summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r24814: Fix headers, trim core.h even more.Jelmer Vernooij1-2/+0
(This used to be commit 9647f860bdd5c0a74583e886182bd041a45e7655)
2007-10-10r24780: More work allowing libutil to be used by external users.Jelmer Vernooij1-8/+11
(This used to be commit 31993cf67b816a184a4a4e92ef8ca2532c797190)
2007-10-10r24730: Allow secrets entries to be for service principals.Andrew Bartlett1-6/+11
Andrew Bartlett (This used to be commit 7865d10a299a84ed42de4435b7e6400d56161ac5)
2007-10-10r24712: No longer expose the 'BOOL' data type in any interfaces.Jelmer Vernooij6-21/+21
(This used to be commit 1ce32673d960c8b05b6c1b1b99e1976a402417ae)
2007-10-10r24504: Try to return more useful error information on why a bind failed.Andrew Bartlett1-0/+5
Note that the correct return for a failed alter_context is a fault, not a bind_nak. Andrew Bartlett (This used to be commit 52cce94532edf1dd7f26e39bf3377f0077ea6792)
2007-10-10r24282: Try to fix the occasional Samba4 crash in BASE-BENCH-READWRITE, asAndrew Bartlett2-5/+10
seen in particular on opi. This looked like a Heimdal problem, but I think it was simply that we didn't do a talloc_reference() to keep tabs on the memory we were using, and in between obtaining the pointer and using it, it was assigned to unrelated memory. Andrew Bartlett (This used to be commit a650ad8b37d58ba64458a33313714d1abfc4850b)
2007-10-10r24074: Test both permitted logon hours and permitted workstations in theAndrew Bartlett1-2/+1
RPC-SAMLOGON test. This showed that, as noted by bug #4823, we didn't test for invalid workstations. In fact, the code had been ported across, but because untested code is broken code, it never worked... Andrew Bartlett (This used to be commit 5e07417ada56d189a911ef888b0c87adebe60763)
2007-10-10r24061: Anther part of bug #4823, which is that until now Samba4 didn't parseAndrew Bartlett2-1/+69
the logon hours, even if set. This code happily stolen from the great work in Samba3 :-) Andrew Bartlett (This used to be commit a4939ab629e0af0615bcecf63c7cd55e6e833505)
2007-10-10r23810: Make things static, and remove unsued code.Andrew Bartlett1-96/+0
This includes some of the original ildap ldap client API. ldb provides a much easier abstraction on this to use, and doesn't use these functions. Andrew Bartlett (This used to be commit dc27a7e41c297472675e8c251bb14327a1af3902)
2007-10-10r23801: The FSF has moved around a lot. This fixes their Mass Ave address.Andrew Tridgell1-2/+1
(This used to be commit 5c9b19271e0e3ad897499707003ce4703ffa4870)
2007-10-10r23798: updated old Temple Place FSF addresses to new URLAndrew Tridgell1-2/+1
(This used to be commit 40c0919aaa9c1b14bbaebb95ecce53eb0380fdbb)
2007-10-10r23795: more v2->v3 conversionAndrew Tridgell2-2/+2
(This used to be commit 84b468b2f8f2dffda89593f816e8bc6a8b6d42ac)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell46-138/+92
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23680: Make it easier to setup a domain member server - the 'server role'Andrew Bartlett3-6/+31
will now control the auth methods, but an override is still available, ex: auth methods:domain controller = <methods> Andrew Bartlett (This used to be commit b7e727186ed8eda6a68c873e089f655dc24fe8ae)
2007-10-10r23455: These buffers may not be null terminated. Ensure we don't run past theAndrew Bartlett1-1/+12
end of teh buffer printing the error strings. Andrew Bartlett (This used to be commit 37e7070ca92e2f48fa02f7fd6736e5b26520f559)
2007-10-10r23311: Updating the samba4 winbind protocol to version 18.Kai Blin1-10/+10
nsswitch/winbindd_nss.h is just copied from SAMBA_3_0. nsswitch/winbind_nss_config.h is copied from SAMBA_3_0, too, but I had to drop some of the defines to make things build again. Kai (This used to be commit 553b7e146f52975b45941ba850140e312a280513)
2007-10-10r23136: Set the event context onto the credentials in more places.Andrew Bartlett1-0/+1
This helps ensure that the kerberos code uses the right event context. Andrew Bartlett (This used to be commit cbdce358ae8f86c9b76a50537b931e56b07ee213)
