summaryrefslogtreecommitdiff
path: root/source4/auth/credentials
AgeCommit message (Collapse)AuthorFilesLines
2010-10-05Add missing dependencies for com_err.Jelmer Vernooij1-1/+1
2010-10-05heimdal: Fix library name of gssapi.Jelmer Vernooij1-1/+1
2010-09-25s4-pycredentials: avoid a tallloc_free on refAndrew Tridgell1-1/+1
with the new py object structure, we need to unlink not free
2010-09-24s4-kerberos Move 'set key into keytab' code out of credentials.Andrew Bartlett3-69/+5
This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
2010-09-22s4-selftest: Move credentials tests to standard python directory.Jelmer Vernooij1-100/+0
2010-09-22s4-param: Fix more memory leaks, invalid memory context.Jelmer Vernooij1-10/+38
2010-09-22s4-param: Check type when converting python object to lp_ctx, fix someJelmer Vernooij1-2/+7
memory leaks.
2010-09-16s4-pycredentials: expose forwardable setting via pythonAndrew Tridgell1-0/+16
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-credentials: added ability to control forwardable attribute on krb5 ticketsAndrew Tridgell2-0/+24
with the latest bind9 nsupdate, we need to be able to control if the ticket we use is forwardable Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-11s4-credentials: get all attributes in cli_credentials_set_secrets()Andrew Tridgell1-17/+1
This ensures we get whenChanged, which is needed by the s3 winbind code to ensure we don't repeatedly try to change the password
2010-08-27s4:credentials_krb5.c - quiet a Solaris warningMatthias Dieter Wallnöfer1-1/+2
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell4-18/+18
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-24s4-python: python is not always in /usr/binAndrew Tridgell1-1/+1
Using "#!/usr/bin/env python" is more portable. It still isn't ideal though, as we should really use the python path found at configure time. We do that in many places already, but some don't. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-19python: Use samba.tests.TestCase, make sure base class tearDown andJelmer Vernooij1-2/+4
setUp methods are called, fix formatting.
2010-05-30s4:auth/credentials/credentials.c - initialise "password_last_changed_time"Matthias Dieter Wallnöfer1-0/+2
Otherwise it could remain uninitialised.
2010-05-18s4:credentials Add in tracking of the password last set timeAndrew Bartlett3-1/+33
We perhaps need a more general API here, but for now extend the credentials API to return the password last changed time that the s3compat layer will need. Andrew Bartlett
2010-05-14s4:credentials Allow setting of an empty Kerberos CCACHEAndrew Bartlett1-18/+12
This allows us to tell the credentials code where we want the credentials put. Andrew Bartlett
2010-05-02s4:credentials Make the CCACHE in credentials depend on the things that built itAndrew Bartlett3-20/+81
This means that we consider the ccache only as reliable as the least specified of the inputs we used. This means that we will regenerate the ccache if any of the inputs change. Andrew Bartlett
2010-04-27s4:kerberos Give a better error message than "Could not allocate memory"Andrew Bartlett1-3/+3
Andrew Bartlett
2010-04-20pytalloc: ensure talloc_ctx is directly after PyObject_HEADAndrew Tridgell1-1/+1
the talloc python interface for tp_alloc and tp_dealloc relies on a cast to a py_talloc_Object to find the talloc_ctx (see py_talloc_dealloc). This means we rely on the talloc_ctx for the object being directly after the PyObject_HEAD This fixes the talloc free with references bug in samba_dnsupdate The actual problem was the tp_alloc() call in PyCredentialCacheContainer_from_ccache_container() which used a cast from a py_talloc_Object to a PyCredentialCacheContainerObject. That case effectively changed the parent/child relationship between the talloc_ctx and the ccc ptr. This patch changes all the structures that follow this pattern to put the TALLOC_CTX directly after the PyObject_HEAD, to ensure that if anyone else decides to do a dangerous cast like this that it won't cause the same sort of subtle breakage. Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-19s4-python: PyErr_SetString() will crash on NULL stringsAndrew Tridgell1-1/+1
use nt_errstr() when no error available
2010-04-10s4:credentials Add the functions needed to do S4U2Self with cli_credentialsAndrew Bartlett3-0/+47
A torture test to demonstrate will be added soon. Andrew Bartlett
2010-04-10s4:credentials talloc_free() any previous salt_principalAndrew Bartlett2-1/+2
This isn't used often, but it is generally better not to leak it onto what may be a longer-term context. Andrew Bartlett
2010-04-08pynet: Create a net class.Jelmer Vernooij1-6/+17
2010-04-06s4-waf: removed the AUTOGENERATED markersAndrew Tridgell1-4/+0
we won't be using the mk -> wscript generator again
2010-04-06s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell1-0/+2
them
2010-04-06build: commit all the waf build files in the treeAndrew Tridgell1-0/+19
2010-04-04s4-python: Remove convenience macro PyErr_SetStringError.Jelmer Vernooij1-1/+1
This macro assumed that all errors were runtime errors.
