Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
This only works for Heimdal and MIT Krb5 1.8, other versions will get
an ACCESS_DEINED error.
We no longer manually verify any details of the PAC in Samba for
GSSAPI logins, as we never had the information to do it properly, and
it is better to have the GSSAPI library handle it.
Andrew Bartlett
|
|
This will allow the GSSAPI PAC fetch code to use it.
Andrew Bartlett
|
|
By making the verification parameters optional, we can parse a PAC
that is already verified.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Apr 26 10:06:59 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Apr 23 16:53:03 CEST 2011 on sn-devel-104
|
|
This uses the source3 PAC code (originally from Samba4) with some
small changes to restore functionality needed by the torture tests,
and to have a common API.
Andrew Bartlett
|
|
These functions are required to get the krb5 PAC parsing and
verfication in common.
Andrew Bartlett
|
|
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Apr 14 11:08:49 CEST 2011 on sn-devel-104
|
|
This requires a small rework of the build system to ensure that the
correct #define statements are made in both the s3 and top level
builds. We now define the various HAVE_ macros in config.h at all
times, using heimdal_build/wscript_configure when that is in use.
Andrew Bartlett
|
|
when no hostname is given, leave away the MsvAvNbComputerName part
of the ntlmv2 blob
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Apr 13 09:30:55 CEST 2011 on sn-devel-104
|
|
This allows us to know if the LM hash was built correctly or not.
NOTE: talloc_tos() is not available in the common code at this time.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
this prevents symbol duplication of the asn1 symbols in the service
and ntvfs subsystems
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Preparation for cleaning up this API.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Mar 29 21:01:49 CEST 2011 on sn-devel-104
|
|
segfaults when a Cyrillic netbios name or workgroup is configured.
Change msrpc_gen to return NTSTATUS and ensure everywhere this is
used it is correctly checked to return that status.
Jeremy.
|
|
|
|
convert_string*()
we shouldn't accept bad multi-byte strings, it just hides problems
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
|
|
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this renames it to ntlmssp_VERSION
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
(waf-)god knows why, without this (fake) dependency, ./configure && make fails
while including replace.h while ./configure.developer && make succeeds...
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Feb 11 23:50:40 CET 2011 on sn-devel-104
|
|
Guenther
|
|
The idea here is to allow the source3/libads/sasl.c code to call this
instead of the lower level ntlmssp_* functions.
Andrew Bartlett
|
|
The size of the signature blob depends on the used
algorithm.
metze
|
|
This is needed in order to suppress warnings.
|
|
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Dec 7 18:23:41 CET 2010 on sn-devel-104
|
|
The new waf-based build system now has all the same functionality, and
the old build system has been broken for quite some time.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
|
|
this prevents double linking of the tdb wrap code
|
|
|
|
|
|
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
The previous API was not clear as to who owned the returned session key.
This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code,
and avoids making allocations - we steal and zero instead.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
When we are using SEC_CHAN_RODC we need to set the
NETLOGON_NEG_RODC_PASSTHROUGH bit in the negotiated flags in
ServerAuthenticate2
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Otherwise we get a "declared inside parameter list" warning.
|
|
This happens all the time, particularly now that we don't keep the
db around after a reboot. Don't scare the admins with the level 0.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
cli_rpc_pipe_open_schannel_with_key().
Initially, the schannel creds were talloc memduped, then, during the netlogon
creds client merge (baf7274fed2f1ae7a9e3a57160bf5471566e636c) they were first
talloc_referenced and then later (53765c81f726a8c056cc4e57004592dd489975c9)
talloc_moved.
The issue with using talloc_move here is that users of that function in winbind
will only be able to have two schanneled connections, as the cached schannel
credentials pointer from the netlogon pipe will be set to NULL. Do a deep copy
of the struct instead.
Guenther
|
|
Guenther
|
|
|
|
This means that the core logic (but not the initialisation) of the
NTLMSSP server is in common, but uses different authentication backends.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
understood now.
Guenther
|
|
libcli/auth Use true and false rather than True and False in common code
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Guenther
|
|
|
|
By making this DB TDB_NOSYNC, and by making that safe with
TDB_CLEAR_IF_FIRST, we greatly reduce the fsync() load on the server.
This particularly helps the source4/ 'make test', which otherwise tries
to disable fsync() in ldb.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|