summaryrefslogtreecommitdiffstats
path: root/source4/auth
Commit message (Collapse)AuthorAgeFilesLines
...
* gensec: Rename want_flags and got_flags in gensec_gssapiAndrew Bartlett2012-01-111-26/+26
| | | | | | | | This make it clearer what type of flags these are. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* gensec: make gensec_gssapi.h commonAndrew Bartlett2012-01-111-67/+0
| | | | | | | | | This will make it easier to share elements of the GSSAPI gensec mechs, in much the same way elements of the NTLMSSP mech are shared. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* gensec: move gensec_util.c to the top levelAndrew Bartlett2012-01-113-104/+1
| | | | | | | | To do this some defines need to move to common_auth.h Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* auth: make auth4_context common to provide access to generate_session_info_pac()Andrew Bartlett2012-01-111-52/+0
| | | | | | | | | | By providing this context, a function pointer for generate_session_info_pac() can be inserted into gensec, allowing the s3 PAC processing in an otherwise more generic gensec module. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* krb5: Require krb5_set_real_time is available to build with krb5Andrew Bartlett2012-01-101-4/+0
|
* s4-kerberos: remove some unused prototypes.Günther Deschner2012-01-091-22/+0
| | | | | | | | | These are defined in the krb5 abstraction headers elsewhere. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Jan 9 14:32:08 CET 2012 on sn-devel-104
* ntlmssp: merge initial packet implementationsAndrew Bartlett2012-01-061-6/+25
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:pygensec: add session_key() methodStefan Metzmacher2012-01-041-0/+29
| | | | metze
* s4-gensec: Rename memory contexts in gensec_util for greater clarityAndrew Bartlett2011-12-291-2/+2
| | | | | | | | This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba. Thankyou Simo for the suggestion. Andrew Bartlett
* s4-gensec: Rename memory contexts in gensec_krb5 for greater clarityAndrew Bartlett2011-12-291-16/+16
| | | | | | | | This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba. Thankyou Simo for the suggestion. Andrew Bartlett
* s4-gensec: Rename memory contexts in gensec_gssapi for greater clarityAndrew Bartlett2011-12-291-16/+16
| | | | | | | | This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba. Thankyou Simo for the suggestion. Andrew Bartlett
* s4-auth: Rename memory contexts for greater clarityAndrew Bartlett2011-12-292-10/+10
| | | | | | | | This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba. Thankyou Simo for the suggestion. Andrew Bartlett
* s4-gensec remove auth_session dep from gensec_gssapi.cAndrew Bartlett2011-12-291-1/+1
| | | | | Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 29 05:37:11 CET 2011 on sn-devel-104
* s4-gensec Remove fallback for simple privilegesAndrew Bartlett2011-12-291-6/+2
| | | | | | | | | This makes the dependencies simpler, as this code path is no longer required. (That is, it makes no sense to have an NTLM login without an auth context, and the gensec_gssapi and gensec_krb5 modules call the PAC blob function below instead). Andrew Bartlett
* s4-torture: Demonstrate handling of the PAC in a custom auth_contextAndrew Bartlett2011-12-292-59/+5
| | | | | | | This demonstrates how a different function pointer can be supplied to handle the PAC blob, without depending on the provisioned samdb etc. Andrew Bartlett
* s4-pyauth: Make sure event context allows nestingAndrew Bartlett2011-12-291-1/+2
|
* s4-gensec: Move parsing of the PAC blob and creating the session_info into authAndrew Bartlett2011-12-298-169/+247
| | | | | | | | | | | | | This uses a single callback to handle the PAC from the DATA_BLOB format until it becomes a struct auth_session_info. This allows a seperation between the GSS acceptor code and the PAC interpretation code based on the supplied auth context. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 29 01:10:59 CET 2011 on sn-devel-104
* s4-gensec: fix cyrus sasl module after update() protype changeAndrew Bartlett2011-12-291-0/+1
|
* s4-auth Remove unused auth_context_create_from_ldb()Andrew Bartlett2011-12-282-27/+0
|
* s4-gensec: Allow a PAC to be obtained from any GSS mechAndrew Bartlett2011-12-281-7/+0
| | | | | | | This may allow Luke Howard's moonshot to work with a little less effort at some point in the future. Andrew Bartlett
* auth/kerberos: Move gssapi_parse.c to the top levelAndrew Bartlett2011-12-282-123/+2
| | | | | | This will help with writing a gensec module for the s3 gse layer. Andrew Bartlett
* s4-ntlmssp Do not allow LM key without a LM passwordAndrew Bartlett2011-12-281-3/+5
|
* auth: Allow a NULL principal to be obtained from the credentialsAndrew Bartlett2011-12-072-3/+14
| | | | | | This is important when trying to let GSSAPI search the keytab. Andrew Bartlett
* Revert making public of the samba-module library.Jelmer Vernooij2011-12-032-4/+4
| | | | | | | | | | | | | | | This library was tiny - containing just two public functions than were themselves trivial. The amount of overhead this causes isn't really worth the benefits of sharing the code with other projects like OpenChange. In addition, this code isn't really generically useful anyway, as it can only load from the module path set for Samba at configure time. Adding a new library was breaking the API/ABI anyway, so OpenChange had to be updated to cope with the new situation one way or another. I've added a simpler (compatible) routine for loading modules to OpenChange, which is less than 100 lines of code. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
* s4:gensec/spnego: only try the mechs that match the client given onesStefan Metzmacher2011-11-301-0/+4
| | | | | | | | | | | | | | | | | | | | | Windows-Members of NT4/Samba3 domains, send MechTypes: 1.3.6.1.4.1.311.2.2.10 [NTLMSSP] 1.2.840.48018.1.2.2 [krb5 broken] 1.2.840.113554.1.2.2 [krb5] MechToken for NTLMSSP. This patch makes sure we start NTLMSSP with the given MechToken, instead of trying to pass the NTLMSSP MechToken to the krb5 backend first. As that would fail the authentication with an error instead of trying fallbacks. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Nov 30 17:03:29 CET 2011 on sn-devel-104
