sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Code
66,963 Commits 60 Branches 1,144 Tags 452 MiB
f9698cfc97
Commit Graph

1287 Commits

Author SHA1 Message Date
Andrew Bartlett
bc354fb1a6 s4:gensec Allow mutual auth to be turned off in 'fake_gssapi_krb5' 
This allows the older 'like Samba3' GENSEC krb5 implementation to work
against Windows 2008.  I'm using this to track down interop issues in
this area.

Andrew Bartlett
 2009-07-16 09:23:35 +10:00
Stefan Metzmacher
57afa1edeb s4:auth/ntlmssp: let _unwrap fallback to seal if sign only doesn't work 
s4:auth/ntlmssp: let _unwrap fallback to seal if sign only doesn't work

Windows always uses SEAL with NTLMSSP on LDAP connection even if not negotiated.

metze
 2009-07-08 13:15:22 +02:00
Andrew Bartlett
6dd6ccbdc9 s4:auth It is easier to copy the session key than get talloc right. 
The session keys as supplied already have a reference on them, so
stealing them creates challenges.  For 16 bytes, it is just easier to
be consistant and copy them.

Andrew Bartlett
 2009-07-07 13:27:47 +10:00
Andrew Tridgell
6a192020a2 gensec_start now steals the auth_context 2009-07-01 15:15:37 +10:00
Andrew Tridgell
08ed6a2281 another case that should use py_talloc_reference 2009-07-01 15:15:37 +10:00
Andrew Tridgell
f7a6206b55 removed a redundent talloc_steal 2009-07-01 15:15:36 +10:00
Andrew Tridgell
b2c3c08b46 fixed the use of talloc_steal in ntlmssp_server 
The previous use of talloc_steal could cause a steal of a pointer that
had references. This ensures that doesn't happen
 2009-07-01 15:15:36 +10:00
Don Davis
9aff7b0b59 Rework the kerberos-notes.txt in order and format 
This reworks the notes file to be less stream-of-consciousness and more
task for porting, with a very particular focus on a potential port of
Samba4 to use MIT Kerberos.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2009-06-30 18:12:02 +10:00
Kai Blin
4250eab4b5 s4 auth_winbind: Internally, info3 has utf8 buffers, not utf16 buffers. 
Thanks to gd for the catch.
 2009-06-25 21:36:49 +02:00
Kai Blin
309924e5c1 s4 auth_winbind: Don't allocate the rids for the info3 structure within the loop 2009-06-25 19:38:51 +02:00
Kai Blin
946beae010 s4: Add libwbclient backend to auth_winbind 2009-06-25 19:18:40 +02:00
Matthias Dieter Wallnöfer
2627c6c0c2 Fixed some uninitialised variables 
I tried hard to not change the program logic. Should fix bug #6439.
 2009-06-19 11:32:01 +10:00
Andrew Bartlett
6620489e7f Remove unused variable 2009-06-18 14:02:13 +10:00
Andrew Bartlett
19413c5249 s4:kdc Allow a password change when the password is expired 
This requires a rework on Heimdal's windc plugin layer, as we want
full control over what tickets Heimdal will issue.  (In particular, in
case our requirements become more complex in future).

The original problem was that Heimdal's check would permit the ticket,
but Samba would then deny it, not knowing it was for kadmin/changepw

Also (in hdb-samba4) be a bit more careful on what entries we will
make the 'change_pw' service mark that this depends on.

Andrew Bartlett
 2009-06-18 13:49:30 +10:00
Andrew Bartlett
0ac46b00ab s4:gensec Print GSSAPI error message when unable to find PAC 2009-06-18 13:49:30 +10:00
Jelmer Vernooij
7b8fcacda2 pycredentials: Raise MemoryError when unable to create objects. 2009-06-17 20:45:38 +02:00
Jelmer Vernooij
d4172bbcc5 pycredentials: Fix memory leak. 2009-06-17 20:45:38 +02:00
Andrew Bartlett
9b261c008a s4:heimdal: import lorikeet-heimdal-200906080040 (commit 904d0124b46eed7a8ad6e5b73e892ff34b6865ba) 
Also including the supporting changes required to pass make test

A number of heimdal functions and constants have changed since we last
imported a tree (for the better, but inconvenient for us).

Andrew Bartlett
 2009-06-12 07:45:48 +10:00
Donald T. Davis
9e7501b2cb Clarify and expand the Kerberos notes made by Andrew Bartlett in 2005 
Compiled with Andrew over a series of phone calls and gobby sessions,
with the aim of documenting Kerberos requirements for Samba to us an
alternate (ie, MIT) Kerberos library.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2009-06-10 11:38:27 +10:00
Andrew Bartlett
fbde0011e6 Remove copy of kerberos-notes.txt added in incorrect location 2009-06-10 11:37:49 +10:00
Donald T. Davis
8e1b848aed Clarify and expand the Kerberos notes made by Andrew Bartlett in 2005 
Compiled with Andrew over a series of phone calls and gobby sessions
with Andrew, with the aim of documenting Kerberos requirements for
Samba to us an alternate (ie, MIT) Kerberos library.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2009-06-10 11:19:18 +10:00
Andrew Tridgell
dfd56dd294 changed the auth path to use extended DN ops to avoid non-indexed searches 
Logs showed that every SAM authentication was causing a non-indexed
ldb search for member=XXX. This was previously indexed in Samba4, but
since we switched to using the indexes from the full AD schema it now
isn't.

The fix is to use the extended DN operations to allow us to ask the
server for the memberOf attribute instead, with with the SIDs attached
to the result. This also means one less search on every
authentication.

The patch is made more complex by the fact that some common routines
use the result of these user searches, so we had to update all
searches that uses user_attrs and those common routines to make sure
they all returned a ldb_message with a memberOf filled in and the SIDs
attached.
 2009-06-04 14:10:11 +10:00
Jelmer Vernooij
6ace18904d Fix more unresolved symbols. 2009-06-02 18:05:41 +02:00
Jelmer Vernooij
fe2b04b4bb python: Move helper functions for using param into a separate file rather 
than linking against the python module.
 2009-06-02 18:05:40 +02:00
Jelmer Vernooij
f90782f228 Fix dependencies when using shared libraries. 2009-06-02 18:05:39 +02:00
Andrew Tridgell
a9542ba21b use domain_dn not ncname 
fixed up from previous patch that removed the use of crossref records
 2009-05-26 14:47:11 +10:00
Andrew Bartlett
6ef65389fd Don't use crossRef records to find our own domain 
A single AD server can only host a single domain, so don't stuff about
with looking up our crossRef record in the cn=Partitions container.
We instead trust that lp_realm() and lp_workgroup() works correctly.

Andrew Bartlett
 2009-05-26 12:37:09 +10:00
Andrew Tridgell
b335618d17 fixed interpretation of ACB_PWNOTREQ 
This bit actually means that we should ignore the minimum password
length field for this user. It doesn't mean that the password should
be seen as empty
 2009-05-25 15:23:54 +10:00
Andrew Bartlett
7a54cd041e Remove unused headers 2009-04-19 22:01:09 +02:00
Andrew Bartlett
dbcd80ed01 Fix Samba4 build errors with common libcli/samsync 2009-04-16 10:17:17 +10:00
Andrew Bartlett
d78cdc5fe2 Rework to use new API for common netlogon credential chaining 2009-04-14 16:23:45 +10:00
Andrew Bartlett
5095d7b1c8 Rework Samba4 to use the new common libcli/auth code 
In particular, this is the rename from creds_ to netlogon_creds_, as
well as other links to use the new common crypto.

Andrew Bartlett
 2009-04-14 16:23:44 +10:00
Andrew Bartlett
f23eea294a Push schannel_state.c into the top level. 
This is the server side state for netlogon credential chaining

Andrew Bartlett
 2009-04-14 16:23:43 +10:00
Andrew Bartlett
6c8f7e4005 Port Samba4 to the new combined libcli/auth functions 
For example, some of the new shared functionality was previously in the wkssvc
torture test.

