Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2011-02-10 | s3-auth Rename cryptic 'ptok' to security_token | Andrew Bartlett | 1 | -2/+2 | |
This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-11-10 | Remove fstring from map_username. Create a more sane interface than the ↵ | Jeremy Allison | 1 | -1/+8 | |
called-parameter-is-modified. Jeremy. | |||||
2010-09-26 | s3: Avoid an explicit ZERO_STRUCT | Volker Lendecke | 1 | -3/+1 | |
2010-09-26 | s3: Lift talloc_autofree_context() from make_auth_context_fixed() | Volker Lendecke | 1 | -2/+2 | |
2010-09-26 | s3: Lift talloc_autofree_context() from make_auth_context_subsystem() | Volker Lendecke | 1 | -1/+1 | |
2010-09-23 | Fix bug 7694 - Crash bug with invalid SPNEGO token. | Jeremy Allison | 1 | -1/+2 | |
Found by the CodeNomicon test suites at the SNIA plugfest. http://www.codenomicon.com/ If an invalid SPNEGO packet contains no OIDs we crash in the SMB1/SMB2 server as we indirect the first returned value OIDs[0], which is returned as NULL. Jeremy. | |||||
2010-09-16 | libcli/auth/ntlmssp Be clear about talloc parents for session keys | Andrew Bartlett | 1 | -0/+1 | |
The previous API was not clear as to who owned the returned session key. This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code, and avoids making allocations - we steal and zero instead. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-08-30 | s3-smbd: use make_server_info_krb5() | Simo Sorce | 1 | -79/+11 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-08-30 | s3-smbd: Use helper function to resolve kerberos user | Simo Sorce | 1 | -123/+27 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-08-22 | s3: Pass the rhost through smb_pam_accountcheck | Volker Lendecke | 1 | -1/+1 | |
2010-08-18 | s3: Lift smbd_server_fd from reload_services() | Volker Lendecke | 1 | -5/+5 | |
2010-08-16 | s3: Remove smbd_server_fd() from setup_new_vc_session | Volker Lendecke | 1 | -6/+12 | |
2010-08-16 | s3: Remove get_client_fd() | Volker Lendecke | 1 | -1/+1 | |
2010-08-15 | s3: Increase debug level for shutdown_other_smbds | Volker Lendecke | 1 | -3/+3 | |
2010-08-15 | s3: Add debugs to shutdown_other_smbds | Volker Lendecke | 1 | -0/+6 | |
2010-08-08 | s3: Lift the smbd_messaging_context from reload_services | Volker Lendecke | 1 | -5/+5 | |
2010-08-06 | s3-krb5: include krb5pac.h where needed. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-08-05 | s3: avoid global include of ads.h. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-07-20 | Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL ↵ | Jeremy Allison | 1 | -6/+7 | |
contexts. Jeremy. | |||||
2010-07-20 | Add TALLOC_CTX argument to spnego_parse_negTokenInit, reduce | Jeremy Allison | 1 | -9/+12 | |
use of malloc, and data_blob(). Jeremy. | |||||
2010-07-20 | s3-auth: Move auth_ntlmssp wrappers in their own file | Simo Sorce | 1 | -0/+1 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-07-20 | s3-auth: Refactor and rename auth_ntlmssp_server_info() | Simo Sorce | 1 | -1/+2 | |
Rename it to auth_ntlmssp_steal_server_info() to make it clear that the server_info struct is stolen from the auth_ntlmssp_state structure. Use talloc_move instead of manual steal&clear Add comments to explain what is going on. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-07-19 | Remove parse_negTokenTarg(), as it's actually incorrect. We're processing | Jeremy Allison | 1 | -1/+1 | |
negTokenInit's here. Use common code in spnego_parse_negTokenInit(). Jeremy. | |||||
2010-07-19 | s3-auth: Use talloc hierarchies to properly free auth_ntlmssp_state contexts | Simo Sorce | 1 | -2/+2 | |
Turn auth_ntlmssp_end into a destructor and attach it to auth_ntlmssp_state. Remote auth_ntlmssp_end and use TALLOC_FREE in the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-07-19 | s3-auth: Simplify how we free the auth_context | Simo Sorce | 1 | -4/+3 | |
Turn the freeing function into a destructor and attach it to the auth_context. Make all callers TALLOC_FREE() the auth_context instead of calling the free function. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-07-16 | Make the "map to guest" parameter work correctly with NTLMSSP (spnego | Jeremy Allison | 1 | -3/+6 | |
and raw) under SMB2. Still need to investigate fixing this with krb5 auth (does this make sense ?). Jeremy. | |||||
2010-07-14 | s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS | Andrew Bartlett | 1 | -1/+1 | |
