summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r5137: fix typesStefan Metzmacher2-4/+4
metze (This used to be commit add1c579375d08040f722946da31ee3862f9e7ac)
2007-10-10r4955: fixed a couple of minor memory leaks in the auth_sam codeAndrew Tridgell1-1/+11
(This used to be commit 2eba223bda43a81e7aa795e58e551b0b556ddcfa)
2007-10-10r4758: - added async support to the session request codeAndrew Tridgell1-1/+1
- added async support to the negprot client code - removed two unused parameters from smbcli_full_connection() code - converted smbclient to use smbcli_full_connection() rather than reinventing everything itself (This used to be commit 71cbe2873473e039b4511511302cb63f1c50bce8)
2007-10-10r4620: - add interface functions to the auth subsystem so that callers ↵Stefan Metzmacher9-1361/+1038
doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
2007-10-10r4591: - converted the other _p talloc functions to not need _pAndrew Tridgell1-1/+1
- added #if TALLOC_DEPRECATED around the _p functions - fixes the code that broke from the above while doing this I fixed quite a number of places that were incorrectly using the non type-safe talloc functions to use the type safe ones. Some were even doing multiplies for array allocation, which is potentially unsafe. (This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
2007-10-10r4566: Fix Samba4 to pass it's own RPC-SAMLOGON torture test.Andrew Bartlett1-26/+141
Include RPC-SAMLOGON in the list of tests expected to pass Remove silly extra loops from the RPC-SAMLOGON test, which mostly just slowed htings down. Andrew Bartlett (This used to be commit 518ca9fb695b0f9d480122a74a2159f7f17a3219)
2007-10-10r4499: Almost make our Samba4 server pass the RPC-SAMLOGON torture test.Andrew Bartlett1-42/+63
I just need to fix a couple of NTLMv2 issues before we can fully pass, and put this in test_rpc.sh, as a 'should pass' test. Andrew Bartlett (This used to be commit 4b52409e385366d87724bb79f4fad4803e8ecfec)
2007-10-10r4419: move security_token stuff to the libcli/security/Stefan Metzmacher1-116/+16
and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2007-10-10r4339: - rename auth_guest to auth_anonymousStefan Metzmacher3-62/+68
- don't use static const strings in the server_info - fix segfault when auth_sam gets "" as username metze (This used to be commit 7fcbd483d4977cf6483f34ddd28e6c0182897ba2)
2007-10-10r4151: added privilege attribute handling on samdb.Andrew Tridgell1-0/+8
pvfs will now honor some privileges on ACLs, and it will be quite easy to add the checks for more privileges in the necessary places, by making calls to sec_privilege_check(). (This used to be commit 3549039d0fbc54f87ae679e7288b82b28713e487)
2007-10-10r4147: converted from NT_USER_TOKEN to struct security_tokenAndrew Tridgell2-79/+58
this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
2007-10-10r4072: - changed the names of some of the well known sids to be more consistentAndrew Tridgell1-3/+3
- added string constants for the important privileges. (This used to be commit d5bc706140faf2d0a917f90f87884cd097e8a48c)
2007-10-10r4055: fixed more places to use type safe allocation macrosAndrew Tridgell1-5/+5
(This used to be commit eec698254f67365f27b4b7569fa982e22472aca1)
2007-10-10r4052: fixed a bunch of code to use the type safe _p allocation macrosAndrew Tridgell1-2/+3
(This used to be commit 80d15fa3402a9d1183467463f6b21c0b674bc442)
2007-10-10r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 ↵Andrew Tridgell1-16/+18
in my compile (This used to be commit 0928b1f5b68c858922c3ea6c27ed03b5091c6221)
2007-10-10r4000: DATA_BLOB.data is uint8_t * not void * :-)Stefan Metzmacher1-1/+1
(thanks abartlet for telling me) metze (This used to be commit 2783bf393f6310f9d827538329d619dad5b02dd0)
2007-10-10r3970: fix compiler warningStefan Metzmacher1-1/+1
metze (This used to be commit 1f03d797129c87f231a4f464432475a5c2f91d35)
2007-10-10r3881: Split up the LIBNDR_GEN subsystem into NDR_* and RPC_NDR_* subsystems.Jelmer Vernooij1-1/+2
