summaryrefslogtreecommitdiff
path: root/source4/auth/credentials
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r24282: Try to fix the occasional Samba4 crash in BASE-BENCH-READWRITE, asAndrew Bartlett1-4/+6
seen in particular on opi. This looked like a Heimdal problem, but I think it was simply that we didn't do a talloc_reference() to keep tabs on the memory we were using, and in between obtaining the pointer and using it, it was assigned to unrelated memory. Andrew Bartlett (This used to be commit a650ad8b37d58ba64458a33313714d1abfc4850b)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell6-18/+12
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23132: Resolve an issue where we would use the ccache after we free()ed it.Andrew Bartlett1-27/+34
The problem was, we would set the ccache, then invalidate it as we set details from it (like the principal name from the ccache). Instead, set the ccache onto the credentials structure after we are done processing it. Andrew Bartlett (This used to be commit d285bd927c604d930fc44cc84ef3321aa4ce9d9a)
2007-10-10r23063: Make sure to invalidate the ccache when we set aAndrew Bartlett3-6/+70
username/password/realm/etc from the command line. Also make sure it can't 'come back' from a later call to cli_credentials_guess(), buy setting a threshold. This should fix the issues with the build farm... Andrew Bartlett (This used to be commit 3b1dfb9306beb9f40d85d38cf6786ef161ec63f1)
2007-10-10r23034: Thanks to metze for providing some vital clues in the 'kerberos ccacheAndrew Bartlett1-2/+6
on credentials don't do anything' bug. The problem was simple, we didn't set the ccache as having been initialised, so we always created a new one. Andrew Bartlett (This used to be commit ec2014f08b0845bc8aa0e8e6713bc4b21f430811)
2007-10-10r22969: fix some more places where we could end up with more than one eventAndrew Tridgell3-1/+26
context. We now have an event context on the torture_context, and we can also get one from the cli_credentials structure (This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
2007-10-10r22558: Move to a static list of enctypes to put into our keytab. In future,Andrew Bartlett1-4/+34
I'll allow this to be configured from the secrets.ldb, but it should fix some user issues. Andrew Bartlett (This used to be commit 0fd74ada220fb07d4ebe8c2d9b8ae50a387c2695)
2007-10-10r22387: see if this fixes the build on the aix1 hostsStefan Metzmacher1-1/+1
metze (This used to be commit fbf1b1bfa015e2126102d8eaf8861d779c21d969)
2007-10-10r22187: Test kerberos logins in the smbclient blackbox tests, including with aAndrew Bartlett1-0/+4
machine account. Andrew Bartlett (This used to be commit 16a2bb87a80ffb921f267492f453eb3457666315)
2007-10-10r22115: I don't like the DOMAIN environment variable. It really isn't a goodAndrew Bartlett1-4/+0
match for what we are using it for here. Andrew Bartlett (This used to be commit 305d1421efff3f01db1dce499568874965058e79)
2007-10-10r21736: Fix the smbclient test to do something more interesting with the lastAndrew Bartlett3-4/+5
few authentication tests. Now that the tests correctly 'fail', I was able to fix the credentials subsystem to honour USER and PASSWD. To get --machine-pass working, I needed ldb to always load it's static modules, so I put this in ldb_connect(). Andrew Bartlett (This used to be commit 3430d8c072407a1c33c32229095fc9db2142b6fa)
2007-10-10r21668: Add SMB_QFS_POSIX_WHOAMI to trans2.h so it's easy to find. AddJames Peach1-0/+15
convenience API to create an anonymous credential. Don't clobber cmdline_credentials in the UNIX-WHOAMI test. (This used to be commit 73cea4e0c66f57057ed12b07bbb94b4e783ba6bf)
2007-10-10r21451: if kerberos is requested ( -k yes ), we should use authentificated ↵Stefan Metzmacher1-0/+5
connections metze (This used to be commit 426238eb45f0cc41d99961ac554c2528fd8e96f5)
2007-10-10r21362: rename:Stefan Metzmacher1-2/+2
"ntPwdHash" => "unicodePwd" "lmPwdHash" => "dBCSPwd" "sambaLMPwdHistory" => "lmPwdHistory" "sambaNTPwdHistory" => "ntPwdHistory" Note: you need to reprovision after this change! metze (This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
2007-10-10r21314: add more usefull debug outputStefan Metzmacher1-6/+6
metze (This used to be commit a246e4bbaaab6f98f50a3c28b47d2c541af7b44a)
2007-10-10r21142: fix compiler warningsStefan Metzmacher1-0/+1
metze (This used to be commit 1f8a037ac4f592d29f7d66e1f924efe1c5d8c2b0)
2007-10-10r21135: Instead of having hooks to update keytabs as an explicit thing, updateAndrew Bartlett2-75/+18
them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-10-10r20135: attach default gensec features to the cli_credentials structure,Stefan Metzmacher2-0/+14
so make it possible to force encryption or signing. metze (This used to be commit a91dc4a02a46370c52f59cbd4dea9580fa6efafa)
2007-10-10r19832: better prototypes for the linearization functions:Simo Sorce1-1/+1
- ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2007-10-10r19831: Big ldb_dn optimization and interfaces enhancement patchSimo Sorce1-1/+1
This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10r19676: Fix some more dependencies.Jelmer Vernooij1-1/+1
(This used to be commit 8768bec81f57131a0c9754e8121b345c0be4a5d0)
2007-10-10r19670: Reduce the number of unresolved symbols when building with shared ↵Jelmer Vernooij1-1/+1
libraries. (This used to be commit 4422031d1d9307539832cee165c5071ff12943e7)
2007-10-10r19604: This is a massive commit, and I appologise in advance for it's size.Andrew Bartlett1-3/+1
