summaryrefslogtreecommitdiff
path: root/auth/credentials
Commit message (Collapse)AuthorAgeFilesLines
* libcli:auth: Return NTSTATUS for netlogon_creds_arcfour_crypt()Andreas Schneider2019-06-271-3/+8
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/crypto: move gnutls error wrapper to own subsystemAndrew Bartlett2019-06-272-2/+2
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* py3: Remove PyStr_FromString() compatability macroAndrew Bartlett2019-06-241-1/+1
| | | | | | | | We no longer need Samba to be py2/py3 compatible so we choose to return to the standard function names. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>
* auth:creds: Use gnutls_error_to_ntstatus() in credentials_ntlmAndreas Schneider2019-06-241-8/+3
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:creds: Use GnuTLS MD5 in ntlm credsAndreas Schneider2019-05-211-7/+32
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* squash 'cast between incompatible function types' warningNoel Power2019-05-161-1/+3
| | | | | | | | | | | | To avoid warning above produced by using -Wcast-function-type we; + ensure PyCFunctions of type METH_NOARGS defined dummy arg + ensure PyCFunctions of type METH_KEYWORDS use PY_DISCARD_FUNC_SIG macro Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/creds/torture: add a test showing segfaultDouglas Bagnall2019-05-091-1/+45
| | | | | | | This file isn't actually run... Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* auth/creds/guess: avoid segfault with NULL lp (CID 241187)Douglas Bagnall2019-05-091-1/+2
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* credentials: Workaround krb5_cc_remove_cred not implemented in MIT kerberosSamuel Cabrero2019-04-291-0/+149
| | | | | | | | | Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Apr 29 19:15:48 UTC 2019 on sn-devel-184
* credentials: Initialize krb5 client to retrieve creds from ccacheSamuel Cabrero2019-04-291-0/+15
| | | | | | | | | MIT kerberos require krb5_creds.client to be initialized to match krb5_creds.server with the cached credentials. Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth:creds: Prefer the principal over DOMAIN/username when using NTLMAndreas Schneider2019-04-021-1/+1
| | | | | | | | | | | | | If we want to authenticate using -Wadmin@otherdomain the DC should do take care of the authentication with the right DC for us. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Pair-Programmed-With: Guenther Deschner <gd@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* build: Remove bld.gen_python_environments()Andrew Bartlett2019-03-211-8/+7
| | | | | | | This was part of --extra-python support. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* Decrement references to python objects passed to Py_BuildValueNoel Power2019-02-071-3/+4
| | | | | | | | | | | | | | Py_BuildValue when processing format 'O' will 'Pass a Python object untouched (except for its reference count, which is incremented by one' Basically this means if you are using a new reference to a PyObject to pass to BuildValue (to be used with the 'O' format) the reference *isn't* stolen so you really do need to DECREF it in order to ensure it gets cleaned up. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* auth:creds: Use C99 initializer for PyMethodDefAndreas Schneider2019-01-281-120/+279
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* auth/credentials: use 'et' as format for ParseTuple with python2Noel Power2019-01-131-1/+1
| | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* PY3: change shebang to python3 in misc dirsJoe Guo2018-12-141-1/+1
| | | | | | | | Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Fri Dec 14 18:00:40 CET 2018 on sn-devel-144
* auth/credentials/tests: Python 3.6 avoid deepcopy errorNoel Power2018-12-101-5/+12
| | | | | | | | | | | | | | | | | In PY3 both deepcopy & (shallow)copy fail with Traceback (most recent call last): File "auth/credentials/tests/bind.py", line 42, in <module> creds_machine = copy.copy(creds) File "/usr/lib64/python3.6/copy.py", line 96, in copy rv = reductor(4) TypeError: can't pickle credentials.Credentials objects This patch avoids the nasty copies but creating and populating the Credential objects instead of copying Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: PY3 set_password should decode from unicode 'utf8'Noel Power2018-12-101-4/+6
| | | | | | | | | | | | | | set_password processes input using ParseTuple with "s" format, this accepts string or unicode but... Some py2 code is incorrectly using code like credentials.set_password(pass.encode('utf8')) however that won't work in PY3. We should just make sure the string retrieved from unicode passed in is encoded with 'utf8' Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Add a talloc_ctx to smb_krb5_principal_get_realm()Volker Lendecke2018-11-281-3/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* credentials: Remove an unnecessary talloc_steal()Volker Lendecke2018-11-281-1/+0
| | | | | | | ccc was already allocated off cred, this talloc_steal was a no-op. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* credentials: Fix set_ccache with empty creds cacheVolker Lendecke2018-11-281-6/+7
| | | | | | | | | This is an extension of bb2f7e3aee7e9b8: Without this fix in the "empty ccache" case we never set cred->ccache, so the whole call to cli_credentials_set_ccache became pointless Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* credentials: Fix an error path memleakVolker Lendecke2018-11-281-0/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* credentials: Only do shallow copies of valid ccachesVolker Lendecke2018-11-281-0/+14
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth/cred/tests/bind: remove unused importDouglas Bagnall2018-10-251-1/+0
