summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r17222: Change the function prototypes for the GENSEc and TLS socket creationAndrew Bartlett2-38/+66
routines to return an NTSTATUS. This should help track down errors. Use a bit of talloc_steal and talloc_unlink to get the real socket to be a child of the GENSEC or TLS socket. Always return a new socket, even for the 'pass-though' case. Andrew Bartlett (This used to be commit 003e2ab93c87267ba28cd67bd85975bad62a8ea2)
2007-10-10r17197: This patch moves the encryption of bulk data on SASL negotiated securityAndrew Bartlett4-18/+503
contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett (This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
2007-10-10r17173: Check for oversize output, not oversize input, and fix the GSSAPI mechAndrew Bartlett1-10/+11
to work (it broke it in the previous commit). Andrew Bartlett (This used to be commit e96638bc74f0752ce8af6626a04c92d48b917ffe)
2007-10-10r17171: Add a gensec function to determine the maximum negotiated buffer size,Andrew Bartlett3-34/+134
and the maximum amount of user data that may be fitted into that. This is used in the new SASL code, to correctly honour SASL buffer sizes. Andrew Bartlett (This used to be commit cbbe99d9c1f0262e67a495fb098cacc09fd78e05)
2007-10-10r17170: Catch some more out-of-memory cases, and provide some clues whenAndrew Bartlett1-7/+18
chasing down bad signatures that may be due to data truncation. Andrew Bartlett (This used to be commit d304760d3d909e55cbf2c744cdb2b4137f74b81b)
2007-10-10r16961: Merge 'seperate policy from logic' changes from Samba3. The 56-bitAndrew Bartlett3-4/+12
flag is handled just like all the others. Also negotiate the unknown 0x02000000 flag, to match windows. Andrew Bartlett (This used to be commit 1d0befdb681ed9974d1bdff46ce56353552ee0e0)
2007-10-10r16829: Fix a number of issues raised by the IBM checker, or gcc warnings.Andrew Bartlett1-2/+3
In particular, this removes one use of the LDB_DN_NULL_FAILED macro, which was being used on more than DNs, had an embedded goto, and confused the IBM checker. In the password_hash code, ensure that sambaAttr is not, before checking the number of values. In GENSEC, note that this switch value can't occour. This seems to be the only way to quiet both the IBM checker and gcc, as well as cope with possibly invalid inputs. Andrew Bartlet (This used to be commit 3e58350ec2ab883795b1dd03ac46a3520cac67d0)
2007-10-10r16569: - use push_string()Stefan Metzmacher1-4/+4
metze (This used to be commit f099fcb6e3a38d6df22cb3a0c7c666333e41f11b)
2007-10-10r16516: Get rid of file_exists() as there already is a file_exist().Jelmer Vernooij1-1/+1
(This used to be commit c4b3c2b18c6df43c8a4808fab72bc45439ba9421)
2007-10-10r16238: Use a baseDN for the auth_sam searches, to allow continued functionAndrew Bartlett2-7/+11
with partitions. Also fix some debug messages. Andrew Bartlett (This used to be commit a2441ae99a6c3b4bf40f5369477a9bc0f3019c34)
2007-10-10r16218: If a connection is forced as 'anonymous', don't treat it asAndrew Bartlett1-2/+2
'authentication requested'... Andrew Bartlett (This used to be commit d5fc88c93697dbcab13b2356ef4e5d1d2a7d59eb)
2007-10-10r16100: Patch from Michael Wood <mwood@icts.uct.ac.za>: s/then/than/ for ↵Gerald Carter1-1/+1
correct grammar (This used to be commit 26a2fa97e4c819e630bc9b50e11c8d5328c7b8c8)
2007-10-10r16056: Fix errors found by trying to use our kpasswd server and the Apple ↵Andrew Bartlett1-1/+1
client. Andrew Bartlett (This used to be commit ae2913898c983dcba69b5d0b89c428e450e9bf5f)
2007-10-10r15988: try to fix the build on au2 IRIX 6.4Stefan Metzmacher1-1/+1
metze (This used to be commit 9e93e6f5fb654e4162bbc039306a4b79003e22d7)
