summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2010-03-24s4:ntlmssp: add a callback_private pointer to gensec_ntlmssp_stateStefan Metzmacher1-1/+6
We'll remove any gensec specific stuff from gensec_ntlmssp_state and rename it to ntlmssp_state again. Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp Ensure that we always negotiate signing if we negotiate sealing.Andrew Bartlett1-0/+1
Without this, a sealed LDAP connection to windows does not work. Andrew Bartlett
2010-03-16s4:auth/kerberos/kerberos.c - fix also here a memory leakMatthias Dieter Wallnöfer1-0/+1
The options need to be freed also on this error case.
2010-03-11s4: Modify auth/config.m4 to move pam tests to nsswitch.m4 so that we tests ↵Matthieu Patou1-6/+1
things in one place Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-03-08s4-gensec: Fixed wrong usage of error_string.Andreas Schneider1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-03-04s4:auth/sam.c - change base context for the "tmp_ctx" context in ↵Matthias Dieter Wallnöfer1-1/+1
"authsam_expand_nested_groups" Better use the "res_sids_ctx" as base context for the "tmp_ctx" and not the long-living "sam_ctx"/"ldb" context to prevent memory leaks.
2010-03-04s4:sam.c - make "authsam_expand_nested_groups" publicMatthias Dieter Wallnöfer2-1/+7
This is needed by the "tokenGroups" work in the operational LDB module.
2010-03-04s4:sam.c - cosmetic indentation fixMatthias Dieter Wallnöfer1-2/+1
2010-03-04s4:sam.c - change variable types to unsigned in "sids_contains_sid"Matthias Dieter Wallnöfer1-3/+4
Should also be unsigned - no need for a signed "i" and "num_sids" here.
2010-03-03Fix typo in comments.Karolin Seeger1-2/+2
2010-02-26s4:python Add bindings to set GENSEC flags on credentials in pythonAndrew Bartlett2-0/+32
This should allow these to be manipulated by python scripts that need encrypted connections. Andrew Bartlett
2010-02-26s4-krb5: propogate errors from a lot more kerberos functionsAndrew Tridgell10-99/+148
We need to be able to give sensible error messages when a kerberos calls fails. This propogates the kerberos error up the stack to the caller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-25s4:auth - make some parts "signed-safe"Matthias Dieter Wallnöfer2-7/+8
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-23s4:cleanup remove unused schannel ldb codeSimo Sorce1-67/+0
2010-02-23s4:schannel merge code with s3Simo Sorce2-22/+5
After looking at the s4 side of the (s)channel :) I found out that it makes more sense to simply make it use the tdb based code than redo the same changes done to s3 to simplify the interface. Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet that does not solve the lookup speed, with ldb it is always going to be slower. Looking through the history it is evident that the schannel database doesn't really need greate expanadability. And lookups are always done with a single Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated. The schannel database is not really a persistent one. It can be discared during an upgrade without causing any real issue. all it contains is temproary session data.
2010-02-22Spelling fixes for source4/auth.Brad Hards2-3/+3
The comment for USER_INFO_INTERACTIVE_LOGON looks like a cut-n-paste from the line above. Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-02-20s4:credentials Add hooks to extract a named Kerberos credentials cacheAndrew Bartlett5-63/+162
This allows the integration of external tools that can't be linked into C or python, but need to authenticate as the local machine account. The machineaccountccache script demonstrates this, and debugging has been improved in cli_credentials_set_secrets() by passing back and error string. Andrew Bartlett
2010-02-16s4-dsdb: removed gendb_search_single_extended_dn()Andrew Tridgell1-2/+3
Use dsdb_search_one() instead, which allows for arbitrary controls Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-16s4-dsdb: added dsdb_search_one() and cleanup dsdb_find_dn_by_guid()Andrew Tridgell1-4/+6
dsdb_find_dn_by_guid() now takes a struct GUID instead of a guid_string. All the callers in fact wanted a struct GUID, so we now avoid the extra conversion. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-13s4-auth: use TYPESAFE_QSORT() in gensecAndrew Tridgell1-1/+2
2010-02-12s4:auth/credentials/credentials.c - Initialise the "lm_response" and ↵Matthias Dieter Wallnöfer1-0/+5
"nt_response" structures In some cases those structures are not initialised and the whole authentication system crashes with a SIGSEGV. Bug discovered by Matthieu Patou in bug #6755.
