summaryrefslogtreecommitdiff
path: root/auth
Commit message (Collapse)AuthorAgeFilesLines
* auth/kerberos: clang: Fix same instances of 'Value stored is never read'Noel Power2019-07-081-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: auth/kerberos/gssapi_pac.c:136:3: warning: Value stored to 'gss_maj' is never read <--[clang] gss_maj = gss_release_buffer(&gss_min, &pac_buffer); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ auth/kerberos/gssapi_pac.c:137:3: warning: Value stored to 'gss_maj' is never read <--[clang] gss_maj = gss_release_buffer(&gss_min, &pac_display_buffer); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ auth/kerberos/gssapi_pac.c:265:4: warning: Value stored to 'gss_maj' is never read <--[clang] gss_maj = gss_release_buffer_set(&gss_min, &set); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ auth/kerberos/gssapi_pac.c:273:4: warning: Value stored to 'gss_maj' is never read <--[clang] gss_maj = gss_release_buffer_set(&gss_min, &set); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ auth/kerberos/gssapi_pac.c:279:4: warning: Value stored to 'gss_maj' is never read <--[clang] gss_maj = gss_release_buffer_set(&gss_min, &set); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ auth/kerberos/gssapi_pac.c:285:5: warning: Value stored to 'gss_maj' is never read <--[clang] gss_maj = gss_release_buffer_set(&gss_min, &set); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ auth/kerberos/gssapi_pac.c:291:2: warning: Value stored to 'gss_maj' is never read <--[clang] gss_maj = gss_release_buffer_set(&gss_min, &set); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 7 warnings generated. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Mon Jul 8 11:04:15 UTC 2019 on sn-devel-184
* Add PrimaryGroupId to group array in DC responseIsaac Boukris2019-07-031-2/+6
| | | | | | | | | | | | | | | | This is a simplified version of the original patch by: Felix Botner <botner@univention.de> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11362 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Isaac Boukris <iboukris@gmail.com> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jul 3 13:52:55 UTC 2019 on sn-devel-184
* auth:ntlmssp: Use GnuTLS RC4 in ntlmssp serverAndreas Schneider2019-06-271-3/+23
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:gensec: Return NTSTATUS for netsec_do_seal()Andreas Schneider2019-06-271-18/+33
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:gensec: Use GnuTLS RC4 in netsec_do_seal()Andreas Schneider2019-06-271-6/+31
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:gensec: Use GnuTLS RC4 in netsec_do_seq_num()Andreas Schneider2019-06-271-5/+24
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Return NTSTATUS for netlogon_creds_arcfour_crypt()Andreas Schneider2019-06-271-3/+8
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/crypto: move gnutls error wrapper to own subsystemAndrew Bartlett2019-06-278-7/+8
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* py3: Remove PyStr_FromString() compatability macroAndrew Bartlett2019-06-241-1/+1
| | | | | | | | We no longer need Samba to be py2/py3 compatible so we choose to return to the standard function names. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>
* auth:creds: Use gnutls_error_to_ntstatus() in credentials_ntlmAndreas Schneider2019-06-241-8/+3
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:ntlmssp: Use gnutls_error_to_ntstatus() in ntlmssp_signAndreas Schneider2019-06-241-16/+8
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:ntlmssp: Use gnutls_error_to_ntstatus() in ntlmssp_serverAndreas Schneider2019-06-241-17/+9
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:ntlmssp: Use gnutls_error_to_ntstatus() in ntlmssp_clientAndreas Schneider2019-06-241-7/+5
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:gensec: Use gnutls_error_to_ntstatus() in schannelAndreas Schneider2019-06-241-25/+14
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth auth_log: csbuild unused parm transport_protectionGary Lockyer2019-06-131-2/+0
| | | | | | | | | | | | | | Fixes csbuild errors. Error: COMPILER_WARNING: auth/auth_log.c: scope_hint: In function ‘log_successful_authz_event_human_readable’ auth/auth_log.c:728:14: warning: unused parameter ‘transport_protection’ [-Wunused-param eter] Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth auth_log: csbuild unused parm unix_usernameGary Lockyer2019-06-132-7/+0
