summaryrefslogtreecommitdiff
path: root/libcli/auth
AgeCommit message (Collapse)AuthorFilesLines
2010-10-11libcli-auth: Remove unnecessary dependency on libsamba-hostconfig.Jelmer Vernooij1-2/+2
2010-09-23libcli: fix compile warningSimo Sorce1-0/+2
Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-16libcli/auth/ntlmssp Be clear about talloc parents for session keysAndrew Bartlett2-9/+7
The previous API was not clear as to who owned the returned session key. This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code, and avoids making allocations - we steal and zero instead. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-15s4-auth: set the RODC bit for RODC schannelAndrew Tridgell1-0/+1
When we are using SEC_CHAN_RODC we need to set the NETLOGON_NEG_RODC_PASSTHROUGH bit in the negotiated flags in ServerAuthenticate2 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-13ntlm_check: Fix some nonempty blank linesVolker Lendecke1-21/+21
2010-09-11libcli/auth/schannel_state_tdb.c - fix includesMatthias Dieter Wallnöfer1-3/+1
Otherwise we get a "declared inside parameter list" warning.
2010-09-11libcli/auth Failure to find the cached session key for SCHANNEL isn't level 0Andrew Bartlett1-1/+1
This happens all the time, particularly now that we don't keep the db around after a reboot. Don't scare the admins with the level 0. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-26libcli/auth/ntlm_check.c - fix parameter indentationMatthias Dieter Wallnöfer1-3/+3
2010-08-24s3-dcerpc: avoid talloc_move on schannel creds in ↵Günther Deschner2-1/+47
cli_rpc_pipe_open_schannel_with_key(). Initially, the schannel creds were talloc memduped, then, during the netlogon creds client merge (baf7274fed2f1ae7a9e3a57160bf5471566e636c) they were first talloc_referenced and then later (53765c81f726a8c056cc4e57004592dd489975c9) talloc_moved. The issue with using talloc_move here is that users of that function in winbind will only be able to have two schanneled connections, as the cached schannel credentials pointer from the netlogon pipe will be set to NULL. Do a deep copy of the struct instead. Guenther
2010-08-12ntlmssp: fix unitialized variable in ntlmssp_server_postauth().Günther Deschner1-1/+1
Guenther
2010-08-12Fix a typoVolker Lendecke1-1/+1
2010-08-10libcli/auth Make the source3/ implementation of the NTLMSSP server commonAndrew Bartlett2-0/+530
This means that the core logic (but not the initialisation) of the NTLMSSP server is in common, but uses different authentication backends. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10libcli/auth/ntlmssp: remove outdated comment. The version flag is well ↵Günther Deschner1-2/+0
understood now. Guenther
2010-08-10libcli/auth Move some source3/ NTLMSSP functions to the common code.Andrew Bartlett3-0/+120
libcli/auth Use true and false rather than True and False in common code Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-01s3-libads: move spnego defines to their appropriate header file.Günther Deschner1-0/+6
Guenther
2010-06-30libcli: Fixed a build warning for a missing prototype.Andreas Schneider1-0/+1
2010-06-25schannel Change to TDB_CLEAR_IF_FIRST to reduce fsync()Andrew Bartlett1-32/+1
By making this DB TDB_NOSYNC, and by making that safe with TDB_CLEAR_IF_FIRST, we greatly reduce the fsync() load on the server. This particularly helps the source4/ 'make test', which otherwise tries to disable fsync() in ldb. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>
2010-06-25libcli/auth make open_schannel_session_store() publicAndrew Bartlett2-7/+7
This will allow TDB_CLEAR_IF_FIRST to be used Signed-off-by: Jeremy Allison <jra@samba.org>
2010-06-01s4:ntlmssp Use common code for ntlmssp_sign.cAndrew Bartlett2-18/+19
The common code does not have a mem_ctx on ntlmssp_check_packet() and ntlmssp_unseal_packet(). We do however need some internal working of the code exposed, so some structures are moved to ntlmssp_sign.h Andrew Bartlett
2010-05-31s3:ntlmssp Move ntlmssp_sign.c from source3 to common code.Andrew Bartlett4-0/+696
This needs a small re-arrangement of the supporting code. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31ntlmssp: Make the ntlmssp.h from source3/ a common headerAndrew Bartlett1-0/+139
The code is not yet in common, but I hope to fix that soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-20Fix what looks like a cut-and-paste error in our read_negTokenInit() function.Jeremy Allison1-4/+4
We should never be calling asn1_push_XXX functions inside an asn1 reading function. Change asn1_push_tag() -> asn1_start_tag() and asn1_pop_tag() -> asn1_end_tag(). This allows us to connect to a NetApp filer at the Microsoft plugfest. Andrew PLEASE CHECK ! Jeremy.
