1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

1130 Commits

Author SHA1 Message Date
Andrew Tridgell
781ad038c9 s4-krb5: propogate errors from a lot more kerberos functions
We need to be able to give sensible error messages when a kerberos
calls fails. This propogates the kerberos error up the stack to the
caller.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-26 13:59:16 +11:00
Matthias Dieter Wallnöfer
e912d50709 s4:auth - make some parts "signed-safe"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25 08:17:11 +11:00
Simo Sorce
805f7507e2 s4:cleanup remove unused schannel ldb code 2010-02-23 12:46:51 -05:00
Simo Sorce
1203de99b1 s4:schannel merge code with s3
After looking at the s4 side of the (s)channel :) I found out that it makes
more sense to simply make it use the tdb based code than redo the same changes
done to s3 to simplify the interface.

Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet
that does not solve the lookup speed, with ldb it is always going to be slower.

Looking through the history it is evident that the schannel database doesn't
really need greate expanadability. And lookups are always done with a single
Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated.

The schannel database is not really a persistent one. It can be discared during
an upgrade without causing any real issue. all it contains is temproary session
data.
2010-02-23 12:46:50 -05:00
Brad Hards
4b024683ac Spelling fixes for source4/auth.
The comment for USER_INFO_INTERACTIVE_LOGON looks like a cut-n-paste from the line above.

Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-02-22 21:45:37 +01:00
Andrew Bartlett
a9d9447d5a s4:credentials Add hooks to extract a named Kerberos credentials cache
This allows the integration of external tools that can't be linked
into C or python, but need to authenticate as the local machine
account.

The machineaccountccache script demonstrates this, and debugging has
been improved in cli_credentials_set_secrets() by passing back and
error string.

Andrew Bartlett
2010-02-20 17:58:07 +11:00
Andrew Tridgell
0bedb9cf5e s4-dsdb: removed gendb_search_single_extended_dn()
Use dsdb_search_one() instead, which allows for arbitrary controls

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-16 21:10:51 +11:00
Andrew Tridgell
b630530730 s4-dsdb: added dsdb_search_one() and cleanup dsdb_find_dn_by_guid()
dsdb_find_dn_by_guid() now takes a struct GUID instead of a
guid_string. All the callers in fact wanted a struct GUID, so we now
avoid the extra conversion.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-16 21:10:51 +11:00
Andrew Tridgell
0f50f4440d s4-auth: use TYPESAFE_QSORT() in gensec 2010-02-13 22:36:12 +11:00
Matthias Dieter Wallnöfer
d5af819b1a s4:auth/credentials/credentials.c - Initialise the "lm_response" and "nt_response" structures
In some cases those structures are not initialised and the whole authentication
system crashes with a SIGSEGV. Bug discovered by Matthieu Patou in bug #6755.
2010-02-12 15:04:07 +01:00
Matthias Dieter Wallnöfer
e34637b2a6 s4:Remove "Py_RETURN_NONE" compatibility code
This was needed only by Python 2.3 which we no longer support.
2010-02-09 17:53:09 +01:00
Simo Sorce
f77714c887 s4:kdc streamline context initialization
Allow other plugins to init the context without having it try to grab sockets
or set samba specific logging.
2010-01-31 13:30:31 -05:00
Stefan Metzmacher
1c76df6219 s4:auth_sam: avoid usage of data_blob_talloc_reference() and copy the session keys
metze
2010-01-29 11:16:35 +01:00
Simo Sorce
61a4ab36d9 cleanup: remove trailing spaces and tabs 2010-01-28 02:05:05 -05:00
Jelmer Vernooij
f679def4f2 s4: Fix a few warnings. 2010-01-21 16:15:11 +13:00
Andrew Tridgell
29d08bfe26 s4-kerberos: raise the general kerberos debug level to 3
level 2 for every krb request is a bit much
2010-01-16 18:30:22 +11:00
Simo Sorce
3d184399a5 Strip trailing spaces 2010-01-12 13:50:24 -05:00
Stefan Metzmacher
d5cbfbb93a s4:ntlmssp: remove mem_ctx from check_password() callback to match s3
metze
2009-12-29 17:06:25 +01:00
Stefan Metzmacher
f31d144e70 s4:ntlmssp_server: always call ntlmssp_server_postauth() and decide there if it's a noop
metze
2009-12-29 17:06:25 +01:00
Stefan Metzmacher
994d34b949 s4:ntlmssp_server: don't use a mem_ctx for ntlmssp_server_auth()
metze
2009-12-29 17:06:25 +01:00
Stefan Metzmacher
3f04b60fb9 s4:ntlmssp_server: don't use mem_ctx in auth_ntlmssp_check_password()
metze
2009-12-29 17:06:24 +01:00
Stefan Metzmacher
7d4692fa43 s4:ntlmssp_server: clear session key in ntlmssp_server_preauth()
metze
2009-12-29 17:06:24 +01:00
Stefan Metzmacher
dea456089a s4:ntlmssp: use data_blob_null in ntlmssp_server_auth()
metze
2009-12-29 17:06:24 +01:00
Stefan Metzmacher
60b9434492 s4:ntlmssp_server: remove unused variable
metze
2009-12-29 17:06:23 +01:00
Stefan Metzmacher
a8e61ac084 s4:auth/ntlmssp: let get_challenge() return a NTSTATUS and fill a stack buffer
metze
2009-12-29 17:06:23 +01:00
Jelmer Vernooij
fbb59b2dca dsdb: Fix dependencies when building against system ldb. 2009-12-29 16:26:21 +01:00
Stefan Metzmacher
8b68349442 s4:auth: add auth_get_server_info_principal() prototype to auth.h
metze
2009-12-29 12:13:30 +01:00
Stefan Metzmacher
27349a68ea s4:auth: make auth_challenge_may_be_modified() public
metze
2009-12-29 12:13:29 +01:00
Stefan Metzmacher
af25fb55c0 s4:auth: remove autogenerated auth/ntlm/auth_proto.h
metze
2009-12-29 12:13:23 +01:00
Stefan Metzmacher
8ab62799ed s4:ntlmssp: fix whitespaces in ntlmssp.h
metze
2009-12-29 08:18:52 +01:00
Stefan Metzmacher
078482ad0e s4:auth: change auth_check_password_send/recv to tevent_req
metze
2009-12-24 17:38:34 +01:00
Stefan Metzmacher
577857d351 s4:gensec: change gensec_update_send/recv to tevent_req
metze
2009-12-24 17:38:34 +01:00
Andrew Bartlett
585900deb5 s4:gensec Don't give a warning when Windows client connects with NTLM
We have had the workaround for a long time, but at the time the log
warnings remained.

