summaryrefslogtreecommitdiffstats
path: root/source4/auth
Commit message (Collapse)AuthorAgeFilesLines
* auth: Allow a NULL principal to be obtained from the credentialsAndrew Bartlett2011-12-072-3/+14
| | | | | | This is important when trying to let GSSAPI search the keytab. Andrew Bartlett
* Revert making public of the samba-module library.Jelmer Vernooij2011-12-032-4/+4
| | | | | | | | | | | | | | | This library was tiny - containing just two public functions than were themselves trivial. The amount of overhead this causes isn't really worth the benefits of sharing the code with other projects like OpenChange. In addition, this code isn't really generically useful anyway, as it can only load from the module path set for Samba at configure time. Adding a new library was breaking the API/ABI anyway, so OpenChange had to be updated to cope with the new situation one way or another. I've added a simpler (compatible) routine for loading modules to OpenChange, which is less than 100 lines of code. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
* s4:gensec/spnego: only try the mechs that match the client given onesStefan Metzmacher2011-11-301-0/+4
| | | | | | | | | | | | | | | | | | | | | Windows-Members of NT4/Samba3 domains, send MechTypes: 1.3.6.1.4.1.311.2.2.10 [NTLMSSP] 1.2.840.48018.1.2.2 [krb5 broken] 1.2.840.113554.1.2.2 [krb5] MechToken for NTLMSSP. This patch makes sure we start NTLMSSP with the given MechToken, instead of trying to pass the NTLMSSP MechToken to the krb5 backend first. As that would fail the authentication with an error instead of trying fallbacks. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Nov 30 17:03:29 CET 2011 on sn-devel-104
* s4-samba-tool: Add --principal argument to samba-tool domain exportkeytabAndrew Bartlett2011-11-291-61/+134
| | | | | | | | | | | | | This allows only a particular principal to be exported to the keytab. This is useful when setting up unix servers in a Samba controlled domain. Based on a request by Gémes Géza <geza@kzsdabas.hu> Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Nov 29 09:20:55 CET 2011 on sn-devel-104
* s4-auth log details about any token we fail to convert to a unix tokenAndrew Bartlett2011-11-181-0/+17
| | | | | | | Now that entries are being added into the idmap DB from Samba3, and may be UID or GID but not BOTH, failures are more likely. Andrew Bartlett
* lib/util Rename samba_init_module_fns_run -> samba_module_init_fns_runAndrew Bartlett2011-10-281-1/+1
| | | | | | | This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
* lib/util Rename samba_init_module_fn -> samba_module_init_fnAndrew Bartlett2011-10-281-1/+1
| | | | | | | This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
* lib/util Split samba-modules library into public and private partsAndrew Bartlett2011-10-282-2/+2
| | | | | | | This will allow OpenChange to get at the symbols it needs, without exposing any more of this as a public API than we must. Andrew Bartlett
* lib/util Rename run_init_functions -> samba_init_module_fns_runAndrew Bartlett2011-10-281-1/+1
| | | | | | | This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
* lib/util Rename init_module_fn to samba_init_module_fnAndrew Bartlett2011-10-281-1/+1
| | | | | | This prepares for making the samba_module.h header public again, for OpenChange. I am keen to avoid too much API namespace pollution if we can.
* idl: Improve MS-PAC IDLSimo Sorce2011-10-241-5/+9
| | | | | | | | | | Change some misleading variable names to reflect the actual function. Add missing field name/types previously marked as unkown. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
* s4:auth/unix_token: match s3 behavior and add uid/gid to the groups arrayStefan Metzmacher2011-10-181-17/+31
| | | | | | | | | If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
* gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett2011-10-187-42/+49
| | | | | | | | | | | | This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* gensec: move event-using code to gensec_update() hooks out of gensec_start*()Andrew Bartlett2011-10-183-39/+77
| | | | | | | This ensures that only gensec_update() will require an event context argument when the API is refactored. Andrew Bartlett
* s4-auth: match the new s3 gensec client and always negotiate SIGN with SEALAndrew Bartlett2011-10-181-0/+1
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* ntlmssp: Prepare gensec_ntlmssp_start() for broader useAndrew Bartlett2011-10-182-4/+28
| | | | | | | | This moves the allocation of the ntlmssp pointer back to the callers. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett2011-10-186-286/+11
| | | | | | | | | This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* libcli/auth: Provide a struct loadparm_context to schannel callsAndrew Bartlett2011-10-131-1/+1
| | | | | | This will allow us to pass this down to the tdb_wrap layer. Andrew Bartlett
* auth: move gensec_start.c to the top levelAndrew Bartlett2011-10-117-972/+66
| | | | | | | This does not change who uses gensec for now, but makes it possible to write new gensec modules outside source4/ Andrew Bartlett
* auth: move credentials layer to the top levelAndrew Bartlett2011-10-1114-3656/+4
| | | | | | | | This will allow gensec_start.c to move to the top level. This does not change what code uses the cli_credentials code, but allows the gensec code to be more broadly. Andrew Bartlett
* lib/param move source4 param code to the top levelAndrew Bartlett2011-10-111-1/+1
| | | | | | | | | | | | This is done so that the lpcfg_ functions are available across the whole build, either with the struct loadparm_context loaded from an smb.conf directly or as a wrapper around the source3 param code. This is not the final, merged loadparm, but simply one step to make it easier to solve other problems while we make our slow progress on this difficult problem. Andrew Bartlett
* lib/util: consolidate module loading into common codeAndrew Bartlett2011-10-064-2/+4
