Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2012-04-03 | s3-ntlm_auth: use manage_gensec_request for squid-2.5-ntlmssp | Andrew Bartlett | 1 | -178/+9 | |
Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2012-04-03 | s3-auth: Order GENSEC mechs by priority, krb5 before NTLMSSP | Andrew Bartlett | 1 | -2/+3 | |
Otherwise, really simple clients (such as the current ntlm_auth gss-spnego client) will not select krb5. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2012-04-03 | s3-ntlm_auth: add ntlm_auth_generate_session_info_pac() | Andrew Bartlett | 1 | -0/+144 | |
Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2012-04-03 | s3-ntlm_auth Use GENSEC for gss-spnego server | Andrew Bartlett | 1 | -404/+390 | |
This imports the gensec handling code from the source4 ntlm_auth, which will eventually be used for all the NTLMSSP and SPNEGO clients and servers but which is only used for gss-spnego for now. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2012-03-15 | s3-krb5: Remove GSS_WRAP_IOV conditional | Andrew Bartlett | 1 | -1/+1 | |
We already confirm that we have this functionality before we set HAVE_KRB5 at configure time. Andrew Bartlett | |||||
2012-03-01 | s3-ntlm_auth fix up gss-spnego-client so as to work with gss-spnego | Andrew Bartlett | 1 | -16/+5 | |
The SPNEGO code changed since this was last tested. Andrew Bartlett | |||||
2012-03-01 | s3-ntlm_auth: Wrap kerberos token in GSSAPI | Andrew Bartlett | 1 | -2/+6 | |
While windows will accept this ticket without the wrapping, it is nicer to follow the standard and wrap it up in GSSAPI. This should allow the ntlm_auth gss-spnego-client to talk to the ntlm_auth gss-spengo server. Reported by Christof Schmitt <christof.schmitt@us.ibm.com> Andrew Bartlett | |||||
2012-03-01 | s3-ntlm_auth: Add --target-service and --target-hostname options | Andrew Bartlett | 1 | -9/+40 | |
This will allow the gss-spnego-client protocol to work with modern SPNEGO servers that do not send the principal in the mechListMIC. Andrew Bartlett | |||||
2012-02-24 | s3-ntlm_auth: Convert ntlm_auth to use gensec_ntlmssp server-side | Andrew Bartlett | 1 | -99/+327 | |
This uses the common gensec_ntlmssp server code for ntlm_auth, removing the last non-gensec use of the NTLMSSP server. Andrew Bartlett | |||||
2012-02-20 | s3-ntlm_auth: allow ntlm_auth --diagnostics to pass again | Andrew Bartlett | 1 | -3/+6 | |
This still requires that the server permit LM passwords, but our s3dc test environment has this enabled. Andrew Bartlett | |||||
2012-01-18 | s3-build: Rework object lists to allow gse gensec module | Andrew Bartlett | 1 | -39/+0 | |
This also allows the spnego_parse_krb5_wrap() function to be shared. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2011-10-18 | ntlmssp: Move ntlmssp code to auth/ntlmssp | Andrew Bartlett | 1 | -1/+1 | |
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2011-08-03 | s3-ntlmssp Remove calls to auth_ntlmssp_and_flags from the server | Andrew Bartlett | 1 | -0/+4 | |
This is changed so that the callers ask for the additional flags that they need, starting with no additional flags. This helps to create a proper abstraction layer in ntlmssp_wrap/auth_ntlmssp. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2011-07-28 | s3:ntlm_auth: use lp_load_global() | Michael Adam | 1 | -1/+1 | |
2011-06-09 | s3-param Remove special case for global_myname(), rename to lp_netbios_name() | Andrew Bartlett | 1 | -5/+5 | |
There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett | |||||
2011-05-18 | s3-lib Replace StrnCaseCmp() with strncasecmp_m() | Andrew Bartlett | 1 | -1/+1 | |
strncasecmp_m() never needs to call to talloc, and via next_codepoint() still has an ASCII fast-path bypassing iconv() calls. Andrew Bartlett | |||||
2011-05-06 | More const fixes. Remove CONST_DISCARD. | Jeremy Allison | 1 | -3/+3 | |
2011-04-01 | s3: Fix Coverity ID 1136: CONSTANT_EXPRESSION_RESULT | Volker Lendecke | 1 | -1/+1 | |
2011-03-16 | s3-build: only include asn1 headers where actually needed. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-12-07 | s3:ntlm_auth: support clients which offer a spnego mechs we don't support | Stefan Metzmacher | 1 | -110/+169 | |
Before we rejected the authentication if we don't support the first spnego mech the client offered. We now negotiate the first mech we support. This fix works arround problems, when a client sends the NEGOEX (1.3.6.1.4.1.311.2.2.30) oid, which we don't support. metze | |||||
2010-12-07 | s3:ntlm_auth: free session key, as we don't use it (at least for now) | Stefan Metzmacher | 1 | -1/+2 | |
