summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2008-12-23Add missing includes, required for use of gensec by 3rd-partyMatthias Dieter Wallnöfer1-0/+3
applications.
2008-12-22s4: Always link in auth, as some of the core infrastructure depends on it.Jelmer Vernooij1-0/+1
2008-12-22Add header for pyparam.Jelmer Vernooij2-7/+2
2008-12-21Fix various Python-related bugs.Jelmer Vernooij1-1/+1
2008-12-21Include errors.i verbatim in security.i, as it's the only file still using it.Jelmer Vernooij1-4/+2
2008-12-21Convert credentials Python module to "manual" C - no SWIG used to generateJelmer Vernooij6-4719/+350
the C code.
2008-12-21Convert auth python module to "plain" C rather than using SWIG.Jelmer Vernooij6-3348/+131
2008-12-18s4:lib/socket: socket_connect_send() and socket_connect_ev() should only ↵Stefan Metzmacher1-2/+1
wrok with addresses metze
2008-12-17s4: fix LIBEVENTS dependencies and use more forward declarationsStefan Metzmacher2-1/+3
We should only include events.h where we really need it and prefer forward declarations of 'struct event_context' metze
2008-12-04s4:kdc: allow a trusted domain to get kerberos ticketsStefan Metzmacher3-7/+11
metze
2008-11-18s3/s4 build: Fix execinfo and sasl build error when the libs/headers are in ↵Tim Prouty1-1/+5
non-standard locations. These configure checks have the correct flags at configure time, so let's pass them through so they are used at compile time.
2008-11-02Fix the build.Jelmer Vernooij3-19/+43
2008-11-02Remove use of global_loadparm for disabled gensec backends.Jelmer Vernooij3-4/+25
2008-11-02Remove another use of global_loadparm.Jelmer Vernooij1-0/+1
Eventually, we should move some of these parameters into a separate struct (perhaps into smb_transport_options?), to avoid the long lists of parameters.
2008-11-02Fix the build.Jelmer Vernooij2-2/+3
2008-11-02Add gensec_settings structure. This wraps loadparm_context for now, butJelmer Vernooij9-77/+98
should in the future only contain some settings required for gensec.
2008-11-02Remove two debug parameters, not used anywhere.Jelmer Vernooij1-6/+2
Andrew, I was pretty sure these could be removed but if not, please let me know.
2008-11-02Remove another use of global_loadparm.Jelmer Vernooij1-0/+1
2008-11-01Remove unused argument iconv_convenience.Jelmer Vernooij4-8/+1
2008-11-01Remove use of lp_*() from ntlm_check.c.Jelmer Vernooij3-16/+18
2008-10-24Remove unused include param/param.h.Jelmer Vernooij3-3/+0
2008-10-24Remove iconv_convenience argument from convert_string{,talloc}() butJelmer Vernooij1-1/+1
make them wrappers around convert_string{,talloc}_convenience().
2008-10-24Eliminate another instance of global_loadparm.Jelmer Vernooij1-0/+2
2008-10-24Remove iconv_convenience parameter from simple string push/pullJelmer Vernooij5-14/+7
functions.
2008-10-20Make sure prototypes are always included, make some functions static andJelmer Vernooij14-16/+14
remove some unused functions.
2008-10-16Create a 'straight paper path' for UTF16 passwords.Andrew Bartlett1-1/+1
This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
2008-10-15Remove unused variable.Jelmer Vernooij1-1/+0
2008-10-12Use common util_file code.Jelmer Vernooij1-1/+1
2008-10-12Use common strlist implementation in Samba 3 and Samba 4.Jelmer Vernooij1-1/+1
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij7-7/+7
2008-10-11Move lib/util from source4 to top-level libutil.Jelmer Vernooij1-1/+1
Conflicts: source4/Makefile
2008-10-11Provide the same set of helper functions for DEBUG in Samba 3 and SambaJelmer Vernooij1-11/+11
4, even though the macros are still different. This makes it possible to use object code compiled with one DEBUG() macro from the other sourceX directory.
2008-10-06s4:gensec: pass down want_features to the spnego backend mechStefan Metzmacher3-1/+24
metze
2008-09-30Merge branch 'master' of ssh://git.samba.org/data/git/sambaAndrew Tridgell1-0/+1
2008-09-30Pass session options around; saves another use of global_loadparm.Jelmer Vernooij1-0/+1
2008-09-29make the schannel creentials persistentAndrew Tridgell1-1/+1
this makes testing with the WSPP test suite much easier over samba restarts
2008-09-24Cosmetic corrections for the KERBEROS libraryMatthias Dieter Wallnöfer1-3/+1
This commit applies some cosmetic corrections for the KERBEROS library.
2008-09-24Kerberos cosmetic changes: Revert a part of the patchMatthias Dieter Wallnöfer1-1/+3
Reverts a part of the patch because it changes the function of the code (suggested by Jelmer).
2008-09-24Cosmetic corrections for the KERBEROS libraryMatthias Dieter Wallnöfer4-15/+13
This commit applies some cosmetic corrections for the KERBEROS library.
2008-09-24Merge branch 'master' of ssh://git.samba.org/data/git/samba into cryptoJelmer Vernooij2-6/+8
2008-09-24Move source4/lib/crypto to lib/crypto.Jelmer Vernooij6-6/+6
2008-09-24Fix nasty bug that would come up only if a client connection to a remoteSimo Sorce2-6/+8
ldap server suddenly dies. We were creating a wrong talloc hierarchy, so the event.fde was not freed automatically as expected. This in turn made the event system call the ldap io handlers with a null packet structure, causing a segfault. Fix also the ordering in ldap_connection_dead() Thanks to Metze for the huge help in tracking down this one.
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce1-1/+1
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-09-23gensec_krb5: only give away the session key, when the authentication is doneStefan Metzmacher1-0/+4
metze
2008-09-23gensec_gssapi: only give away the session key, when the authentication is doneStefan Metzmacher1-4/+5
metze
2008-09-23ntlmssp: only give away the session key, when the authentication is doneStefan Metzmacher1-0/+4
metze
2008-09-19NTLMSSP Server: Correctly fills in the DNS server name and server domainMatthias Dieter Wallnöfer1-21/+17
Don't rely on "get*" system calls but rather on SAMBA "lp_*" calls. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-09-18Generate with 1.3.36.Jelmer Vernooij4-27/+38
2008-09-03Implement NETLOGON PAC verfication on the server-sideAndrew Bartlett1-5/+5
This is implemented by means of a message to the KDC, to avoid having to link most of the KDC into netlogon. Andrew Bartlett (This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)
2008-08-28Heimdal provides Kerberos PAC parsing routines. Use them.Andrew Bartlett4-89/+170
This uses Heimdal's PAC parsing code in the: - LOCAL-PAC test - gensec_gssapi server - KDC (where is was already used, the support code refactored from here) In addition, the service and KDC checksums are recorded in the struct auth_serversupplied_info, allowing them to be extracted for validation across NETLOGON. Andrew Bartlett (This used to be commit 418b440a7b8cdb53035045f3981d47b078be6c1e)