summaryrefslogtreecommitdiff
path: root/source4/auth/credentials
AgeCommit message (Collapse)AuthorFilesLines
2010-04-27s4:kerberos Give a better error message than "Could not allocate memory"Andrew Bartlett1-3/+3
Andrew Bartlett
2010-04-20pytalloc: ensure talloc_ctx is directly after PyObject_HEADAndrew Tridgell1-1/+1
the talloc python interface for tp_alloc and tp_dealloc relies on a cast to a py_talloc_Object to find the talloc_ctx (see py_talloc_dealloc). This means we rely on the talloc_ctx for the object being directly after the PyObject_HEAD This fixes the talloc free with references bug in samba_dnsupdate The actual problem was the tp_alloc() call in PyCredentialCacheContainer_from_ccache_container() which used a cast from a py_talloc_Object to a PyCredentialCacheContainerObject. That case effectively changed the parent/child relationship between the talloc_ctx and the ccc ptr. This patch changes all the structures that follow this pattern to put the TALLOC_CTX directly after the PyObject_HEAD, to ensure that if anyone else decides to do a dangerous cast like this that it won't cause the same sort of subtle breakage. Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-19s4-python: PyErr_SetString() will crash on NULL stringsAndrew Tridgell1-1/+1
use nt_errstr() when no error available
2010-04-10s4:credentials Add the functions needed to do S4U2Self with cli_credentialsAndrew Bartlett3-0/+47
A torture test to demonstrate will be added soon. Andrew Bartlett
2010-04-10s4:credentials talloc_free() any previous salt_principalAndrew Bartlett2-1/+2
This isn't used often, but it is generally better not to leak it onto what may be a longer-term context. Andrew Bartlett
2010-04-08pynet: Create a net class.Jelmer Vernooij1-6/+17
2010-04-06s4-waf: removed the AUTOGENERATED markersAndrew Tridgell1-4/+0
we won't be using the mk -> wscript generator again
2010-04-06s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell1-0/+2
them
2010-04-06build: commit all the waf build files in the treeAndrew Tridgell1-0/+19
2010-04-04s4-python: Remove convenience macro PyErr_SetStringError.Jelmer Vernooij1-1/+1
This macro assumed that all errors were runtime errors.
2010-03-29pytalloc: allow for using a system libtalloc-dev with pytallocAndrew Tridgell1-1/+1
When we have a system talloc library, we still need to grab pytalloc.h from lib/talloc. We don't want to just use -Ilib/talloc, as otherwise we'll get the in-tree talloc.h which may not be compatible with the system talloc.h So we need to give the path to pytalloc.h
2010-03-26s4:auth/credentials/credentials.c - initialise more contentMatthias Dieter Wallnöfer1-0/+3
Now all data should be initialised
2010-02-26s4:python Add bindings to set GENSEC flags on credentials in pythonAndrew Bartlett1-0/+23
This should allow these to be manipulated by python scripts that need encrypted connections. Andrew Bartlett
2010-02-26s4-krb5: propogate errors from a lot more kerberos functionsAndrew Tridgell5-56/+91
We need to be able to give sensible error messages when a kerberos calls fails. This propogates the kerberos error up the stack to the caller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-20s4:credentials Add hooks to extract a named Kerberos credentials cacheAndrew Bartlett5-63/+162
This allows the integration of external tools that can't be linked into C or python, but need to authenticate as the local machine account. The machineaccountccache script demonstrates this, and debugging has been improved in cli_credentials_set_secrets() by passing back and error string. Andrew Bartlett
2010-02-12s4:auth/credentials/credentials.c - Initialise the "lm_response" and ↵Matthias Dieter Wallnöfer1-0/+5
"nt_response" structures In some cases those structures are not initialised and the whole authentication system crashes with a SIGSEGV. Bug discovered by Matthieu Patou in bug #6755.
2010-02-09s4:Remove "Py_RETURN_NONE" compatibility codeMatthias Dieter Wallnöfer1-4/+0
This was needed only by Python 2.3 which we no longer support.
