summaryrefslogtreecommitdiff
path: root/libcli/auth
AgeCommit message (Collapse)AuthorFilesLines
2012-07-17libcli/auth: add support for AES/HMAC-SHA256 to the netlogon schannel sign/sealStefan Metzmacher1-51/+137
metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17libcli/auth: add support for AES/HMAC-SHA256 schannel session key supportStefan Metzmacher1-3/+63
metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17s4:librpc/rpc/dcerpc_schannel: just append NETLOGON_NEG_RODC_PASSTHROUGH as rodcStefan Metzmacher1-2/+0
The RODC stuff doesn't depend on the schannel algorithm. metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-06-19libcli: use tdb directly, not tdb_compat.Rusty Russell1-2/+2
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-05-03UTIL_TDB: lowercase name.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu May 3 20:18:22 CEST 2012 on sn-devel-104
2012-04-23Make krb5 wrapper library common so they can be used all overSimo Sorce3-310/+1
2012-04-12krb5_wrap: krb5_string_to_key / krb5_encrypt_block are deprecated.Simo Sorce1-4/+4
Remove checks and replace with krb5_c_string_to_key(). Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12auth-krb: Move pac related util functions in a single place.Simo Sorce2-81/+0
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12auth-krb: Make functions static.Simo Sorce1-4/+0
The remaining gssapi_parse functions were used exclusively in gensec_krb5. Move them there and make them static. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12auth-krb: Nove oid packet check to gensec_util.Simo Sorce1-1/+0
This is clearly a utiliy function generic to gensec. Also the 3 callers had identical implementations. Provide a generic implementation for all of them and avoid duplicating the code everywhere. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12krb5_wrap: remove duplicate declaration and dead ifdefSimo Sorce1-4/+0
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-10tdb_wrap: Move to specific directory.Jelmer Vernooij1-1/+1
It's a bit confusing to mix low-level and high-level libraries. We had multiple libraries in one directory, and there were have circular dependencies with other libraries outside that directory (in this case, samba-hostconfig). Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Mar 10 23:13:01 CET 2012 on sn-devel-104
2012-02-25libcli: Remove a pointless checkVolker Lendecke1-3/+1
"n" is size_t, so it is always >=0.
2012-02-17auth: Move the rest of the source4 gensec_ntlmssp code to the top levelAndrew Bartlett1-2/+2
The ntlmssp_server code will be in common shortly, and aside from a symbol name or two, moving the client code causes no harm and makes less mess. We will also get the client code in common very soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17auth/kerberos: Move gse_get_session_key() to common code and use in ↵Andrew Bartlett1-0/+17
gensec_gssapi Thie ensures that both code bases use the same logic to determine the use of NEW_SPNEGO. Andrew Bartlett
2012-01-12auth/kerberos: Remove unused TALLOC_CTX argument to check_pac_checksumAndrew Bartlett1-2/+1
2012-01-10krb5: Require krb5_string_to_key be available to build with krb5Andrew Bartlett1-1/+1
2012-01-10krb5: Require krb5_principal_compare_any_realm be available to build with krb5Andrew Bartlett1-28/+0
2012-01-10krb5: Require krb5_c_verify_checksum is available to build with krb5Andrew Bartlett1-63/+20
2011-12-28auth/kerberos: Move gssapi_parse.c to the top levelAndrew Bartlett1-0/+4
This will help with writing a gensec module for the s3 gse layer. Andrew Bartlett
2011-12-12s4-lsarpc handle more info levels in SetInfoTrustedDomain callsAndrew Bartlett1-1/+1
This uses the very helpful conversion functions written for the s3 lsa server and places these in common. Andrew Bartlett
2011-10-18ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett8-1827/+5
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-13lib/util: Add back control of mmap and hash size in tdb for top level buildAndrew Bartlett1-1/+1
This passes down a struct loadparm_context to allow these parameters to be checked. This may be s3 or s4 context, allowing the #if _SAMBA_BUILD_ macro to go away safely. Andrew Bartlett
2011-10-13libcli/auth: Provide a struct loadparm_context to schannel callsAndrew Bartlett4-13/+14
This will allow us to pass this down to the tdb_wrap layer. Andrew Bartlett
2011-09-14libcli/auth: add some const to SMBNTencrypt_hash() and SMBNTencrypt()Stefan Metzmacher2-4/+4
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Sep 14 19:49:24 CEST 2011 on sn-devel-104
2011-08-03ntlmssp: Add ntlmssp_blob_matches_magic()Andrew Bartlett2-0/+12
This avoids having the same check in 3 different parts of the code Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Aug 3 12:45:04 CEST 2011 on sn-devel-104
2011-08-03gensec: Remove mem_ctx from calls that do not return memoryAndrew Bartlett2-2/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-20tdb_compat: use tdb_errorstr_compat()Rusty Russell1-1/+1