2010-02-09s4:Remove "Py_RETURN_NONE" compatibility codeMatthias Dieter Wallnöfer2-8/+0
This was needed only by Python 2.3 which we no longer support.
2010-01-31s4:kdc streamline context initializationSimo Sorce2-37/+58
Allow other plugins to init the context without having it try to grab sockets or set samba specific logging.
2010-01-29s4:auth_sam: avoid usage of data_blob_talloc_reference() and copy the ↵Stefan Metzmacher1-4/+14
session keys metze
2010-01-28cleanup: remove trailing spaces and tabsSimo Sorce1-37/+37
2010-01-21s4: Fix a few warnings.Jelmer Vernooij1-0/+1
2010-01-16s4-kerberos: raise the general kerberos debug level to 3Andrew Tridgell1-1/+1
level 2 for every krb request is a bit much
2010-01-12Strip trailing spacesSimo Sorce2-82/+82
2009-12-29s4:ntlmssp: remove mem_ctx from check_password() callback to match s3Stefan Metzmacher2-5/+2
metze
2009-12-29s4:ntlmssp_server: always call ntlmssp_server_postauth() and decide there if ↵Stefan Metzmacher1-5/+11
it's a noop metze
2009-12-29s4:ntlmssp_server: don't use a mem_ctx for ntlmssp_server_auth()Stefan Metzmacher1-13/+7
metze
2009-12-29s4:ntlmssp_server: don't use mem_ctx in auth_ntlmssp_check_password()Stefan Metzmacher1-16/+8
metze
2009-12-29s4:ntlmssp_server: clear session key in ntlmssp_server_preauth()Stefan Metzmacher1-3/+1
metze
2009-12-29s4:ntlmssp: use data_blob_null in ntlmssp_server_auth()Stefan Metzmacher1-4/+6
metze
2009-12-29s4:ntlmssp_server: remove unused variableStefan Metzmacher1-7/+0
metze
2009-12-29s4:auth/ntlmssp: let get_challenge() return a NTSTATUS and fill a stack bufferStefan Metzmacher2-13/+13
metze
2009-12-29dsdb: Fix dependencies when building against system ldb.Jelmer Vernooij1-1/+1
2009-12-29s4:auth: add auth_get_server_info_principal() prototype to auth.hStefan Metzmacher1-0/+5
metze
2009-12-29s4:auth: make auth_challenge_may_be_modified() publicStefan Metzmacher2-2/+2
metze
2009-12-29s4:auth: remove autogenerated auth/ntlm/auth_proto.hStefan Metzmacher1-50/+0
metze
2009-12-29s4:ntlmssp: fix whitespaces in ntlmssp.hStefan Metzmacher1-16/+16
metze
2009-12-24s4:auth: change auth_check_password_send/recv to tevent_reqStefan Metzmacher3-113/+143
metze
2009-12-24s4:gensec: change gensec_update_send/recv to tevent_reqStefan Metzmacher3-58/+83
metze
2009-12-22s4:gensec Don't give a warning when Windows client connects with NTLMAndrew Bartlett1-11/+20
We have had the workaround for a long time, but at the time the log warnings remained. Andrew Bartlett
2009-12-22s4:auth Change 'get_challenge' API to be more like Samba3Andrew Bartlett7-34/+31
It is just easier to fill in the known to be 8 byte challenge than stuff about with allocated pointers. Andrew Bartlett
2009-12-22s4:auth generate the prototype file in the right placeAndrew Bartlett1-1/+1
2009-12-16s4:gensec: allow clearing local and remote address by passing NULLStefan Metzmacher1-0/+10
metze
2009-12-16s4-gensec: Remove obsolete socket_address vars and fns.Andreas Schneider2-35/+0
2009-12-16s4-gensec: Replace gensec_get_peer_addr with new tsocket based fn.Andreas Schneider8-32/+29
2009-12-16s4-gensec: Replace gensec_set_peer_addr with new tsocket based fn.Andreas Schneider2-11/+0