Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-03-24 | s4:ntlmssp: remove backend specifix stuff from (gensec_)ntlmssp_state | Stefan Metzmacher | 2 | -22/+46 | |
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-24 | s4:ntlmssp: create a gensec_ntlmssp_context between gensec_security and ↵ | Stefan Metzmacher | 2 | -9/+20 | |
ntlmssp_state Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-24 | s4:ntlmssp: add definition of gensec_ntlmssp_context | Stefan Metzmacher | 1 | -0/+7 | |
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-24 | s4:ntlmssp: add a callback_private pointer to gensec_ntlmssp_state | Stefan Metzmacher | 1 | -1/+6 | |
We'll remove any gensec specific stuff from gensec_ntlmssp_state and rename it to ntlmssp_state again. Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-24 | s4:ntlmssp Ensure that we always negotiate signing if we negotiate sealing. | Andrew Bartlett | 1 | -0/+1 | |
Without this, a sealed LDAP connection to windows does not work. Andrew Bartlett | |||||
2010-03-16 | s4:auth/kerberos/kerberos.c - fix also here a memory leak | Matthias Dieter Wallnöfer | 1 | -0/+1 | |
The options need to be freed also on this error case. | |||||
2010-03-11 | s4: Modify auth/config.m4 to move pam tests to nsswitch.m4 so that we tests ↵ | Matthieu Patou | 1 | -6/+1 | |
things in one place Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2010-03-08 | s4-gensec: Fixed wrong usage of error_string. | Andreas Schneider | 1 | -1/+1 | |
Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2010-03-04 | s4:auth/sam.c - change base context for the "tmp_ctx" context in ↵ | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
"authsam_expand_nested_groups" Better use the "res_sids_ctx" as base context for the "tmp_ctx" and not the long-living "sam_ctx"/"ldb" context to prevent memory leaks. | |||||
2010-03-04 | s4:sam.c - make "authsam_expand_nested_groups" public | Matthias Dieter Wallnöfer | 2 | -1/+7 | |
This is needed by the "tokenGroups" work in the operational LDB module. | |||||
2010-03-04 | s4:sam.c - cosmetic indentation fix | Matthias Dieter Wallnöfer | 1 | -2/+1 | |
2010-03-04 | s4:sam.c - change variable types to unsigned in "sids_contains_sid" | Matthias Dieter Wallnöfer | 1 | -3/+4 | |
Should also be unsigned - no need for a signed "i" and "num_sids" here. | |||||
2010-03-03 | Fix typo in comments. | Karolin Seeger | 1 | -2/+2 | |
2010-02-26 | s4:python Add bindings to set GENSEC flags on credentials in python | Andrew Bartlett | 2 | -0/+32 | |
This should allow these to be manipulated by python scripts that need encrypted connections. Andrew Bartlett | |||||
2010-02-26 | s4-krb5: propogate errors from a lot more kerberos functions | Andrew Tridgell | 10 | -99/+148 | |
We need to be able to give sensible error messages when a kerberos calls fails. This propogates the kerberos error up the stack to the caller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-02-25 | s4:auth - make some parts "signed-safe" | Matthias Dieter Wallnöfer | 2 | -7/+8 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-02-23 | s4:cleanup remove unused schannel ldb code | Simo Sorce | 1 | -67/+0 | |
2010-02-23 | s4:schannel merge code with s3 | Simo Sorce | 2 | -22/+5 | |
After looking at the s4 side of the (s)channel :) I found out that it makes more sense to simply make it use the tdb based code than redo the same changes done to s3 to simplify the interface. Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet that does not solve the lookup speed, with ldb it is always going to be slower. Looking through the history it is evident that the schannel database doesn't really need greate expanadability. And lookups are always done with a single Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated. The schannel database is not really a persistent one. It can be discared during an upgrade without causing any real issue. all it contains is temproary session data. | |||||
2010-02-22 | Spelling fixes for source4/auth. | Brad Hards | 2 | -3/+3 | |
The comment for USER_INFO_INTERACTIVE_LOGON looks like a cut-n-paste from the line above. Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | |||||
2010-02-20 | s4:credentials Add hooks to extract a named Kerberos credentials cache | Andrew Bartlett | 5 | -63/+162 | |
This allows the integration of external tools that can't be linked into C or python, but need to authenticate as the local machine account. The machineaccountccache script demonstrates this, and debugging has been improved in cli_credentials_set_secrets() by passing back and error string. Andrew Bartlett | |||||
