summaryrefslogtreecommitdiff
path: root/libcli/auth
AgeCommit message (Collapse)AuthorFilesLines
2011-03-27s3: Fix Coverity ID 682: NEGATIVE_RETURNSVolker Lendecke1-1/+4
2011-03-24charcnv: removed the allow_badcharcnv and allow_bad_conv options to ↵Andrew Tridgell3-5/+4
convert_string*() we shouldn't accept bad multi-byte strings, it just hides problems Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
2011-02-24build: moved spnego_parse.c into a common subsystemAndrew Tridgell1-1/+5
2011-02-24build: moved schannel_sign.c into a shared COMMON_SCHANNEL subsystemAndrew Tridgell1-3/+3
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-24build: moved libcli/auth/ntlmssp*.c into a common libcliauth.so libraryAndrew Tridgell1-5/+10
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-17idl: naming a structure 'VERSION' is not a good idea!Andrew Tridgell1-2/+2
this renames it to ntlmssp_VERSION Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-11libcli/auth: fix PAM_ERRORS subsystem build.Günther Deschner1-1/+2
(waf-)god knows why, without this (fake) dependency, ./configure && make fails while including replace.h while ./configure.developer && make succeeds... Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Feb 11 23:50:40 CET 2011 on sn-devel-104
2011-02-08pam: share pam errors in a common location.Günther Deschner3-0/+176
Guenther
2011-01-20libcli/auth move ntlmssp_wrap() and ntlmssp_unwrap() into common code.Andrew Bartlett2-0/+147
The idea here is to allow the source3/libads/sasl.c code to call this instead of the lower level ntlmssp_* functions. Andrew Bartlett
2011-01-03libcli/auth: add netsec_outgoing_sig_size()Stefan Metzmacher2-0/+15
The size of the signature blob depends on the used algorithm. metze
2010-12-21s3/s4:auth SPNEGO - adaptions for the removed "const" from OIDsMatthias Dieter Wallnöfer1-2/+6
This is needed in order to suppress warnings.
2010-12-08libcli/auth bring ADS_IGNORE_PRINCIPAL in commonAndrew Bartlett1-0/+2
2010-12-07libcli/auth: let spnego_write_mech_types() check the asn1_load() returnStefan Metzmacher1-0/+4
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Dec 7 18:23:41 CET 2010 on sn-devel-104
2010-10-31s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij1-26/+0
The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
2010-10-30s4-tdb: make tdb-wrap into a private libraryAndrew Tridgell1-1/+1
this prevents double linking of the tdb wrap code
2010-10-26waf: Remove lib prefix from libraries manually.Jelmer Vernooij1-1/+1
2010-10-24s4: Rename LIBSAMBA-* to libsamba-*Jelmer Vernooij1-1/+1
2010-10-11libcli-auth: Remove unnecessary dependency on libsamba-hostconfig.Jelmer Vernooij1-2/+2
2010-09-23libcli: fix compile warningSimo Sorce1-0/+2
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-16libcli/auth/ntlmssp Be clear about talloc parents for session keysAndrew Bartlett2-9/+7
The previous API was not clear as to who owned the returned session key. This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code, and avoids making allocations - we steal and zero instead. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-15s4-auth: set the RODC bit for RODC schannelAndrew Tridgell1-0/+1
When we are using SEC_CHAN_RODC we need to set the NETLOGON_NEG_RODC_PASSTHROUGH bit in the negotiated flags in ServerAuthenticate2 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-13ntlm_check: Fix some nonempty blank linesVolker Lendecke1-21/+21
2010-09-11libcli/auth/schannel_state_tdb.c - fix includesMatthias Dieter Wallnöfer1-3/+1
Otherwise we get a "declared inside parameter list" warning.
