Age | Commit message (Collapse) | Author | Files | Lines |
|
By setting the event context to use for this operation (only) onto
the krb5_context just before we call that operation, we can try
and emulate the specification of an event context to the actual send_to_kdc()
This eliminates the specification of an event context to many other
cli_credentials calls, and the last use of event_context_find()
Special care is taken to restore the event context in the event of
nesting in the send_to_kdc function.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
The spengo code won't set this unless it is allowed to by this
same option, but other callers may need it.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Oct 2 02:27:39 UTC 2010 on sn-devel-104
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Sep 28 04:54:24 UTC 2010 on sn-devel-104
|
|
Based on the initial patch from Andreas Schneider <asn@redhat.com>.
metze
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This fixes some testsuites in the CIFS plugfest.
metze
|
|
this is the client side equivalent change for the previous fix
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
the caller frees mem_ctx, so we shouldn't
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Fixed a bug that affected mismatched negotiation between the GSSAPI
layer and the SASL SSF subsequent negotiation. This caused some ldap
clients to hang when trying to authentication with a Samba LDAP
server. The client thought the connection should be signed, the server
thought it should be in plain text
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
memory leaks.
|
|
|
|
|
|
|
|
|
|
this gets replaced by vnum from the build rule
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
To have the same order as in the structure definition.
|
|
Using "#!/usr/bin/env python" is more portable. It still isn't ideal
though, as we should really use the python path found at configure
time. We do that in many places already, but some don't.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
setUp methods are called, fix formatting.
|
|
|
|
command-line options.
This is the first step towards supporting custom test runners.
|
|
|
|
This allows us to control what groups should be added in what use
cases, and in particular to more carefully control the introduction of
the 'authenticated' group.
In particular, in the 'service_named_pipe' protocol, we do not have
control over the addition of the authenticated users group, so we key
of 'is this user the anonymous SID'.
This also takes more care to allocate the right length ptoken->sids
Andrew Bartlett
|
|
This creates a new interface to the auth subsystem, to allow an
auth_context to be created from the ldb, and then tokenGroups to be
calculated in the same way that the auth subsystem would.
Andrew Bartlett
|
|
|
|
This allows for the rare case where the caller knows the target
principal. The check for lp_client_use_spnego_principal() is moved to
the spengo code to make this work.
Andrew Bartlett
|
|
This means that we consider the ccache only as reliable as the least
specified of the inputs we used.
This means that we will regenerate the ccache if any of the inputs change.
Andrew Bartlett
|
|
The idea here is to make it not dependent on the system's default
realm.
Andrew Bartlett
|
|
The auth context was in the past only for NTLM authentication, but we
need a SAM, an event context and and loadparm context for calculating
the local groups too, so re-use that infrustructure we already have in
place.
However, to avoid problems where we may not have an auth_context (in
torture tests, for example), allow a simpler 'session_info' to be
generated, by passing this via an indirection in gensec and an
generate_session_info() function pointer in the struct auth_context.
In the smb_server (for old-style session setups) we need to change the
async context to a new 'struct sesssetup_context'. This allows us to
use the auth_context in processing the authentication reply .
Andrew Bartlett
|
|
This should always return a simple structure with no need to consult a
DB, so remove the event context, and simplfy to call helper functions
that don't look at privilages.
Andrew Bartlett
|
|
|
|
them
|
|
|
|
We need to only enable the cyrus_sasl module if we have sasl/sasl.h
|
|
Rewrote wafsamba using a new dependency handling system, and started
adding the waf test code
|
|
|
|
available"
This reverts commit 3e091a82167f51b7d9abf00755bede9354932c6b.
This should be fixed through the new build system when it lands in "master".
|
|
FreeBSD 7.2 needs this.
|
|
When we have a system talloc library, we still need to grab pytalloc.h
from lib/talloc. We don't want to just use -Ilib/talloc, as otherwise
we'll get the in-tree talloc.h which may not be compatible with the
system talloc.h
So we need to give the path to pytalloc.h
|
|
These were causing thousands of warnings on solaris8
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This should allow these to be manipulated by python scripts that need
encrypted connections.
Andrew Bartlett
|
|
We need to be able to give sensible error messages when a kerberos
calls fails. This propogates the kerberos error up the stack to the
caller.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
After looking at the s4 side of the (s)channel :) I found out that it makes
more sense to simply make it use the tdb based code than redo the same changes
done to s3 to simplify the interface.
Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet
that does not solve the lookup speed, with ldb it is always going to be slower.
Looking through the history it is evident that the schannel database doesn't
really need greate expanadability. And lookups are always done with a single
Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated.
The schannel database is not really a persistent one. It can be discared during
an upgrade without causing any real issue. all it contains is temproary session
data.
|