Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-03-16 | libcli/auth/schannel_state_tdb.c - fix a memory leak | Matthias Dieter Wallnöfer | 1 | -0/+1 | |
2010-03-09 | libcli/auth/schannel_state_tdb.c - fix an obviously wrong error handling | Matthias Dieter Wallnöfer | 1 | -1/+0 | |
2010-03-05 | libcli/auth: add a const to des_crypt112_16() | Stefan Metzmacher | 2 | -2/+2 | |
metze | |||||
2010-03-03 | Fix typo in comments. | Karolin Seeger | 1 | -1/+1 | |
2010-02-26 | libcli/auth: print the error in the debug message | Stefan Metzmacher | 1 | -1/+2 | |
metze | |||||
2010-02-23 | s4:cleanup remove unused schannel ldb code | Simo Sorce | 2 | -339/+0 | |
2010-02-23 | s4:schannel merge code with s3 | Simo Sorce | 1 | -2/+2 | |
After looking at the s4 side of the (s)channel :) I found out that it makes more sense to simply make it use the tdb based code than redo the same changes done to s3 to simplify the interface. Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet that does not solve the lookup speed, with ldb it is always going to be slower. Looking through the history it is evident that the schannel database doesn't really need greate expanadability. And lookups are always done with a single Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated. The schannel database is not really a persistent one. It can be discared during an upgrade without causing any real issue. all it contains is temproary session data. | |||||
2010-02-23 | schannel_tdb: make code compilable in both trees | Simo Sorce | 2 | -51/+98 | |
2010-02-23 | s3:schannel streamline interface | Simo Sorce | 2 | -42/+181 | |
Make calling schannel much easier by removing the need to explicitly open the database. Let the abstraction do it instead. | |||||
2010-02-23 | s3:schannel fix memory hierarchy | Simo Sorce | 1 | -1/+1 | |
passing mem_ctx was causing creds->sid to be allocated on mem_ctx and not be child of creds as expected. When later in schannel_check_creds_state() we stole the creds on a different memory context the sid was left behind and the memory it points to freed when the temporary context was freed. | |||||
2010-02-23 | schannel: merge header files | Simo Sorce | 2 | -48/+34 | |
One almost empty header file was simply including another not included by anything else. Just merge them together. | |||||
2010-02-23 | s4:schannel more readable check logic | Simo Sorce | 2 | -12/+0 | |
Make the initial schannel check logic more understandable. Make it easy to define different policies depending on the caller's security requirements (Integrity/Privacy/Both/None) This is the same change applied to s3 | |||||
2010-02-23 | s3:schannel more readable check logic | Simo Sorce | 2 | -17/+0 | |
Make the initial schannel check logic more understandable. Make it easy to define different policies depending on ther caller's security requirements (Integrity/Privacy/Both/None) | |||||
2010-02-02 | Change uint_t to unsigned int in libcli | Matt Kraai | 3 | -3/+3 | |
Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2010-01-07 | Simplify E_md5hash a bit | Volker Lendecke | 1 | -6/+2 | |
2009-12-22 | libcli/auth Make gd's NDR NTLMSSP parsers helpers common | Andrew Bartlett | 2 | -0/+189 | |
(but not built in Samba4 for now) | |||||
2009-10-24 | libcli/auth: initialize creds in netlogon_creds_client_init_session_key() | Stefan Metzmacher | 1 | -2/+3 | |
metze | |||||
2009-10-24 | libcli/auth: fix memory leak in schannel_creds_server_step_check_ldb() | Stefan Metzmacher | 1 | -24/+37 | |
metze | |||||
2009-10-24 | libcli/auth: don't leak the ldb_msg in schannel_store_session_key_ldb() | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2009-10-04 | s3/s4 common: fix up header file | Matthias Dieter Wallnöfer | 1 | -2/+1 | |
2009-09-17 | spnego: Support ASN.1 BIT STRING and use it in SPNEGO. | Kouhei Sutou | 2 | -8/+9 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2009-09-17 | spnego: add spnego_proto.h. | Günther Deschner | 2 | -1/+29 | |
Guenther | |||||
2009-09-17 | spnego: share spnego_parse. | Günther Deschner | 2 | -0/+477 | |
Guenther | |||||
2009-09-16 | libcli/auth: remove trailing whitespace. | Günther Deschner | 1 | -72/+72 | |
Guenther | |||||
