summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r3599: fixed a couple of memory errors in the rpc netlogon serverAndrew Tridgell1-0/+7
(found with valgrind) (This used to be commit 151dd4593d30c703b70099cd240784134fdb4e0f)
2007-10-10r3586: Fix some of the issues with the module init functions.Jelmer Vernooij2-14/+9
Both subsystems and modules can now have init functions, which can be specified in .mk files (INIT_FUNCTION = ...) The build system will define : - SUBSYSTEM_init_static_modules that calls the init functions of all statically compiled modules. Failing to load will generate an error which is not fatal - BINARY_init_subsystems that calls the init functions (if defined) for the subsystems the binary depends on This removes the hack with the "static bool Initialised = " and the "lazy_init" functions (This used to be commit 7a8244761bfdfdfb48f8264d76951ebdfbf7bd8a)
2007-10-10r3571: rough guesses at what abartlet really wanted to do in his last commitAndrew Tridgell1-0/+1
(which I suspect was missing some pieces) this at least fixes the build so i can keep going on pvfs. Please review/fix Andrew. (This used to be commit bffd18d09df04c1e492ef12f744ff4b6c561d53c)
2007-10-10r3555: Fix auth_winbind to work with the new auth_util conversion code.Andrew Bartlett1-8/+10
Andrew Bartlett (This used to be commit 3215f1c6ce9ec27affa8a7a6f440ef26ad878eae)
2007-10-10r3554: Use the new talloc_reference changes to simply the conversion ofAndrew Bartlett1-61/+80
returned validation information into the server_info struct. Also allow for easier expansion to different variations on validation levels. Andrew Bartlett (This used to be commit 316b74029cf3e10cf14cffe8ce326a97ef3aec35)
2007-10-10r3476: fixed some const warningsAndrew Tridgell1-1/+2
(This used to be commit 7dc58dc01e19b342df76dcc14ee28ff37a8f9ace)
2007-10-10r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ↵Andrew Tridgell1-0/+1
ioctl.h) (This used to be commit b97e395c814762024336c1cf4d7c25be8da5813a)
2007-10-10r3462: separate out the crypto includesAndrew Tridgell1-0/+1
(This used to be commit 3f75117db921e493bb77a5dc14b8ce91a6288f30)
2007-10-10r3453: - split out the auth and popt includesAndrew Tridgell6-0/+10
- tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
2007-10-10r3449: more include file reductionAndrew Tridgell1-0/+1
the ldb part isn't ideal, I will have to think of a better solution (This used to be commit 6b1f86aea8427a8e957b1aeb0ec2f507297f07cb)
2007-10-10r3447: more include/system/XXX.h include filesAndrew Tridgell2-0/+2
(This used to be commit 264ce9181089922547e8f6f67116f2d7277a5105)
2007-10-10r3443: the next stage in the include files re-organisation.Andrew Tridgell2-7/+7
I have created the include/system/ directory, which will contain the wrappers for the system includes for logical subsystems. So far I have created include/system/kerberos.h and include/system/network.h, which contain all the system includes for kerberos code and networking code. These are the included in subsystems that need kerberos or networking respectively. Note that this method avoids the mess of #ifdef HAVE_XXX_H in every C file, instead each C module includes the include/system/XXX.h file for the logical system support it needs, and the details are kept isolated in include/system/ This patch also creates a "struct ipv4_addr" which replaces "struct in_addr" in our code. That avoids every C file needing to import all the system networking headers. (This used to be commit 2e25c71853f8996f73755277e448e7d670810349)
2007-10-10r3428: switched to using minimal includes for the auto-generated RPC code.Andrew Tridgell3-0/+4
The thing that finally convinced me that minimal includes was worth pursuing for rpc was a compiler (tcc) that failed to build Samba due to reaching internal limits of the size of include files. Also the fact that includes.h.gch was 16MB, which really seems excessive. This patch brings it back to 12M, which is still too large, but better. Note that this patch speeds up compile times for both the pch and non-pch case. This change also includes the addition iof a "depends()" option in our IDL files, allowing you to specify that one IDL file depends on another. This capability was needed for the auto-includes generation. (This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
2007-10-10r3361: Allow Samba4 (I'm interested in ntlm_auth in particular) to useAndrew Bartlett4-10/+163
