summaryrefslogtreecommitdiff
path: root/auth/credentials/credentials.h
Commit message (Collapse)AuthorAgeFilesLines
* auth: Add cli_credentials_is_password_nt_hash()Andreas Schneider2023-04-051-0/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth: Remove trailing white spaces in credentials.hAndreas Schneider2023-04-051-41/+41
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: Add cli_credentials_get_aes256_key()Joseph Sutton2022-06-261-0/+6
| | | | | | | | This allows us to generate AES256 keys from a given password and salt. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: cli_credentials_set_ntlm_response() pass session_keysStefan Metzmacher2022-01-041-2/+4
| | | | | | | | | | | | | Otherwise cli_credentials_get_ntlm_response() will return session keys with a 0 length, which leads to errors in the NTLMSSP code. This wasn't noticed as cli_credentials_set_ntlm_response() has no callers yet, but that will change in the next commits. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth:creds: Return bool for cli_credentials_guess()Andreas Schneider2021-06-291-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:creds: Return a bool for cli_credentials_set_conf()Andreas Schneider2021-06-291-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:creds: Add cli_credentials_get_password_and_obtained()Andreas Schneider2021-04-281-0/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:creds: Add cli_credentials_get_username_and_obtained()Andreas Schneider2021-04-281-0/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:creds: Add obtained arg to cli_credentials_set_gensec_features()Andreas Schneider2021-04-281-1/+3
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:param: Add 'client protection' config optionAndreas Schneider2021-04-281-0/+7
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:creds: Add obtained arg to cli_credentials_set_kerberos_state()Andreas Schneider2021-04-281-2/+3
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth:creds: Add command line function for standard password callbackAndreas Schneider2021-03-241-0/+2
| | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* auth:creds: Add cli_credentials_dump()Andreas Schneider2020-12-161-0/+2
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Noel Power <noel.power@suse.com> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Dec 16 13:56:49 UTC 2020 on sn-devel-184
* Revert "cli_credentials: add a helper to parse user or group names"Alexander Bokovoy2020-11-051-1/+0
| | | | This reverts commit 00f4262ed0b22f6e333e5a29c5590b62c783905c.
* cli_credentials: add a helper to parse user or group namesAlexander Bokovoy2020-11-041-0/+1
| | | | | | | | | | | | | | | | | | | | | cli_credentials_parse_string() parses a string specified for -U option in command line tools. It has a side-effect that '%' character is always considered to be a separator after which a password is specified. Active Directory does allow to create user or group objects with '%' in the name. It means cli_credentials_parse_string() will not be able to properly parse such name. Introduce cli_credentials_parse_name() for the cases when a password is not expected in the name and call to cli_credentials_parse_name() from cli_credentials_parse_string(). Test cli_credentials_parse_name() with its intended use in lookup_name() refactoring. Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth:creds: Rename CRED_USE_KERBEROS valuesAndreas Schneider2020-11-031-3/+6
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* auth:creds: Add cli_credentials_init_server()Andreas Schneider2020-09-071-0/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth:creds: Add cli_credentials_(get|set)_smb_encryption()Andreas Schneider2020-08-191-0/+7
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth:creds: Add cli_credentials_(get|set)_smb_ipc_signing()Andreas Schneider2020-08-191-0/+6
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth:creds: Add cli_credentials_(get|set)_smb_signing()Andreas Schneider2020-08-191-0/+7
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth:creds: Introduce CRED_SMB_CONFStefan Metzmacher2020-08-191-0/+1
| | | | | | | | We have several places where we check '> CRED_UNINITIALISED', so we better don't use CRED_UNINITIALISED for values from our smb.conf. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth: Fix a typoVolker Lendecke2020-08-171-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Aug 17 20:59:51 UTC 2020 on sn-devel-184
* cli_credentials: Apply some constVolker Lendecke2017-09-161-2/+3
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Sep 16 12:28:17 CEST 2017 on sn-devel-144
* pycredentials: Add support for netr_crypt_passwordGary Lockyer2017-06-221-0/+4
| | | | | | | | | | Add code to encrypt a netr_CryptPassword structure with the current session key. This allows the making of Netr_ServerPasswordSet2 calls from python. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: remove const where we always return a talloc stringStefan Metzmacher2017-01-101-3/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/credentials: add cli_credentials_set_password_will_be_nt_hash() and the ↵Stefan Metzmacher2016-12-201-0/+2
| | | | | | | related logic Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: also do a shallow copy of the krb5_ccache.Stefan Metzmacher2016-07-221-3/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-2110: libcli/auth: pass server_timestamp to SMBNTLMv2encrypt_hash()Stefan Metzmacher2016-04-121-0/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2016-2110: auth/credentials: pass server_timestamp to ↵Stefan Metzmacher2016-04-121-1/+3
| | | | | | | | | cli_credentials_get_ntlm_response() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* auth/credentials: add cli_credentials_set_old_utf16_password()Stefan Metzmacher2015-03-121-0/+2
| | | | | | | This is required to set the previous trust account password. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* auth/credentials: add cli_credentials_[g|s]et_old_nt_hash()Stefan Metzmacher2015-03-121-0/+4
| | | | | | | | The machine and trust accounts it's important to retry netr_Authenticate3() with the previous (old) nt_hash. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* auth/credentials: add cli_credentials_set_utf16_password()Stefan Metzmacher2014-12-191-0/+3
| | | | | | | | | | | | | | We need a way to initialize the cli_credentials from the raw utf16 blob, which might not be completely valid utf16, which means the conversion from CH_UTF16MUNGED to CH_UTF8 might loose information. This would result in an invalid nt_hash, when we convert back from CH_UTF8 to CH_UTF16LE. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* credentials: Allow the secret.tdb handle to be passed in to ↵Andrew Bartlett2014-10-171-0/+16
| | | | | | | | | | | | cli_credentials_set_machine_account() This adds a new wrapper, cli_credentials_set_machine_account_db_ctx() Andrew Bartlett Change-Id: Ia2cceefede4ba9cf7f8de41986daf9372c19d997 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* auth/credentials: Add cli_credentials_{set,get}_forced_sasl_mech()Andrew Bartlett2013-09-161-0/+3
| | | | | | | | | | This will allow us to force the use of only DIGEST-MD5, for example, which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* auth/credentials: make sure cli_credentials_get_nt_hash() always returns a ↵Stefan Metzmacher2013-08-121-2/+2
| | | | | | | | talloc object Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: keep cli_credentials privateStefan Metzmacher2013-08-051-93/+8
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: add cli_credentials_shallow_copy()Stefan Metzmacher2013-08-051-0/+3
| | | | | | | | This is useful for testing. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: add cli_credentials_[set_]callback_data*Stefan Metzmacher2013-08-051-0/+8
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth: added cli_credentials_failed_kerberos_login()Andrew Tridgell2012-11-011-0/+3
| | | | | | | | this is used to support retrying kerberos connections after removing a ccache entry, to cope with a server being re-built while our client still has a valid service ticket Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* auth/credentials Declare remaining functions are public interfaces and put ↵Andrew Bartlett2011-10-111-0/+37
| | | | | | | | | into credentials.h This is in preperation for this file being used by s3, and recognises that these are all reasonable, public interfaces but were not declared as such in the past. Andrew Bartlett
* auth: move credentials layer to the top levelAndrew Bartlett2011-10-111-0/+300
This will allow gensec_start.c to move to the top level. This does not change what code uses the cli_credentials code, but allows the gensec code to be more broadly. Andrew Bartlett
View Lorry Controller Status