2010-02-16 | s4-dsdb: removed gendb_search_single_extended_dn() | Andrew Tridgell | 1 | -2/+3 | |
Use dsdb_search_one() instead, which allows for arbitrary controls Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-02-16 | s4-dsdb: added dsdb_search_one() and cleanup dsdb_find_dn_by_guid() | Andrew Tridgell | 1 | -4/+6 | |
dsdb_find_dn_by_guid() now takes a struct GUID instead of a guid_string. All the callers in fact wanted a struct GUID, so we now avoid the extra conversion. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-02-13 | s4-auth: use TYPESAFE_QSORT() in gensec | Andrew Tridgell | 1 | -1/+2 | |
2010-02-12 | s4:auth/credentials/credentials.c - Initialise the "lm_response" and ↵ | Matthias Dieter Wallnöfer | 1 | -0/+5 | |
"nt_response" structures In some cases those structures are not initialised and the whole authentication system crashes with a SIGSEGV. Bug discovered by Matthieu Patou in bug #6755. | |||||
2010-02-09 | s4:Remove "Py_RETURN_NONE" compatibility code | Matthias Dieter Wallnöfer | 2 | -8/+0 | |
This was needed only by Python 2.3 which we no longer support. | |||||
2010-01-31 | s4:kdc streamline context initialization | Simo Sorce | 2 | -37/+58 | |
Allow other plugins to init the context without having it try to grab sockets or set samba specific logging. | |||||
2010-01-29 | s4:auth_sam: avoid usage of data_blob_talloc_reference() and copy the ↵ | Stefan Metzmacher | 1 | -4/+14 | |
session keys metze | |||||
2010-01-28 | cleanup: remove trailing spaces and tabs | Simo Sorce | 1 | -37/+37 | |
2010-01-21 | s4: Fix a few warnings. | Jelmer Vernooij | 1 | -0/+1 | |
2010-01-16 | s4-kerberos: raise the general kerberos debug level to 3 | Andrew Tridgell | 1 | -1/+1 | |
level 2 for every krb request is a bit much | |||||
2010-01-12 | Strip trailing spaces | Simo Sorce | 2 | -82/+82 | |
2009-12-29 | s4:ntlmssp: remove mem_ctx from check_password() callback to match s3 | Stefan Metzmacher | 2 | -5/+2 | |
metze | |||||
2009-12-29 | s4:ntlmssp_server: always call ntlmssp_server_postauth() and decide there if ↵ | Stefan Metzmacher | 1 | -5/+11 | |
it's a noop metze | |||||
2009-12-29 | s4:ntlmssp_server: don't use a mem_ctx for ntlmssp_server_auth() | Stefan Metzmacher | 1 | -13/+7 | |
metze | |||||
2009-12-29 | s4:ntlmssp_server: don't use mem_ctx in auth_ntlmssp_check_password() | Stefan Metzmacher | 1 | -16/+8 | |
metze | |||||
2009-12-29 | s4:ntlmssp_server: clear session key in ntlmssp_server_preauth() | Stefan Metzmacher | 1 | -3/+1 | |
metze | |||||
2009-12-29 | s4:ntlmssp: use data_blob_null in ntlmssp_server_auth() | Stefan Metzmacher | 1 | -4/+6 | |
metze | |||||
2009-12-29 | s4:ntlmssp_server: remove unused variable | Stefan Metzmacher | 1 | -7/+0 | |
metze | |||||
2009-12-29 | s4:auth/ntlmssp: let get_challenge() return a NTSTATUS and fill a stack buffer | Stefan Metzmacher | 2 | -13/+13 | |
metze | |||||
2009-12-29 | dsdb: Fix dependencies when building against system ldb. | Jelmer Vernooij | 1 | -1/+1 | |
2009-12-29 | s4:auth: add auth_get_server_info_principal() prototype to auth.h | Stefan Metzmacher | 1 | -0/+5 | |
metze | |||||
2009-12-29 | s4:auth: make auth_challenge_may_be_modified() public | Stefan Metzmacher | 2 | -2/+2 | |
metze | |||||
2009-12-29 | s4:auth: remove autogenerated auth/ntlm/auth_proto.h | Stefan Metzmacher | 1 | -50/+0 | |
metze | |||||
2009-12-29 | s4:ntlmssp: fix whitespaces in ntlmssp.h | Stefan Metzmacher | 1 | -16/+16 | |
metze | |||||
2009-12-24 | s4:auth: change auth_check_password_send/recv to tevent_req | Stefan Metzmacher | 3 | -113/+143 | |
metze | |||||
2009-12-24 | s4:gensec: change gensec_update_send/recv to tevent_req | Stefan Metzmacher | 3 | -58/+83 | |
metze | |||||
2009-12-22 | s4:gensec Don't give a warning when Windows client connects with NTLM | Andrew Bartlett | 1 | -11/+20 | |
We have had the workaround for a long time, but at the time the log warnings remained. Andrew Bartlett | |||||
2009-12-22 | s4:auth Change 'get_challenge' API to be more like Samba3 | Andrew Bartlett | 7 | -34/+31 | |
It is just easier to fill in the known to be 8 byte challenge than stuff about with allocated pointers. Andrew Bartlett | |||||
2009-12-22 | s4:auth generate the prototype file in the right place | Andrew Bartlett | 1 | -1/+1 | |
2009-12-16 | s4:gensec: allow clearing local and remote address by passing NULL | Stefan Metzmacher | 1 | -0/+10 | |
metze |