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
* PY3: fix "TabError: inconsistent use of tabs and spaces"Noel Power2018-09-271-5/+5
| | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: py2/py3 credential key needs to return bytesNoel Power2018-09-051-1/+1
| | | | | | | | | | new_client_authenticator returns a dictionary. The key 'credential' needs to return bytes in Python3, without this change the the code will attempt to convert the binary data to a string (resulting sometimes in decode errors). Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5-samba: interdomain trust uses different salt principalAlexander Bokovoy2018-09-051-4/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Salt principal for the interdomain trust is krbtgt/DOMAIN@REALM where DOMAIN is the sAMAccountName without the dollar sign ($) The salt principal for the BLA$ user object was generated wrong. dn: CN=bla.base,CN=System,DC=w4edom-l4,DC=base securityIdentifier: S-1-5-21-4053568372-2049667917-3384589010 trustDirection: 3 trustPartner: bla.base trustPosixOffset: -2147483648 trustType: 2 trustAttributes: 8 flatName: BLA dn: CN=BLA$,CN=Users,DC=w4edom-l4,DC=base userAccountControl: 2080 primaryGroupID: 513 objectSid: S-1-5-21-278041429-3399921908-1452754838-1597 accountExpires: 9223372036854775807 sAMAccountName: BLA$ sAMAccountType: 805306370 pwdLastSet: 131485652467995000 The salt stored by Windows in the package_PrimaryKerberosBlob (within supplementalCredentials) seems to be 'W4EDOM-L4.BASEkrbtgtBLA' for the above trust and Samba stores 'W4EDOM-L4.BASEBLA$'. While the salt used when building the keys from trustAuthOutgoing/trustAuthIncoming is 'W4EDOM-L4.BASEkrbtgtBLA.BASE', which we handle correct. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Alexander Bokovoy <ab@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Sep 5 03:57:22 CEST 2018 on sn-devel-144
* PEP8: fix E305: expected 2 blank lines after class or function definition, ↵Joe Guo2018-08-241-0/+1
| | | | | | | | found 1 Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* PEP8: fix E302: expected 2 blank lines, found 1Joe Guo2018-08-241-0/+1
| | | | | | Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* PEP8: fix E128: continuation line under-indented for visual indentJoe Guo2018-08-241-1/+1
| | | | | | Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* PEP8: fix E127: continuation line over-indented for visual indentJoe Guo2018-08-241-4/+4
| | | | | | Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* auth/credentials/test: py2/py3 compat always decode result of b64encodeNoel Power2018-05-131-1/+1
| | | | | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun May 13 00:24:35 CEST 2018 on sn-devel-144
* pycredentials: add py_creds_get_secure_channel_typeJoe Guo2018-05-121-0/+12
| | | | | | | | We have only set, need get. Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* auth/pycredentials: correct spelling of reponseDouglas Bagnall2018-05-051-1/+1
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* dbwrap: Remove calls to loadparmVolker Lendecke2018-04-241-1/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* credentials: Call dbwrap_local_open with the correct tdb_flagsVolker Lendecke2018-04-241-2/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* credentials: Call dbwrap_local_open with the correct hash sizeVolker Lendecke2018-04-241-4/+13
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* wscript_build: make sure we link extra-python versions of librariesNoel Power2018-04-131-1/+4
| | | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* credentials: Fix CID 1414796 Explicit null dereferencedVolker Lendecke2018-04-111-0/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Apr 11 21:58:00 CEST 2018 on sn-devel-144
* credentials: Fix line lengthVolker Lendecke2018-04-111-1/+3
| | | | | | | ... just because I'll modify that line in the next commit Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* credentials: Revert "credentials: Fix CID 1414796 Explicit null dereferenced"Volker Lendecke2018-04-111-5/+0
| | | | | | | | | | This reverts commit 90c02ec64d0e3c860f8d6906cf849bdd2c7bcc54. We have code to take care of password==NULL, this CID must be fixed in a different way Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* credentials: Fix a typoVolker Lendecke2018-04-051-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* credentials: Fix CID 1414796 Explicit null dereferencedVolker Lendecke2018-04-051-0/+5
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth/credentials/test: convert print func to be py2/py3 compatibleNoel Power2018-03-231-5/+6
| | | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* auth:credentials: Avoid an 'else' branchAndreas Schneider2018-03-011-3/+6
| | | | | | | | This moves the 'return' statement to the end of the 'case' and makes clear we leave here. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:credentials: Add FALL_THROUGH statements in credentials.cAndreas Schneider2018-03-011-1/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:credentials: Add FALL_THROUGH statements in credentials_secrets.cAndreas Schneider2018-03-011-1/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests/bind.py: Add a bind test with NTLMSSP with no domainGarming Sam2018-02-221-1/+25
| | | | | | | | | | Confirmed to pass against Windows 2012 R2. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* define DBGC_AUTH classkkplein2018-01-083-0/+9
| | | | | | Signed-off-by: Mourik Jan C Heupink <heupink@merit.unu.edu> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* credentials: Simplify cli_credentials_get_server_gss_creds()Andreas Schneider2018-01-031-9/+10
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Jan 3 14:37:12 CET 2018 on sn-devel-144
View Lorry Controller Status