Andrew Bartlett
 2009-04-14 16:23:41 +10:00
Andrew Bartlett
a19966375a Move ntlm_check.h into the common libcli/auth 2009-04-14 16:23:41 +10:00
Andrew Bartlett
9feea7fa4c Move MSRPC-PARSE into the common libcli/auth 
This is a depenceny of smbencrypt.c
 2009-04-14 14:19:39 +10:00
Andrew Bartlett
927a8b3304 Move libcli/auth to the top level 2009-04-14 14:19:39 +10:00
Jelmer Vernooij
1e200c1952 Merge branch 'master' of git://git.samba.org/samba 2009-03-26 15:31:02 +01:00
Stefan Metzmacher
4d96417931 s4:auth/credentials: use krb5_data_free() 
metze
 2009-03-26 15:01:02 +01:00
Stefan Metzmacher
8a264753a1 s4:auth/credentials: include gssapi/gssapi_krb5.h 
metze
 2009-03-26 15:01:02 +01:00
Jelmer Vernooij
4478756571 Strip /usr/include from include flags, so we don't end up including 
the system tevent if it's too old.
 2009-03-15 18:10:20 +01:00
Jelmer Vernooij
7972d82436 Remove -L/usr/lib from a couple more make variables. 2009-03-15 00:54:55 +01:00
Jelmer Vernooij
7ab8f373c8 Use common header file for character set handling in Samba 3 and Samba 4. 2009-03-01 22:24:34 +01:00
Jelmer Vernooij
94069bd274 s4: Use same function signature for convert_* as s3. 2009-03-01 19:55:46 +01:00
Jelmer Vernooij
9ffb6d2d9e Add allow_badcharcnv argument to all conversion function, for 
consistency with Samba 3.
 2009-03-01 06:33:40 +01:00
Andrew Bartlett
cd6026135d Push sam_get_server_info_principal into the auth subsystem 
This means it must be accessed via the supplied auth_context in the
GENSEC server, and should remove the hard depenceny of GENSEC on the
auth subsystem and ldb (allowing LDB not to rely on LDB is considered
a good thing, apparently)

Andrew Bartlett
 2009-02-13 14:02:49 +11:00
Andrew Bartlett
71632a1697 Remove auth/ntlm as a dependency of GENSEC by means of function pointers. 
When starting GENSEC on the server, the auth subsystem context must be
passed in, which now includes function pointers to the key elements.

This should (when the other dependencies are fixed up) allow GENSEC to
exist as a client or server library without bundling in too much of
our server code.

Andrew Bartlett
 2009-02-13 10:24:16 +11:00
Stefan Metzmacher
40c3ab2fbc s4:auth/ntlm: fix c++ warning 
metze
 2009-02-05 18:18:09 +01:00
Stefan Metzmacher
c8b9679e40 s4:pyauth: fix compiler warnings 
metze
 2009-02-05 17:48:13 +01:00
Stefan Metzmacher
0872fa7b1f s4:pycredentials: fix compiler warnings 
metze
 2009-02-05 17:48:12 +01:00
Stefan Metzmacher
eb012dd212 s4:auth/credentials: the python bindings don't use swig anymore 
metze
 2009-02-02 15:16:09 +01:00
Stefan Metzmacher
426dc44c5c s4:auth: the python bindings don't use swig anymore 
metze
 2009-02-02 15:16:09 +01:00
Stefan Metzmacher
2e82a4ced2 s4:auth/kerberos: s/private/private_data 
metze
 2009-02-02 13:08:05 +01:00
Stefan Metzmacher
e7454d46d4 s4:auth/gensec: s/private/private_data 
metze
 2009-02-02 13:08:04 +01:00
Simo Sorce
1dc745ec89 Make schannel not depend on samdb anymore. 2009-02-01 13:06:38 -05:00
Stefan Metzmacher
582b27be24 s4:auth: try to fix the build on Solaris 
MAXHOSTNAMELEN comes in via system/network.h now.

metze
 2009-01-31 11:34:12 +01:00
Jelmer Vernooij
c9d193eb08 Add prototypes required by samba-gtk. 2009-01-25 05:32:30 +01:00
Stefan Metzmacher
a83feb2fe3 s4:auth: move make_server_info_netlogon_validation() function arround 
metze
 2009-01-21 13:36:11 +01:00
Jelmer Vernooij
ba5d6e6d70 Avoid using a utility header for Python replacements included in Samba, 
since this will not be shipped with talloc/tdb/tevent/etc.
 2009-01-08 12:20:20 +01:00
Tim Prouty
61a23c5eea s3/s4 build: Fix Py_RETURN_NONE to work with python versions < 2.4 2009-01-07 15:03:16 -08:00
Jelmer Vernooij
d2c70d24e1 py: Properly increase the reference counter of Py_None. 2009-01-06 04:13:57 +01:00
Stefan Metzmacher
c72cbce6ee s4:auth/kerberos: convert to tevent_* api 
metze
 2009-01-03 19:58:56 +01:00
Stefan Metzmacher
5fa0d3d568 s4:socket: use a socket_wrapper aware function to auto close the fd event for sockets 
metze
 2009-01-03 19:58:53 +01:00
Stefan Metzmacher
183c379fe5 s4:lib/tevent: rename structs 
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"

for s in $list; do
	o=`echo $s | cut -d ':' -f1`
	n=`echo $s | cut -d ':' -f2`
	r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
	files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
	for f in $files; do
		cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
		mv $f.tmp $f
	done
done

metze
 2008-12-29 20:46:40 +01:00
Jelmer Vernooij
1feab85be6 Rename samba-socket -> samba_socket to fix a couple more compiler 
warnings.
 2008-12-24 00:15:43 +01:00
Matthias Dieter Wallnöfer
7c6a20a439 Add missing includes, required for use of gensec by 3rd-party 
applications.
 2008-12-23 20:17:59 +01:00
Jelmer Vernooij
05adbbc8c9 s4: Always link in auth, as some of the core infrastructure depends on it. 2008-12-22 18:12:22 +01:00
Jelmer Vernooij
d58270c537 Add header for pyparam. 2008-12-22 04:38:57 +01:00
Jelmer Vernooij
6efb7ff981 Fix various Python-related bugs. 2008-12-21 07:34:27 +01:00
Jelmer Vernooij
f36ff0bac2 Include errors.i verbatim in security.i, as it's the only file still using it. 2008-12-21 05:35:39 +01:00
Jelmer Vernooij
263c6670fc Convert credentials Python module to "manual" C - no SWIG used to generate 
the C code.
 2008-12-21 05:29:23 +01:00
Jelmer Vernooij
bfb29e94b1 Convert auth python module to "plain" C rather than using SWIG. 2008-12-21 03:37:31 +01:00
Stefan Metzmacher
fc31f2c526 s4:lib/socket: socket_connect_send() and socket_connect_ev() should only wrok with addresses 
metze
 2008-12-18 13:32:51 +01:00
Stefan Metzmacher
081f8883ba s4: fix LIBEVENTS dependencies and use more forward declarations 
We should only include events.h where we really need it
and prefer forward declarations of 'struct event_context'

