summaryrefslogtreecommitdiff
path: root/auth
Commit message (Collapse)AuthorAgeFilesLines
...
* s4-auth-krb: Remove unneded dependency on kerberos_util.Simo Sorce2012-04-121-3/+13
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* s4-auth-krb: Move keytab functions in a separate file.Simo Sorce2012-04-122-2/+3
| | | | | | Confine ldb dependency. Signed-off-by: Andreas Schneider <asn@samba.org>
* s4-auth-krb: Move function into more appropriate header.Simo Sorce2012-04-121-8/+0
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* s4-auth-krb: Make cli_credentials_invalidate_client_gss_creds static.Simo Sorce2012-04-122-2/+4
| | | | | | It's not used anywhere else. Signed-off-by: Andreas Schneider <asn@samba.org>
* s4-auth-krb: Make impersonate_principal_from_credentials static.Simo Sorce2012-04-121-6/+0
| | | | | | It's not used anywhere else. Signed-off-by: Andreas Schneider <asn@samba.org>
* gensec_gssapi: keep private header file close to the actual codeSimo Sorce2012-04-121-70/+0
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* auth/gensec_gssapi: gss_krb5_lucid_context_v1_t is not shared with the gse ↵Stefan Metzmacher2012-03-151-1/+1
| | | | | | | | | code anymore metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Mar 15 09:16:16 CET 2012 on sn-devel-104
* auth/ntlmssp: Remove reference to struct ntlmssp_stateAndrew Bartlett2012-03-091-6/+1
|
* auth/ntlmssp: Remove gensec_security element from gensec_ntlmssp_stateAndrew Bartlett2012-03-094-8/+5
| | | | | | This just means there is one less pointer to ensure we initialise. Andrew Bartlett
* auth/kerberos: Fall back to gsskrb5_get_subkey if we did not get the key typeAndrew Bartlett2012-03-081-4/+23
| | | | | | | | | | The key type OID is optional, but we require that information to determine if we should use NEW_SPNEGO. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Mar 8 11:53:57 CET 2012 on sn-devel-104
* auth/kerberos: Ensure we do not print invalid memory in failure caseAndrew Bartlett2012-03-081-4/+1
| | | | | | This codeblock may not have any set->elements, so we should not print them. Copy&paste in the original code. Andrew Bartlett
* auth: Remove plugable password-check functions from gensec_ntlmsspAndrew Bartlett2012-02-245-228/+105
| | | | | | The auth4_context layer now provides the plugability here. Andrew Bartlett
* auth: consolidate gensec_ntlmssp_server wrapper functionsAndrew Bartlett2012-02-242-50/+18
|
* s3-ntlm_auth: Convert ntlm_auth to use gensec_ntlmssp server-sideAndrew Bartlett2012-02-242-0/+13
| | | | | | | This uses the common gensec_ntlmssp server code for ntlm_auth, removing the last non-gensec use of the NTLMSSP server. Andrew Bartlett
* auth: Rename some elements of auth4_contextAndrew Bartlett2012-02-242-17/+17
| | | | | | These operate on NTLM authentication, so make that clear. Andrew Bartlett
* auth: Reorder arguments to generate_session_infoAndrew Bartlett2012-02-182-3/+3
| | | | | | | | | This matches check_ntlm_password() and generate_session_info_pac() Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Feb 18 02:19:35 CET 2012 on sn-devel-104
* auth: Allow the netbios name and domain to be set from winbindd in ntlm_auth3Andrew Bartlett2012-02-172-2/+13
| | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Feb 17 12:18:51 CET 2012 on sn-devel-104
* auth: Make more of the ntlmssp code private or staticAndrew Bartlett2012-02-173-96/+64
| | | | | | | | | | Now that there is only one gensec_ntlmssp server, some of these functions can be static For the rest, put the implemtnation of the gensec_ntlmssp code into ntlmssp_private.h Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* auth: Provide a way to specify the NTLMSSP server name to GENSECAndrew Bartlett2012-02-172-17/+40
| | | | | | | | | This avoids us needing to assume lp_netbios_name().lp_dnsdomain() if the caller knows better. This will allow preservation of current s3 behaviour. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* auth: Rearrange ntlmssp code for clarityAndrew Bartlett2012-02-171-9/+8
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* auth: Set NTLMSSP_NEGOTIATE_SIGN when session key support is requiredAndrew Bartlett2012-02-171-0/+3
| | | | | | | | This matches the s3 NTLMSSP server. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Use the common gensec_ntlmssp_update in gensec_ntlmssp3_serverAndrew Bartlett2012-02-172-4/+11