2010-03-29pytalloc: allow for using a system libtalloc-dev with pytallocAndrew Tridgell1-1/+1
When we have a system talloc library, we still need to grab pytalloc.h from lib/talloc. We don't want to just use -Ilib/talloc, as otherwise we'll get the in-tree talloc.h which may not be compatible with the system talloc.h So we need to give the path to pytalloc.h
2010-03-26s4:auth/credentials/credentials.c - initialise more contentMatthias Dieter Wallnöfer1-0/+3
Now all data should be initialised
2010-02-26s4:python Add bindings to set GENSEC flags on credentials in pythonAndrew Bartlett1-0/+23
This should allow these to be manipulated by python scripts that need encrypted connections. Andrew Bartlett
2010-02-26s4-krb5: propogate errors from a lot more kerberos functionsAndrew Tridgell5-56/+91
We need to be able to give sensible error messages when a kerberos calls fails. This propogates the kerberos error up the stack to the caller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-20s4:credentials Add hooks to extract a named Kerberos credentials cacheAndrew Bartlett5-63/+162
This allows the integration of external tools that can't be linked into C or python, but need to authenticate as the local machine account. The machineaccountccache script demonstrates this, and debugging has been improved in cli_credentials_set_secrets() by passing back and error string. Andrew Bartlett
2010-02-12s4:auth/credentials/credentials.c - Initialise the "lm_response" and ↵Matthias Dieter Wallnöfer1-0/+5
"nt_response" structures In some cases those structures are not initialised and the whole authentication system crashes with a SIGSEGV. Bug discovered by Matthieu Patou in bug #6755.
2010-02-09s4:Remove "Py_RETURN_NONE" compatibility codeMatthias Dieter Wallnöfer1-4/+0
This was needed only by Python 2.3 which we no longer support.
2009-12-29dsdb: Fix dependencies when building against system ldb.Jelmer Vernooij1-1/+1
2009-11-02s4:credentials Put the 'secrets.keytab' in the same directory as secrets.ldbAndrew Bartlett1-1/+3
This avoids trouble when the secrets.ldb is updated with ldbedit but an smb.conf is not specified. Andrew Bartlett
2009-10-23s4-python: we need to include Python.h firstAndrew Tridgell1-1/+1
If we don't include Python.h first then we get a pile of warnings due to broken redefines of XOPEN_SOURCE in the Python includes.
2009-10-16s4:auth - fixed problem reading bind DN from secrets databaseEndi S. Dewata2-0/+8
2009-10-15s4:auth/credentials/credentials - fix uninitalised pointersMatthias Dieter Wallnöfer1-7/+35
This should fix bug #6755.
2009-06-17pycredentials: Raise MemoryError when unable to create objects.Jelmer Vernooij1-1/+6
2009-06-17pycredentials: Fix memory leak.Jelmer Vernooij1-1/+7
2009-06-12s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵Andrew Bartlett1-3/+0
904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
2009-06-02Fix more unresolved symbols.Jelmer Vernooij2-10/+1
2009-06-02python: Move helper functions for using param into a separate file ratherJelmer Vernooij1-1/+1
than linking against the python module.
2009-04-14Rework Samba4 to use the new common libcli/auth codeAndrew Bartlett2-5/+5
In particular, this is the rename from creds_ to netlogon_creds_, as well as other links to use the new common crypto. Andrew Bartlett
2009-03-26s4:auth/credentials: include gssapi/gssapi_krb5.hStefan Metzmacher1-0/+1
metze
2009-02-05s4:pycredentials: fix compiler warningsStefan Metzmacher2-26/+25
metze
2009-02-02s4:auth/credentials: the python bindings don't use swig anymoreStefan Metzmacher1-4/+2
metze
2009-01-25Add prototypes required by samba-gtk.Jelmer Vernooij1-0/+9
generated by cgit (git 2.34.1) at 2024-11-30 04:13:25 +0000