Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-07-08 | s4:auth/ntlmssp: let _unwrap fallback to seal if sign only doesn't work | Stefan Metzmacher | 1 | -6/+57 | |
s4:auth/ntlmssp: let _unwrap fallback to seal if sign only doesn't work Windows always uses SEAL with NTLMSSP on LDAP connection even if not negotiated. metze | |||||
2009-07-07 | s4:auth It is easier to copy the session key than get talloc right. | Andrew Bartlett | 1 | -4/+3 | |
The session keys as supplied already have a reference on them, so stealing them creates challenges. For 16 bytes, it is just easier to be consistant and copy them. Andrew Bartlett | |||||
2009-07-01 | gensec_start now steals the auth_context | Andrew Tridgell | 1 | -1/+3 | |
2009-07-01 | another case that should use py_talloc_reference | Andrew Tridgell | 1 | -1/+1 | |
2009-07-01 | removed a redundent talloc_steal | Andrew Tridgell | 1 | -2/+0 | |
2009-07-01 | fixed the use of talloc_steal in ntlmssp_server | Andrew Tridgell | 1 | -3/+2 | |
The previous use of talloc_steal could cause a steal of a pointer that had references. This ensures that doesn't happen | |||||
2009-06-30 | Rework the kerberos-notes.txt in order and format | Don Davis | 1 | -0/+803 | |
This reworks the notes file to be less stream-of-consciousness and more task for porting, with a very particular focus on a potential port of Samba4 to use MIT Kerberos. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2009-06-25 | s4 auth_winbind: Internally, info3 has utf8 buffers, not utf16 buffers. | Kai Blin | 1 | -63/+16 | |
Thanks to gd for the catch. | |||||
2009-06-25 | s4 auth_winbind: Don't allocate the rids for the info3 structure within the loop | Kai Blin | 1 | -4/+4 | |
2009-06-25 | s4: Add libwbclient backend to auth_winbind | Kai Blin | 2 | -1/+216 | |
2009-06-19 | Fixed some uninitialised variables | Matthias Dieter Wallnöfer | 1 | -5/+1 | |
I tried hard to not change the program logic. Should fix bug #6439. | |||||
2009-06-18 | Remove unused variable | Andrew Bartlett | 1 | -3/+0 | |
2009-06-18 | s4:kdc Allow a password change when the password is expired | Andrew Bartlett | 3 | -7/+9 | |
This requires a rework on Heimdal's windc plugin layer, as we want full control over what tickets Heimdal will issue. (In particular, in case our requirements become more complex in future). The original problem was that Heimdal's check would permit the ticket, but Samba would then deny it, not knowing it was for kadmin/changepw Also (in hdb-samba4) be a bit more careful on what entries we will make the 'change_pw' service mark that this depends on. Andrew Bartlett | |||||
2009-06-18 | s4:gensec Print GSSAPI error message when unable to find PAC | Andrew Bartlett | 1 | -1/+3 | |
2009-06-17 | pycredentials: Raise MemoryError when unable to create objects. | Jelmer Vernooij | 1 | -1/+6 | |
2009-06-17 | pycredentials: Fix memory leak. | Jelmer Vernooij | 1 | -1/+7 | |
2009-06-12 | s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵ | Andrew Bartlett | 6 | -15/+27 | |
904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett | |||||
2009-06-10 | Clarify and expand the Kerberos notes made by Andrew Bartlett in 2005 | Donald T. Davis | 1 | -154/+448 | |
Compiled with Andrew over a series of phone calls and gobby sessions, with the aim of documenting Kerberos requirements for Samba to us an alternate (ie, MIT) Kerberos library. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2009-06-10 | Remove copy of kerberos-notes.txt added in incorrect location | Andrew Bartlett | 1 | -760/+0 | |
2009-06-10 | Clarify and expand the Kerberos notes made by Andrew Bartlett in 2005 | Donald T. Davis | 1 | -0/+760 | |
Compiled with Andrew over a series of phone calls and gobby sessions with Andrew, with the aim of documenting Kerberos requirements for Samba to us an alternate (ie, MIT) Kerberos library. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2009-06-04 | changed the auth path to use extended DN ops to avoid non-indexed searches | Andrew Tridgell | 2 | -65/+66 | |
Logs showed that every SAM authentication was causing a non-indexed ldb search for member=XXX. This was previously indexed in Samba4, but since we switched to using the indexes from the full AD schema it now isn't. The fix is to use the extended DN operations to allow us to ask the server for the memberOf attribute instead, with with the SIDs attached to the result. This also means one less search on every authentication. The patch is made more complex by the fact that some common routines use the result of these user searches, so we had to update all searches that uses user_attrs and those common routines to make sure they all returned a ldb_message with a memberOf filled in and the SIDs attached. | |||||