metze
 2008-12-17 11:04:45 +01:00
Stefan Metzmacher
180245fce0 s4:kdc: allow a trusted domain to get kerberos tickets 
metze
 2008-12-04 15:45:16 +01:00
Tim Prouty
1115b7b342 s3/s4 build: Fix execinfo and sasl build error when the libs/headers are in non-standard locations. 
These configure checks have the correct flags at configure time, so
let's pass them through so they are used at compile time.
 2008-11-18 17:43:51 -08:00
Jelmer Vernooij
b45caa44e1 Fix the build. 2008-11-02 23:58:49 +01:00
Jelmer Vernooij
1e053df95c Remove use of global_loadparm for disabled gensec backends. 2008-11-02 19:28:17 +01:00
Jelmer Vernooij
ff36c52d8c Remove another use of global_loadparm. 
Eventually, we should move some of these parameters into a separate
struct (perhaps into smb_transport_options?), to avoid the long lists of
parameters.
 2008-11-02 16:07:28 +01:00
Jelmer Vernooij
c537f7a914 Fix the build. 2008-11-02 05:49:36 +01:00
Jelmer Vernooij
b034c519f5 Add gensec_settings structure. This wraps loadparm_context for now, but 
should in the future only contain some settings required for gensec.
 2008-11-02 02:05:48 +01:00
Jelmer Vernooij
a76adc5397 Remove two debug parameters, not used anywhere. 
Andrew, I was pretty sure these could be removed but if not, please let
me know.
 2008-11-02 01:03:46 +01:00
Jelmer Vernooij
7a6190e9a7 Remove another use of global_loadparm. 2008-11-02 01:03:26 +01:00
Jelmer Vernooij
3a6b88f9f9 Remove unused argument iconv_convenience. 2008-11-01 20:58:41 +01:00
Jelmer Vernooij
8c4e2eb49d Remove use of lp_*() from ntlm_check.c. 2008-11-01 17:55:57 +01:00
Jelmer Vernooij
23302413b3 Remove unused include param/param.h. 2008-10-24 16:37:56 +02:00
Jelmer Vernooij
37d885c51a Remove iconv_convenience argument from convert_string{,talloc}() but 
make them wrappers around convert_string{,talloc}_convenience().
 2008-10-24 14:26:46 +02:00
Jelmer Vernooij
8b06312f7e Eliminate another instance of global_loadparm. 2008-10-24 13:13:27 +02:00
Jelmer Vernooij
922a29992e Remove iconv_convenience parameter from simple string push/pull 
functions.
 2008-10-24 03:40:09 +02:00
Jelmer Vernooij
87ec1d2532 Make sure prototypes are always included, make some functions static and 
remove some unused functions.
 2008-10-20 18:59:51 +02:00
Andrew Bartlett
7c88ea8aad Create a 'straight paper path' for UTF16 passwords. 
This uses a virtual attribute 'clearTextPassword' (name chosen to
match references in MS-SAMR) that contains the length-limited blob
containing an allegidly UTF16 password.  This ensures we do no
validation or filtering of the password before we get a chance to MD4
it.  We can then do the required munging into UTF8, and in future
implement the rules Microsoft has provided us with for invalid inputs.

All layers in the process now deal with the strings as length-limited
inputs, incluing the krb5 string2key calls.

This commit also includes a small change to samdb_result_passwords()
to ensure that LM passwords are not returned to the application logic
if LM authentication is disabled.

The objectClass module has been modified to allow the
clearTextPassword attribute to pass down the stack.

Andrew Bartlett
 2008-10-16 12:48:16 +11:00
Jelmer Vernooij
235e68f7b7 Remove unused variable. 2008-10-15 00:09:08 +02:00
Jelmer Vernooij
1b99d8fbb5 Use common util_file code. 2008-10-12 17:34:43 +02:00
Jelmer Vernooij
218f482fbf Use common strlist implementation in Samba 3 and Samba 4. 2008-10-12 00:56:56 +02:00
Jelmer Vernooij
9565999755 Fix include paths to new location of libutil. 2008-10-11 21:31:42 +02:00
Jelmer Vernooij
caa4e42860 Move lib/util from source4 to top-level libutil. 
Conflicts:

	source4/Makefile
 2008-10-11 21:05:38 +02:00
Jelmer Vernooij
2c4391e950 Provide the same set of helper functions for DEBUG in Samba 3 and Samba 
4, even though the macros are still different.

This makes it possible to use object code compiled with one DEBUG()
macro from the other sourceX directory.
 2008-10-11 20:44:19 +02:00
Stefan Metzmacher
999b69d176 s4:gensec: pass down want_features to the spnego backend mech 
metze
 2008-10-06 19:21:44 +02:00
Andrew Tridgell
f84093df86 Merge branch 'master' of ssh://git.samba.org/data/git/samba 2008-09-30 13:02:09 -07:00
Jelmer Vernooij
181ee01da6 Pass session options around; saves another use of global_loadparm. 2008-09-30 02:47:19 +02:00
Andrew Tridgell
a270ddb6e3 make the schannel creentials persistent 
this makes testing with the WSPP test suite much easier over samba
restarts
 2008-09-29 14:04:48 -07:00
Matthias Dieter Wallnöfer
b39b6099a4 Cosmetic corrections for the KERBEROS library 
This commit applies some cosmetic corrections for the KERBEROS library.
 2008-09-24 19:40:03 +02:00
Matthias Dieter Wallnöfer
79854dc48a Kerberos cosmetic changes: Revert a part of the patch 
Reverts a part of the patch because it changes the function of the code (suggested by Jelmer).
 2008-09-24 19:40:03 +02:00
Matthias Dieter Wallnöfer
57edd24ca0 Cosmetic corrections for the KERBEROS library 
This commit applies some cosmetic corrections for the KERBEROS library.
 2008-09-24 19:40:03 +02:00
Jelmer Vernooij
b9890af546 Merge branch 'master' of ssh://git.samba.org/data/git/samba into crypto 2008-09-24 16:11:13 +02:00
Jelmer Vernooij
6925202bde Move source4/lib/crypto to lib/crypto. 2008-09-24 15:30:23 +02:00
Simo Sorce
83b0c5d43f Fix nasty bug that would come up only if a client connection to a remote 
ldap server suddenly dies.
We were creating a wrong talloc hierarchy, so the event.fde was not
freed automatically as expected. This in turn made the event system call
the ldap io handlers with a null packet structure, causing a segfault.
Fix also the ordering in ldap_connection_dead()
Thanks to Metze for the huge help in tracking down this one.
 2008-09-24 01:43:57 -04:00
Simo Sorce
508527890a Merge ldb_search() and ldb_search_exp_fmt() into a simgle function. 
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
 2008-09-23 18:17:46 -04:00
Stefan Metzmacher
588af6901b gensec_krb5: only give away the session key, when the authentication is done 
metze
 2008-09-23 11:30:02 +02:00
Stefan Metzmacher
02cffed79d gensec_gssapi: only give away the session key, when the authentication is done 
metze
 2008-09-23 11:30:01 +02:00
Stefan Metzmacher
23e31350f5 ntlmssp: only give away the session key, when the authentication is done 
metze
 2008-09-23 11:30:01 +02:00
Matthias Dieter Wallnöfer
d173644f10 NTLMSSP Server: Correctly fills in the DNS server name and server domain 
Don't rely on "get*" system calls but rather on SAMBA "lp_*" calls.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2008-09-19 16:33:30 +02:00
Jelmer Vernooij
6f6e42ce60 Generate with 1.3.36. 2008-09-18 23:55:50 +02:00
Andrew Bartlett
a35263e1ab Implement NETLOGON PAC verfication on the server-side 
This is implemented by means of a message to the KDC, to avoid having
to link most of the KDC into netlogon.

Andrew Bartlett
(This used to be commit 82fcd7941f)
 2008-09-03 15:30:17 +10:00
Andrew Bartlett
c79dff2e9b Heimdal provides Kerberos PAC parsing routines. Use them. 
This uses Heimdal's PAC parsing code in the:
 - LOCAL-PAC test
 - gensec_gssapi server
 - KDC (where is was already used, the support code refactored from here)

In addition, the service and KDC checksums are recorded in the struct
auth_serversupplied_info, allowing them to be extracted for validation
across NETLOGON.

Andrew Bartlett
(This used to be commit 418b440a7b)
 2008-08-28 16:28:47 +10:00
Andrew Bartlett
031d145e38 Put the internal gensec_gssapi state into a header. 
This will allow a torture suite to inspect some otherwise internal
details.

