summaryrefslogtreecommitdiffstats
path: root/source4/auth/gensec
Commit message (Collapse)AuthorAgeFilesLines
* build: provide tevent-util as a public libraryAndrew Bartlett2011-08-081-1/+1
| | | | | | | This is needed so that OpenChange can get at _tevent_req_nterr(), which is referenced by generated PIDL output. Andrew Bartlett
* s3-ntlmssp Add hooks to optionally call into GENSEC in auth_ntlmsspAndrew Bartlett2011-08-032-0/+2
| | | | | | | | | | This allows the current behaviour of the NTLMSSP code to be unchanged while adding a way to hook in an alternate implementation via an auth module. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* gensec: clarify memory ownership for gensec_session_info() and ↵Andrew Bartlett2011-08-036-38/+28
| | | | | | | | | | | | | | | gensec_session_key() This is slightly less efficient, because we no longer keep a cache on the gensec structures, but much clearer in terms of memory ownership. Both gensec_session_info() and gensec_session_key() now take a mem_ctx and put the result only on that context. Some duplication of memory in the callers (who were rightly uncertain about who was the rightful owner of the returned memory) has been removed to compensate for the internal copy. Andrew Bartlett
* gensec: Remove mem_ctx from calls that do not return memoryAndrew Bartlett2011-08-033-16/+11
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* gensec: split GENSEC into mechanism-dependent and runtime functionsAndrew Bartlett2011-08-039-923/+172
| | | | | | | | | The startup and runtime functions that have no dependencies are moved into the top level. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* gensec: Add a way to request a unix token from GENSECAndrew Bartlett2011-07-292-5/+13
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4auth: Fix the object name for Py_SecurityAmitay Isaacs2011-07-281-1/+1
| | | | | | | Use the object names as <modulename>.<objectname> to correctly generate the object hierarchy in pydoc. Signed-off-by: Andrew Tridgell <tridge@samba.org>
* auth: Split out make_user_info_SamBaseInfo and add authenticated argumentAndrew Bartlett2011-07-201-0/+1
| | | | | | | | | This will allow the source3 auth code to call this without needing to double-parse the SIDs Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-auth: quiet down the krb5 warnings when kerberos is not set to 'MUST'Andrew Tridgell2011-06-171-1/+1
| | | | | | | this prevents spurious error messages on client commands when when we will fallback to NTLM authentication Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-gensec bring GSS_S_CONTEXT_EXPIRED into it's own error handlerAndrew Bartlett2011-06-081-0/+59
| | | | | | | | | This allows us to print much more debugging in this critical situation. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Jun 8 04:19:58 CEST 2011 on sn-devel-104
* s4-modules Remove lp_ctx from init functions that no longer need itAndrew Bartlett2011-06-063-5/+5
| | | | | | | | Now that we don't allow the smb.conf to change the modules dir, many functions that simply load modules or initialise a subsytem that may load modules no longer need an lp_ctx. Andrew Bartlett
* s4:gensec_gssapi: avoid delegation if s4u2self/proxy is usedStefan Metzmacher2011-05-181-0/+4
| | | | metze
* s4-auth Rename auth -> auth4 to avoid conflict with s3 authAndrew Bartlett2011-05-083-7/+7
|
* sasl_secret_t ends in a char [1] size. This means the extra character is ↵Jeremy Allison2011-05-041-2/+2
| | | | implicit in the safe_strcpy. When changing to strlcpy ensure we allocate an extra char for it. This fixes a bug where secret->len+1 used with safe_strcpy could actually write into secret->len+2.
* s4-gensec: Use new common 'obtain the PAC' functions.Andrew Bartlett2011-04-271-15/+4
| | | | | | | Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Apr 27 05:08:10 CEST 2011 on sn-devel-104
* libcli/auth Move Samba4's gssapi_error_string from GENSEC to libcli/authAndrew Bartlett2011-04-271-38/+0
| | | | | | This will allow the GSSAPI PAC fetch code to use it. Andrew Bartlett
* libcli/auth Move PAC parsing and verification in common.Andrew Bartlett2011-04-201-2/+2
| | | | | | | | This uses the source3 PAC code (originally from Samba4) with some small changes to restore functionality needed by the torture tests, and to have a common API. Andrew Bartlett
* lib: make asn1_util a private libraryAndrew Tridgell2011-04-061-1/+1
| | | | | | | this prevents symbol duplication of the asn1 symbols in the service and ntvfs subsystems Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* auth: Move auth_session_info into IDLAndrew Bartlett2011-04-051-1/+1
| | | | | | | | | | This changes auth_session_info_transport to just be a wrapper, rather than a copy that has to be kept in sync. As auth_session_info was already wrapped in python, this required changes to the existing pyauth wrapper and it's users. Andrew Bartlett
* s4:python bindings - handle NULL returns from "loadparm_init_global"Matthias Dieter Wallnöfer2011-03-221-0/+10
| | | | | | | Reviewed-by: Jelmer Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Mar 22 19:52:57 CET 2011 on sn-devel-104
* source4/auth/gensec: Fix prototypes for all functions.Jelmer Vernooij2011-03-197-1/+11
|
