Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-04-06 | build: fixed the build without sasl libraries | Andrew Tridgell | 1 | -1/+2 | |
We need to only enable the cyrus_sasl module if we have sasl/sasl.h | |||||
2010-04-06 | build: waf quicktest nearly works | Andrew Tridgell | 1 | -5/+1 | |
Rewrote wafsamba using a new dependency handling system, and started adding the waf test code | |||||
2010-04-06 | build: commit all the waf build files in the tree | Andrew Tridgell | 1 | -0/+63 | |
2010-04-05 | Revert "s4:gensec_gssapi.c - make sure that "GSS_C_DELEG_POLICY_FLAG" is ↵ | Matthias Dieter Wallnöfer | 1 | -5/+0 | |
available" This reverts commit 3e091a82167f51b7d9abf00755bede9354932c6b. This should be fixed through the new build system when it lands in "master". | |||||
2010-03-30 | s4:gensec_gssapi.c - make sure that "GSS_C_DELEG_POLICY_FLAG" is available | Matthias Dieter Wallnöfer | 1 | -0/+5 | |
FreeBSD 7.2 needs this. | |||||
2010-03-29 | pytalloc: allow for using a system libtalloc-dev with pytalloc | Andrew Tridgell | 1 | -1/+1 | |
When we have a system talloc library, we still need to grab pytalloc.h from lib/talloc. We don't want to just use -Ilib/talloc, as otherwise we'll get the in-tree talloc.h which may not be compatible with the system talloc.h So we need to give the path to pytalloc.h | |||||
2010-03-26 | libutil: moved the networking defines to util_net.h | Andrew Tridgell | 2 | -0/+2 | |
These were causing thousands of warnings on solaris8 | |||||
2010-03-08 | s4-gensec: Fixed wrong usage of error_string. | Andreas Schneider | 1 | -1/+1 | |
Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2010-02-26 | s4:python Add bindings to set GENSEC flags on credentials in python | Andrew Bartlett | 1 | -0/+9 | |
This should allow these to be manipulated by python scripts that need encrypted connections. Andrew Bartlett | |||||
2010-02-26 | s4-krb5: propogate errors from a lot more kerberos functions | Andrew Tridgell | 2 | -9/+15 | |
We need to be able to give sensible error messages when a kerberos calls fails. This propogates the kerberos error up the stack to the caller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-02-23 | s4:cleanup remove unused schannel ldb code | Simo Sorce | 1 | -67/+0 | |
2010-02-23 | s4:schannel merge code with s3 | Simo Sorce | 2 | -22/+5 | |
After looking at the s4 side of the (s)channel :) I found out that it makes more sense to simply make it use the tdb based code than redo the same changes done to s3 to simplify the interface. Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet that does not solve the lookup speed, with ldb it is always going to be slower. Looking through the history it is evident that the schannel database doesn't really need greate expanadability. And lookups are always done with a single Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated. The schannel database is not really a persistent one. It can be discared during an upgrade without causing any real issue. all it contains is temproary session data. | |||||
2010-02-13 | s4-auth: use TYPESAFE_QSORT() in gensec | Andrew Tridgell | 1 | -1/+2 | |
2010-02-09 | s4:Remove "Py_RETURN_NONE" compatibility code | Matthias Dieter Wallnöfer | 1 | -4/+0 | |
This was needed only by Python 2.3 which we no longer support. | |||||
2009-12-24 | s4:gensec: change gensec_update_send/recv to tevent_req | Stefan Metzmacher | 3 | -58/+83 | |
metze | |||||
2009-12-16 | s4:gensec: allow clearing local and remote address by passing NULL | Stefan Metzmacher | 1 | -0/+10 | |
metze | |||||
2009-12-16 | s4-gensec: Remove obsolete socket_address vars and fns. | Andreas Schneider | 2 | -35/+0 | |
2009-12-16 | s4-gensec: Replace gensec_get_peer_addr with new tsocket based fn. | Andreas Schneider | 4 | -27/+21 | |
2009-12-16 | s4-gensec: Replace gensec_set_peer_addr with new tsocket based fn. | Andreas Schneider | 2 | -11/+0 | |
2009-12-16 | s4-gensec: Replace gensec_get_my_addr with new tsocket based fn. | Andreas Schneider | 3 | -23/+24 | |
2009-12-16 | s4-gensec: Replace gensec_set_my_addr() with new tsocket based fn. | Andreas Schneider | 2 | -10/+0 | |
2009-12-16 | s4-gensec: Added remote and local setter/getter using tsocket. | Andreas Schneider | 3 | -4/+127 | |
2009-10-24 | s4:gensec/schannel: remove unused talloc_reference() in schannel_update() | Stefan Metzmacher | 1 | -1/+1 | |
