summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2010-04-27s4:gensec Use a different form of 'name' in GSSAPI import_name()Andrew Bartlett1-3/+3
The idea here is to make it not dependent on the system's default realm. Andrew Bartlett
2010-04-27s4:kerberos Give a better error message than "Could not allocate memory"Andrew Bartlett1-3/+3
Andrew Bartlett
2010-04-20pytalloc: ensure talloc_ctx is directly after PyObject_HEADAndrew Tridgell1-1/+1
the talloc python interface for tp_alloc and tp_dealloc relies on a cast to a py_talloc_Object to find the talloc_ctx (see py_talloc_dealloc). This means we rely on the talloc_ctx for the object being directly after the PyObject_HEAD This fixes the talloc free with references bug in samba_dnsupdate The actual problem was the tp_alloc() call in PyCredentialCacheContainer_from_ccache_container() which used a cast from a py_talloc_Object to a PyCredentialCacheContainerObject. That case effectively changed the parent/child relationship between the talloc_ctx and the ccc ptr. This patch changes all the structures that follow this pattern to put the TALLOC_CTX directly after the PyObject_HEAD, to ensure that if anyone else decides to do a dangerous cast like this that it won't cause the same sort of subtle breakage. Pair-Programmed-With: Rusty Russell <rusty@samba.org>
2010-04-19s4-python: PyErr_SetString() will crash on NULL stringsAndrew Tridgell1-1/+1
use nt_errstr() when no error available
2010-04-14s4:auth Change auth_generate_session_info to take an auth contextAndrew Bartlett13-40/+71
The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-04-14s4:auth Allow the simple 'struct auth_session_info' generator for all usersAndrew Bartlett1-3/+3
This code isn't ideal, but it is better than needing to consult the main SamDB in things like a torture test. Andrew Bartlett
2010-04-12s4:auth/auth_sam_reply.c - fix counter typesMatthias Dieter Wallnöfer1-3/+3
2010-04-12lib/replace/wscript: inline LIBREPLACE_EXT into 'replace' as the autoconf ↵Stefan Metzmacher1-1/+1
system does metze
2010-04-11s4:auth Remove event context from anonymous_session()Andrew Bartlett4-120/+117
This should always return a simple structure with no need to consult a DB, so remove the event context, and simplfy to call helper functions that don't look at privilages. Andrew Bartlett
2010-04-10s4:credentials Add the functions needed to do S4U2Self with cli_credentialsAndrew Bartlett6-50/+208
A torture test to demonstrate will be added soon. Andrew Bartlett
2010-04-10s4:credentials talloc_free() any previous salt_principalAndrew Bartlett2-1/+2
This isn't used often, but it is generally better not to leak it onto what may be a longer-term context. Andrew Bartlett
2010-04-08pynet: Create a net class.Jelmer Vernooij3-10/+22
2010-04-06s4:auth/ntlm/auth_developer.c - "fixed_challenge_get_challenge" - fix the ↵Matthias Dieter Wallnöfer1-5/+2
assignment of the challenge This is a string buffer and not a DATA_BLOB.
