summaryrefslogtreecommitdiff
path: root/source4/auth/gensec/gensec.c
AgeCommit message (Collapse)AuthorFilesLines
2007-12-21r26260: Store loadparm context in gensec context.Jelmer Vernooij1-5/+10
(This used to be commit b9e3a4862e267be39d603fed8207a237c3d72081)
2007-12-21r26258: Use loadparm context in client_start function of gensec.Jelmer Vernooij1-1/+1
(This used to be commit bad1891cae2c688b17a6a2b932e754f51291035c)
2007-12-21r26231: Spell check: credentails -> credentials.Jelmer Vernooij1-1/+1
(This used to be commit 4b46888bd0195ab12190f76868719fc018baafd6)
2007-12-21r26226: Avoid more uses of global_loadparm.Jelmer Vernooij1-2/+2
(This used to be commit 6cbce47a3eaef76a89db7cd0ab0d4f6441fc720d)
2007-10-10r25552: Convert to standard bool type.Jelmer Vernooij1-8/+8
(This used to be commit b8d6b82f1248d36a0aa91a1c58d06b4f7c66d245)
2007-10-10r25446: Merge some changes I made on the way home from SFO:Jelmer Vernooij1-1/+1
2007-09-29 More higher-level passing around of lp_ctx. 2007-09-29 Fix warning. 2007-09-29 Pass loadparm contexts on a higher level. 2007-09-29 Avoid using global loadparm context. (This used to be commit 3468952e771ab31f90b6c374ade01c5550810f42)
2007-10-10r25430: Add the loadparm context to all parametric options.Jelmer Vernooij1-2/+2
(This used to be commit fd697d77c9fe67a00939a1f04b35c451316fff58)
2007-10-10r25428: forward declarations of enums are not portable,Stefan Metzmacher1-4/+7
so pass struct cli_credentials *cred instead of enum credentials_use_kerberos use_kerberos. metze (This used to be commit b945aaa9dadc4c0595340d35725b49bac8e5778e)
2007-10-10r25035: Fix some more warnings, use service pointer rather than service ↵Jelmer Vernooij1-2/+2
number in more places. (This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r24994: Fix some C++ warnings.Jelmer Vernooij1-1/+1
(This used to be commit 925abf74fa1ed5ae726bae8781ec549302786b39)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r20135: attach default gensec features to the cli_credentials structure,Stefan Metzmacher1-0/+2
so make it possible to force encryption or signing. metze (This used to be commit a91dc4a02a46370c52f59cbd4dea9580fa6efafa)
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett1-0/+2
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2007-10-10r19265: It is not an error to set the target hostname to NULL.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit c9c2e90e2e3937d05c58c681af187413b12d9220)
2007-10-10r18321: fixed some warnings on AIXAndrew Tridgell1-1/+1
(This used to be commit 449fab2c264aa50601f9a2d3310f1910ba97706b)
2007-10-10r18257: Order the GENSEC modules, with unknown modules last.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 8ae880b5019ab275fe0eca48120ab9e0fcca6293)
2007-10-10r18255: Remove the SMB_ASSERT(), as these are not talloc()'ed structures.Andrew Bartlett1-3/+0
Andrew Bartlett (This used to be commit 73fba185eba6b059d34790c95a30d49b296759f5)
2007-10-10r18253: Turn Cyrus-SASL DIGEST-MD5 off by default for now.Andrew Bartlett1-0/+9
Andrew Bartlett (This used to be commit 2da948cb6ecc75e2b4b97c770c8ba13b7f831d6e)
2007-10-10r18249: Keep trying to start an GENSEC mech from the list until one actuallyAndrew Bartlett1-2/+8
starts. Andrew Bartlett (This used to be commit 7dba525f5598199e89badbf15e0f5f09023c6cfa)
2007-10-10r18155: Add my work in progress, a module to link with Cyrus-SASL, for aAndrew Bartlett1-2/+2
DIGEST-MD5 implemenation in particular. However, I can't make this work: Cyrus-SASL isn't loading the mech... Andrew Bartlett (This used to be commit 0b193d28c896c9d212a536da7d87634543d971a5)
2007-10-10r18068: This splits the handling of multiple SASL packets between the GENSECAndrew Bartlett1-14/+20
backend (if it chooses to implement it), or the GENSEC socket code. This is to allow us to handle DIGEST-MD5 across to cyrus-sasl. Andrew Bartlett (This used to be commit 0a098006b431f4aa48632a27ca08e9adca8d9609)
2007-10-10r17344: move the gensec_update_request structure into the header fileStefan Metzmacher1-11/+0
