summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2010-11-22Avoid the use of PyAPI_DATA, which is for internal Python API's.Arnaud Faucher1-2/+2
Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Nov 22 00:52:56 CET 2010 on sn-devel-104
2010-11-17s4-gensec: zero the gssapi_stateAndrew Tridgell1-1/+1
this fixes a use of the target_principal before initialisation Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-15s4-gensec Indicate if GENSEC is in client or server mode in the debugAndrew Bartlett1-2/+4
2010-11-15auth/ntlm: Use name consistent with other service names.Jelmer Vernooij1-1/+1
2010-11-15auth/gensec Handle incorrect username or password in Kerberos client codeAndrew Bartlett2-0/+3
Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Nov 15 02:09:40 UTC 2010 on sn-devel-104
2010-11-14s4-auth: fixed infinite loop in krb5 authAndrew Tridgell1-1/+1
we were continually trying the first address returned, instead of moving to the next address Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sun Nov 14 04:11:28 UTC 2010 on sn-devel-104
2010-11-14s4-auth: fixed crash in krb5 authAndrew Tridgell1-2/+1
remote_addr was used after free
2010-11-13s4-test: we need to import testtools before subunit/pythonAndrew Tridgell1-1/+1
subunit/python depends on testtools Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sat Nov 13 02:02:45 UTC 2010 on sn-devel-104
2010-11-11s4/test: Expand BindTestAnatoliy Atanasov1-20/+60
The test now binds with user@realm, domain\user, user dn, computer dn Autobuild-User: Anatoliy Atanasov <anatoliy.atanasov@postpath.com> Autobuild-Date: Thu Nov 11 16:15:30 UTC 2010 on sn-devel-104
2010-11-08s4-auth Supply more useful error messages on Kerberos failureAndrew Bartlett3-13/+28
The practice of returning only NT_STATUS_INVALID_PARAMETER hasn't helped our users to debug problems effectivly, and so we now return more errors and try and give a more useful debug message when then happen. Andrew Bartlett
2010-11-08s4-auth Fix typos in samba4 auth codeBrad Hards1-7/+7
2010-11-07credentials: Lowercase library name,Jelmer Vernooij5-20/+20
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Nov 7 01:48:44 UTC 2010 on sn-devel-104
2010-11-07samdb: Lowercase library name.Jelmer Vernooij2-5/+5
2010-11-05s4-kerberos Mention the remote address we fail to contact the KDC onAndrew Bartlett1-1/+10
2010-11-05s4/auth: Add logon_parameters to authenticate_username_pwAnatoliy Atanasov2-8/+12
We need to be able to set the logon parameters in the same way as in the ntlm server so we can handle openldap simple authentication call correctly. Autobuild-User: Anatoliy Atanasov <anatoliy@samba.org> Autobuild-Date: Fri Nov 5 06:32:43 UTC 2010 on sn-devel-104
2010-11-05s4/test: Added test for simple bind with machine accountAnatoliy Atanasov1-0/+116
Samba4 returns error on simple bind, when we do it using openldap simple_bind_s api.
2010-11-04s4-auth: unconditionally set previous_evAndrew Tridgell1-3/+1
we need the caller to know when the previous_ev was NULL Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-03s4:waf - fix the build on Gentoo platformsPhilip M. White1-2/+4
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-11-01s4-modules: get rid of the remaining static prototypes for modulesAndrew Tridgell2-18/+4
the waf build now generates the prototype declarations for us
2010-10-31s4-auth: added a dependency on com_errAndrew Tridgell1-1/+1
this helps with the gentoo build. The problem is that without the depenency, we don't add the cflags from the pkgconfig for com_err to the build of auth/gensec. That really reflects a more general problem with propogation of include dependencies, but this simple fix should be enough for now. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sun Oct 31 13:13:33 UTC 2010 on sn-devel-104
2010-10-31s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij9-841/+0
The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
2010-10-30s4-cmdline: make cmdline-credentials a private libraryAndrew Tridgell1-1/+1
2010-10-30s4-auth: make KERBEROS subsystem into authkrb5 private libraryAndrew Tridgell2-9/+10
this fixes some double linking. The name 'KERBEROS' was also a bit confusing, as it sounded like a base kerberos library, when it is in fact part of auth
2010-10-30s4-credentials: make a private library from CREDENTIALS subsystemAndrew Tridgell1-8/+9
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-27auth/credentials Give a sensible behaviour for resetting the krb5 contextAndrew Bartlett1-3/+8
This extra code isn't used at the moment, but I noticed the old API was rather supprising in it's behaviour, and might catch someone out at some later time. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Oct 27 05:24:22 UTC 2010 on sn-devel-104
2010-10-26talloc: change pytalloc-util to be a public library.Jelmer Vernooij3-3/+3
2010-10-26waf: Remove lib prefix from libraries manually.Jelmer Vernooij3-6/+6
2010-10-26s4: Drop duplicate 'lib' prefix for private libraries.Jelmer Vernooij4-4/+4
2010-10-24s4: Rename WBCLIENT to wbclient.Jelmer Vernooij1-1/+1
2010-10-24s4: Rename LIBSAMBA-* to libsamba-*Jelmer Vernooij3-5/+5
2010-10-24s4: Rename LIBSECURITY{_SESSION,} to libsecurity{_session,}Jelmer Vernooij3-7/+7
2010-10-23s4: Rename NSS_WRAPPER to nss_wrapper.Jelmer Vernooij1-1/+1
Only link to nss_wrapper when it is enabled. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Oct 23 23:05:44 UTC 2010 on sn-devel-104
2010-10-23s4: Rename UID_WRAPPER to uid_wrapper.Jelmer Vernooij1-2/+2
Only link to uid_wrapper when it is enabled.
