summaryrefslogtreecommitdiff
path: root/libcli/auth
AgeCommit message (Collapse)AuthorFilesLines
2012-01-12auth/kerberos: Remove unused TALLOC_CTX argument to check_pac_checksumAndrew Bartlett1-2/+1
2012-01-10krb5: Require krb5_string_to_key be available to build with krb5Andrew Bartlett1-1/+1
2012-01-10krb5: Require krb5_principal_compare_any_realm be available to build with krb5Andrew Bartlett1-28/+0
2012-01-10krb5: Require krb5_c_verify_checksum is available to build with krb5Andrew Bartlett1-63/+20
2011-12-28auth/kerberos: Move gssapi_parse.c to the top levelAndrew Bartlett1-0/+4
This will help with writing a gensec module for the s3 gse layer. Andrew Bartlett
2011-12-12s4-lsarpc handle more info levels in SetInfoTrustedDomain callsAndrew Bartlett1-1/+1
This uses the very helpful conversion functions written for the s3 lsa server and places these in common. Andrew Bartlett
2011-10-18ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett8-1827/+5
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-13lib/util: Add back control of mmap and hash size in tdb for top level buildAndrew Bartlett1-1/+1
This passes down a struct loadparm_context to allow these parameters to be checked. This may be s3 or s4 context, allowing the #if _SAMBA_BUILD_ macro to go away safely. Andrew Bartlett
2011-10-13libcli/auth: Provide a struct loadparm_context to schannel callsAndrew Bartlett4-13/+14
This will allow us to pass this down to the tdb_wrap layer. Andrew Bartlett
2011-09-14libcli/auth: add some const to SMBNTencrypt_hash() and SMBNTencrypt()Stefan Metzmacher2-4/+4
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Sep 14 19:49:24 CEST 2011 on sn-devel-104
2011-08-03ntlmssp: Add ntlmssp_blob_matches_magic()Andrew Bartlett2-0/+12
This avoids having the same check in 3 different parts of the code Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Aug 3 12:45:04 CEST 2011 on sn-devel-104
2011-08-03gensec: Remove mem_ctx from calls that do not return memoryAndrew Bartlett2-2/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-20tdb_compat: use tdb_errorstr_compat()Rusty Russell1-1/+1
Since TDB2 functions return the error directly, tdb_errorstr() taken an error code, not the tdb as it does in TDB1. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb_compat.h: divert every tdb build and includes to tdb_compatRusty Russell1-1/+1
We change all the headers and wscript files to use tdb_compat; this means we have one place to decide whether to use TDB1 or TDB2. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20libcli/util Rename common map_nt_error_from_unix to avoid duplicate symbolAndrew Bartlett1-3/+3
The two error tables need to be combined, but for now seperate the names. (As the common parts of the tree now use the _common function, errmap_unix.c must be included in the s3 autoconf build). Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Jun 20 08:12:03 CEST 2011 on sn-devel-104
2011-06-20libcli/util Bring samba4 unix -> nt_status code in common.Andrew Bartlett1-1/+1
Due to library link orders, this is already the function that is being used. However we still need to sort out the duplicate symbol issues, probably by renaming things. Andrew Bartlett
2011-06-10libcli/auth/msrpc_parse.h: fix licence/copyrightGünther Deschner1-0/+21
Guenther
2011-05-13libcli/auth/krb5_wrap: correctly use discard_const().Günther Deschner1-2/+2
Jeremy, please check. Guenther
2011-05-12libcli/auth/smbencrypt: in E_deshash, use talloc_stackframe instead of "#if ↵Michael Adam1-8/+4
_SAMBA_BUILD_ == 3" and talloc_tos() talloc_stackframe() is used in other shared components already, and if the stack is a talloc_pool, then in most cases, it should also not be more expensive than directly using talloc_tos(). Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu May 12 12:52:02 CEST 2011 on sn-devel-104
2011-05-10libcli/auth: fix "no talloc stackframe around" message from the ↵Michael Adam1-2/+4
samba4.blackbox.kinit test create_kerberos_key_from_string_direct() used talloc_tos() directly. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
2011-05-06lib/util Move source3 tdb_wrap_open() into the common code.Andrew Bartlett1-3/+1
This #if _SAMBA_BUILD == 3 is very unfortunate, as it means that in the top level build, these options are not available for these databases. However, having two different tdb_wrap lists is a worse fate, so this will do for now. Andrew Bartlett
2011-05-06More const fixes. Remove CONST_DISCARD.Jeremy Allison1-2/+2
2011-05-04Tidy up some missing checks for NULL in strlcpy.Jeremy Allison1-1/+1
2011-05-04Fix simple uses of safe_strcpy -> strlcpy. Easy ones where we just remove -1.Jeremy Allison1-1/+1
2011-04-27auth/kerberos Move all the PAC handling functions to auth/kerberosAndrew Bartlett2-365/+1
2011-04-27auth/kerberos: Create common helper to get the verified PAC from GSSAPIAndrew Bartlett2-1/+6
