summaryrefslogtreecommitdiff
path: root/libcli/auth
AgeCommit message (Collapse)AuthorFilesLines
2010-02-23s4:cleanup remove unused schannel ldb codeSimo Sorce2-339/+0
2010-02-23s4:schannel merge code with s3Simo Sorce1-2/+2
After looking at the s4 side of the (s)channel :) I found out that it makes more sense to simply make it use the tdb based code than redo the same changes done to s3 to simplify the interface. Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet that does not solve the lookup speed, with ldb it is always going to be slower. Looking through the history it is evident that the schannel database doesn't really need greate expanadability. And lookups are always done with a single Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated. The schannel database is not really a persistent one. It can be discared during an upgrade without causing any real issue. all it contains is temproary session data.
2010-02-23schannel_tdb: make code compilable in both treesSimo Sorce2-51/+98
2010-02-23s3:schannel streamline interfaceSimo Sorce2-42/+181
Make calling schannel much easier by removing the need to explicitly open the database. Let the abstraction do it instead.
2010-02-23s3:schannel fix memory hierarchySimo Sorce1-1/+1
passing mem_ctx was causing creds->sid to be allocated on mem_ctx and not be child of creds as expected. When later in schannel_check_creds_state() we stole the creds on a different memory context the sid was left behind and the memory it points to freed when the temporary context was freed.
2010-02-23schannel: merge header filesSimo Sorce2-48/+34
One almost empty header file was simply including another not included by anything else. Just merge them together.
2010-02-23s4:schannel more readable check logicSimo Sorce2-12/+0
Make the initial schannel check logic more understandable. Make it easy to define different policies depending on the caller's security requirements (Integrity/Privacy/Both/None) This is the same change applied to s3
2010-02-23s3:schannel more readable check logicSimo Sorce2-17/+0
Make the initial schannel check logic more understandable. Make it easy to define different policies depending on ther caller's security requirements (Integrity/Privacy/Both/None)
2010-02-02Change uint_t to unsigned int in libcliMatt Kraai3-3/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-07Simplify E_md5hash a bitVolker Lendecke1-6/+2
2009-12-22libcli/auth Make gd's NDR NTLMSSP parsers helpers commonAndrew Bartlett2-0/+189
(but not built in Samba4 for now)
2009-10-24libcli/auth: initialize creds in netlogon_creds_client_init_session_key()Stefan Metzmacher1-2/+3
metze
2009-10-24libcli/auth: fix memory leak in schannel_creds_server_step_check_ldb()Stefan Metzmacher1-24/+37
metze
2009-10-24libcli/auth: don't leak the ldb_msg in schannel_store_session_key_ldb()Stefan Metzmacher1-1/+1
metze
2009-10-04s3/s4 common: fix up header fileMatthias Dieter Wallnöfer1-2/+1
2009-09-17spnego: Support ASN.1 BIT STRING and use it in SPNEGO.Kouhei Sutou2-8/+9
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17spnego: add spnego_proto.h.Günther Deschner2-1/+29
Guenther
2009-09-17spnego: share spnego_parse.Günther Deschner2-0/+477
Guenther
2009-09-16libcli/auth: remove trailing whitespace.Günther Deschner1-72/+72
Guenther
2009-09-16libcli/auth: rewrite schannel sign/seal code to be more genericStefan Metzmacher2-162/+156
This prepares support for HMAC-SHA256/AES. metze
2009-09-16schannel: remove last traces of gensec.Günther Deschner1-2/+0
Guenther
2009-09-16schannel: fully share schannel sign/seal between s3 and 4.Günther Deschner1-0/+1
Guenther
2009-09-16schannel: move schannel_sign to main directory.Günther Deschner3-0/+351
Guenther
2009-08-28s4: fix the build after ntlmssp header change.Günther Deschner1-0/+1
Guenther
