summaryrefslogtreecommitdiff
path: root/auth
Commit message (Collapse)AuthorAgeFilesLines
* auth/spnego: make sure we don't return OK without sub_sec_ready in ↵Stefan Metzmacher2017-07-251-0/+6
| | | | | | | gensec_spnego_client_negTokenTarg() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: do an early return for the success case in ↵Stefan Metzmacher2017-07-251-21/+22
| | | | | | | | | gensec_spnego_client_negTokenTarg() Check with git show -w Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: use better variable names in gensec_spnego_create_negTokenInit()Stefan Metzmacher2017-07-251-10/+17
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: introduce an early return in gensec_spnego_create_negTokenInit()Stefan Metzmacher2017-07-251-4/+10
| | | | | | | This avoids print two debug message for the same failure. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: add more error checking to gensec_spnego_create_negTokenInit()Stefan Metzmacher2017-07-251-0/+13
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: rename 'nt_status' to 'status' in ↵Stefan Metzmacher2017-07-251-15/+15
| | | | | | | | | gensec_spnego_create_negTokenInit() This makes future diffs smaller. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: make the debug messages in gensec_spnego_create_negTokenInit() ↵Stefan Metzmacher2017-07-251-8/+10
| | | | | | | more useful Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: remove one more useless indentation level in ↵Stefan Metzmacher2017-07-251-33/+31
| | | | | | | | | gensec_spnego_create_negTokenInit() Check with git show -w -U20 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: introduce an early goto reply: for the server in ↵Stefan Metzmacher2017-07-251-41/+46
| | | | | | | | | | | gensec_spnego_create_negTokenInit() This removes a useless indentation level and simplifies future patches. Check with git show -w Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: move the output generation to the end of ↵Stefan Metzmacher2017-07-251-42/+44
| | | | | | | | | | | gensec_spnego_create_negTokenInit() This will simplify the diff of future patches. Check with git show -w Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: make the SPNEGO_FALLBACK continuation completely asyncStefan Metzmacher2017-07-251-12/+62
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: invert the fallback logic in gensec_spnego_client_negTokenInit()Stefan Metzmacher2017-07-251-7/+6
| | | | | | | We should do the return first, that will simplify further changes. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: split out gensec_spnego_update_pre/post() functionsStefan Metzmacher2017-07-251-81/+153
| | | | | | | | | | | For now we keep doing sync processing only, in future we'll do some preprocessing before a gensec_update_send() on the subcontext in gensec_spnego_update_pre() and handle the the result of gensec_update_recv() in gensec_spnego_update_post(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: inline gensec_spnego_parse_negTokenInit() into ↵Stefan Metzmacher2017-07-251-144/+123
| | | | | | | gensec_spnego_server_negTokenInit() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: remove more dead code from gensec_spnego_parse_negTokenInit()Stefan Metzmacher2017-07-251-39/+1
| | | | | | | Now we finally have a logic that someone can understand while reading it. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: add an early return for OK or MORE PROCESSING in ↵Stefan Metzmacher2017-07-251-1/+1
| | | | | | | gensec_spnego_parse_negTokenInit() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: add an early return for a hard error in ↵Stefan Metzmacher2017-07-251-0/+7
| | | | | | | gensec_spnego_parse_negTokenInit() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: do an early return when we downgraded the mech in ↵Stefan Metzmacher2017-07-251-1/+1
| | | | | | | gensec_spnego_parse_negTokenInit() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: remove one more useless indentation level from ↵Stefan Metzmacher2017-07-251-54/+58
| | | | | | | | | | gensec_spnego_parse_negTokenInit() Check with 'git show -w -U45' and carefully check the 'break' vs. 'continue' changes. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: remove dead code from gensec_spnego_parse_negTokenInit()Stefan Metzmacher2017-07-251-85/+0
| | | | | | | Check with git show -U15 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: remove unused indentation level from ↵Stefan Metzmacher2017-07-251-63/+65
| | | | | | | | | gensec_spnego_parse_negTokenInit() gensec_spnego_parse_negTokenInit() is only used as server now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: inline gensec_spnego_parse_negTokenInit() client logic into ↵Stefan Metzmacher2017-07-251-7/+121
| | | | | | | gensec_spnego_client_negTokenInit() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: let gensec_spnego_parse_negTokenInit() require client provides ↵Stefan Metzmacher2017-07-251-0/+7
| | | | | | | mechs Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: inline gensec_spnego_update_server() into ↵Stefan Metzmacher2017-07-251-36/+10
| | | | | | | gensec_spnego_update_send() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: inline gensec_spnego_update_client() into ↵Stefan Metzmacher2017-07-251-38/+10
| | | | | | | gensec_spnego_update_send() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: split out a gensec_spnego_server_negTokenTarg() functionStefan Metzmacher2017-07-251-115/+125