2007-10-10r23132: Resolve an issue where we would use the ccache after we free()ed it.Andrew Bartlett2-31/+64
The problem was, we would set the ccache, then invalidate it as we set details from it (like the principal name from the ccache). Instead, set the ccache onto the credentials structure after we are done processing it. Andrew Bartlett (This used to be commit d285bd927c604d930fc44cc84ef3321aa4ce9d9a)
2007-10-10r23063: Make sure to invalidate the ccache when we set aAndrew Bartlett3-6/+70
username/password/realm/etc from the command line. Also make sure it can't 'come back' from a later call to cli_credentials_guess(), buy setting a threshold. This should fix the issues with the build farm... Andrew Bartlett (This used to be commit 3b1dfb9306beb9f40d85d38cf6786ef161ec63f1)
2007-10-10r23036: error checking on asn1_init() failureAndrew Tridgell2-2/+22
(This used to be commit 26cf8494084c0106ef0e1c9b6ef40eeadf945ef2)
2007-10-10r23034: Thanks to metze for providing some vital clues in the 'kerberos ccacheAndrew Bartlett1-2/+6
on credentials don't do anything' bug. The problem was simple, we didn't set the ccache as having been initialised, so we always created a new one. Andrew Bartlett (This used to be commit ec2014f08b0845bc8aa0e8e6713bc4b21f430811)
2007-10-10r23030: finally fixed up our asn1 code to use better memory allocation. ThisAndrew Tridgell3-75/+68
should allow us to fix some long standing memory leaks. (This used to be commit 3db49c2ec9968221c1361785b94061046ecd159d)
2007-10-10r22990: free temporary memory also on success...Stefan Metzmacher1-0/+1
metze (This used to be commit 876a6ef4857a73987d1eba127161993cf07a613b)
2007-10-10r22987: Clarify how the events are handled in the kerberos code, andAndrew Bartlett1-7/+17
standardise with the rest of the code. Andrew Bartlett (This used to be commit 3aa9d70723d4377d29e33281b640499193b06c69)
2007-10-10r22969: fix some more places where we could end up with more than one eventAndrew Tridgell6-4/+31
context. We now have an event context on the torture_context, and we can also get one from the cli_credentials structure (This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
2007-10-10r22967: Move to the TCP packet interface for the krb5_send_to_kdc plugin.Andrew Bartlett1-108/+95
This replaces a lump of hand-crafted code with the generic packet system used in the rest of Samba4. (I started this while chasing down the epoll bug, which turned out to be seperate) (This used to be commit 2a7dec4e5dc453f509493f80fc1270416f30a36e)
2007-10-10r22966: Make sure to return LOGON_FAILURE if the user's kerberos password isAndrew Bartlett3-6/+15
incorrect. Andrew Bartlett (This used to be commit 9dc6f36e43170bc5bf4f94d893b5a3689460d237)
2007-10-10r22961: use EVENT_FD_AUTOCLOSE and SOCKET_FLAG_NOCLOSE to fix up some hairyAndrew Tridgell1-1/+4
problems with order of socket closing in krb5 (This used to be commit 46a7d83c2b49798c6c5389c13ec2b9785c47b85b)
2007-10-10r22748: fix memleaks by passing an mem_ctx toStefan Metzmacher1-4/+4
irpc_servers_byname() metze (This used to be commit b54584dfabee77ec7743cab431bda9765057a295)
2007-10-10r22635: make it possible to not turn off dns canonicalization of hostnamesStefan Metzmacher2-2/+3
with krb5:set_dns_canonicalize=yes needed for the drsuapi replication, but we should fix this with a kdc locator plugin ... metze (This used to be commit f0a12355bcfab47663e62f3d8ae820815210cdc5)
2007-10-10r22627: fix crash msgs_tmp isn't always initializedStefan Metzmacher1-1/+1
and we don't need an extra allocated string anyway metze (This used to be commit 44c27b2fe6f130332d9f7c6bdd901eb025aa3eff)
2007-10-10r22621: fix the 'sam' auth moduleStefan Metzmacher1-33/+18
metze (This used to be commit 255acbb1132891e0316a38f1d4721863bb7a7226)
2007-10-10r22602: s/HAVE_SOCKET_IPV6/HAVE_IPV6/ to match the define used by Heimdal.Jelmer Vernooij1-1/+1
(This used to be commit 5ff665b6531fdb4c7e56c49b7f923546d93b384c)
2007-10-10r22594: This helped coax out valgrind errors last night, but we don't need ↵Andrew Bartlett1-2/+0
it any more. Andrew Bartlett (This used to be commit 367231ea2103b6442ecf8333cb7150dfd98c79f4)