2007-10-10r15876: Fix build on IPv6-less systems.Jelmer Vernooij1-0/+2
(This used to be commit 180925659fad50ff82693284587ae4e735458c6b)
2007-10-10r15853: started the process of removing the warnings now thatAndrew Tridgell5-25/+17
talloc_set_destructor() is type safe. The end result will be lots less use of void*, and less calls to talloc_get_type() (This used to be commit 6b4c085b862c0932b80b93e316396a53b993544c)
2007-10-10r15702: Fix typoJelmer Vernooij1-1/+1
(This used to be commit 26442023d12760828acd8b6e2a1dedeaf4e96958)
2007-10-10r15572: Trim build/m4/rewrite.m4 a bit more, remove unused tests.Jelmer Vernooij1-0/+2
(This used to be commit d72c5c8f755277eb22e1f6834d98202f00c09934)
2007-10-10r15511: Using this name causes less warnings on the IBM checker, due to usingAndrew Bartlett1-3/+5
the original, rather than equivilant, enum type. Andrew Bartlett (This used to be commit 3d43e458a828801a294e56a1aeb74a4d7cbf9f23)
2007-10-10r15501: Allow interactive password prompting on kerberos as well.Andrew Bartlett1-0/+7
Andrew Bartlett (This used to be commit 7003c3e8dee2d2bfc391875d90eb747616cb361a)
2007-10-10r15498: Initialise the callback_running field, and get the flag set/clear theAndrew Bartlett1-4/+5
right way around for all the callers. Andrew Bartlett (This used to be commit f9bcfb04aa3ec93eed7076dbb1fed50cf1edb424)
2007-10-10r15485: This 'fake' GSSAPI doesn't do the extra SASL negotiation correctly, soAndrew Bartlett1-1/+0
don't attribute the GSSAPI SASL mech to it. Andrew Bartlett (This used to be commit 23a4db28ed825bc8c45e5f704137a72386394f45)
2007-10-10r15426: Implement SPNEGO as the default RPC authentication mechanism. WhereAndrew Bartlett1-0/+9
this isn't supported, fallback to NTLM. Also, where we get a failure as 'logon failure', try and do a '3 tries' for the password, like we already do for CIFS. (Incomplete: needs a mapping between RPC errors and the logon failure NTSTATUS). Because we don't yet support Kerberos sign/seal to win2k3 SP1 for DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos isn't demanded. Andrew Bartlett (This used to be commit b3212d1fb91b26c1d326a289560106dffe1d2e80)
2007-10-10r15422: Fix issues with functions being called recursively in the credentialsJelmer Vernooij2-6/+27
callback code. (This used to be commit edf0701e877592695bd69124e528338c27f24efd)
2007-10-10r15421: Correct function comments.Andrew Bartlett1-4/+3
Andrew Bartlett (This used to be commit f9899277898ee7ef1118cbc49f5f277623ff7444)
2007-10-10r15420: Add a new function to print a the 'unparsed' string format for ↵Andrew Bartlett1-3/+37
usernames. This is used in the password prompt, and should be reversable by the parse string function. Also, don't look at the ccache, even for the guess code, if kerberos is disabled. Andrew Bartlett (This used to be commit 4c4b8e4b396ca44270a0456c732d3b9c3c34d69d)
2007-10-10r15415: Use Jelmer's new credentials 'wrong password' code to give the user 3Andrew Bartlett1-1/+3
attempts for the password, when talking to a remote CIFS server. Andrew Bartlett (This used to be commit 3a4ddc8f5978210ab3ad79f0332cee80a0d6e6c9)
2007-10-10r15414: Support retrying different username/password combinationsJelmer Vernooij2-1/+26
(This used to be commit 5de894fb8bac8efa5bff004dbfc2e8b386d4003b)
2007-10-10r15384: Improve naming of socket library, disable Requires(.private)? fields ↵Jelmer Vernooij1-1/+1
in pkg-config files for now as they break external projects. (This used to be commit f919fd6655f00361691e676d260bd40e0b8ddcc7)
2007-10-10r15379: Fix shared library build's unresolved dependenciesJelmer Vernooij2-2/+2
(This used to be commit 0fafa2e59566f8f892d7dfd7dd33d0100b96a780)