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Use common gensec_ntlmssp server functions for more of ↵Andrew Bartlett2012-02-172-7/+47
| | | | | | | | | | | gensec_ntlmssp3_server This is possible because we now supply the auth4_context abstraction that this code is looking for. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Add extra error messages on authentication or authorization failureAndrew Bartlett2012-02-171-0/+4
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* auth: Cope with NO_USER_SESSION_KEY from security=serverAndrew Bartlett2012-02-171-2/+8
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* auth: Move the rest of the source4 gensec_ntlmssp code to the top levelAndrew Bartlett2012-02-176-2/+1099
| | | | | | | | | | The ntlmssp_server code will be in common shortly, and aside from a symbol name or two, moving the client code causes no harm and makes less mess. We will also get the client code in common very soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Hook checking passwords and generating session_info via the ↵Andrew Bartlett2012-02-171-3/+0
| | | | | | | | | | | | | | auth4_context This avoids creating a second auth_context, as it is a private pointer in the auth4_context that has already been passed in, and makes the gensec_ntlmssp code agnostic to the type of authentication backend behind it. This will in turn allow the ntlmssp server code to be further merged. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* auth/kerberos: Move gse_get_session_key() to common code and use in ↵Andrew Bartlett2012-02-171-0/+113
| | | | | | | | | gensec_gssapi Thie ensures that both code bases use the same logic to determine the use of NEW_SPNEGO. Andrew Bartlett
* auth: Pass in the SMB username (for %U) into generate_session_infoAndrew Bartlett2012-02-131-0/+1
| | | | | | | | | This matches what Samba3 does. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Feb 13 01:25:59 CET 2012 on sn-devel-104
* gensec: explain gensec_use_kerberos_mechs() logicAndrew Bartlett2012-02-101-1/+16
| | | | | Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Feb 10 12:36:23 CET 2012 on sn-devel-104
* gensec: set flag to continue in outer for loop in gensec_use_kerberos_mechsAndrew Bartlett2012-02-101-1/+5
| | | | | | | | | This should be the correct fix for the valgrind erorr Volker found in 744ed53a62037a659133ccd4de2065491208ae7d. This fix avoids putting SPNEGO into the list twice when we are in the CRED_DONT_USE_KERBEROS case. Andrew Bartlett
* Revert "gensec: Fix a memory corruption in gensec_use_kerberos_mechs"Andrew Bartlett2012-02-101-2/+1
| | | | | | | | | This reverts commit 744ed53a62037a659133ccd4de2065491208ae7d. The real bug here is that the second half of the outer loop should not have been run once we found spnego. Andrew Bartlett
* credentials: Show returned error_string in debug messageAndrew Bartlett2012-02-101-2/+2
|
* gensec: Fix a memory corruption in gensec_use_kerberos_mechsVolker Lendecke2012-02-091-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Without this I get the following valgrind error: ==27740== Invalid write of size 8 ==27740== at 0x62C53E: gensec_use_kerberos_mechs (gensec_start.c:112) ==27740== by 0x62C623: gensec_security_mechs (gensec_start.c:141) ==27740== by 0x62C777: gensec_security_by_oid (gensec_start.c:181) ==27740== by 0x62DD6E: gensec_start_mech_by_oid (gensec_start.c:735) ==27740== by 0x50D6FD: negprot_spnego (negprot.c:210) ==27740== by 0x5B0DEA: smbd_smb2_request_process_negprot (smb2_negprot.c:209) ==27740== by 0x5AD036: smbd_smb2_request_dispatch (smb2_server.c:1417) ==27740== by 0x5AFB77: smbd_smb2_first_negprot (smb2_server.c:2643) ==27740== by 0x585C00: process_smb (process.c:1641) ==27740== by 0x587F78: smbd_server_connection_read_handler (process.c:2314) ==27740== by 0x587FD6: smbd_server_connection_handler (process.c:2331) ==27740== by 0x99E05B: run_events_poll (events.c:286) ==27740== by 0x584AFF: smbd_server_connection_loop_once (process.c:984) ==27740== by 0x58B2D9: smbd_process (process.c:3389) ==27740== by 0xDE4CA8: smbd_accept_connection (server.c:469) ==27740== by 0x99E05B: run_events_poll (events.c:286) ==27740== by 0x99E2D5: s3_event_loop_once (events.c:349) ==27740== by 0x99F990: _tevent_loop_once (tevent.c:504) ==27740== by 