summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2010-02-26s4:python Add bindings to set GENSEC flags on credentials in pythonAndrew Bartlett2-0/+32
This should allow these to be manipulated by python scripts that need encrypted connections. Andrew Bartlett
2010-02-26s4-krb5: propogate errors from a lot more kerberos functionsAndrew Tridgell10-99/+148
We need to be able to give sensible error messages when a kerberos calls fails. This propogates the kerberos error up the stack to the caller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-25s4:auth - make some parts "signed-safe"Matthias Dieter Wallnöfer2-7/+8
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-23s4:cleanup remove unused schannel ldb codeSimo Sorce1-67/+0
2010-02-23s4:schannel merge code with s3Simo Sorce2-22/+5
After looking at the s4 side of the (s)channel :) I found out that it makes more sense to simply make it use the tdb based code than redo the same changes done to s3 to simplify the interface. Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet that does not solve the lookup speed, with ldb it is always going to be slower. Looking through the history it is evident that the schannel database doesn't really need greate expanadability. And lookups are always done with a single Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated. The schannel database is not really a persistent one. It can be discared during an upgrade without causing any real issue. all it contains is temproary session data.
2010-02-22Spelling fixes for source4/auth.Brad Hards2-3/+3
The comment for USER_INFO_INTERACTIVE_LOGON looks like a cut-n-paste from the line above. Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-02-20s4:credentials Add hooks to extract a named Kerberos credentials cacheAndrew Bartlett5-63/+162
This allows the integration of external tools that can't be linked into C or python, but need to authenticate as the local machine account. The machineaccountccache script demonstrates this, and debugging has been improved in cli_credentials_set_secrets() by passing back and error string. Andrew Bartlett
2010-02-16s4-dsdb: removed gendb_search_single_extended_dn()Andrew Tridgell1-2/+3
Use dsdb_search_one() instead, which allows for arbitrary controls Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-16s4-dsdb: added dsdb_search_one() and cleanup dsdb_find_dn_by_guid()Andrew Tridgell1-4/+6
dsdb_find_dn_by_guid() now takes a struct GUID instead of a guid_string. All the callers in fact wanted a struct GUID, so we now avoid the extra conversion. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-13s4-auth: use TYPESAFE_QSORT() in gensecAndrew Tridgell1-1/+2
2010-02-12s4:auth/credentials/credentials.c - Initialise the "lm_response" and ↵Matthias Dieter Wallnöfer1-0/+5
"nt_response" structures In some cases those structures are not initialised and the whole authentication system crashes with a SIGSEGV. Bug discovered by Matthieu Patou in bug #6755.
2010-02-09s4:Remove "Py_RETURN_NONE" compatibility codeMatthias Dieter Wallnöfer2-8/+0
This was needed only by Python 2.3 which we no longer support.
2010-01-31s4:kdc streamline context initializationSimo Sorce2-37/+58
Allow other plugins to init the context without having it try to grab sockets or set samba specific logging.