This reduces the total size of the samba binaries from 119 Mb to 73 Mb. Next step will be to have the build system obtain some of this information by itself, so that we don't have to write ~10 lines per interface manually. (This used to be commit 16d905f6b0cbec591eebc44ee2ac9516a5730378)
2007-10-10r3876: fix compiler warningsStefan Metzmacher1-2/+2
metze (This used to be commit 9ad3837dbad6dbf5ee0122be2bbffac325ece9be)
2007-10-10r3810: create a LIB_SECURITY subsystemStefan Metzmacher1-1/+2
- move dom_sid, security_descriptor, security_* funtions to one place and rename some of them metze (This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)
2007-10-10r3783: - don't use make proto for ldb anymoreStefan Metzmacher1-0/+1
- split ldh.h out of samba's includes.h - make ldb_context and ldb_module private to the subsystem - use ltdb_ prefix for all ldb_tdb functions metze (This used to be commit f5ee40d6ce8224e280070975efc9911558fe675c)
2007-10-10r3744: Support building subsystems as a shared library. Modules don't work yet,Jelmer Vernooij1-0/+1
so while this does compile, it does not work yet. (This used to be commit 3d885562c9f83d60c5d4957b067e35387dfa50dd)
2007-10-10r3737: - Get rid of the register_subsystem() and register_backend() functions.Jelmer Vernooij5-26/+7
- Re-disable tdbtool (it was building fine on my Debian box but other machines were having problems) (This used to be commit 0d7bb2c40b7a9ed59df3f8944133ea562697e814)
2007-10-10r3733: More build system fixes/features:Jelmer Vernooij2-7/+3
- Use .mk files directly (no need for a SMB_*_MK() macro when adding a new SUBSYSTEM, MODULE or BINARY). This allows addition of new modules and subsystems without running configure - Add support for generating .dot files with the Samba4 dependency tree (as used by the graphviz and springgraph utilities) (This used to be commit 64826da834e26ee0488674e27a0eae36491ee179)
2007-10-10r3599: fixed a couple of memory errors in the rpc netlogon serverAndrew Tridgell1-0/+7
(found with valgrind) (This used to be commit 151dd4593d30c703b70099cd240784134fdb4e0f)
2007-10-10r3586: Fix some of the issues with the module init functions.Jelmer Vernooij2-14/+9
Both subsystems and modules can now have init functions, which can be specified in .mk files (INIT_FUNCTION = ...) The build system will define : - SUBSYSTEM_init_static_modules that calls the init functions of all statically compiled modules. Failing to load will generate an error which is not fatal - BINARY_init_subsystems that calls the init functions (if defined) for the subsystems the binary depends on This removes the hack with the "static bool Initialised = " and the "lazy_init" functions (This used to be commit 7a8244761bfdfdfb48f8264d76951ebdfbf7bd8a)
2007-10-10r3571: rough guesses at what abartlet really wanted to do in his last commitAndrew Tridgell1-0/+1
(which I suspect was missing some pieces) this at least fixes the build so i can keep going on pvfs. Please review/fix Andrew. (This used to be commit bffd18d09df04c1e492ef12f744ff4b6c561d53c)
2007-10-10r3555: Fix auth_winbind to work with the new auth_util conversion code.Andrew Bartlett1-8/+10
Andrew Bartlett (This used to be commit 3215f1c6ce9ec27affa8a7a6f440ef26ad878eae)
2007-10-10r3554: Use the new talloc_reference changes to simply the conversion ofAndrew Bartlett1-61/+80
returned validation information into the server_info struct. Also allow for easier expansion to different variations on validation levels. Andrew Bartlett (This used to be commit 316b74029cf3e10cf14cffe8ce326a97ef3aec35)
2007-10-10r3476: fixed some const warningsAndrew Tridgell1-1/+2
(This used to be commit 7dc58dc01e19b342df76dcc14ee28ff37a8f9ace)
2007-10-10r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ↵Andrew Tridgell1-0/+1
ioctl.h) (This used to be commit b97e395c814762024336c1cf4d7c25be8da5813a)
2007-10-10r3462: separate out the crypto includesAndrew Tridgell1-0/+1
(This used to be commit 3f75117db921e493bb77a5dc14b8ce91a6288f30)