| | | | | | | | | | | | | | | | | | Fixes csbuild errors Error: COMPILER_WARNING: auth/auth_log.c: scope_hint: In function ‘log_authentication_event_json’ auth/auth_log.c:146:14: warning: unused parameter ‘unix_username’ [-Wunused-parameter] Error: COMPILER_WARNING: auth/auth_log.c: scope_hint: In function ‘log_authentication_event_human_readable’ auth/auth_log.c:586:14: warning: unused parameter ‘unix_username’ [-Wunused-parameter] Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth:gensec: Return NTSTATUS for netsec_do_seq_num()Andreas Schneider2019-05-211-8/+26
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:gensec: Use GnuTLS HMAC MD5 and MD5 in netsec_do_sign()Andreas Schneider2019-05-211-11/+49
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seal()Andreas Schneider2019-05-211-2/+24
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:gensec: Use GnuTLS HMAC MD5 in netsec_do_seq_num()Andreas Schneider2019-05-211-2/+25
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:creds: Use GnuTLS MD5 in ntlm credsAndreas Schneider2019-05-211-7/+32
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:ntlmssp: Use GnuTLS MD5 and HMAC MD5 in ntlmssp signAndreas Schneider2019-05-211-25/+92
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:ntlmssp: Use GnuTLS MD5 and HMAC MD5 in ntlmssp serverAndreas Schneider2019-05-211-31/+87
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:ntlmssp: Use GnuTLS HMAC MD5 in ntlmssp clientAndreas Schneider2019-05-211-12/+45
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* squash 'cast between incompatible function types' warningNoel Power2019-05-161-1/+3
| | | | | | | | | | | | To avoid warning above produced by using -Wcast-function-type we; + ensure PyCFunctions of type METH_NOARGS defined dummy arg + ensure PyCFunctions of type METH_KEYWORDS use PY_DISCARD_FUNC_SIG macro Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/creds/torture: add a test showing segfaultDouglas Bagnall2019-05-091-1/+45
| | | | | | | This file isn't actually run... Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* auth/creds/guess: avoid segfault with NULL lp (CID 241187)Douglas Bagnall2019-05-091-1/+2
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* auth:gensec: Add return code for netsec_do_sign()Andreas Schneider2019-04-301-16/+34
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:gensec: Use GnuTLS SHA256 HMAC for schannelAndreas Schneider2019-04-301-10/+34
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* credentials: Workaround krb5_cc_remove_cred not implemented in MIT kerberosSamuel Cabrero2019-04-291-0/+149
| | | | | | | | | Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Apr 29 19:15:48 UTC 2019 on sn-devel-184
* credentials: Initialize krb5 client to retrieve creds from ccacheSamuel Cabrero2019-04-291-0/+15
| | | | | | | | | MIT kerberos require krb5_creds.client to be initialized to match krb5_creds.server with the cached credentials. Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth: Add necessary decoration to auth/auth_util.hVolker Lendecke2019-04-031-0/+9
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth:creds: Prefer the principal over DOMAIN/username when using NTLMAndreas Schneider2019-04-021-1/+1
| | | | | | | | | | | | | If we want to authenticate using -Wadmin@otherdomain the DC should do take care of the authentication with the right DC for us. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Pair-Programmed-With: Guenther Deschner <gd@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:ntlmssp: Add back CRAP ndr debug outputGuenther Deschner2019-04-021-0/+32
| | | | | | | | | | | | This got lost somehow during refactoring. This is still viable information when trying to figure out what is going wrong when authenticating a user over NTLMSSP. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* build: Remove bld.gen_python_environments()Andrew Bartlett2019-03-211-8/+7
| | | | | | | This was part of --extra-python support. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* auth:gensec: Make sure we zero the checksum after useAndreas Schneider2019-02-271-0/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth log: Log the netlogon logon id.Gary Lockyer2019-02-202-1/+11
| | | | | | | | | | Add code to log the logonId in the JSON Authentication messages. The version number for Authentication messages changes from 1.1 to 1.2 to reflect this. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Decrement references to python objects passed to Py_BuildValueNoel Power2019-02-071-3/+4