Samba3's winbind. This is also the start of domain membership code in Samba4, as we now (partially) parse the info3, and use it like Samba3 does. Andrew Bartlett (This used to be commit c1b7303c1c7d9fb815006c3bd2af20a0010d15a8)
2007-10-10r3278: - rewrote the client side rpc connection code to use lib/socket/Andrew Tridgell1-1/+1
rather than doing everything itself. This greatly simplifies the code, although I really don't like the socket_recv() interface (it always allocates memory for you, which means an extra memcpy in this code) - fixed several bugs in the socket_ipv4.c code, in particular client side code used a non-blocking connect but didn't handle EINPROGRESS, so it had no chance of working. Also fixed the error codes, using map_nt_error_from_unix() - cleaned up and expanded map_nt_error_from_unix() - changed interpret_addr2() to not take a mem_ctx. It makes absolutely no sense to allocate a fixed size 4 byte structure like this. Dozens of places in the code were also using interpret_addr2() incorrectly (precisely because the allocation made no sense) (This used to be commit 7f2c771b0e0e98c5c9e5cf662592d64d34ff1205)
2007-10-10r3269: fixed return valueAndrew Tridgell1-1/+1
(This used to be commit bc392d88b1fa34edfc922f43e190da003160a7d2)
2007-10-10r3190: When we don't have a PAC, do a lookup in the local ldb instead.Andrew Bartlett1-118/+245
This required reworking the auth_sam code, so that it would export the 'name -> server_info' functionality. It's a bit ugly from a modular point of view, but it's what we have to do... Fix up some of the code to better use the new talloc() Andrew Bartlett (This used to be commit 18e08b4497ebabc2f31210254e145458b7c6a198)
2007-10-10r3186: Use the properties of the new talloc() system to handle the authAndrew Bartlett1-9/+5
session info and server info structures. Andrew Bartlett (This used to be commit 5bdf391b3bc10291739f5640be9a404dbbeda273)
2007-10-10r3170: Add winbind client support back into Samba4. This is to allowAndrew Bartlett3-37/+41
auth_winbind to work, and to therefore use the new ntlm_auth and GENSEC in an otherwise Samba3 setup. I'm not quite sure what fun-and games my svn cp caused as I merged this from samba_3_0, but anyway... Andrew Bartlett (This used to be commit 5925b94a59da406d7e6b8cc695c99ba112fdfcd6)
2007-10-10r2857: this commit gets rid of smb_ucs2_t, wpstring and fpstring, plus lots ↵Andrew Tridgell1-0/+24
of associated functions. The motivation for this change was to avoid having to convert to/from ucs2 strings for so many operations. Doing that was slow, used many static buffers, and was also incorrect as it didn't cope properly with unicode codepoints above 65536 (which could not be represented correctly as smb_ucs2_t chars) The two core functions that allowed this change are next_codepoint() and push_codepoint(). These functions allow you to correctly walk a arbitrary multi-byte string a character at a time without converting the whole string to ucs2. While doing this cleanup I also fixed several ucs2 string handling bugs. See the commit for details. The following code (which counts the number of occuraces of 'c' in a string) shows how to use the new interface: size_t count_chars(const char *s, char c) { size_t count = 0; while (*s) { size_t size; codepoint_t c2 = next_codepoint(s, &size); if (c2 == c) count++; s += size; } return count; } (This used to be commit 814881f0e50019196b3aa9fbe4aeadbb98172040)
2007-10-10r2856: fixed a minor memory leak in the auth codeAndrew Tridgell1-50/+61
(This used to be commit 1b3c7d9cfa250d917a7fb96b315da9ed7d7a91d6)
2007-10-10r2798: get rid of a unnecessary staticAndrew Tridgell1-3/+5
(This used to be commit c3dfa7e8287811b4f54d58b45f5093521886b17e)
2007-10-10r2793: fixed the handling of primaryGroupID in auth_sam. There were two bugs,Andrew Tridgell1-2/+12
the first was it didn't pass primaryGroupID as an attributed it wanted, the second was it didn't cope with primaryGroupID not being present. (This used to be commit 8373bfcdeca13dcdce3081af420d8bb7d842ad18)
2007-10-10r2710: continue with the new style of providing a parent context wheneverAndrew Tridgell1-1/+1
possible to a structure creation routine. This makes for much easier global cleanup. (This used to be commit e14ee428ec357fab76a960387a9820a673786e27)
2007-10-10r2674: I have realised that talloc() should have its context marked const, asAndrew Tridgell1-2/+2