2007-10-10r3453: - split out the auth and popt includesAndrew Tridgell6-0/+10
- tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
2007-10-10r3449: more include file reductionAndrew Tridgell1-0/+1
the ldb part isn't ideal, I will have to think of a better solution (This used to be commit 6b1f86aea8427a8e957b1aeb0ec2f507297f07cb)
2007-10-10r3447: more include/system/XXX.h include filesAndrew Tridgell2-0/+2
(This used to be commit 264ce9181089922547e8f6f67116f2d7277a5105)
2007-10-10r3443: the next stage in the include files re-organisation.Andrew Tridgell2-7/+7
I have created the include/system/ directory, which will contain the wrappers for the system includes for logical subsystems. So far I have created include/system/kerberos.h and include/system/network.h, which contain all the system includes for kerberos code and networking code. These are the included in subsystems that need kerberos or networking respectively. Note that this method avoids the mess of #ifdef HAVE_XXX_H in every C file, instead each C module includes the include/system/XXX.h file for the logical system support it needs, and the details are kept isolated in include/system/ This patch also creates a "struct ipv4_addr" which replaces "struct in_addr" in our code. That avoids every C file needing to import all the system networking headers. (This used to be commit 2e25c71853f8996f73755277e448e7d670810349)
2007-10-10r3428: switched to using minimal includes for the auto-generated RPC code.Andrew Tridgell3-0/+4
The thing that finally convinced me that minimal includes was worth pursuing for rpc was a compiler (tcc) that failed to build Samba due to reaching internal limits of the size of include files. Also the fact that includes.h.gch was 16MB, which really seems excessive. This patch brings it back to 12M, which is still too large, but better. Note that this patch speeds up compile times for both the pch and non-pch case. This change also includes the addition iof a "depends()" option in our IDL files, allowing you to specify that one IDL file depends on another. This capability was needed for the auto-includes generation. (This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
2007-10-10r3361: Allow Samba4 (I'm interested in ntlm_auth in particular) to useAndrew Bartlett4-10/+163
Samba3's winbind. This is also the start of domain membership code in Samba4, as we now (partially) parse the info3, and use it like Samba3 does. Andrew Bartlett (This used to be commit c1b7303c1c7d9fb815006c3bd2af20a0010d15a8)
2007-10-10r3278: - rewrote the client side rpc connection code to use lib/socket/Andrew Tridgell1-1/+1
rather than doing everything itself. This greatly simplifies the code, although I really don't like the socket_recv() interface (it always allocates memory for you, which means an extra memcpy in this code) - fixed several bugs in the socket_ipv4.c code, in particular client side code used a non-blocking connect but didn't handle EINPROGRESS, so it had no chance of working. Also fixed the error codes, using map_nt_error_from_unix() - cleaned up and expanded map_nt_error_from_unix() - changed interpret_addr2() to not take a mem_ctx. It makes absolutely no sense to allocate a fixed size 4 byte structure like this. Dozens of places in the code were also using interpret_addr2() incorrectly (precisely because the allocation made no sense) (This used to be commit 7f2c771b0e0e98c5c9e5cf662592d64d34ff1205)
2007-10-10r3269: fixed return valueAndrew Tridgell1-1/+1
(This used to be commit bc392d88b1fa34edfc922f43e190da003160a7d2)
2007-10-10r3190: When we don't have a PAC, do a lookup in the local ldb instead.Andrew Bartlett1-118/+245
This required reworking the auth_sam code, so that it would export the 'name -> server_info' functionality. It's a bit ugly from a modular point of view, but it's what we have to do... Fix up some of the code to better use the new talloc() Andrew Bartlett (This used to be commit 18e08b4497ebabc2f31210254e145458b7c6a198)
