summaryrefslogtreecommitdiff
path: root/source4/auth/auth_util.c
AgeCommit message (Collapse)AuthorFilesLines
2008-02-21Remove more uses of global_loadparm.Jelmer Vernooij1-1/+1
(This used to be commit a1715b1f48ba44bd94844418cc9299649aaf1a5e)
2007-12-21r26413: we should check the return value of talloc_reference()Stefan Metzmacher1-3/+9
metze (This used to be commit 5f49c1b144d811c4d8bd74d786e5c5ef6fa7cbc3)
2007-12-21r26233: Pass loadparm context when creating krb5 contexts.Jelmer Vernooij1-1/+2
(This used to be commit 7780bf285fdfc30f89409d0436bad0d4b6de5cd4)
2007-12-21r26229: Set loadparm context as opaque pointer in ldb, remove more uses of ↵Jelmer Vernooij1-1/+1
global_loadparm. (This used to be commit 37d05fdc7b0e6b3211ba6ae56b1b5da30a6a392a)
2007-12-21r26228: Store loadparm context in auth context, move more loadparm_contexts ↵Jelmer Vernooij1-3/+3
up the call stack. (This used to be commit ba75f1613a9aac69dd5df94dd8a2b37820acd166)
2007-12-21r26127: Move session code out of auth_util.c. No longer making it part of ↵Jelmer Vernooij1-443/+1
auth but making it usable independently will be the next step. (This used to be commit b3fcb8e8103304fede865b02ca5169d5793a571d)
2007-10-10r25552: Convert to standard bool type.Jelmer Vernooij1-6/+6
(This used to be commit b8d6b82f1248d36a0aa91a1c58d06b4f7c66d245)
2007-10-10r25430: Add the loadparm context to all parametric options.Jelmer Vernooij1-1/+1
(This used to be commit fd697d77c9fe67a00939a1f04b35c451316fff58)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij1-8/+8
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25035: Fix some more warnings, use service pointer rather than service ↵Jelmer Vernooij1-2/+3
number in more places. (This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23132: Resolve an issue where we would use the ccache after we free()ed it.Andrew Bartlett1-4/+30
The problem was, we would set the ccache, then invalidate it as we set details from it (like the principal name from the ccache). Instead, set the ccache onto the credentials structure after we are done processing it. Andrew Bartlett (This used to be commit d285bd927c604d930fc44cc84ef3321aa4ce9d9a)
2007-10-10r22385: remove unused includeStefan Metzmacher1-1/+0
metze (This used to be commit c8a210bc6fa2529944bb1303ba06fe0734bdd23e)
2007-10-10r19676: Fix some more dependencies.Jelmer Vernooij1-1/+1
(This used to be commit 8768bec81f57131a0c9754e8121b345c0be4a5d0)
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett1-0/+2
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2007-10-10r17871: Add an option to make the system account behave as anonymous on theAndrew Bartlett1-1/+6
network. This helps where we are trying to talk to an LDAP server, until we share a common SASL authentication scheme. Andrew Bartlett (This used to be commit f9d39dba41441cd5d06964ce0aebef9bcba40759)
2007-10-10r15297: Move create_security_token() to samdb as it requires SAMDB (and the ↵Jelmer Vernooij1-0/+1
rest of LIBSECURITY doesn't) Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal Some other dependency fixes (This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher1-1/+1
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14589: This morning, I think I can spell...Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit fd496d5baf392c8f57fb4192be54aa12639d08d0)
2007-10-10r14494: Add comments to clarify that we deliberatly fall though hereAndrew Bartlett1-1/+4
Andrew Bartlett (This used to be commit ead4087ac878d2317e5331fc9e12503994195a73)
2007-10-10r14380: Reduce the size of structs.hJelmer Vernooij1-1/+1
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+2
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r13851: More doc improvements.Jelmer Vernooij1-1/+1
(This used to be commit 936d26ae64b93ef8f8b2fbc632b1c2fd60840405)
2007-10-10r12816: Ugly hacks to the auth_unix code to make a SYSTEM token for root. IfAndrew Bartlett1-1/+1
we are going to try and have a 'real' NT token for these users, it is going to get messy fast. I want to go down the idmap road, but we don't have the infrustucure for that yet. Andrew Bartlett (This used to be commit c90d5e82ff4836765f328b2acf20fd09ec91189b)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-3/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldbAndrew Bartlett1-2/+0
backend. The idea is that every time we open an LDB, we can provide a session_info and/or credentials. This would allow any ldb to be remote to LDAP. We should also support provisioning to a authenticated ldap server. (They are separate so we can say authenticate as foo for remote, but here we just want a token of SYSTEM). Andrew Bartlett (This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)
2007-10-10r12058: Set an anonymous fallback, if the machine account isn't available.Andrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit 55cb72f5cfe9a2c520c30e11ab34896588e91730)
2007-10-10r11989: Rather than grabbing the machine account details at this point, grabAndrew Bartlett1-10/+1
them 'later'. We will need to handle the errors when we call the get_* methods. Andrew Bartlett (This used to be commit c6e572f87022b57cdfd8178eb5c23df67a92c453)
2007-10-10r11969: got rid of the very annoying 'failed to open /secrets.tdb'Andrew Tridgell1-1/+5