Andrew Bartlett
(This used to be commit 9701149ef7)
 2008-08-27 16:24:05 +10:00
Stefan Metzmacher
26853e4607 gensec_gssapi: only cache the session key in STAGE_DONE 
The key may change because we switch from initiator to acceptor
subkey.

metze
(This used to be commit 66244092a4)
 2008-08-14 13:13:52 +02:00
Stefan Metzmacher
8c0fbbf6e9 gensec_gssapi: add support for GENSEC_FEATURE_NEW_SPNEGO 
metze
(This used to be commit 9246924eff)
 2008-08-12 16:21:40 +02:00
Stefan Metzmacher
588cc81760 gensec_gssapi: fix compiler warnings 
metze
(This used to be commit f4f4bb7fe9)
 2008-08-12 16:21:40 +02:00
Stefan Metzmacher
b686328039 gensec_gssapi: add a function to load the lucid structure once 
metze
(This used to be commit daa986d1d0)
 2008-08-12 16:21:39 +02:00
Stefan Metzmacher
8ba2041bf3 gensec: add support for new style spnego and correctly handle mechListMIC 
metze
(This used to be commit 05a3403967)
 2008-08-12 16:21:39 +02:00
Stefan Metzmacher
50fb2059c0 gensec_gssapi: use the correct signature size for cfx/rfc4121 style signatures 
metze
(This used to be commit fcabe24f96)
 2008-08-08 15:30:06 +02:00
Stefan Metzmacher
dd35840d9b gensec_gssapi: use gsskrb5_get_subkey() to get the session key 
This is needed to get the correct key, when aes keys are used.

metze
(This used to be commit 7587a7d8b6)
 2008-08-08 15:29:16 +02:00
Andrew Bartlett
bf0f1f6d1a Always set a session key, even for the 'no password' case. 
This is for bug 5664 reported by Tom <hto@arcor.de>.

Andrew Bartlett
(This used to be commit b345c9cf53)
 2008-08-08 14:06:42 +10:00
Andrew Bartlett
08d20ece96 Clarify comment 
(This used to be commit 580cce9de3)
 2008-08-08 14:06:40 +10:00
Stefan Metzmacher
fd84beb194 gensec_gssapi: add support for GENSEC_FEATURE_SIGN_PKT_HEADER 
This only works for sign/verify_packet() yet,
seal/unseal_packet() doesn't work yet...

metze
(This used to be commit c62e5d23a6)
 2008-08-07 15:40:00 +02:00
Stefan Metzmacher
fe7e90cca4 gensec: add GENSEC_FEATURE_SIGN_PKT_HEADER flag 
metze
(This used to be commit d7dfdbaf34)
 2008-08-07 15:06:59 +02:00
Stefan Metzmacher
d0f0d5e691 auth/kerberos: remove dependencies to internal heimdal 
metze
(This used to be commit ed0fc19ac6)
 2008-08-01 21:10:40 +02:00
Stefan Metzmacher
9cc663af6e auth/kerberos: we don't need to include heimdal private headers 
metze
(This used to be commit 6ec3887aee)
 2008-08-01 17:52:37 +02:00
Stefan Metzmacher
c251443e73 gensec_gssapi: include <gssapi/gssapi.h> 
metze
(This used to be commit 49e01d00bd)
 2008-08-01 17:52:37 +02:00
Stefan Metzmacher
ca086c9e2c auth_server: set the workstation name 
metze
(This used to be commit 6d640ee4b8)
 2008-08-01 17:27:18 +02:00
Stefan Metzmacher
35cd60b002 build with the new heimdal version 
(This used to be commit 3817d653fa)
 2008-08-01 16:11:00 +02:00
Stefan Metzmacher
d087545deb auth/ntlmssp: don't crash when the backend give no challenge 
metze
(This used to be commit c01fee80a7)
 2008-08-01 16:10:59 +02:00
Stefan Metzmacher
f1cdce5963 auth_server: fix the logic of server_get_challenge() 
metze
(This used to be commit 699e3cdb52)
 2008-08-01 15:54:57 +02:00
Stefan Metzmacher
5d68244a27 auth_server: fix segfault reported by Julien Kerihuel <j.kerihuel@openchange.org> 
metze
(This used to be commit c2cc8ef943)
 2008-08-01 15:22:25 +02:00
Stefan Metzmacher
e45c3e127d Revert "gensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with aes keys work" 
This reverts commit 73964f0690.

This breaks more than it gains:-( It seems to break the ncacn_np session key

metze
(This used to be commit 9678085f75)
 2008-07-28 17:59:17 +02:00
Stefan Metzmacher
c4c79aa1b6 gensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with aes keys work 
SMB signing with aes doesn't work, but still works with
arcfour-hmac-md5, des-cbc-md5 and des-cbc-crc.

metze
(This used to be commit 73964f0690)
 2008-07-28 16:15:23 +02:00
Stefan Metzmacher
0299edbc02 auth/credentials: explain why we need to the enctypes for the gssapi layer 
metze
(This used to be commit 88970c4d41)
 2008-07-28 09:29:42 +02:00
Stefan Metzmacher
55ea54ec64 gensec_gssapi: add support for signing RPC messages 
metze
(This used to be commit dc2847c0ac)
 2008-07-26 21:48:32 +02:00
Stefan Metzmacher
21592142c3 auth/credentials: use the same enctypes when getting a TGT and a TGS 
metze
(This used to be commit 9fc5750156)
 2008-07-26 21:46:43 +02:00
Andrew Bartlett
63d91e9ab0 Kill of some bogus debugs for the world who does not use the LDAP backend 
(This used to be commit 5bde586bdb)
 2008-07-15 19:31:37 +10:00
Andrew Bartlett
f5d18f4d24 Allow ldap credentials to be (optionally) stored in secrets.ldb 
This includes a simple bind DN, or SASL credentials.

The error messages are reworked as on systems without an LDAP backend,
we will fail to find this record very often.

Andrew Bartlett
(This used to be commit 95825ae6d5)
 2008-07-15 15:05:41 +10:00
Andrew Bartlett
9caa8d3da1 Try to make NTLMSSP less fussy for unimportant messages. 
We don't really care (because nobody uses them) what we send as the
domain and workstation in the negotiate packet.

Andrew Bartlett
(This used to be commit 9ac07e1487)
 2008-07-15 15:04:06 +10:00
Stefan Metzmacher
93bc9f49a2 auth: don't force the build of auth_server as shared_module 
metze
(This used to be commit b5187dd58c)
 2008-06-30 09:25:30 +02:00
Michael Adam
db7bd968da ntlmssp: get rid of "cast to pointer from integer of different size" warning on 64 bit 
Not sure if this check is actually necessary, though:
the second should be sufficient.

Michael
(This used to be commit 2813882ef3)
 2008-06-27 14:27:30 +02:00
Stefan Metzmacher
78ed0f72a6 credentials: gss_set_cred_option() doesn't like GSS_C_NO_BUFFER 
metze
(This used to be commit 31cf1a781e)
 2008-06-27 12:43:04 +02:00
Michael Adam
65ce11c5f3 credentials: gss_set_cred_option() needs gss_cred_id_t * argument, not gss_cred_id_t. 
This call was added in f573c1ff44.
Metze, please check!

Michael
(This used to be commit 2b40fd7e95)
 2008-06-27 09:26:35 +02:00
Stefan Metzmacher
809d82d169 credentials: set GSS_KRB5_CRED_NO_CI_FLAGS_X to avoid GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG 
metze
(This used to be commit f573c1ff44)
 2008-06-19 13:59:38 +02:00
Simo Sorce
ab871770ca Fix build 
(This used to be commit 220b580702)
 2008-06-16 09:06:50 -04:00
Simo Sorce
929adc9efa Make up the right dependencies now that ldb depends on libevents 
(This used to be commit 3b8eec7ca3)
 2008-06-14 11:59:19 -04:00
Andrew Bartlett
be14efbdf9 Revert Jelmer's CFLAGS commit e2b71a0ecb 
This commit broke the build, because not all files (libreplace, popt)
were updated.

