summaryrefslogtreecommitdiff
path: root/source4/auth/gensec
AgeCommit message (Collapse)AuthorFilesLines
2010-11-17s4-gensec: zero the gssapi_stateAndrew Tridgell1-1/+1
this fixes a use of the target_principal before initialisation Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-15s4-gensec Indicate if GENSEC is in client or server mode in the debugAndrew Bartlett1-2/+4
2010-11-15auth/gensec Handle incorrect username or password in Kerberos client codeAndrew Bartlett2-0/+3
Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Nov 15 02:09:40 UTC 2010 on sn-devel-104
2010-11-08s4-auth Supply more useful error messages on Kerberos failureAndrew Bartlett3-13/+28
The practice of returning only NT_STATUS_INVALID_PARAMETER hasn't helped our users to debug problems effectivly, and so we now return more errors and try and give a more useful debug message when then happen. Andrew Bartlett
2010-11-08s4-auth Fix typos in samba4 auth codeBrad Hards1-7/+7
2010-11-07credentials: Lowercase library name,Jelmer Vernooij1-5/+5
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Nov 7 01:48:44 UTC 2010 on sn-devel-104
2010-11-01s4-modules: get rid of the remaining static prototypes for modulesAndrew Tridgell1-11/+2
the waf build now generates the prototype declarations for us
2010-10-31s4-auth: added a dependency on com_errAndrew Tridgell1-1/+1
this helps with the gentoo build. The problem is that without the depenency, we don't add the cflags from the pkgconfig for com_err to the build of auth/gensec. That really reflects a more general problem with propogation of include dependencies, but this simple fix should be enough for now. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sun Oct 31 13:13:33 UTC 2010 on sn-devel-104
2010-10-31s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij2-84/+0
The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
2010-10-30s4-auth: make KERBEROS subsystem into authkrb5 private libraryAndrew Tridgell1-2/+2
this fixes some double linking. The name 'KERBEROS' was also a bit confusing, as it sounded like a base kerberos library, when it is in fact part of auth
2010-10-26talloc: change pytalloc-util to be a public library.Jelmer Vernooij1-1/+1
2010-10-26waf: Remove lib prefix from libraries manually.Jelmer Vernooij1-2/+2
2010-10-26s4: Drop duplicate 'lib' prefix for private libraries.Jelmer Vernooij1-1/+1
2010-10-24s4: Rename LIBSAMBA-* to libsamba-*Jelmer Vernooij1-1/+1
2010-10-21s4-waf: removed the XATTR and SASL aliasesAndrew Tridgell1-1/+1
these were hangovers from the old build system names Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-19s4-gensec Don't give more to sasl_encode() than it will permitAndrew Bartlett1-3/+10
We need to ask the library how much data to pass in at any time. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 19 08:37:45 UTC 2010 on sn-devel-104
2010-10-19s4-gensec Don't upgrade all DIGEST-MD5 connections to sealAndrew Bartlett1-12/+21
The issue here is that when props.max_ssf = UINT_MAX was always set, as was the maxbufsize, and the connection would always be upgraded, regardless of the callers wishes. Andrew Bartlett
2010-10-18s4-gensec: Add dependency on com_err to GENSEC_KRB5.Andreas Schneider1-1/+1
2010-10-11s4-credentials Add explicit event context handling to Kerberos calls (only)Andrew Bartlett2-16/+32
By setting the event context to use for this operation (only) onto the krb5_context just before we call that operation, we can try and emulate the specification of an event context to the actual send_to_kdc() This eliminates the specification of an event context to many other cli_credentials calls, and the last use of event_context_find() Special care is taken to restore the event context in the event of nesting in the send_to_kdc function. Andrew Bartlett
2010-10-11credentials: Split up into several subsystems.Jelmer Vernooij1-3/+3
2010-10-10gensec: Support building without any linked-in modules.Jelmer Vernooij1-0/+4
2010-10-05Add missing dependencies for com_err.Jelmer Vernooij1-0/+1
2010-10-05heimdal: Fix library name of gssapi.Jelmer Vernooij1-1/+1
2010-10-02s4-gensec Always honour the set server principalAndrew Bartlett1-1/+1
The spengo code won't set this unless it is allowed to by this same option, but other callers may need it. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Oct 2 02:27:39 UTC 2010 on sn-devel-104
2010-09-28s4:gensec_tstream: remove plain socket handlingStefan Metzmacher1-124/+12