| | | | | | | | | | | | | | Py_BuildValue when processing format 'O' will 'Pass a Python object untouched (except for its reference count, which is incremented by one' Basically this means if you are using a new reference to a PyObject to pass to BuildValue (to be used with the 'O' format) the reference *isn't* stolen so you really do need to DECREF it in order to ensure it gets cleaned up. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* auth:gensec: Use C99 initializer in schannelAndreas Schneider2019-01-281-1/+3
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* auth:creds: Use C99 initializer for PyMethodDefAndreas Schneider2019-01-281-120/+279
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* auth/credentials: use 'et' as format for ParseTuple with python2Noel Power2019-01-131-1/+1
| | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* auth/gensec: enforce that all DCERPC contexts support SIGN_PKT_HEADERStefan Metzmacher2018-12-231-0/+16
| | | | | | | | | | | | | | | That's currently always the case and will simplifies the callers. WORKS now??? TDB_NO_FSYNC=1 buildnice make -j test FAIL_IMMEDIATELY=1 SOCKET_WRAPPER_KEEP_PCAP=1 TESTS='samba4.rpc.lsa.secrets.*ncacn_np.*Kerberos.*Samba3.*fl2000dc' and TDB_NO_FSYNC=1 buildnice make -j test FAIL_IMMEDIATELY=1 SOCKET_WRAPPER_KEEP_PCAP=1 TESTS='samba3.rpc.lsa.*ncacn_ip_tcp.*nt4_dc' Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sun Dec 23 21:33:51 CET 2018 on sn-devel-144
* auth log: Increment Authentication versionGary Lockyer2018-12-141-1/+1
| | | | | | | | Update the minor version of the Authorisation to reflect the addition of the "eventId" and "logonType" elements. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth log: Add windows logon type codesGary Lockyer2018-12-141-0/+29
| | | | | | | | | | | Add a new "logonType" element to the Authorisation JSON log messages. This contains a Windows Logon Type, the supported logon types are: 2 Interactive 3 Network 8 NetworkCleartext Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth log: Add windows event codesGary Lockyer2018-12-141-0/+12
| | | | | | | | | | Add a new "eventId" element to the Authorisation JSON log messages. This contains a Windows Event Code Id either: 4624 Successful logon 4625 Unsuccessful logon Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* PY3: change shebang to python3 in misc dirsJoe Guo2018-12-141-1/+1
| | | | | | | | Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Fri Dec 14 18:00:40 CET 2018 on sn-devel-144
* audit_logging: auth_json_audit required auth_jsonAndrew Bartlett2018-12-141-2/+2
| | | | | | | | | | | | To log JSON the human-readable logs must also have been enabled BUG: https://bugzilla.samba.org/show_bug.cgi?id=13715 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Dec 14 14:32:25 CET 2018 on sn-devel-144
* audit_logging: Remove debug log header and JSON Authentication: prefixAndrew Bartlett2018-12-141-9/+4
| | | | | | | | | | | | | Feedback from real-world users is that they really want raw JSON strings in the log. We can not easily remove the leading " " but the other strings above and before the JSON are really annoying to strip back off BUG: https://bugzilla.samba.org/show_bug.cgi?id=13714 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* auth/credentials/tests: Python 3.6 avoid deepcopy errorNoel Power2018-12-101-5/+12
| | | | | | | | | | | | | | | | | In PY3 both deepcopy & (shallow)copy fail with Traceback (most recent call last): File "auth/credentials/tests/bind.py", line 42, in <module> creds_machine = copy.copy(creds) File "/usr/lib64/python3.6/copy.py", line 96, in copy rv = reductor(4) TypeError: can't pickle credentials.Credentials objects This patch avoids the nasty copies but creating and populating the Credential objects instead of copying Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: PY3 set_password should decode from unicode 'utf8'Noel Power2018-12-101-4/+6
| | | | | | | | | | | | | | set_password processes input using ParseTuple with "s" format, this accepts string or unicode but... Some py2 code is incorrectly using code like credentials.set_password(pass.encode('utf8')) however that won't work in PY3. We should just make sure the string retrieved from unicode passed in is encoded with 'utf8' Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status