summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2009-06-18s4:kdc Allow a password change when the password is expiredAndrew Bartlett3-7/+9
This requires a rework on Heimdal's windc plugin layer, as we want full control over what tickets Heimdal will issue. (In particular, in case our requirements become more complex in future). The original problem was that Heimdal's check would permit the ticket, but Samba would then deny it, not knowing it was for kadmin/changepw Also (in hdb-samba4) be a bit more careful on what entries we will make the 'change_pw' service mark that this depends on. Andrew Bartlett
2009-06-18s4:gensec Print GSSAPI error message when unable to find PACAndrew Bartlett1-1/+3
2009-06-17pycredentials: Raise MemoryError when unable to create objects.Jelmer Vernooij1-1/+6
2009-06-17pycredentials: Fix memory leak.Jelmer Vernooij1-1/+7
2009-06-12s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵Andrew Bartlett6-15/+27
904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
2009-06-10Clarify and expand the Kerberos notes made by Andrew Bartlett in 2005Donald T. Davis1-154/+448
Compiled with Andrew over a series of phone calls and gobby sessions, with the aim of documenting Kerberos requirements for Samba to us an alternate (ie, MIT) Kerberos library. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-06-10Remove copy of kerberos-notes.txt added in incorrect locationAndrew Bartlett1-760/+0
2009-06-10Clarify and expand the Kerberos notes made by Andrew Bartlett in 2005Donald T. Davis1-0/+760
Compiled with Andrew over a series of phone calls and gobby sessions with Andrew, with the aim of documenting Kerberos requirements for Samba to us an alternate (ie, MIT) Kerberos library. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-06-04changed the auth path to use extended DN ops to avoid non-indexed searchesAndrew Tridgell2-65/+66
Logs showed that every SAM authentication was causing a non-indexed ldb search for member=XXX. This was previously indexed in Samba4, but since we switched to using the indexes from the full AD schema it now isn't. The fix is to use the extended DN operations to allow us to ask the server for the memberOf attribute instead, with with the SIDs attached to the result. This also means one less search on every authentication. The patch is made more complex by the fact that some common routines use the result of these user searches, so we had to update all searches that uses user_attrs and those common routines to make sure they all returned a ldb_message with a memberOf filled in and the SIDs attached.
2009-06-02Fix more unresolved symbols.Jelmer Vernooij2-10/+1
2009-06-02python: Move helper functions for using param into a separate file ratherJelmer Vernooij2-2/+2
than linking against the python module.
2009-06-02Fix dependencies when using shared libraries.Jelmer Vernooij2-1/+2
2009-05-26use domain_dn not ncnameAndrew Tridgell1-3/+2
fixed up from previous patch that removed the use of crossref records
2009-05-26Don't use crossRef records to find our own domainAndrew Bartlett3-154/+47
A single AD server can only host a single domain, so don't stuff about with looking up our crossRef record in the cn=Partitions container. We instead trust that lp_realm() and lp_workgroup() works correctly. Andrew Bartlett
2009-05-25fixed interpretation of ACB_PWNOTREQAndrew Tridgell1-14/+0
This bit actually means that we should ignore the minimum password length field for this user. It doesn't mean that the password should be seen as empty
2009-04-19Remove unused headersAndrew Bartlett4-9/+2
2009-04-16Fix Samba4 build errors with common libcli/samsyncAndrew Bartlett5-6/+5
2009-04-14Rework to use new API for common netlogon credential chainingAndrew Bartlett1-1/+1
2009-04-14Rework Samba4 to use the new common libcli/auth codeAndrew Bartlett6-23/+31
In particular, this is the rename from creds_ to netlogon_creds_, as well as other links to use the new common crypto. Andrew Bartlett
2009-04-14Push schannel_state.c into the top level.Andrew Bartlett2-284/+1
This is the server side state for netlogon credential chaining Andrew Bartlett
2009-04-14Port Samba4 to the new combined libcli/auth functionsAndrew Bartlett2-6/+1
For example, some of the new shared functionality was previously in the wkssvc torture test. Andrew Bartlett
2009-04-14Move ntlm_check.h into the common libcli/authAndrew Bartlett1-76/+0
2009-04-14Move MSRPC-PARSE into the common libcli/authAndrew Bartlett2-374/+0
This is a depenceny of smbencrypt.c
2009-04-14Move libcli/auth to the top levelAndrew Bartlett1-603/+0
2009-03-26Merge branch 'master' of git://git.samba.org/sambaJelmer Vernooij2-5/+2
2009-03-26s4:auth/credentials: use krb5_data_free()Stefan Metzmacher1-5/+1
metze
2009-03-26s4:auth/credentials: include gssapi/gssapi_krb5.hStefan Metzmacher1-0/+1
metze
2009-03-15Strip /usr/include from include flags, so we don't end up includingJelmer Vernooij1-0/+2
the system tevent if it's too old.
