summaryrefslogtreecommitdiff
path: root/source4/auth/credentials
AgeCommit message (Collapse)AuthorFilesLines
2011-06-21s4/auth: Trivial spelling fixes.Brad Hards1-3/+3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-17s4-auth: quiet down the krb5 warnings when kerberos is not set to 'MUST'Andrew Tridgell1-1/+5
this prevents spurious error messages on client commands when when we will fallback to NTLM authentication Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-08s4-credentials Don't use expired Kerberos or GSSAPI credentialsAndrew Bartlett1-4/+57
In a long-lived credentials cache situation, we may need to refetch the ticket after (say) 10 hours. This code should help that happen, by checking the lifetime before returning any credentials cache or GSSAPI credentials. Andrew Bartlett
2011-06-08s4-credentials Allow use of file-based credentials caches for debugging.Andrew Bartlett1-3/+9
This means that we will leave a slew of file based credentials caches in /tmp, which should give some clues to the administrator or developer via klist as to what has gone wrong. Andrew Bartlett
2011-05-18s4:auth/credentials: S4U2Self should force CRED_MUST_USE_KERBEROSStefan Metzmacher1-0/+1
Otherwise we would not impersonate the desired principal. This still doesn't work for plaintext auth, but should avoid ntlmssp. metze
2011-05-18s4:auth/credentials: pass 'self_service' to ↵Stefan Metzmacher3-5/+26
cli_credentials_set_impersonate_principal() This also adds a cli_credentials_get_self_service() helper function. In order to support S4U2Proxy we need to be able to set the service principal for the S4U2Self step independent of the target principal. metze
2011-04-14s3-auth Rename smb_krb5_open_keytab to avoid a conflict with s3Andrew Bartlett1-2/+2
The s3 function doesn't use the keytab_container concept. Andrew Bartlett
2011-03-19source4/auth: Fix prototypes for all functions.Jelmer Vernooij3-1/+5
2011-02-28Fix some typesJelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
2011-02-28tdb: Use <tdb.h> to include tdb so system headers are found when building ↵Jelmer Vernooij1-1/+1
against system tdb.
2011-02-10ldb: use #include <ldb.h> for ldbAndrew Tridgell1-1/+1
thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-02s4-python Ensure we add the Samba python path first.Andrew Bartlett1-1/+1
This exact form of the construction is important, and we match on it in the installation scripts. Andrew Bartlett
2010-12-11s4-smbtorture: Make test names lowercase and dot-separated.Jelmer Vernooij1-2/+1
This is consistent with the test names used by selftest, should make the names less confusing and easier to integrate with other tools. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 11 04:16:13 CET 2010 on sn-devel-104
2010-12-01pycredentials: Use talloc.Object.Jelmer Vernooij1-2/+5
2010-11-28s4-tests/bind.py: Use samba.tests.connect_samdb() instead of directly using ↵Kamen Mazdrashki1-7/+10
SamDB class connect_samdb() functino will correctly handle things like: - session_info param - it will create system_session() using supplied LoadParm parameter and thus avoiding creation of multiple LoadParm instances (LoadParm() will mask certain command line supplied options) - host url will be prefixed with ldap:// automatically Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Sun Nov 28 03:00:41 CET 2010 on sn-devel-104
2010-11-25s4-tests: Modified bind.py to use samba.tests.delete_forceNadezhda Ivanova1-7/+2
2010-11-22Avoid the use of PyAPI_DATA, which is for internal Python API's.Arnaud Faucher1-2/+2
Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Nov 22 00:52:56 CET 2010 on sn-devel-104
2010-11-13s4-test: we need to import testtools before subunit/pythonAndrew Tridgell1-1/+1
subunit/python depends on testtools Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sat Nov 13 02:02:45 UTC 2010 on sn-devel-104
2010-11-11s4/test: Expand BindTestAnatoliy Atanasov1-20/+60
The test now binds with user@realm, domain\user, user dn, computer dn Autobuild-User: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> Autobuild-Date: Thu Nov 11 16:15:30 UTC 2010 on sn-devel-104
2010-11-07credentials: Lowercase library name,Jelmer Vernooij1-10/+10
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Nov 7 01:48:44 UTC 2010 on sn-devel-104
2010-11-05s4/test: Added test for simple bind with machine accountAnatoliy Atanasov1-0/+116
Samba4 returns error on simple bind, when we do it using openldap simple_bind_s api.