messages. As discussed with Andrew, this will soon be replaced with a system that marks the credentials to use the machine accout from the database rather than pre-loading the machine account details here. The reason we got the annoying messages is this was being called before smb.conf is loaded, so the code doesn't yet know the location of the private directory (This used to be commit 6aeb4bf3fe224a6f81962237bdda329ba828b493)
2007-10-10r11522: Add support for delegated credentials and machine account credentialsAndrew Bartlett1-0/+20
to ldb, based on the sessionInfo we now pass around. Andrew Bartlett (This used to be commit 84e16e4ea7240409f15efd9f64344f9e0cec8111)
2007-10-10r11452: Update Heimdal to current lorikeet, including removing the ccache sideAndrew Bartlett1-0/+2
of the gsskrb5_acquire_cred hack. Add support for delegated credentials into the auth and credentials subsystem, and specifically into gensec_gssapi. Add the CIFS NTVFS handler as a consumer of delegated credentials, when no user/domain/password is specified. Andrew Bartlett (This used to be commit 55b89899adb692d90e63873ccdf80b9f94a6b448)
2007-10-10r11273: Initialise the new server_info->logon_server element.Andrew Bartlett1-0/+6
Andrew Bartlett (This used to be commit bc6f6f9381b1038273f87feb35484dc61dd8bd8e)
2007-10-10r11272: In trying to track down why Win2k3 is again rejecting our PAC, ensureAndrew Bartlett1-0/+1
we can round-trip all the way back to a server_info structure, not just a filled in PAC_DATA. (I was worried about generated fields being incorrect, or some other logical flaw). Andrew Bartlett (This used to be commit 11b1d78cc550c60201d12f8778ca8533712a5b1e)
2007-10-10r10812: Fix capitalisation (thanks tridge).Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit f78982a0f1079b07be6d7bfd9cc0f92c2cebcf1c)
2007-10-10r10810: This adds the hooks required to communicate the current user from theAndrew Bartlett1-0/+115
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2007-10-10r10796: Make getting an anonymous session info a utility function.Andrew Bartlett1-0/+26
Andrew Bartlett (This used to be commit 6021fa373405f8788dc216aae82a3f4a80df4ba7)
2007-10-10r9240: - move struct security_token to the idl file, with this we canStefan Metzmacher1-1/+1
the ndr_pull/push/print functions for it in the ntacl-lsm module - fix compiler warnings in the ldap_encode_ndr_* code metze (This used to be commit 83d65d0d7ed9c240ad44aa2c881c1f07212bfda4)
2007-10-10r8700: Propmted by tridge's need to do plaintext auth in ejs, rework theAndrew Bartlett1-221/+152
user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2007-10-10r8259: We want to oset the provided flags not zeroSimo Sorce1-1/+1
(This used to be commit 50d8ccacca707738f131e47c739dcfacde1311e6)
2007-10-10r8251: fixed a couple of valgrind errors in the unix auth code. Simo, can youAndrew Tridgell1-0/+1
please check that this is what you intended? (This used to be commit a57738769dfb5a47ac49e965750193ecdc903d5a)
2007-10-10r8163: if sidcount is zero it happened that we return NT_STATUS_NO_MEMORY...Stefan Metzmacher1-4/+6
metze (This used to be commit a9ff35a1a24f2d2935e67855fee5011ea528029f)
2007-10-10r8110: More PAC work. I still can't get WinXP to accept the PAC, but we areAndrew Bartlett1-0/+68
much closer. This changes PIDL to allow a subcontext to have a pad8 flag, saying to pad behind to an 8 byte boundary. This is the only way I can explain the 4 trainling zeros in the signature struct. Far more importantly, the PAC code is now under self-test, both in creating/parsing our own PAC, but also a PAC from my win2k3 server. This required changing auth_anonymous, because I wanted to reuse the anonymous 'server_info' generation code. I'm still having trouble with PIDL, particulary as surrounds value(), but I'll follow up on the list. Andrew Bartlett (This used to be commit 50a54bf4e9bf04d2a8e0aebb3482a2ff655c8bbb)
2007-10-10r7233: what about filling that new element ?Simo Sorce1-0/+3
(This used to be commit 6a5e48c35cba801b16172cf6ff06b1d4116fb018)
2007-10-10r7224: add some more usefull data to the auth_usersupplied_info structSimo Sorce1-5/+7
(This used to be commit e40c44e9cdc0be7c52207f8479568804e7d9cff2)
2007-10-10r6544: Use common structures between SAMR, NETLGON and the Krb5 PAC.Andrew Bartlett1-5/+5
Fill out the group list for the SamLogon reply, so clients get the supplementary groups. Andrew Bartlett (This used to be commit d9c31e60a72c345e3a23a7eb742906bcfc18721c)
2007-10-10r5668: Add tests to RPC-SAMLOGON to test for user@REALM style logins. TheseAndrew Bartlett1-4/+23
need a NULL domain (or a "" domain, except this breaks NTLMv2, and I need to look into it a bit more). Add support to the Samba4 server for these logins. This will need extension when we handle trusted domains as a DC, as it is a principal name, not just another format for the username. Andrew Bartlett (This used to be commit de02c7c222a32d2b3fb8ee8b715749b96cb647f9)
2007-10-10r5137: fix typesStefan Metzmacher1-1/+1
metze (This used to be commit add1c579375d08040f722946da31ee3862f9e7ac)
2007-10-10r4620: - add interface functions to the auth subsystem so that callers ↵Stefan Metzmacher1-360/+235
doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
2007-10-10r4419: move security_token stuff to the libcli/security/Stefan Metzmacher1-116/+16
and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)