summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2007-12-21r25703: Use less entropy by using the pointer value as a process-unique token.Andrew Bartlett1-10/+2
Andrew Bartlett (This used to be commit 3480dc71a9f969909b984855d546a1974593368f)
2007-12-21r25660: Add a new interface 'generate_secret_buffer()', to be used when weAndrew Bartlett1-1/+1
require top-quality entropy. We don't want to waste system enropy generating challenges (which simply need to be unpredictable, not secret) or when generating UUIDs. Rework generate_random_buffer() to use /dev/urandom less often, only to seed the existing RC4 based PRNG. (With an exception to ensure we don't waste this setup cost for very small entropy requests). Perhaps we should be using heimdal's code for this instead? This should drasticly reduce our entropy use, particularly in the build farm (automated Samba build on hosts without much other source of entropy). Andrew Bartlett (This used to be commit 6a5630d37191542022f02fae519227b7829ef620)
2007-12-21r25624: Remove ipv4_addr hack. Only causes 4 extra includes of ↵Jelmer Vernooij1-1/+1
system/network.h because we stripped down includes. (This used to be commit 262c1c23a61f1f4fae13e0a61179fe98b682cecf)
2007-10-10r25576: BOOL -> boolStefan Metzmacher2-8/+8
metze (This used to be commit 9fd96e1989e348f87355ed120786399493a9e447)
2007-10-10r25562: Use standard bool types in cyrus sasl code - patch by Julien.Jelmer Vernooij1-8/+9
(This used to be commit 4f664939af0d6ac389efebc51f2f31e9acee80b4)
2007-10-10r25552: Convert to standard bool type.Jelmer Vernooij24-285/+285
(This used to be commit b8d6b82f1248d36a0aa91a1c58d06b4f7c66d245)
2007-10-10r25543: Merge libreplace support for inet_pton, inet_ntop, getaddrinfo, ↵Jelmer Vernooij1-1/+1
getnameinfo (and friends) from SAMBA_3_2, with some minor tweaks: - avoid including network headers in replace.h unless absolutely required - autoconf tests for getaddrinfo() in lib/replace The heimdal-specific code also no longer looks for these functions anymore. (This used to be commit b6d3fd84a5d7d814035e60d6fa22f19bed9f77da)
2007-10-10r25446: Merge some changes I made on the way home from SFO:Jelmer Vernooij7-12/+15
2007-09-29 More higher-level passing around of lp_ctx. 2007-09-29 Fix warning. 2007-09-29 Pass loadparm contexts on a higher level. 2007-09-29 Avoid using global loadparm context. (This used to be commit 3468952e771ab31f90b6c374ade01c5550810f42)
2007-10-10r25430: Add the loadparm context to all parametric options.Jelmer Vernooij8-33/+33
(This used to be commit fd697d77c9fe67a00939a1f04b35c451316fff58)
2007-10-10r25428: forward declarations of enums are not portable,Stefan Metzmacher2-6/+8
so pass struct cli_credentials *cred instead of enum credentials_use_kerberos use_kerberos. metze (This used to be commit b945aaa9dadc4c0595340d35725b49bac8e5778e)
2007-10-10r25404: fix the buildStefan Metzmacher1-2/+2
metze (This used to be commit 7d58d0c0c11005ffb6c03d98d53fea7f1ccbcd07)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij14-53/+55
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25193: Update headers to easy use by external apps.Jelmer Vernooij1-0/+1
(This used to be commit 20b70fbb7af6b6759c3b8c8aa56e10944b32bfdf)
2007-10-10r25181: sync winbind client code with samba3Stefan Metzmacher1-1/+1
NOTE: wbinfo.c isn't fully merged here metze (This used to be commit eee5327dc2f79c052c2db0ca89f23cc9d2ce355d)
2007-10-10r25047: Fix more warnings.Jelmer Vernooij1-7/+8
(This used to be commit 69de86d2d2e49439760fbc61901eb87fb7fc5d55)
2007-10-10r25035: Fix some more warnings, use service pointer rather than service ↵Jelmer Vernooij9-34/+36
number in more places. (This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
2007-10-10r25027: Fix more warnings.Jelmer Vernooij1-4/+4
(This used to be commit 5085c53fcfade614e83d21fc2c1a5bc43bb2a729)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij15-0/+15
