summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2010-10-11s4-credentials Add explicit event context handling to Kerberos calls (only)Andrew Bartlett11-81/+183
By setting the event context to use for this operation (only) onto the krb5_context just before we call that operation, we can try and emulate the specification of an event context to the actual send_to_kdc() This eliminates the specification of an event context to many other cli_credentials calls, and the last use of event_context_find() Special care is taken to restore the event context in the event of nesting in the send_to_kdc function. Andrew Bartlett
2010-10-11s4-param Refactor secrets code to not require an event context.Andrew Bartlett1-1/+1
A new event context is constructed by LDB when required for secrets.ldb This will be essentially unused, as LDB on TDB will only trigger 'fake' events, and blocks on transactions and lock operations anyway. Andrew Bartlett
2010-10-11s4-kerberos Remove unused parameterAndrew Bartlett2-3/+1
2010-10-11s4-kerberos Remove unsued variableAndrew Bartlett1-1/+0
2010-10-11credentials: Avoid unnecessary includes.Jelmer Vernooij1-2/+0
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 13:01:36 UTC 2010 on sn-devel-104
2010-10-11credentials: Fix the build.Jelmer Vernooij5-2/+7
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 02:47:50 UTC 2010 on sn-devel-104
2010-10-11credentials: Split up into several subsystems.Jelmer Vernooij5-10/+22
2010-10-11kerberos_util: Put into separate subsystem.Jelmer Vernooij4-3/+11
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 00:34:56 UTC 2010 on sn-devel-104
2010-10-10auth: Remove unnecessary dependencies, fix formatting.Jelmer Vernooij1-2/+2
2010-10-10credentials: Move code that doesn't need any external dependencies intoJelmer Vernooij3-144/+147
credentials.c.
2010-10-10gensec: Support building without any linked-in modules.Jelmer Vernooij1-0/+4
2010-10-10samdb: Add flags argument to samdb_connect().Jelmer Vernooij1-1/+1
2010-10-05Add missing dependencies for com_err.Jelmer Vernooij3-2/+3
2010-10-05heimdal: Fix name of hx509 library.Jelmer Vernooij1-1/+1
2010-10-05heimdal: Fix library name of gssapi.Jelmer Vernooij2-2/+2
2010-10-02s4-gensec Always honour the set server principalAndrew Bartlett1-1/+1
The spengo code won't set this unless it is allowed to by this same option, but other callers may need it. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Oct 2 02:27:39 UTC 2010 on sn-devel-104
2010-10-02s4-kerberos Don't regenerate key values for each alias in keytabAndrew Bartlett1-43/+35
Instead, store the same key value under the multiple alias names. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Oct 2 00:16:52 UTC 2010 on sn-devel-104
2010-10-02s4-auth Add make_server_info_pac() to include 'resource domain' groupsAndrew Bartlett2-5/+40
Previously, our PAC code didn't include these groups into the server_info from which we would eventually calculate the full list of tokenGroups. Andrew Bartlett
2010-10-02s4-auth Allocate domain SIDs under the sids array, not server_infoAndrew Bartlett1-1/+1
Andrew Bartlett
2010-10-01s4-auth: fixed a vagrind error when creating keytabsAndrew Tridgell1-0/+3
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-29s4-sam: added DOMAIN_RID_ENTERPRISE_READONLY_DCS for RODCs in the PACAndrew Tridgell1-0/+16
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28s4-sam: fixed termination of krbtgt_attrs (comma and NULL)Andrew Tridgell1-4/+4
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-29s4-kdc Use msDS-SecondaryKrbTgtNumber to fill in the full KVNOAndrew Bartlett1-0/+1
Andrew Bartlett
2010-09-27s4-auth: removed unused variable dom_sidAndrew Tridgell1-1/+1
2010-09-28s4:gensec_tstream: remove plain socket handlingStefan Metzmacher1-124/+12
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 04:54:24 UTC 2010 on sn-devel-104
2010-09-28s4:gensec: add gensec_create_tstream()Stefan Metzmacher3-1/+764
Based on the initial patch from Andreas Schneider <asn@redhat.com>. metze
2010-09-26s4-gensec: fixed a valgrind error in gensecAndrew Tridgell1-12/+2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-26s4:schannel: handle move flag combinations in the serverStefan Metzmacher1-13/+23
This fixes some testsuites in the CIFS plugfest. metze
