summaryrefslogtreecommitdiffstats
path: root/source4/auth
Commit message (Collapse)AuthorAgeFilesLines
...
* libcli/security Use common security.hAndrew Bartlett2010-10-121-1/+1
| | | | | | | | | | This includes dom_sid.h and security_token.h and will be moved to the top level shortly. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 03:35:36 UTC 2010 on sn-devel-104
* s4-credentials Allocate ldb result on correct memory contextAndrew Bartlett2010-10-121-1/+1
|
* libcli/security Add debug class to security_token_debug() et alAndrew Bartlett2010-10-121-1/+1
| | | | | | This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett
* samdb_common, ntlm: Add missing dependency on libsamba-hostconfig.Jelmer Vernooij2010-10-111-1/+1
|
* s4-credentials Add explicit event context handling to Kerberos calls (only)Andrew Bartlett2010-10-1111-81/+183
| | | | | | | | | | | | | | By setting the event context to use for this operation (only) onto the krb5_context just before we call that operation, we can try and emulate the specification of an event context to the actual send_to_kdc() This eliminates the specification of an event context to many other cli_credentials calls, and the last use of event_context_find() Special care is taken to restore the event context in the event of nesting in the send_to_kdc function. Andrew Bartlett
* s4-param Refactor secrets code to not require an event context.Andrew Bartlett2010-10-111-1/+1
| | | | | | | | A new event context is constructed by LDB when required for secrets.ldb This will be essentially unused, as LDB on TDB will only trigger 'fake' events, and blocks on transactions and lock operations anyway. Andrew Bartlett
* s4-kerberos Remove unused parameterAndrew Bartlett2010-10-112-3/+1
|
* s4-kerberos Remove unsued variableAndrew Bartlett2010-10-111-1/+0
|
* credentials: Avoid unnecessary includes.Jelmer Vernooij2010-10-111-2/+0
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 13:01:36 UTC 2010 on sn-devel-104
* credentials: Fix the build.Jelmer Vernooij2010-10-115-2/+7
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 02:47:50 UTC 2010 on sn-devel-104
* credentials: Split up into several subsystems.Jelmer Vernooij2010-10-115-10/+22
|
* kerberos_util: Put into separate subsystem.Jelmer Vernooij2010-10-114-3/+11
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 00:34:56 UTC 2010 on sn-devel-104
* auth: Remove unnecessary dependencies, fix formatting.Jelmer Vernooij2010-10-101-2/+2
|
* credentials: Move code that doesn't need any external dependencies intoJelmer Vernooij2010-10-103-144/+147
| | | | credentials.c.
* gensec: Support building without any linked-in modules.Jelmer Vernooij2010-10-101-0/+4
|
* samdb: Add flags argument to samdb_connect().Jelmer Vernooij2010-10-101-1/+1
|
* Add missing dependencies for com_err.Jelmer Vernooij2010-10-053-2/+3
|
* heimdal: Fix name of hx509 library.Jelmer Vernooij2010-10-051-1/+1
|
* heimdal: Fix library name of gssapi.Jelmer Vernooij2010-10-052-2/+2
|
* s4-gensec Always honour the set server principalAndrew Bartlett2010-10-021-1/+1
| | | | | | | | | | The spengo code won't set this unless it is allowed to by this same option, but other callers may need it. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Oct 2 02:27:39 UTC 2010 on sn-devel-104
* s4-kerberos Don't regenerate key values for each alias in keytabAndrew Bartlett2010-10-021-43/+35
| | | | | | | | | Instead, store the same key value under the multiple alias names. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Oct 2 00:16:52 UTC 2010 on sn-devel-104
* s4-auth Add make_server_info_pac() to include 'resource domain' groupsAndrew Bartlett2010-10-022-5/+40
| | | | | | | | Previously, our PAC code didn't include these groups into the server_info from which we would eventually calculate the full list of tokenGroups. Andrew Bartlett
* s4-auth Allocate domain SIDs under the sids array, not server_infoAndrew Bartlett2010-10-021-1/+1
| | | | Andrew Bartlett
* s4-auth: fixed a vagrind error when creating keytabsAndrew Tridgell2010-10-011-0/+3
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-sam: added DOMAIN_RID_ENTERPRISE_READONLY_DCS for RODCs in the PACAndrew Tridgell2010-09-291-0/+16
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-sam: fixed termination of krbtgt_attrs (comma and NULL)Andrew Tridgell2010-09-281-4/+4
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-kdc Use msDS-SecondaryKrbTgtNumber to fill in the full KVNOAndrew Bartlett2010-09-291-0/+1