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r25005: Avoid pstring.Jelmer Vernooij1-61/+15
(This used to be commit 777959f862e6428d0bfa4a15a0f45a9bfde64821)
2007-10-10r25001: Fix more C++ and other warnings, fix some of the indentation with ↵Jelmer Vernooij1-1/+3
ts=4 lines that I accidently added earlier. (This used to be commit 0bcb21ed740fcec0f48ad36bbc2deee2948e8fc7)
2007-10-10r25000: Fix some more C++ compatibility warnings.Jelmer Vernooij8-41/+40
(This used to be commit 08bb1ef643ab906f1645cf6f32763dc73b1884e4)
2007-10-10r24994: Fix some C++ warnings.Jelmer Vernooij2-4/+4
(This used to be commit 925abf74fa1ed5ae726bae8781ec549302786b39)
2007-10-10r24814: Fix headers, trim core.h even more.Jelmer Vernooij1-2/+0
(This used to be commit 9647f860bdd5c0a74583e886182bd041a45e7655)
2007-10-10r24780: More work allowing libutil to be used by external users.Jelmer Vernooij1-8/+11
(This used to be commit 31993cf67b816a184a4a4e92ef8ca2532c797190)
2007-10-10r24730: Allow secrets entries to be for service principals.Andrew Bartlett1-6/+11
Andrew Bartlett (This used to be commit 7865d10a299a84ed42de4435b7e6400d56161ac5)
2007-10-10r24712: No longer expose the 'BOOL' data type in any interfaces.Jelmer Vernooij6-21/+21
(This used to be commit 1ce32673d960c8b05b6c1b1b99e1976a402417ae)
2007-10-10r24504: Try to return more useful error information on why a bind failed.Andrew Bartlett1-0/+5
Note that the correct return for a failed alter_context is a fault, not a bind_nak. Andrew Bartlett (This used to be commit 52cce94532edf1dd7f26e39bf3377f0077ea6792)
2007-10-10r24282: Try to fix the occasional Samba4 crash in BASE-BENCH-READWRITE, asAndrew Bartlett2-5/+10
seen in particular on opi. This looked like a Heimdal problem, but I think it was simply that we didn't do a talloc_reference() to keep tabs on the memory we were using, and in between obtaining the pointer and using it, it was assigned to unrelated memory. Andrew Bartlett (This used to be commit a650ad8b37d58ba64458a33313714d1abfc4850b)
2007-10-10r24074: Test both permitted logon hours and permitted workstations in theAndrew Bartlett1-2/+1
RPC-SAMLOGON test. This showed that, as noted by bug #4823, we didn't test for invalid workstations. In fact, the code had been ported across, but because untested code is broken code, it never worked... Andrew Bartlett (This used to be commit 5e07417ada56d189a911ef888b0c87adebe60763)
2007-10-10r24061: Anther part of bug #4823, which is that until now Samba4 didn't parseAndrew Bartlett2-1/+69
the logon hours, even if set. This code happily stolen from the great work in Samba3 :-) Andrew Bartlett (This used to be commit a4939ab629e0af0615bcecf63c7cd55e6e833505)
2007-10-10r23810: Make things static, and remove unsued code.Andrew Bartlett1-96/+0
This includes some of the original ildap ldap client API. ldb provides a much easier abstraction on this to use, and doesn't use these functions. Andrew Bartlett (This used to be commit dc27a7e41c297472675e8c251bb14327a1af3902)
2007-10-10r23801: The FSF has moved around a lot. This fixes their Mass Ave address.Andrew Tridgell1-2/+1
(This used to be commit 5c9b19271e0e3ad897499707003ce4703ffa4870)
2007-10-10r23798: updated old Temple Place FSF addresses to new URLAndrew Tridgell1-2/+1
(This used to be commit 40c0919aaa9c1b14bbaebb95ecce53eb0380fdbb)
2007-10-10r23795: more v2->v3 conversionAndrew Tridgell2-2/+2
(This used to be commit 84b468b2f8f2dffda89593f816e8bc6a8b6d42ac)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell46-138/+92
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23680: Make it easier to setup a domain member server - the 'server role'Andrew Bartlett3-6/+31
will now control the auth methods, but an override is still available, ex: auth methods:domain controller = <methods> Andrew Bartlett (This used to be commit b7e727186ed8eda6a68c873e089f655dc24fe8ae)