2010-09-11libcli/auth Failure to find the cached session key for SCHANNEL isn't level 0Andrew Bartlett1-1/+1
This happens all the time, particularly now that we don't keep the db around after a reboot. Don't scare the admins with the level 0. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-26libcli/auth/ntlm_check.c - fix parameter indentationMatthias Dieter Wallnöfer1-3/+3
2010-08-24s3-dcerpc: avoid talloc_move on schannel creds in ↵Günther Deschner2-1/+47
cli_rpc_pipe_open_schannel_with_key(). Initially, the schannel creds were talloc memduped, then, during the netlogon creds client merge (baf7274fed2f1ae7a9e3a57160bf5471566e636c) they were first talloc_referenced and then later (53765c81f726a8c056cc4e57004592dd489975c9) talloc_moved. The issue with using talloc_move here is that users of that function in winbind will only be able to have two schanneled connections, as the cached schannel credentials pointer from the netlogon pipe will be set to NULL. Do a deep copy of the struct instead. Guenther
2010-08-12ntlmssp: fix unitialized variable in ntlmssp_server_postauth().Günther Deschner1-1/+1
Guenther
2010-08-12Fix a typoVolker Lendecke1-1/+1
2010-08-10libcli/auth Make the source3/ implementation of the NTLMSSP server commonAndrew Bartlett2-0/+530
This means that the core logic (but not the initialisation) of the NTLMSSP server is in common, but uses different authentication backends. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10libcli/auth/ntlmssp: remove outdated comment. The version flag is well ↵Günther Deschner1-2/+0
understood now. Guenther
2010-08-10libcli/auth Move some source3/ NTLMSSP functions to the common code.Andrew Bartlett3-0/+120
libcli/auth Use true and false rather than True and False in common code Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-01s3-libads: move spnego defines to their appropriate header file.Günther Deschner1-0/+6
Guenther
2010-06-30libcli: Fixed a build warning for a missing prototype.Andreas Schneider1-0/+1
2010-06-25schannel Change to TDB_CLEAR_IF_FIRST to reduce fsync()Andrew Bartlett1-32/+1
By making this DB TDB_NOSYNC, and by making that safe with TDB_CLEAR_IF_FIRST, we greatly reduce the fsync() load on the server. This particularly helps the source4/ 'make test', which otherwise tries to disable fsync() in ldb. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>
2010-06-25libcli/auth make open_schannel_session_store() publicAndrew Bartlett2-7/+7
This will allow TDB_CLEAR_IF_FIRST to be used Signed-off-by: Jeremy Allison <jra@samba.org>
2010-06-01s4:ntlmssp Use common code for ntlmssp_sign.cAndrew Bartlett2-18/+19
The common code does not have a mem_ctx on ntlmssp_check_packet() and ntlmssp_unseal_packet(). We do however need some internal working of the code exposed, so some structures are moved to ntlmssp_sign.h Andrew Bartlett
2010-05-31s3:ntlmssp Move ntlmssp_sign.c from source3 to common code.Andrew Bartlett4-0/+696
This needs a small re-arrangement of the supporting code. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31ntlmssp: Make the ntlmssp.h from source3/ a common headerAndrew Bartlett1-0/+139
The code is not yet in common, but I hope to fix that soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-20Fix what looks like a cut-and-paste error in our read_negTokenInit() function.Jeremy Allison1-4/+4
We should never be calling asn1_push_XXX functions inside an asn1 reading function. Change asn1_push_tag() -> asn1_start_tag() and asn1_pop_tag() -> asn1_end_tag(). This allows us to connect to a NetApp filer at the Microsoft plugfest. Andrew PLEASE CHECK ! Jeremy.
2010-05-19Thanks to Andrew Bartlett's advice, fix the NTLMSSP version problem the ↵Jeremy Allison1-1/+4
correct way. No more magic blobs :-). Use ndr_push_struct_blob() to push a properly formatted VERSION struct. Jeremy.
2010-05-18s3: Remove use of iconv_convenience.Jelmer Vernooij1-8/+2
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij4-34/+14
2010-04-11libcli/auth: Fix an uninitialized variableVolker Lendecke1-2/+1
value.dptr was used uninitialized in the "goto done;"
2010-04-06s4-waf: more dependencies on tallocAndrew Tridgell1-1/+2
these are needed so we can support a system talloc without using the bundled talloc.h
2010-04-06s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell1-0/+2
them
2010-04-06s4-waf: install the rest of the headersAndrew Tridgell1-5/+1
2010-04-06build: commit all the waf build files in the treeAndrew Tridgell1-0/+27
2010-03-16libcli/auth/schannel_state_tdb.c - fix a memory leakMatthias Dieter Wallnöfer1-0/+1
2010-03-09libcli/auth/schannel_state_tdb.c - fix an obviously wrong error handlingMatthias Dieter Wallnöfer1-1/+0
2010-03-05libcli/auth: add a const to des_crypt112_16()Stefan Metzmacher2-2/+2
metze