summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r19489: Change ldb_msg_add_value and ldb_msg_add_empty to take a foruth ↵Simo Sorce1-4/+4
argument. This is a pointer to an element pointer. If it is not null it will be filled with the pointer of the manipulated element. Will avoid double searches on the elements list in some cases. (This used to be commit 0fa5d4bc225b83e9f63ac6d75bffc4c08eb6b620)
2007-10-10r19465: Rather than use the non-standard API for determining the signatureAndrew Bartlett1-55/+8
length, use the amount the wapped message expanded by. This works, because GSSAPI doesn't do AEAD (signing of headers), and so changing the signature length after the fact is valid. Andrew Bartlett (This used to be commit bd1e0f679c8f2b9755051b8d34114fa127a7cf26)
2007-10-10r19339: Merge my 4.0-unittest branch. This adds an API for more fine-grainedJelmer Vernooij1-1/+1
output in the testsuite rather than just True or False for a set of tests. The aim is to use this for: * known failure lists (run all tests and detect tests that started working or started failing). This would allow us to get rid of the RPC-SAMBA3-* tests * nicer torture output * simplification of the testsuite system * compatibility with other unit testing systems * easier usage of smbtorture (being able to run one test and automatically set up the environment for that) This is still a work-in-progress; expect more updates over the next couple of days. (This used to be commit 0eb6097305776325c75081356309115f445a7218)
2007-10-10r19299: Fix possible memleaksSimo Sorce1-3/+21
(This used to be commit 6fad80bb09113a60689061a2de67711c9924708b)
2007-10-10r19265: It is not an error to set the target hostname to NULL.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit c9c2e90e2e3937d05c58c681af187413b12d9220)
2007-10-10r18354: It seems safe to enable the DIGEST-MD5 module now.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 8357f8be45ef93bd1b648350c951bbe3b1bb5682)
2007-10-10r18321: fixed some warnings on AIXAndrew Tridgell1-1/+1
(This used to be commit 449fab2c264aa50601f9a2d3310f1910ba97706b)
2007-10-10r18301: I discovered how to load the warnings from a build farm build intoAndrew Tridgell2-3/+3
emacs compile mode (hint, paste to a file, and compile as "cat filename"). This allowed me to fix nearly all the warnings for a IA_64 SuSE build very quickly. (This used to be commit eba6c84efff735bb0ca941ac4b755ce2b0591667)
2007-10-10r18295: pass write type for packet_sizeAndrew Tridgell1-1/+1
this fixes a crash on IA_64 systems (This used to be commit 22c39027621fb65663122b4959b171d328b549d4)
2007-10-10r18258: need to use .priority not .order hereAndrew Tridgell1-1/+1
(This used to be commit a47d65fe17a0e84615ff235380eb2462579199f0)
2007-10-10r18257: Order the GENSEC modules, with unknown modules last.Andrew Bartlett7-17/+19
Andrew Bartlett (This used to be commit 8ae880b5019ab275fe0eca48120ab9e0fcca6293)
2007-10-10r18255: Remove the SMB_ASSERT(), as these are not talloc()'ed structures.Andrew Bartlett1-3/+0
Andrew Bartlett (This used to be commit 73fba185eba6b059d34790c95a30d49b296759f5)
2007-10-10r18253: Turn Cyrus-SASL DIGEST-MD5 off by default for now.Andrew Bartlett2-1/+10
Andrew Bartlett (This used to be commit 2da948cb6ecc75e2b4b97c770c8ba13b7f831d6e)
2007-10-10r18250: Add an ordering of GENSEC modules, so we do preferred modules first.Andrew Bartlett6-5/+22
Andrew Bartlett (This used to be commit 0afb4d1992b3c93557dec1e1cdca467efc299853)
2007-10-10r18249: Keep trying to start an GENSEC mech from the list until one actuallyAndrew Bartlett1-2/+8
starts. Andrew Bartlett (This used to be commit 7dba525f5598199e89badbf15e0f5f09023c6cfa)
2007-10-10r18242: The cyrus-sasl encode/decode routines process the entire input.Andrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit 32d8a23d5499ef3d913240b5693b54eb2e78cd7d)
2007-10-10r18213: don't list LIBREPLACE depdendecies explicit andStefan Metzmacher1-1/+1
always at it as first private dependencies metze (This used to be commit 135d096776b53ae09ffc2b4f767dfbd18139570f)
2007-10-10r18198: Fix callbacks to use allocated or constant memory, not the stack.Andrew Bartlett1-16/+22
