Age | Commit message (Collapse) | Author | Files | Lines |
|
Fixes bug #10087
Thanks to Man Min Yan for their analysis and providing a solution to the issue.
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 27 14:29:46 CEST 2013 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Aug 10 11:11:54 CEST 2013 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
We should treat most gensec related structures private.
It's a long way, but this is a start.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
|
|
If an application like evolution-ews is using ntlm_auth it will alwys
get this message cause the is no winbind running and it is not needed.
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 26 20:13:45 CEST 2012 on sn-devel-104
|
|
|
|
This is in preperation for the parameter table being made common.
Andrew Bartlett
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
|
|
Several functions use the same logic as kerberos_pac_logon_info. Move
kerberos_pac_logon_info to common code and reuse it to remove the code
duplication.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
With NTLMSSP, for NTLM2 we need to be able to set the effective challenge,
so if we ever did use a module that needed this functionlity, we would
downgrade to just NTLM.
Now that security=server has been removed, we have no such module.
This will make it easier to make the auth subsystem async, as we will
not need to consider making .get_challenge async.
Andrew Bartlett
|
|
This helps clarify the role of this structure and wrapper function.
The purpose here is to provide helper functions to the lib/param
loadparm_context that point back at the s3 lp_ functions. This allows
a struct loadparm_context to be passed to any point in the code, and
always refer to the correct loadparm system. If this has not been
set, the variables loaded in the lib/param code will be returned.
As requested by Michael Adam.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 27 17:11:16 CEST 2012 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Tue Apr 24 15:04:14 CEST 2012 on sn-devel-104
|
|
|
|
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Thu Apr 19 10:32:27 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Otherwise, really simple clients (such as the current ntlm_auth gss-spnego client)
will not select krb5.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This imports the gensec handling code from the source4 ntlm_auth, which
will eventually be used for all the NTLMSSP and SPNEGO clients and servers
but which is only used for gss-spnego for now.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
We already confirm that we have this functionality before we set HAVE_KRB5 at
configure time.
Andrew Bartlett
|
|
The SPNEGO code changed since this was last tested.
Andrew Bartlett
|
|
While windows will accept this ticket without the wrapping, it is
nicer to follow the standard and wrap it up in GSSAPI.
This should allow the ntlm_auth gss-spnego-client to talk to
the ntlm_auth gss-spengo server.
Reported by Christof Schmitt <christof.schmitt@us.ibm.com>
Andrew Bartlett
|
|
This will allow the gss-spnego-client protocol to work with modern
SPNEGO servers that do not send the principal in the mechListMIC.
Andrew Bartlett
|
|
This uses the common gensec_ntlmssp server code for ntlm_auth, removing
the last non-gensec use of the NTLMSSP server.
Andrew Bartlett
|
|
This still requires that the server permit LM passwords, but our s3dc test
environment has this enabled.
Andrew Bartlett
|
|
This also allows the spnego_parse_krb5_wrap() function to be shared.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This brings in the code from both libcli/auth and
source4/auth/ntlmssp.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This is changed so that the callers ask for the additional flags
that they need, starting with no additional flags.
This helps to create a proper abstraction layer in
ntlmssp_wrap/auth_ntlmssp.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.
Andrew Bartlett
|
|
strncasecmp_m() never needs to call to talloc, and via next_codepoint()
still has an ASCII fast-path bypassing iconv() calls.
Andrew Bartlett
|
|
|
|
|
|
Guenther
|
|
Before we rejected the authentication if we don't support the
first spnego mech the client offered.
We now negotiate the first mech we support.
This fix works arround problems, when a client
sends the NEGOEX (1.3.6.1.4.1.311.2.2.30) oid,
which we don't support.
metze
|
|
metze
|
|
metze
|
|
This change improves the setup_logging() API so that callers which
wish to set up logging to stderr can simply ask for it, rather than
directly modify the dbf global variable.
Andrew Bartlett
|
|
|
|
|
|
This is to handle the mod_auth_ntlm_winbind protocol
sending "Negotiate" to IE, which sends raw NTLMSSP
instead of a SPNEGO wrapped NTLMSSP blob.
|
|
|
|
|
|
The previous API was not clear as to who owned the returned session key.
This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code,
and avoids making allocations - we steal and zero instead.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
|
|
|
|
|
|
|