summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2010-10-21s4-auth: make auth a private libraryAndrew Tridgell1-5/+6
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-19s4-auth Add DEBUG() for invalid DNs and errors expanding user groups.Andrew Bartlett1-0/+5
Against the OpenLDAP backend, I currently get failures. This makes it possible to debug those failures. Andrew Bartlett
2010-10-19s4-gensec Don't give more to sasl_encode() than it will permitAndrew Bartlett1-3/+10
We need to ask the library how much data to pass in at any time. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 19 08:37:45 UTC 2010 on sn-devel-104
2010-10-19s4-gensec Don't upgrade all DIGEST-MD5 connections to sealAndrew Bartlett1-12/+21
The issue here is that when props.max_ssf = UINT_MAX was always set, as was the maxbufsize, and the connection would always be upgraded, regardless of the callers wishes. Andrew Bartlett
2010-10-18s4:"util_ldb" - remove some really unused dependanciesMatthias Dieter Wallnöfer4-4/+2
2010-10-18s4-gensec: Add dependency on com_err to GENSEC_KRB5.Andreas Schneider1-1/+1
2010-10-17Revert "s4:remove "util_ldb" submodule and integrate the three gendb_* calls ↵Matthias Dieter Wallnöfer5-3/+5
in "dsdb/common/util.c"" This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0. Jelmer pointed out that these are also in use by other LDB databases - not only SAMDB ones. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
2010-10-17s4:remove "util_ldb" submodule and integrate the three gendb_* calls in ↵Matthias Dieter Wallnöfer5-5/+3
"dsdb/common/util.c" They're only in use by SAMDB code. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
2010-10-15s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", ↵Matthias Dieter Wallnöfer1-10/+10
"samdb_result_uint64" and "samdb_result_string" We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this reduces only code redundancies. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-12libcli/security Use common security.hAndrew Bartlett1-1/+1
This includes dom_sid.h and security_token.h and will be moved to the top level shortly. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 03:35:36 UTC 2010 on sn-devel-104
2010-10-12s4-credentials Allocate ldb result on correct memory contextAndrew Bartlett1-1/+1
2010-10-12libcli/security Add debug class to security_token_debug() et alAndrew Bartlett1-1/+1
This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett
2010-10-11samdb_common, ntlm: Add missing dependency on libsamba-hostconfig.Jelmer Vernooij1-1/+1
2010-10-11s4-credentials Add explicit event context handling to Kerberos calls (only)Andrew Bartlett11-81/+183
By setting the event context to use for this operation (only) onto the krb5_context just before we call that operation, we can try and emulate the specification of an event context to the actual send_to_kdc() This eliminates the specification of an event context to many other cli_credentials calls, and the last use of event_context_find() Special care is taken to restore the event context in the event of nesting in the send_to_kdc function. Andrew Bartlett
2010-10-11s4-param Refactor secrets code to not require an event context.Andrew Bartlett1-1/+1
A new event context is constructed by LDB when required for secrets.ldb This will be essentially unused, as LDB on TDB will only trigger 'fake' events, and blocks on transactions and lock operations anyway. Andrew Bartlett
2010-10-11s4-kerberos Remove unused parameterAndrew Bartlett2-3/+1
2010-10-11s4-kerberos Remove unsued variableAndrew Bartlett1-1/+0
2010-10-11credentials: Avoid unnecessary includes.Jelmer Vernooij1-2/+0
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 13:01:36 UTC 2010 on sn-devel-104
2010-10-11credentials: Fix the build.Jelmer Vernooij5-2/+7
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 02:47:50 UTC 2010 on sn-devel-104
2010-10-11credentials: Split up into several subsystems.Jelmer Vernooij5-10/+22
2010-10-11kerberos_util: Put into separate subsystem.Jelmer Vernooij4-3/+11
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 00:34:56 UTC 2010 on sn-devel-104
2010-10-10auth: Remove unnecessary dependencies, fix formatting.Jelmer Vernooij1-2/+2
2010-10-10credentials: Move code that doesn't need any external dependencies intoJelmer Vernooij3-144/+147
credentials.c.