2009-09-16 | libcli/auth: rewrite schannel sign/seal code to be more generic | Stefan Metzmacher | 2 | -162/+156 | |
This prepares support for HMAC-SHA256/AES. metze | |||||
2009-09-16 | schannel: remove last traces of gensec. | Günther Deschner | 1 | -2/+0 | |
Guenther | |||||
2009-09-16 | schannel: fully share schannel sign/seal between s3 and 4. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2009-09-16 | schannel: move schannel_sign to main directory. | Günther Deschner | 3 | -0/+351 | |
Guenther | |||||
2009-08-28 | s4: fix the build after ntlmssp header change. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2009-08-28 | libcli/auth: remove unused NTLMSSP_NAME_TYPE_ flags. | Günther Deschner | 2 | -8/+3 | |
Guenther | |||||
2009-08-27 | libcli/auth: add netlogon_creds_step_crypt() and netlogon_creds_first_step() | Stefan Metzmacher | 1 | -10/+21 | |
This abstracts the usage of crypto functions instead of directly calling des_crypt112(). metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2009-08-27 | libcli/auth: remove some useless lines | Stefan Metzmacher | 1 | -3/+0 | |
metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2009-08-27 | libcli/auth: remember schannel type in netlogon_creds_server_init() | Stefan Metzmacher | 1 | -0/+1 | |
metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2009-08-27 | libcli/auth: add tdb backend for schannel state. | Günther Deschner | 3 | -0/+239 | |
Guenther | |||||
2009-08-27 | libcli/auth: move netlogon_creds_CredentialState out of libcli. | Günther Deschner | 2 | -13/+1 | |
Guenther | |||||
2009-08-27 | s4-schannel: add ldb suffix to schannel functions. | Günther Deschner | 2 | -33/+33 | |
Guenther | |||||
2009-08-27 | libcli/auth: rename schannel_state.c to schannel_state_ldb.c. | Günther Deschner | 2 | -14/+14 | |
Guenther | |||||
2009-06-18 | s4: Call va_end() after all va_start()/va_copy() calls. | Andrew Kroeger | 1 | -0/+4 | |
This corrects the issues reaised in bug #6129, and some others that were not originally identified. It also accounts for some code that was in the original bug report but appears to have since been made common between S3 and S4. Thanks to Erik Hovland <erik@hovland.org> for the original bug report. | |||||
2009-06-18 | Add const to cast, to fix warning | Andrew Bartlett | 1 | -2/+2 | |
2009-04-23 | Fix a couple of warnings | Volker Lendecke | 3 | -15/+20 | |
2009-04-20 | Stop autogenerated files from being created. | Jeremy Allison | 1 | -5/+0 | |
Jeremy. | |||||
2009-04-20 | Add previously generated header files now needed in merged build. | Jeremy Allison | 3 | -0/+270 | |
Jeremy. | |||||
2009-04-20 | libcli/auth Ensure we cancel the transaction when schannel not detected | Andrew Bartlett | 1 | -0/+1 | |
(found by jra on code review) Andrew Bartlett | |||||
2009-04-20 | libcli/auth: Don't pass back lm_sess_key as the same pointer as user_sess_key | Andrew Bartlett | 1 | -13/+7 | |
This ensures that a talloc_free() of both pointers won't double-free (sharing pointers like this is evil anyway). Andrew Bartlett | |||||
2009-04-16 | Fix building the now common msrpc_parse code | Andrew Bartlett | 1 | -1/+1 | |
2009-04-15 | Add missing header, remove generated header | Andrew Bartlett | 1 | -0/+24 | |
(This isn't a rename, honest :-) | |||||
2009-04-14 | libcli/auth Push schannel check into common libcli/auth | Andrew Bartlett | 1 | -4/+9 | |
This means we have a single choke point to ensure the remote client is using schannel. Andrew Bartlett | |||||
2009-04-14 | Rework Samba4 to use the new common libcli/auth code | Andrew Bartlett | 2 | -3/+7 | |
In particular, this is the rename from creds_ to netlogon_creds_, as well as other links to use the new common crypto. Andrew Bartlett | |||||
2009-04-14 | Rework netlogon credentials for the top level | Andrew Bartlett | 2 | -59/+130 | |
This makes constructor functions that return the allocated structure, rather than having the caller pass them in, and makes the server init function also check the first credential. The rename of creds_ to netlogon_creds should make it more clear what this code works with. Andrew Bartlett | |||||
2009-04-14 | Push schannel_state.c into the top level. | Andrew Bartlett | 2 | -0/+322 | |
This is the server side state for netlogon credential chaining Andrew Bartlett |