a const pointer really means that "the data pointed to by this pointer won't change", and that is certainly true of talloc(). The fact that some behind-the-scenes meta-data can change doesn't matter from the point of view of const. this fixes a number of const warnings caused by const data structures being passed as talloc contexts. That will no longer generate a warning. also changed the talloc leak reporting option from --leak-check to --leak-report, as all it does is generate a report on exit. A new --leak-report-full option has been added that shows the complete tree of memory allocations, which is is quite useful in tracking things down. NOTE: I find it quite useful to insert talloc_report_full(ptr, stderr) calls at strategic points in the code while debugging memory allocation problems, particularly before freeing a major context (such as the connection context). This allows you to see if that context has been accumulating too much data, such as per-request data, which should have been freed when the request finished. (This used to be commit c60ff99c3129c26a9204bac1c6e5fb386114a923)
2007-10-10r2669: convert make_user_info() and associated functions from malloc to tallocAndrew Tridgell1-50/+59
(This used to be commit 278cef77f083c002d17ecbbe18c20825a380eda3)
2007-10-10r2654: fixed some more server memory leaks. We are now down to a single leakAndrew Tridgell1-3/+15
of 16 bytes, caused by the 16 byte data_blob in the smb_signing code. (This used to be commit 2f1b788e09686e065d22f621f5c0c585192c6740)
2007-10-10r2650: fixed a memory leak in make_server_info()Andrew Tridgell5-8/+9
(This used to be commit 4aba6e7101041100f7d400abd5e7144b95528fc3)
2007-10-10r2648: - use a destructor on struct server_connection to simplify theAndrew Tridgell3-19/+15
connection termination cleanup, and to ensure that the event contexts are properly removed for every process model - gave auth_context the new talloc treatment, which removes another source of memory leaks. (This used to be commit 230e1cd777b0fba82dffcbd656cfa23c155d0560)
2007-10-10r2643: convert more of the auth subsyystem to the new talloc methods. ThisAndrew Tridgell3-30/+20
also fixes a memory leak found with --leak-check. (This used to be commit f19201ea274f0a542314c61c4af676197bf154ad)
2007-10-10r2621: - now that the client code is non-blocking, we no longer needAndrew Tridgell1-18/+0
write_data and read_data, which are inherently blocking operations - got rid of some old NBT keepalive routines that are not needed (This used to be commit e73b4ae4e500d3b7ee57e160e0f8b63c99b2542a)
2007-10-10r2543: Catch one more use of sub_get_remote_machine().Andrew Bartlett1-1/+2
Andrew Bartlett (This used to be commit d483d88674f1f130bc27c3de379753ae1799330e)
2007-10-10r2513: Avoid strupper/strlower when you can. This developers moduleAndrew Bartlett1-3/+1
certainly doesn't need it. Andrew Bartlett (This used to be commit 77d7c76c9bc7a4fa109056140a5f4107b4410838)
2007-10-10r2505: Remove unused function. If/when we implement plaintext authenticatonAndrew Bartlett1-56/+0
in Samba4, I want to redo this. Andrew Bartlett (This used to be commit 139cc702ac7ce0c6e3bfdfe37199299cc1bc53c2)
2007-10-10r2431: got rid of strnequal() in a couple of placesAndrew Tridgell1-1/+1
(This used to be commit a1b5880b2e548832eaf4a136aab1aead525c938f)
2007-10-10r2104: fixed typo that causes a segvAndrew Tridgell1-1/+1
(This used to be commit e37a4c1a63b914c46155d39c92f226c42a0393b7)
2007-10-10r2051: switched the samdb over to using the new destructor and referenceAndrew Tridgell1-13/+1
count features of talloc, instead of re-implementing both those features inside of samdb (which is what we did before). This makes samdb considerably simpler, and also fixes some bugs, as I found some error paths that didn't call samdb_close(). Those are now handled by the fact that a talloc_free() will auto-close and destroy the samdb context, using a destructor. (This used to be commit da60987a92266734c33b81ee217081abdc4330f3)
2007-10-10r1983: a completely new implementation of tallocAndrew Tridgell1-1/+1
This version does the following: 1) talloc_free(), talloc_realloc() and talloc_steal() lose their (redundent) first arguments 2) you can use _any_ talloc pointer as a talloc context to allocate more memory. This allows you to create complex data structures where the top level structure is the logical parent of the next level down, and those are the parents of the level below that. Then destroy either the lot with a single talloc_free() or destroy any sub-part with a talloc_free() of that part 3) you can name any pointer. Use talloc_named() which is just like talloc() but takes the printf style name argument as well as the parent context and the size. The whole thing ends up being a very simple piece of code, although some of the pointer walking gets hairy. So far, I'm just using the new talloc() like the old one. The next step is to actually take advantage of the new interface properly. Expect some new commits soon that simplify some common coding styles in samba4 by using the new talloc(). (This used to be commit e35bb094c52e550b3105dd1638d8d90de71d854f)
