Age | Commit message (Collapse) | Author | Files | Lines |
|
There is no need to return the PAC signatures via the special-purpose
torture element. Instead, use a private pointer on the auth_context
in conjunction with the private PAC processing method.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun Jan 29 23:52:50 CET 2012 on sn-devel-104
|
|
Both use gss_krb5_lucid_context_v1_t now.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jan 25 10:22:31 CET 2012 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jan 18 19:29:40 CET 2012 on sn-devel-104
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jan 13 06:32:30 CET 2012 on sn-devel-104
|
|
metze
|
|
This makes the dependencies easier to handle.
metze
|
|
metze
|
|
metze
|
|
metze
|
|
This is only a hint for the backend, which may want to fragment
update tokens.
metze
|
|
|
|
These are optional to supply - some callers only provide an auth_context for the
other plugin functions, and so we need to deal with this cleanly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This make it clearer what type of flags these are.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This will make it easier to share elements of the GSSAPI gensec mechs,
in much the same way elements of the NTLMSSP mech are shared.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
To do this some defines need to move to common_auth.h
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
By providing this context, a function pointer for
generate_session_info_pac() can be inserted into gensec, allowing the
s3 PAC processing in an otherwise more generic gensec module.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
The fact that this function is unimplemented is unimportant to the callers
as credential caches are not handled via the auth/credentials code in s3.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Jan 9 03:24:36 CET 2012 on sn-devel-104
|
|
This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba.
Thankyou Simo for the suggestion.
Andrew Bartlett
|
|
This uses a single callback to handle the PAC from the DATA_BLOB
format until it becomes a struct auth_session_info.
This allows a seperation between the GSS acceptor code and the PAC
interpretation code based on the supplied auth context.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 29 01:10:59 CET 2011 on sn-devel-104
|
|
|
|
This will help with writing a gensec module for the s3 gse layer.
Andrew Bartlett
|
|
When this returns false, the hash value is not correct as the password
could not be converted into an uppercase, 14 char or less ASCII string.
Andrew Bartlett
|
|
This will allow s3 to specify modules to use as a list, rather than
needing to start the individual module with gensec_start_mech_by_ops()
Andrew Bartlett
|
|
This allows dlz_bind9 to match on exactly the same key as bind9 itself
Andrew Bartlett
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Dec 7 02:20:10 CET 2011 on sn-devel-104
|
|
This library was tiny - containing just two public functions than were
themselves trivial. The amount of overhead this causes isn't really worth the
benefits of sharing the code with other projects like OpenChange. In addition, this code
isn't really generically useful anyway, as it can only load from the module path
set for Samba at configure time.
Adding a new library was breaking the API/ABI anyway, so OpenChange had to be
updated to cope with the new situation one way or another. I've added a simpler
(compatible) routine for loading modules to OpenChange, which is less than 100 lines of code.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
|
|
[-Wunused-but-set-variable]" warnings from the new gcc.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Nov 21 23:39:08 CET 2011 on sn-devel-104
|
|
this fixes error checking. Test failures were not being detected
otherwise
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
|
|
This is to provide a cleaner namespace in the public samba plugin
functions.
Andrew Bartlett
|
|
This is to provide a cleaner namespace in the public samba plugin
functions.
Andrew Bartlett
|
|
This is to provide a cleaner namespace in the public samba plugin
functions.
Andrew Bartlett
|
|
This will allow OpenChange to get at the symbols it needs, without
exposing any more of this as a public API than we must.
Andrew Bartlett
|
|
This is to provide a cleaner namespace in the public samba plugin
functions.
Andrew Bartlett
|
|
This is to provide a cleaner namespace in the public samba plugin
functions.
Andrew Bartlett
|
|
This prepares for making the samba_module.h header public again, for OpenChange.
I am keen to avoid too much API namespace pollution if we can.
|
|
|
|
Change some misleading variable names to reflect the actual function.
Add missing field name/types previously marked as unkown.
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
|
|
We don't talloc_reference for tsocket_addresses.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Oct 24 15:29:47 CEST 2011 on sn-devel-104
|
|
metze
|
|
This avoids keeping the event context around on a the gensec_security
context structure long term.
In the Samba3 server, the event context we either supply is a NULL
pointer as no server-side modules currently use the event context.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
DCE/RPC clients
Because of the calling convention, this is the best place to assert
that we have not been subject to a downgrade attack on the negotiated
features. (In DCE/RPC, this isn't a negotiation, the client simply
specifies the level of protection that is required).
Andrew Bartlett
(some formatting fixes)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
If you do not specify one however, you better know that the modules
you are using do not need one!
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This moves the allocation of the ntlmssp pointer back to the callers.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This brings in the code from both libcli/auth and
source4/auth/ntlmssp.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
smb.conf
If a user specified -W or --realm on the command line, then this is
of level SPECIFIED, not UNINITIALISED, despite it going via the
loadparm system.
This helps us to ensure that -W server -Ulocaluser is parsed the
same as -Userver\localuser. This matters as otherwise we might
instead attempt to use kerberos to the realm from the smb.conf.
Andrew Bartlett
|
|
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 11 06:13:08 CEST 2011 on sn-devel-104
|