2007-10-10r3186: Use the properties of the new talloc() system to handle the authAndrew Bartlett1-9/+5
session info and server info structures. Andrew Bartlett (This used to be commit 5bdf391b3bc10291739f5640be9a404dbbeda273)
2007-10-10r3170: Add winbind client support back into Samba4. This is to allowAndrew Bartlett3-37/+41
auth_winbind to work, and to therefore use the new ntlm_auth and GENSEC in an otherwise Samba3 setup. I'm not quite sure what fun-and games my svn cp caused as I merged this from samba_3_0, but anyway... Andrew Bartlett (This used to be commit 5925b94a59da406d7e6b8cc695c99ba112fdfcd6)
2007-10-10r2857: this commit gets rid of smb_ucs2_t, wpstring and fpstring, plus lots ↵Andrew Tridgell1-0/+24
of associated functions. The motivation for this change was to avoid having to convert to/from ucs2 strings for so many operations. Doing that was slow, used many static buffers, and was also incorrect as it didn't cope properly with unicode codepoints above 65536 (which could not be represented correctly as smb_ucs2_t chars) The two core functions that allowed this change are next_codepoint() and push_codepoint(). These functions allow you to correctly walk a arbitrary multi-byte string a character at a time without converting the whole string to ucs2. While doing this cleanup I also fixed several ucs2 string handling bugs. See the commit for details. The following code (which counts the number of occuraces of 'c' in a string) shows how to use the new interface: size_t count_chars(const char *s, char c) { size_t count = 0; while (*s) { size_t size; codepoint_t c2 = next_codepoint(s, &size); if (c2 == c) count++; s += size; } return count; } (This used to be commit 814881f0e50019196b3aa9fbe4aeadbb98172040)
2007-10-10r2856: fixed a minor memory leak in the auth codeAndrew Tridgell1-50/+61
(This used to be commit 1b3c7d9cfa250d917a7fb96b315da9ed7d7a91d6)
2007-10-10r2798: get rid of a unnecessary staticAndrew Tridgell1-3/+5
(This used to be commit c3dfa7e8287811b4f54d58b45f5093521886b17e)
2007-10-10r2793: fixed the handling of primaryGroupID in auth_sam. There were two bugs,Andrew Tridgell1-2/+12
the first was it didn't pass primaryGroupID as an attributed it wanted, the second was it didn't cope with primaryGroupID not being present. (This used to be commit 8373bfcdeca13dcdce3081af420d8bb7d842ad18)
2007-10-10r2710: continue with the new style of providing a parent context wheneverAndrew Tridgell1-1/+1
possible to a structure creation routine. This makes for much easier global cleanup. (This used to be commit e14ee428ec357fab76a960387a9820a673786e27)
2007-10-10r2674: I have realised that talloc() should have its context marked const, asAndrew Tridgell1-2/+2
a const pointer really means that "the data pointed to by this pointer won't change", and that is certainly true of talloc(). The fact that some behind-the-scenes meta-data can change doesn't matter from the point of view of const. this fixes a number of const warnings caused by const data structures being passed as talloc contexts. That will no longer generate a warning. also changed the talloc leak reporting option from --leak-check to --leak-report, as all it does is generate a report on exit. A new --leak-report-full option has been added that shows the complete tree of memory allocations, which is is quite useful in tracking things down. NOTE: I find it quite useful to insert talloc_report_full(ptr, stderr) calls at strategic points in the code while debugging memory allocation problems, particularly before freeing a major context (such as the connection context). This allows you to see if that context has been accumulating too much data, such as per-request data, which should have been freed when the request finished. (This used to be commit c60ff99c3129c26a9204bac1c6e5fb386114a923)
2007-10-10r2669: convert make_user_info() and associated functions from malloc to tallocAndrew Tridgell1-50/+59
(This used to be commit 278cef77f083c002d17ecbbe18c20825a380eda3)