summaryrefslogtreecommitdiff
path: root/source3/librpc/crypto
AgeCommit message (Collapse)AuthorFilesLines
2012-01-18s3-gse: Make gensec_gse cope with non-DCE GSSAPIAndrew Bartlett1-5/+8
The validation of the mutual authentication reply produces no further data to send to the server. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse: the server should not check for GSS_C_MUTUAL_FLAGStefan Metzmacher1-6/+0
It up to the client to ask for GSS_C_MUTUAL_FLAG, except for the dcerpc case, where the server is stricter. metze
2012-01-18s3-gse: verify that we got GSS_C_DCE_STYLE when expectedStefan Metzmacher1-0/+11
GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG, so also check for it. metze
2012-01-18s3-gse Remove authenticated flag from gseAndrew Bartlett1-7/+0
The only user for this flag is called only directly after it was set. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse remove special more_processing hook from gseAndrew Bartlett1-12/+2
The NT_STATUS_MORE_PROCESSING_REQUIRED status code is what gensec is expecting in any case. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse Rename gss_c_flags and ret_flags in gseAndrew Bartlett1-18/+18
This make it clearer what type of flags these are and matches gensec_gssapi Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse Rename gss_ctx to match gensec_gssapi_contextAndrew Bartlett1-17/+17
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse Rename delegated_creds to match gensec_gssapi_contextAndrew Bartlett1-4/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse gss_wrap_iov_length() only needs the type and lengthStefan Metzmacher1-2/+4
metze
2012-01-18s3-gse Make seal parameter a boolean for clarityAndrew Bartlett1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Remove special case for spnego session keyAndrew Bartlett2-15/+0
SPNEGO is implemented only in terms of gensec mechanisms now. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse Move GSS_C_DCE_STYLE backup definition to gse.cAndrew Bartlett2-4/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse Add constAndrew Bartlett1-4/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse Remove or make static unused/local-only GSE functionsAndrew Bartlett2-270/+33
The GSE layer is now used via the GENSEC module, so we do not need these functions exposed any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Remove layer around struct gensec_securityAndrew Bartlett2-11/+9
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc: Simplify SPNEGO code now that all mechs use a struct gensec_securityAndrew Bartlett2-77/+27
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Call SPENGO/GSSAPI via the auth_generic layer and gensecAndrew Bartlett2-95/+17
This simplifies a lot of code, as we know we are always dealing with a struct gensec_security, and allows the gensec module being used to implement GSSAPI to be swapped for AD-server operation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Allow spnego_generic_init_client to handle kerberos tooAndrew Bartlett1-0/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse Make gse available as a gensec client moduleAndrew Bartlett2-1/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse: Add gensec wrapper for gse GSSAPI clientAndrew Bartlett1-0/+440
This brings in part of the s4 gensec_gssapi as the boilerplate for the new module. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11s3-librpc Supply target service and server to spnego_generic_init_client()Andrew Bartlett2-0/+16
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11s3-librpc: Rename spnego_ntlmssp_init_client and make genericAndrew Bartlett2-4/+15
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11s3-librpc Return user principal name on supplied mem_ctxAndrew Bartlett1-3/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-06s3-libsmb Make auth_ntlmssp client more genericAndrew Bartlett1-12/+13
As well as renaming, this allows us to start the mech by DCE/RPC auth type or OID. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3:gse: MIT krb5 1.8.1 has a bug in gss_wrap_iov()Stefan Metzmacher1-1/+1
gss_krb5int_make_seal_token_v3_iov() doesn't set '*conf_state'. metze
2012-01-05s3-librpc store the sign/seal flags we got in the gssapi clientAndrew Bartlett1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-libads Factor out a new routine ↵Andrew Bartlett1-3/+11
kerberos_get_principal_from_service_hostname() This is now used in the GSE GSSAPI client, so that when we connect to a target server at the CIFS level, we use the same name to connect at the DCE/RPC level. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-librpc Use gsskrb5_get_subkey() where available to get the session keyAndrew Bartlett1-0/+15
