summaryrefslogtreecommitdiff
path: root/source3/libsmb/clispnego.c
AgeCommit message (Collapse)AuthorFilesLines
2012-03-02s3-libsmb: Initialise ticket to ensure we do not invalid memoryAndrew Bartlett1-0/+1
The free is however a talloc_free(), which has additional protection against freeing the wrong thing. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Mar 2 01:45:19 CET 2012 on sn-devel-104
2012-02-24s3-libsmb: Remove unused spnego_parse_auth_and_micAndrew Bartlett1-40/+0
2012-02-23s3-libsmb: Remove unused spnego functionsAndrew Bartlett1-109/+0
2011-09-21Try and fix bug #8472 - Crash in asn.1 parsing code.Jeremy Allison1-1/+6
Found by Codenomicon at the SNIA plugfest. Don't keep going in the loop when reading the OIDs fail. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Sep 21 05:24:59 CEST 2011 on sn-devel-104
2011-03-16s3-build: only include asn1 headers where actually needed.Günther Deschner1-0/+1
Guenther
2010-12-21s3/s4:auth SPNEGO - adaptions for the removed "const" from OIDsMatthias Dieter Wallnöfer1-3/+1
This is needed in order to suppress warnings.
2010-09-23s3-dcerpc: add spnego server helpersSimo Sorce1-4/+75
squashed: add michlistMIC signature checks Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-20s3-libsmb: Use data_blob_talloc to get krb5 ticket and session keysSimo Sorce1-5/+6
2010-07-20Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL ↵Jeremy Allison1-17/+19
contexts. Jeremy.
2010-07-20Fix one more data_blob -> data_blob_talloc. Move away from implicit NULL ↵Jeremy Allison1-5/+7
context tallocs. Jeremy.
2010-07-20Add TALLOC_CTX argument to spnego_parse_negTokenInit, reduceJeremy Allison1-6/+5
use of malloc, and data_blob(). Jeremy.
2010-07-20Rename spnego_gen_negTokenTarg() -> spnego_gen_krb5_negTokenInit()Jeremy Allison1-3/+3
as this correctly describes what this function does. Jeremy.
2010-07-20Remove gen_negTokenTarg(), as it's not actually creating a TokenTarg frame, ↵Jeremy Allison1-47/+1
but a TokenInit one. Move to using spnego_gen_negTokenInit() instead. Jeremy
2010-07-20Fixes pointed out by <david.kondrad@legrand.us>. Free memory if not beingJeremy Allison1-38/+37
returned to caller. Remove unneeded asn1_tag_remaining() calls. Jeremy.
2010-07-19Remove gen_negTokenInit() - change all callers to spnego_gen_negTokenInit().Jeremy Allison1-53/+17
We now have one function to do this in all calling code. More rationalization to follow. Jeremy.
2010-07-19Move the addition of the 16 byte guid out of spnego_gen_negTokenInit() andJeremy Allison1-4/+2
into negprot_spnego() where it belongs (it's not an SPNEGO operation). Add a TALLOC_CTX for callers of negprot_spnego(). Closer to unifying all the gen_negTokenXXX calls. Jeremy.
2010-07-19Remove parse_negTokenTarg(), as it's actually incorrect. We're processingJeremy Allison1-74/+24
negTokenInit's here. Use common code in spnego_parse_negTokenInit(). Jeremy.
2010-07-19Fix [Bug 7577] SPNEGO auth fails when contacting Win7 system using Microsoft ↵Jeremy Allison1-7/+54
Live Sign-in Assistant Based on code from <david.kondrad@legrand.us>. Cope with every NegTokenInit ::= SEQUENCE value. Jeremy.
2009-11-27s3-kerberos: only use krb5 headers where required.Günther Deschner1-0/+1
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther
2009-11-06s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg.Günther Deschner1-1/+1
Guenther
2009-10-15s3-spnego: fix memleak in spnego_parse_auth().Günther Deschner1-1/+5
Guenther
2009-10-15s3-spnego: Fix Bug #6815. Windows 2008 R2 SPNEGO negTokenTarg parsing failure.Günther Deschner1-19/+12
When parsing a SPNEGO session setup retry (falling back from KRB5 to NTLMSSP), we failed to parse the ASN1_ENUMERATED negResult in the negTokenTarg, thus failing spnego_parse_auth() completely. By just using the shared spnego/asn1 code, we get the parsing the correct way. Guenther
2009-09-17spnego: share spnego_parse.Günther Deschner1-7/+8
Guenther
2009-08-11Rename ASN1_BITFIELD to ASN1_BIT_STRING.Kouhei Sutou1-1/+1
X.690 uses "BIT STRING" not "BIT FIELD".
2009-07-16More conversions of NULL -> talloc_autofree_context()Jeremy Allison1-9/+9
so we at least know when we're using a long-lived context. Jeremy.
