summaryrefslogtreecommitdiff
path: root/libcli/auth
AgeCommit message (Collapse)AuthorFilesLines
2011-05-04Fix simple uses of safe_strcpy -> strlcpy. Easy ones where we just remove -1.Jeremy Allison1-1/+1
2011-04-27auth/kerberos Move all the PAC handling functions to auth/kerberosAndrew Bartlett2-365/+1
2011-04-27auth/kerberos: Create common helper to get the verified PAC from GSSAPIAndrew Bartlett2-1/+6
This only works for Heimdal and MIT Krb5 1.8, other versions will get an ACCESS_DEINED error. We no longer manually verify any details of the PAC in Samba for GSSAPI logins, as we never had the information to do it properly, and it is better to have the GSSAPI library handle it. Andrew Bartlett
2011-04-27libcli/auth Move Samba4's gssapi_error_string from GENSEC to libcli/authAndrew Bartlett3-2/+44
This will allow the GSSAPI PAC fetch code to use it. Andrew Bartlett
2011-04-26libcli/auth Allow parsing of a PAC that is already verified.Andrew Bartlett1-44/+50
By making the verification parameters optional, we can parse a PAC that is already verified. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Apr 26 10:06:59 CEST 2011 on sn-devel-104
2011-04-23Add missing dependency on com_err.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Apr 23 16:53:03 CEST 2011 on sn-devel-104
2011-04-20libcli/auth Move PAC parsing and verification in common.Andrew Bartlett3-2/+375
This uses the source3 PAC code (originally from Samba4) with some small changes to restore functionality needed by the torture tests, and to have a common API. Andrew Bartlett
2011-04-20libcli/auth: Move more kerberos wrapping in commonAndrew Bartlett2-1/+230
These functions are required to get the krb5 PAC parsing and verfication in common. Andrew Bartlett
2011-04-14libcli/auth Fix compile on hosts without krb5Andrew Bartlett1-2/+2
Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Apr 14 11:08:49 CEST 2011 on sn-devel-104
2011-04-14libcli/auth Move krb5 wrapper functions from s3 into commonAndrew Bartlett3-1/+158
This requires a small rework of the build system to ensure that the correct #define statements are made in both the s3 and top level builds. We now define the various HAVE_ macros in config.h at all times, using heimdal_build/wscript_configure when that is in use. Andrew Bartlett
2011-04-14libcli: allow exclusion of netbios name in NTLMV2 blobChristian Ambach1-5/+12
when no hostname is given, leave away the MsvAvNbComputerName part of the ntlmv2 blob Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-04-13s3: Use talloc_tos() in the S3 buildVolker Lendecke1-1/+7
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Apr 13 09:30:55 CEST 2011 on sn-devel-104
2011-04-13libcli/auth Use convert_string_error to check LM hash calculation.Andrew Bartlett1-9/+24
This allows us to know if the LM hash was built correctly or not. NOTE: talloc_tos() is not available in the common code at this time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-04-06lib: make asn1_util a private libraryAndrew Tridgell1-1/+1
this prevents symbol duplication of the asn1 symbols in the service and ntvfs subsystems Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-03-29Ensure convert_string_XXX is always called with a valid converted_size pointer.Jeremy Allison1-1/+2
Preparation for cleaning up this API. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Mar 29 21:01:49 CEST 2011 on sn-devel-104
2011-03-28Fix inspired by work done by David Disseldorp for bug #8040 - smbclient ↵Jeremy Allison5-19/+52
segfaults when a Cyrillic netbios name or workgroup is configured. Change msrpc_gen to return NTSTATUS and ensure everywhere this is used it is correctly checked to return that status. Jeremy.
2011-03-27s3: Fix Coverity ID 682: NEGATIVE_RETURNSVolker Lendecke1-1/+4
2011-03-24charcnv: removed the allow_badcharcnv and allow_bad_conv options to ↵Andrew Tridgell3-5/+4
convert_string*() we shouldn't accept bad multi-byte strings, it just hides problems Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
2011-02-24build: moved spnego_parse.c into a common subsystemAndrew Tridgell1-1/+5
2011-02-24build: moved schannel_sign.c into a shared COMMON_SCHANNEL subsystemAndrew Tridgell1-3/+3
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-24build: moved libcli/auth/ntlmssp*.c into a common libcliauth.so libraryAndrew Tridgell1-5/+10
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-17idl: naming a structure 'VERSION' is not a good idea!Andrew Tridgell1-2/+2
this renames it to ntlmssp_VERSION Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-11libcli/auth: fix PAM_ERRORS subsystem build.Günther Deschner1-1/+2
(waf-)god knows why, without this (fake) dependency, ./configure && make fails while including replace.h while ./configure.developer && make succeeds... Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Feb 11 23:50:40 CET 2011 on sn-devel-104
2011-02-08pam: share pam errors in a common location.Günther Deschner3-0/+176
Guenther
2011-01-20libcli/auth move ntlmssp_wrap() and ntlmssp_unwrap() into common code.Andrew Bartlett2-0/+147
The idea here is to allow the source3/libads/sasl.c code to call this instead of the lower level ntlmssp_* functions. Andrew Bartlett
2011-01-03libcli/auth: add netsec_outgoing_sig_size()Stefan Metzmacher2-0/+15
The size of the signature blob depends on the used algorithm. metze
2010-12-21s3/s4:auth SPNEGO - adaptions for the removed "const" from OIDsMatthias Dieter Wallnöfer1-2/+6
This is needed in order to suppress warnings.