Andrew Bartlett
(This used to be commit 3faacf4351)
 2008-05-31 08:35:55 +10:00
Jelmer Vernooij
39f50afc57 Move CFLAGS handling out of smb_build. 
(This used to be commit e2b71a0ecb)
 2008-05-30 02:07:28 +02:00
Jelmer Vernooij
73b789b6d2 Add docstrings to a couple more python modules. 
(This used to be commit b4560c90e5)
 2008-05-24 04:01:57 +02:00
Jelmer Vernooij
a46450810b Regenerate with SWIG 1.3.35. 
(This used to be commit ce063eca49)
 2008-05-23 03:22:56 +02:00
Jelmer Vernooij
d0b3551097 Add some docstrings to credentials python module. 
(This used to be commit 7b4435a68c)
 2008-05-23 00:35:39 +02:00
Jelmer Vernooij
5ce59419a0 Fix CFLAGS for SWIG files. 
(This used to be commit 8ee4f07504)
 2008-05-22 02:13:26 +02:00
Jelmer Vernooij
49706ab19b Move more modules inside of the samba package. 
(This used to be commit 9b39e99f48)
 2008-05-21 23:59:34 +02:00
Jelmer Vernooij
b1fc7bab11 Move some python files into the samba package. 
(This used to be commit ed38c668cd)
 2008-05-21 21:50:56 +02:00
Jelmer Vernooij
82bcf967b7 Move CFLAGS overrides for SWIG modules to Makefile. 
(This used to be commit 58665a8a8e)
 2008-05-21 21:32:53 +02:00
Jelmer Vernooij
2914b0ca04 Remove support for .py files from smb_build - deal with it only in the makefiles. 
(This used to be commit b865249efa)
 2008-05-21 21:24:48 +02:00
Jelmer Vernooij
1323e3e736 Fix proto generation. 
(This used to be commit 7385d9641d)
 2008-05-20 01:02:05 +02:00
Andrew Bartlett
868c45102d Don't regenerate pam_errors.h any more. 
Due to the new rules on prototypes, it must be a static header file.

Andrew Bartlett
(This used to be commit cf60a9b34e)
 2008-05-20 08:06:50 +10:00
Andrew Bartlett
343fea32cc Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local 
Fix config.mk due to changing syntax.

Conflicts:

	source/libcli/config.mk
	source/nbt_server/config.mk
(This used to be commit 6a1c76f29f)
 2008-05-20 08:03:35 +10:00
Jelmer Vernooij
60ae8f0657 Fix a bunch of dependencies. 
(This used to be commit a63f458462)
 2008-05-18 23:40:23 +02:00
Jelmer Vernooij
4c70cda986 Fix a couple (well, little more than that..) of typos. 
(This used to be commit a6b5211994)
 2008-05-18 23:02:47 +02:00
Jelmer Vernooij
4c8756f147 Create prototype headers from Makefile directory, without smb_build in the middle. 
(This used to be commit f4a77b96f9)
 2008-05-18 22:30:08 +02:00
Jelmer Vernooij
e3a615172e Merge branch 'v4-0-test' of /home/jelmer/samba34.git/samba4 into v4-0-test 
Conflicts:

	source/build/smb_build/makefile.pm
(This used to be commit 57b57b1ff9)
 2008-05-18 21:10:41 +02:00
Jelmer Vernooij
78f804c497 Typo, formatting fixes. 
(This used to be commit 5c961c0b41)
 2008-05-18 21:10:09 +02:00
Jelmer Vernooij
dc114f8c5a Avoid smb_build for prototype headers in some places. 
(This used to be commit 4876c4efbb)
 2008-05-18 21:09:04 +02:00
Jelmer Vernooij
137ec6e340 Use variables for source directory in a couple more places. 
(This used to be commit 2860a7db59)
 2008-05-18 19:46:09 +02:00
Jelmer Vernooij
6267dd7853 Clean up some git merges gone wrong. 
(This used to be commit 42eb6b3346)
 2008-05-10 20:59:17 +02:00
Jelmer Vernooij
7b45a4d7fa Merge branch 'v4-0-test' into v4-0-gmake3 
Conflicts:

	source/auth/config.mk
	source/auth/gensec/config.mk
	source/torture/smbtorture.c
(This used to be commit edfd02e59b)
 2008-05-10 18:08:00 +02:00
Jelmer Vernooij
c3efee27b6 Install session.h, required by OpenChange's proxy. 
(This used to be commit 44d8b70004)
 2008-05-08 10:53:03 +02:00
Tiago Batista
674d089bea Tiago Batista posted a patch to fix the build: 
Trying to compile the latest git tree, I got some errors
"auth/pam_error.h not found" errors, it looks like it moved to
auth/ntlm/pam_errors.h.

Andrew Bartlett
(This used to be commit 95831a015a)
 2008-05-06 08:12:03 +10:00
Andrew Bartlett
714b3a87d2 Fix the build after the auth/ -> auth/ntlm/ rename 
I need to fix up the header inclusion, but this fixes things for now.

Andrew Bartlett
(This used to be commit 7c07edb24b)
 2008-05-05 19:28:38 +10:00
Andrew Bartlett
7ee76eeae5 Move NTLM authentication details into auth/ntlm 
This should help clarify the role of the various files around here
(done on Jelmer's request).

Andrew Bartlett
(This used to be commit efa3990375)
 2008-05-05 15:23:57 +10:00
Andrew Bartlett
2c95244f11 Add a new implementation of security=server. 
This is not intended for general use, and will not be easily exposed
(if I have anything to do with it), but should allow the CIFS proxy to
re-use the connection.

A work in progress.

Andrew Bartlett
(This used to be commit a1e60ebc6d)
 2008-05-05 13:21:18 +10:00
Andrew Bartlett
fe7d460671 Allow an NTLM response to be specified into the auth subsystem. 
This allows it to be proxied for NTLM pass-though authentication (aka
security=server and associated man-in-the-middle attacks).

Andrew Bartlett
(This used to be commit 6ffabb38d0)
 2008-05-05 12:58:15 +10:00
Andrew Bartlett
7c5704499a Fix dependencies on gensec_krb5 and the NTLMSSP code. 
This is so that gensec_krb5 does not depend on the NTLM authentication
code.

Andrew Bartlett
(This used to be commit 71ec5bfb3e)
 2008-04-26 09:50:15 +01:00
Jelmer Vernooij
cc9c4aaa8d Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-gmake3 
Conflicts:

	source/Makefile
	source/auth/config.mk
	source/auth/gensec/config.mk
	source/build/m4/public.m4
	source/build/make/python.mk
	source/build/make/rules.mk
	source/build/smb_build/header.pm
	source/build/smb_build/main.pl
	source/build/smb_build/makefile.pm
	source/dsdb/config.mk
	source/dsdb/samdb/ldb_modules/config.mk
	source/kdc/config.mk
	source/lib/events/config.mk
	source/lib/events/events.c
	source/lib/ldb/config.mk
	source/lib/nss_wrapper/config.mk
	source/lib/policy/config.mk
	source/lib/util/config.mk
	source/libcli/smb2/config.mk
	source/libnet/config.mk
	source/librpc/config.mk
	source/nbt_server/config.mk
	source/ntptr/ntptr_base.c
	source/ntvfs/posix/config.mk
	source/ntvfs/sysdep/config.mk
	source/param/config.mk
	source/rpc_server/config.mk
	source/rpc_server/service_rpc.c
	source/scripting/ejs/config.mk
	source/scripting/python/config.mk
	source/smb_server/config.mk
	source/smbd/server.c
	source/torture/config.mk
	source/torture/smb2/config.mk
	source/wrepl_server/config.mk
(This used to be commit 13bbd42068)
 2008-04-25 10:04:20 +01:00
Andrew Bartlett
ed5ddabc43 Add documentation to session token functions. 
(This used to be commit ec4a108d1d)
 2008-04-24 13:30:36 +01:00
Simo Sorce
4e83011f72 Remove more event_context_init() uses from function calls within deep down the code. 
Make sure we pass around the event_context where we need it instead.
All test but a few python ones fail. Jelmer promised to fix them.
(This used to be commit 3045d39162)
 2008-04-21 18:12:33 -04:00
Jelmer Vernooij
21fc767378 Specify event_context to ldb_wrap_connect explicitly. 
(This used to be commit b4e1ae07a2)
 2008-04-17 12:23:44 +02:00
Jelmer Vernooij
1efbd5fbf6 Remove event context tracking from the credentials struct. 
(This used to be commit 4d7fc946b2)
 2008-04-17 01:03:18 +02:00
Jelmer Vernooij
08baea013b Move SOVERSION, VERSION and PC_FILE out of smb_build but use make variables directly instead. 
(This used to be commit 9d0ae012b0)
 2008-04-15 02:25:16 +02:00
Jelmer Vernooij
d04926914a Fix the build. 
(This used to be commit ecaa5bb83b)
 2008-04-15 01:40:32 +02:00
Jelmer Vernooij
a15b6f1606 Fix unresolved symbols. 
(This used to be commit 8573e828d1)
 2008-04-14 20:00:04 +02:00
Jelmer Vernooij
e9017ba418 Use _OBJ_FILES variables in a couple more places. 
(This used to be commit 92856d5054)
 2008-04-14 17:22:58 +02:00
Jelmer Vernooij
ffc5cbfe80 Move object files lists to makefile rather than smb_build. 
(This used to be commit 5628d58990)
 2008-04-14 16:53:00 +02:00
Jelmer Vernooij
f78bc8c489 Remove prototypes from build.h in preparation of removing build.h 
altogether.
(This used to be commit dbeab2a9cd)
 2008-04-14 11:54:50 +02:00
Jelmer Vernooij
b5d84a74d1 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-gmake3 
Conflicts:

