summaryrefslogtreecommitdiff
path: root/libcli/auth
AgeCommit message (Collapse)AuthorFilesLines
2012-12-21libcli: Check schannel state return value of tdb_transaction_commit().Andreas Schneider1-1/+5
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-15libcli/auth: add netlogon_creds_encrypt_samlogon_validation().Günther Deschner2-6/+44
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-12-15libcli/auth: rename netlogon_creds_decrypt_samlogon() to ↵Günther Deschner2-6/+9
netlogon_creds_decrypt_samlogon_validation(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-12-09libcli/auth: support AES decryption in netlogon_creds_decrypt_samlogon().Günther Deschner1-0/+14
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09libcli/auth: remove trailing whitespace.Günther Deschner1-38/+38
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09libcli/auth: add netlogon_creds_aes_{en|de}crypt routines.Günther Deschner2-0/+30
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-08-24Remove useless bool "upper_case_domain" parameter from ntv2_owf_gen().Jeremy Allison3-13/+3
The code in SMBNTLMv2encrypt_hash() should not be requesting case changes on the domain name. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Aug 24 21:39:42 CEST 2012 on sn-devel-104
2012-08-24Remove useless bool "upper_case_domain" parameter.Jeremy Allison1-13/+2
2012-08-24Move uppercasing the domain out of smb_pwd_check_ntlmv2()Jeremy Allison1-9/+21
Allows us to remove a silly bool parameter. Based on work done by "Blohm, Guntram (I/FP-37, extern)" <extern.guntram.blohm@audi.de>.
2012-07-17libcli/auth: add support for AES/HMAC-SHA256 to the netlogon schannel sign/sealStefan Metzmacher1-51/+137
metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17libcli/auth: add support for AES/HMAC-SHA256 schannel session key supportStefan Metzmacher1-3/+63
metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17s4:librpc/rpc/dcerpc_schannel: just append NETLOGON_NEG_RODC_PASSTHROUGH as rodcStefan Metzmacher1-2/+0
The RODC stuff doesn't depend on the schannel algorithm. metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-06-19libcli: use tdb directly, not tdb_compat.Rusty Russell1-2/+2
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-05-03UTIL_TDB: lowercase name.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu May 3 20:18:22 CEST 2012 on sn-devel-104
2012-04-23Make krb5 wrapper library common so they can be used all overSimo Sorce3-310/+1
2012-04-12krb5_wrap: krb5_string_to_key / krb5_encrypt_block are deprecated.Simo Sorce1-4/+4
Remove checks and replace with krb5_c_string_to_key(). Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12auth-krb: Move pac related util functions in a single place.Simo Sorce2-81/+0
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12auth-krb: Make functions static.Simo Sorce1-4/+0
The remaining gssapi_parse functions were used exclusively in gensec_krb5. Move them there and make them static. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12auth-krb: Nove oid packet check to gensec_util.Simo Sorce1-1/+0
This is clearly a utiliy function generic to gensec. Also the 3 callers had identical implementations. Provide a generic implementation for all of them and avoid duplicating the code everywhere. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12krb5_wrap: remove duplicate declaration and dead ifdefSimo Sorce1-4/+0
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-10tdb_wrap: Move to specific directory.Jelmer Vernooij1-1/+1
It's a bit confusing to mix low-level and high-level libraries. We had multiple libraries in one directory, and there were have circular dependencies with other libraries outside that directory (in this case, samba-hostconfig). Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Mar 10 23:13:01 CET 2012 on sn-devel-104
2012-02-25libcli: Remove a pointless checkVolker Lendecke1-3/+1
"n" is size_t, so it is always >=0.
