summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2011-01-14s4-auth Add get and set methods for auth_session_info python wrapperAndrew Bartlett2-7/+73
This allows the session key, security_token and credentials to be manipulated from python. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2011-01-14s4-auth Add function to obtain any user's session_info from a given LDBAndrew Bartlett6-81/+209
This will be a building block for a tokenGroups test, which can compare against a remote server (in particular the rootDSE) against what we would calculate the tokenGroups to be. (this meant moving some parts out of the auth_sam code into the containing library) Andrew Bartlett
2011-01-14s4-auth use new dsdb_expand_nested_groups()Andrew Bartlett2-152/+11
This isn't quite as good as using tokenGroups, but that is only available for BASE searches, and this isn't how the all the callers work at the moment. Andrew Bartlett
2011-01-03s4:gensec/schannel: use netsec_outgoing_sig_size() to get the signature sizeStefan Metzmacher1-1/+6
metze
2011-01-01heimdal_build: Add missing dependencies when building with system heimdal.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Jan 1 04:46:35 CET 2011 on sn-devel-104
2010-12-21s4:auth/session.h - use a forward declaration for type "struct ldb_context"Matthias Dieter Wallnöfer1-1/+1
And remove the now obsolete one for "struct tevent_context" Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Dec 21 11:17:34 CET 2010 on sn-devel-104
2010-12-21s4-auth Ensure that we always copy across domain groupsAndrew Bartlett1-13/+13
Even if we can't calculate the local groups (because we don't have a local SAM to do it with) we still need to include the domain groups in the session_info token. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Dec 21 05:56:22 CET 2010 on sn-devel-104
2010-12-21s4-auth Remove duplicate copies of session_info creation codeAndrew Bartlett3-153/+24
We now just do or do not call into LDB based on some flags. This means there may be some more link time dependencies, but we seem to deal with those better now. Andrew Bartlett
2010-12-21s4-auth rework session_info handling not to require an auth contextAndrew Bartlett4-13/+26
This reverts a previous move to have this based around the auth subsystem, which just spread auth deps all over unrelated code. Andrew Bartlett
2010-12-21s4-auth Remove event context from privilage database handlingAndrew Bartlett1-1/+0
These local TDB operations can quite safely be handled in a new/nested event context, rather than using the main event context. Andrew Bartlett
2010-12-21s4-auth Remove obsolete commentAndrew Bartlett1-7/+0
The code that this referred to went away in September with 7dbfeb0dc040889244a1110940af2d070f823374 Andrew Bartlett
2010-12-21s4:auth/gensec/spnego.c - remove unused variable "principal"Matthias Dieter Wallnöfer1-1/+0
2010-12-14s4:gensec/spnego: only look at the optimistic token if we support the first mechStefan Metzmacher1-4/+20
As a server only try the mechs the client proposed and only call gensec_update() with the optimistic token for the first mech in the list. If the server doesn't support the first mech we pick the first one in the clients list we also support. That's how w2k8r2 works. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Dec 14 16:50:50 CET 2010 on sn-devel-104
2010-12-11s4-smbtorture: Make test names lowercase and dot-separated.Jelmer Vernooij1-2/+1
This is consistent with the test names used by selftest, should make the names less confusing and easier to integrate with other tools. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 11 04:16:13 CET 2010 on sn-devel-104
2010-12-09s4-spnego Match Windows 2008, and no longer supply a name in the CIFS NegprotAndrew Bartlett1-10/+1
Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 9 08:50:28 CET 2010 on sn-devel-104
2010-12-08s4-pkgconfig: add @LIB_RPATH@ to our link flagsAndrew Tridgell1-1/+1
this is only set when rpath is used on install. It ensures that applications that link against Samba libraries get the rpath right Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Dec 8 12:46:00 CET 2010 on sn-devel-104
2010-12-08s4-spnego use "not_defined_in_RFC4178@please_ignore" if no principal specifiedAndrew Bartlett1-0/+2
We need to make this the default, but for now just send it if we have not been given a target principal. Andrew Bartlett
2010-12-08libcli/auth bring ADS_IGNORE_PRINCIPAL in commonAndrew Bartlett1-1/+2
2010-12-04s4:auth/gensec/gensec_krb5.c - fix/reorder memory free operationsMatthias Dieter Wallnöfer1-3/+15
To prevent memory leaks
2010-12-04s4:auth/gensec/gensec_krb5.c - remove a pointless "nt_status" testMatthias Dieter Wallnöfer1-8/+3
There is no operation which sets the "nt_status" before the "if".
2010-12-04s4:auth/kerberos/kerberos_pac.c - fix another memory leak regarding the KRB ↵Matthias Dieter Wallnöfer1-1/+4
principal In addition fix a counter type Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Dec 4 15:14:46 CET 2010 on sn-devel-104
2010-12-04s4:dsdb/common/util_samr.c and auth/sam.c - fix error messageMatthias Dieter Wallnöfer1-1/+1
2010-12-03s4:auth/sam.c - when printing out a string buffer we don't strictly need the ↵Matthias Dieter Wallnöfer1-2/+2
width The precision (maximum numbers of characters) should be enough. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Dec 3 10:26:39 CET 2010 on sn-devel-104
2010-12-03s4:auth/sam.c - the check for the SAMDB needs to be on the top of the callMatthias Dieter Wallnöfer1-6/+5
Otherwise it's really useless.
