summaryrefslogtreecommitdiff
path: root/auth
AgeCommit message (Collapse)AuthorFilesLines
2011-08-08build: provide tevent-util as a public libraryAndrew Bartlett1-1/+1
This is needed so that OpenChange can get at _tevent_req_nterr(), which is referenced by generated PIDL output. Andrew Bartlett
2011-08-03gensec: clarify memory ownership for gensec_session_info() and ↵Andrew Bartlett2-6/+11
gensec_session_key() This is slightly less efficient, because we no longer keep a cache on the gensec structures, but much clearer in terms of memory ownership. Both gensec_session_info() and gensec_session_key() now take a mem_ctx and put the result only on that context. Some duplication of memory in the callers (who were rightly uncertain about who was the rightful owner of the returned memory) has been removed to compensate for the internal copy. Andrew Bartlett
2011-08-03gensec: Remove mem_ctx from calls that do not return memoryAndrew Bartlett2-8/+4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03gensec: split GENSEC into mechanism-dependent and runtime functionsAndrew Bartlett4-0/+836
The startup and runtime functions that have no dependencies are moved into the top level. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20auth: Set NETLOGON_GUEST and use it to determine guest statusAndrew Bartlett1-1/+2
These additional measures should help ensure we do not accidentily upgrade a guest to an authenticated user in the future. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20auth: Move make_user_info_SamBaseInfo() to talloc_strdup and out of memory ↵Andrew Bartlett1-9/+31
checking Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20auth: Split out make_user_info_SamBaseInfo and add authenticated argumentAndrew Bartlett2-29/+62
This will allow the source3 auth code to call this without needing to double-parse the SIDs Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20auth: include auth.idl structures into common_auth.hAndrew Bartlett1-0/+2
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20auth: Preserve guest flag on transition via netr_SamInfo3Andrew Bartlett1-0/+3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20Add my copyrightAndrew Bartlett1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-15auth/kerberos/gssapi_pac: fix compiler warningsStefan Metzmacher1-6/+5
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jun 15 19:06:24 CEST 2011 on sn-devel-104
2011-06-10auth/auth_sam_reply.h: fix licence/copyrightGünther Deschner1-0/+22
Guenther
2011-05-18build: Make auth_sam_reply a libraryAndrew Bartlett1-5/+6
2011-05-08auth: allow auth_common.h to be included multiple times without errorAndrew Bartlett1-0/+5
2011-05-07Fix Samba3 on OpenIndiana.Gordon Ross1-0/+24
I'd like Samba to use the native OpenLDAP and MIT Kerberos libs. Attached are some patches to do that. (relative to git master) It does not build for me without these. (OpenIndiana is an off-shoot of OpenSolaris See http://www.openindiana.org) Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat May 7 02:20:14 CEST 2011 on sn-devel-104
2011-04-27auth/kerberos Add check for gss_inquire_sec_context_by_oidAndrew Bartlett1-4/+10
Not all kerberos distributions have this function. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Apr 27 07:39:08 CEST 2011 on sn-devel-104
2011-04-27auth/kerberos Move all the PAC handling functions to auth/kerberosAndrew Bartlett2-1/+365
2011-04-27auth/kerberos: Create common helper to get the verified PAC from GSSAPIAndrew Bartlett2-0/+126
This only works for Heimdal and MIT Krb5 1.8, other versions will get an ACCESS_DEINED error. We no longer manually verify any details of the PAC in Samba for GSSAPI logins, as we never had the information to do it properly, and it is better to have the GSSAPI library handle it. Andrew Bartlett
2011-02-10s3-waf: fix the build after auth changes.Günther Deschner1-0/+2
Andrews, please check. Guenther
2011-02-10auth Move auth_sam_reply into the top level.Andrew Bartlett3-0/+433
These functions provide conversions between some netlogon.idl and auth.idl structures Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-31s3-auth: remove global include of krb5pac.h.Günther Deschner1-2/+0
Guenther
2010-08-14s3:auth Make Samba3 use the new common struct auth_usersupplied_infoAndrew Bartlett1-3/+3
This common structure will make it much easier to produce an auth module for s3compat that calls Samba4's auth subsystem. In order the make the link work properly (and not map twice), we mark both that we did try and map the user, as well as if we changed the user during the mapping. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14s4:auth Move struct auth_usersupplied_info to a common locationAndrew Bartlett1-0/+63
This also changes the calling convention slightly - we should always allocate this with talloc_zero() to allow some elements to be optional. Some elements may only make sense in Samba3, which I hope will use this common structure. Andrew Bartlett