summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2011-03-14Fix public header not to include private (not installed) ones.Simo Sorce2-1/+2
Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Mon Mar 14 17:01:20 CET 2011 on sn-devel-104
2011-03-04s4-nterr: move auth_nt_status_squash to nt_status_squash and move to nterr.cGünther Deschner3-26/+1
Guenther
2011-02-28Fix some typesJelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
2011-02-28tdb: Use <tdb.h> to include tdb so system headers are found when building ↵Jelmer Vernooij2-2/+2
against system tdb.
2011-02-24build: moved spnego_parse.c into a common subsystemAndrew Tridgell1-2/+2
2011-02-24build: moved schannel_sign.c into a shared COMMON_SCHANNEL subsystemAndrew Tridgell1-2/+2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-24build: moved libcli/auth/ntlmssp*.c into a common libcliauth.so libraryAndrew Tridgell3-7/+4
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-22s4-auth Move libcli/security/session.c to the top levelAndrew Bartlett2-8/+2
This code is now useful in common, as the elements of the auth_session_info structure have now been defined in common IDL. Andrew Bartlett
2011-02-18s4-auth: rename 'auth' subsystem to 'auth4'Andrew Tridgell5-25/+25
this prevents conflicts with the s3 auth modules. The auth modules in samba3 may appear in production smb.conf files, so it is preferable to rename the s4 modules for minimal disruption. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-14librpc: make NDR_KRB5PAC a shared library (libndr-krb5pac.so).Günther Deschner1-1/+1
Simo, please check. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Feb 14 18:54:38 CET 2011 on sn-devel-104
2011-02-10ldb: use #include <ldb.h> for ldbAndrew Tridgell4-4/+4
thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-10s4-krb5: authkrb5 should depend on ldbAndrew Tridgell1-1/+1
this fixes the include path to add ldb Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-10libcli/named_pipe_auth Change from 'info3' to auth_session_info_transportAndrew Bartlett2-0/+157
This changes the structure being used to convey the current user state from the netlogon-derived 'netr_SamInfo3' structure to a purpose-built structure that matches the internals of the Samba auth subsystem and contains the final group list, as well as the final privilege set and session key. These previously had to be re-created on the server side of the pipe each time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-02-10auth Move auth_sam_reply into the top level.Andrew Bartlett2-397/+0
These functions provide conversions between some netlogon.idl and auth.idl structures Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-02-09s4-auth Fix setting of bad_password_count in ↵Andrew Bartlett1-1/+1
auth_convert_user_info_dc_sambaseinfo() Discovered during the convertion to auth_user_info. Andrew Bartlett
2011-02-09s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett22-666/+705
This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
2011-02-09s4-auth Add auth.idl to encode auth subsystem structures in IDLAndrew Bartlett1-0/+1
This is not only a useful way to encode stuff, it also allows python to handle the structures, and natrually allows them to be NDR encoded. Andrew Bartlett
2011-02-08pam: share pam errors in a common location.Günther Deschner4-166/+1
Guenther
2011-02-02s4-python Ensure we add the Samba python path first.Andrew Bartlett1-1/+1
This exact form of the construction is important, and we match on it in the installation scripts. Andrew Bartlett
2011-01-30s4:auth/pyauth.c - temporarily add compatibility code for Python 2.4Matthias Dieter Wallnöfer1-0/+11
This patch has been commited by request of Jelmer. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Jan 30 19:07:57 CET 2011 on sn-devel-104
2011-01-20s4-auth Remove special case for account_sid from auth_serversupplied_infoAndrew Bartlett8-222/+206
This makes everything reference a server_info->sids list, which is now a struct dom_sid *, not a struct dom_sid **. This is in keeping with the other sid lists in the security_token etc. In the process, I also tidy up the talloc tree (move more structures under their logical parents) and check for some possible overflows in situations with a pathological number of sids. Andrew Bartlett
2011-01-20s4-gensec Add prototype for gensec_ntlmssp_init()Andrew Bartlett1-0/+2
Andrew Bartlett
2011-01-20libcli/auth move ntlmssp_wrap() and ntlmssp_unwrap() into common code.Andrew Bartlett1-123/+12
The idea here is to allow the source3/libads/sasl.c code to call this instead of the lower level ntlmssp_* functions. Andrew Bartlett
2011-01-19s4-pyauth Fix AuthContext wrapperAndrew Bartlett1-2/+13
2011-01-19s4-auth Allow NULL methods to be specified to auth_context_create_methods()Andrew Bartlett1-14/+3
This allows us to init an auth context that isn't going to do any NTLM authentication, but is used by other subsystems. Andrew Bartlett
2011-01-19s4-gensec Remove special case 'for SASL' that is not required any more.Andrew Bartlett1-13/+0
I've examined the code paths involved, and it appears an alternative fix has been made in the ldap_server/ldap_bind.c code, and there is no code path that uses this behaviour. Andrew Bartlett
2011-01-19pygensec: remove special case handling for None for buffersAndrew Tridgell1-35/+28