and add a private_data for the backends. metze (This used to be commit 015a65e00187e684b3e4d1f4ca07edb9f022f61b)
2007-10-10r17341: pass a messaging context to auth_context_create()Stefan Metzmacher1-6/+31
and gensec_server_start(). calling them with NULL for event context or messaging context is no longer allowed! metze (This used to be commit 679ac74e71b111344f1097ab389c0b83a9247710)
2007-10-10r17272: move the callback stuff into a substructureStefan Metzmacher1-8/+10
metze (This used to be commit c49e27d5d0289e3525f7f6197b031e7d300df81b)
2007-10-10r17267: - add an async interface for gensec_update() to the public gensec apiStefan Metzmacher1-0/+77
- note this is still uses the sync update() hook of the gensec modules but it allows me to fix the callers first Later auth_check_password() will also get an async version, so that we can later implement an async version of auth_winbind using async IRPC to the winbind task. metze (This used to be commit d5638a4fafd1d60ccc4cd76e92a1b2b0093865a7)
2007-10-10r17223: In some protocols it is not possible to negoitate off some features,Andrew Bartlett1-5/+3
without the agreement of the peer. This can cause problems, because one side things sealing is disabled, while the other thinks it is enabled. Andrew Bartlett (This used to be commit 68ddc4921f43252b3fba73e9d85cc38c359d599d)
2007-10-10r17171: Add a gensec function to determine the maximum negotiated buffer size,Andrew Bartlett1-0/+18
and the maximum amount of user data that may be fitted into that. This is used in the new SASL code, to correctly honour SASL buffer sizes. Andrew Bartlett (This used to be commit cbbe99d9c1f0262e67a495fb098cacc09fd78e05)
2007-10-10r16829: Fix a number of issues raised by the IBM checker, or gcc warnings.Andrew Bartlett1-2/+3
In particular, this removes one use of the LDB_DN_NULL_FAILED macro, which was being used on more than DNs, had an embedded goto, and confused the IBM checker. In the password_hash code, ensure that sambaAttr is not, before checking the number of values. In GENSEC, note that this switch value can't occour. This seems to be the only way to quiet both the IBM checker and gcc, as well as cope with possibly invalid inputs. Andrew Bartlet (This used to be commit 3e58350ec2ab883795b1dd03ac46a3520cac67d0)
2007-10-10r14952: Make sure the auth subsystem gets initialized if a gensec module ↵Jelmer Vernooij1-1/+3
needs it. (This used to be commit ecf84248b48783fb0ccbeff4d37d930b21fb96df)
2007-10-10r14713: For testing, it is sometimes useful to specify a hostname for kerberosAndrew Bartlett1-0/+6
that differs from the hostname the connect() uses. In particular, this helps in running Kerberos tests in 'make test'. Andrew Bartlett (This used to be commit 78447333b0fc9450e18cd1d1c15df62acb5f0f36)
2007-10-10r14575: Move some path-related functions to libsamba-config so libsamba-utilJelmer Vernooij1-1/+1
doesn't have to depend on the lp_* functions. (This used to be commit f97df7d90a41b77a9edd2d6bdc47c27bf1b6bb07)
2007-10-10r14542: Remove librpc, libndr and libnbt from includes.hJelmer Vernooij1-0/+1
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
2007-10-10r14409: quieten warningsAndrew Tridgell1-0/+2
(This used to be commit 2ec2894f72b44ba4e400961921b65b03ad8742de)
2007-10-10r13969: Make these names lowercase as well (just like they are now in the ↵Jelmer Vernooij1-1/+1
buildsystem) (This used to be commit 04c49e211fc4f80e03d9322b983bbde15baba640)
2007-10-10r13840: Mark some functions as public.Jelmer Vernooij1-13/+13
(This used to be commit 9a188eb1f48a50d92a67a4fc2b3899b90074059a)
2007-10-10r13655: Use new name of build headerJelmer Vernooij1-1/+1
(This used to be commit bca0e8054f6d9c7adc9d92e0c30d4323f994c9e9)
2007-10-10r13619: fix compiler warningStefan Metzmacher1-1/+1
metze (This used to be commit 7b284174aa36fdd5d6841dab4934f1f6ecfba4ce)
2007-10-10r13342: Make the GSSAPI SASL mech actually work, by (shock horror) reading ↵Andrew Bartlett1-3/+30