* s4-samba-tool: Add --principal argument to samba-tool domain exportkeytabAndrew Bartlett2011-11-291-61/+134
| | | | | | | | | | | | | This allows only a particular principal to be exported to the keytab. This is useful when setting up unix servers in a Samba controlled domain. Based on a request by Gémes Géza <geza@kzsdabas.hu> Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Nov 29 09:20:55 CET 2011 on sn-devel-104
* s4-auth log details about any token we fail to convert to a unix tokenAndrew Bartlett2011-11-181-0/+17
| | | | | | | Now that entries are being added into the idmap DB from Samba3, and may be UID or GID but not BOTH, failures are more likely. Andrew Bartlett
* lib/util Rename samba_init_module_fns_run -> samba_module_init_fns_runAndrew Bartlett2011-10-281-1/+1
| | | | | | | This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
* lib/util Rename samba_init_module_fn -> samba_module_init_fnAndrew Bartlett2011-10-281-1/+1
| | | | | | | This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
* lib/util Split samba-modules library into public and private partsAndrew Bartlett2011-10-282-2/+2
| | | | | | | This will allow OpenChange to get at the symbols it needs, without exposing any more of this as a public API than we must. Andrew Bartlett
* lib/util Rename run_init_functions -> samba_init_module_fns_runAndrew Bartlett2011-10-281-1/+1
| | | | | | | This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
* lib/util Rename init_module_fn to samba_init_module_fnAndrew Bartlett2011-10-281-1/+1
| | | | | | This prepares for making the samba_module.h header public again, for OpenChange. I am keen to avoid too much API namespace pollution if we can.
* idl: Improve MS-PAC IDLSimo Sorce2011-10-241-5/+9
| | | | | | | | | | Change some misleading variable names to reflect the actual function. Add missing field name/types previously marked as unkown. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
* s4:auth/unix_token: match s3 behavior and add uid/gid to the groups arrayStefan Metzmacher2011-10-181-17/+31
| | | | | | | | | If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
* gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett2011-10-187-42/+49
| | | | | | | | | | | | This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* gensec: move event-using code to gensec_update() hooks out of gensec_start*()Andrew Bartlett2011-10-183-39/+77
| | | | | | | This ensures that only gensec_update() will require an event context argument when the API is refactored. Andrew Bartlett
* s4-auth: match the new s3 gensec client and always negotiate SIGN with SEALAndrew Bartlett2011-10-181-0/+1
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* ntlmssp: Prepare gensec_ntlmssp_start() for broader useAndrew Bartlett2011-10-182-4/+28
| | | | | | | | This moves the allocation of the ntlmssp pointer back to the callers. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett2011-10-186-286/+11
| | | | | | | | | This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* libcli/auth: Provide a struct loadparm_context to schannel callsAndrew Bartlett2011-10-131-1/+1
| | | | | | This will allow us to pass this down to the tdb_wrap layer. Andrew Bartlett
* auth: move gensec_start.c to the top levelAndrew Bartlett2011-10-117-972/+66
| | | | | | | This does not change who uses gensec for now, but makes it possible to write new gensec modules outside source4/ Andrew Bartlett
* auth: move credentials layer to the top levelAndrew Bartlett2011-10-1114-3656/+4
| | | | | | | | This will allow gensec_start.c to move to the top level. This does not change what code uses the cli_credentials code, but allows the gensec code to be more broadly. Andrew Bartlett
* lib/param move source4 param code to the top levelAndrew Bartlett2011-10-111-1/+1
| | | | | | | | | | | | This is done so that the lpcfg_ functions are available across the whole build, either with the struct loadparm_context loaded from an smb.conf directly or as a wrapper around the source3 param code. This is not the final, merged loadparm, but simply one step to make it easier to solve other problems while we make our slow progress on this difficult problem. Andrew Bartlett
* lib/util: consolidate module loading into common codeAndrew Bartlett2011-10-064-2/+4
| | | | | | This creates a samba-modules private libary that handles the details. Andrew Bartlett
* s4-auth: fixed formatting of some DEBUG() linesAndrew Tridgell2011-10-051-3/+3
| | | | | Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Oct 5 09:45:15 CEST 2011 on sn-devel-104
* s4-auth: rework map_user_info() to use cracknamesAndrew Tridgell2011-10-042-13/+215
| | | | | | | | | | | | | to properly support multi-domain forests we need to determine if an incoming username is part of a known forest domain or not. To do this for all possible SPN forms, we need to use CrackNames. This changes map_user_info() to use CrackNames if a SAM context is available, and asks the CrackNames services to parse the incoming username and domain into a NT4 form, which can then be used in the SAM. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-sam: don't look in GC NCs for user accountsAndrew Tridgell2011-10-041-2/+6
| | | | | | We need to exclude GC partial replica naming contexts from SAM lookups Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:auth - remove unused variablesMatthias Dieter Wallnöfer2011-09-192-2/+0
| | | | Reviewed-by: Jelmer
* build: make LIBWBCLIENT_OLD and auth_unix_token librariesAndrew Bartlett2011-09-081-5/+6
| | | | | | This assists with avoiding duplicate symbols. Andrew Bartlett
* s4:auth/gensec: gensec.h was moved to gensec_runtimeStefan Metzmacher2011-09-061-1/+1
| | | | metze
generated by cgit (git 2.34.1) at 2025-09-27 09:12:06 +0000