2008-10-23s3-build: fix some const build warnings.Günther Deschner1-2/+2
Guenther
2008-10-22s3-asn1: make all of s3 asn1 code do a proper asn1_init() first.Günther Deschner1-242/+287
Guenther
2008-10-22s3: use shared asn1 code.Günther Deschner1-17/+17
Guenther
2008-04-07Fix Kerberos interop with Mac OS X 10.5 clients.Bill Ricker1-0/+12
Ignore optional req_flags. Use the Kerberos mechanism OID negotiated with the client rather than hardcoding OID_KERBEROS5_OLD. (This used to be commit 59a2bcf30fef14ecc826271862b645dd3a61cb48)
2008-02-14Allow the mechOID to be written separately.Jeremy Allison1-2/+4
Jeremy. (This used to be commit e3e08c6e7d270e1be7a9d3042b1f36f5a291f90a)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-9/+9
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r25407: Revert Longhorn join patch as it is not correct for the 3.2 tree.Gerald Carter1-19/+0
The translate_name() used by cli_session_setup_spnego() cann rely Winbindd since it is needed by the join process (and hence before Winbind can be run). (This used to be commit 00a93ed336c5f36643e6e33bd277608eaf05677c)
2007-10-10r25400: Windows 2008 (Longhorn) Interop fixes for AD specific auth2 flags,Gerald Carter1-0/+19
and client fixes. Patch from Todd Stetcher <todd.stetcher@isilon.com>. (This used to be commit 8304ccba7346597425307e260e88647e49081f68)
2007-10-10r25227: Patch from "Steven Danneman" <steven.danneman@isilon.com>:Stefan Metzmacher1-0/+14
- We ran across a bug joining our Samba server to a Win2K domain with LDAP signing turned on. Upon investigation I discovered that there is a bug in Win2K server which returns a duplicated responseToken in the LDAP bindResponse packet. This blob is placed in the optional mechListMIC field which is unsupported in both Win2K and Win2K3. You can see RFC 2478 for the proper packet construction. I've worked with metze on this to confirm all these finding. This patch properly parses then discards the mechListMIC field if it exists in the packet, so we don't produce a malformed packet error, causing LDAP signed joins to fail. Also attached is a sniff of the domain join, exposing Win2Ks bad behavior (packet 21). - (I've just changed the scope of the DATA_BLOB mechList) metze (This used to be commit 200b5bfb8180af09446762e915eac63d14c6c7b0)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; andVolker Lendecke1-1/+1
replace all data_blob(NULL, 0) calls. (This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
2007-10-10r22093: send also the correct OID_KERBEROS5 not only the brokenStefan Metzmacher1-1/+1
OID_KERBEROS_OLD one. metze (This used to be commit 294c69334fce1cbb74ae9eb5a06e17b397f994df)
2007-10-10r22092: - make spnego_parse_auth_response() more generic andStefan Metzmacher1-8/+15
not specific for NTLMSSP - it's possible that the server sends a mechOID and authdata if negResult != SPNEGO_NEG_RESULT_INCOMPLETE, but we still force the mechOID to be present if negResult == SPNEGO_NEG_RESULT_INCOMPLETE metze (This used to be commit e9f2aa22f90208a5e530ef3b68664151960a0a22)
2007-10-10r21240: Fix longstanding Bug #4009.Günther Deschner1-2/+4
For the winbind cached ADS LDAP connection handling (ads_cached_connection()) we were (incorrectly) assuming that the service ticket lifetime equaled the tgt lifetime. For setups where the service ticket just lives 10 minutes, we were leaving hundreds of LDAP connections in CLOSE_WAIT state, until we fail to service entirely with "Too many open files". Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP connection after the ads_do_search_retry() has failed to submit the search request (although the bind succeeded (returning an expired service ticket that we cannot delete from the memory cred cache - this will get fixed later)). Guenther (This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
2007-10-10r19041: Make us connect to Vista RC1. Apparently metze had done the same ↵Volker Lendecke1-7/+10
patch some weeks ago. We have some work before us, when in AD mode Vista sends "not_defined_in_RFC4178@please_ignore" as the principal..... Volker (This used to be commit af85d8ec02b36b765ceadf0a342c7eda2410034b)
2007-10-10r19037: Fix a segfaultVolker Lendecke1-1/+1
(This used to be commit 1c18ebe67500a59d4bf08c7e2e2c2af416bfa084)
2007-10-10r16306: Error handling in this asn1 code *sucks*. Fix a genericJeremy Allison1-3/+24
class of memory leak bugs on error found by Klocwork (#123). Many of these functions didn't free allocated memory on error exit. Jeremy. (This used to be commit 8ef11a7c6de74024b7d535d959db2d462662a86f)
2007-10-10r16156: Fix storing NULL in the wrong place. Klocwork id's 127 and 128.Volker Lendecke1-2/+2
Volker (This used to be commit 7674a4f8361d3f3b649245118b82d8a074a2760e)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-1/+1
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r12476: Apply some constVolker Lendecke1-1/+1
(This used to be commit a3f102f6c3ada10e74d72944e767b9b263fe83dd)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison1-1/+1
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-2/+3
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r7139: trying to reduce the number of diffs between trunk and 3.0; changing ↵Gerald Carter1-2/+1
version to 3.0.20pre1 (This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
2007-10-10r6149: Fixes bugs #2498 and 2484.Derrell Lipman1-1/+2
1. using smbc_getxattr() et al, one may now request all access control entities in the ACL without getting all other NT attributes. 2. added the ability to exclude specified attributes from the result set provided by smbc_getxattr() et al, when requesting all attributes, all NT attributes, or all DOS attributes. 3. eliminated all compiler warnings, including when --enable-developer compiler flags are in use. removed -Wcast-qual flag from list, as that is specifically to force warnings in the case of casting away qualifiers. Note: In the process of eliminating compiler warnings, a few nasties were discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED kerberos interfaces are being used. Someone who knows kerberos should look at these and determine if there is an alternate method of accomplishing the task. (This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)