summaryrefslogtreecommitdiff
path: root/source3/libsmb/clispnego.c
Commit message (Collapse)AuthorAgeFilesLines
* s3:libsmb: remove unused functions in clispnego.cStefan Metzmacher2016-03-101-282/+0
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* spnego: Correctly check asn1_tag_remaining retvalVolker Lendecke2016-02-031-4/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3:clispnego: fix confusing warning in spnego_gen_krb5_wrap()Stefan Metzmacher2016-02-011-5/+10
| | | | | | | | | | | | | asn1_extract_blob() stops further asn1 processing by setting has_error. Don't call asn1_has_error() after asn1_extract_blob() has been successful otherwise we get an "Failed to build krb5 wrapper at" message on success. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11702 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3: smbclient: asn1_extract_blob() stops further asn1 processing by setting ↵Jeremy Allison2016-01-071-5/+10
| | | | | | | | | | | | | | has_error. Don't call asn1_has_error() after asn1_extract_blob() has been successful otherwise we get an "Failed to build negTokenInit at offset" message on success. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Jan 7 16:00:02 CET 2016 on sn-devel-144
* lib: Use asn1_current_ofs()Volker Lendecke2016-01-061-3/+6
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Use asn1_extract_blob()Volker Lendecke2016-01-061-3/+9
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Use asn1_set_error()Volker Lendecke2016-01-061-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Use asn1_has_error()Volker Lendecke2016-01-061-9/+9
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Change all uses of uint32/16/8 in proto.h to uint32_t/16_t/8_t.Richard Sharpe2015-04-291-4/+4
| | | | | Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: libsmb: Ensure all asn1_XX returns are checked.Jeremy Allison2014-09-261-116/+137
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
* Fix bug #9213 - Bad ASN.1 NegTokenInit packet can cause invalid free.Jeremy Allison2012-09-261-0/+4
| | | | | | | | Not the correct fix for the specific issue, but a general fix to make sure this can never happen again. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Sep 26 04:07:57 CEST 2012 on sn-devel-104
* Avoid overriding default ccache for ads operations.Simo Sorce2012-09-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Avoid overriding default ccache for ads operations. Nowadays various samba components may need to use GSSAPI and a default cred cache to perform their tasks. This code was completely overriding the whole process default ccache name, thus altering the current credentials and sometimes hijacking them (or getting preemptively hijaked). By using gss_krb5_import_cred we can instead use a private ccache (necessary sometimes to use a different set of credentials fromt he default cifs/fqdn@realm one, for example when contacting foreign DCs using trust credentials) that does not affect the rest of the process. For the kerberos versions which don't have gss_krb5_import_cred we fallback to temp override of KRB5CCNAME and gss_acquire_cred. Signed-off-by: Alexander Bokovoy <ab@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Wed Sep 12 21:18:09 CEST 2012 on sn-devel-104
* s3-libsmb: Remove unused spnego_parse_krb5_wrap()Andrew Bartlett2012-04-031-44/+0
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-libsmb: Initialise ticket to ensure we do not invalid memoryAndrew Bartlett2012-03-021-0/+1
| | | | | | | | | | | | The free is however a talloc_free(), which has additional protection against freeing the wrong thing. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Mar 2 01:45:19 CET 2012 on sn-devel-104
* s3-libsmb: Remove unused spnego_parse_auth_and_micAndrew Bartlett2012-02-241-40/+0
|
* s3-libsmb: Remove unused spnego functionsAndrew Bartlett2012-02-231-109/+0
|
* Try and fix bug #8472 - Crash in asn.1 parsing code.Jeremy Allison2011-09-211-1/+6
| | | | | | | | Found by Codenomicon at the SNIA plugfest. Don't keep going in the loop when reading the OIDs fail. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Sep 21 05:24:59 CEST 2011 on sn-devel-104
* s3-build: only include asn1 headers where actually needed.Günther Deschner2011-03-161-0/+1
| | | | Guenther
* s3/s4:auth SPNEGO - adaptions for the removed "const" from OIDsMatthias Dieter Wallnöfer2010-12-211-3/+1
| | | | This is needed in order to suppress warnings.
* s3-dcerpc: add spnego server helpersSimo Sorce2010-09-231-4/+75
| | | | | | squashed: add michlistMIC signature checks Signed-off-by: Günther Deschner <gd@samba.org>
* s3-libsmb: Use data_blob_talloc to get krb5 ticket and session keysSimo Sorce2010-07-201-5/+6
|
* Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL ↵Jeremy Allison2010-07-201-17/+19
| | | | | | contexts. Jeremy.
* Fix one more data_blob -> data_blob_talloc. Move away from implicit NULL ↵Jeremy Allison2010-07-201-5/+7
| | | | | | context tallocs. Jeremy.
* Add TALLOC_CTX argument to spnego_parse_negTokenInit, reduceJeremy Allison2010-07-201-6/+5
| | | | | | use of malloc, and data_blob(). Jeremy.
* Rename spnego_gen_negTokenTarg() -> spnego_gen_krb5_negTokenInit()Jeremy Allison2010-07-201-3/+3
| | | | | | as this correctly describes what this function does. Jeremy.
* Remove gen_negTokenTarg(), as it's not actually creating a TokenTarg frame, ↵Jeremy Allison2010-07-201-47/+1
| | | | | | | | but a TokenInit one. Move to using spnego_gen_negTokenInit() instead. Jeremy
* Fixes pointed out by <david.kondrad@legrand.us>. Free memory if not beingJeremy Allison2010-07-201-38/+37
| | | | | | returned to caller. Remove unneeded asn1_tag_remaining() calls. Jeremy.