| | | | Andrew Bartlett
* s4-auth: removed unused variable dom_sidAndrew Tridgell2010-09-271-1/+1
|
* s4:gensec_tstream: remove plain socket handlingStefan Metzmacher2010-09-281-124/+12
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 04:54:24 UTC 2010 on sn-devel-104
* s4:gensec: add gensec_create_tstream()Stefan Metzmacher2010-09-283-1/+764
| | | | | | Based on the initial patch from Andreas Schneider <asn@redhat.com>. metze
* s4-gensec: fixed a valgrind error in gensecAndrew Tridgell2010-09-261-12/+2
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:schannel: handle move flag combinations in the serverStefan Metzmacher2010-09-261-13/+23
| | | | | | This fixes some testsuites in the CIFS plugfest. metze
* s4-auth: fixed the SID list for DCs in the PACAndrew Tridgell2010-09-263-19/+16
| | | | | | | | | | | the S-1-5-9 SID is added in the PAC by the KDC, not on the server that receives the PAC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sun Sep 26 07:09:08 UTC 2010 on sn-devel-104
* s4-kerberos Don't segfault if the password isn't specified in keytab generationAndrew Bartlett2010-09-261-0/+7
| | | | | | | Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Sep 26 03:29:34 UTC 2010 on sn-devel-104
* s4-pycredentials: avoid a tallloc_free on refAndrew Tridgell2010-09-251-1/+1
| | | | with the new py object structure, we need to unlink not free
* s4-kerberos Rework keytab handling to export servicePrincipalName entriesAndrew Bartlett2010-09-242-126/+164
| | | | | | | This creates keytab entries with all the servicePrincipalNames listed in the secrets.ldb entry. Andrew Bartlett
* s4-kerberos Move 'set key into keytab' code out of credentials.Andrew Bartlett2010-09-245-208/+234
| | | | | | | | This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
* s4-kerberos Fix kerberos_enctype_bitmap_to_enctypes()Andrew Bartlett2010-09-241-2/+3
| | | | | | The previous code never worked Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-gensec: fixed a client side bug in GENSEC/SASL/SSF negotiationAndrew Tridgell2010-09-231-7/+10
| | | | | | this is the client side equivalent change for the previous fix Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-gensec: prevent a double free in the error path of GSSAPI authAndrew Tridgell2010-09-231-1/+0
| | | | | | the caller frees mem_ctx, so we shouldn't Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-gensec: fixed a GSSAPI SASL negotiation bugAndrew Tridgell2010-09-231-11/+14
| | | | | | | | | | Fixed a bug that affected mismatched negotiation between the GSSAPI layer and the SASL SSF subsequent negotiation. This caused some ldap clients to hang when trying to authentication with a Samba LDAP server. The client thought the connection should be signed, the server thought it should be in plain text Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-selftest: Move credentials tests to standard python directory.Jelmer Vernooij2010-09-221-100/+0
|
* s4-param: Fix more memory leaks, invalid memory context.Jelmer Vernooij2010-09-223-19/+71
|
* s4-param: Check type when converting python object to lp_ctx, fix someJelmer Vernooij2010-09-223-4/+31
| | | | memory leaks.
* pygensec: Implement start_mech_by_name().Jelmer Vernooij2010-09-222-8/+30
|
* s4-selftest: Move more tests to scripting/python, simplifies running of tests.Jelmer Vernooij2010-09-212-72/+0
|
* libcli/auth/ntlmssp Be clear about talloc parents for session keysAndrew Bartlett2010-09-161-0/+5
| | | | | | | | | | The previous API was not clear as to who owned the returned session key. This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code, and avoids making allocations - we steal and zero instead. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-kerberos: obey the credentials setting for forwardable ticketsAndrew Tridgell2010-09-163-27/+40
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-pycredentials: expose forwardable setting via pythonAndrew Tridgell2010-09-161-0/+16
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-credentials: added ability to control forwardable attribute on krb5 ticketsAndrew Tridgell2010-09-162-0/+24
| | | | | | | with the latest bind9 nsupdate, we need to be able to control if the ticket we use is forwardable Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
generated by cgit (git 2.34.1) at 2025-09-27 23:19:59 +0000