summaryrefslogtreecommitdiff
path: root/source4/auth/gensec
AgeCommit message (Collapse)AuthorFilesLines
2011-03-19source4/auth/gensec: Fix prototypes for all functions.Jelmer Vernooij7-1/+11
2011-03-04s4-nterr: move auth_nt_status_squash to nt_status_squash and move to nterr.cGünther Deschner1-1/+1
Guenther
2011-02-24build: moved spnego_parse.c into a common subsystemAndrew Tridgell1-2/+2
2011-02-24build: moved schannel_sign.c into a shared COMMON_SCHANNEL subsystemAndrew Tridgell1-2/+2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-10ldb: use #include <ldb.h> for ldbAndrew Tridgell1-1/+1
thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-09s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett4-21/+42
This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
2011-01-19s4-gensec Remove special case 'for SASL' that is not required any more.Andrew Bartlett1-13/+0
I've examined the code paths involved, and it appears an alternative fix has been made in the ldap_server/ldap_bind.c code, and there is no code path that uses this behaviour. Andrew Bartlett
2011-01-19pygensec: remove special case handling for None for buffersAndrew Tridgell1-35/+28
always returning a buffer makes life easier for callers Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-18s4-gensec Extend python bindings for GENSEC and the associated testAndrew Bartlett1-21/+223
This now tests a real GENSEC exchange, including wrap and unwrap, using GSSAPI. Therefore, it now needs to access a KDC. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Jan 18 11:41:26 CET 2011 on sn-devel-104
2011-01-18s4-pygensec Fix indentation of py_gensec_start_mech_by_name()Andrew Bartlett1-11/+11
2011-01-18s4-pygensec Add bindings for server_start() and update()Andrew Bartlett1-4/+96
2011-01-18s4-pyauth Use py_talloc_get_type() for greater talloc binding safetyAndrew Bartlett1-6/+9
This does a talloc check of the returned pointer before casting it. Andrew Bartlett
2011-01-18s4-gensec Don't steal the auth_context, reference it.Andrew Bartlett1-2/+6
We don't want to steal this pointer away from the caller if it's been set up from python. Andrew Bartlett
2011-01-03s4:gensec/schannel: use netsec_outgoing_sig_size() to get the signature sizeStefan Metzmacher1-1/+6
metze
2010-12-21s4-auth Remove duplicate copies of session_info creation codeAndrew Bartlett1-6/+10
We now just do or do not call into LDB based on some flags. This means there may be some more link time dependencies, but we seem to deal with those better now. Andrew Bartlett
2010-12-21s4:auth/gensec/spnego.c - remove unused variable "principal"Matthias Dieter Wallnöfer1-1/+0
2010-12-14s4:gensec/spnego: only look at the optimistic token if we support the first mechStefan Metzmacher1-4/+20
As a server only try the mechs the client proposed and only call gensec_update() with the optimistic token for the first mech in the list. If the server doesn't support the first mech we pick the first one in the clients list we also support. That's how w2k8r2 works. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Dec 14 16:50:50 CET 2010 on sn-devel-104
2010-12-09s4-spnego Match Windows 2008, and no longer supply a name in the CIFS NegprotAndrew Bartlett1-10/+1
Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 9 08:50:28 CET 2010 on sn-devel-104
2010-12-08s4-pkgconfig: add @LIB_RPATH@ to our link flagsAndrew Tridgell1-1/+1
this is only set when rpath is used on install. It ensures that applications that link against Samba libraries get the rpath right Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Dec 8 12:46:00 CET 2010 on sn-devel-104
2010-12-08s4-spnego use "not_defined_in_RFC4178@please_ignore" if no principal specifiedAndrew Bartlett1-0/+2
We need to make this the default, but for now just send it if we have not been given a target principal. Andrew Bartlett
2010-12-08libcli/auth bring ADS_IGNORE_PRINCIPAL in commonAndrew Bartlett1-1/+2
2010-12-04s4:auth/gensec/gensec_krb5.c - fix/reorder memory free operationsMatthias Dieter Wallnöfer1-3/+15
To prevent memory leaks
2010-12-04s4:auth/gensec/gensec_krb5.c - remove a pointless "nt_status" testMatthias Dieter Wallnöfer1-8/+3
There is no operation which sets the "nt_status" before the "if".