| | | | | | This creates a samba-modules private libary that handles the details. Andrew Bartlett
* s4-auth: fixed formatting of some DEBUG() linesAndrew Tridgell2011-10-051-3/+3
| | | | | Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Oct 5 09:45:15 CEST 2011 on sn-devel-104
* s4-auth: rework map_user_info() to use cracknamesAndrew Tridgell2011-10-042-13/+215
| | | | | | | | | | | | | to properly support multi-domain forests we need to determine if an incoming username is part of a known forest domain or not. To do this for all possible SPN forms, we need to use CrackNames. This changes map_user_info() to use CrackNames if a SAM context is available, and asks the CrackNames services to parse the incoming username and domain into a NT4 form, which can then be used in the SAM. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-sam: don't look in GC NCs for user accountsAndrew Tridgell2011-10-041-2/+6
| | | | | | We need to exclude GC partial replica naming contexts from SAM lookups Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:auth - remove unused variablesMatthias Dieter Wallnöfer2011-09-192-2/+0
| | | | Reviewed-by: Jelmer
* build: make LIBWBCLIENT_OLD and auth_unix_token librariesAndrew Bartlett2011-09-081-5/+6
| | | | | | This assists with avoiding duplicate symbols. Andrew Bartlett
* s4:auth/gensec: gensec.h was moved to gensec_runtimeStefan Metzmacher2011-09-061-1/+1
| | | | metze
* gensec: Install header file.Jelmer Vernooij2011-08-211-0/+1
|
* samba-credentials: Add pkg-config file.Jelmer Vernooij2011-08-212-0/+12
|
* credentials: Rename library to samba-credentials to avoid name clashes.Jelmer Vernooij2011-08-185-14/+14
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu Aug 18 22:16:38 CEST 2011 on sn-devel-104
* Use public pytalloc header file.Jelmer Vernooij2011-08-141-1/+1
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Aug 14 17:18:46 CEST 2011 on sn-devel-104
* s4:misc: remove last usage of legacy event_ fn namesSimo Sorce2011-08-141-3/+3
| | | | | Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Sun Aug 14 00:38:13 CEST 2011 on sn-devel-104
* pytalloc: Use consistent prefix for functions, add ABI file.Jelmer Vernooij2011-08-105-56/+56
|
* s4:pycredentials: PyArg_ParseTuple("i") requires an 'int' argument.Stefan Metzmacher2011-08-081-6/+30
| | | | | | If we pass variable references we don't get implicit casting! metze
* build: Make credentials a public library for OpenChange to useAndrew Bartlett2011-08-081-1/+1
| | | | | Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Aug 8 14:53:53 CEST 2011 on sn-devel-104
* build: provide tevent-util as a public libraryAndrew Bartlett2011-08-082-2/+2
| | | | | | | This is needed so that OpenChange can get at _tevent_req_nterr(), which is referenced by generated PIDL output. Andrew Bartlett
* pyldb: Consistently use pyldb_ prefix.Jelmer Vernooij2011-08-071-3/+3
|
* ntlmssp: Add ntlmssp_blob_matches_magic()Andrew Bartlett2011-08-031-1/+1
| | | | | | | | | This avoids having the same check in 3 different parts of the code Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Aug 3 12:45:04 CEST 2011 on sn-devel-104
* gensec: Don't keep a second copy of the auth4_context in gensec_ntlmssp_stateAndrew Bartlett2011-08-032-7/+4
| | | | | | | | | The auth4_context is already in the gensec_security structure, which is available by de-reference here anyway. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-ntlmssp Add hooks to optionally call into GENSEC in auth_ntlmsspAndrew Bartlett2011-08-032-0/+2
| | | | | | | | | | This allows the current behaviour of the NTLMSSP code to be unchanged while adding a way to hook in an alternate implementation via an auth module. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* gensec: clarify memory ownership for gensec_session_info() and ↵Andrew Bartlett2011-08-038-45/+37
| | | | | | | | | | | | | | | gensec_session_key() This is slightly less efficient, because we no longer keep a cache on the gensec structures, but much clearer in terms of memory ownership. Both gensec_session_info() and gensec_session_key() now take a mem_ctx and put the result only on that context. Some duplication of memory in the callers (who were rightly uncertain about who was the rightful owner of the returned memory) has been removed to compensate for the internal copy. Andrew Bartlett
* gensec: Remove mem_ctx from calls that do not return memoryAndrew Bartlett2011-08-034-18/+11
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* gensec: split GENSEC into mechanism-dependent and runtime functionsAndrew Bartlett2011-08-039-923/+172
| | | | | | | | | The startup and runtime functions that have no dependencies are moved into the top level. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-auth Fill in the remainder of the unix info in auth_session_infoAndrew Bartlett2011-07-292-5/+45
| | | | | | | Signed-off-by: Andrew Tridgell <tridge@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Jul 29 05:33:03 CEST 2011 on sn-devel-104
* s4-auth Move conversion of security_token to unix_token to authAndrew Bartlett2011-07-296-7/+125
| | | | | | | | This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* gensec: Add a way to request a unix token from GENSECAndrew Bartlett2011-07-293-5/+14
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4auth: Fix the object name for Py_SecurityAmitay Isaacs2011-07-281-1/+1
| | | | | | | Use the object names as <modulename>.<objectname> to correctly generate the object hierarchy in pydoc. Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4auth: Fix the object names for PyCredentials and PyCredentialCacheContainerAmitay Isaacs2011-07-281-2/+2
| | | | | | | Use the object names as <modulename>.<objectname> to correctly generate the object hierarchy in pydoc. Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4auth: Remove duplicate assignment of structure variableAmitay Isaacs2011-07-281-1/+0
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
generated by cgit (git 2.34.1) at 2024-07-02 02:23:44 +0000