IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This will be used for LDAP connections and may trigger
backend specific behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 069aee42c2f12ed5feb23c19dc0a4771d913619a)
This is the current gensec_update() which takes an optional
tevent_context structure and allows semi-async code.
This is just a temporary solution on the way to kill
the semi-async code completely, by using gensec_update_send/recv.
By providing a gensec_update_ev(), we can remove the explicit
tevent_context from gensec_update() and fix all the sane callers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should treat most gensec related structures private.
It's a long way, but this is a start.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is clearly a utiliy function generic to gensec. Also the 3 callers
had identical implementations. Provide a generic implementation for all
of them and avoid duplicating the code everywhere.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Feb 17 12:18:51 CET 2012 on sn-devel-104
This avoids us needing to assume lp_netbios_name().lp_dnsdomain() if the caller
knows better. This will allow preservation of current s3 behaviour.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This avoids casting to and from the struct auth_user_info_dc *user_info_dc
to to this, the
if (user_info_dc->info->authenticated)
is moved into auth_generate_session_info_wrapper(), which is the
function that gensec_security->auth_context->generate_session_info
points to.
Andrew Bartlett
This uses a single callback to handle the PAC from the DATA_BLOB
format until it becomes a struct auth_session_info.
This allows a seperation between the GSS acceptor code and the PAC
interpretation code based on the supplied auth context.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 29 01:10:59 CET 2011 on sn-devel-104
This will allow s3 to specify modules to use as a list, rather than
needing to start the individual module with gensec_start_mech_by_ops()
Andrew Bartlett
This avoids keeping the event context around on a the gensec_security
context structure long term.
In the Samba3 server, the event context we either supply is a NULL
pointer as no server-side modules currently use the event context.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Because of the calling convention, this is the best place to assert
that we have not been subject to a downgrade attack on the negotiated
features. (In DCE/RPC, this isn't a negotiation, the client simply
specifies the level of protection that is required).
Andrew Bartlett
(some formatting fixes)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This is slightly less efficient, because we no longer keep a cache on
the gensec structures, but much clearer in terms of memory ownership.
Both gensec_session_info() and gensec_session_key() now take a mem_ctx
and put the result only on that context.
Some duplication of memory in the callers (who were rightly uncertain
about who was the rightful owner of the returned memory) has been
removed to compensate for the internal copy.
Andrew Bartlett
The startup and runtime functions that have no dependencies are moved
into the top level.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
