summaryrefslogtreecommitdiff
path: root/source4/lib/credentials.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r10528: Add credentials.h back into includes.h as some compilers don'tJelmer Vernooij1-1/+0
seem to be able to handle incomplete enum types. (This used to be commit 540155fad3c8e3d79fb631bb3f14273f82130a73)
2007-10-10r10510: Decrease the amount of data included by includes.h a bitJelmer Vernooij1-0/+1
(This used to be commit 03647e1321cf6c9bd6ced3945265f635e9468973)
2007-10-10r10402: Make the RPC-SAMLOGON test pass against Win2k3 SP0 again.Andrew Bartlett1-16/+20
I still have issues with Win2k3 SP1, and Samba4 doesn't pass it's own test for the moment, but I'm working on these issues :-) This required a change to the credentials API, so that the special case for NTLM logins using a principal was indeed handled as a special, not general case. Also don't set the realm from a ccache, as then it overrides --option=realm=. Andrew Bartlett (This used to be commit 194e8f07c0cb4685797c5a7a074577c62dfdebe3)
2007-10-10r10364: Turn gensec:gssapi on by default, except for a login of the formAndrew Bartlett1-3/+7
-Udomain\\user. This will probably break in a few configurations, so please let me know. I'll also work to have a way to inhibit kerberos/ntlmssp, as this removes -k. Andrew Bartlett (This used to be commit 3c0dc570b86e79aea5446d7c3bb9750a11bf8ca4)
2007-10-10r10245: Get rid of XFILE in a few places.Jelmer Vernooij1-18/+12
Add fdprintf() and vfdprintf() helper functions. (This used to be commit 6685009f6af94b088084d69a43bcea5f8335ae57)
2007-10-10r9940: When guessing, don't make DEBUG(1,... errors.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 664736e73df60ccfd24a41fda75031cb6b7d08cd)
2007-10-10r9929: Fix indentationAndrew Bartlett1-1/+3
Andrew Bartlett (This used to be commit d6f57ec921839b46534eb64a7b6374161ff37835)
2007-10-10r9772: Make credentials callbacks more consistant with the abstractionAndrew Bartlett1-7/+92
function interface used in the credentials code. Fix bug in ntlm_auth, where we would overwrite the PW specified as a first input. (Reported and chased by Kai Blin <blin@gmx.net>, bug #3040) Andrew Bartlett (This used to be commit 04af95bd31de39ad6aff349a4838dd77cb300034)
2007-10-10r9731: Fix typoAndrew Bartlett1-1/+1
(This used to be commit e4492951e56d89a2b805f644d83d4bd4be31a6b0)
2007-10-10r9728: A *major* update to the credentials system, to incorporate theAndrew Bartlett1-31/+287
Kerberos CCACHE into the system. This again allows the use of the system ccache when no username is specified, and brings more code in common between gensec_krb5 and gensec_gssapi. It also has a side-effect that may (or may not) be expected: If there is a ccache, even if it is not used (perhaps the remote server didn't want kerberos), it will change the default username. Andrew Bartlett (This used to be commit 6202267f6ec1446d6bd11d1d37d05a977bc8d315)
2007-10-10r9414: Fix failure to find own domain info due to recent ldb_dn upgrade - weAndrew Bartlett1-2/+2
don't use a simple char* here any more. Andrew Bartlett (This used to be commit f21c31c7e151e23caa2699b1727d1ae310fbed4e)
2007-10-10r7988: Store the KVNO for the machine account, and set it up in the provision.Andrew Bartlett1-0/+22
Andrew Bartlett (This used to be commit 90e94a4630c24282cd93ee05e258877b38e24a57)
2007-10-10r7690: Move the NT hash generation into the credentials system, rather thanAndrew Bartlett1-11/+69
in all the callers. This also allows us to be more flexible in the type of password we store. Andrew Bartlett (This used to be commit 00b8588c68526e1d86fda0bd81c0b86f690b62c3)
2007-10-10r6952: Remove unneeded include of popt_common.hTim Potter1-1/+0
(This used to be commit 67d7bf877576853a05a156069ea4b97a1755e897)
2007-10-10r6700: Upper case realms in kerberos-specific parts of the code, as this isAndrew Bartlett1-1/+5
no longer done globally. This keeps MIT client libraries happy, because otherwise the windows KDC will return a different case to what was requested. Andrew Bartlett (This used to be commit 9098b9321f938473c367f906cfe2f001ca1d8e6a)
2007-10-10r6573: Start on my project to implement an NT4 compatible BDC in Samba4.Andrew Bartlett1-1/+2
This brings in a compatability layer for Samba3 in Samba4 - where we will start to define file formats and similar details. The 'net samdump' command uses 'password server = ' for now, and performs a similar task to Samba3's 'net rpc samsync'. Andrew Bartlett (This used to be commit 550f17f9924fe783917318753de7d1a388423908)