This allows gse_get_session_key() to work against Heimdal. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth rename auth_ntlmssp_state -> auth_generic_stateAndrew Bartlett1-1/+1
This structure handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove references to auth_ntlmssp_context from the rpc codeAndrew Bartlett2-17/+20
We always dereferenced auth_ntlmssp_state->gensec_security, so now we do not bother passing around the whole auth_ntlmssp_state. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove auth_ntlmssp_session_key()Andrew Bartlett1-2/+7
We now just call the gensec_session_key() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove auth_ntlmssp_want_feature()Andrew Bartlett1-4/+4
We now just call the gensec_want_feature() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp use gensec_{seal,unseal,sign,check}_packetAndrew Bartlett1-22/+22
This avoids the indirection via the auth_ntlmsssp wrapper functions. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove auth_ntlmssp_update wrapperAndrew Bartlett1-2/+3
We now just call gensec_update directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-ntlmssp split auth_ntlmssp_client_start() into two partsAndrew Bartlett1-4/+7
This will allow it to be a wrapper around a gensec module, which requires that they options be set on a context, but before the mechanism is started. This also simplfies the callers, by moving the lp_*() calls into one place. Andrew Bartlett
2011-10-18ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett1-1/+1
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-09-30s3: Remove an unused variableVolker Lendecke1-2/+0
2011-08-03s3-ntlmssp Remove auth_ntlmssp_and_flags()Andrew Bartlett1-7/+0
There is no need to mask out these flags as they simply are not set yet. The correct abstraction is to ask for NTLMSSP features. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Remove auth_ntlmssp_or_flagsAndrew Bartlett1-5/+4
We now just use auth_ntlmssp_want_feature to get extra flags on the NTLMSSP context Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Remove calls to auth_ntlmssp_and_flags from the serverAndrew Bartlett1-0/+1
This is changed so that the callers ask for the additional flags that they need, starting with no additional flags. This helps to create a proper abstraction layer in ntlmssp_wrap/auth_ntlmssp. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_updateAndrew Bartlett1-1/+1
This clarifies the lifetime of the returned token. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_get_session_key()Andrew Bartlett1-3/+2
2011-07-20s3-gse Work around the MIT 1.9 gss_krb5_import_credAndrew Bartlett1-6/+16
We detect this function at configure time, but it currently fails to operate the way we need - that is, when the principal is not specified, it gives this error. When the principal is specified we get 'wrong principal in request' in the GSS acceptor, so for now the best option is to fall back to the alternate approach. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Jul 20 06:35:05 CEST 2011 on sn-devel-104
2011-07-20s3-gse Allow printing the partial error stringAndrew Bartlett1-6/+6
We may not be able to obtain the full error string, so print what we can get. This is required when the error is the the GSSAPI layer, not the mechanism. Andrew Bartlett
2011-07-04s3-auth: Added remote_address to ntlmssp server.Andreas Schneider1-0/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-06-09s3-param Remove special case for global_myname(), rename to lp_netbios_name()Andrew Bartlett2-2/+2
There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett
2011-05-10s3:librpc: remove unneded gssapi includes from source3/librpc/crypto/gse.cMichael Adam1-6/+0
These come in via the smb_krb5.h include (and lib/replace/system/kerberos.h) in the end. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Tue May 10 23:12:31 CEST 2011 on sn-devel-104
2011-05-05Fix many const compiler warnings.Jeremy Allison1-21/+23
2011-04-27s3-rpc_server Fix compile without kerberosAndrew Bartlett1-1/+2
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Apr 27 23:08:48 CEST 2011 on sn-devel-104
2011-04-27s3-gse: Don't release the mech OID from gss_accept_security_contextAndrew Bartlett1-4/+31
This is constant data according to the man pages I find for this fucntion, and causes a segfault to free() when linked to Heimdal. I am advised that while it is constant for gss_mech_krb5, it may not be for other mechanisms, so an assert will ensure this is dealt with by the programmer who extends this code in future. Andrew Bartlett
generated by cgit (git 2.34.1) at 2024-11-26 08:35:25 +0000