Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
|
|
metze
|
|
metze
|
|
The other functions just add entries to it.
metze
|
|
metze
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
The validation of the mutual authentication reply produces no further
data to send to the server.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
It up to the client to ask for GSS_C_MUTUAL_FLAG,
except for the dcerpc case, where the server is stricter.
metze
|
|
GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG, so also check for it.
metze
|
|
The only user for this flag is called only directly after it was set.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
The NT_STATUS_MORE_PROCESSING_REQUIRED status code is what gensec
is expecting in any case.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This make it clearer what type of flags these are and matches
gensec_gssapi
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
SPNEGO is implemented only in terms of gensec mechanisms now.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
SPNEGO is implemented only in terms of gensec mechanisms now.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
The GSE layer is now used via the GENSEC module, so we do not need these
functions exposed any more.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This simplifies a lot of code, as we know we are always dealing
with a struct gensec_security, and allows the gensec module being
used to implement GSSAPI to be swapped for AD-server operation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This simplifies a lot of code, as we know we are always dealing with a
struct gensec_security, and allows the gensec module being used to
implement GSSAPI to be swapped when required for AD-server operation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This brings in part of the s4 gensec_gssapi as the boilerplate for the
new module.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This can handle any gensec auth type now.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
As well as renaming, this allows us to start the mech by DCE/RPC auth
type or OID.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
gss_krb5int_make_seal_token_v3_iov() doesn't set '*conf_state'.
metze
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
kerberos_get_principal_from_service_hostname()
This is now used in the GSE GSSAPI client, so that when we connect to
a target server at the CIFS level, we use the same name to connect
at the DCE/RPC level.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This allows gse_get_session_key() to work against Heimdal.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 22 20:57:27 CET 2011 on sn-devel-104
|
|
This structure handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Dec 13 14:13:38 CET 2011 on sn-devel-104
|
|
|
|
|
|
|
|
We always dereferenced auth_ntlmssp_state->gensec_security, so now we
do not bother passing around the whole auth_ntlmssp_state.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
We now just call the gensec_session_key() directly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
We now just call the gensec_want_feature() directly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This avoids the indirection via the auth_ntlmsssp wrapper functions.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|