summaryrefslogtreecommitdiff
path: root/source4/auth/gensec
AgeCommit message (Collapse)AuthorFilesLines
2009-10-24s4:gensec/schannel: remove unused talloc_reference() in schannel_update()Stefan Metzmacher1-1/+1
We never expose creds to the caller in schannel_update(). metze
2009-10-23s4-python: we need to include Python.h firstAndrew Tridgell1-1/+1
If we don't include Python.h first then we get a pile of warnings due to broken redefines of XOPEN_SOURCE in the Python includes.
2009-10-23s4:gensec Use an index on computerName in schannel.ldbAndrew Bartlett1-1/+4
2009-10-23s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()Andrew Tridgell1-1/+1
This allows us to reuse a ldb context if it is open twice, instead of going through the expensive process of a full ldb open. We can reuse it if all of the parameters are the same. The change relies on callers using talloc_unlink() or free of a parent to close a ldb context.
2009-10-23s4-dsdb: create a static system_session contextAndrew Tridgell1-2/+2
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
2009-10-20s4: ran minimal_includes.pl on source4/auth/gensecAndrew Tridgell6-12/+0
2009-10-14s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where neededMatthias Dieter Wallnöfer1-9/+5
For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way.
2009-10-02s4-pygensec: a bit closer to workingAndrew Tridgell3-9/+56
I'll need help from Andrew on how to get gensec to initialise it's ops element
2009-09-26gensec: Avoid exposing lp_ctx on the API level.Jelmer Vernooij3-14/+12
2009-09-26pygensec: Add initial work on a gensec Python module.Jelmer Vernooij3-0/+184
2009-09-25s4:auth/gensec/schannel - fix a const warningMatthias Dieter Wallnöfer1-1/+2
2009-09-25s4:schannel: fix some compiler warningsStefan Metzmacher1-2/+4
If we only do signing we can pass down a const data buffer. metze
2009-09-17spnego: Support ASN.1 BIT STRING and use it in SPNEGO.Kouhei Sutou1-2/+4
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17spnego: share spnego_parse.Günther Deschner4-475/+2
Guenther
2009-09-16libcli/auth: rewrite schannel sign/seal code to be more genericStefan Metzmacher1-33/+56
This prepares support for HMAC-SHA256/AES. metze
2009-09-16schannel: move schannel_sign to main directory.Günther Deschner4-312/+3
Guenther
2009-09-16s4-schannel: try to fix the build.Günther Deschner1-1/+1
Guenther
2009-09-16s4-schannel: first step of decoupling schannel from gensec.Günther Deschner2-20/+51
Guenther
2009-09-16s4-schannel: strip trailing whitespace.Günther Deschner1-36/+36
Guenther
2009-09-13s4-schannel: use NL_AUTH_MESSAGE for schannel.Günther Deschner1-23/+35
Guenther
2009-09-13s4-schannel: strip trailing whitespace.Günther Deschner1-26/+26
Guenther
2009-08-27s4-schannel: add ldb suffix to schannel functions.Günther Deschner1-2/+2
Guenther
2009-07-28s4:gensec/spnego: only generate the mechListMic when the server expects itStefan Metzmacher1-1/+2
This fixes the ntvfs.cifs tests. metze
2009-07-24s4:gensec_gssapi: pass the correct oid to the gssapi layer.Stefan Metzmacher1-4/+11
metze
2009-07-24s4:gensec/spengo: make sure we send the blob with the micListMech signature ↵Stefan Metzmacher1-1/+1
to the peer We should even do this if the submech has no more data to send. metze
2009-07-16s4:gensec Rework gensec_krb5 mutual authentication defaultsAndrew Bartlett1-24/+28
When emulating Samba3 (which we do to ensure we don't break compatability), don't do mutual authentication by default, as it breaks the session key with AES and isn't what Samba3 does anyway. Andrew Bartlett
2009-07-16s4:gensec Allow mutual auth to be turned off in 'fake_gssapi_krb5'Andrew Bartlett1-5/+15
This allows the older 'like Samba3' GENSEC krb5 implementation to work against Windows 2008. I'm using this to track down interop issues in this area. Andrew Bartlett
2009-07-01gensec_start now steals the auth_contextAndrew Tridgell1-1/+3
2009-06-18s4:gensec Print GSSAPI error message when unable to find PACAndrew Bartlett1-1/+3
2009-06-12s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵Andrew Bartlett1-0/+3
904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
2009-06-02Fix dependencies when using shared libraries.Jelmer Vernooij1-1/+1
2009-04-19Remove unused headersAndrew Bartlett1-4/+2
2009-04-16Fix Samba4 build errors with common libcli/samsyncAndrew Bartlett1-0/+1
2009-04-14Rework to use new API for common netlogon credential chainingAndrew Bartlett1-1/+1
2009-04-14Rework Samba4 to use the new common libcli/auth codeAndrew Bartlett3-13/+26
In particular, this is the rename from creds_ to netlogon_creds_, as well as other links to use the new common crypto. Andrew Bartlett
2009-04-14Push schannel_state.c into the top level.Andrew Bartlett2-284/+1
This is the server side state for netlogon credential chaining Andrew Bartlett
2009-02-13Push sam_get_server_info_principal into the auth subsystemAndrew Bartlett3-7/+24
This means it must be accessed via the supplied auth_context in the GENSEC server, and should remove the hard depenceny of GENSEC on the auth subsystem and ldb (allowing LDB not to rely on LDB is considered a good thing, apparently) Andrew Bartlett
2009-02-13Remove auth/ntlm as a dependency of GENSEC by means of function pointers.Andrew Bartlett3-17/+16
When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett
2009-02-02s4:auth/gensec: s/private/private_dataStefan Metzmacher1-10/+10
metze
2009-02-01Make schannel not depend on samdb anymore.Simo Sorce2-6/+61
2009-01-21s4:auth: move make_server_info_netlogon_validation() function arroundStefan Metzmacher1-1/+1
metze
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher4-17/+17
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-24Rename samba-socket -> samba_socket to fix a couple more compilerJelmer Vernooij1-1/+1
warnings.
2008-12-23Add missing includes, required for use of gensec by 3rd-partyMatthias Dieter Wallnöfer1-0/+3
applications.
2008-12-17s4: fix LIBEVENTS dependencies and use more forward declarationsStefan Metzmacher1-0/+1
We should only include events.h where we really need it and prefer forward declarations of 'struct event_context' metze
2008-11-02Fix the build.Jelmer Vernooij3-19/+43
2008-11-02Remove use of global_loadparm for disabled gensec backends.Jelmer Vernooij3-4/+25
2008-11-02Fix the build.Jelmer Vernooij1-2/+2
2008-11-02Add gensec_settings structure. This wraps loadparm_context for now, butJelmer Vernooij5-47/+65
should in the future only contain some settings required for gensec.
2008-10-20Make sure prototypes are always included, make some functions static andJelmer Vernooij3-2/+3
remove some unused functions.