summaryrefslogtreecommitdiff
path: root/auth/credentials
Commit message (Collapse)AuthorAgeFilesLines
* auth/credentials: anonymous should not try to use kerberosStefan Metzmacher2015-07-031-0/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* auth: Explain why GSS_KRB5_CRED_NO_CI_FLAGS_X is neededAndreas Schneider2015-06-241-1/+9
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jun 24 13:37:02 CEST 2015 on sn-devel-104
* auth/credentials: use HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X instead of ↵Stefan Metzmacher2015-06-231-3/+2
| | | | | | | | | SAMBA4_USES_HEIMDAL Newer MIT versions also have this. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* auth: Make sure error_string is not used uninitializedAndreas Schneider2015-05-191-5/+8
| | | | | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Simo Sorce <idra@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue May 19 13:42:32 CEST 2015 on sn-devel-104
* auth/credentials: add cli_credentials_set_old_utf16_password()Stefan Metzmacher2015-03-122-0/+49
| | | | | | | This is required to set the previous trust account password. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* auth/credentials: add cli_credentials_[g|s]et_old_nt_hash()Stefan Metzmacher2015-03-124-0/+64
| | | | | | | | The machine and trust accounts it's important to retry netr_Authenticate3() with the previous (old) nt_hash. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* auth/credentials: add a missing talloc check to cli_credentials_set_nt_hash()Stefan Metzmacher2015-03-121-0/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* Fix the O3 developer buildVolker Lendecke2015-03-031-2/+4
| | | | | | | | | | Different gcc versions complain at different places Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Mar 3 13:14:53 CET 2015 on sn-devel-104
* auth/credentials_krb5: fix memory leak in ↵Günther Deschner2015-01-261-0/+2
| | | | | | | | | | | | cli_credentials_failed_kerberos_login(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jan 26 19:56:57 CET 2015 on sn-devel-104
* auth/credentials: add cli_credentials_set_utf16_password()Stefan Metzmacher2014-12-193-6/+65
| | | | | | | | | | | | | | We need a way to initialize the cli_credentials from the raw utf16 blob, which might not be completely valid utf16, which means the conversion from CH_UTF16MUNGED to CH_UTF8 might loose information. This would result in an invalid nt_hash, when we convert back from CH_UTF8 to CH_UTF16LE. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* credentials test: Use samba.tests.subunitrun.Jelmer Vernooij2014-11-221-20/+14
| | | | | | Change-Id: I8970c66de9535cb8d48b17d88b2759b7d1e39cb8 Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Remove unused imports.Jelmer Vernooij2014-11-191-7/+1
| | | | | | Change-Id: I8915f62206edb53ffc2d89434e46d9e71db8bb9a Signed-Off-By: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: Ensure that we set the realm when reading secrets.tdbAndrew Bartlett2014-10-171-0/+3
| | | | | | | | | | Otherwise, we try and kinit as host$@DOMAIN and that will not work. Andrew Bartlett Change-Id: Id2fde673423e74dfa1e6ac48f47f49c61ee59779 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* credentials: Allow the secret.tdb handle to be passed in to ↵Andrew Bartlett2014-10-172-13/+64
| | | | | | | | | | | | cli_credentials_set_machine_account() This adds a new wrapper, cli_credentials_set_machine_account_db_ctx() Andrew Bartlett Change-Id: Ia2cceefede4ba9cf7f8de41986daf9372c19d997 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* credentials: Improve error message on failure to set machine account passwordAndrew Bartlett2014-10-171-4/+6
| | | | | | Change-Id: I4136067d6d0e5cfe92770a2e7efa39f4ebcb2aca Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* credentials: Set secure_channel_type from secrets.tdb in ↵Andrew Bartlett2014-10-171-0/+13
| | | | | | | | | | | | | cli_credentials_set_machine_account This should ensure more parts of the source4 code can work with a password set in secrets.tdb. Andrew Bartlett Change-Id: I4a890a719246b073898333d2e04841904c6e1a5d Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* credentials: Allow the secrets.tdb password to be newer than the secrets.ldb ↵Andrew Bartlett2014-09-271-0/+2
| | | | | | | | password Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* auth/credentials_krb5: silence a build warning.Günther Deschner2014-08-081-0/+2
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials-krb5: use get_kerberos_allowed_etypes().Günther Deschner2014-08-081-6/+5
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* kerberos: Remove un-used event context argument from smb_krb5_init_context()Andrew Bartlett2014-04-281-1/+1
| | | | | | | | | | | | | | | | | The event context here was only specified in the server or admin-tool context, which does not do network communication, so this only caused a talloc_reference() and never any useful result. The actual network communication code sets an event context directly before making the network call. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Apr 28 02:24:57 CEST 2014 on sn-devel-104
* auth/tests: add missing #include "torture/local/proto.h"Stefan Metzmacher2014-04-021-0/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dbwrap: add dbwrap_flags argument to dbwrap_local_open()Michael Adam2014-02-071-1/+2
| | | | | | | | To be consistent with db_open() and prepare for future possible extensions. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth:credentials: avoid talloc_reference in cli_credentials_set_netlogon_creds()Stefan Metzmacher2013-10-161-1/+5
| | | | | | | | | | | | | Typically cli_credentials_set_netlogon_creds() should be used directly before the DCERPC bind. And cli_credentials_get_netlogon_creds() should be only used by the gensec layer, which only needs a copy. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Oct 16 23:56:01 CEST 2013 on sn-devel-104
* auth: fix space/tab mixup in cli_credentials_get_password()Michael Adam2013-09-201-2/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Prepare for SASL/EXTERNAL supportHoward Chu2013-09-181-0/+8
| | | | | | Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* auth/credentials: Add cli_credentials_{set,get}_forced_sasl_mech()Andrew Bartlett2013-09-164-0/+46
| | | | | | | | | | This will allow us to force the use of only DIGEST-MD5, for example, which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* auth/credentials: make sure cli_credentials_get_nt_hash() always returns a ↵Stefan Metzmacher2013-08-122-7/+16
| | | | | | | | talloc object Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: use CRED_CALLBACK_RESULT after a callbackStefan Metzmacher2013-08-051-11/+23
| | | | | | | | | | | | We only do this if it's still CRED_CALLBACK after the callback, this allowes the callback to overwrite it. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Aug 5 09:36:05 CEST 2013 on sn-devel-104
* auth/credentials: simplify password_tries stateStefan Metzmacher2013-08-052-6/+15
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: get the old password from secrets.tdbStefan Metzmacher2013-08-051-0/+11
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: keep cli_credentials privateStefan Metzmacher2013-08-056-93/+126
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: add cli_credentials_shallow_copy()Stefan Metzmacher2013-08-052-0/+18
| | | | | | | | This is useful for testing. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: add cli_credentials_[set_]callback_data*Stefan Metzmacher2013-08-052-0/+19
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: remove pointless talloc_reference() from ↵Stefan Metzmacher2013-08-051-1/+1
| | | | | | | | cli_credentials_get_principal_and_obtained() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: remove pointless talloc_reference() from ↵Stefan Metzmacher2013-08-051-1/+1
| | | | | | | | cli_credentials_get_unparsed_name() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* build: Build with system md5.h on OpenIndianaAndrew Bartlett2013-06-191-1/+1
| | | | | | | | | | | | | | | | | | | | This changes (again...) our system md5 detection to cope with how OpenIndiana does md5. I'm becoming increasingly convinced this isn't worth our while (we should have just done samba_md5...), but for now this change seems to work on FreeBSD, OpenIndiana and Linux with libbsd. This needs us to rename struct MD5Context -> MD5_CTX, but we provide a config.h define to rename the type bad if MD5_CTX does not exist (it does however exist in the md5.h from libbsd). Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
* build: Remove unused credentials_samba3.cAndrew Bartlett2013-05-281-49/+0
| | | | | | | | | | This file was only used by the autoconf build system. Andrew Bartlett Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* secrets: use lpcfg_private_db_path() convenience helper.Rusty Russell2013-04-121-3/+1
| | | | | Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth/pycredentials: make use of samba_tevent_context_init()Stefan Metzmacher2013-02-281-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* ntdb: switch between secrets.tdb and secrets.ntdb depending on 'use ntdb'Rusty Russell2013-02-201-1/+3
| | | | | | | | | | | Since we open with dbwrap, it auto-converts old tdbs (which it will rename to secrets.tdb.bak once it's done). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date(master): Wed Feb 20 07:09:19 CET 2013 on sn-devel-104
* auth: added cli_credentials_failed_kerberos_login()Andrew Tridgell2012-11-012-0/+64
| | | | | | | | this is used to support retrying kerberos connections after removing a ccache entry, to cope with a server being re-built while our client still has a valid service ticket Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: Do not print passwords in a talloc memory dumpAndrew Bartlett2012-08-311-0/+8
| | | | | | | The fact that a password was created here is enough information, so overwrite with the function name and line. Andrew Bartlett
* auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds()Andrew Bartlett2012-08-301-3/+8
| | | | | | | | | | | | | This allows a password alone to be used to accept kerberos tickets. Of course, we need to have got the salt right, but we do not need also the correct kvno. This allows gensec_gssapi to accept tickets based on a secrets.tdb entry. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Aug 30 01:26:12 CEST 2012 on sn-devel-104
* auth/credentials: Remove unused, and un-declared cli_credentials_set_krbtgt()Andrew Bartlett2012-08-291-29/+0
|
* auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb recordsAndrew Bartlett2012-08-291-32/+61
| | | | | | | | By checking first if there is a secrets.tdb record and passing in the password and last change time we avoid setting one series of values and then replacing them. We also avoid the need to work around the setting of anonymous. Andrew Bartlett
* auth/credentials: Improve memory handling in cli_credentials_set_machine_accountAndrew Bartlett2012-08-291-26/+26
| | | | | | | | | By using a tempoary talloc context this is much tidier and more reliable code. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 29 03:11:10 CEST 2012 on sn-devel-104
* auth/credentials: Avoid double-free in the failure caseAndrew Bartlett2012-08-291-1/+1
| | | | | | This pointer is only valid if dbwrap_fetch returned success. Andrew Bartlett
* auth/credentials: Rework credentials handling to try and find the most ↵Andrew Bartlett2012-08-281-33/+71
| | | | | | | | recent machine pw As winbindd will update secrets.tdb but not secrets.ldb, we need to detect this and use secrets.tdb Andrew Bartlett
* auth/credentials: Expand secrets.tdb fetch of secrets to preserve ↵Andrew Bartlett2012-08-281-0/+4
| | | | | | | | workstation and realm These would otherwise be set during the fetch from the secrets.ldb, but are wiped when that fails. Andrew Bartlett
* build: rename security → samba-securityBjörn Jacke2012-08-101-1/+1
| | | | | | | | | there is a libsecurity on OSF1 which clasheѕ with our security lib. see bug #9023. Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Fri Aug 10 14:22:21 CEST 2012 on sn-devel-104
View Lorry Controller Status