2010-10-10gensec: Support building without any linked-in modules.Jelmer Vernooij1-0/+4
2010-10-10samdb: Add flags argument to samdb_connect().Jelmer Vernooij1-1/+1
2010-10-05Add missing dependencies for com_err.Jelmer Vernooij3-2/+3
2010-10-05heimdal: Fix name of hx509 library.Jelmer Vernooij1-1/+1
2010-10-05heimdal: Fix library name of gssapi.Jelmer Vernooij2-2/+2
2010-10-02s4-gensec Always honour the set server principalAndrew Bartlett1-1/+1
The spengo code won't set this unless it is allowed to by this same option, but other callers may need it. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Oct 2 02:27:39 UTC 2010 on sn-devel-104
2010-10-02s4-kerberos Don't regenerate key values for each alias in keytabAndrew Bartlett1-43/+35
Instead, store the same key value under the multiple alias names. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Oct 2 00:16:52 UTC 2010 on sn-devel-104
2010-10-02s4-auth Add make_server_info_pac() to include 'resource domain' groupsAndrew Bartlett2-5/+40
Previously, our PAC code didn't include these groups into the server_info from which we would eventually calculate the full list of tokenGroups. Andrew Bartlett
2010-10-02s4-auth Allocate domain SIDs under the sids array, not server_infoAndrew Bartlett1-1/+1
Andrew Bartlett
2010-10-01s4-auth: fixed a vagrind error when creating keytabsAndrew Tridgell1-0/+3
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-29s4-sam: added DOMAIN_RID_ENTERPRISE_READONLY_DCS for RODCs in the PACAndrew Tridgell1-0/+16
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28s4-sam: fixed termination of krbtgt_attrs (comma and NULL)Andrew Tridgell1-4/+4
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-29s4-kdc Use msDS-SecondaryKrbTgtNumber to fill in the full KVNOAndrew Bartlett1-0/+1
Andrew Bartlett
2010-09-27s4-auth: removed unused variable dom_sidAndrew Tridgell1-1/+1
2010-09-28s4:gensec_tstream: remove plain socket handlingStefan Metzmacher1-124/+12
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 04:54:24 UTC 2010 on sn-devel-104
2010-09-28s4:gensec: add gensec_create_tstream()Stefan Metzmacher3-1/+764
Based on the initial patch from Andreas Schneider <asn@redhat.com>. metze
2010-09-26s4-gensec: fixed a valgrind error in gensecAndrew Tridgell1-12/+2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-26s4:schannel: handle move flag combinations in the serverStefan Metzmacher1-13/+23
This fixes some testsuites in the CIFS plugfest. metze
2010-09-26s4-auth: fixed the SID list for DCs in the PACAndrew Tridgell3-19/+16
the S-1-5-9 SID is added in the PAC by the KDC, not on the server that receives the PAC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sun Sep 26 07:09:08 UTC 2010 on sn-devel-104
2010-09-26s4-kerberos Don't segfault if the password isn't specified in keytab generationAndrew Bartlett1-0/+7
Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Sep 26 03:29:34 UTC 2010 on sn-devel-104
2010-09-25s4-pycredentials: avoid a tallloc_free on refAndrew Tridgell1-1/+1
with the new py object structure, we need to unlink not free
2010-09-24s4-kerberos Rework keytab handling to export servicePrincipalName entriesAndrew Bartlett2-126/+164
This creates keytab entries with all the servicePrincipalNames listed in the secrets.ldb entry. Andrew Bartlett
2010-09-24s4-kerberos Move 'set key into keytab' code out of credentials.Andrew Bartlett5-208/+234
This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
2010-09-24s4-kerberos Fix kerberos_enctype_bitmap_to_enctypes()Andrew Bartlett1-2/+3
The previous code never worked Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-23s4-gensec: fixed a client side bug in GENSEC/SASL/SSF negotiationAndrew Tridgell1-7/+10
this is the client side equivalent change for the previous fix Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-23s4-gensec: prevent a double free in the error path of GSSAPI authAndrew Tridgell1-1/+0
the caller frees mem_ctx, so we shouldn't Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-23s4-gensec: fixed a GSSAPI SASL negotiation bugAndrew Tridgell1-11/+14
Fixed a bug that affected mismatched negotiation between the GSSAPI layer and the SASL SSF subsequent negotiation. This caused some ldap clients to hang when trying to authentication with a Samba LDAP server. The client thought the connection should be signed, the server thought it should be in plain text Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>