Age | Commit message (Collapse) | Author | Files | Lines |
|
We already confirm that we have this functionality before we set HAVE_KRB5 at
configure time.
Andrew Bartlett
|
|
This just means there is one less pointer to ensure we initialise.
Andrew Bartlett
|
|
metze
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
|
|
The free is however a talloc_free(), which has additional protection against
freeing the wrong thing.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Mar 2 01:45:19 CET 2012 on sn-devel-104
|
|
|
|
|
|
We only need the session, and under some circumstances, it might complicate
things for the caller to have to cope with the whole structure (talloc...).
|
|
signing_key
The signing_key is fix across all channels and is used for session setups
on a channel binding.
Note:
- the last session setup response is signed with the new channel signing key.
- the reauth session setups are signed with the channel signing key.
It's also not needed to remember the main session key.
metze
|
|
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Sun Feb 26 11:10:15 CET 2012 on sn-devel-104
|
|
|
|
|
|
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Feb 18 06:22:40 CET 2012 on sn-devel-104
|
|
Now that there is only one gensec_ntlmssp server, some of these functions can be static
For the rest, put the implemtnation of the gensec_ntlmssp code into ntlmssp_private.h
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
The ntlmssp_server code will be in common shortly, and aside from a
symbol name or two, moving the client code causes no harm and makes
less mess. We will also get the client code in common very soon.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants
with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT.
Also replaced several hard-coded references to the well-known port
numbers (139 and 445, respectively) as appropriate.
Small changes to clarify some comments regarding the two transport
types.
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
|
|
Also remove the unused configure tests for krb5_c_enctype_compare.
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html
Andrew Bartlett
|
|
Also remove the unused configure tests for krb5_c_enctype_compare.
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html
Andrew Bartlett
|
|
Also remove now-unused configure checks for krb5_mk_error().
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html
Andrew Bartlett
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Feb 9 14:58:57 CET 2012 on sn-devel-104
|
|
|
|
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Feb 1 23:29:44 CET 2012 on sn-devel-104
|
|
This creates its own header file for util_cmdline so it doesn't need to
link against popt.
This should fix linking on FreeBSD.
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This is intead of the inline, manual spnego code currently
in use.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
With the posix extensions, we can read 16MB at a time, so we need to check
the full size of the packet, not the size rounded down to the old NBT
limit.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
This is rather than via a now one-element union.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This also fixes the support for smb sealing with krb5 in make test, as
this now relies on secrets.tdb rather than /etc/krb5.keytab.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
cli_pipe_open_generic/spnego()
This allows the target service (as determined from the IDL) to be
passed to GSSAPI (rather than the current, incorrect, "cifs").
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This also includes renaming the helper function
rpccli_ntlmssp_bind_data, and allows this function to operate on any
gensec-supplied auth type.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
This also assumes the modern API with a krb5_context argument.
Andrew Bartlett
|
|
|
|
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jan 9 23:07:32 CET 2012 on sn-devel-104
|
|
This is important, as we want to use exactly the same name and ticket
that the libsmb session setup code used, so we do not hit the KDC twice.
For the session setup to have succeded using the default 'client use
spnego principal = no', the cifs/ principal must exist anyway, so
looking for host/ is pointless. The case of 'client use spnego
principal = yes' was never supported here.
Andrew Bartlett
|
|
This mirrors 860ad734ba77238d187520f72afcbdc1c73d94ef which in turn
mirrors the behaviour of the libsmb client code at session setup time.
Andrew Bartlett
|
|
When E_deshash() returns false, it indicates that the password is either > 14 chars
in length, or could not be represented as an LM hash value for some other
reason. In this case, we should not regard the LM hash being missing
as an error or a no-password situation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jan 6 14:59:13 CET 2012 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
As well as renaming, this allows us to start the mech by DCE/RPC auth
type or OID.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This prepares us for making the code generic to multiple mechansims
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
kerberos_get_principal_from_service_hostname()
This is now used in the GSE GSSAPI client, so that when we connect to
a target server at the CIFS level, we use the same name to connect
at the DCE/RPC level.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This structure handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Dec 20 13:13:17 CET 2011 on sn-devel-104
|