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: introduce a 'struct spnego_negTokenTarg *ta' helper variable in ↵Stefan Metzmacher2017-07-251-6/+7
| | | | | | | gensec_spnego_update_server() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: split out a gensec_spnego_client_negTokenTarg() functionStefan Metzmacher2017-07-251-295/+324
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: make more use of the 'ta' helper variable in ↵Stefan Metzmacher2017-07-251-15/+15
| | | | | | | gensec_spnego_update_client() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: split out a gensec_spnego_server_negTokenInit() function.Stefan Metzmacher2017-07-251-31/+42
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: split out a gensec_spnego_client_negTokenInit() function.Stefan Metzmacher2017-07-251-55/+68
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: make use of GENSEC_UPDATE_IS_NTERROR() in ↵Stefan Metzmacher2017-07-251-3/+2
| | | | | | | gensec_spnego_update_client() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: make use of GENSEC_UPDATE_IS_NTERROR() in ↵Stefan Metzmacher2017-07-251-2/+1
| | | | | | | gensec_spnego_create_negTokenInit() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: make use of GENSEC_UPDATE_IS_NTERROR() in ↵Stefan Metzmacher2017-07-251-17/+14
| | | | | | | | | gensec_spnego_update_send() Check with git show -U15 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: simplify the error handling logic in ↵Stefan Metzmacher2017-07-251-4/+2
| | | | | | | | | | | | gensec_spnego_parse_negTokenInit() We can just use GENSEC_UPDATE_IS_NTERROR() as NT_STATUS_INVALID_PARAMETER is mapped to NT_STATUS_MORE_PROCESSING_REQUIRED in the lines above. Check with git show -U10 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: call gensec_spnego_create_negTokenInit() directly in ↵Stefan Metzmacher2017-07-251-15/+18
| | | | | | | | | gensec_spnego_update_send() This simplifies further refactoring. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: do parse the incoming blob already in gensec_spnego_update_send()Stefan Metzmacher2017-07-251-124/+85
| | | | | | | It's easier to have this in one central place. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: introduce a 'spnego_in' helper variable in ↵Stefan Metzmacher2017-07-251-7/+10
| | | | | | | | | | gensec_spnego_update_client() In the following commits we'll pass that variable from the caller and this preparation will reduce the diff for the following patches. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: introduce a 'spnego_in' helper variable in ↵Stefan Metzmacher2017-07-251-17/+20
| | | | | | | | | | gensec_spnego_update_client() In the following commits we'll pass that variable from the caller and this preparation will reduce the diff for the following patches. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: skip gensec_update_ev() if sub_sec_ready is already true in ↵Stefan Metzmacher2017-07-251-9/+13
| | | | | | | | | gensec_spnego_update_server() This matches the flow already used in the client case. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: move gensec_update_ev() out of gensec_spnego_server_try_fallback()Stefan Metzmacher2017-07-251-9/+21
| | | | | | | | This makes it easier to handle SPNEGO_FALLBACK code path completely async from the first packet in future. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: Fix withespace and indent in gensec_spnego_server_try_fallback()Andreas Schneider2017-07-251-3/+5
| | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* source4 netlogon: Add authentication logging for ServerAuthenticate3Gary Lockyer2017-07-241-0/+12
| | | | | | | | | | | Log NETLOGON authentication activity by instrumenting the netr_ServerAuthenticate3 processing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* rpc: use symbolic constant to replace /root/ncalrpc_as_systemGary Lockyer2017-07-241-1/+1
| | | | | | | | | | | Modified to use constant AS_SYSTEM_MAGIC_PATH_TOKEN instead of string literal "/root/ncalrpc_as_system" BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* auth/spnego: pass spnego_in to gensec_spnego_parse_negTokenInit()Stefan Metzmacher2017-07-051-9/+17
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jul 5 06:43:17 CEST 2017 on sn-devel-144
* auth/spnego: remove useless indentation level for SPNEGO_SERVER_STARTStefan Metzmacher2017-07-051-42/+40
| | | | | | | Check with git show -w Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: move SERVER gensec_spnego_create_negTokenInit() handling to the topStefan Metzmacher2017-07-051-6/+8
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: set spnego_state->{state_position,expected_packet} ↵Stefan Metzmacher2017-07-051-10/+16
| | | | | | | | | | gensec_spnego_create_negTokenInit() We should only do the state change in a defined place and not with any error gensec_spnego_create_negTokenInit() might return. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: don't pass 'in' to gensec_spnego_create_negTokenInit()Stefan Metzmacher2017-07-051-3/+3
| | | | | | | It's always en empty blob. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/spnego: add a struct spnego_negTokenTarg *ta variable to make some ↵Stefan Metzmacher2017-07-051-10/+11
| | | | | | | | | lines shorter This makes future modifications easier to review. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
View Lorry Controller Status