These values are used by SASL at a later time, and must remain valid. Make the password callback actually return the password. Andrew Bartlett (This used to be commit 8e12f92bbe3aa878292169f4699502e241ef6c0b)
2007-10-10r18164: enable the SASL library if foundStefan Metzmacher1-1/+2
metze (This used to be commit 675541f24e4681161fcc85422c14f9ecbf30e048)
2007-10-10r18155: Add my work in progress, a module to link with Cyrus-SASL, for aAndrew Bartlett4-2/+435
DIGEST-MD5 implemenation in particular. However, I can't make this work: Cyrus-SASL isn't loading the mech... Andrew Bartlett (This used to be commit 0b193d28c896c9d212a536da7d87634543d971a5)
2007-10-10r18130: the move to system/ in libreplace broke some things ... should beAndrew Tridgell1-1/+1
happier now (This used to be commit 18542f184f75074e56a9793a9e3b6c6d747bb9e6)
2007-10-10r18068: This splits the handling of multiple SASL packets between the GENSECAndrew Bartlett5-61/+239
backend (if it chooses to implement it), or the GENSEC socket code. This is to allow us to handle DIGEST-MD5 across to cyrus-sasl. Andrew Bartlett (This used to be commit 0a098006b431f4aa48632a27ca08e9adca8d9609)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij2-2/+1
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17871: Add an option to make the system account behave as anonymous on theAndrew Bartlett1-1/+6
network. This helps where we are trying to talk to an LDAP server, until we share a common SASL authentication scheme. Andrew Bartlett (This used to be commit f9d39dba41441cd5d06964ce0aebef9bcba40759)
2007-10-10r17824: add a wrapper for the common partitions_basedn calculationAndrew Tridgell2-2/+2
(This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
2007-10-10r17823: get rid of most of the samdb_base_dn() calls, as they are no longerAndrew Tridgell2-4/+2
needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)
2007-10-10r17774: this macro is unusedStefan Metzmacher1-2/+0
metze (This used to be commit 2f4aa95f8d414262eb4d78060ee3a97a85ec5182)
2007-10-10r17516: Change helper function names to make more clear what they are meant ↵Simo Sorce2-15/+15
to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2007-10-10r17381: - we don't need debug messages twiceStefan Metzmacher1-12/+2
- also user_info->mapped is maybe uninitialized in auth_password_check() as it we do the mapping in auth_password_check_send() that to Kai Blin <kai.blin@gmail.com> and valgrind to find this bug metze (This used to be commit d88aabef64316cebca46037b67dd2df7cfd4d482)
2007-10-10r17344: move the gensec_update_request structure into the header fileStefan Metzmacher2-12/+12
and add a private_data for the backends. metze (This used to be commit 015a65e00187e684b3e4d1f4ca07edb9f022f61b)
2007-10-10r17343: let auth_winbind use IRPC against the winbind task.Stefan Metzmacher2-7/+124
(currently this uses the sync IRPC_CALL(), but when auth_check_password will be async for the backend this will change to IRPC_CALL_SEND() the old module which uses the samba3 protocol against winbind is still available as 'winbind_samba3' metze (This used to be commit 26efc732ab668bcb55fd0796818aabe45add2b25)
2007-10-10r17341: pass a messaging context to auth_context_create()Stefan Metzmacher6-27/+63
and gensec_server_start(). calling them with NULL for event context or messaging context is no longer allowed! metze (This used to be commit 679ac74e71b111344f1097ab389c0b83a9247710)
2007-10-10r17332: May as well make this a round numberAndrew Bartlett1-1/+1
(This used to be commit a2d614147663c4f9b80d6e383819e92ca45e013b)
2007-10-10r17285: some reformatingStefan Metzmacher1-10/+23
metze (This used to be commit c865aea260dd22b8b5d63e60fd917a52ed719993)
2007-10-10r17284: move the input checking stuff from ntlmssp_update() into itsStefan Metzmacher1-40/+44
own function. metze (This used to be commit ee81ad57938a9f54533a0028b87fd84bde90db8d)
2007-10-10r17273: add an async version of auth_check_password() on the publicStefan Metzmacher2-31/+185
auth interface and implement the sync version as wrapper to auth_check_password_send/recv() as next all callers need to be converted to the async interface and then the modules metze (This used to be commit ed40bb3c16279f9727be67e889270da5efb8ddb9)
