Age | Commit message (Collapse) | Author | Files | Lines |
|
This will allow the source3 auth code to call this without needing to
double-parse the SIDs
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
this prevents spurious error messages on client commands when when we
will fallback to NTLM authentication
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This allows us to print much more debugging in this critical situation.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Jun 8 04:19:58 CEST 2011 on sn-devel-104
|
|
Now that we don't allow the smb.conf to change the modules dir, many
functions that simply load modules or initialise a subsytem that may
load modules no longer need an lp_ctx.
Andrew Bartlett
|
|
metze
|
|
|
|
implicit in the safe_strcpy. When changing to strlcpy ensure we allocate an extra char for it. This fixes a bug where secret->len+1 used with safe_strcpy could actually write into secret->len+2.
|
|
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Apr 27 05:08:10 CEST 2011 on sn-devel-104
|
|
This will allow the GSSAPI PAC fetch code to use it.
Andrew Bartlett
|
|
This uses the source3 PAC code (originally from Samba4) with some
small changes to restore functionality needed by the torture tests,
and to have a common API.
Andrew Bartlett
|
|
this prevents symbol duplication of the asn1 symbols in the service
and ntvfs subsystems
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This changes auth_session_info_transport to just be a wrapper, rather
than a copy that has to be kept in sync.
As auth_session_info was already wrapped in python, this required
changes to the existing pyauth wrapper and it's users.
Andrew Bartlett
|
|
Reviewed-by: Jelmer
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Mar 22 19:52:57 CET 2011 on sn-devel-104
|
|
|
|
Guenther
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This changes auth_serversupplied_info into the IDL-defined struct
auth_user_info_dc. This then in turn contains a struct
auth_user_info, which is the only part of the structure that is
mainted into the struct session_info.
The idea here is to avoid keeping the incomplete results of the
authentication (such as session keys, lists of SID memberships etc) in
a namespace where it may be confused for the finalised results.
Andrew Barltett
|
|
I've examined the code paths involved, and it appears an alternative
fix has been made in the ldap_server/ldap_bind.c code, and there is no
code path that uses this behaviour.
Andrew Bartlett
|
|
always returning a buffer makes life easier for callers
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This now tests a real GENSEC exchange, including wrap and unwrap,
using GSSAPI. Therefore, it now needs to access a KDC.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jan 18 11:41:26 CET 2011 on sn-devel-104
|
|
|
|
|
|
This does a talloc check of the returned pointer before casting it.
Andrew Bartlett
|
|
We don't want to steal this pointer away from the caller if it's been
set up from python.
Andrew Bartlett
|
|
metze
|
|
We now just do or do not call into LDB based on some flags.
This means there may be some more link time dependencies, but we seem
to deal with those better now.
Andrew Bartlett
|
|
|
|
As a server only try the mechs the client proposed
and only call gensec_update() with the optimistic token
for the first mech in the list.
If the server doesn't support the first mech we pick the
first one in the clients list we also support.
That's how w2k8r2 works.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Dec 14 16:50:50 CET 2010 on sn-devel-104
|
|
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 9 08:50:28 CET 2010 on sn-devel-104
|
|
this is only set when rpath is used on install. It ensures that
applications that link against Samba libraries get the rpath right
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Dec 8 12:46:00 CET 2010 on sn-devel-104
|
|
We need to make this the default, but for now just send it if we have
not been given a target principal.
Andrew Bartlett
|
|
|
|
To prevent memory leaks
|
|
There is no operation which sets the "nt_status" before the "if".
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Wed Dec 1 02:33:06 CET 2010 on sn-devel-104
|
|
|
|
|
|
talloc context
|
|
this fixes a use of the target_principal before initialisation
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Nov 15 02:09:40 UTC 2010 on sn-devel-104
|
|
The practice of returning only NT_STATUS_INVALID_PARAMETER hasn't
helped our users to debug problems effectivly, and so we now return
more errors and try and give a more useful debug message when then
happen.
Andrew Bartlett
|
|
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Nov 7 01:48:44 UTC 2010 on sn-devel-104
|
|
the waf build now generates the prototype declarations for us
|
|
this helps with the gentoo build. The problem is that without the
depenency, we don't add the cflags from the pkgconfig for com_err to
the build of auth/gensec. That really reflects a more general problem
with propogation of include dependencies, but this simple fix should
be enough for now.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Oct 31 13:13:33 UTC 2010 on sn-devel-104
|
|
The new waf-based build system now has all the same functionality, and
the old build system has been broken for quite some time.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
|
|
this fixes some double linking. The name 'KERBEROS' was also a bit
confusing, as it sounded like a base kerberos library, when it is in
fact part of auth
|