2009-12-29dsdb: Fix dependencies when building against system ldb.Jelmer Vernooij1-1/+1
2009-11-02s4:credentials Put the 'secrets.keytab' in the same directory as secrets.ldbAndrew Bartlett1-1/+3
This avoids trouble when the secrets.ldb is updated with ldbedit but an smb.conf is not specified. Andrew Bartlett
2009-10-23s4-python: we need to include Python.h firstAndrew Tridgell1-1/+1
If we don't include Python.h first then we get a pile of warnings due to broken redefines of XOPEN_SOURCE in the Python includes.
2009-10-16s4:auth - fixed problem reading bind DN from secrets databaseEndi S. Dewata2-0/+8
2009-10-15s4:auth/credentials/credentials - fix uninitalised pointersMatthias Dieter Wallnöfer1-7/+35
This should fix bug #6755.
2009-06-17pycredentials: Raise MemoryError when unable to create objects.Jelmer Vernooij1-1/+6
2009-06-17pycredentials: Fix memory leak.Jelmer Vernooij1-1/+7
2009-06-12s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵Andrew Bartlett1-3/+0
904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
2009-06-02Fix more unresolved symbols.Jelmer Vernooij2-10/+1
2009-06-02python: Move helper functions for using param into a separate file ratherJelmer Vernooij1-1/+1
than linking against the python module.
2009-04-14Rework Samba4 to use the new common libcli/auth codeAndrew Bartlett2-5/+5
In particular, this is the rename from creds_ to netlogon_creds_, as well as other links to use the new common crypto. Andrew Bartlett
2009-03-26s4:auth/credentials: include gssapi/gssapi_krb5.hStefan Metzmacher1-0/+1
metze
2009-02-05s4:pycredentials: fix compiler warningsStefan Metzmacher2-26/+25
metze
2009-02-02s4:auth/credentials: the python bindings don't use swig anymoreStefan Metzmacher1-4/+2
metze
2009-01-25Add prototypes required by samba-gtk.Jelmer Vernooij1-0/+9
2009-01-08Avoid using a utility header for Python replacements included in Samba,Jelmer Vernooij1-1/+5
since this will not be shipped with talloc/tdb/tevent/etc.
2009-01-07s3/s4 build: Fix Py_RETURN_NONE to work with python versions < 2.4Tim Prouty1-0/+1
2009-01-06py: Properly increase the reference counter of Py_None.Jelmer Vernooij1-6/+6
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher4-25/+25
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-22Add header for pyparam.Jelmer Vernooij1-3/+1
2008-12-21Include errors.i verbatim in security.i, as it's the only file still using it.Jelmer Vernooij1-4/+2
2008-12-21Convert credentials Python module to "manual" C - no SWIG used to generateJelmer Vernooij6-4719/+350
the C code.
2008-10-20Make sure prototypes are always included, make some functions static andJelmer Vernooij2-0/+2
remove some unused functions.
2008-10-12Use common util_file code.Jelmer Vernooij1-1/+1
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-10-11Move lib/util from source4 to top-level libutil.Jelmer Vernooij1-1/+1
Conflicts: source4/Makefile
2008-09-24Move source4/lib/crypto to lib/crypto.Jelmer Vernooij1-1/+1
2008-09-18Generate with 1.3.36.Jelmer Vernooij2-22/+27
2008-07-28auth/credentials: explain why we need to the enctypes for the gssapi layerStefan Metzmacher1-1/+11
metze (This used to be commit 88970c4d4192635544cf63e79e929e9bb05ecb5f)
2008-07-26auth/credentials: use the same enctypes when getting a TGT and a TGSStefan Metzmacher1-0/+23
metze (This used to be commit 9fc5750156467f579ea8d7755987d091f5b579c2)
2008-07-15Kill of some bogus debugs for the world who does not use the LDAP backendAndrew Bartlett1-3/+3
(This used to be commit 5bde586bdb4a1523a62a764b9ff292a4a8cee4fe)
2008-07-15Allow ldap credentials to be (optionally) stored in secrets.ldbAndrew Bartlett1-11/+33
This includes a simple bind DN, or SASL credentials. The error messages are reworked as on systems without an LDAP backend, we will fail to find this record very often. Andrew Bartlett (This used to be commit 95825ae6d5e9d9846f3a7505a81ebe603826227e)
2008-06-27credentials: gss_set_cred_option() doesn't like GSS_C_NO_BUFFERStefan Metzmacher1-1/+4
metze (This used to be commit 31cf1a781efce932d0574d7840979fcd0a07ec08)