summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2012-01-30s4-auth: Return NT_STATUS_NOT_IMPLEMENTED if the challenge cannot be obtainedAndrew Bartlett1-1/+1
2012-01-30auth: Make check_password and generate_session_info hook genericAndrew Bartlett3-21/+51
gensec_ntlmssp does not need to know the internal form of the struct user_info_dc or auth_serversupplied_info. This will allow the calling logic to be put in common. Andrew Bartlett
2012-01-20s4:auth/gensec: make sure GSS_C_CONF_FLAG implies GSS_C_INTEG_FLAGStefan Metzmacher1-0/+1
metze
2012-01-13auth/gensec: move spnego.c to the toplevelStefan Metzmacher2-1411/+0
metze
2012-01-13auth/gensec: common helper functions should be in gensec_util.cStefan Metzmacher1-107/+0
This makes the dependencies easier to handle. metze
2012-01-13s4:auth/gensec: inline packet_full_request_u32()Stefan Metzmacher1-1/+9
This removes the dependency to s4 specific code. metze
2012-01-13s4:auth/gensec: fix compiler warnings in spnego.cStefan Metzmacher1-3/+0
metze
2012-01-12s4:auth/gensec/spnego: add support for fragmented spnego messagesStefan Metzmacher1-3/+205
metze
2012-01-12s4:pygensec: add set_max_update_size() and max_update_size() functionsStefan Metzmacher1-0/+25
metze
2012-01-11s4:auth: Make sure to check the optional auth_context hooks before using themAndrew Bartlett1-18/+26
These are optional to supply - some callers only provide an auth_context for the other plugin functions, and so we need to deal with this cleanly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jan 11 10:49:13 CET 2012 on sn-devel-104
2012-01-11gensec: Rename want_flags and got_flags in gensec_gssapiAndrew Bartlett1-26/+26
This make it clearer what type of flags these are. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11gensec: make gensec_gssapi.h commonAndrew Bartlett1-67/+0
This will make it easier to share elements of the GSSAPI gensec mechs, in much the same way elements of the NTLMSSP mech are shared. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11gensec: move gensec_util.c to the top levelAndrew Bartlett3-104/+1
To do this some defines need to move to common_auth.h Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11auth: make auth4_context common to provide access to generate_session_info_pac()Andrew Bartlett1-52/+0
By providing this context, a function pointer for generate_session_info_pac() can be inserted into gensec, allowing the s3 PAC processing in an otherwise more generic gensec module. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-10krb5: Require krb5_set_real_time is available to build with krb5Andrew Bartlett1-4/+0
2012-01-09s4-kerberos: remove some unused prototypes.Günther Deschner1-22/+0
These are defined in the krb5 abstraction headers elsewhere. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Jan 9 14:32:08 CET 2012 on sn-devel-104
2012-01-06ntlmssp: merge initial packet implementationsAndrew Bartlett1-6/+25
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-04s4:pygensec: add session_key() methodStefan Metzmacher1-0/+29
metze
2011-12-29s4-gensec: Rename memory contexts in gensec_util for greater clarityAndrew Bartlett1-2/+2
This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba. Thankyou Simo for the suggestion. Andrew Bartlett
2011-12-29s4-gensec: Rename memory contexts in gensec_krb5 for greater clarityAndrew Bartlett1-16/+16
This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba. Thankyou Simo for the suggestion. Andrew Bartlett
2011-12-29s4-gensec: Rename memory contexts in gensec_gssapi for greater clarityAndrew Bartlett1-16/+16
This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba. Thankyou Simo for the suggestion. Andrew Bartlett
2011-12-29s4-auth: Rename memory contexts for greater clarityAndrew Bartlett2-10/+10
This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba. Thankyou Simo for the suggestion. Andrew Bartlett
2011-12-29s4-gensec remove auth_session dep from gensec_gssapi.cAndrew Bartlett1-1/+1
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 29 05:37:11 CET 2011 on sn-devel-104
2011-12-29s4-gensec Remove fallback for simple privilegesAndrew Bartlett1-6/+2
This makes the dependencies simpler, as this code path is no longer required. (That is, it makes no sense to have an NTLM login without an auth context, and the gensec_gssapi and gensec_krb5 modules call the PAC blob function below instead). Andrew Bartlett
2011-12-29s4-torture: Demonstrate handling of the PAC in a custom auth_contextAndrew Bartlett2-59/+5
This demonstrates how a different function pointer can be supplied to handle the PAC blob, without depending on the provisioned samdb etc. Andrew Bartlett
2011-12-29s4-pyauth: Make sure event context allows nestingAndrew Bartlett1-1/+2
2011-12-29s4-gensec: Move parsing of the PAC blob and creating the session_info into authAndrew Bartlett8-169/+247
This uses a single callback to handle the PAC from the DATA_BLOB format until it becomes a struct auth_session_info. This allows a seperation between the GSS acceptor code and the PAC interpretation code based on the supplied auth context. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 29 01:10:59 CET 2011 on sn-devel-104