2010-04-06s4-python: Move set_session_info to PySambaLdb.Jelmer Vernooij2-2/+2
2010-04-06s4-waf: move to a universal method of recursing into subdirsAndrew Tridgell1-5/+5
This works with both standalone lib builds and bundled builds
2010-04-06s4-waf: removed the AUTOGENERATED markersAndrew Tridgell4-15/+0
we won't be using the mk -> wscript generator again
2010-04-06s4-waf: more dependencies on tallocAndrew Tridgell2-1/+3
these are needed so we can support a system talloc without using the bundled talloc.h
2010-04-06s4-waf: fixed some deps now we don't auto-include tevent and replaceAndrew Tridgell1-1/+1
this is preparation for being able to use system versions of these libraries
2010-04-06s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell7-0/+14
them
2010-04-06s4-waf: enable the pc_files in the build rulesAndrew Tridgell1-1/+1
2010-04-06s4-waf: install the rest of the headersAndrew Tridgell1-0/+1
2010-04-06s4-waf: remove the need for some of the lib aliasesAndrew Tridgell1-1/+1
2010-04-06build: check libc first for several librariesAndrew Tridgell1-1/+1
2010-04-06build: fixed the build without sasl librariesAndrew Tridgell2-4/+5
We need to only enable the cyrus_sasl module if we have sasl/sasl.h
2010-04-06build: waf quicktest nearly worksAndrew Tridgell4-12/+4
Rewrote wafsamba using a new dependency handling system, and started adding the waf test code
2010-04-06build: commit all the waf build files in the treeAndrew Tridgell6-0/+223
2010-04-06build: check for libsasl2Andrew Tridgell1-0/+4
2010-04-06build: check for pamAndrew Tridgell1-0/+2
2010-04-05Revert "s4:gensec_gssapi.c - make sure that "GSS_C_DELEG_POLICY_FLAG" is ↵Matthias Dieter Wallnöfer1-5/+0
available" This reverts commit 3e091a82167f51b7d9abf00755bede9354932c6b. This should be fixed through the new build system when it lands in "master".
2010-04-04s4-python: Remove convenience macro PyErr_SetStringError.Jelmer Vernooij1-1/+1
This macro assumed that all errors were runtime errors.
2010-03-30s4:gensec_gssapi.c - make sure that "GSS_C_DELEG_POLICY_FLAG" is availableMatthias Dieter Wallnöfer1-0/+5
FreeBSD 7.2 needs this.
2010-03-29pytalloc: allow for using a system libtalloc-dev with pytallocAndrew Tridgell3-3/+3
When we have a system talloc library, we still need to grab pytalloc.h from lib/talloc. We don't want to just use -Ilib/talloc, as otherwise we'll get the in-tree talloc.h which may not be compatible with the system talloc.h So we need to give the path to pytalloc.h
2010-03-26s4:auth/credentials/credentials.c - initialise more contentMatthias Dieter Wallnöfer1-0/+3
Now all data should be initialised
2010-03-26libutil: moved the networking defines to util_net.hAndrew Tridgell2-0/+2
These were causing thousands of warnings on solaris8
2010-03-24s4:ntlmssp: move sign/seal states to a private ntlmssp_crypt_state unionStefan Metzmacher2-76/+63
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: make use of dump_arc4_state()Stefan Metzmacher1-8/+7
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: copy dump_arc4_state() from source3Stefan Metzmacher1-0/+6
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: avoid usage of calc_ntlmv2_key_talloc()Stefan Metzmacher2-29/+10
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: make use of calc_ntlmv2_key() for seal keysStefan Metzmacher1-15/+16
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: add calc_ntlmv2_key() from source3Stefan Metzmacher1-0/+11
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: rename calc_ntlmv2_key => calc_ntlmv2_key_tallocStefan Metzmacher1-5/+5
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: inline ntlmssp_weakend_keys()Stefan Metzmacher2-54/+41
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: use a 'bool ok' helper variable to make the code more readableStefan Metzmacher1-6/+14
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: fix some formatingStefan Metzmacher1-74/+110
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: move doing_ntlm2 to ntlmssp_server_auth_stateStefan Metzmacher2-4/+3
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: move NTLM2 session_nonce to ntlmssp_server_auth_stateStefan Metzmacher2-8/+7
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: move encrypted_session_key to ntlmssp_server_auth_stateStefan Metzmacher2-29/+19
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: keep a ntlmssp_server_auth_state to transport variables from ↵Stefan Metzmacher1-10/+23
preauth to postauth hooks metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: remove unused server_multiple_authentications feature.Stefan Metzmacher2-14/+1
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: rename gensec_ntlmssp_state => ntlmssp_stateStefan Metzmacher5-352/+352
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>