Age | Commit message (Collapse) | Author | Files | Lines |
|
If mappings use ID_TYPE_BOTH.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
|
|
This avoids keeping the event context around on a the gensec_security
context structure long term.
In the Samba3 server, the event context we either supply is a NULL
pointer as no server-side modules currently use the event context.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This ensures that only gensec_update() will require an event context argument
when the API is refactored.
Andrew Bartlett
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This moves the allocation of the ntlmssp pointer back to the callers.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This brings in the code from both libcli/auth and
source4/auth/ntlmssp.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This will allow us to pass this down to the tdb_wrap layer.
Andrew Bartlett
|
|
This does not change who uses gensec for now, but makes it possible to
write new gensec modules outside source4/
Andrew Bartlett
|
|
This will allow gensec_start.c to move to the top level. This does not change
what code uses the cli_credentials code, but allows the gensec code to be
more broadly.
Andrew Bartlett
|
|
This is done so that the lpcfg_ functions are available across the whole
build, either with the struct loadparm_context loaded from an smb.conf directly
or as a wrapper around the source3 param code.
This is not the final, merged loadparm, but simply one step to make
it easier to solve other problems while we make our slow progress
on this difficult problem.
Andrew Bartlett
|
|
This creates a samba-modules private libary that handles the details.
Andrew Bartlett
|
|
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Oct 5 09:45:15 CEST 2011 on sn-devel-104
|
|
to properly support multi-domain forests we need to determine if an
incoming username is part of a known forest domain or not. To do this
for all possible SPN forms, we need to use CrackNames.
This changes map_user_info() to use CrackNames if a SAM context is
available, and asks the CrackNames services to parse the incoming
username and domain into a NT4 form, which can then be used in the
SAM.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
We need to exclude GC partial replica naming contexts from SAM lookups
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Jelmer
|
|
This assists with avoiding duplicate symbols.
Andrew Bartlett
|
|
metze
|
|
|
|
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Thu Aug 18 22:16:38 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Aug 14 17:18:46 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Sun Aug 14 00:38:13 CEST 2011 on sn-devel-104
|
|
|
|
If we pass variable references we don't get implicit casting!
metze
|
|
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Aug 8 14:53:53 CEST 2011 on sn-devel-104
|
|
This is needed so that OpenChange can get at _tevent_req_nterr(), which is referenced
by generated PIDL output.
Andrew Bartlett
|
|
|
|
This avoids having the same check in 3 different parts of the code
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Aug 3 12:45:04 CEST 2011 on sn-devel-104
|
|
The auth4_context is already in the gensec_security structure, which is
available by de-reference here anyway.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This allows the current behaviour of the NTLMSSP code to be unchanged
while adding a way to hook in an alternate implementation via an auth
module.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
gensec_session_key()
This is slightly less efficient, because we no longer keep a cache on
the gensec structures, but much clearer in terms of memory ownership.
Both gensec_session_info() and gensec_session_key() now take a mem_ctx
and put the result only on that context.
Some duplication of memory in the callers (who were rightly uncertain
about who was the rightful owner of the returned memory) has been
removed to compensate for the internal copy.
Andrew Bartlett
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The startup and runtime functions that have no dependencies are moved
into the top level.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Jul 29 05:33:03 CEST 2011 on sn-devel-104
|
|
This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Use the object names as <modulename>.<objectname> to correctly generate the
object hierarchy in pydoc.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Use the object names as <modulename>.<objectname> to correctly generate the
object hierarchy in pydoc.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jul 25 09:45:01 CEST 2011 on sn-devel-104
|
|
This will allow the source3 auth code to call this without needing to
double-parse the SIDs
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
metze
|
|
metze
|
|
If the KDC does not support S4U2Proxy, it might return a ticket
for the TGT client principal.
metze
|
|
For S4U2Proxy we need to use the ticket from the S4U2Self stage
and ask the kdc for the delegated ticket for the target service.
metze
|
|
Old KDCs may not support S4U2Self (or S4U2Proxy) and return tickets
which belongs to the client principal of the TGT.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jun 22 09:10:55 CEST 2011 on sn-devel-104
|
|
This will make the following changes easier to review.
metze
|
|
In order to make the following changes easier to review.
metze
|
|
It's important that we don't store the tgt for the machine account
in the same krb5_ccache as the ticket for the impersonated principal.
We may pass it to some krb5/gssapi functions and they may use them
in the wrong way, which would grant machine account privileges to
the client.
metze
|
|
This will make the following changes easier to review.
metze
|