	source/auth/credentials/config.mk
	source/auth/gensec/config.mk
	source/build/smb_build/makefile.pm
	source/heimdal_build/config.mk
	source/lib/events/config.mk
	source/lib/nss_wrapper/config.mk
	source/lib/policy/config.mk
	source/lib/registry/config.mk
	source/lib/socket_wrapper/config.mk
	source/lib/tdb/config.mk
	source/lib/tls/config.mk
	source/lib/util/config.mk
	source/libcli/config.mk
	source/libcli/ldap/config.mk
	source/libnet/config.mk
	source/librpc/config.mk
	source/param/config.mk
	source/rpc_server/config.mk
	source/scripting/ejs/config.mk
	source/smbd/process_model.mk
(This used to be commit 760378e029)
 2008-04-08 03:45:06 +02:00
Andrew Bartlett
4c449fe95f Extend credentials python API to include set_machine_account. 
Andrew Bartlett
(This used to be commit 88b7a3980c)
 2008-04-05 21:39:26 +11:00
Jelmer Vernooij
236fc02913 Reduce the number of installed headers. 
(This used to be commit 2243e24024)
 2008-04-02 13:41:10 +02:00
Jelmer Vernooij
afe3e8172d Install public header files again and include required prototypes. 
(This used to be commit 47ffbbf674)
 2008-04-02 04:53:27 +02:00
Andrew Bartlett
142fbfb3c1 Fix and test python scripts and kerberos 
This fixes up the python credentials interface in a number of areas,
with the aim of supporting '-k yes' as a command line option.  (This
enables the use of kerberos).

As such, I've had to change the get_credentials call to take a
loadparm context, so that the credentials can be initialised
correctly.

The test_kinit script has been modified to prove that this continues
to work, as well as to provide greater code coverage of the kerberos
paths.

Andrew Bartlett
(This used to be commit 727ef40c2b)
 2008-03-28 21:57:15 +11:00
Jelmer Vernooij
18d80bdf1f Merge v4.0-test 
(This used to be commit 977dbdeaf3)
 2008-03-28 00:44:14 +01:00
Andrew Bartlett
dc49ae599e Remove useless extra argument to samdb_result_account_expires(). 
Andrew Bartlett
(This used to be commit bc607c334f)
 2008-03-25 15:25:13 +11:00
Andrew Bartlett
87e6d7eab1 Don't require users of credentials.h to have krb5.h and gssapi.h 
Rather than require users of Samba4's headers to have krb5-devel
installed (presumably in their system paths), don't expose the minor
functions which require this by default.

Andrew Bartlett
(This used to be commit f14737e4d2)
 2008-03-17 15:22:52 +11:00
Jelmer Vernooij
e3f6a9a0d4 Move PC_FILE out of the perl code. 
(This used to be commit ca8d4260ad)
 2008-03-09 02:53:54 +01:00
Jelmer Vernooij
fb6fdfce37 Fix the build. 
(This used to be commit f2e4974471)
 2008-03-08 17:02:40 +01:00
Jelmer Vernooij
2bf39edc9d Push SOVERSION and VERSION out of perl code. 
(This used to be commit 0ba8ac6a14)
 2008-03-08 15:28:12 +01:00
Jelmer Vernooij
6a1f56d82a Fix the build. 
(This used to be commit 3b7940d531)
 2008-03-07 20:33:12 +01:00
Jelmer Vernooij
fc2cd5ed63 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-gmake3 
(This used to be commit e4da851bd7)
 2008-03-07 18:03:54 +01:00
Andrew Kroeger
20c7014009 Update account expiration to use new samdb_result_account_expires() function. 
(This used to be commit 2b6b4e5a16)
 2008-03-07 05:59:56 -06:00
Jelmer Vernooij
6cf92e604d Fix the build. 
(This used to be commit 49ef8d0c19)
 2008-03-04 13:06:08 +01:00
Jelmer Vernooij
e018501ca8 Fix some paths. 
(This used to be commit bb16e51e60)
 2008-03-04 01:26:19 +01:00
Jelmer Vernooij
2d1c06c578 Fix includes. 
(This used to be commit 99e61dade2)
 2008-03-04 00:43:24 +01:00
Jelmer Vernooij
5b674be7ab Fix some syntax errors. 
(This used to be commit 906148bf87)
 2008-03-03 18:57:20 +01:00
Jelmer Vernooij
b29d47edcf Move object file lists to the Makefile. 
(This used to be commit a7e6d2a183)
 2008-03-03 18:25:28 +01:00
Jelmer Vernooij
489f66cd42 Change remaining prototype headers to be private. 
(This used to be commit 2f7ff409e8)
 2008-02-29 14:36:51 +01:00
Jelmer Vernooij
1ada710840 Move public header accumulation out of the perl code. 
Never install generated prototype files. It's easier to break the
API when using them and they're not easily readable for 3rd party users.

Conflicts:

	source/auth/config.mk
	source/auth/credentials/config.mk
	source/auth/gensec/config.mk
	source/build/smb_build/config_mk.pm
	source/build/smb_build/main.pl
	source/build/smb_build/makefile.pm
	source/dsdb/config.mk
	source/lib/charset/config.mk
	source/lib/tdr/config.mk
	source/lib/util/config.mk
	source/libcli/config.mk
	source/libcli/ldap/config.mk
	source/librpc/config.mk
	source/param/config.mk
	source/rpc_server/config.mk
	source/torture/config.mk
(This used to be commit 6c659689ed)
 2008-02-29 14:23:38 +01:00
Jelmer Vernooij
c8011b5d09 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-gmake3 
Conflicts:

	source/scripting/python/config.mk
(This used to be commit 0ac0ea660a)
 2008-02-29 12:45:46 +01:00
Andrew Bartlett
3abf47fe87 Simplify the 'password must change' logic 
This takes the previous patches further, so we catch all the cases
(the KDC looked at the time directly).

Andrew Bartlett
(This used to be commit cda4642a93)
 2008-02-29 08:47:42 +11:00
Andrew Bartlett
5043215f21 Generate ACB_PW_EXPIRED correctly 
More correctly handle expired passwords, and do not expire machine accounts.

Test that the behaviour is consistant with windows, using the RPC-SAMR test.

Change NETLOGON to directly query the userAccountControl, just because
we don't want to do the extra expiry processing here.