2007-10-10r23455: These buffers may not be null terminated. Ensure we don't run past theAndrew Bartlett1-1/+12
end of teh buffer printing the error strings. Andrew Bartlett (This used to be commit 37e7070ca92e2f48fa02f7fd6736e5b26520f559)
2007-10-10r23311: Updating the samba4 winbind protocol to version 18.Kai Blin1-10/+10
nsswitch/winbindd_nss.h is just copied from SAMBA_3_0. nsswitch/winbind_nss_config.h is copied from SAMBA_3_0, too, but I had to drop some of the defines to make things build again. Kai (This used to be commit 553b7e146f52975b45941ba850140e312a280513)
2007-10-10r23136: Set the event context onto the credentials in more places.Andrew Bartlett1-0/+1
This helps ensure that the kerberos code uses the right event context. Andrew Bartlett (This used to be commit cbdce358ae8f86c9b76a50537b931e56b07ee213)
2007-10-10r23132: Resolve an issue where we would use the ccache after we free()ed it.Andrew Bartlett2-31/+64
The problem was, we would set the ccache, then invalidate it as we set details from it (like the principal name from the ccache). Instead, set the ccache onto the credentials structure after we are done processing it. Andrew Bartlett (This used to be commit d285bd927c604d930fc44cc84ef3321aa4ce9d9a)
2007-10-10r23063: Make sure to invalidate the ccache when we set aAndrew Bartlett3-6/+70
username/password/realm/etc from the command line. Also make sure it can't 'come back' from a later call to cli_credentials_guess(), buy setting a threshold. This should fix the issues with the build farm... Andrew Bartlett (This used to be commit 3b1dfb9306beb9f40d85d38cf6786ef161ec63f1)
2007-10-10r23036: error checking on asn1_init() failureAndrew Tridgell2-2/+22
(This used to be commit 26cf8494084c0106ef0e1c9b6ef40eeadf945ef2)
2007-10-10r23034: Thanks to metze for providing some vital clues in the 'kerberos ccacheAndrew Bartlett1-2/+6
on credentials don't do anything' bug. The problem was simple, we didn't set the ccache as having been initialised, so we always created a new one. Andrew Bartlett (This used to be commit ec2014f08b0845bc8aa0e8e6713bc4b21f430811)
2007-10-10r23030: finally fixed up our asn1 code to use better memory allocation. ThisAndrew Tridgell3-75/+68
should allow us to fix some long standing memory leaks. (This used to be commit 3db49c2ec9968221c1361785b94061046ecd159d)
2007-10-10r22990: free temporary memory also on success...Stefan Metzmacher1-0/+1
metze (This used to be commit 876a6ef4857a73987d1eba127161993cf07a613b)
2007-10-10r22987: Clarify how the events are handled in the kerberos code, andAndrew Bartlett1-7/+17
standardise with the rest of the code. Andrew Bartlett (This used to be commit 3aa9d70723d4377d29e33281b640499193b06c69)
2007-10-10r22969: fix some more places where we could end up with more than one eventAndrew Tridgell6-4/+31
context. We now have an event context on the torture_context, and we can also get one from the cli_credentials structure (This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
2007-10-10r22967: Move to the TCP packet interface for the krb5_send_to_kdc plugin.Andrew Bartlett1-108/+95
This replaces a lump of hand-crafted code with the generic packet system used in the rest of Samba4. (I started this while chasing down the epoll bug, which turned out to be seperate) (This used to be commit 2a7dec4e5dc453f509493f80fc1270416f30a36e)
2007-10-10r22966: Make sure to return LOGON_FAILURE if the user's kerberos password isAndrew Bartlett3-6/+15
incorrect. Andrew Bartlett (This used to be commit 9dc6f36e43170bc5bf4f94d893b5a3689460d237)
2007-10-10r22961: use EVENT_FD_AUTOCLOSE and SOCKET_FLAG_NOCLOSE to fix up some hairyAndrew Tridgell1-1/+4
problems with order of socket closing in krb5 (This used to be commit 46a7d83c2b49798c6c5389c13ec2b9785c47b85b)