2009-06-02 | Fix more unresolved symbols. | Jelmer Vernooij | 2 | -10/+1 | |
2009-06-02 | python: Move helper functions for using param into a separate file rather | Jelmer Vernooij | 2 | -2/+2 | |
than linking against the python module. | |||||
2009-06-02 | Fix dependencies when using shared libraries. | Jelmer Vernooij | 2 | -1/+2 | |
2009-05-26 | use domain_dn not ncname | Andrew Tridgell | 1 | -3/+2 | |
fixed up from previous patch that removed the use of crossref records | |||||
2009-05-26 | Don't use crossRef records to find our own domain | Andrew Bartlett | 3 | -154/+47 | |
A single AD server can only host a single domain, so don't stuff about with looking up our crossRef record in the cn=Partitions container. We instead trust that lp_realm() and lp_workgroup() works correctly. Andrew Bartlett | |||||
2009-05-25 | fixed interpretation of ACB_PWNOTREQ | Andrew Tridgell | 1 | -14/+0 | |
This bit actually means that we should ignore the minimum password length field for this user. It doesn't mean that the password should be seen as empty | |||||
2009-04-19 | Remove unused headers | Andrew Bartlett | 4 | -9/+2 | |
2009-04-16 | Fix Samba4 build errors with common libcli/samsync | Andrew Bartlett | 5 | -6/+5 | |
2009-04-14 | Rework to use new API for common netlogon credential chaining | Andrew Bartlett | 1 | -1/+1 | |
2009-04-14 | Rework Samba4 to use the new common libcli/auth code | Andrew Bartlett | 6 | -23/+31 | |
In particular, this is the rename from creds_ to netlogon_creds_, as well as other links to use the new common crypto. Andrew Bartlett | |||||
2009-04-14 | Push schannel_state.c into the top level. | Andrew Bartlett | 2 | -284/+1 | |
This is the server side state for netlogon credential chaining Andrew Bartlett | |||||
2009-04-14 | Port Samba4 to the new combined libcli/auth functions | Andrew Bartlett | 2 | -6/+1 | |
For example, some of the new shared functionality was previously in the wkssvc torture test. Andrew Bartlett | |||||
2009-04-14 | Move ntlm_check.h into the common libcli/auth | Andrew Bartlett | 1 | -76/+0 | |
2009-04-14 | Move MSRPC-PARSE into the common libcli/auth | Andrew Bartlett | 2 | -374/+0 | |
This is a depenceny of smbencrypt.c | |||||
2009-04-14 | Move libcli/auth to the top level | Andrew Bartlett | 1 | -603/+0 | |
2009-03-26 | Merge branch 'master' of git://git.samba.org/samba | Jelmer Vernooij | 2 | -5/+2 | |
2009-03-26 | s4:auth/credentials: use krb5_data_free() | Stefan Metzmacher | 1 | -5/+1 | |
metze | |||||
2009-03-26 | s4:auth/credentials: include gssapi/gssapi_krb5.h | Stefan Metzmacher | 1 | -0/+1 | |
metze | |||||
2009-03-15 | Strip /usr/include from include flags, so we don't end up including | Jelmer Vernooij | 1 | -0/+2 | |
the system tevent if it's too old. | |||||
2009-03-15 | Remove -L/usr/lib from a couple more make variables. | Jelmer Vernooij | 1 | -0/+1 | |
2009-03-01 | Use common header file for character set handling in Samba 3 and Samba 4. | Jelmer Vernooij | 1 | -16/+20 | |
2009-03-01 | s4: Use same function signature for convert_* as s3. | Jelmer Vernooij | 1 | -1/+1 | |
2009-03-01 | Add allow_badcharcnv argument to all conversion function, for | Jelmer Vernooij | 1 | -1/+1 | |
consistency with Samba 3. | |||||
2009-02-13 | Push sam_get_server_info_principal into the auth subsystem | Andrew Bartlett | 8 | -63/+122 | |
This means it must be accessed via the supplied auth_context in the GENSEC server, and should remove the hard depenceny of GENSEC on the auth subsystem and ldb (allowing LDB not to rely on LDB is considered a good thing, apparently) Andrew Bartlett | |||||
2009-02-13 | Remove auth/ntlm as a dependency of GENSEC by means of function pointers. | Andrew Bartlett | 10 | -31/+136 | |
When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett | |||||
2009-02-05 | s4:auth/ntlm: fix c++ warning | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2009-02-05 | s4:pyauth: fix compiler warnings | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2009-02-05 | s4:pycredentials: fix compiler warnings | Stefan Metzmacher | 2 | -26/+25 | |
metze | |||||
2009-02-02 | s4:auth/credentials: the python bindings don't use swig anymore | Stefan Metzmacher | 1 | -4/+2 | |
metze |