2010-10-31s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij1-20/+0
The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
2010-10-30s4-cmdline: make cmdline-credentials a private libraryAndrew Tridgell1-1/+1
2010-10-30s4-credentials: make a private library from CREDENTIALS subsystemAndrew Tridgell1-8/+9
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-27auth/credentials Give a sensible behaviour for resetting the krb5 contextAndrew Bartlett1-3/+8
This extra code isn't used at the moment, but I noticed the old API was rather supprising in it's behaviour, and might catch someone out at some later time. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Oct 27 05:24:22 UTC 2010 on sn-devel-104
2010-10-26talloc: change pytalloc-util to be a public library.Jelmer Vernooij1-1/+1
2010-10-26s4: Drop duplicate 'lib' prefix for private libraries.Jelmer Vernooij1-1/+1
2010-10-24s4: Rename LIBSAMBA-* to libsamba-*Jelmer Vernooij1-1/+1
2010-10-24s4: Rename LIBSECURITY{_SESSION,} to libsecurity{_session,}Jelmer Vernooij1-1/+1
2010-10-23s4: Rename LIBEVENTS to libevents.Jelmer Vernooij1-1/+1
2010-10-18s4:"util_ldb" - remove some really unused dependanciesMatthias Dieter Wallnöfer2-2/+1
2010-10-17Revert "s4:remove "util_ldb" submodule and integrate the three gendb_* calls ↵Matthias Dieter Wallnöfer2-1/+2
in "dsdb/common/util.c"" This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0. Jelmer pointed out that these are also in use by other LDB databases - not only SAMDB ones. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
2010-10-17s4:remove "util_ldb" submodule and integrate the three gendb_* calls in ↵Matthias Dieter Wallnöfer2-2/+1
"dsdb/common/util.c" They're only in use by SAMDB code. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
2010-10-12s4-credentials Allocate ldb result on correct memory contextAndrew Bartlett1-1/+1
2010-10-11s4-credentials Add explicit event context handling to Kerberos calls (only)Andrew Bartlett5-42/+24
By setting the event context to use for this operation (only) onto the krb5_context just before we call that operation, we can try and emulate the specification of an event context to the actual send_to_kdc() This eliminates the specification of an event context to many other cli_credentials calls, and the last use of event_context_find() Special care is taken to restore the event context in the event of nesting in the send_to_kdc function. Andrew Bartlett
2010-10-11s4-param Refactor secrets code to not require an event context.Andrew Bartlett1-1/+1
A new event context is constructed by LDB when required for secrets.ldb This will be essentially unused, as LDB on TDB will only trigger 'fake' events, and blocks on transactions and lock operations anyway. Andrew Bartlett
2010-10-11credentials: Avoid unnecessary includes.Jelmer Vernooij1-2/+0
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 13:01:36 UTC 2010 on sn-devel-104
2010-10-11credentials: Fix the build.Jelmer Vernooij5-2/+7
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 02:47:50 UTC 2010 on sn-devel-104
2010-10-11credentials: Split up into several subsystems.Jelmer Vernooij2-5/+17
2010-10-11kerberos_util: Put into separate subsystem.Jelmer Vernooij2-2/+3
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 00:34:56 UTC 2010 on sn-devel-104
2010-10-10credentials: Move code that doesn't need any external dependencies intoJelmer Vernooij3-144/+147
credentials.c.
2010-10-05Add missing dependencies for com_err.Jelmer Vernooij1-1/+1
2010-10-05heimdal: Fix library name of gssapi.Jelmer Vernooij1-1/+1
2010-09-25s4-pycredentials: avoid a tallloc_free on refAndrew Tridgell1-1/+1
with the new py object structure, we need to unlink not free
2010-09-24s4-kerberos Move 'set key into keytab' code out of credentials.Andrew Bartlett3-69/+5
This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
2010-09-22s4-selftest: Move credentials tests to standard python directory.Jelmer Vernooij1-100/+0
2010-09-22s4-param: Fix more memory leaks, invalid memory context.Jelmer Vernooij1-10/+38
2010-09-22s4-param: Check type when converting python object to lp_ctx, fix someJelmer Vernooij1-2/+7
memory leaks.
2010-09-16s4-pycredentials: expose forwardable setting via pythonAndrew Tridgell1-0/+16
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-credentials: added ability to control forwardable attribute on krb5 ticketsAndrew Tridgell2-0/+24
with the latest bind9 nsupdate, we need to be able to control if the ticket we use is forwardable Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>