summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2011-02-09s4-auth Fix setting of bad_password_count in ↵Andrew Bartlett1-1/+1
auth_convert_user_info_dc_sambaseinfo() Discovered during the convertion to auth_user_info. Andrew Bartlett
2011-02-09s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett22-666/+705
This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
2011-02-09s4-auth Add auth.idl to encode auth subsystem structures in IDLAndrew Bartlett1-0/+1
This is not only a useful way to encode stuff, it also allows python to handle the structures, and natrually allows them to be NDR encoded. Andrew Bartlett
2011-02-08pam: share pam errors in a common location.Günther Deschner4-166/+1
Guenther
2011-02-02s4-python Ensure we add the Samba python path first.Andrew Bartlett1-1/+1
This exact form of the construction is important, and we match on it in the installation scripts. Andrew Bartlett
2011-01-30s4:auth/pyauth.c - temporarily add compatibility code for Python 2.4Matthias Dieter Wallnöfer1-0/+11
This patch has been commited by request of Jelmer. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Jan 30 19:07:57 CET 2011 on sn-devel-104
2011-01-20s4-auth Remove special case for account_sid from auth_serversupplied_infoAndrew Bartlett8-222/+206
This makes everything reference a server_info->sids list, which is now a struct dom_sid *, not a struct dom_sid **. This is in keeping with the other sid lists in the security_token etc. In the process, I also tidy up the talloc tree (move more structures under their logical parents) and check for some possible overflows in situations with a pathological number of sids. Andrew Bartlett
2011-01-20s4-gensec Add prototype for gensec_ntlmssp_init()Andrew Bartlett1-0/+2
Andrew Bartlett
2011-01-20libcli/auth move ntlmssp_wrap() and ntlmssp_unwrap() into common code.Andrew Bartlett1-123/+12
The idea here is to allow the source3/libads/sasl.c code to call this instead of the lower level ntlmssp_* functions. Andrew Bartlett
2011-01-19s4-pyauth Fix AuthContext wrapperAndrew Bartlett1-2/+13
2011-01-19s4-auth Allow NULL methods to be specified to auth_context_create_methods()Andrew Bartlett1-14/+3
This allows us to init an auth context that isn't going to do any NTLM authentication, but is used by other subsystems. Andrew Bartlett
2011-01-19s4-gensec Remove special case 'for SASL' that is not required any more.Andrew Bartlett1-13/+0
I've examined the code paths involved, and it appears an alternative fix has been made in the ldap_server/ldap_bind.c code, and there is no code path that uses this behaviour. Andrew Bartlett
2011-01-19pygensec: remove special case handling for None for buffersAndrew Tridgell1-35/+28
always returning a buffer makes life easier for callers Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-18s4-gensec Extend python bindings for GENSEC and the associated testAndrew Bartlett1-21/+223
This now tests a real GENSEC exchange, including wrap and unwrap, using GSSAPI. Therefore, it now needs to access a KDC. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Jan 18 11:41:26 CET 2011 on sn-devel-104
2011-01-18s4-auth Extend python bindings to allow ldb and message to be specifiedAndrew Bartlett3-11/+61
This will allow for some more tokenGroups tests in future. Andrew Bartlett
2011-01-18s4-pygensec Fix indentation of py_gensec_start_mech_by_name()Andrew Bartlett1-11/+11
2011-01-18s4-pygensec Add bindings for server_start() and update()Andrew Bartlett1-4/+96
2011-01-18s4-pyauth Add bindings for auth_context_create() as AuthContext()Andrew Bartlett2-1/+81
2011-01-18s4-pyauth Use py_talloc_get_type() for greater talloc binding safetyAndrew Bartlett2-12/+15
This does a talloc check of the returned pointer before casting it. Andrew Bartlett
2011-01-18s4-gensec Don't steal the auth_context, reference it.Andrew Bartlett2-6/+17
We don't want to steal this pointer away from the caller if it's been set up from python. Andrew Bartlett
2011-01-15s4:auth/ntlm/auth_sam.c - fix call to "get_server_info_principal"Matthias Dieter Wallnöfer1-7/+7
This should obviously point to the wrapper not the call itself. Found out by Tru64 host build warning. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Jan 15 18:05:59 CET 2011 on sn-devel-104
2011-01-14s4-auth: fixed status return Andrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-01-14s4-auth Add get and set methods for auth_session_info python wrapperAndrew Bartlett2-7/+73
This allows the session key, security_token and credentials to be manipulated from python. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2011-01-14s4-auth Add function to obtain any user's session_info from a given LDBAndrew Bartlett6-81/+209
This will be a building block for a tokenGroups test, which can compare against a remote server (in particular the rootDSE) against what we would calculate the tokenGroups to be. (this meant moving some parts out of the auth_sam code into the containing library) Andrew Bartlett
2011-01-14s4-auth use new dsdb_expand_nested_groups()Andrew Bartlett2-152/+11
This isn't quite as good as using tokenGroups, but that is only available for BASE searches, and this isn't how the all the callers work at the moment. Andrew Bartlett
2011-01-03s4:gensec/schannel: use netsec_outgoing_sig_size() to get the signature sizeStefan Metzmacher1-1/+6