2010-05-19Thanks to Andrew Bartlett's advice, fix the NTLMSSP version problem the ↵Jeremy Allison1-1/+4
correct way. No more magic blobs :-). Use ndr_push_struct_blob() to push a properly formatted VERSION struct. Jeremy.
2010-05-18s3: Remove use of iconv_convenience.Jelmer Vernooij1-8/+2
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij4-34/+14
2010-04-11libcli/auth: Fix an uninitialized variableVolker Lendecke1-2/+1
value.dptr was used uninitialized in the "goto done;"
2010-04-06s4-waf: more dependencies on tallocAndrew Tridgell1-1/+2
these are needed so we can support a system talloc without using the bundled talloc.h
2010-04-06s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell1-0/+2
them
2010-04-06s4-waf: install the rest of the headersAndrew Tridgell1-5/+1
2010-04-06build: commit all the waf build files in the treeAndrew Tridgell1-0/+27
2010-03-16libcli/auth/schannel_state_tdb.c - fix a memory leakMatthias Dieter Wallnöfer1-0/+1
2010-03-09libcli/auth/schannel_state_tdb.c - fix an obviously wrong error handlingMatthias Dieter Wallnöfer1-1/+0
2010-03-05libcli/auth: add a const to des_crypt112_16()Stefan Metzmacher2-2/+2
metze
2010-03-03Fix typo in comments.Karolin Seeger1-1/+1
2010-02-26libcli/auth: print the error in the debug messageStefan Metzmacher1-1/+2
metze
2010-02-23s4:cleanup remove unused schannel ldb codeSimo Sorce2-339/+0
2010-02-23s4:schannel merge code with s3Simo Sorce1-2/+2
After looking at the s4 side of the (s)channel :) I found out that it makes more sense to simply make it use the tdb based code than redo the same changes done to s3 to simplify the interface. Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet that does not solve the lookup speed, with ldb it is always going to be slower. Looking through the history it is evident that the schannel database doesn't really need greate expanadability. And lookups are always done with a single Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated. The schannel database is not really a persistent one. It can be discared during an upgrade without causing any real issue. all it contains is temproary session data.
2010-02-23schannel_tdb: make code compilable in both treesSimo Sorce2-51/+98
2010-02-23s3:schannel streamline interfaceSimo Sorce2-42/+181
Make calling schannel much easier by removing the need to explicitly open the database. Let the abstraction do it instead.
2010-02-23s3:schannel fix memory hierarchySimo Sorce1-1/+1
passing mem_ctx was causing creds->sid to be allocated on mem_ctx and not be child of creds as expected. When later in schannel_check_creds_state() we stole the creds on a different memory context the sid was left behind and the memory it points to freed when the temporary context was freed.
2010-02-23schannel: merge header filesSimo Sorce2-48/+34
One almost empty header file was simply including another not included by anything else. Just merge them together.
2010-02-23s4:schannel more readable check logicSimo Sorce2-12/+0
Make the initial schannel check logic more understandable. Make it easy to define different policies depending on the caller's security requirements (Integrity/Privacy/Both/None) This is the same change applied to s3
2010-02-23s3:schannel more readable check logicSimo Sorce2-17/+0
Make the initial schannel check logic more understandable. Make it easy to define different policies depending on ther caller's security requirements (Integrity/Privacy/Both/None)
2010-02-02Change uint_t to unsigned int in libcliMatt Kraai3-3/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-07Simplify E_md5hash a bitVolker Lendecke1-6/+2
2009-12-22libcli/auth Make gd's NDR NTLMSSP parsers helpers commonAndrew Bartlett2-0/+189
(but not built in Samba4 for now)
2009-10-24libcli/auth: initialize creds in netlogon_creds_client_init_session_key()Stefan Metzmacher1-2/+3
metze
2009-10-24libcli/auth: fix memory leak in schannel_creds_server_step_check_ldb()Stefan Metzmacher1-24/+37
metze
2009-10-24libcli/auth: don't leak the ldb_msg in schannel_store_session_key_ldb()Stefan Metzmacher1-1/+1
metze
2009-10-04s3/s4 common: fix up header fileMatthias Dieter Wallnöfer1-2/+1