2007-10-10r15373: Rename SOCKET to LIBSAMBA-SOCKET to prevent name clashes with ↵Jelmer Vernooij1-1/+1
-lsocket on SUN boxes. (This used to be commit c95ad11307dc89384c10bd5919817bf12d9c1ed9)
2007-10-10r15366: Use type name rather then typedef directly - fixes build on tccJelmer Vernooij1-1/+1
(This used to be commit 76c5f377204ad158b03641258a4645a9d487fee8)
2007-10-10r15363: Fix dependencies for shared libraryJelmer Vernooij2-4/+4
(This used to be commit f2ca71f1229f4c20296895116c09bacbd6a53b55)
2007-10-10r15356: Remove unused 'flags' argument from socket_send() and friends.Andrew Bartlett1-4/+4
This is in preperation for making TLS a socket library. Andrew Bartlett (This used to be commit a312812b92f5ac7e6bd2c4af725dbbbc900d4452)
2007-10-10r15330: Add comment for IBM checker.Andrew Bartlett1-2/+1
Andrew Bartlett (This used to be commit d2832a849dd570a6cc1b49d8071735270b2fb83f)
2007-10-10r15328: Move some functions around, remove dependencies.Jelmer Vernooij2-2/+0
Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
2007-10-10r15313: Fix some dependencies in dso modeJelmer Vernooij1-1/+1
(This used to be commit f0afe9e2ff16515df1b3226b479b19ea3e9c3d0c)
2007-10-10r15304: Fix smbd build, more updates on getting --enable-dso to build againJelmer Vernooij3-10/+5
(This used to be commit 3ef9326386ba1c210166302cbcf02d2ed3f19944)
2007-10-10r15298: Fix the build using a few hacks in the build system.Jelmer Vernooij8-450/+494
Recursive dependencies are now forbidden (the build system will bail out if there are any). I've split up auth_sam.c into auth_sam.c and sam.c. Andrew, please rename sam.c / move its contents to whatever/wherever you think suits best. (This used to be commit 6646384aaf3e7fa2aa798c3e564b94b0617ec4d0)
2007-10-10r15297: Move create_security_token() to samdb as it requires SAMDB (and the ↵Jelmer Vernooij8-19/+16
rest of LIBSECURITY doesn't) Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal Some other dependency fixes (This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
2007-10-10r15274: Drop default EXT_LIB_ prefix for external libraries. Fixes issues ↵Jelmer Vernooij3-5/+5
with local (empty) libpopt.a overriding global one (This used to be commit 2f06305e53478e5030c24550954f221a9a97c83f)
2007-10-10r15258: Another attempt at fixing getaddrinfo on IRIXJelmer Vernooij1-0/+1
(This used to be commit 13d0cec018185d768b762ff3afc0224f307b8112)
2007-10-10r15256: Use libroken's getaddrinfo if it is not provided by the system. ShouldJelmer Vernooij2-1/+2
get the build on IRIX a bit further. (This used to be commit 47d1baf0cf719dbb1113a79bba50d4075eb06411)
2007-10-10r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacementJelmer Vernooij5-11/+11
for REQUIRED_SUBSYSTEMS. (This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
2007-10-10r15000: Move some more autoconf tests out of build/m4/rewrite.m4Jelmer Vernooij1-0/+6
Guarantee availability of __FUNCTION__ in libreplace (This used to be commit 76b1576541210f2bb306ae17e0876b254e8dcead)
2007-10-10r14977: more IBM checker fixesAndrew Tridgell1-0/+1
(This used to be commit cd106509b664e9ca53419a62550b256b7e5bde3c)
2007-10-10r14975: use the magic comment recognised by the IBM checker for deliberateAndrew Tridgell1-1/+1
fall through in switch (This used to be commit babf747cfdd7b5b03e89ade151e6fece4cf23dce)
2007-10-10r14952: Make sure the auth subsystem gets initialized if a gensec module ↵Jelmer Vernooij4-3/+22
needs it. (This used to be commit ecf84248b48783fb0ccbeff4d37d930b21fb96df)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher4-4/+4
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14837: fixed build errorAndrew Tridgell1-1/+2
(This used to be commit 23724bfd24b051c4096ac49c52c2cd31389340be)