Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
By setting the event context to use for this operation (only) onto
the krb5_context just before we call that operation, we can try
and emulate the specification of an event context to the actual send_to_kdc()
This eliminates the specification of an event context to many other
cli_credentials calls, and the last use of event_context_find()
Special care is taken to restore the event context in the event of
nesting in the send_to_kdc function.
Andrew Bartlett
|
|
A new event context is constructed by LDB when required for secrets.ldb
This will be essentially unused, as LDB on TDB will only trigger 'fake'
events, and blocks on transactions and lock operations anyway.
Andrew Bartlett
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Oct 11 13:01:36 UTC 2010 on sn-devel-104
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Oct 11 02:47:50 UTC 2010 on sn-devel-104
|
|
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Oct 11 00:34:56 UTC 2010 on sn-devel-104
|
|
credentials.c.
|
|
|
|
|
|
with the new py object structure, we need to unlink not free
|
|
This code never really belonged in the credentials layer, and
is easier done with direct access to the ldb_message that is
in secrets.ldb.
Andrew Bartlett
|
|
|
|
|
|
memory leaks.
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
with the latest bind9 nsupdate, we need to be able to control if the
ticket we use is forwardable
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This ensures we get whenChanged, which is needed by the s3 winbind
code to ensure we don't repeatedly try to change the password
|
|
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Using "#!/usr/bin/env python" is more portable. It still isn't ideal
though, as we should really use the python path found at configure
time. We do that in many places already, but some don't.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
setUp methods are called, fix formatting.
|
|
Otherwise it could remain uninitialised.
|
|
We perhaps need a more general API here, but for now extend the
credentials API to return the password last changed time that the
s3compat layer will need.
Andrew Bartlett
|
|
This allows us to tell the credentials code where we want the
credentials put.
Andrew Bartlett
|
|
This means that we consider the ccache only as reliable as the least
specified of the inputs we used.
This means that we will regenerate the ccache if any of the inputs change.
Andrew Bartlett
|
|
Andrew Bartlett
|
|
the talloc python interface for tp_alloc and tp_dealloc relies on a
cast to a py_talloc_Object to find the talloc_ctx (see
py_talloc_dealloc). This means we rely on the talloc_ctx for the
object being directly after the PyObject_HEAD
This fixes the talloc free with references bug in samba_dnsupdate
The actual problem was the tp_alloc() call in
PyCredentialCacheContainer_from_ccache_container() which used a cast
from a py_talloc_Object to a PyCredentialCacheContainerObject. That
case effectively changed the parent/child relationship between the
talloc_ctx and the ccc ptr.
This patch changes all the structures that follow this pattern to put
the TALLOC_CTX directly after the PyObject_HEAD, to ensure that if
anyone else decides to do a dangerous cast like this that it won't
cause the same sort of subtle breakage.
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
|
|
use nt_errstr() when no error available
|
|
A torture test to demonstrate will be added soon.
Andrew Bartlett
|
|
This isn't used often, but it is generally better not to leak it onto
what may be a longer-term context.
Andrew Bartlett
|
|
|
|
we won't be using the mk -> wscript generator again
|
|
them
|
|
|
|
This macro assumed that all errors were runtime errors.
|
|
When we have a system talloc library, we still need to grab pytalloc.h
from lib/talloc. We don't want to just use -Ilib/talloc, as otherwise
we'll get the in-tree talloc.h which may not be compatible with the
system talloc.h
So we need to give the path to pytalloc.h
|
|
Now all data should be initialised
|
|
This should allow these to be manipulated by python scripts that need
encrypted connections.
Andrew Bartlett
|
|
We need to be able to give sensible error messages when a kerberos
calls fails. This propogates the kerberos error up the stack to the
caller.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This allows the integration of external tools that can't be linked
into C or python, but need to authenticate as the local machine
account.
The machineaccountccache script demonstrates this, and debugging has
been improved in cli_credentials_set_secrets() by passing back and
error string.
Andrew Bartlett
|
|
"nt_response" structures
In some cases those structures are not initialised and the whole authentication
system crashes with a SIGSEGV. Bug discovered by Matthieu Patou in bug #6755.
|
|
This was needed only by Python 2.3 which we no longer support.
|
|
|
|
This avoids trouble when the secrets.ldb is updated with ldbedit but
an smb.conf is not specified.
Andrew Bartlett
|
|
If we don't include Python.h first then we get a pile of warnings due
to broken redefines of XOPEN_SOURCE in the Python includes.
|
|
|
|
This should fix bug #6755.
|
|
|
|
|