0xDE5A9B: smbd_parent_loop (server.c:869) ==27740== by 0xDE6DD8: main (server.c:1413) ==27740== Address 0x9ff3538 is 4,232 bytes inside a block of size 8,288 alloc'd ==27740== at 0x4C261D7: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==27740== by 0x6926965: __talloc (talloc.c:560) ==27740== by 0x6926771: talloc_pool (talloc.c:598) ==27740== by 0x93B927: talloc_stackframe_internal (talloc_stack.c:145) ==27740== by 0x93B9D6: talloc_stackframe_pool (talloc_stack.c:171) ==27740== by 0x58B2B7: smbd_process (process.c:3385) ==27740== by 0xDE4CA8: smbd_accept_connection (server.c:469) ==27740== by 0x99E05B: run_events_poll (events.c:286) ==27740== by 0x99E2D5: s3_event_loop_once (events.c:349) ==27740== by 0x99F990: _tevent_loop_once (tevent.c:504) ==27740== by 0xDE5A9B: smbd_parent_loop (server.c:869) ==27740== by 0xDE6DD8: main (server.c:1413) In the for-loop we can increment j twice, so we need twice as many output array elements as input array elements. Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Thu Feb 9 19:44:47 CET 2012 on sn-devel-104
* auth: rename ntlmssp.c to ntlmssp_util.cAndrew Bartlett2012-02-082-1/+1
|
* gensec: inline gensec_generate_session_info() into only callerAndrew Bartlett2012-01-302-34/+0
| | | | | | | | | | | | | | This avoids casting to and from the struct auth_user_info_dc *user_info_dc to to this, the if (user_info_dc->info->authenticated) is moved into auth_generate_session_info_wrapper(), which is the function that gensec_security->auth_context->generate_session_info points to. Andrew Bartlett
* auth: Make check_password and generate_session_info hook genericAndrew Bartlett2012-01-302-6/+4
| | | | | | | | gensec_ntlmssp does not need to know the internal form of the struct user_info_dc or auth_serversupplied_info. This will allow the calling logic to be put in common. Andrew Bartlett
* auth: provide private pointer and do not return original PAC signaturesAndrew Bartlett2012-01-291-0/+3
| | | | | | | | | | | There is no need to return the PAC signatures via the special-purpose torture element. Instead, use a private pointer on the auth_context in conjunction with the private PAC processing method. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Jan 29 23:52:50 CET 2012 on sn-devel-104
* auth/gensec_gssapi: sync gensec_gssapi_state with gse_contextStefan Metzmacher2012-01-251-1/+2
| | | | | | | | | Both use gss_krb5_lucid_context_v1_t now. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jan 25 10:22:31 CET 2012 on sn-devel-104
* auth/gensec: align common elements between gse_context and gensec_gssapi_stateAndrew Bartlett2012-01-181-3/+5
| | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jan 18 19:29:40 CET 2012 on sn-devel-104
* s3:build: add auth/gensec/spnego.oStefan Metzmacher2012-01-131-0/+2
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Jan 13 06:32:30 CET 2012 on sn-devel-104
* auth/gensec: move spnego.c to the toplevelStefan Metzmacher2012-01-132-0/+1407
| | | | metze
* auth/gensec: common helper functions should be in gensec_util.cStefan Metzmacher2012-01-131-0/+116
| | | | | | This makes the dependencies easier to handle. metze
* auth/gensec: add some more functions from gensec_start.c to gensec.hStefan Metzmacher2012-01-132-16/+37
| | | | metze
* auth/gensec: make sure functions from gensec.c are in gensec.hStefan Metzmacher2012-01-132-5/+7
| | | | metze
* s4:auth/gensec/spnego: add support for fragmented spnego messagesStefan Metzmacher2012-01-121-1/+1
| | | | metze
* auth/gensec: add gensec_*max_update_size()Stefan Metzmacher2012-01-123-0/+22
| | | | | | | This is only a hint for the backend, which may want to fragment update tokens. metze
* auth/kerberos: Remove unused TALLOC_CTX argument to check_pac_checksumAndrew Bartlett2012-01-121-6/+3
|
* gensec: Make sure to check the optional auth_context hooks before using themAndrew Bartlett2012-01-111-1/+1
| | | | | | | | | These are optional to supply - some callers only provide an auth_context for the other plugin functions, and so we need to deal with this cleanly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* gensec: Rename want_flags and got_flags in gensec_gssapiAndrew Bartlett2012-01-111-1/+1
| | | | | | | | This make it clearer what type of flags these are. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
View Lorry Controller Status