main event context. Andrew Bartlett
* s4-auth Remove obsolete commentAndrew Bartlett2010-12-211-7/+0
| | | | | | | The code that this referred to went away in September with 7dbfeb0dc040889244a1110940af2d070f823374 Andrew Bartlett
* s4:auth/gensec/spnego.c - remove unused variable "principal"Matthias Dieter Wallnöfer2010-12-211-1/+0
|
* s4:gensec/spnego: only look at the optimistic token if we support the first mechStefan Metzmacher2010-12-141-4/+20
| | | | | | | | | | | | | | | As a server only try the mechs the client proposed and only call gensec_update() with the optimistic token for the first mech in the list. If the server doesn't support the first mech we pick the first one in the clients list we also support. That's how w2k8r2 works. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Dec 14 16:50:50 CET 2010 on sn-devel-104
* s4-smbtorture: Make test names lowercase and dot-separated.Jelmer Vernooij2010-12-111-2/+1
| | | | | | | | This is consistent with the test names used by selftest, should make the names less confusing and easier to integrate with other tools. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 11 04:16:13 CET 2010 on sn-devel-104
* s4-spnego Match Windows 2008, and no longer supply a name in the CIFS NegprotAndrew Bartlett2010-12-091-10/+1
| | | | | | | Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 9 08:50:28 CET 2010 on sn-devel-104
* s4-pkgconfig: add @LIB_RPATH@ to our link flagsAndrew Tridgell2010-12-081-1/+1
| | | | | | | | this is only set when rpath is used on install. It ensures that applications that link against Samba libraries get the rpath right Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Dec 8 12:46:00 CET 2010 on sn-devel-104
* s4-spnego use "not_defined_in_RFC4178@please_ignore" if no principal specifiedAndrew Bartlett2010-12-081-0/+2
| | | | | | | We need to make this the default, but for now just send it if we have not been given a target principal. Andrew Bartlett
* libcli/auth bring ADS_IGNORE_PRINCIPAL in commonAndrew Bartlett2010-12-081-1/+2
|
* s4:auth/gensec/gensec_krb5.c - fix/reorder memory free operationsMatthias Dieter Wallnöfer2010-12-041-3/+15
| | | | To prevent memory leaks
* s4:auth/gensec/gensec_krb5.c - remove a pointless "nt_status" testMatthias Dieter Wallnöfer2010-12-041-8/+3
| | | | There is no operation which sets the "nt_status" before the "if".
* s4:auth/kerberos/kerberos_pac.c - fix another memory leak regarding the KRB ↵Matthias Dieter Wallnöfer2010-12-041-1/+4
| | | | | | | | | principal In addition fix a counter type Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Dec 4 15:14:46 CET 2010 on sn-devel-104
* s4:dsdb/common/util_samr.c and auth/sam.c - fix error messageMatthias Dieter Wallnöfer2010-12-041-1/+1
|
* s4:auth/sam.c - when printing out a string buffer we don't strictly need the ↵Matthias Dieter Wallnöfer2010-12-031-2/+2
| | | | | | | | | width The precision (maximum numbers of characters) should be enough. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Dec 3 10:26:39 CET 2010 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-09-04 17:16:55 +0000