2010-12-01pygensec: Fix initialization.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Wed Dec 1 02:33:06 CET 2010 on sn-devel-104
2010-12-01pygensec: Use talloc.Object.Jelmer Vernooij1-1/+4
2010-11-29s4:auth/gensec/gensec_tstream.c - quiet warnings on Solaris "cc"Matthias Dieter Wallnöfer1-2/+2
2010-11-29s4:auth/gensec/gensec_gssapi.c - always print error messages on the same ↵Matthias Dieter Wallnöfer1-2/+2
talloc context
2010-11-17s4-gensec: zero the gssapi_stateAndrew Tridgell1-1/+1
this fixes a use of the target_principal before initialisation Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-15s4-gensec Indicate if GENSEC is in client or server mode in the debugAndrew Bartlett1-2/+4
2010-11-15auth/gensec Handle incorrect username or password in Kerberos client codeAndrew Bartlett2-0/+3
Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Nov 15 02:09:40 UTC 2010 on sn-devel-104
2010-11-08s4-auth Supply more useful error messages on Kerberos failureAndrew Bartlett3-13/+28
The practice of returning only NT_STATUS_INVALID_PARAMETER hasn't helped our users to debug problems effectivly, and so we now return more errors and try and give a more useful debug message when then happen. Andrew Bartlett
2010-11-08s4-auth Fix typos in samba4 auth codeBrad Hards1-7/+7
2010-11-07credentials: Lowercase library name,Jelmer Vernooij1-5/+5
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Nov 7 01:48:44 UTC 2010 on sn-devel-104
2010-11-01s4-modules: get rid of the remaining static prototypes for modulesAndrew Tridgell1-11/+2
the waf build now generates the prototype declarations for us
2010-10-31s4-auth: added a dependency on com_errAndrew Tridgell1-1/+1
this helps with the gentoo build. The problem is that without the depenency, we don't add the cflags from the pkgconfig for com_err to the build of auth/gensec. That really reflects a more general problem with propogation of include dependencies, but this simple fix should be enough for now. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sun Oct 31 13:13:33 UTC 2010 on sn-devel-104
2010-10-31s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij2-84/+0
The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
2010-10-30s4-auth: make KERBEROS subsystem into authkrb5 private libraryAndrew Tridgell1-2/+2
this fixes some double linking. The name 'KERBEROS' was also a bit confusing, as it sounded like a base kerberos library, when it is in fact part of auth
2010-10-26talloc: change pytalloc-util to be a public library.Jelmer Vernooij1-1/+1
2010-10-26waf: Remove lib prefix from libraries manually.Jelmer Vernooij1-2/+2
2010-10-26s4: Drop duplicate 'lib' prefix for private libraries.Jelmer Vernooij1-1/+1
2010-10-24s4: Rename LIBSAMBA-* to libsamba-*Jelmer Vernooij1-1/+1
2010-10-21s4-waf: removed the XATTR and SASL aliasesAndrew Tridgell1-1/+1
these were hangovers from the old build system names Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-19s4-gensec Don't give more to sasl_encode() than it will permitAndrew Bartlett1-3/+10
We need to ask the library how much data to pass in at any time. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 19 08:37:45 UTC 2010 on sn-devel-104
2010-10-19s4-gensec Don't upgrade all DIGEST-MD5 connections to sealAndrew Bartlett1-12/+21
The issue here is that when props.max_ssf = UINT_MAX was always set, as was the maxbufsize, and the connection would always be upgraded, regardless of the callers wishes. Andrew Bartlett
2010-10-18s4-gensec: Add dependency on com_err to GENSEC_KRB5.Andreas Schneider1-1/+1
2010-10-11s4-credentials Add explicit event context handling to Kerberos calls (only)Andrew Bartlett2-16/+32
By setting the event context to use for this operation (only) onto the krb5_context just before we call that operation, we can try and emulate the specification of an event context to the actual send_to_kdc() This eliminates the specification of an event context to many other cli_credentials calls, and the last use of event_context_find() Special care is taken to restore the event context in the event of nesting in the send_to_kdc function. Andrew Bartlett
2010-10-11credentials: Split up into several subsystems.Jelmer Vernooij1-3/+3
2010-10-10gensec: Support building without any linked-in modules.Jelmer Vernooij1-0/+4
2010-10-05Add missing dependencies for com_err.Jelmer Vernooij1-0/+1
2010-10-05heimdal: Fix library name of gssapi.Jelmer Vernooij1-1/+1