metze
2011-01-01heimdal_build: Add missing dependencies when building with system heimdal.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Jan 1 04:46:35 CET 2011 on sn-devel-104
2010-12-21s4:auth/session.h - use a forward declaration for type "struct ldb_context"Matthias Dieter Wallnöfer1-1/+1
And remove the now obsolete one for "struct tevent_context" Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Dec 21 11:17:34 CET 2010 on sn-devel-104
2010-12-21s4-auth Ensure that we always copy across domain groupsAndrew Bartlett1-13/+13
Even if we can't calculate the local groups (because we don't have a local SAM to do it with) we still need to include the domain groups in the session_info token. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Dec 21 05:56:22 CET 2010 on sn-devel-104
2010-12-21s4-auth Remove duplicate copies of session_info creation codeAndrew Bartlett3-153/+24
We now just do or do not call into LDB based on some flags. This means there may be some more link time dependencies, but we seem to deal with those better now. Andrew Bartlett
2010-12-21s4-auth rework session_info handling not to require an auth contextAndrew Bartlett4-13/+26
This reverts a previous move to have this based around the auth subsystem, which just spread auth deps all over unrelated code. Andrew Bartlett
2010-12-21s4-auth Remove event context from privilage database handlingAndrew Bartlett1-1/+0
These local TDB operations can quite safely be handled in a new/nested event context, rather than using the main event context. Andrew Bartlett
2010-12-21s4-auth Remove obsolete commentAndrew Bartlett1-7/+0
The code that this referred to went away in September with 7dbfeb0dc040889244a1110940af2d070f823374 Andrew Bartlett
2010-12-21s4:auth/gensec/spnego.c - remove unused variable "principal"Matthias Dieter Wallnöfer1-1/+0
2010-12-14s4:gensec/spnego: only look at the optimistic token if we support the first mechStefan Metzmacher1-4/+20
As a server only try the mechs the client proposed and only call gensec_update() with the optimistic token for the first mech in the list. If the server doesn't support the first mech we pick the first one in the clients list we also support. That's how w2k8r2 works. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Dec 14 16:50:50 CET 2010 on sn-devel-104
2010-12-11s4-smbtorture: Make test names lowercase and dot-separated.Jelmer Vernooij1-2/+1
This is consistent with the test names used by selftest, should make the names less confusing and easier to integrate with other tools. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 11 04:16:13 CET 2010 on sn-devel-104
2010-12-09s4-spnego Match Windows 2008, and no longer supply a name in the CIFS NegprotAndrew Bartlett1-10/+1
Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 9 08:50:28 CET 2010 on sn-devel-104
2010-12-08s4-pkgconfig: add @LIB_RPATH@ to our link flagsAndrew Tridgell1-1/+1
this is only set when rpath is used on install. It ensures that applications that link against Samba libraries get the rpath right Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Dec 8 12:46:00 CET 2010 on sn-devel-104
2010-12-08s4-spnego use "not_defined_in_RFC4178@please_ignore" if no principal specifiedAndrew Bartlett1-0/+2
We need to make this the default, but for now just send it if we have not been given a target principal. Andrew Bartlett
2010-12-08libcli/auth bring ADS_IGNORE_PRINCIPAL in commonAndrew Bartlett1-1/+2
2010-12-04s4:auth/gensec/gensec_krb5.c - fix/reorder memory free operationsMatthias Dieter Wallnöfer1-3/+15
To prevent memory leaks
2010-12-04s4:auth/gensec/gensec_krb5.c - remove a pointless "nt_status" testMatthias Dieter Wallnöfer1-8/+3
There is no operation which sets the "nt_status" before the "if".
2010-12-04s4:auth/kerberos/kerberos_pac.c - fix another memory leak regarding the KRB ↵Matthias Dieter Wallnöfer1-1/+4
principal In addition fix a counter type Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Dec 4 15:14:46 CET 2010 on sn-devel-104
2010-12-04s4:dsdb/common/util_samr.c and auth/sam.c - fix error messageMatthias Dieter Wallnöfer1-1/+1
2010-12-03s4:auth/sam.c - when printing out a string buffer we don't strictly need the ↵Matthias Dieter Wallnöfer1-2/+2
width The precision (maximum numbers of characters) should be enough. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Dec 3 10:26:39 CET 2010 on sn-devel-104
2010-12-03s4:auth/sam.c - the check for the SAMDB needs to be on the top of the callMatthias Dieter Wallnöfer1-6/+5
Otherwise it's really useless.
2010-12-03s4:auth/sam.c - fix the free of memory contextsMatthias Dieter Wallnöfer1-1/+1
"tmp_ctx" needs always to be freed ("res" is freed implicitly)
2010-12-03s4:auth/sam.c - specify the SID ignore case betterMatthias Dieter Wallnöfer1-1/+7
As per suggestion by metze.
2010-12-02s4:auth/sam.c-"authsam_expand_nested_groups" - don't fail if we've ↵Matthias Dieter Wallnöfer1-4/+4
memberships on non-SAM objects This can be expected (think at a membership of a "groupOfNames" group) and we shouldn't blame about it. This fixes a bug reported on the technical mailing list. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Dec 2 17:17:56 CET 2010 on sn-devel-104
2010-12-01pygensec: Fix initialization.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Wed Dec 1 02:33:06 CET 2010 on sn-devel-104