metze | |||||
2010-12-07 | s3:ntlm_auth: fix memory leak in the raw ntlmssp code path | Stefan Metzmacher | 1 | -0/+2 | |
metze | |||||
2010-11-02 | s3-debug Impove setup_logging() to specify logging to stderr | Andrew Bartlett | 1 | -1/+1 | |
This change improves the setup_logging() API so that callers which wish to set up logging to stderr can simply ask for it, rather than directly modify the dbf global variable. Andrew Bartlett | |||||
2010-09-16 | s3: Add the PAC info3 struct to the netsamlogon_cache in ntlm_auth | Volker Lendecke | 1 | -0/+4 | |
2010-09-16 | s3: Correctly unwrap the krb ticket in gss-spnego | Volker Lendecke | 1 | -1/+52 | |
2010-09-16 | s3: Fall back to raw NTLMSSP for the gss-spnego protocol | Volker Lendecke | 1 | -0/+25 | |
This is to handle the mod_auth_ntlm_winbind protocol sending "Negotiate" to IE, which sends raw NTLMSSP instead of a SPNEGO wrapped NTLMSSP blob. | |||||
2010-09-16 | s3: Split off output generation from manage_squid_ntlmssp_request | Volker Lendecke | 1 | -17/+41 | |
2010-09-16 | s3: Wrap the ntlm_auth loop with a talloc_stackframe | Volker Lendecke | 1 | -0/+2 | |
2010-09-16 | libcli/auth/ntlmssp Be clear about talloc parents for session keys | Andrew Bartlett | 1 | -5/+7 | |
The previous API was not clear as to who owned the returned session key. This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code, and avoids making allocations - we steal and zero instead. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-15 | s3: Fix some debug msgs in ntlm_auth | Volker Lendecke | 1 | -8/+8 | |
2010-09-13 | s3: Remove some unnecessary if-statements | Volker Lendecke | 1 | -10/+5 | |
2010-09-13 | ntlm_auth: Fix a valgrind error | Volker Lendecke | 1 | -1/+1 | |
2010-09-13 | s3: Fix a typo | Volker Lendecke | 1 | -1/+1 | |
2010-09-13 | s3: Fix a typo (authentictaion->authentication) | Volker Lendecke | 1 | -1/+3 | |
2010-08-26 | s3-build: only include nsswitch header where needed. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-08-05 | s3-popt: Only include popt-common.h when needed. | Andreas Schneider | 1 | -0/+1 | |
2010-08-05 | s3: avoid global include of ads.h. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-07-20 | s3-libsmb: Use data_blob_talloc to get krb5 ticket and session keys | Simo Sorce | 1 | -4/+6 | |
2010-07-19 | s3-ntlmssp: Remove ntlmssp_end and let the talloc hierarchy handle it. | Simo Sorce | 1 | -17/+17 | |
All the members are children of ntlmssp_state anyway. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-05-31 | ntlmssp: Make the ntlmssp.h from source3/ a common header | Andrew Bartlett | 1 | -1/+1 | |
The code is not yet in common, but I hope to fix that soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-18 | s3-crypto: only include crypto headers when crypto is done. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-05-11 | s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATA | Andrew Bartlett | 1 | -2/+2 | |
All the callers just want the PAC_LOGON_INFO, so search for that in ads_verify_ticket(), and don't bother the callers with the rest of the PAC. This change makes sense on it's own (removing boilerplate wrappers that just confuse the code), but it also makes it much easier to implement a matching ads_verify_ticket() function in Samba4 for the s3compat proposal. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-26 | s3 ntlm_auth: Don't malloc data that will be talloc_free()d | Kai Blin | 1 | -12/+12 | |
This fixes bug #7290 Thanks to Mohan <mohann@silver-peak.com> for the bug report. | |||||
2010-03-24 | s3:ntlmssp: use client.netbios_name instead of workstation | Stefan Metzmacher | 1 | -3/+4 | |
metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-24 | s3:ntlmssp: rename void *auth_context; into void *callback_private; | Stefan Metzmacher | 1 | -6/+6 | |
metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-24 | s3:ntlmssp: remove unused get_global_myname() and get_domain() from ↵ | Stefan Metzmacher | 1 | -4/+0 | |
ntlmssp_state Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-24 | s3:ntlmssp: pass names and use_ntlmv2 to ntlmssp_client_start() and store them | Stefan Metzmacher | 1 | -1/+5 | |
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-24 | s3:ntlmssp: pass names to ntlmssp_server_start() and store them in ntlmssp_state | Stefan Metzmacher | 1 | -1/+27 | |
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-01-10 | s3: Fix some nonempty blank lines | Volker Lendecke | 1 | -36/+36 | |
2009-12-22 | s3:ntlmssp: only include ntlmssp.h where actually needed | Andrew Bartlett | 1 | -0/+1 | |
Andrew Bartlett |