summaryrefslogtreecommitdiff
path: root/source4/auth/credentials
AgeCommit message (Collapse)AuthorFilesLines
2010-10-12s4-credentials Allocate ldb result on correct memory contextAndrew Bartlett1-1/+1
2010-10-11s4-credentials Add explicit event context handling to Kerberos calls (only)Andrew Bartlett5-42/+24
By setting the event context to use for this operation (only) onto the krb5_context just before we call that operation, we can try and emulate the specification of an event context to the actual send_to_kdc() This eliminates the specification of an event context to many other cli_credentials calls, and the last use of event_context_find() Special care is taken to restore the event context in the event of nesting in the send_to_kdc function. Andrew Bartlett
2010-10-11s4-param Refactor secrets code to not require an event context.Andrew Bartlett1-1/+1
A new event context is constructed by LDB when required for secrets.ldb This will be essentially unused, as LDB on TDB will only trigger 'fake' events, and blocks on transactions and lock operations anyway. Andrew Bartlett
2010-10-11credentials: Avoid unnecessary includes.Jelmer Vernooij1-2/+0
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 13:01:36 UTC 2010 on sn-devel-104
2010-10-11credentials: Fix the build.Jelmer Vernooij5-2/+7
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 02:47:50 UTC 2010 on sn-devel-104
2010-10-11credentials: Split up into several subsystems.Jelmer Vernooij2-5/+17
2010-10-11kerberos_util: Put into separate subsystem.Jelmer Vernooij2-2/+3
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 00:34:56 UTC 2010 on sn-devel-104
2010-10-10credentials: Move code that doesn't need any external dependencies intoJelmer Vernooij3-144/+147
credentials.c.
2010-10-05Add missing dependencies for com_err.Jelmer Vernooij1-1/+1
2010-10-05heimdal: Fix library name of gssapi.Jelmer Vernooij1-1/+1
2010-09-25s4-pycredentials: avoid a tallloc_free on refAndrew Tridgell1-1/+1
with the new py object structure, we need to unlink not free
2010-09-24s4-kerberos Move 'set key into keytab' code out of credentials.Andrew Bartlett3-69/+5
This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
2010-09-22s4-selftest: Move credentials tests to standard python directory.Jelmer Vernooij1-100/+0
2010-09-22s4-param: Fix more memory leaks, invalid memory context.Jelmer Vernooij1-10/+38
2010-09-22s4-param: Check type when converting python object to lp_ctx, fix someJelmer Vernooij1-2/+7
memory leaks.
2010-09-16s4-pycredentials: expose forwardable setting via pythonAndrew Tridgell1-0/+16
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-credentials: added ability to control forwardable attribute on krb5 ticketsAndrew Tridgell2-0/+24
with the latest bind9 nsupdate, we need to be able to control if the ticket we use is forwardable Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11s4-credentials: get all attributes in cli_credentials_set_secrets()Andrew Tridgell1-17/+1
This ensures we get whenChanged, which is needed by the s3 winbind code to ensure we don't repeatedly try to change the password
2010-08-27s4:credentials_krb5.c - quiet a Solaris warningMatthias Dieter Wallnöfer1-1/+2
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell4-18/+18
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-24s4-python: python is not always in /usr/binAndrew Tridgell1-1/+1
Using "#!/usr/bin/env python" is more portable. It still isn't ideal though, as we should really use the python path found at configure time. We do that in many places already, but some don't. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-19python: Use samba.tests.TestCase, make sure base class tearDown andJelmer Vernooij1-2/+4
setUp methods are called, fix formatting.
2010-05-30s4:auth/credentials/credentials.c - initialise "password_last_changed_time"Matthias Dieter Wallnöfer1-0/+2
Otherwise it could remain uninitialised.