Andrew Bartlett
2009-12-22 17:30:05 +11:00
Andrew Bartlett
0809696dbf s4:auth Change 'get_challenge' API to be more like Samba3
It is just easier to fill in the known to be 8 byte challenge than
stuff about with allocated pointers.

Andrew Bartlett
2009-12-22 17:29:15 +11:00
Andrew Bartlett
383369e8f2 s4:auth generate the prototype file in the right place 2009-12-22 17:29:13 +11:00
Stefan Metzmacher
fae70e1f54 s4:gensec: allow clearing local and remote address by passing NULL
metze
2009-12-16 20:34:15 +01:00
Andreas Schneider
c457d54434 s4-gensec: Remove obsolete socket_address vars and fns. 2009-12-16 20:28:39 +01:00
Andreas Schneider
1e5488859a s4-gensec: Replace gensec_get_peer_addr with new tsocket based fn. 2009-12-16 20:28:38 +01:00
Andreas Schneider
ac2d31e24c s4-gensec: Replace gensec_set_peer_addr with new tsocket based fn. 2009-12-16 20:28:38 +01:00
Andreas Schneider
8ca88042f0 s4-gensec: Replace gensec_get_my_addr with new tsocket based fn. 2009-12-16 20:28:38 +01:00
Andreas Schneider
226a9db2d9 s4-gensec: Replace gensec_set_my_addr() with new tsocket based fn. 2009-12-16 20:28:38 +01:00
Andreas Schneider
743e6363d5 s4-gensec: Added remote and local setter/getter using tsocket. 2009-12-16 20:28:37 +01:00
Andrew Bartlett
609b831462 s4:credentials Put the 'secrets.keytab' in the same directory as secrets.ldb
This avoids trouble when the secrets.ldb is updated with ldbedit but
an smb.conf is not specified.

Andrew Bartlett
2009-11-02 16:36:52 +11:00
Stefan Metzmacher
fab9aff6a2 s4:gensec/schannel: remove unused talloc_reference() in schannel_update()
We never expose creds to the caller in schannel_update().

metze
2009-10-24 11:59:14 +02:00
Andrew Tridgell
3050f83288 s4-python: we need to include Python.h first
If we don't include Python.h first then we get a pile of warnings due
to broken redefines of XOPEN_SOURCE in the Python includes.
2009-10-23 16:23:01 +11:00
Andrew Bartlett
b7f71c9407 s4:gensec Use an index on computerName in schannel.ldb 2009-10-23 15:41:35 +11:00
Andrew Tridgell
4ad0397d8a s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()
This allows us to reuse a ldb context if it is open twice, instead
of going through the expensive process of a full ldb open. We can
reuse it if all of the parameters are the same.

The change relies on callers using talloc_unlink() or free of a parent
to close a ldb context.
2009-10-23 14:52:17 +11:00
Andrew Tridgell
98e4393df9 s4-dsdb: create a static system_session context
This patch adds a system_session cache, preventing us from having to
recreate it on every ldb open, and allowing us to detect when the same
session is being used in ldb_wrap
2009-10-23 14:52:17 +11:00
Andrew Tridgell
5e79a86298 s4: ran minimal_includes.pl on source4/auth/gensec 2009-10-20 16:05:24 +11:00
Andrew Tridgell
f8109b0f49 s4: ran minimal_includes.pl on source4/auth/ntlmssp 2009-10-20 16:05:07 +11:00