2007-10-10r6565: Cludge, cludge, cludge...Andrew Bartlett1-1/+30
We need to pass the 'secure channel type' to the NETLOGON layer, which must match the account type. (Yes, jelmer objects to this inclusion of the kitchen sink ;-) Andrew Bartlett (This used to be commit 8ee208a926d2b15fdc42753b1f9ee586564c6248)
2007-10-10r6483: fix anonymous connections, '-U %' or '-U ""%""' can be used for thisStefan Metzmacher1-0/+5
metze (This used to be commit d31b4d7df375c0d4ea962a0df1693778d56f03ec)
2007-10-10r6452: This particular credentials feature needs to be NULL by default.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit e4e221705306c63986f384938bbab5006caeec2e)
2007-10-10r6271: Don't zero the cli_credentials structure - instead allow valgrind toAndrew Bartlett1-1/+7
track the use of un-initialised values. This change will require a recompile from clean, as the enum describing the status of each element now has a default of CRED_UNINITIALISED. Andrew Bartlett (This used to be commit 83c2eb806d43f588bd06336aa7e2dbdc00dc2c67)
2007-10-10r6079: Add inline documentation on the credentials context API.Andrew Bartlett1-6/+118
Andrew Bartlett (This used to be commit 258c04e3678b936bb564ecef10f14128c0a54510)
2007-10-10r6070: Fix typo's and fallback to "" as default user name if noJelmer Vernooij1-2/+3
other username could be guessed. (This used to be commit 7fe77cd65901776b5a78e8398547f364379259d3)
2007-10-10r6024: Some of the ordering constraints on the popt callbacks were gettingAndrew Bartlett1-21/+86
painful, so don't call lp_*() functions until the post stage (rather than in the cli_credentails_init(), which is called in the pre stage), and don't open the secrets.ldb looking for the machine account details until we actually need them (well after popt is done, and we know we have the other things right). Set the domain and realm, as well as the account and password for -P (fetch machine password) operation. Allow NETLOGON credentials to be stored in this structure - will allow SCHANNEL to be made more generic. Clarify why we don't do special checks for NULL pointers, particularly in the anonymous check (it indicates a programmer error, not a run-time condition). Also make lib/credentials.c a little more consistant. Andrew Bartlett (This used to be commit 730e6056b730c15008772c30cd6f7c03fb6b7e5f)
2007-10-10r5989: Display authentication information (list of available auth protocolsJelmer Vernooij1-1/+1
+ principal names per endpoint) to gepdump. Still need to fix memory management in the GTK+ utilities... (This used to be commit b48a0af0b0fbf1234627ec785699896a44b23e75)
2007-10-10r5988: Fix the -P option (use machine account credentials) to use the Samba4Andrew Bartlett1-5/+74
secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2007-10-10r5942: A couple of small changes to fix things up with the new credentialsAndrew Bartlett1-0/+1
infrustructure. Andrew Bartlett (This used to be commit d51718ab8a3771ada4e342a384b744edb803db40)
2007-10-10r5941: Commit this patch much earlier than I would normally prefer, but ↵Andrew Bartlett1-22/+21
metze needs a working tree... The main volume of this patch was what I started working on today: - Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context. - Uses sepereate inner loops for some of the DCE/RPC tests The other and more important part of this patch fixes issues surrounding the new credentials framwork: This makes the struct cli_credentials always a talloc() structure, rather than on the stack. Parts of the cli_credentials code already assumed this. There were other issues, particularly in the DCERPC over SMB handling, as well as little things that had to be tidied up before test_w2k3.sh would start to pass. Andrew Bartlett (This used to be commit 0453f9d05d2e336fba1f85dbf2718d01fa2bf778)
2007-10-10r5929: Use cli_credentials for the SMB functions as well.Jelmer Vernooij1-2/+11
Fix a couple of bugs in the new cli_credentials code (This used to be commit 4ad481cfe5cde514d2ef9646147239f3faaa6173)
2007-10-10r5928: Use cli_credentials in:Jelmer Vernooij1-2/+22
- gtk+ (returned by GtkHostBindingDialog as well now) - torture/ - librpc/ - lib/com/dcom/ (This used to be commit ccefd782335e01e8e6ecb2bcd28a4f999c53b1a6)
2007-10-10r5917: First step in using the new cli_credentials structure. This patchJelmer Vernooij1-0/+301
puts support for it into popt_common, adds a few utility functions (in lib/credentials.c) and the callback functions for the command-line (lib/cmdline/credentials.c). Comments are welcome :-) (This used to be commit 1d49b57c50fe8c2683ea23e9df41ce8ad774db98)