2010-10-23s4: Rename LIBEVENTS to libevents.Jelmer Vernooij1-1/+1
2010-10-21s4-waf: removed the XATTR and SASL aliasesAndrew Tridgell1-1/+1
these were hangovers from the old build system names Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-21s4-auth: make auth a private libraryAndrew Tridgell1-5/+6
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-19s4-auth Add DEBUG() for invalid DNs and errors expanding user groups.Andrew Bartlett1-0/+5
Against the OpenLDAP backend, I currently get failures. This makes it possible to debug those failures. Andrew Bartlett
2010-10-19s4-gensec Don't give more to sasl_encode() than it will permitAndrew Bartlett1-3/+10
We need to ask the library how much data to pass in at any time. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 19 08:37:45 UTC 2010 on sn-devel-104
2010-10-19s4-gensec Don't upgrade all DIGEST-MD5 connections to sealAndrew Bartlett1-12/+21
The issue here is that when props.max_ssf = UINT_MAX was always set, as was the maxbufsize, and the connection would always be upgraded, regardless of the callers wishes. Andrew Bartlett
2010-10-18s4:"util_ldb" - remove some really unused dependanciesMatthias Dieter Wallnöfer4-4/+2
2010-10-18s4-gensec: Add dependency on com_err to GENSEC_KRB5.Andreas Schneider1-1/+1
2010-10-17Revert "s4:remove "util_ldb" submodule and integrate the three gendb_* calls ↵Matthias Dieter Wallnöfer5-3/+5
in "dsdb/common/util.c"" This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0. Jelmer pointed out that these are also in use by other LDB databases - not only SAMDB ones. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
2010-10-17s4:remove "util_ldb" submodule and integrate the three gendb_* calls in ↵Matthias Dieter Wallnöfer5-5/+3
"dsdb/common/util.c" They're only in use by SAMDB code. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
2010-10-15s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", ↵Matthias Dieter Wallnöfer1-10/+10
"samdb_result_uint64" and "samdb_result_string" We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this reduces only code redundancies. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-12libcli/security Use common security.hAndrew Bartlett1-1/+1
This includes dom_sid.h and security_token.h and will be moved to the top level shortly. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 03:35:36 UTC 2010 on sn-devel-104
2010-10-12s4-credentials Allocate ldb result on correct memory contextAndrew Bartlett1-1/+1
2010-10-12libcli/security Add debug class to security_token_debug() et alAndrew Bartlett1-1/+1
This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett
2010-10-11samdb_common, ntlm: Add missing dependency on libsamba-hostconfig.Jelmer Vernooij1-1/+1
2010-10-11s4-credentials Add explicit event context handling to Kerberos calls (only)Andrew Bartlett11-81/+183
By setting the event context to use for this operation (only) onto the krb5_context just before we call that operation, we can try and emulate the specification of an event context to the actual send_to_kdc() This eliminates the specification of an event context to many other cli_credentials calls, and the last use of event_context_find() Special care is taken to restore the event context in the event of nesting in the send_to_kdc function. Andrew Bartlett
2010-10-11s4-param Refactor secrets code to not require an event context.Andrew Bartlett1-1/+1
A new event context is constructed by LDB when required for secrets.ldb This will be essentially unused, as LDB on TDB will only trigger 'fake' events, and blocks on transactions and lock operations anyway. Andrew Bartlett