We never expose creds to the caller in schannel_update(). metze | |||||
2009-10-23 | s4-python: we need to include Python.h first | Andrew Tridgell | 1 | -1/+1 | |
If we don't include Python.h first then we get a pile of warnings due to broken redefines of XOPEN_SOURCE in the Python includes. | |||||
2009-10-23 | s4:gensec Use an index on computerName in schannel.ldb | Andrew Bartlett | 1 | -1/+4 | |
2009-10-23 | s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect() | Andrew Tridgell | 1 | -1/+1 | |
This allows us to reuse a ldb context if it is open twice, instead of going through the expensive process of a full ldb open. We can reuse it if all of the parameters are the same. The change relies on callers using talloc_unlink() or free of a parent to close a ldb context. | |||||
2009-10-23 | s4-dsdb: create a static system_session context | Andrew Tridgell | 1 | -2/+2 | |
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap | |||||
2009-10-20 | s4: ran minimal_includes.pl on source4/auth/gensec | Andrew Tridgell | 6 | -12/+0 | |
2009-10-14 | s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where needed | Matthias Dieter Wallnöfer | 1 | -9/+5 | |
For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way. | |||||
2009-10-02 | s4-pygensec: a bit closer to working | Andrew Tridgell | 3 | -9/+56 | |
I'll need help from Andrew on how to get gensec to initialise it's ops element | |||||
2009-09-26 | gensec: Avoid exposing lp_ctx on the API level. | Jelmer Vernooij | 3 | -14/+12 | |
2009-09-26 | pygensec: Add initial work on a gensec Python module. | Jelmer Vernooij | 3 | -0/+184 | |
2009-09-25 | s4:auth/gensec/schannel - fix a const warning | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
2009-09-25 | s4:schannel: fix some compiler warnings | Stefan Metzmacher | 1 | -2/+4 | |
If we only do signing we can pass down a const data buffer. metze | |||||
2009-09-17 | spnego: Support ASN.1 BIT STRING and use it in SPNEGO. | Kouhei Sutou | 1 | -2/+4 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2009-09-17 | spnego: share spnego_parse. | Günther Deschner | 4 | -475/+2 | |
Guenther | |||||
2009-09-16 | libcli/auth: rewrite schannel sign/seal code to be more generic | Stefan Metzmacher | 1 | -33/+56 | |
This prepares support for HMAC-SHA256/AES. metze | |||||
2009-09-16 | schannel: move schannel_sign to main directory. | Günther Deschner | 4 | -312/+3 | |
Guenther | |||||
2009-09-16 | s4-schannel: try to fix the build. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-09-16 | s4-schannel: first step of decoupling schannel from gensec. | Günther Deschner | 2 | -20/+51 | |
Guenther | |||||
2009-09-16 | s4-schannel: strip trailing whitespace. | Günther Deschner | 1 | -36/+36 | |
Guenther | |||||
2009-09-13 | s4-schannel: use NL_AUTH_MESSAGE for schannel. | Günther Deschner | 1 | -23/+35 | |
Guenther | |||||
2009-09-13 | s4-schannel: strip trailing whitespace. | Günther Deschner | 1 | -26/+26 | |
Guenther | |||||
2009-08-27 | s4-schannel: add ldb suffix to schannel functions. | Günther Deschner | 1 | -2/+2 | |
Guenther | |||||
2009-07-28 | s4:gensec/spnego: only generate the mechListMic when the server expects it | Stefan Metzmacher | 1 | -1/+2 | |
This fixes the ntvfs.cifs tests. metze | |||||
2009-07-24 | s4:gensec_gssapi: pass the correct oid to the gssapi layer. | Stefan Metzmacher | 1 | -4/+11 | |
metze | |||||
2009-07-24 | s4:gensec/spengo: make sure we send the blob with the micListMech signature ↵ | Stefan Metzmacher | 1 | -1/+1 | |
to the peer We should even do this if the submech has no more data to send. metze | |||||
2009-07-16 | s4:gensec Rework gensec_krb5 mutual authentication defaults | Andrew Bartlett | 1 | -24/+28 | |
When emulating Samba3 (which we do to ensure we don't break compatability), don't do mutual authentication by default, as it breaks the session key with AES and isn't what Samba3 does anyway. Andrew Bartlett | |||||
2009-07-16 | s4:gensec Allow mutual auth to be turned off in 'fake_gssapi_krb5' | Andrew Bartlett | 1 | -5/+15 | |
This allows the older 'like Samba3' GENSEC krb5 implementation to work against Windows 2008. I'm using this to track down interop issues in this area. Andrew Bartlett | |||||
2009-07-01 | gensec_start now steals the auth_context | Andrew Tridgell | 1 | -1/+3 | |