2011-12-29s4-gensec: fix cyrus sasl module after update() protype changeAndrew Bartlett1-0/+1
2011-12-28s4-auth Remove unused auth_context_create_from_ldb()Andrew Bartlett2-27/+0
2011-12-28s4-gensec: Allow a PAC to be obtained from any GSS mechAndrew Bartlett1-7/+0
This may allow Luke Howard's moonshot to work with a little less effort at some point in the future. Andrew Bartlett
2011-12-28auth/kerberos: Move gssapi_parse.c to the top levelAndrew Bartlett2-123/+2
This will help with writing a gensec module for the s3 gse layer. Andrew Bartlett
2011-12-28s4-ntlmssp Do not allow LM key without a LM passwordAndrew Bartlett1-3/+5
2011-12-07auth: Allow a NULL principal to be obtained from the credentialsAndrew Bartlett2-3/+14
This is important when trying to let GSSAPI search the keytab. Andrew Bartlett
2011-12-03Revert making public of the samba-module library.Jelmer Vernooij2-4/+4
This library was tiny - containing just two public functions than were themselves trivial. The amount of overhead this causes isn't really worth the benefits of sharing the code with other projects like OpenChange. In addition, this code isn't really generically useful anyway, as it can only load from the module path set for Samba at configure time. Adding a new library was breaking the API/ABI anyway, so OpenChange had to be updated to cope with the new situation one way or another. I've added a simpler (compatible) routine for loading modules to OpenChange, which is less than 100 lines of code. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
2011-11-30s4:gensec/spnego: only try the mechs that match the client given onesStefan Metzmacher1-0/+4
Windows-Members of NT4/Samba3 domains, send MechTypes: 1.3.6.1.4.1.311.2.2.10 [NTLMSSP] 1.2.840.48018.1.2.2 [krb5 broken] 1.2.840.113554.1.2.2 [krb5] MechToken for NTLMSSP. This patch makes sure we start NTLMSSP with the given MechToken, instead of trying to pass the NTLMSSP MechToken to the krb5 backend first. As that would fail the authentication with an error instead of trying fallbacks. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Nov 30 17:03:29 CET 2011 on sn-devel-104
2011-11-29s4-samba-tool: Add --principal argument to samba-tool domain exportkeytabAndrew Bartlett1-61/+134
This allows only a particular principal to be exported to the keytab. This is useful when setting up unix servers in a Samba controlled domain. Based on a request by Gémes Géza <geza@kzsdabas.hu> Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Nov 29 09:20:55 CET 2011 on sn-devel-104
2011-11-18s4-auth log details about any token we fail to convert to a unix tokenAndrew Bartlett1-0/+17
Now that entries are being added into the idmap DB from Samba3, and may be UID or GID but not BOTH, failures are more likely. Andrew Bartlett
2011-10-28lib/util Rename samba_init_module_fns_run -> samba_module_init_fns_runAndrew Bartlett1-1/+1
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-28lib/util Rename samba_init_module_fn -> samba_module_init_fnAndrew Bartlett1-1/+1
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-28lib/util Split samba-modules library into public and private partsAndrew Bartlett2-2/+2
This will allow OpenChange to get at the symbols it needs, without exposing any more of this as a public API than we must. Andrew Bartlett
2011-10-28lib/util Rename run_init_functions -> samba_init_module_fns_runAndrew Bartlett1-1/+1
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-28lib/util Rename init_module_fn to samba_init_module_fnAndrew Bartlett1-1/+1
This prepares for making the samba_module.h header public again, for OpenChange. I am keen to avoid too much API namespace pollution if we can.
2011-10-24idl: Improve MS-PAC IDLSimo Sorce1-5/+9
Change some misleading variable names to reflect the actual function. Add missing field name/types previously marked as unkown. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
2011-10-18s4:auth/unix_token: match s3 behavior and add uid/gid to the groups arrayStefan Metzmacher1-17/+31
If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
2011-10-18gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett7-42/+49
This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: move event-using code to gensec_update() hooks out of gensec_start*()Andrew Bartlett3-39/+77
This ensures that only gensec_update() will require an event context argument when the API is refactored. Andrew Bartlett
2011-10-18s4-auth: match the new s3 gensec client and always negotiate SIGN with SEALAndrew Bartlett1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Prepare gensec_ntlmssp_start() for broader useAndrew Bartlett2-4/+28
This moves the allocation of the ntlmssp pointer back to the callers. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett6-286/+11
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-13libcli/auth: Provide a struct loadparm_context to schannel callsAndrew Bartlett1-1/+1
This will allow us to pass this down to the tdb_wrap layer. Andrew Bartlett