Andrew Bartlett
(This used to be commit acda1f69bc)
 2008-02-28 08:50:00 +11:00
Jelmer Vernooij
c5d77a1c24 Move public header accumulation out of the perl code. 
(This used to be commit 89f7c74924)
 2008-02-26 17:17:52 +01:00
Jelmer Vernooij
22ef67dd13 Fix the build (again). 
(This used to be commit ef00f6b581)
 2008-02-26 01:20:55 +01:00
Jelmer Vernooij
f112578843 Remove public prototype headers. Generating both public and private prototype headers is tricky with gmake and it's easy to break backwards compatibility for the public API with them. 
(This used to be commit dee1cb6b08)
 2008-02-25 23:09:56 +01:00
Jelmer Vernooij
584c4a518f Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-gmake3 
Conflicts:

	source/build/smb_build/header.pm
	source/build/smb_build/makefile.pm
	source/lib/ldb/include/ldb_private.h
(This used to be commit 1a646af064)
 2008-02-25 12:58:09 +01:00
Jelmer Vernooij
263a77c561 Remove more uses of global_loadparm. 
(This used to be commit a1715b1f48)
 2008-02-21 15:45:32 +01:00
Jelmer Vernooij
37deca2d41 Avoid use of global_loadparm. 
(This used to be commit c5a95bbe0c)
 2008-02-21 14:16:02 +01:00
Jelmer Vernooij
39a6495c86 Make more module init functions public, since they are compiled with -fvisibility=hidden. Not doing this causes failures on Mac OS X. 
(This used to be commit da1a9438bd)
 2008-02-20 19:40:20 +01:00
Jelmer Vernooij
5e0f8cabee Make all auth module init functions public, since they are compiled with -fvisibility=hidden. Not doing this causes failures on Mac OS X. 
(This used to be commit 675bab7380)
 2008-02-20 19:34:45 +01:00
Jelmer Vernooij
b4017955e1 Merge branch 'v4-0-trivial' into v4-0-gmake3 
Conflicts:

	source/build/smb_build/input.pm
	source/build/smb_build/main.pl
	source/build/smb_build/makefile.pm
(This used to be commit bc11e3ef1c)
 2008-02-18 22:25:19 +01:00
Jelmer Vernooij
ff0315ba85 Rename include to mkinclude to emphasize it is different from make's include. 
(This used to be commit 0e1d0a874a)
 2008-02-18 20:04:18 +01:00
Jelmer Vernooij
602f4635da Get rid of 'INTEGRATED' build of modules - now replaced by 'MERGED_OBJ' 
(This used to be commit 269cbf84d8)
 2008-02-18 19:06:17 +01:00
Jelmer Vernooij
b66ee2ed22 Move responsibilities of build.h to makefile. 
(This used to be commit a43f6d37bc)
 2008-02-16 18:38:02 +01:00
Stefan Metzmacher
81db831973 cyrus_sasl: fix compiler warnings 
metze
(This used to be commit 558c717c6c)
 2008-02-15 08:49:33 +01:00
Jelmer Vernooij
52bc292f58 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-trivial 
(This used to be commit d4d4120b71)
 2008-01-24 22:00:07 +01:00
Stefan Metzmacher
a1c7b35bba netlogon.idl: make use of bitmap samr_GroupAttrs 
metze
(This used to be commit 6d68161e67)
 2008-01-24 10:24:41 +01:00
Jelmer Vernooij
9a3cbd276b python: Add bindings for cli_credentials_set_cmdline_callbacks(). 
(This used to be commit 557207f86b)
 2008-01-24 01:05:19 +01:00
Jelmer Vernooij
7af1c83e45 Default to creating anonymous credentials. 
(This used to be commit f93bd899f1)
 2008-01-23 23:38:58 +01:00
Jelmer Vernooij
a259547786 build: Remove support for DESCRIPTION setting that is now unused. 
(This used to be commit 91d7ba5202)
 2008-01-22 18:49:51 +01:00
Jelmer Vernooij
2f98f4b24e gensec: Use manually written .pc file. 
(This used to be commit 96a5ac9db2)
 2008-01-22 18:39:54 +01:00
Jelmer Vernooij
939edd0eb7 util: Move asn1 to lib/util to trim down the number of subsystems. 
(This used to be commit 44e1cfd2d0)
 2008-01-15 01:04:38 +01:00
Jelmer Vernooij
3b16c532f2 pidl/python: Pass credentials and loadparm context when connecting using DCE/RPC. 
(This used to be commit 4c87af9531)
 2008-01-14 19:53:06 +01:00
Jelmer Vernooij
6f79af9d13 r26652: msrpc_parse/msrpc_gen: Add iconv_convenience argument. 
(This used to be commit e886f1bc0d)
 2008-01-03 12:33:36 -06:00
Jelmer Vernooij
771b347f9b r26644: Janitorial: Pass resolve_context explicitly to various SMB functions, should help fix the build for OpenChange. 
(This used to be commit 385ffe4f4c)
 2008-01-02 12:48:03 -06:00
Jelmer Vernooij
9d136bc0a3 r26640: Janitorial: Remove some more uses of global_loadparm. 
(This used to be commit c863f4ebde)
 2008-01-01 19:57:01 -06:00
Jelmer Vernooij
7d5f0e0893 r26639: librpc: Pass iconv convenience on from RPC connection to NDR library, so it can be overridden by OpenChange. 
(This used to be commit 2f29f80e07)
 2008-01-01 16:12:15 -06:00
Jelmer Vernooij
86dc05e99f r26638: libndr: Require explicitly specifying iconv_convenience for ndr_struct_push_blob(). 
(This used to be commit 61ad78ac98)
 2008-01-01 16:12:11 -06:00
Jelmer Vernooij
c4a5c61a70 r26626: Install auth/session.h 
(This used to be commit 57bf390068)
 2007-12-29 12:21:03 -06:00
Jelmer Vernooij
c13ae70731 r26580: Include sentinel in build.h, in case the list is empty. 
(This used to be commit f1997dabed)
 2007-12-24 01:51:07 -06:00
Jelmer Vernooij
be33f4c611 r26576: Allow the static module loading code to be used for the Python modules. 
Simplify the way module initialization functions are handled.
(This used to be commit ba8be2dfc0)
 2007-12-24 01:51:06 -06:00
Jelmer Vernooij
d0ba9f0014 r26572: Fix warnings in the Python code. 
(This used to be commit 15038d9586)
 2007-12-24 01:51:04 -06:00
Jelmer Vernooij
aa0a06f13c r26570: - Trim size of the swig-generated Python bindings by removing a bunch of {}'s. 
- Start working on Python equivalents for various EJS tests.
- Fix regression in argument order for reg_diff_apply() in EJS bindings.
(This used to be commit c550c03372)
 2007-12-24 01:51:03 -06:00
Jelmer Vernooij
0500b87092 r26540: Revert my previous commit after concerns raised by Andrew. 
(This used to be commit 6ac86f8be7)
 2007-12-21 05:52:06 +01:00
Jelmer Vernooij
3e75f222bc r26539: Remove unnecessary statics. 
(This used to be commit e53e79eebe)
 2007-12-21 05:52:05 +01:00
Jelmer Vernooij
c260454229 r26504: Don't rely on system-provided kerberos headers. 
(This used to be commit c4b1df0476)
 2007-12-21 05:51:07 +01:00
Jelmer Vernooij
be99991267 r26484: Don't rely on removed header. 
(This used to be commit 6ca2b35085)
 2007-12-21 05:50:42 +01:00
Jelmer Vernooij
71e2cafe96 r26483: Merge ldb module dependency fixes, fix auth python module. 
(This used to be commit 85eeecf997)
 2007-12-21 05:50:41 +01:00
Jelmer Vernooij
440fd87961 r26477: Allow setting loadparm context for a ldb context in python, plus some other minor improvements. 
(This used to be commit d88527a9d6)
 2007-12-21 05:50:36 +01:00
Jelmer Vernooij
1afe054916 r26474: Move credentials-specific kerberos file to credentials subsystem. Fixes missing symbols in some of the python bindings. 
(This used to be commit e26d0fff6d)
 2007-12-21 05:50:34 +01:00
Jelmer Vernooij
1bc38f9fb3 r26464: Tighten dependencies. 
(This used to be commit 2b7cfa5d9a)
 2007-12-21 05:50:29 +01:00
Jelmer Vernooij
a21a484a01 r26460: Enable ldb python tests. 
(This used to be commit 25e9824531)
 2007-12-21 05:50:27 +01:00
Jelmer Vernooij
df8c7da800 r26454: Add simple SWIG macro for wrapping talloced types. 
(This used to be commit 760fcc8bfa)
 2007-12-21 05:50:22 +01:00
Jelmer Vernooij
bf6d40f271 r26449: Support configuration without a known configuration dir. 
(This used to be commit d3643c2152)
 2007-12-21 05:50:14 +01:00
Jelmer Vernooij
93b570616d r26445: Fix credentials python bindings. 
(This used to be commit 7a78d4cbed)
 2007-12-21 05:50:12 +01:00
Jelmer Vernooij
a2cea02584 r26430: require explicit specification of loadparm context. 
(This used to be commit 1b947fe0e6)
 2007-12-21 05:49:58 +01:00
Jelmer Vernooij
d891c0c74a r26429: Avoid use of global_smb_iconv_convenience. 
(This used to be commit d37136b7ab)
 2007-12-21 05:49:56 +01:00
Jelmer Vernooij
a5b8999f23 r26427: Avoid global_smb_iconv_convenience. 
(This used to be commit bf072c6fb3)
 2007-12-21 05:49:53 +01:00
Kai Blin
1efd92e64e r26418: Janitorial: Kill pstring in ntlmssp_parse.c 
(This used to be commit 718a5a1f3c)
 2007-12-21 05:49:47 +01:00
Kai Blin
5db23bce22 r26416: Janitorial: Fix warnings in auth/gensec/ 
As per metze's suggestion, the "unused variables" warning is left in to remind
us to fix the #else part of the #if 1
(This used to be commit e9ef98b064)
 2007-12-21 05:49:46 +01:00
Stefan Metzmacher
5bddcf45f3 r26413: we should check the return value of talloc_reference() 
metze
(This used to be commit 5f49c1b144)
 2007-12-21 05:49:45 +01:00
Jelmer Vernooij
68dc2dc526 r26399: Use -O option for SWIG (less evil generated code). 
(This used to be commit 3378b6a559)
 2007-12-21 05:49:29 +01:00
Jelmer Vernooij
1ea47faa97 r26397: Fix circular dependency in samba-socket. 
(This used to be commit 801c8c766c)
 2007-12-21 05:49:26 +01:00
Günther Deschner
0b3de65ac6 r26393: Fix inline comment. 
Guenther
(This used to be commit 55c60a3743)
 2007-12-21 05:49:23 +01:00
Jelmer Vernooij
3da665e9ac r26385: Integrate gensec-socket into gensec. 
(This used to be commit 78bb444b4b)
 2007-12-21 05:49:19 +01:00
Jelmer Vernooij
f055893ca5 r26382: Remove more uses of global_loadparm. 
(This used to be commit 6d4c598534)
 2007-12-21 05:49:17 +01:00
Jelmer Vernooij
7f0e8252e7 r26379: Remove more global_loadparm instances. 
(This used to be commit b6f66eb5e0)
 2007-12-21 05:49:13 +01:00
Jelmer Vernooij
5f4842cf65 r26376: Add context for libcli_resolve. 
(This used to be commit 459e1466a4)
 2007-12-21 05:49:12 +01:00
Jelmer Vernooij
2e1f142ab0 r26360: Add some const. 
(This used to be commit 3616ced29e)
 2007-12-21 05:49:03 +01:00
Jelmer Vernooij
038c75c0cb r26357: Add separate subsystem for auth_sam_reply parsing. 
(This used to be commit 2d61e7c96e)
 2007-12-21 05:49:02 +01:00
Jelmer Vernooij
70116cdcac r26356: Remove prototype for nonexisting function. 
(This used to be commit 2c93f8ec81)
 2007-12-21 05:49:01 +01:00
Jelmer Vernooij
fd88c3ca24 r26348: Avoid use of autofree context. 
(This used to be commit eebcf7e1b0)
 2007-12-21 05:48:53 +01:00
Jelmer Vernooij
01d2acfdb4 r26335: Specify name_resolve_order to socket code. 
(This used to be commit b03e5d0011)
 2007-12-21 05:48:46 +01:00
Jelmer Vernooij
b4e6090d42 r26323: Regenerated credentials SWIG. 
(This used to be commit 0bd01aca00)
 2007-12-21 05:48:34 +01:00
Jelmer Vernooij
bd9e8e9ae1 r26321: Fix python tests. 
(This used to be commit f9bf02fd5c)
 2007-12-21 05:48:34 +01:00
Jelmer Vernooij
9976886710 r26320: Clean up properly after error. 
(This used to be commit 9fdfe1ad8c)
 2007-12-21 05:48:33 +01:00
Jelmer Vernooij
41db2ab12c r26319: Split encoding functions out of libcli_ldap. 
(This used to be commit 95a6ef7fc8)
 2007-12-21 05:48:33 +01:00
Jelmer Vernooij
39ee38d9c1 r26316: Use contexts for conversion functions. 
(This used to be commit f6420d933b)
 2007-12-21 05:48:30 +01:00
Jelmer Vernooij
fc2f06d31b r26274: Some syntax fixes, remove more global_loadparm instances. 
(This used to be commit 3809113d86)
 2007-12-21 05:47:58 +01:00
Jelmer Vernooij
509e82e402 r26272: Remove global_loadparm in some more places. 
(This used to be commit 1ab76ecc53)
 2007-12-21 05:47:55 +01:00
Jelmer Vernooij
da0f222f43 r26271: Remove some more uses of global_loadparm. 
(This used to be commit e9875fcd56)
 2007-12-21 05:47:53 +01:00
Jelmer Vernooij
5b357ca877 r26270: Require specifying the loadparm_context or NULL to cli_credentials_guess(). 
(This used to be commit e52710d679)
 2007-12-21 05:47:50 +01:00
Jelmer Vernooij
0184e5ef2d r26269: Fix a couple more references to global_loadparm. 
(This used to be commit 1cb849dfba)
 2007-12-21 05:47:49 +01:00
Jelmer Vernooij
b83a7a135f r26268: Avoid more use of global_loadparm - put lp_ctx in smb_server and wbsrv_connection. 
(This used to be commit 7c00866423)
 2007-12-21 05:47:47 +01:00
Jelmer Vernooij
1fbdd6ef1d r26264: pass name resolve order explicitly, use torture context for settings in dssync tests. 
(This used to be commit c7eae1c784)
 2007-12-21 05:47:39 +01:00
Jelmer Vernooij
ecea5ce245 r26260: Store loadparm context in gensec context. 
(This used to be commit b9e3a4862e)
 2007-12-21 05:47:34 +01:00
Jelmer Vernooij
78416aff6c r26258: Use loadparm context in client_start function of gensec. 
(This used to be commit bad1891cae)
 2007-12-21 05:47:32 +01:00
Jelmer Vernooij
43696d2752 r26252: Specify loadparm_context explicitly when creating sessions. 
(This used to be commit 7280c1e941)
 2007-12-21 05:47:29 +01:00
Jelmer Vernooij
ab69eb8d89 r26250: Avoid global_loadparm in a couple more places. 
(This used to be commit 2c6b755309)
 2007-12-21 05:47:28 +01:00
Jelmer Vernooij
53ae9bc9f6 r26248: Check in SWIG output so SWIG is not required when running out of svn. 
(This used to be commit 08501fbef3)
 2007-12-21 05:47:26 +01:00
Jelmer Vernooij
6c999cd123 r26236: Remove more uses of global_loadparm or specify loadparm_context explicitly. 
(This used to be commit 5b29ef7c03)
 2007-12-21 05:47:15 +01:00
Jelmer Vernooij
934e932387 r26235: Avoid global_loadparm. 
(This used to be commit e903978220)
 2007-12-21 05:47:13 +01:00
Jelmer Vernooij
7e298580e0 r26234: More global_loadparm fixes. 
(This used to be commit 84892d030d)
 2007-12-21 05:47:12 +01:00
Jelmer Vernooij
120ecdb5cb r26233: Pass loadparm context when creating krb5 contexts. 
(This used to be commit 7780bf285f)
 2007-12-21 05:47:11 +01:00
Jelmer Vernooij
fface33dd7 r26231: Spell check: credentails -> credentials. 
(This used to be commit 4b46888bd0)
 2007-12-21 05:47:09 +01:00
Jelmer Vernooij
cc04f143dc r26229: Set loadparm context as opaque pointer in ldb, remove more uses of global_loadparm. 
(This used to be commit 37d05fdc7b)
 2007-12-21 05:47:06 +01:00
Jelmer Vernooij
51db4c3f3d r26228: Store loadparm context in auth context, move more loadparm_contexts up the call stack. 
(This used to be commit ba75f1613a)
 2007-12-21 05:47:05 +01:00
Jelmer Vernooij
f4a1083cf9 r26227: Make loadparm_context part of a server task, move loadparm_contexts further up the call stack. 
(This used to be commit 0721a07aad)
 2007-12-21 05:47:04 +01:00