the spec. GSSAPI differs from GSS-SPNEGO in an additional 3 packets, negotiating a buffer size and what integrity protection/privacy should be used. I worked off draft-ietf-sasl-gssapi-03, and this works against Win2k3. I'm doing this in the hope that Apple clients as well as SASL-based LDAP tools may get a bit further. I still can't get ldapsearch to work, it fails with the ever-helpful 'Local error'. Andrew Bartlett (This used to be commit 3e462897754b30306c1983af2d137329dd937ad6)
2007-10-10r13245: Don't segfault if we don't have a credentials structure on this gensecAndrew Bartlett1-3/+6
context. Andrew Bartlett (This used to be commit 1e840aa43679ceccb2a3afc694a5de0828147e8c)
2007-10-10r13206: This patch finally re-adds a -k option that works reasonably.Andrew Bartlett1-41/+132
From here we can add tests to Samba for kerberos, forcing it on and off. In the process, I also remove the dependency of credentials on GENSEC. This also picks up on the idea of bringing 'set_boolean' into general code from jpeach's cifsdd patch. Andrew Bartlett (This used to be commit 1ac7976ea6e3ad6184c911de5df624c44e7c5228)
2007-10-10r12804: This patch reworks the Samba4 sockets layer to use a socket_addressAndrew Bartlett1-21/+13
structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
2007-10-10r12682: This patch finally fixes our kpasswdd implementation to be compatibleAndrew Bartlett1-3/+66
with clients compiled against the MIT Kerberos implementation. (Which checks for address in KRB-PRIV packets, hence my comments on socket functions earlier today). It also fixes the 'set password' operation to behave correctly (it was previously a no-op). This allows Samba3 to join Samba4. Some winbindd operations even work, which I think is a good step forward. There is naturally a lot of work to do, but I wanted at least the very basics of Samba3 domain membership to be available for the tech preview. Andrew Bartlett (This used to be commit 4e80a557f9c68b01ac6d5bb05716fe5b3fd400d4)
2007-10-10r12628: Prevent double registration warningsJelmer Vernooij1-1/+1
(This used to be commit 98ec52beeed47c71861c284c7aae66269c074e66)
2007-10-10r12620: Get rid of automatically generated lists of init functions of ↵Jelmer Vernooij1-0/+5
subsystems. This allows Samba libraries to be used by other projects (and parts of Samba to be built as shared libraries). (This used to be commit 44f0aba715bfedc7e1ee3d07e9a101a91dbd84b3)
2007-10-10r12499: Move smb_build.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit c92ace494f92084ddf178626cdf392d151043bc7)
2007-10-10r12494: Support loading modules from .so files for most subsystems.Jelmer Vernooij1-0/+8
We now use a different system for initializing the modules for a subsystem. Most subsystems now have an init function that looks something like this: init_module_fn static_init[] = STATIC_AUTH_MODULES; init_module_fn *shared_init = load_samba_modules(NULL, "auth"); run_init_functions(static_init); run_init_functions(shared_init); talloc_free(shared_init); I hope to eliminate the other init functions later on (the init_programname_subsystems; defines). (This used to be commit b6d2ad4ce0a91c4be790dd258820c492ff1787ea)
2007-10-10r12179: Allow our KDC to use LDAP to get to the backend database.Andrew Bartlett1-2/+5
To avoid a circular depenency, it is not allowed to use Krb5 as an authentication mechanism, so this must be removed from the list. An extension to the credentials system allows this function. Also remove proto.h use for any of the KDC, and use NTSTATUS returns in more places. Andrew Bartlett (This used to be commit 5f9dddd02c9c821675d2ccd07561a55edcd7f5b4)
2007-10-10r12060: Work towards allowing the credentials system to allow/deny certainAndrew Bartlett1-56/+88
GENSEC mechansims. This will allow a machine join to an NT4 domain to avoid even trying kerberos, or a sensitive operation to require it. Andrew Bartlett (This used to be commit 11c7a89e523f85afd728d5e5f03bb084dc620244)
2007-10-10r11991: Null termainte the list of backends. (Makes it easier to walk the ↵Andrew Bartlett1-2/+2
list). Andrew Bartlett (This used to be commit fc4202dea88a72de061cb2e1caa7847fae37018f)