2010-12-08libcli/auth bring ADS_IGNORE_PRINCIPAL in commonAndrew Bartlett1-0/+2
2010-12-07libcli/auth: let spnego_write_mech_types() check the asn1_load() returnStefan Metzmacher1-0/+4
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Dec 7 18:23:41 CET 2010 on sn-devel-104
2010-10-31s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij1-26/+0
The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
2010-10-30s4-tdb: make tdb-wrap into a private libraryAndrew Tridgell1-1/+1
this prevents double linking of the tdb wrap code
2010-10-26waf: Remove lib prefix from libraries manually.Jelmer Vernooij1-1/+1
2010-10-24s4: Rename LIBSAMBA-* to libsamba-*Jelmer Vernooij1-1/+1
2010-10-11libcli-auth: Remove unnecessary dependency on libsamba-hostconfig.Jelmer Vernooij1-2/+2
2010-09-23libcli: fix compile warningSimo Sorce1-0/+2
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-16libcli/auth/ntlmssp Be clear about talloc parents for session keysAndrew Bartlett2-9/+7
The previous API was not clear as to who owned the returned session key. This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code, and avoids making allocations - we steal and zero instead. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-15s4-auth: set the RODC bit for RODC schannelAndrew Tridgell1-0/+1
When we are using SEC_CHAN_RODC we need to set the NETLOGON_NEG_RODC_PASSTHROUGH bit in the negotiated flags in ServerAuthenticate2 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-13ntlm_check: Fix some nonempty blank linesVolker Lendecke1-21/+21
2010-09-11libcli/auth/schannel_state_tdb.c - fix includesMatthias Dieter Wallnöfer1-3/+1
Otherwise we get a "declared inside parameter list" warning.
2010-09-11libcli/auth Failure to find the cached session key for SCHANNEL isn't level 0Andrew Bartlett1-1/+1
This happens all the time, particularly now that we don't keep the db around after a reboot. Don't scare the admins with the level 0. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-26libcli/auth/ntlm_check.c - fix parameter indentationMatthias Dieter Wallnöfer1-3/+3
2010-08-24s3-dcerpc: avoid talloc_move on schannel creds in ↵Günther Deschner2-1/+47
cli_rpc_pipe_open_schannel_with_key(). Initially, the schannel creds were talloc memduped, then, during the netlogon creds client merge (baf7274fed2f1ae7a9e3a57160bf5471566e636c) they were first talloc_referenced and then later (53765c81f726a8c056cc4e57004592dd489975c9) talloc_moved. The issue with using talloc_move here is that users of that function in winbind will only be able to have two schanneled connections, as the cached schannel credentials pointer from the netlogon pipe will be set to NULL. Do a deep copy of the struct instead. Guenther
2010-08-12ntlmssp: fix unitialized variable in ntlmssp_server_postauth().Günther Deschner1-1/+1
Guenther
2010-08-12Fix a typoVolker Lendecke1-1/+1
2010-08-10libcli/auth Make the source3/ implementation of the NTLMSSP server commonAndrew Bartlett2-0/+530
This means that the core logic (but not the initialisation) of the NTLMSSP server is in common, but uses different authentication backends. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10libcli/auth/ntlmssp: remove outdated comment. The version flag is well ↵Günther Deschner1-2/+0
understood now. Guenther
2010-08-10libcli/auth Move some source3/ NTLMSSP functions to the common code.Andrew Bartlett3-0/+120
libcli/auth Use true and false rather than True and False in common code Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-01s3-libads: move spnego defines to their appropriate header file.Günther Deschner1-0/+6
Guenther
2010-06-30libcli: Fixed a build warning for a missing prototype.Andreas Schneider1-0/+1
2010-06-25schannel Change to TDB_CLEAR_IF_FIRST to reduce fsync()Andrew Bartlett1-32/+1
By making this DB TDB_NOSYNC, and by making that safe with TDB_CLEAR_IF_FIRST, we greatly reduce the fsync() load on the server. This particularly helps the source4/ 'make test', which otherwise tries to disable fsync() in ldb. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>