summaryrefslogtreecommitdiff
path: root/auth/gensec/gensec_start.c
AgeCommit message (Collapse)AuthorFilesLines
2013-09-19gensec: check for NULL gensec_security in gensec_security_by_auth_type().Günther Deschner1-2/+4
We have equivalent checks in other gensec_security_by_X calls already. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19gensec: remove duplicate gensec_security_by_authtype() call.Günther Deschner1-27/+2
We should use the equivalent gensec_security_by_auth_type() call which is exposed in the public header. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16auth/credentials: Add cli_credentials_{set,get}_forced_sasl_mech()Andrew Bartlett1-0/+14
This will allow us to force the use of only DIGEST-MD5, for example, which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-08-10auth/gensec: treat struct gensec_security_ops as const if possible.Stefan Metzmacher1-24/+28
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10auth/gensec: use 'const char * const *' for function parametersStefan Metzmacher1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10auth/gensec: avoid talloc_reference in gensec_security_mechs()Stefan Metzmacher1-18/+9
We now always copy. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10auth/gensec: avoid talloc_reference in gensec_use_kerberos_mechs()Stefan Metzmacher1-18/+20
We now always copy. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10auth/gensec: introduce gensec_internal.hStefan Metzmacher1-0/+1
We should treat most gensec related structures private. It's a long way, but this is a start. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10auth/gensec: add gensec_security_by_auth_type()Stefan Metzmacher1-0/+26
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-15gensec: Make gensec_security_oids_from_ops staticVolker Lendecke1-4/+5
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed May 15 20:05:34 CEST 2013 on sn-devel-104
2013-05-15gensec: Make gensec_security_by_sasl_list staticVolker Lendecke1-3/+4
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-15gensec: Make gensec_interface_version publicVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2012-02-10gensec: explain gensec_use_kerberos_mechs() logicAndrew Bartlett1-1/+16
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Feb 10 12:36:23 CET 2012 on sn-devel-104
2012-02-10gensec: set flag to continue in outer for loop in gensec_use_kerberos_mechsAndrew Bartlett1-1/+5
This should be the correct fix for the valgrind erorr Volker found in 744ed53a62037a659133ccd4de2065491208ae7d. This fix avoids putting SPNEGO into the list twice when we are in the CRED_DONT_USE_KERBEROS case. Andrew Bartlett
2012-02-10Revert "gensec: Fix a memory corruption in gensec_use_kerberos_mechs"Andrew Bartlett1-2/+1
This reverts commit 744ed53a62037a659133ccd4de2065491208ae7d. The real bug here is that the second half of the outer loop should not have been run once we found spnego. Andrew Bartlett
2012-02-09gensec: Fix a memory corruption in gensec_use_kerberos_mechsVolker Lendecke1-1/+2
Without this I get the following valgrind error: ==27740== Invalid write of size 8 ==27740== at 0x62C53E: gensec_use_kerberos_mechs (gensec_start.c:112) ==27740== by 0x62C623: gensec_security_mechs (gensec_start.c:141) ==27740== by 0x62C777: gensec_security_by_oid (gensec_start.c:181) ==27740== by 0x62DD6E: gensec_start_mech_by_oid (gensec_start.c:735) ==27740== by 0x50D6FD: negprot_spnego (negprot.c:210) ==27740== by 0x5B0DEA: smbd_smb2_request_process_negprot (smb2_negprot.c:209) ==27740== by 0x5AD036: smbd_smb2_request_dispatch (smb2_server.c:1417) ==27740== by 0x5AFB77: smbd_smb2_first_negprot (smb2_server.c:2643) ==27740== by 0x585C00: process_smb (process.c:1641) ==27740== by 0x587F78: smbd_server_connection_read_handler (process.c:2314) ==27740== by 0x587FD6: smbd_server_connection_handler (process.c:2331) ==27740== by 0x99E05B: run_events_poll (events.c:286) ==27740== by 0x584AFF: smbd_server_connection_loop_once (process.c:984) ==27740== by 0x58B2D9: smbd_process (process.c:3389) ==27740== by 0xDE4CA8: smbd_accept_connection (server.c:469) ==27740== by 0x99E05B: run_events_poll (events.c:286) ==27740== by 0x99E2D5: s3_event_loop_once (events.c:349) ==27740== by 0x99F990: _tevent_loop_once (tevent.c:504) ==27740== by 0xDE5A9B: smbd_parent_loop (server.c:869) ==27740== by 0xDE6DD8: main (server.c:1413) ==27740== Address 0x9ff3538 is 4,232 bytes inside a block of size 8,288 alloc'd ==27740== at 0x4C261D7: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==27740== by 0x6926965: __talloc (talloc.c:560) ==27740== by 0x6926771: talloc_pool (talloc.c:598) ==27740== by 0x93B927: talloc_stackframe_internal (talloc_stack.c:145) ==27740== by 0x93B9D6: talloc_stackframe_pool (talloc_stack.c:171) ==27740== by 0x58B2B7: smbd_process (process.c:3385) ==27740== by 0xDE4CA8: smbd_accept_connection (server.c:469) ==27740== by 0x99E05B: run_events_poll (events.c:286) ==27740== by 0x99E2D5: s3_event_loop_once (events.c:349) ==27740== by 0x99F990: _tevent_loop_once (tevent.c:504) ==27740== by 0xDE5A9B: smbd_parent_loop (server.c:869) ==27740== by 0xDE6DD8: main (server.c:1413) In the for-loop we can increment j twice, so we need twice as many output array elements as input array elements. Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Thu Feb 9 19:44:47 CET 2012 on sn-devel-104
2012-01-13auth/gensec: add some more functions from gensec_start.c to gensec.hStefan Metzmacher1-16/+20
metze
2012-01-12s4:auth/gensec/spnego: add support for fragmented spnego messagesStefan Metzmacher1-1/+1
metze
2012-01-12auth/gensec: add gensec_*max_update_size()Stefan Metzmacher1-0/+3
This is only a hint for the backend, which may want to fragment update tokens. metze
2011-12-28gensec: Allow an alternate set of modules to be specifiedAndrew Bartlett1-1/+6
This will allow s3 to specify modules to use as a list, rather than needing to start the individual module with gensec_start_mech_by_ops() Andrew Bartlett
2011-12-03Revert making public of the samba-module library.Jelmer Vernooij1-7/+7
This library was tiny - containing just two public functions than were themselves trivial. The amount of overhead this causes isn't really worth the benefits of sharing the code with other projects like OpenChange. In addition, this code isn't really generically useful anyway, as it can only load from the module path set for Samba at configure time. Adding a new library was breaking the API/ABI anyway, so OpenChange had to be updated to cope with the new situation one way or another. I've added a simpler (compatible) routine for loading modules to OpenChange, which is less than 100 lines of code. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
2011-10-28lib/util Rename samba_modules_load -> samba_module_init_fns_for_subsystemAndrew Bartlett1-1/+1
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-28lib/util Rename samba_init_module_fns_run -> samba_module_init_fns_runAndrew Bartlett1-2/+2
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-28lib/util Rename samba_init_module_fn -> samba_module_init_fnAndrew Bartlett1-3/+3
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-28lib/util Split samba-modules library into public and private partsAndrew Bartlett1-1/+1
This will allow OpenChange to get at the symbols it needs, without exposing any more of this as a public API than we must. Andrew Bartlett
2011-10-28lib/util Rename load_samba_modules -> samba_modules_loadAndrew Bartlett1-1/+1
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-28lib/util Rename run_init_functions -> samba_init_module_fns_runAndrew Bartlett1-2/+2
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-28lib/util Rename init_module_fn to samba_init_module_fnAndrew Bartlett1-3/+3
This prepares for making the samba_module.h header public again, for OpenChange. I am keen to avoid too much API namespace pollution if we can.
2011-10-22auth/gensec: replace #if _SAMBA_BUILD_ == 4 by a feature testStefan Metzmacher1-1/+1
metze
2011-10-18gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett1-7/+2
This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: Assert that we have not been subject to a downgrade attack in ↵Andrew Bartlett1-0/+2
DCE/RPC clients Because of the calling convention, this is the best place to assert that we have not been subject to a downgrade attack on the negotiated features. (In DCE/RPC, this isn't a negotiation, the client simply specifies the level of protection that is required). Andrew Bartlett (some formatting fixes) Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: an event context is no longer mandetoryAndrew Bartlett1-10/+0
If you do not specify one however, you better know that the modules you are using do not need one! Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-11gensec: trim header includes back to what is actually requiredAndrew Bartlett1-8/+2
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 11 06:13:08 CEST 2011 on sn-devel-104
2011-10-11auth: move gensec_start.c to the top levelAndrew Bartlett1-0/+919
This does not change who uses gensec for now, but makes it possible to write new gensec modules outside source4/ Andrew Bartlett