* Remove gen_negTokenInit() - change all callers to spnego_gen_negTokenInit().Jeremy Allison2010-07-191-53/+17
| | | | | | | We now have one function to do this in all calling code. More rationalization to follow. Jeremy.
* Move the addition of the 16 byte guid out of spnego_gen_negTokenInit() andJeremy Allison2010-07-191-4/+2
| | | | | | | | into negprot_spnego() where it belongs (it's not an SPNEGO operation). Add a TALLOC_CTX for callers of negprot_spnego(). Closer to unifying all the gen_negTokenXXX calls. Jeremy.
* Remove parse_negTokenTarg(), as it's actually incorrect. We're processingJeremy Allison2010-07-191-74/+24
| | | | | | negTokenInit's here. Use common code in spnego_parse_negTokenInit(). Jeremy.
* Fix [Bug 7577] SPNEGO auth fails when contacting Win7 system using Microsoft ↵Jeremy Allison2010-07-191-7/+54
| | | | | | | Live Sign-in Assistant Based on code from <david.kondrad@legrand.us>. Cope with every NegTokenInit ::= SEQUENCE value. Jeremy.
* s3-kerberos: only use krb5 headers where required.Günther Deschner2009-11-271-0/+1
| | | | | | | This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther
* s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg.Günther Deschner2009-11-061-1/+1
| | | | Guenther
* s3-spnego: fix memleak in spnego_parse_auth().Günther Deschner2009-10-151-1/+5
| | | | Guenther
* s3-spnego: Fix Bug #6815. Windows 2008 R2 SPNEGO negTokenTarg parsing failure.Günther Deschner2009-10-151-19/+12
| | | | | | | | | | When parsing a SPNEGO session setup retry (falling back from KRB5 to NTLMSSP), we failed to parse the ASN1_ENUMERATED negResult in the negTokenTarg, thus failing spnego_parse_auth() completely. By just using the shared spnego/asn1 code, we get the parsing the correct way. Guenther
* spnego: share spnego_parse.Günther Deschner2009-09-171-7/+8
| | | | Guenther
* Rename ASN1_BITFIELD to ASN1_BIT_STRING.Kouhei Sutou2009-08-111-1/+1
| | | | X.690 uses "BIT STRING" not "BIT FIELD".
* More conversions of NULL -> talloc_autofree_context()Jeremy Allison2009-07-161-9/+9
| | | | | so we at least know when we're using a long-lived context. Jeremy.
* s3-build: fix some const build warnings.Günther Deschner2008-10-231-2/+2
| | | | Guenther
* s3-asn1: make all of s3 asn1 code do a proper asn1_init() first.Günther Deschner2008-10-221-242/+287
| | | | Guenther
* s3: use shared asn1 code.Günther Deschner2008-10-221-17/+17
| | | | Guenther
* Fix Kerberos interop with Mac OS X 10.5 clients.Bill Ricker2008-04-071-0/+12
| | | | | | Ignore optional req_flags. Use the Kerberos mechanism OID negotiated with the client rather than hardcoding OID_KERBEROS5_OLD. (This used to be commit 59a2bcf30fef14ecc826271862b645dd3a61cb48)
* Allow the mechOID to be written separately.Jeremy Allison2008-02-141-2/+4
| | | | | Jeremy. (This used to be commit e3e08c6e7d270e1be7a9d3042b1f36f5a291f90a)
* RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison2007-10-181-9/+9
| | | | | | | | bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
* r25407: Revert Longhorn join patch as it is not correct for the 3.2 tree.Gerald Carter2007-10-101-19/+0
| | | | | | | The translate_name() used by cli_session_setup_spnego() cann rely Winbindd since it is needed by the join process (and hence before Winbind can be run). (This used to be commit 00a93ed336c5f36643e6e33bd277608eaf05677c)
* r25400: Windows 2008 (Longhorn) Interop fixes for AD specific auth2 flags,Gerald Carter2007-10-101-0/+19
| | | | | and client fixes. Patch from Todd Stetcher <todd.stetcher@isilon.com>. (This used to be commit 8304ccba7346597425307e260e88647e49081f68)
* r25227: Patch from "Steven Danneman" <steven.danneman@isilon.com>:Stefan Metzmacher2007-10-101-0/+14
| | | | | | | | | | | | | | | | | | | | | | - We ran across a bug joining our Samba server to a Win2K domain with LDAP signing turned on. Upon investigation I discovered that there is a bug in Win2K server which returns a duplicated responseToken in the LDAP bindResponse packet. This blob is placed in the optional mechListMIC field which is unsupported in both Win2K and Win2K3. You can see RFC 2478 for the proper packet construction. I've worked with metze on this to confirm all these finding. This patch properly parses then discards the mechListMIC field if it exists in the packet, so we don't produce a malformed packet error, causing LDAP signed joins to fail. Also attached is a sniff of the domain join, exposing Win2Ks bad behavior (packet 21). - (I've just changed the scope of the DATA_BLOB mechList) metze (This used to be commit 200b5bfb8180af09446762e915eac63d14c6c7b0)
* r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell2007-10-101-2/+1
| | | | (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
* r23779: Change from v2 or later to v3 or later.Jeremy Allison2007-10-101-1/+1
| | | | | Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
* r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; andVolker Lendecke2007-10-101-1/+1
| | | | | replace all data_blob(NULL, 0) calls. (This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
View Lorry Controller Status