2009-03-15Remove -L/usr/lib from a couple more make variables.Jelmer Vernooij1-0/+1
2009-03-01Use common header file for character set handling in Samba 3 and Samba 4.Jelmer Vernooij1-16/+20
2009-03-01s4: Use same function signature for convert_* as s3.Jelmer Vernooij1-1/+1
2009-03-01Add allow_badcharcnv argument to all conversion function, forJelmer Vernooij1-1/+1
consistency with Samba 3.
2009-02-13Push sam_get_server_info_principal into the auth subsystemAndrew Bartlett8-63/+122
This means it must be accessed via the supplied auth_context in the GENSEC server, and should remove the hard depenceny of GENSEC on the auth subsystem and ldb (allowing LDB not to rely on LDB is considered a good thing, apparently) Andrew Bartlett
2009-02-13Remove auth/ntlm as a dependency of GENSEC by means of function pointers.Andrew Bartlett10-31/+136
When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett
2009-02-05s4:auth/ntlm: fix c++ warningStefan Metzmacher1-1/+1
metze
2009-02-05s4:pyauth: fix compiler warningsStefan Metzmacher1-1/+1
metze
2009-02-05s4:pycredentials: fix compiler warningsStefan Metzmacher2-26/+25
metze
2009-02-02s4:auth/credentials: the python bindings don't use swig anymoreStefan Metzmacher1-4/+2
metze
2009-02-02s4:auth: the python bindings don't use swig anymoreStefan Metzmacher1-3/+2
metze
2009-02-02s4:auth/kerberos: s/private/private_dataStefan Metzmacher1-10/+10
metze
2009-02-02s4:auth/gensec: s/private/private_dataStefan Metzmacher1-10/+10
metze
2009-02-01Make schannel not depend on samdb anymore.Simo Sorce2-6/+61
2009-01-31s4:auth: try to fix the build on SolarisStefan Metzmacher1-0/+1
MAXHOSTNAMELEN comes in via system/network.h now. metze
2009-01-25Add prototypes required by samba-gtk.Jelmer Vernooij1-0/+9
2009-01-21s4:auth: move make_server_info_netlogon_validation() function arroundStefan Metzmacher5-147/+141
metze
2009-01-08Avoid using a utility header for Python replacements included in Samba,Jelmer Vernooij1-1/+5
since this will not be shipped with talloc/tdb/tevent/etc.
2009-01-07s3/s4 build: Fix Py_RETURN_NONE to work with python versions < 2.4Tim Prouty1-0/+1
2009-01-06py: Properly increase the reference counter of Py_None.Jelmer Vernooij1-6/+6
2009-01-03s4:auth/kerberos: convert to tevent_* apiStefan Metzmacher2-14/+13
metze
2009-01-03s4:socket: use a socket_wrapper aware function to auto close the fd event ↵Stefan Metzmacher1-4/+5
for sockets metze