always returning a buffer makes life easier for callers Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-18s4-gensec Extend python bindings for GENSEC and the associated testAndrew Bartlett1-21/+223
This now tests a real GENSEC exchange, including wrap and unwrap, using GSSAPI. Therefore, it now needs to access a KDC. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Jan 18 11:41:26 CET 2011 on sn-devel-104
2011-01-18s4-auth Extend python bindings to allow ldb and message to be specifiedAndrew Bartlett3-11/+61
This will allow for some more tokenGroups tests in future. Andrew Bartlett
2011-01-18s4-pygensec Fix indentation of py_gensec_start_mech_by_name()Andrew Bartlett1-11/+11
2011-01-18s4-pygensec Add bindings for server_start() and update()Andrew Bartlett1-4/+96
2011-01-18s4-pyauth Add bindings for auth_context_create() as AuthContext()Andrew Bartlett2-1/+81
2011-01-18s4-pyauth Use py_talloc_get_type() for greater talloc binding safetyAndrew Bartlett2-12/+15
This does a talloc check of the returned pointer before casting it. Andrew Bartlett
2011-01-18s4-gensec Don't steal the auth_context, reference it.Andrew Bartlett2-6/+17
We don't want to steal this pointer away from the caller if it's been set up from python. Andrew Bartlett
2011-01-15s4:auth/ntlm/auth_sam.c - fix call to "get_server_info_principal"Matthias Dieter Wallnöfer1-7/+7
This should obviously point to the wrapper not the call itself. Found out by Tru64 host build warning. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Jan 15 18:05:59 CET 2011 on sn-devel-104
2011-01-14s4-auth: fixed status return Andrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-auth Add get and set methods for auth_session_info python wrapperAndrew Bartlett2-7/+73
This allows the session key, security_token and credentials to be manipulated from python. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2011-01-14s4-auth Add function to obtain any user's session_info from a given LDBAndrew Bartlett6-81/+209
This will be a building block for a tokenGroups test, which can compare against a remote server (in particular the rootDSE) against what we would calculate the tokenGroups to be. (this meant moving some parts out of the auth_sam code into the containing library) Andrew Bartlett
2011-01-14s4-auth use new dsdb_expand_nested_groups()Andrew Bartlett2-152/+11
This isn't quite as good as using tokenGroups, but that is only available for BASE searches, and this isn't how the all the callers work at the moment. Andrew Bartlett
2011-01-03s4:gensec/schannel: use netsec_outgoing_sig_size() to get the signature sizeStefan Metzmacher1-1/+6
metze
2011-01-01heimdal_build: Add missing dependencies when building with system heimdal.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Jan 1 04:46:35 CET 2011 on sn-devel-104
2010-12-21s4:auth/session.h - use a forward declaration for type "struct ldb_context"Matthias Dieter Wallnöfer1-1/+1
And remove the now obsolete one for "struct tevent_context" Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Dec 21 11:17:34 CET 2010 on sn-devel-104
2010-12-21s4-auth Ensure that we always copy across domain groupsAndrew Bartlett1-13/+13
Even if we can't calculate the local groups (because we don't have a local SAM to do it with) we still need to include the domain groups in the session_info token. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Dec 21 05:56:22 CET 2010 on sn-devel-104
2010-12-21s4-auth Remove duplicate copies of session_info creation codeAndrew Bartlett3-153/+24
We now just do or do not call into LDB based on some flags. This means there may be some more link time dependencies, but we seem to deal with those better now. Andrew Bartlett
2010-12-21s4-auth rework session_info handling not to require an auth contextAndrew Bartlett4-13/+26
This reverts a previous move to have this based around the auth subsystem, which just spread auth deps all over unrelated code. Andrew Bartlett
2010-12-21s4-auth Remove event context from privilage database handlingAndrew Bartlett1-1/+0
These local TDB operations can quite safely be handled in a new/nested event context, rather than using the main event context. Andrew Bartlett
2010-12-21s4-auth Remove obsolete commentAndrew Bartlett1-7/+0
The code that this referred to went away in September with 7dbfeb0dc040889244a1110940af2d070f823374 Andrew Bartlett
2010-12-21s4:auth/gensec/spnego.c - remove unused variable "principal"Matthias Dieter Wallnöfer1-1/+0
2010-12-14s4:gensec/spnego: only look at the optimistic token if we support the first mechStefan Metzmacher1-4/+20
As a server only try the mechs the client proposed and only call gensec_update() with the optimistic token for the first mech in the list. If the server doesn't support the first mech we pick the first one in the clients list we also support. That's how w2k8r2 works. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Dec 14 16:50:50 CET 2010 on sn-devel-104
2010-12-11s4-smbtorture: Make test names lowercase and dot-separated.Jelmer Vernooij1-2/+1
This is consistent with the test names used by selftest, should make the names less confusing and easier to integrate with other tools. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 11 04:16:13 CET 2010 on sn-devel-104