Since TDB2 functions return the error directly, tdb_errorstr() taken an error code, not the tdb as it does in TDB1. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb_compat.h: divert every tdb build and includes to tdb_compatRusty Russell1-1/+1
We change all the headers and wscript files to use tdb_compat; this means we have one place to decide whether to use TDB1 or TDB2. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20libcli/util Rename common map_nt_error_from_unix to avoid duplicate symbolAndrew Bartlett1-3/+3
The two error tables need to be combined, but for now seperate the names. (As the common parts of the tree now use the _common function, errmap_unix.c must be included in the s3 autoconf build). Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Jun 20 08:12:03 CEST 2011 on sn-devel-104
2011-06-20libcli/util Bring samba4 unix -> nt_status code in common.Andrew Bartlett1-1/+1
Due to library link orders, this is already the function that is being used. However we still need to sort out the duplicate symbol issues, probably by renaming things. Andrew Bartlett
2011-06-10libcli/auth/msrpc_parse.h: fix licence/copyrightGünther Deschner1-0/+21
Guenther
2011-05-13libcli/auth/krb5_wrap: correctly use discard_const().Günther Deschner1-2/+2
Jeremy, please check. Guenther
2011-05-12libcli/auth/smbencrypt: in E_deshash, use talloc_stackframe instead of "#if ↵Michael Adam1-8/+4
_SAMBA_BUILD_ == 3" and talloc_tos() talloc_stackframe() is used in other shared components already, and if the stack is a talloc_pool, then in most cases, it should also not be more expensive than directly using talloc_tos(). Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu May 12 12:52:02 CEST 2011 on sn-devel-104
2011-05-10libcli/auth: fix "no talloc stackframe around" message from the ↵Michael Adam1-2/+4
samba4.blackbox.kinit test create_kerberos_key_from_string_direct() used talloc_tos() directly. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
2011-05-06lib/util Move source3 tdb_wrap_open() into the common code.Andrew Bartlett1-3/+1
This #if _SAMBA_BUILD == 3 is very unfortunate, as it means that in the top level build, these options are not available for these databases. However, having two different tdb_wrap lists is a worse fate, so this will do for now. Andrew Bartlett
2011-05-06More const fixes. Remove CONST_DISCARD.Jeremy Allison1-2/+2
2011-05-04Tidy up some missing checks for NULL in strlcpy.Jeremy Allison1-1/+1
2011-05-04Fix simple uses of safe_strcpy -> strlcpy. Easy ones where we just remove -1.Jeremy Allison1-1/+1
2011-04-27auth/kerberos Move all the PAC handling functions to auth/kerberosAndrew Bartlett2-365/+1
2011-04-27auth/kerberos: Create common helper to get the verified PAC from GSSAPIAndrew Bartlett2-1/+6
This only works for Heimdal and MIT Krb5 1.8, other versions will get an ACCESS_DEINED error. We no longer manually verify any details of the PAC in Samba for GSSAPI logins, as we never had the information to do it properly, and it is better to have the GSSAPI library handle it. Andrew Bartlett
2011-04-27libcli/auth Move Samba4's gssapi_error_string from GENSEC to libcli/authAndrew Bartlett3-2/+44
This will allow the GSSAPI PAC fetch code to use it. Andrew Bartlett
2011-04-26libcli/auth Allow parsing of a PAC that is already verified.Andrew Bartlett1-44/+50
By making the verification parameters optional, we can parse a PAC that is already verified. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Apr 26 10:06:59 CEST 2011 on sn-devel-104
2011-04-23Add missing dependency on com_err.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Apr 23 16:53:03 CEST 2011 on sn-devel-104
2011-04-20libcli/auth Move PAC parsing and verification in common.Andrew Bartlett3-2/+375
This uses the source3 PAC code (originally from Samba4) with some small changes to restore functionality needed by the torture tests, and to have a common API. Andrew Bartlett
2011-04-20libcli/auth: Move more kerberos wrapping in commonAndrew Bartlett2-1/+230
These functions are required to get the krb5 PAC parsing and verfication in common. Andrew Bartlett
2011-04-14libcli/auth Fix compile on hosts without krb5Andrew Bartlett1-2/+2
Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Apr 14 11:08:49 CEST 2011 on sn-devel-104
2011-04-14libcli/auth Move krb5 wrapper functions from s3 into commonAndrew Bartlett3-1/+158
This requires a small rework of the build system to ensure that the correct #define statements are made in both the s3 and top level builds. We now define the various HAVE_ macros in config.h at all times, using heimdal_build/wscript_configure when that is in use. Andrew Bartlett
2011-04-14libcli: allow exclusion of netbios name in NTLMV2 blobChristian Ambach1-5/+12
when no hostname is given, leave away the MsvAvNbComputerName part of the ntlmv2 blob Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-04-13s3: Use talloc_tos() in the S3 buildVolker Lendecke1-1/+7
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Apr 13 09:30:55 CEST 2011 on sn-devel-104