This only works for Heimdal and MIT Krb5 1.8, other versions will get an ACCESS_DEINED error. We no longer manually verify any details of the PAC in Samba for GSSAPI logins, as we never had the information to do it properly, and it is better to have the GSSAPI library handle it. Andrew Bartlett
2011-04-27libcli/auth Move Samba4's gssapi_error_string from GENSEC to libcli/authAndrew Bartlett3-2/+44
This will allow the GSSAPI PAC fetch code to use it. Andrew Bartlett
2011-04-26libcli/auth Allow parsing of a PAC that is already verified.Andrew Bartlett1-44/+50
By making the verification parameters optional, we can parse a PAC that is already verified. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Apr 26 10:06:59 CEST 2011 on sn-devel-104
2011-04-23Add missing dependency on com_err.Jelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Apr 23 16:53:03 CEST 2011 on sn-devel-104
2011-04-20libcli/auth Move PAC parsing and verification in common.Andrew Bartlett3-2/+375
This uses the source3 PAC code (originally from Samba4) with some small changes to restore functionality needed by the torture tests, and to have a common API. Andrew Bartlett
2011-04-20libcli/auth: Move more kerberos wrapping in commonAndrew Bartlett2-1/+230
These functions are required to get the krb5 PAC parsing and verfication in common. Andrew Bartlett
2011-04-14libcli/auth Fix compile on hosts without krb5Andrew Bartlett1-2/+2
Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Apr 14 11:08:49 CEST 2011 on sn-devel-104
2011-04-14libcli/auth Move krb5 wrapper functions from s3 into commonAndrew Bartlett3-1/+158
This requires a small rework of the build system to ensure that the correct #define statements are made in both the s3 and top level builds. We now define the various HAVE_ macros in config.h at all times, using heimdal_build/wscript_configure when that is in use. Andrew Bartlett
2011-04-14libcli: allow exclusion of netbios name in NTLMV2 blobChristian Ambach1-5/+12
when no hostname is given, leave away the MsvAvNbComputerName part of the ntlmv2 blob Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-04-13s3: Use talloc_tos() in the S3 buildVolker Lendecke1-1/+7
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Apr 13 09:30:55 CEST 2011 on sn-devel-104
2011-04-13libcli/auth Use convert_string_error to check LM hash calculation.Andrew Bartlett1-9/+24
This allows us to know if the LM hash was built correctly or not. NOTE: talloc_tos() is not available in the common code at this time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-04-06lib: make asn1_util a private libraryAndrew Tridgell1-1/+1
this prevents symbol duplication of the asn1 symbols in the service and ntvfs subsystems Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-03-29Ensure convert_string_XXX is always called with a valid converted_size pointer.Jeremy Allison1-1/+2
Preparation for cleaning up this API. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Mar 29 21:01:49 CEST 2011 on sn-devel-104
2011-03-28Fix inspired by work done by David Disseldorp for bug #8040 - smbclient ↵Jeremy Allison5-19/+52
segfaults when a Cyrillic netbios name or workgroup is configured. Change msrpc_gen to return NTSTATUS and ensure everywhere this is used it is correctly checked to return that status. Jeremy.
2011-03-27s3: Fix Coverity ID 682: NEGATIVE_RETURNSVolker Lendecke1-1/+4
2011-03-24charcnv: removed the allow_badcharcnv and allow_bad_conv options to ↵Andrew Tridgell3-5/+4
convert_string*() we shouldn't accept bad multi-byte strings, it just hides problems Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
2011-02-24build: moved spnego_parse.c into a common subsystemAndrew Tridgell1-1/+5
2011-02-24build: moved schannel_sign.c into a shared COMMON_SCHANNEL subsystemAndrew Tridgell1-3/+3
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-24build: moved libcli/auth/ntlmssp*.c into a common libcliauth.so libraryAndrew Tridgell1-5/+10
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-17idl: naming a structure 'VERSION' is not a good idea!Andrew Tridgell1-2/+2
this renames it to ntlmssp_VERSION Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-11libcli/auth: fix PAM_ERRORS subsystem build.Günther Deschner1-1/+2
(waf-)god knows why, without this (fake) dependency, ./configure && make fails while including replace.h while ./configure.developer && make succeeds... Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Feb 11 23:50:40 CET 2011 on sn-devel-104
2011-02-08pam: share pam errors in a common location.Günther Deschner3-0/+176
Guenther
2011-01-20libcli/auth move ntlmssp_wrap() and ntlmssp_unwrap() into common code.Andrew Bartlett2-0/+147
The idea here is to allow the source3/libads/sasl.c code to call this instead of the lower level ntlmssp_* functions. Andrew Bartlett
2011-01-03libcli/auth: add netsec_outgoing_sig_size()Stefan Metzmacher2-0/+15
The size of the signature blob depends on the used algorithm. metze
2010-12-21s3/s4:auth SPNEGO - adaptions for the removed "const" from OIDsMatthias Dieter Wallnöfer1-2/+6
This is needed in order to suppress warnings.