samba.git/auth, branch talloc-2.0.8 Unnamed repository; edit this file 'description' to name the repository. auth/kerberos: add HAVE_KRB5 guard to fix non-krb5 build after winbindd pac changes 2012-09-22T00:44:07+00:00 Andrew Bartlett abartlet@samba.org 2012-09-21T22:59:11+00:00 d59688a8e749454a59174b545f152a5c2880f999 Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Sep 22 02:44:07 CEST 2012 on sn-devel-104 
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Sep 22 02:44:07 CEST 2012 on sn-devel-104
auth/kerberos: Adjust log level for failed PAC signature verification 2012-09-21T02:49:32+00:00 Christof Schmitt christof.schmitt@us.ibm.com 2012-07-30T18:03:54+00:00 05befd2f734d3962619ebc0cc137bbe5cedfd81d With winbindd trying to verify the signature of an application provided PAC, this message can be easily triggered. Adjust the debug level to avoid filling up the logs. Signed-off-by: Andrew Bartlett <abartlet@samba.org> 
With winbindd trying to verify the signature of an application provided
PAC, this message can be easily triggered. Adjust the debug level to
avoid filling up the logs.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
auth: Fix some nonempty blank lines 2012-09-21T02:49:32+00:00 Volker Lendecke vl@samba.org 2012-09-18T17:34:48+00:00 8a6a13ab51f404525ff18f65d5a22132c465898e Signed-off-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
auth/credentials: Do not print passwords in a talloc memory dump 2012-08-31T04:30:38+00:00 Andrew Bartlett abartlet@samba.org 2012-08-31T01:19:54+00:00 a5d57a04c2e515212cc1f2b51c9a02acb33a79ba The fact that a password was created here is enough information, so overwrite with the function name and line. Andrew Bartlett 
The fact that a password was created here is enough information, so
overwrite with the function name and line.

Andrew Bartlett
auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds() 2012-08-29T23:26:12+00:00 Andrew Bartlett abartlet@samba.org 2012-08-29T21:49:21+00:00 5131359edae7a5c7092c0d41bb225941596ddcac This allows a password alone to be used to accept kerberos tickets. Of course, we need to have got the salt right, but we do not need also the correct kvno. This allows gensec_gssapi to accept tickets based on a secrets.tdb entry. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Aug 30 01:26:12 CEST 2012 on sn-devel-104 
This allows a password alone to be used to accept kerberos tickets.

Of course, we need to have got the salt right, but we do not need also
the correct kvno.  This allows gensec_gssapi to accept tickets based on
a secrets.tdb entry.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 30 01:26:12 CEST 2012 on sn-devel-104
auth/credentials: Remove unused, and un-declared cli_credentials_set_krbtgt() 2012-08-29T01:34:52+00:00 Andrew Bartlett abartlet@samba.org 2012-08-28T23:44:52+00:00 17337cfec071f7f82fa4c50ace751d51277a4b20 






auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb records
2012-08-29T01:34:52+00:00

Andrew Bartlett
abartlet@samba.org

2012-08-28T23:44:12+00:00

beafdd6410f122d39c32d51629dd7eaf20a8a6c1

By checking first if there is a secrets.tdb record and passing in the password and last change time
we avoid setting one series of values and then replacing them.  We also avoid the need to work
around the setting of anonymous.

Andrew Bartlett





By checking first if there is a secrets.tdb record and passing in the password and last change time
we avoid setting one series of values and then replacing them.  We also avoid the need to work
around the setting of anonymous.

Andrew Bartlett







auth/credentials: Improve memory handling in cli_credentials_set_machine_account
2012-08-29T01:11:09+00:00

Andrew Bartlett
abartlet@samba.org

2012-08-28T23:21:52+00:00

a0e4bdcb5b374a4259164aed8fdbcc7b1761f09b

By using a tempoary talloc context this is much tidier and more reliable code.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 29 03:11:10 CEST 2012 on sn-devel-104





By using a tempoary talloc context this is much tidier and more reliable code.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 29 03:11:10 CEST 2012 on sn-devel-104







auth/credentials: Avoid double-free in the failure case
2012-08-28T23:09:10+00:00

Andrew Bartlett
abartlet@samba.org

2012-08-28T23:09:10+00:00

bcc29f9e7317601737858184f5ec6243552e0c0c

This pointer is only valid if dbwrap_fetch returned success.

Andrew Bartlett





This pointer is only valid if dbwrap_fetch returned success.

Andrew Bartlett







auth/credentials: Rework credentials handling to try and find the most recent machine pw
2012-08-27T21:57:29+00:00

Andrew Bartlett
abartlet@samba.org

2012-08-27T11:37:19+00:00

f873d422b153c55754c0d1e83670cda7c3a7f7e3

As winbindd will update secrets.tdb but not secrets.ldb, we need to detect this and use secrets.tdb

Andrew Bartlett





As winbindd will update secrets.tdb but not secrets.ldb, we need to detect this and use secrets.tdb

Andrew Bartlett