2012-02-17auth: Move the rest of the source4 gensec_ntlmssp code to the top levelAndrew Bartlett1-2/+2
The ntlmssp_server code will be in common shortly, and aside from a symbol name or two, moving the client code causes no harm and makes less mess. We will also get the client code in common very soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17auth/kerberos: Move gse_get_session_key() to common code and use in ↵Andrew Bartlett1-0/+17
gensec_gssapi Thie ensures that both code bases use the same logic to determine the use of NEW_SPNEGO. Andrew Bartlett
2012-01-12auth/kerberos: Remove unused TALLOC_CTX argument to check_pac_checksumAndrew Bartlett1-2/+1
2012-01-10krb5: Require krb5_string_to_key be available to build with krb5Andrew Bartlett1-1/+1
2012-01-10krb5: Require krb5_principal_compare_any_realm be available to build with krb5Andrew Bartlett1-28/+0
2012-01-10krb5: Require krb5_c_verify_checksum is available to build with krb5Andrew Bartlett1-63/+20
2011-12-28auth/kerberos: Move gssapi_parse.c to the top levelAndrew Bartlett1-0/+4
This will help with writing a gensec module for the s3 gse layer. Andrew Bartlett
2011-12-12s4-lsarpc handle more info levels in SetInfoTrustedDomain callsAndrew Bartlett1-1/+1
This uses the very helpful conversion functions written for the s3 lsa server and places these in common. Andrew Bartlett
2011-10-18ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett8-1827/+5
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-13lib/util: Add back control of mmap and hash size in tdb for top level buildAndrew Bartlett1-1/+1
This passes down a struct loadparm_context to allow these parameters to be checked. This may be s3 or s4 context, allowing the #if _SAMBA_BUILD_ macro to go away safely. Andrew Bartlett
2011-10-13libcli/auth: Provide a struct loadparm_context to schannel callsAndrew Bartlett4-13/+14
This will allow us to pass this down to the tdb_wrap layer. Andrew Bartlett
2011-09-14libcli/auth: add some const to SMBNTencrypt_hash() and SMBNTencrypt()Stefan Metzmacher2-4/+4
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Sep 14 19:49:24 CEST 2011 on sn-devel-104
2011-08-03ntlmssp: Add ntlmssp_blob_matches_magic()Andrew Bartlett2-0/+12
This avoids having the same check in 3 different parts of the code Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Aug 3 12:45:04 CEST 2011 on sn-devel-104
2011-08-03gensec: Remove mem_ctx from calls that do not return memoryAndrew Bartlett2-2/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-20tdb_compat: use tdb_errorstr_compat()Rusty Russell1-1/+1
Since TDB2 functions return the error directly, tdb_errorstr() taken an error code, not the tdb as it does in TDB1. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb_compat.h: divert every tdb build and includes to tdb_compatRusty Russell1-1/+1
We change all the headers and wscript files to use tdb_compat; this means we have one place to decide whether to use TDB1 or TDB2. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20libcli/util Rename common map_nt_error_from_unix to avoid duplicate symbolAndrew Bartlett1-3/+3
The two error tables need to be combined, but for now seperate the names. (As the common parts of the tree now use the _common function, errmap_unix.c must be included in the s3 autoconf build). Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Jun 20 08:12:03 CEST 2011 on sn-devel-104
2011-06-20libcli/util Bring samba4 unix -> nt_status code in common.Andrew Bartlett1-1/+1
Due to library link orders, this is already the function that is being used. However we still need to sort out the duplicate symbol issues, probably by renaming things. Andrew Bartlett
2011-06-10libcli/auth/msrpc_parse.h: fix licence/copyrightGünther Deschner1-0/+21
Guenther
2011-05-13libcli/auth/krb5_wrap: correctly use discard_const().Günther Deschner1-2/+2
Jeremy, please check. Guenther
2011-05-12libcli/auth/smbencrypt: in E_deshash, use talloc_stackframe instead of "#if ↵Michael Adam1-8/+4
_SAMBA_BUILD_ == 3" and talloc_tos() talloc_stackframe() is used in other shared components already, and if the stack is a talloc_pool, then in most cases, it should also not be more expensive than directly using talloc_tos(). Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu May 12 12:52:02 CEST 2011 on sn-devel-104
2011-05-10libcli/auth: fix "no talloc stackframe around" message from the ↵Michael Adam1-2/+4
samba4.blackbox.kinit test create_kerberos_key_from_string_direct() used talloc_tos() directly. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
2011-05-06lib/util Move source3 tdb_wrap_open() into the common code.Andrew Bartlett1-3/+1
This #if _SAMBA_BUILD == 3 is very unfortunate, as it means that in the top level build, these options are not available for these databases. However, having two different tdb_wrap lists is a worse fate, so this will do for now. Andrew Bartlett
2011-05-06More const fixes. Remove CONST_DISCARD.Jeremy Allison1-2/+2
2011-05-04Tidy up some missing checks for NULL in strlcpy.Jeremy Allison1-1/+1
2011-05-04Fix simple uses of safe_strcpy -> strlcpy. Easy ones where we just remove -1.Jeremy Allison1-1/+1
2011-04-27auth/kerberos Move all the PAC handling functions to auth/kerberosAndrew Bartlett2-365/+1
2011-04-27auth/kerberos: Create common helper to get the verified PAC from GSSAPIAndrew Bartlett2-1/+6
This only works for Heimdal and MIT Krb5 1.8, other versions will get an ACCESS_DEINED error. We no longer manually verify any details of the PAC in Samba for GSSAPI logins, as we never had the information to do it properly, and it is better to have the GSSAPI library handle it. Andrew Bartlett