2007-10-10r1982: i is not initialised or usedAndrew Tridgell1-2/+1
(This used to be commit db4bc88f9aeaa59f08b9b447a8b2256c9c9c5fb0)
2007-10-10r1654: rename cli_ -> smbcli_Stefan Metzmacher2-50/+50
rename CLI_ -> SMBCLI_ metze (This used to be commit 8441750fd9427dd6fe477f27e603821b4026f038)
2007-10-10r1518: check for ldb_search giving -1 (indicating db corruption)Andrew Tridgell1-0/+3
(This used to be commit 9af821c4dfa47d68be5e062028331c80df64f82b)
2007-10-10r1498: (merge from 3.0)Andrew Bartlett1-1/+1
Rework our random number generation system. On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). This also requires that we start the secrets subsystem, as that is where the reseed value is stored, for systems without /dev/urandom. In order to aviod identical streams in forked children, the random state is re-initialised after the fork(), at the same point were we do that to the tdbs. Andrew Bartlett (This used to be commit b97d3cb2efd68310b1aea8a3ac40a64979c8cdae)
2007-10-10r1486: commit the start of the generic server infastructureStefan Metzmacher1-0/+5
the idea is to have services as modules (smb, dcerpc, swat, ...) the process_model don't know about the service it self anymore. TODO: - the smbsrv should use the smbsrv_send function - the service subsystem init should be done like for other modules - we need to have a generic socket subsystem, which handle stream, datagram, and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server , or for smb or dcerpc or whatever to connect to a server wide auth service) - and other fixes... NOTE: process model pthread seems to be broken( but also before this patch!) metze (This used to be commit bbe5e00715ca4013ff0dbc345aa97adc6b5c2458)
2007-10-10r1461: ntlm_check.c is a server-side peice of code, so it belongs in AUTH.Andrew Bartlett2-1/+449
Andrew Bartlett (This used to be commit 67ac9600664e93aa2fe9426127313b57ddaec2cf)
2007-10-10r1335: NT_STATUS_INTERNAL_DB_CORRUPTIONStefan Metzmacher1-2/+2
should cause DEBUG(0,(...)); metze (This used to be commit 80851e67783a9c3c8bdd7f2b52e0b46dd7b18d05)
2007-10-10r1334: remove unused stuffStefan Metzmacher1-11/+0
metze (This used to be commit 7a8786269b4f9e4962b51dd734171adf04021c15)
2007-10-10r1294: A nice, large, commit...Andrew Bartlett5-252/+24
This implements gensec for Samba's server side, and brings gensec up to the standards of a full subsystem. This means that use of the subsystem is by gensec_* functions, not function pointers in structures (this is internal). This causes changes in all the existing gensec users. Our RPC server no longer contains it's own generalised security scheme, and now calls gensec directly. Gensec has also taken over the role of auth/auth_ntlmssp.c An important part of gensec, is the output of the 'session_info' struct. This is now reference counted, so that we can correctly free it when a pipe is closed, no matter if it was inherited, or created by per-pipe authentication. The schannel code is reworked, to be in the same file for client and server. ntlm_auth is reworked to use gensec. The major problem with this code is the way it relies on subsystem auto-initialisation. The primary reason for this commit now.is to allow these problems to be looked at, and fixed. There are problems with the new code: - I've tested it with smbtorture, but currently don't have VMware and valgrind working (this I'll fix soon). - The SPNEGO code is client-only at this point. - We still do not do kerberos. Andrew Bartlett (This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
2007-10-10r1292: Add const to the subsystem/module registration code.Andrew Bartlett1-2/+9
Add some 'multi init' code, until we get a better set of infrustructure. Andrew Bartlett (This used to be commit 982422b2d286335378531ae9523e74192340af3c)
2007-10-10r1151: fixed fill-in of force_password_change field in auth_samAndrew Tridgell1-1/+1
(This used to be commit 9135f14540ded30892dc1f944aec1e8979a476e1)
2007-10-10r1146: initially zero server infoAndrew Tridgell1-0/+1
(This used to be commit c1aeaf97b39e1769bd43b21225094bb5128eaab4)