2010-01-29s4:auth_sam: avoid usage of data_blob_talloc_reference() and copy the ↵Stefan Metzmacher1-4/+14
session keys metze
2010-01-28cleanup: remove trailing spaces and tabsSimo Sorce1-37/+37
2010-01-21s4: Fix a few warnings.Jelmer Vernooij1-0/+1
2010-01-16s4-kerberos: raise the general kerberos debug level to 3Andrew Tridgell1-1/+1
level 2 for every krb request is a bit much
2010-01-12Strip trailing spacesSimo Sorce2-82/+82
2009-12-29s4:ntlmssp: remove mem_ctx from check_password() callback to match s3Stefan Metzmacher2-5/+2
metze
2009-12-29s4:ntlmssp_server: always call ntlmssp_server_postauth() and decide there if ↵Stefan Metzmacher1-5/+11
it's a noop metze
2009-12-29s4:ntlmssp_server: don't use a mem_ctx for ntlmssp_server_auth()Stefan Metzmacher1-13/+7
metze
2009-12-29s4:ntlmssp_server: don't use mem_ctx in auth_ntlmssp_check_password()Stefan Metzmacher1-16/+8
metze
2009-12-29s4:ntlmssp_server: clear session key in ntlmssp_server_preauth()Stefan Metzmacher1-3/+1
metze
2009-12-29s4:ntlmssp: use data_blob_null in ntlmssp_server_auth()Stefan Metzmacher1-4/+6
metze
2009-12-29s4:ntlmssp_server: remove unused variableStefan Metzmacher1-7/+0
metze
2009-12-29s4:auth/ntlmssp: let get_challenge() return a NTSTATUS and fill a stack bufferStefan Metzmacher2-13/+13
metze
2009-12-29dsdb: Fix dependencies when building against system ldb.Jelmer Vernooij1-1/+1
2009-12-29s4:auth: add auth_get_server_info_principal() prototype to auth.hStefan Metzmacher1-0/+5
metze
2009-12-29s4:auth: make auth_challenge_may_be_modified() publicStefan Metzmacher2-2/+2
metze
2009-12-29s4:auth: remove autogenerated auth/ntlm/auth_proto.hStefan Metzmacher1-50/+0
metze
2009-12-29s4:ntlmssp: fix whitespaces in ntlmssp.hStefan Metzmacher1-16/+16
metze
2009-12-24s4:auth: change auth_check_password_send/recv to tevent_reqStefan Metzmacher3-113/+143
metze
2009-12-24s4:gensec: change gensec_update_send/recv to tevent_reqStefan Metzmacher3-58/+83
metze
2009-12-22s4:gensec Don't give a warning when Windows client connects with NTLMAndrew Bartlett1-11/+20
We have had the workaround for a long time, but at the time the log warnings remained. Andrew Bartlett
2009-12-22s4:auth Change 'get_challenge' API to be more like Samba3Andrew Bartlett7-34/+31
It is just easier to fill in the known to be 8 byte challenge than stuff about with allocated pointers. Andrew Bartlett
2009-12-22s4:auth generate the prototype file in the right placeAndrew Bartlett1-1/+1
2009-12-16s4:gensec: allow clearing local and remote address by passing NULLStefan Metzmacher1-0/+10
metze
2009-12-16s4-gensec: Remove obsolete socket_address vars and fns.Andreas Schneider2-35/+0
2009-12-16s4-gensec: Replace gensec_get_peer_addr with new tsocket based fn.Andreas Schneider8-32/+29
2009-12-16s4-gensec: Replace gensec_set_peer_addr with new tsocket based fn.Andreas Schneider2-11/+0
2009-12-16s4-gensec: Replace gensec_get_my_addr with new tsocket based fn.Andreas Schneider3-23/+24
2009-12-16s4-gensec: Replace gensec_set_my_addr() with new tsocket based fn.Andreas Schneider2-10/+0
2009-12-16s4-gensec: Added remote and local setter/getter using tsocket.Andreas Schneider3-4/+127
2009-11-02s4:credentials Put the 'secrets.keytab' in the same directory as secrets.ldbAndrew Bartlett1-1/+3
This avoids trouble when the secrets.ldb is updated with ldbedit but an smb.conf is not specified. Andrew Bartlett
2009-10-24s4:gensec/schannel: remove unused talloc_reference() in schannel_update()Stefan Metzmacher1-1/+1
We never expose creds to the caller in schannel_update(). metze
2009-10-23s4-python: we need to include Python.h firstAndrew Tridgell2-2/+2
If we don't include Python.h first then we get a pile of warnings due to broken redefines of XOPEN_SOURCE in the Python includes.
2009-10-23s4:gensec Use an index on computerName in schannel.ldbAndrew Bartlett1-1/+4
2009-10-23s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()Andrew Tridgell1-1/+1
This allows us to reuse a ldb context if it is open twice, instead of going through the expensive process of a full ldb open. We can reuse it if all of the parameters are the same. The change relies on callers using talloc_unlink() or free of a parent to close a ldb context.
2009-10-23s4-dsdb: create a static system_session contextAndrew Tridgell6-12/+27
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
2009-10-20s4: ran minimal_includes.pl on source4/auth/gensecAndrew Tridgell6-12/+0