2010-09-26s4-auth: fixed the SID list for DCs in the PACAndrew Tridgell3-19/+16
the S-1-5-9 SID is added in the PAC by the KDC, not on the server that receives the PAC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sun Sep 26 07:09:08 UTC 2010 on sn-devel-104
2010-09-26s4-kerberos Don't segfault if the password isn't specified in keytab generationAndrew Bartlett1-0/+7
Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Sep 26 03:29:34 UTC 2010 on sn-devel-104
2010-09-25s4-pycredentials: avoid a tallloc_free on refAndrew Tridgell1-1/+1
with the new py object structure, we need to unlink not free
2010-09-24s4-kerberos Rework keytab handling to export servicePrincipalName entriesAndrew Bartlett2-126/+164
This creates keytab entries with all the servicePrincipalNames listed in the secrets.ldb entry. Andrew Bartlett
2010-09-24s4-kerberos Move 'set key into keytab' code out of credentials.Andrew Bartlett5-208/+234
This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
2010-09-24s4-kerberos Fix kerberos_enctype_bitmap_to_enctypes()Andrew Bartlett1-2/+3
The previous code never worked Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-23s4-gensec: fixed a client side bug in GENSEC/SASL/SSF negotiationAndrew Tridgell1-7/+10
this is the client side equivalent change for the previous fix Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-23s4-gensec: prevent a double free in the error path of GSSAPI authAndrew Tridgell1-1/+0
the caller frees mem_ctx, so we shouldn't Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-23s4-gensec: fixed a GSSAPI SASL negotiation bugAndrew Tridgell1-11/+14
Fixed a bug that affected mismatched negotiation between the GSSAPI layer and the SASL SSF subsequent negotiation. This caused some ldap clients to hang when trying to authentication with a Samba LDAP server. The client thought the connection should be signed, the server thought it should be in plain text Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-22s4-selftest: Move credentials tests to standard python directory.Jelmer Vernooij1-100/+0
2010-09-22s4-param: Fix more memory leaks, invalid memory context.Jelmer Vernooij3-19/+71
2010-09-22s4-param: Check type when converting python object to lp_ctx, fix someJelmer Vernooij3-4/+31
memory leaks.
2010-09-22pygensec: Implement start_mech_by_name().Jelmer Vernooij2-8/+30
2010-09-21s4-selftest: Move more tests to scripting/python, simplifies running of tests.Jelmer Vernooij2-72/+0
2010-09-16libcli/auth/ntlmssp Be clear about talloc parents for session keysAndrew Bartlett1-0/+5
The previous API was not clear as to who owned the returned session key. This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code, and avoids making allocations - we steal and zero instead. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-16s4-kerberos: obey the credentials setting for forwardable ticketsAndrew Tridgell3-27/+40
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-pycredentials: expose forwardable setting via pythonAndrew Tridgell1-0/+16
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-credentials: added ability to control forwardable attribute on krb5 ticketsAndrew Tridgell2-0/+24
with the latest bind9 nsupdate, we need to be able to control if the ticket we use is forwardable Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15s4-auth: allow multiple active auth backendsAndrew Tridgell1-35/+43
when we are an RODC we need to be able to allow multiple auth backends to process a single auth request. First the sam backend will try to authenticate, using locally stored passwords. If this backend can't find local passwords then it will try the winbind backend and authenticate via a writeable DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-15s4-rodc: add a trigger message for REPL_SECRET to auth_samAndrew Tridgell1-0/+52
when an RODC tries to authenticate against an account and the account has no password information it needs to send a message to the drepl server to tell it to try and replicate the secret information from a writeable DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-14s4: Fix two typosVolker Lendecke1-2/+2
2010-09-11s4:gensec Put the "NTLM" string for NTLMSSP's SASL name in a headerAndrew Bartlett2-1/+3
generated by cgit (git 2.34.1) at 2024-07-06 22:38:05 +0000