2007-10-10r22582: Cleanups towards making winbind work again. We still have a long ↵Andrew Bartlett1-2/+5
way to go, as this has bitrotted over the past months. This change in particular catches winbind up with the next composite_create() function. We also needed to remove an unused flags field, and fill in the lm response. Andrew Bartlett (This used to be commit bd26e4ffaf1c060fdc3aae28fd4393e83c5a83ea)
2007-10-10r22558: Move to a static list of enctypes to put into our keytab. In future,Andrew Bartlett2-63/+74
I'll allow this to be configured from the secrets.ldb, but it should fix some user issues. Andrew Bartlett (This used to be commit 0fd74ada220fb07d4ebe8c2d9b8ae50a387c2695)
2007-10-10r22404: more dependencies which should be privateStefan Metzmacher3-12/+10
metze (This used to be commit e0e35965d1eaab182941d17da744b70c4234ca52)
2007-10-10r22397: hopefully fix the build on some aix hosts in the build-farmStefan Metzmacher1-1/+1
we need to make sure -Iheimdal/lib/gssapi comes before -I/usr/local/include metze (This used to be commit a6ba465fa8b0a4a0835593526d3f2670736c2c8e)
2007-10-10r22387: see if this fixes the build on the aix1 hostsStefan Metzmacher1-1/+1
metze (This used to be commit fbf1b1bfa015e2126102d8eaf8861d779c21d969)
2007-10-10r22385: remove unused includeStefan Metzmacher1-1/+0
metze (This used to be commit c8a210bc6fa2529944bb1303ba06fe0734bdd23e)
2007-10-10r22294: Lock the delegated credentials to being kerberos only, we just don'tAndrew Bartlett1-0/+6
have the data for anything else. Andrew Bartlett (This used to be commit 9e0c0cd0ff678388436430bb1ba4eb7595cbefbd)
2007-10-10r22293: Try to make it more clear what failed to parse.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 144ab7294d76397a5e6662d344105a0d59c9f423)
2007-10-10r22208: Print the target principal name, to help with kdc unreachable errors.Andrew Bartlett1-7/+4
Andrew Bartlett (This used to be commit bbde5b6a2f85f22110d6840857eaceb6b923c1b4)
2007-10-10r22199: fix typoStefan Metzmacher1-2/+2
metze (This used to be commit 4e8f844be939a6e11a3bece4e7e66534fce00cc0)
2007-10-10r22187: Test kerberos logins in the smbclient blackbox tests, including with aAndrew Bartlett1-0/+4
machine account. Andrew Bartlett (This used to be commit 16a2bb87a80ffb921f267492f453eb3457666315)
2007-10-10r22115: I don't like the DOMAIN environment variable. It really isn't a goodAndrew Bartlett1-4/+0
match for what we are using it for here. Andrew Bartlett (This used to be commit 305d1421efff3f01db1dce499568874965058e79)
2007-10-10r21736: Fix the smbclient test to do something more interesting with the lastAndrew Bartlett3-4/+5
few authentication tests. Now that the tests correctly 'fail', I was able to fix the credentials subsystem to honour USER and PASSWD. To get --machine-pass working, I needed ldb to always load it's static modules, so I put this in ldb_connect(). Andrew Bartlett (This used to be commit 3430d8c072407a1c33c32229095fc9db2142b6fa)
2007-10-10r21668: Add SMB_QFS_POSIX_WHOAMI to trans2.h so it's easy to find. AddJames Peach1-0/+15
convenience API to create an anonymous credential. Don't clobber cmdline_credentials in the UNIX-WHOAMI test. (This used to be commit 73cea4e0c66f57057ed12b07bbb94b4e783ba6bf)
2007-10-10r21451: if kerberos is requested ( -k yes ), we should use authentificated ↵Stefan Metzmacher1-0/+5
connections metze (This used to be commit 426238eb45f0cc41d99961ac554c2528fd8e96f5)
2007-10-10r21434: - get rid of "krb5Key"Stefan Metzmacher1-1/+1
- use "sambaPassword" only as virtual attribute for passing the cleartext password (in unix charset) into the ldb layer - store des-cbc-crc, des-cbc-md5 keys in the Primary:Kerberos blob to match w2k and w2k3 - aes key support is disabled by default, as we don't know exacly how longhorn stores them. use password_hash:create_aes_key=yes to force creation of them. - store the cleartext password in the Primary:CLEARTEXT blob if configured TODO: - find out how longhorn stores aes keys - find out how the Primary:WDigest blob needs to be constructed (not supported by w2k) metze (This used to be commit e20b53f6feaaca2cc81ee7d296ca3ff757ee3953)