summaryrefslogtreecommitdiff
path: root/auth/gensec/gensec.h
AgeCommit message (Collapse)AuthorFilesLines
2013-09-18Add SASL/EXTERNAL gensec moduleHoward Chu1-1/+2
Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-08-10auth/gensec: treat struct gensec_security_ops as const if possible.Stefan Metzmacher1-7/+7
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10auth/gensec: use 'const char * const *' for function parametersStefan Metzmacher1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10auth/gensec: introduce gensec_internal.hStefan Metzmacher1-96/+4
We should treat most gensec related structures private. It's a long way, but this is a start. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10auth/gensec: add gensec_security_by_auth_type()Stefan Metzmacher1-0/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-15gensec: Make gensec_interface_version publicVolker Lendecke1-0/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2012-05-17auth/gensec: add gensec_expire_time()Stefan Metzmacher1-0/+4
metze
2012-04-12auth-krb: Nove oid packet check to gensec_util.Simo Sorce1-0/+2
This is clearly a utiliy function generic to gensec. Also the 3 callers had identical implementations. Provide a generic implementation for all of them and avoid duplicating the code everywhere. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-02-17auth: Allow the netbios name and domain to be set from winbindd in ntlm_auth3Andrew Bartlett1-0/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Feb 17 12:18:51 CET 2012 on sn-devel-104
2012-02-17auth: Provide a way to specify the NTLMSSP server name to GENSECAndrew Bartlett1-0/+4
This avoids us needing to assume lp_netbios_name().lp_dnsdomain() if the caller knows better. This will allow preservation of current s3 behaviour. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-30gensec: inline gensec_generate_session_info() into only callerAndrew Bartlett1-5/+0
This avoids casting to and from the struct auth_user_info_dc *user_info_dc to to this, the if (user_info_dc->info->authenticated) is moved into auth_generate_session_info_wrapper(), which is the function that gensec_security->auth_context->generate_session_info points to. Andrew Bartlett
2012-01-13auth/gensec: add some more functions from gensec_start.c to gensec.hStefan Metzmacher1-0/+17
metze
2012-01-13auth/gensec: make sure functions from gensec.c are in gensec.hStefan Metzmacher1-0/+2
metze
2012-01-12auth/gensec: add gensec_*max_update_size()Stefan Metzmacher1-0/+4
This is only a hint for the backend, which may want to fragment update tokens. metze
2012-01-11gensec: move gensec_util.c to the top levelAndrew Bartlett1-0/+14
To do this some defines need to move to common_auth.h Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-29s4-gensec: Move parsing of the PAC blob and creating the session_info into authAndrew Bartlett1-0/+1
This uses a single callback to handle the PAC from the DATA_BLOB format until it becomes a struct auth_session_info. This allows a seperation between the GSS acceptor code and the PAC interpretation code based on the supplied auth context. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 29 01:10:59 CET 2011 on sn-devel-104
2011-12-28gensec: Allow an alternate set of modules to be specifiedAndrew Bartlett1-0/+5
This will allow s3 to specify modules to use as a list, rather than needing to start the individual module with gensec_start_mech_by_ops() Andrew Bartlett
2011-10-18gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett1-3/+2
This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: Assert that we have not been subject to a downgrade attack in ↵Andrew Bartlett1-0/+1
DCE/RPC clients Because of the calling convention, this is the best place to assert that we have not been subject to a downgrade attack on the negotiated features. (In DCE/RPC, this isn't a negotiation, the client simply specifies the level of protection that is required). Andrew Bartlett (some formatting fixes) Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-08-03gensec: clarify memory ownership for gensec_session_info() and ↵Andrew Bartlett1-2/+5
gensec_session_key() This is slightly less efficient, because we no longer keep a cache on the gensec structures, but much clearer in terms of memory ownership. Both gensec_session_info() and gensec_session_key() now take a mem_ctx and put the result only on that context. Some duplication of memory in the callers (who were rightly uncertain about who was the rightful owner of the returned memory) has been removed to compensate for the internal copy. Andrew Bartlett
2011-08-03gensec: Remove mem_ctx from calls that do not return memoryAndrew Bartlett1-4/+2
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03gensec: split GENSEC into mechanism-dependent and runtime functionsAndrew Bartlett1-0/+309
The startup and runtime functions that have no dependencies are moved into the top level. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>