This fixes a bug where register_existing_vuid() could be called with a NULL server_info if the alloction failed. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-07-14 | s3:smbd Give the kerberos session key a parent | Andrew Bartlett | 1 | -0/+2 | |
Nothing will free this, so this prevents a memory leak. Andrew Bartlett Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-07-14 | s3:smbd Fix segfault if register_existing_vuid() fails | Andrew Bartlett | 1 | -4/+12 | |
The register_existing_vuid() call will handle both the ntlmssp_end and vuid invalidation internally, so we don't want to do it again. Andrew Bartlett Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-07-05 | s3: Remove smbd_messaging_context() from shutdown_other_smbds() | Volker Lendecke | 1 | -12/+19 | |
2010-06-12 | s3: Remove smbd_server_conn from reply_sesssetup_and_X | Volker Lendecke | 1 | -1/+1 | |
2010-06-12 | s3: Fix a typo | Volker Lendecke | 1 | -1/+1 | |
2010-06-12 | s3: Remove smbd_server_conn from reply_sesssetup_and_X_spnego | Volker Lendecke | 1 | -1/+1 | |
2010-06-12 | s3: Remove smbd_server_conn from reply_spnego_auth | Volker Lendecke | 1 | -1/+1 | |
2010-06-12 | s3: Remove smbd_server_conn from reply_spnego_negotiate | Volker Lendecke | 1 | -1/+1 | |
2010-06-12 | s3: Remove smbd_server_conn from reply_spnego_ntlmssp | Volker Lendecke | 1 | -1/+1 | |
2010-06-12 | s3: Remove smbd_server_conn from reply_spnego_kerberos | Volker Lendecke | 1 | -1/+1 | |
2010-06-08 | Revert "s3:smbd Fix segfault if register_existing_vuid() fails" | Volker Lendecke | 1 | -12/+4 | |
This reverts commit 8f1cec5faf4e26de8b9797777059e99f2a66558b. | |||||
2010-06-08 | Revert "s3:smbd Give the kerberos session key a parent" | Volker Lendecke | 1 | -2/+0 | |
This reverts commit 4a7f45b7e1cef13bc28d7ee50dd4b5519bdec397. | |||||
2010-06-08 | Revert "s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS" | Volker Lendecke | 1 | -1/+1 | |
This reverts commit edba46ce94c335411ab337eeb4ef6f88fb3aae80. Conflicts: source3/auth/auth_ntlmssp.c | |||||
2010-06-07 | s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS | Andrew Bartlett | 1 | -1/+1 | |
It's nicer to have an NTSTATUS return, and in s3compat there may be a reason other than 'no memory' why this can fail. Andrew Bartlett | |||||
2010-06-07 | s3:smbd Give the kerberos session key a parent | Andrew Bartlett | 1 | -0/+2 | |
I can't see what would free this, so this should prevent a memory leak. Andrew Bartlett | |||||
2010-06-07 | s3:smbd Fix segfault if register_existing_vuid() fails | Andrew Bartlett | 1 | -4/+12 | |
The register_existing_vuid() call will handle both the ntlmssp_end and vuid invalidation internally, so we don't want to do it again. Andrew Bartlett | |||||
2010-05-31 | s3:smbd map_username() doesn't need sconn anymore | Simo Sorce | 1 | -2/+2 | |
Signed-off-by: Andreas Schneider <asn@samba.org> | |||||
2010-05-31 | ntlmssp: Make the ntlmssp.h from source3/ a common header | Andrew Bartlett | 1 | -1/+1 | |
The code is not yet in common, but I hope to fix that soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-31 | s3:auth Remove AUTH_NTLMSSP_STATE typedef. | Andrew Bartlett | 1 | -3/+3 | |
typedefs are no longer preferred Samba style. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-31 | s3:auth Make AUTH_NTLMSSP_STATE a private structure. | Andrew Bartlett | 1 | -16/+11 | |
This makes it a little easier for it to writen in terms of GENSEC in future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-28 | s3:auth Free sampass as soon as we have server_info | Simo Sorce | 1 | -0/+1 | |
We don't keep sampass in server_info anymore So it makes no sense to keep it around. Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-28 | s3:auth use info3 in auth_serversupplied_info | Simo Sorce | 1 | -3/+3 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-11 | s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATA | Andrew Bartlett | 1 | -7/+3 | |
All the callers just want the PAC_LOGON_INFO, so search for that in ads_verify_ticket(), and don't bother the callers with the rest of the PAC. This change makes sense on it's own (removing boilerplate wrappers that just confuse the code), but it also makes it much easier to implement a matching ads_verify_ticket() function in Samba4 for the s3compat proposal. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> |