* s4-nterr: move auth_nt_status_squash to nt_status_squash and move to nterr.cGünther Deschner2011-03-041-1/+1
| | | | Guenther
* build: moved spnego_parse.c into a common subsystemAndrew Tridgell2011-02-241-2/+2
|
* build: moved schannel_sign.c into a shared COMMON_SCHANNEL subsystemAndrew Tridgell2011-02-241-2/+2
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* ldb: use #include <ldb.h> for ldbAndrew Tridgell2011-02-101-1/+1
| | | | | | | | thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett2011-02-094-21/+42
| | | | | | | | | | | | | This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
* s4-gensec Remove special case 'for SASL' that is not required any more.Andrew Bartlett2011-01-191-13/+0
| | | | | | | | I've examined the code paths involved, and it appears an alternative fix has been made in the ldap_server/ldap_bind.c code, and there is no code path that uses this behaviour. Andrew Bartlett
* pygensec: remove special case handling for None for buffersAndrew Tridgell2011-01-191-35/+28
| | | | | | always returning a buffer makes life easier for callers Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-gensec Extend python bindings for GENSEC and the associated testAndrew Bartlett2011-01-181-21/+223
| | | | | | | | | | This now tests a real GENSEC exchange, including wrap and unwrap, using GSSAPI. Therefore, it now needs to access a KDC. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Jan 18 11:41:26 CET 2011 on sn-devel-104
* s4-pygensec Fix indentation of py_gensec_start_mech_by_name()Andrew Bartlett2011-01-181-11/+11
|
* s4-pygensec Add bindings for server_start() and update()Andrew Bartlett2011-01-181-4/+96
|
* s4-pyauth Use py_talloc_get_type() for greater talloc binding safetyAndrew Bartlett2011-01-181-6/+9
| | | | | | This does a talloc check of the returned pointer before casting it. Andrew Bartlett
* s4-gensec Don't steal the auth_context, reference it.Andrew Bartlett2011-01-181-2/+6
| | | | | | | We don't want to steal this pointer away from the caller if it's been set up from python. Andrew Bartlett
* s4:gensec/schannel: use netsec_outgoing_sig_size() to get the signature sizeStefan Metzmacher2011-01-031-1/+6
| | | | metze
* s4-auth Remove duplicate copies of session_info creation codeAndrew Bartlett2010-12-211-6/+10
| | | | | | | | | We now just do or do not call into LDB based on some flags. This means there may be some more link time dependencies, but we seem to deal with those better now. Andrew Bartlett
* s4:auth/gensec/spnego.c - remove unused variable "principal"Matthias Dieter Wallnöfer2010-12-211-1/+0
|
* s4:gensec/spnego: only look at the optimistic token if we support the first mechStefan Metzmacher2010-12-141-4/+20
| | | | | | | | | | | | | | | As a server only try the mechs the client proposed and only call gensec_update() with the optimistic token for the first mech in the list. If the server doesn't support the first mech we pick the first one in the clients list we also support. That's how w2k8r2 works. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Dec 14 16:50:50 CET 2010 on sn-devel-104
* s4-spnego Match Windows 2008, and no longer supply a name in the CIFS NegprotAndrew Bartlett2010-12-091-10/+1
| | | | | | | Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 9 08:50:28 CET 2010 on sn-devel-104
* s4-pkgconfig: add @LIB_RPATH@ to our link flagsAndrew Tridgell2010-12-081-1/+1
| | | | | | | | this is only set when rpath is used on install. It ensures that applications that link against Samba libraries get the rpath right Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Dec 8 12:46:00 CET 2010 on sn-devel-104
* s4-spnego use "not_defined_in_RFC4178@please_ignore" if no principal specifiedAndrew Bartlett2010-12-081-0/+2
| | | | | | | We need to make this the default, but for now just send it if we have not been given a target principal. Andrew Bartlett
* libcli/auth bring ADS_IGNORE_PRINCIPAL in commonAndrew Bartlett2010-12-081-1/+2
|
* s4:auth/gensec/gensec_krb5.c - fix/reorder memory free operationsMatthias Dieter Wallnöfer2010-12-041-3/+15
| | | | To prevent memory leaks
* s4:auth/gensec/gensec_krb5.c - remove a pointless "nt_status" testMatthias Dieter Wallnöfer2010-12-041-8/+3
| | | | There is no operation which sets the "nt_status" before the "if".
* pygensec: Fix initialization.Jelmer Vernooij2010-12-011-1/+1
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Wed Dec 1 02:33:06 CET 2010 on sn-devel-104
* pygensec: Use talloc.Object.Jelmer Vernooij2010-12-011-1/+4
|
* s4:auth/gensec/gensec_tstream.c - quiet warnings on Solaris "cc"Matthias Dieter Wallnöfer2010-11-291-2/+2
|
* s4:auth/gensec/gensec_gssapi.c - always print error messages on the same ↵Matthias Dieter Wallnöfer2010-11-291-2/+2
| | | | talloc context
* s4-gensec: zero the gssapi_stateAndrew Tridgell2010-11-171-1/+1
| | | | | | this fixes a use of the target_principal before initialisation Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-gensec Indicate if GENSEC is in client or server mode in the debugAndrew Bartlett2010-11-151-2/+4
|
* auth/gensec Handle incorrect username or password in Kerberos client codeAndrew Bartlett2010-11-152-0/+3
| | | | | | | Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Nov 15 02:09:40 UTC 2010 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-08-28 16:27:44 +0000