Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This changes auth_serversupplied_info into the IDL-defined struct
auth_user_info_dc. This then in turn contains a struct
auth_user_info, which is the only part of the structure that is
mainted into the struct session_info.
The idea here is to avoid keeping the incomplete results of the
authentication (such as session keys, lists of SID memberships etc) in
a namespace where it may be confused for the finalised results.
Andrew Barltett
|
|
I've examined the code paths involved, and it appears an alternative
fix has been made in the ldap_server/ldap_bind.c code, and there is no
code path that uses this behaviour.
Andrew Bartlett
|
|
always returning a buffer makes life easier for callers
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This now tests a real GENSEC exchange, including wrap and unwrap,
using GSSAPI. Therefore, it now needs to access a KDC.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jan 18 11:41:26 CET 2011 on sn-devel-104
|
|
|
|
|
|
This does a talloc check of the returned pointer before casting it.
Andrew Bartlett
|
|
We don't want to steal this pointer away from the caller if it's been
set up from python.
Andrew Bartlett
|
|
metze
|
|
We now just do or do not call into LDB based on some flags.
This means there may be some more link time dependencies, but we seem
to deal with those better now.
Andrew Bartlett
|
|
|
|
As a server only try the mechs the client proposed
and only call gensec_update() with the optimistic token
for the first mech in the list.
If the server doesn't support the first mech we pick the
first one in the clients list we also support.
That's how w2k8r2 works.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Dec 14 16:50:50 CET 2010 on sn-devel-104
|
|
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 9 08:50:28 CET 2010 on sn-devel-104
|
|
this is only set when rpath is used on install. It ensures that
applications that link against Samba libraries get the rpath right
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Dec 8 12:46:00 CET 2010 on sn-devel-104
|
|
We need to make this the default, but for now just send it if we have
not been given a target principal.
Andrew Bartlett
|
|
|
|
To prevent memory leaks
|
|
There is no operation which sets the "nt_status" before the "if".
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Wed Dec 1 02:33:06 CET 2010 on sn-devel-104
|
|
|
|
|
|
talloc context
|
|
this fixes a use of the target_principal before initialisation
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Nov 15 02:09:40 UTC 2010 on sn-devel-104
|
|
The practice of returning only NT_STATUS_INVALID_PARAMETER hasn't
helped our users to debug problems effectivly, and so we now return
more errors and try and give a more useful debug message when then
happen.
Andrew Bartlett
|
|
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Nov 7 01:48:44 UTC 2010 on sn-devel-104
|
|
the waf build now generates the prototype declarations for us
|
|
this helps with the gentoo build. The problem is that without the
depenency, we don't add the cflags from the pkgconfig for com_err to
the build of auth/gensec. That really reflects a more general problem
with propogation of include dependencies, but this simple fix should
be enough for now.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Oct 31 13:13:33 UTC 2010 on sn-devel-104
|
|
The new waf-based build system now has all the same functionality, and
the old build system has been broken for quite some time.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
|
|
this fixes some double linking. The name 'KERBEROS' was also a bit
confusing, as it sounded like a base kerberos library, when it is in
fact part of auth
|
|
|
|
|
|
|
|
|
|
these were hangovers from the old build system names
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
We need to ask the library how much data to pass in at any time.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 19 08:37:45 UTC 2010 on sn-devel-104
|
|
The issue here is that when props.max_ssf = UINT_MAX was always set,
as was the maxbufsize, and the connection would always be upgraded,
regardless of the callers wishes.
Andrew Bartlett
|
|
|
|
By setting the event context to use for this operation (only) onto
the krb5_context just before we call that operation, we can try
and emulate the specification of an event context to the actual send_to_kdc()
This eliminates the specification of an event context to many other
cli_credentials calls, and the last use of event_context_find()
Special care is taken to restore the event context in the event of
nesting in the send_to_kdc function.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
The spengo code won't set this unless it is allowed to by this
same option, but other callers may need it.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Oct 2 02:27:39 UTC 2010 on sn-devel-104
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Sep 28 04:54:24 UTC 2010 on sn-devel-104
|