2007-10-10r17272: move the callback stuff into a substructureStefan Metzmacher1-8/+10
metze (This used to be commit c49e27d5d0289e3525f7f6197b031e7d300df81b)
2007-10-10r17270: split the logic of saying this auth backend wants to handle thisStefan Metzmacher7-41/+140
request from the password checking. This will help to make the password checking hook async later metze (This used to be commit 5b26cbc3428b4c186235cc08c9ace1c23f59dd7f)
2007-10-10r17267: - add an async interface for gensec_update() to the public gensec apiStefan Metzmacher2-0/+78
- note this is still uses the sync update() hook of the gensec modules but it allows me to fix the callers first Later auth_check_password() will also get an async version, so that we can later implement an async version of auth_winbind using async IRPC to the winbind task. metze (This used to be commit d5638a4fafd1d60ccc4cd76e92a1b2b0093865a7)
2007-10-10r17223: In some protocols it is not possible to negoitate off some features,Andrew Bartlett1-5/+3
without the agreement of the peer. This can cause problems, because one side things sealing is disabled, while the other thinks it is enabled. Andrew Bartlett (This used to be commit 68ddc4921f43252b3fba73e9d85cc38c359d599d)
2007-10-10r17222: Change the function prototypes for the GENSEc and TLS socket creationAndrew Bartlett2-38/+66
routines to return an NTSTATUS. This should help track down errors. Use a bit of talloc_steal and talloc_unlink to get the real socket to be a child of the GENSEC or TLS socket. Always return a new socket, even for the 'pass-though' case. Andrew Bartlett (This used to be commit 003e2ab93c87267ba28cd67bd85975bad62a8ea2)
2007-10-10r17197: This patch moves the encryption of bulk data on SASL negotiated securityAndrew Bartlett4-18/+503
contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett (This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
2007-10-10r17173: Check for oversize output, not oversize input, and fix the GSSAPI mechAndrew Bartlett1-10/+11
to work (it broke it in the previous commit). Andrew Bartlett (This used to be commit e96638bc74f0752ce8af6626a04c92d48b917ffe)
2007-10-10r17171: Add a gensec function to determine the maximum negotiated buffer size,Andrew Bartlett3-34/+134
and the maximum amount of user data that may be fitted into that. This is used in the new SASL code, to correctly honour SASL buffer sizes. Andrew Bartlett (This used to be commit cbbe99d9c1f0262e67a495fb098cacc09fd78e05)
2007-10-10r17170: Catch some more out-of-memory cases, and provide some clues whenAndrew Bartlett1-7/+18
chasing down bad signatures that may be due to data truncation. Andrew Bartlett (This used to be commit d304760d3d909e55cbf2c744cdb2b4137f74b81b)
2007-10-10r16961: Merge 'seperate policy from logic' changes from Samba3. The 56-bitAndrew Bartlett3-4/+12
flag is handled just like all the others. Also negotiate the unknown 0x02000000 flag, to match windows. Andrew Bartlett (This used to be commit 1d0befdb681ed9974d1bdff46ce56353552ee0e0)
2007-10-10r16829: Fix a number of issues raised by the IBM checker, or gcc warnings.Andrew Bartlett1-2/+3
In particular, this removes one use of the LDB_DN_NULL_FAILED macro, which was being used on more than DNs, had an embedded goto, and confused the IBM checker. In the password_hash code, ensure that sambaAttr is not, before checking the number of values. In GENSEC, note that this switch value can't occour. This seems to be the only way to quiet both the IBM checker and gcc, as well as cope with possibly invalid inputs. Andrew Bartlet (This used to be commit 3e58350ec2ab883795b1dd03ac46a3520cac67d0)
2007-10-10r16569: - use push_string()Stefan Metzmacher1-4/+4
metze (This used to be commit f099fcb6e3a38d6df22cb3a0c7c666333e41f11b)
2007-10-10r16516: Get rid of file_exists() as there already is a file_exist().Jelmer Vernooij1-1/+1
(This used to be commit c4b3c2b18c6df43c8a4808fab72bc45439ba9421)
2007-10-10r16238: Use a baseDN for the auth_sam searches, to allow continued functionAndrew Bartlett2-7/+11
with partitions. Also fix some debug messages. Andrew Bartlett (This used to be commit a2441ae99a6c3b4bf40f5369477a9bc0f3019c34)