This merges Samba4 with lorikeet-heimdal, which itself has been tracking Heimdal CVS for the past couple of weeks. This is such a big change because Heimdal reorganised it's internal structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases. In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO PAC. This matches windows behavour. We also have an option to require the PAC to be present (which allows us to automate the testing of this code). This also includes a restructure of how the kerberos dependencies are handled, due to the fallout of the merge. Andrew Bartlett (This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett6-6/+55
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2007-10-10r19573: Move secrets.o into param/ (subsystems haven't been integrated yet).Jelmer Vernooij1-1/+1
(This used to be commit 8143de855c0b65346b2d8e59ecdb78952927de4a)
2007-10-10r17516: Change helper function names to make more clear what they are meant ↵Simo Sorce1-10/+10
to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2007-10-10r16218: If a connection is forced as 'anonymous', don't treat it asAndrew Bartlett1-2/+2
'authentication requested'... Andrew Bartlett (This used to be commit d5fc88c93697dbcab13b2356ef4e5d1d2a7d59eb)
2007-10-10r15853: started the process of removing the warnings now thatAndrew Tridgell1-8/+6
talloc_set_destructor() is type safe. The end result will be lots less use of void*, and less calls to talloc_get_type() (This used to be commit 6b4c085b862c0932b80b93e316396a53b993544c)
2007-10-10r15702: Fix typoJelmer Vernooij1-1/+1
(This used to be commit 26442023d12760828acd8b6e2a1dedeaf4e96958)
2007-10-10r15498: Initialise the callback_running field, and get the flag set/clear theAndrew Bartlett1-4/+5
right way around for all the callers. Andrew Bartlett (This used to be commit f9bcfb04aa3ec93eed7076dbb1fed50cf1edb424)
2007-10-10r15422: Fix issues with functions being called recursively in the credentialsJelmer Vernooij2-6/+27
callback code. (This used to be commit edf0701e877592695bd69124e528338c27f24efd)
2007-10-10r15421: Correct function comments.Andrew Bartlett1-4/+3
Andrew Bartlett (This used to be commit f9899277898ee7ef1118cbc49f5f277623ff7444)
2007-10-10r15420: Add a new function to print a the 'unparsed' string format for ↵Andrew Bartlett1-3/+37
usernames. This is used in the password prompt, and should be reversable by the parse string function. Also, don't look at the ccache, even for the guess code, if kerberos is disabled. Andrew Bartlett (This used to be commit 4c4b8e4b396ca44270a0456c732d3b9c3c34d69d)
2007-10-10r15415: Use Jelmer's new credentials 'wrong password' code to give the user 3Andrew Bartlett1-1/+3
attempts for the password, when talking to a remote CIFS server. Andrew Bartlett (This used to be commit 3a4ddc8f5978210ab3ad79f0332cee80a0d6e6c9)
2007-10-10r15414: Support retrying different username/password combinationsJelmer Vernooij2-1/+26
(This used to be commit 5de894fb8bac8efa5bff004dbfc2e8b386d4003b)
2007-10-10r15304: Fix smbd build, more updates on getting --enable-dso to build againJelmer Vernooij1-1/+1
(This used to be commit 3ef9326386ba1c210166302cbcf02d2ed3f19944)
2007-10-10r15297: Move create_security_token() to samdb as it requires SAMDB (and the ↵Jelmer Vernooij1-1/+1
rest of LIBSECURITY doesn't) Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal Some other dependency fixes (This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
2007-10-10r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacementJelmer Vernooij1-1/+1
for REQUIRED_SUBSYSTEMS. (This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
2007-10-10r14977: more IBM checker fixesAndrew Tridgell1-0/+1
(This used to be commit cd106509b664e9ca53419a62550b256b7e5bde3c)
2007-10-10r14837: fixed build errorAndrew Tridgell1-1/+2
(This used to be commit 23724bfd24b051c4096ac49c52c2cd31389340be)
2007-10-10r14701: Allow, with non-default options, NTLMSSP to access the LM session key,Andrew Bartlett1-1/+10
even when not sending the LM response. Needed to pass the test_session_key against Win2k3. Yes, I think this is a security flaw in the use of Win2k3-compatible NTLM. Andrew Bartlett (This used to be commit cb6c27b4f29878a6a904f798e228eea05cc658e1)
2007-10-10r14484: Install more headersJelmer Vernooij2-1/+4
(This used to be commit 430c6516d383bfd7f27287394bf8eef9f174b3e6)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij3-3/+3
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r14380: Reduce the size of structs.hJelmer Vernooij2-3/+2
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2007-10-10r14363: Remove credentials.h from the global includes.Jelmer Vernooij3-0/+6
(This used to be commit 98c4c3051391c6f89df5d133665f51bef66b1563)
2007-10-10r13960: Generate makefile rules for installing/removing shared modules.Jelmer Vernooij1-2/+2
(This used to be commit 2c746980328431ab04852dc668899e3eb042da99)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij3-0/+3
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r13206: This patch finally re-adds a -k option that works reasonably.Andrew Bartlett5-87/+30
From here we can add tests to Samba for kerberos, forcing it on and off. In the process, I also remove the dependency of credentials on GENSEC. This also picks up on the idea of bringing 'set_boolean' into general code from jpeach's cifsdd patch. Andrew Bartlett (This used to be commit 1ac7976ea6e3ad6184c911de5df624c44e7c5228)
2007-10-10r13107: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in ourAndrew Bartlett2-19/+24
case) as the keytab. This avoids issues in replicated setups, as we will replicate the kpasswd key correctly (including from windows, which is why I care at the moment). Andrew Bartlett (This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
2007-10-10r12694: Move some headers to the directory of the subsystem they belong to.Jelmer Vernooij1-1/+1
(This used to be commit c722f665c90103f3ed57621c460e32ad33e7a8a3)