2009-08-28libcli/auth: remove unused NTLMSSP_NAME_TYPE_ flags.Günther Deschner2-8/+3
Guenther
2009-08-27libcli/auth: add netlogon_creds_step_crypt() and netlogon_creds_first_step()Stefan Metzmacher1-10/+21
This abstracts the usage of crypto functions instead of directly calling des_crypt112(). metze Signed-off-by: Günther Deschner <gd@samba.org>
2009-08-27libcli/auth: remove some useless linesStefan Metzmacher1-3/+0
metze Signed-off-by: Günther Deschner <gd@samba.org>
2009-08-27libcli/auth: remember schannel type in netlogon_creds_server_init()Stefan Metzmacher1-0/+1
metze Signed-off-by: Günther Deschner <gd@samba.org>
2009-08-27libcli/auth: add tdb backend for schannel state.Günther Deschner3-0/+239
Guenther
2009-08-27libcli/auth: move netlogon_creds_CredentialState out of libcli.Günther Deschner2-13/+1
Guenther
2009-08-27s4-schannel: add ldb suffix to schannel functions.Günther Deschner2-33/+33
Guenther
2009-08-27libcli/auth: rename schannel_state.c to schannel_state_ldb.c.Günther Deschner2-14/+14
Guenther
2009-06-18s4: Call va_end() after all va_start()/va_copy() calls.Andrew Kroeger1-0/+4
This corrects the issues reaised in bug #6129, and some others that were not originally identified. It also accounts for some code that was in the original bug report but appears to have since been made common between S3 and S4. Thanks to Erik Hovland <erik@hovland.org> for the original bug report.
2009-06-18Add const to cast, to fix warningAndrew Bartlett1-2/+2
2009-04-23Fix a couple of warningsVolker Lendecke3-15/+20
2009-04-20Stop autogenerated files from being created.Jeremy Allison1-5/+0
Jeremy.
2009-04-20Add previously generated header files now needed in merged build.Jeremy Allison3-0/+270
Jeremy.
2009-04-20libcli/auth Ensure we cancel the transaction when schannel not detectedAndrew Bartlett1-0/+1
(found by jra on code review) Andrew Bartlett
2009-04-20libcli/auth: Don't pass back lm_sess_key as the same pointer as user_sess_keyAndrew Bartlett1-13/+7
This ensures that a talloc_free() of both pointers won't double-free (sharing pointers like this is evil anyway). Andrew Bartlett
2009-04-16Fix building the now common msrpc_parse codeAndrew Bartlett1-1/+1
2009-04-15Add missing header, remove generated headerAndrew Bartlett1-0/+24
(This isn't a rename, honest :-)
2009-04-14libcli/auth Push schannel check into common libcli/authAndrew Bartlett1-4/+9
This means we have a single choke point to ensure the remote client is using schannel. Andrew Bartlett
2009-04-14Rework Samba4 to use the new common libcli/auth codeAndrew Bartlett2-3/+7
In particular, this is the rename from creds_ to netlogon_creds_, as well as other links to use the new common crypto. Andrew Bartlett
2009-04-14Rework netlogon credentials for the top levelAndrew Bartlett2-59/+130
This makes constructor functions that return the allocated structure, rather than having the caller pass them in, and makes the server init function also check the first credential. The rename of creds_ to netlogon_creds should make it more clear what this code works with. Andrew Bartlett
2009-04-14Push schannel_state.c into the top level.Andrew Bartlett2-0/+322
This is the server side state for netlogon credential chaining Andrew Bartlett
2009-04-14libcli/auth Don't compile against un-needed Samba4 headersAndrew Bartlett1-1/+0
2009-04-14Port Samba4 to the new combined libcli/auth functionsAndrew Bartlett2-1/+6
For example, some of the new shared functionality was previously in the wkssvc torture test. Andrew Bartlett
2009-04-14Move ntlm_check.h into the common libcli/authAndrew Bartlett1-0/+76
2009-04-14Rework Samba3 to use new libcli/auth code (partial)Andrew Bartlett3-3/+44
This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
2009-04-14Merge smbencrypt.c between Samba3 and Samba4Andrew Bartlett1-31/+219