2010-05-18s4:credentials Add in tracking of the password last set timeAndrew Bartlett3-1/+33
We perhaps need a more general API here, but for now extend the credentials API to return the password last changed time that the s3compat layer will need. Andrew Bartlett
2010-05-14s4:credentials Allow setting of an empty Kerberos CCACHEAndrew Bartlett1-18/+12
This allows us to tell the credentials code where we want the credentials put. Andrew Bartlett
2010-05-02s4:credentials Make the CCACHE in credentials depend on the things that built itAndrew Bartlett3-20/+81
This means that we consider the ccache only as reliable as the least specified of the inputs we used. This means that we will regenerate the ccache if any of the inputs change. Andrew Bartlett
2010-04-27s4:kerberos Give a better error message than "Could not allocate memory"Andrew Bartlett1-3/+3
Andrew Bartlett
2010-04-20pytalloc: ensure talloc_ctx is directly after PyObject_HEADAndrew Tridgell1-1/+1
the talloc python interface for tp_alloc and tp_dealloc relies on a cast to a py_talloc_Object to find the talloc_ctx (see py_talloc_dealloc). This means we rely on the talloc_ctx for the object being directly after the PyObject_HEAD This fixes the talloc free with references bug in samba_dnsupdate The actual problem was the tp_alloc() call in PyCredentialCacheContainer_from_ccache_container() which used a cast from a py_talloc_Object to a PyCredentialCacheContainerObject. That case effectively changed the parent/child relationship between the talloc_ctx and the ccc ptr. This patch changes all the structures that follow this pattern to put the TALLOC_CTX directly after the PyObject_HEAD, to ensure that if anyone else decides to do a dangerous cast like this that it won't cause the same sort of subtle breakage. Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-19s4-python: PyErr_SetString() will crash on NULL stringsAndrew Tridgell1-1/+1
use nt_errstr() when no error available
2010-04-10s4:credentials Add the functions needed to do S4U2Self with cli_credentialsAndrew Bartlett3-0/+47
A torture test to demonstrate will be added soon. Andrew Bartlett
2010-04-10s4:credentials talloc_free() any previous salt_principalAndrew Bartlett2-1/+2
This isn't used often, but it is generally better not to leak it onto what may be a longer-term context. Andrew Bartlett
2010-04-08pynet: Create a net class.Jelmer Vernooij1-6/+17
2010-04-06s4-waf: removed the AUTOGENERATED markersAndrew Tridgell1-4/+0
we won't be using the mk -> wscript generator again
2010-04-06s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell1-0/+2
them
2010-04-06build: commit all the waf build files in the treeAndrew Tridgell1-0/+19
2010-04-04s4-python: Remove convenience macro PyErr_SetStringError.Jelmer Vernooij1-1/+1
This macro assumed that all errors were runtime errors.
2010-03-29pytalloc: allow for using a system libtalloc-dev with pytallocAndrew Tridgell1-1/+1
When we have a system talloc library, we still need to grab pytalloc.h from lib/talloc. We don't want to just use -Ilib/talloc, as otherwise we'll get the in-tree talloc.h which may not be compatible with the system talloc.h So we need to give the path to pytalloc.h
2010-03-26s4:auth/credentials/credentials.c - initialise more contentMatthias Dieter Wallnöfer1-0/+3
Now all data should be initialised
2010-02-26s4:python Add bindings to set GENSEC flags on credentials in pythonAndrew Bartlett1-0/+23
This should allow these to be manipulated by python scripts that need encrypted connections. Andrew Bartlett
2010-02-26s4-krb5: propogate errors from a lot more kerberos functionsAndrew Tridgell5-56/+91
We need to be able to give sensible error messages when a kerberos calls fails. This propogates the kerberos error up the stack to the caller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-20s4:credentials Add hooks to extract a named Kerberos credentials cacheAndrew Bartlett5-63/+162
This allows the integration of external tools that can't be linked into C or python, but need to authenticate as the local machine account. The machineaccountccache script demonstrates this, and debugging has been improved in cli_credentials_set_secrets() by passing back and error string. Andrew Bartlett
2010-02-12s4:auth/credentials/credentials.c - Initialise the "lm_response" and ↵Matthias Dieter Wallnöfer1-0/+5
"nt_response" structures In some cases those structures are not initialised and the whole authentication system crashes with a SIGSEGV. Bug discovered by Matthieu Patou in bug #6755.
2010-02-09s4:Remove "Py_RETURN_NONE" compatibility codeMatthias Dieter Wallnöfer1-4/+0
This was needed only by Python 2.3 which we no longer support.
2009-12-29dsdb: Fix dependencies when building against system ldb.Jelmer Vernooij1-1/+1
2009-11-02s4:credentials Put the 'secrets.keytab' in the same directory as secrets.ldbAndrew Bartlett1-1/+3
This avoids trouble when the secrets.ldb is updated with ldbedit but an smb.conf is not specified. Andrew Bartlett
2009-10-23s4-python: we need to include Python.h firstAndrew Tridgell1-1/+1
If we don't include Python.h first then we get a pile of warnings due to broken redefines of XOPEN_SOURCE in the Python includes.
2009-10-16s4:auth - fixed problem reading bind DN from secrets databaseEndi S. Dewata2-0/+8
2009-10-15s4:auth/credentials/credentials - fix uninitalised pointersMatthias Dieter Wallnöfer1-7/+35
This should fix bug #6755.
2009-06-17pycredentials: Raise MemoryError when unable to create objects.Jelmer Vernooij1-1/+6
2009-06-17pycredentials: Fix memory leak.Jelmer Vernooij1-1/+7