2010-12-03s4:auth/sam.c - fix the free of memory contextsMatthias Dieter Wallnöfer1-1/+1
"tmp_ctx" needs always to be freed ("res" is freed implicitly)
2010-12-03s4:auth/sam.c - specify the SID ignore case betterMatthias Dieter Wallnöfer1-1/+7
As per suggestion by metze.
2010-12-02s4:auth/sam.c-"authsam_expand_nested_groups" - don't fail if we've ↵Matthias Dieter Wallnöfer1-4/+4
memberships on non-SAM objects This can be expected (think at a membership of a "groupOfNames" group) and we shouldn't blame about it. This fixes a bug reported on the technical mailing list. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Dec 2 17:17:56 CET 2010 on sn-devel-104
2010-12-01pygensec: Fix initialization.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Wed Dec 1 02:33:06 CET 2010 on sn-devel-104
2010-12-01pyauth: Use talloc.Object.Jelmer Vernooij1-3/+5
2010-12-01pygensec: Use talloc.Object.Jelmer Vernooij1-1/+4
2010-12-01pycredentials: Use talloc.Object.Jelmer Vernooij1-2/+5
2010-11-29s4:auth/gensec/gensec_tstream.c - quiet warnings on Solaris "cc"Matthias Dieter Wallnöfer1-2/+2
2010-11-29s4:auth/ntlmssp/ntlmssp_server.c - remove unnecessary ";"Matthias Dieter Wallnöfer1-1/+1
2010-11-29s4:auth/gensec/gensec_gssapi.c - always print error messages on the same ↵Matthias Dieter Wallnöfer1-2/+2
talloc context
2010-11-28s4-tests/bind.py: Use samba.tests.connect_samdb() instead of directly using ↵Kamen Mazdrashki1-7/+10
SamDB class connect_samdb() functino will correctly handle things like: - session_info param - it will create system_session() using supplied LoadParm parameter and thus avoiding creation of multiple LoadParm instances (LoadParm() will mask certain command line supplied options) - host url will be prefixed with ldap:// automatically Autobuild-User: Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date: Sun Nov 28 03:00:41 CET 2010 on sn-devel-104
2010-11-25s4-tests: Modified bind.py to use samba.tests.delete_forceNadezhda Ivanova1-7/+2
2010-11-22Avoid the use of PyAPI_DATA, which is for internal Python API's.Arnaud Faucher1-2/+2
Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Nov 22 00:52:56 CET 2010 on sn-devel-104
2010-11-17s4-gensec: zero the gssapi_stateAndrew Tridgell1-1/+1
this fixes a use of the target_principal before initialisation Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-15s4-gensec Indicate if GENSEC is in client or server mode in the debugAndrew Bartlett1-2/+4
2010-11-15auth/ntlm: Use name consistent with other service names.Jelmer Vernooij1-1/+1
2010-11-15auth/gensec Handle incorrect username or password in Kerberos client codeAndrew Bartlett2-0/+3
Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Nov 15 02:09:40 UTC 2010 on sn-devel-104
2010-11-14s4-auth: fixed infinite loop in krb5 authAndrew Tridgell1-1/+1
we were continually trying the first address returned, instead of moving to the next address Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sun Nov 14 04:11:28 UTC 2010 on sn-devel-104
2010-11-14s4-auth: fixed crash in krb5 authAndrew Tridgell1-2/+1
remote_addr was used after free
2010-11-13s4-test: we need to import testtools before subunit/pythonAndrew Tridgell1-1/+1
subunit/python depends on testtools Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sat Nov 13 02:02:45 UTC 2010 on sn-devel-104
2010-11-11s4/test: Expand BindTestAnatoliy Atanasov1-20/+60
The test now binds with user@realm, domain\user, user dn, computer dn Autobuild-User: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> Autobuild-Date: Thu Nov 11 16:15:30 UTC 2010 on sn-devel-104
2010-11-08s4-auth Supply more useful error messages on Kerberos failureAndrew Bartlett3-13/+28
The practice of returning only NT_STATUS_INVALID_PARAMETER hasn't helped our users to debug problems effectivly, and so we now return more errors and try and give a more useful debug message when then happen. Andrew Bartlett
2010-11-08s4-auth Fix typos in samba4 auth codeBrad Hards1-7/+7
2010-11-07credentials: Lowercase library name,Jelmer Vernooij5-20/+20
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Nov 7 01:48:44 UTC 2010 on sn-devel-104
2010-11-07samdb: Lowercase library name.Jelmer Vernooij2-5/+5
2010-11-05s4-kerberos Mention the remote address we fail to contact the KDC onAndrew Bartlett1-1/+10