| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This ensures that we use the same SPNEGO code on session setup and on
DCE/RPC binds, and simplfies the calling code as spnego is no longer
a special case in cli_pipe.c
A special case wrapper function remains to avoid changing the
application layer callers in this patch.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
This prepares us for handling SPNEGO via gensec
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
type macro.
|
|
cli_pipe_open_generic/spnego()
This allows the target service (as determined from the IDL) to be
passed to GSSAPI (rather than the current, incorrect, "cifs").
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This also avoids passing NULL as the server to
gensec_set_target_hostname() in spnego_generic_init_client().
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
SPNEGO is implemented only in terms of gensec mechanisms now.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This simplifies a lot of code, as we know we are always dealing
with a struct gensec_security, and allows the gensec module being
used to implement GSSAPI to be swapped for AD-server operation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This simplifies a lot of code, as we know we are always dealing with a
struct gensec_security, and allows the gensec module being used to
implement GSSAPI to be swapped when required for AD-server operation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This will allow cli_rpc_pipe_open_generic_auth() to handle kerberos mechanisms.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This also includes renaming the helper function
rpccli_ntlmssp_bind_data, and allows this function to operate on any
gensec-supplied auth type.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
As well as renaming, this allows us to start the mech by DCE/RPC auth
type or OID.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This structure handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This uses the very helpful conversion functions written for the s3 lsa server
and places these in common.
Andrew Bartlett
|
|
metze
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Oct 27 16:40:15 CEST 2011 on sn-devel-104
|
|
Change some misleading variable names to reflect the actual function.
Add missing field name/types previously marked as unkown.
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
|
|
We now just call the gensec_session_key() directly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
We now just call the gensec_want_feature() directly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
We now just call gensec_update directly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This will allow it to be a wrapper around a gensec module, which
requires that they options be set on a context, but before the
mechanism is started.
This also simplfies the callers, by moving the lp_*() calls
into one place.
Andrew Bartlett
|
|
This can be an ordinary talloc child without causing any problem.
This seems to have been inherited from a time when ntlmssp_client_start()
returned malloc() based memory.
Andrew Bartlett
|
|
This brings in the code from both libcli/auth and
source4/auth/ntlmssp.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
|
|
We should return the same in all places
and don't mix NT_STATUS_INVALID_CONNECTION and NT_STATUS_CONNECTION_INVALID.
metze
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Sep 13 12:39:10 CEST 2011 on sn-devel-104
|
|
|
|
struct lsa_TrustDomainInfoAuthInfo and struct
trustAuthInOutBlob can store the same information for different usage. The added
routines can convert one struct into the other.
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Sep 12 15:52:17 CEST 2011 on sn-devel-104
|
|
Currently the caller doesn't cope with multiple async requests anyway,
so this is just protection for the future.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Aug 5 22:31:12 CEST 2011 on sn-devel-104
|
|
There is no need to mask out these flags as they simply are not set
yet.
The correct abstraction is to ask for NTLMSSP features.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The session key we want here (the only one that is availble to the
encryption layer) is the one obtained by cli_get_session_key(), as
NTLMSSP creates a per-session session key via key exchange and NTLMv2
negotiation.
The key was never directly the NT hash anyway (this is simply a
mistake, the extra MD4() was lost during my previous cleanup
f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT
hash) in early implementations of NTLMSSP.
However, regardless this call is not available on domain trusts
between AD domains and Windows 2003 R2, making this less useful.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
We now just use auth_ntlmssp_want_feature to get extra flags
on the NTLMSSP context
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This clarifies the lifetime of the returned token.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
tstream_writev_queue_send()
This will be needed when tstream_writev_queue_send() changes it's behavior and
avoids using an immediate event when the queue is empty.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Aug 1 14:55:00 CEST 2011 on sn-devel-104
|
|
|
|
We reopen the hive and key so close them before reopen.
|
|
|
|
|
|
metze
|
|
metze
|
|
metze
|
|
This patch finally has the same structure being used to describe the
authorization data of a user across the whole codebase.
This will allow of our session handling to be accomplished with common code.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This seperation between the structure used inside the auth modules and
in the wider codebase allows for a gradual migration from struct
auth_serversupplied_info -> struct auth_session_info (from auth.idl)
The idea here is that we keep a clear seperation between the structure
before and after the local groups, local user lookup and the session
key modifications have been processed, as the lack of this seperation
has caused issues in the past.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Removed winreg_printer_delete_subkeys().
Removed winreg_printer_enumvalues().
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Jul 13 12:42:02 CEST 2011 on sn-devel-104
|
|
Functions now use dcerpc_winreg_delete_subkeys_recursive() instead of the more
specific printer function winreg_printer_delete_subkeys().
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
The functions that called winreg_printer_enumvalues() function now use
dcerpc_winreg_enumvals().
Signed-off-by: Andreas Schneider <asn@samba.org>
|