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 04:54:24 UTC 2010 on sn-devel-104
2010-09-28s4:gensec: add gensec_create_tstream()Stefan Metzmacher3-1/+764
Based on the initial patch from Andreas Schneider <asn@redhat.com>. metze
2010-09-26s4-gensec: fixed a valgrind error in gensecAndrew Tridgell1-12/+2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-26s4:schannel: handle move flag combinations in the serverStefan Metzmacher1-13/+23
This fixes some testsuites in the CIFS plugfest. metze
2010-09-23s4-gensec: fixed a client side bug in GENSEC/SASL/SSF negotiationAndrew Tridgell1-7/+10
this is the client side equivalent change for the previous fix Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-23s4-gensec: prevent a double free in the error path of GSSAPI authAndrew Tridgell1-1/+0
the caller frees mem_ctx, so we shouldn't Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-23s4-gensec: fixed a GSSAPI SASL negotiation bugAndrew Tridgell1-11/+14
Fixed a bug that affected mismatched negotiation between the GSSAPI layer and the SASL SSF subsequent negotiation. This caused some ldap clients to hang when trying to authentication with a Samba LDAP server. The client thought the connection should be signed, the server thought it should be in plain text Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-22s4-param: Fix more memory leaks, invalid memory context.Jelmer Vernooij1-1/+1
2010-09-22s4-param: Check type when converting python object to lp_ctx, fix someJelmer Vernooij1-0/+18
memory leaks.
2010-09-22pygensec: Implement start_mech_by_name().Jelmer Vernooij2-8/+30
2010-09-21s4-selftest: Move more tests to scripting/python, simplifies running of tests.Jelmer Vernooij1-39/+0
2010-09-14s4: Fix two typosVolker Lendecke1-2/+2
2010-09-11s4:gensec Put the "NTLM" string for NTLMSSP's SASL name in a headerAndrew Bartlett1-0/+2
2010-08-09s4-build: use @PACKAGE_VERSION@ in s4 pc.in filesAndrew Tridgell1-1/+1
this gets replaced by vnum from the build rule
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell5-12/+12
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-24s4:auth/gensec/gensec_gssapi.c - reorder constructorMatthias Dieter Wallnöfer1-30/+38
To have the same order as in the structure definition.
2010-06-24s4-python: python is not always in /usr/binAndrew Tridgell1-1/+1
Using "#!/usr/bin/env python" is more portable. It still isn't ideal though, as we should really use the python path found at configure time. We do that in many places already, but some don't. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-19python: Use samba.tests.TestCase, make sure base class tearDown andJelmer Vernooij1-4/+4
setUp methods are called, fix formatting.
2010-06-15ldb: Only build standard ldb modules when building bundled ldb.Jelmer Vernooij1-1/+1
2010-06-13s4-test: Use smb.conf path set in environment rather than usingJelmer Vernooij1-2/+2
command-line options. This is the first step towards supporting custom test runners.
2010-05-21s4:auth Remove un-needed headers.Andrew Bartlett1-1/+0
2010-05-20s4:auth Change auth_generate_session_info to take flagsAndrew Bartlett1-1/+7
This allows us to control what groups should be added in what use cases, and in particular to more carefully control the introduction of the 'authenticated' group. In particular, in the 'service_named_pipe' protocol, we do not have control over the addition of the authenticated users group, so we key of 'is this user the anonymous SID'. This also takes more care to allocate the right length ptoken->sids Andrew Bartlett
2010-05-20s4:auth Allow the operational module to get a user's tokenGroups from authAndrew Bartlett2-1/+2
This creates a new interface to the auth subsystem, to allow an auth_context to be created from the ldb, and then tokenGroups to be calculated in the same way that the auth subsystem would. Andrew Bartlett
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij5-12/+3
2010-05-14s4:gensec expose gensec_set_target_principal for use outside GENSECAndrew Bartlett4-3/+8
This allows for the rare case where the caller knows the target principal. The check for lp_client_use_spnego_principal() is moved to the spengo code to make this work. Andrew Bartlett
2010-05-02s4:credentials Make the CCACHE in credentials depend on the things that built itAndrew Bartlett2-1/+12
This means that we consider the ccache only as reliable as the least specified of the inputs we used. This means that we will regenerate the ccache if any of the inputs change. Andrew Bartlett