summaryrefslogtreecommitdiff
path: root/auth
Commit message (Collapse)AuthorAgeFilesLines
* python: remove all 'from __future__ import print_function'Douglas Bagnall2021-04-281-1/+0
| | | | | | | | | | | | | | | | This made Python 2's print behave like Python 3's print(). In some cases, where we had: from __future__ import print_function """Intended module documentation...""" this will have the side effect of making the intended module documentation work as the actual module documentation (i.e. becoming __doc__), because it is once again the first statement in the module. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* gensec: Slightly simplify gensec_generate_session_info_pac()Volker Lendecke2021-04-271-11/+19
| | | | | | | Reduce indentation by an early error return and by introducing a helper variable. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/credentials: Remove unneeded try/except syntaxJoseph Sutton2021-04-071-10/+4
| | | | | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Apr 7 10:24:17 UTC 2021 on sn-devel-184
* auth/credentials: Add test for binding with an extended canonical nameJoseph Sutton2021-04-071-0/+12
| | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* auth/credentials: Add test for binding with a canonical nameJoseph Sutton2021-04-071-0/+9
| | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* auth/credentials: Add test for binding with a domain SIDJoseph Sutton2021-04-071-1/+14
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10319 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* gensec: Remove gensec_security_all(), it was only used internallyVolker Lendecke2021-04-062-9/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth:creds: Free the uname pointer in cli_credentials_parse_string()Andreas Schneider2021-03-241-0/+6
| | | | | | | | | | The data is duplicated and we don't need it anymore. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Mar 24 03:13:05 UTC 2021 on sn-devel-184
* auth:creds: Don't include credentials_internal.h twiceAndreas Schneider2021-03-241-1/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:creds: Use our own cli_credentials_set_cmdline_callbacks()Andreas Schneider2021-03-242-3/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* auth:creds: Add command line function for standard password callbackAndreas Schneider2021-03-243-0/+79
| | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s4:lib:cmdline: Rename cli_credentials_set_cmdline_callbacks()Andreas Schneider2021-03-241-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* auth:creds: Add cli_credentials_dump()Andreas Schneider2020-12-163-0/+166
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Noel Power <noel.power@suse.com> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Dec 16 13:56:49 UTC 2020 on sn-devel-184
* auth: Align an integer typeVolker Lendecke2020-11-101-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Revert "cli_credentials: add a helper to parse user or group names"Alexander Bokovoy2020-11-053-75/+0
| | | | This reverts commit 00f4262ed0b22f6e333e5a29c5590b62c783905c.
* Revert "cli_credentials_parse_string: fix parsing of principals"Alexander Bokovoy2020-11-052-3/+4
| | | | This reverts commit eb0474d27bae4592b25ac6bf600da29c6a1cb9f8.
* cli_credentials: add a helper to parse user or group namesAlexander Bokovoy2020-11-043-0/+75
| | | | | | | | | | | | | | | | | | | | | cli_credentials_parse_string() parses a string specified for -U option in command line tools. It has a side-effect that '%' character is always considered to be a separator after which a password is specified. Active Directory does allow to create user or group objects with '%' in the name. It means cli_credentials_parse_string() will not be able to properly parse such name. Introduce cli_credentials_parse_name() for the cases when a password is not expected in the name and call to cli_credentials_parse_name() from cli_credentials_parse_string(). Test cli_credentials_parse_name() with its intended use in lookup_name() refactoring. Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* cli_credentials_parse_string: fix parsing of principalsAlexander Bokovoy2020-11-042-4/+3
| | | | | | | | | | | | | | | | | | | When parsing a principal-like name, user name was left with full principal instead of taking only the left part before '@' sign. >>> from samba import credentials >>> t = credentials.Credentials() >>> t.parse_string('admin@realm.test', credentials.SPECIFIED) >>> t.get_username() 'admin@realm.test' The issue is that cli_credentials_set_username() does a talloc_strdup() of the argument, so we need to change order of assignment to allow talloc_strdup() to copy the right part of the string. Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth:creds:tests: Migrate test to a cmocka unit testAndreas Schneider2020-11-032-0/+227
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* auth:creds: Rename CRED_USE_KERBEROS valuesAndreas Schneider2020-11-039-20/+26
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* auth:creds: Add cli_credentials_init_server()Andreas Schneider2020-09-072-0/+27
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth:gensec: If Kerberos is required, keep schannel for machine account authStefan Metzmacher2020-09-071-0/+9
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org>
* auth:gensec: Pass use_kerberos and keep_schannel to gensec_use_kerberos_mechs()Stefan Metzmacher2020-09-071-12/+14
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth:gensec: Make gensec_use_kerberos_mechs() a static functionStefan Metzmacher2020-09-072-6/+4
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth:gensec: Add gensec_security_sasl_names()Stefan Metzmacher2020-09-072-0/+89
| | | | | | | Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* lib/util: remove extra safe_string.h fileMatthew DeVore2020-08-282-0/+4
| | | | | | | | | | | | | | | | | | lib/util/safe_string.h is similar to source3/include/safe_string.h, but the former has fewer checks. It is missing bcopy, strcasecmp, and strncasecmp. Add the missing elements to lib/util/safe_string.h remove the other safe_string.h which is in the source3-specific path. To accomodate existing uses of str(n?)casecmp, add #undef lines to source files where they are used. Signed-off-by: Matthew DeVore <matvore@google.com> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Aug 28 02:18:40 UTC 2020 on sn-devel-184
* auth:creds: Bump library versionAndreas Schneider2020-08-191-1/+1
| | | | | | | We added new functions so bump the version. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth:creds: Add python bindings for cli_credentials_set_conf()Andreas Schneider2020-08-191-0/+41
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth:creds: Add python bindings for (get|set)_smb_encryptionAndreas Schneider2020-08-191-0/+62
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth:creds: Add cli_credentials_(get|set)_smb_encryption()Andreas Schneider2020-08-193-0/+55
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth:creds: Add python bindings for (get|set)_smb_ipc_signingAndreas Schneider2020-08-191-0/+56
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth:creds: Add cli_credentials_(get|set)_smb_ipc_signing()Andreas Schneider2020-08-193-0/+60
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth:creds: Add python bindings for (get|set)_smb_signingAndreas Schneider2020-08-191-0/+63
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth:creds: Add cli_credentials_(get|set)_smb_signing()Andreas Schneider2020-08-193-0/+56
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth:creds: Remove unused credentials autoproto headerAndreas Schneider2020-08-193-3/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth:creds: Introduce CRED_SMB_CONFStefan Metzmacher2020-08-193-3/+5
| | | | | | | | We have several places where we check '> CRED_UNINITIALISED', so we better don't use CRED_UNINITIALISED for values from our smb.conf. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth: Fix a typoVolker Lendecke2020-08-171-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Aug 17 20:59:51 UTC 2020 on sn-devel-184
* gensec: Fix a typoVolker Lendecke2020-08-171-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Fix clang 9 missing-field-initializer warningsGary Lockyer2020-05-081-1/+1
| | | | Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
* CVE-2020-10704: lib util asn1: Add ASN.1 max tree depthGary Lockyer2020-05-041-1/+1
| | | | | | | | | | | | | Add maximum parse tree depth to the call to asn1_init, which will be used to limit the depth of the ASN.1 parse tree. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* py3: Remove #define PyInt_FromLong PyLong_FromLongAndrew Bartlett2020-03-231-22/+22
| | | | | | | This allows us to end the use of Python 2/3 compatability macros. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Noel Power
* auth:ntlmssp: Mark as weak_cryptoAndreas Schneider2020-03-191-0/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* gensec: Add a check if a gensec module implements weak cryptoAndreas Schneider2020-03-192-1/+13
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: Test connecting to LDAP with a "virtual user" style accountAndrew Bartlett2020-02-141-1/+51
| | | | | | | | | | | This type of account is often used by e-mail hosting platforms that do not wish to create an AD domain for each DNS domain that they host mail for. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13598 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
* auth/gensec: map NT_STATUS_{INVALID_ACCOUNT_NAME,NO_SUCH_DOMAIN} to ↵Stefan Metzmacher2020-02-101-2/+37
| | | | | | | | | | NT_STATUS_NO_SUCH_USER This means nt_status_squash() will map NT_STATUS_NO_SUCH_USER to LOGON_FAILURE later. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* gensec/spnego: fallback on INVALID_{ACCOUNT,COMPUTER}_NAME and NO_SUCH_DOMAINStefan Metzmacher2020-02-101-0/+3
| | | | | | | | | I think it's better to handle them in spnego.c, instead of squashing them already in the gssapi/gse modules. This is related to KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN and KRB5_REALM_UNKNOWN. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/kerberos: add auth4_context_{for,get}_PAC_DATA_CTR() helpersStefan Metzmacher2020-02-102-0/+95
| | | | | | | | This adds a generic way to get to the raw (verified) PAC and will be used in multiple places in future. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* pytests: heed assertEquals deprecation warning en-masseDouglas Bagnall2020-02-071-3/+3
| | | | | | | | | | | TestCase.assertEquals() is an alias for TestCase.assertEqual() and has been deprecated since Python 2.7. When we run our tests with in python developer mode (`PYTHONDEVMODE=1 make test`) we get 580 DeprecationWarnings about this. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
* auth: Simplify struct auth4_contextVolker Lendecke2020-01-062-53/+6
| | | | | | | | | | | | The fake async code has been pushed down into the 3 users, remove the sync callback. Overall it's more lines of code, but the central interface is simplified. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Jan 6 23:34:00 UTC 2020 on sn-devel-184
* smbdes: convert E_P24() and SMBOWFencrypt to use gnutlsIsaac Boukris2019-12-101-9/+22
| | | | | Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status