summaryrefslogtreecommitdiff
path: root/source4/auth/gensec/gensec_gssapi.c
AgeCommit message (Collapse)AuthorFilesLines
2008-09-23gensec_gssapi: only give away the session key, when the authentication is doneStefan Metzmacher1-4/+5
metze
2008-08-28Heimdal provides Kerberos PAC parsing routines. Use them.Andrew Bartlett1-88/+41
This uses Heimdal's PAC parsing code in the: - LOCAL-PAC test - gensec_gssapi server - KDC (where is was already used, the support code refactored from here) In addition, the service and KDC checksums are recorded in the struct auth_serversupplied_info, allowing them to be extracted for validation across NETLOGON. Andrew Bartlett (This used to be commit 418b440a7b8cdb53035045f3981d47b078be6c1e)
2008-08-27Put the internal gensec_gssapi state into a header.Andrew Bartlett1-43/+1
This will allow a torture suite to inspect some otherwise internal details. Andrew Bartlett (This used to be commit 9701149ef75f9771f42000e2b6f44963abfee938)
2008-08-14gensec_gssapi: only cache the session key in STAGE_DONEStefan Metzmacher1-5/+9
The key may change because we switch from initiator to acceptor subkey. metze (This used to be commit 66244092a457b2cde6339cb31dcfa73b122ba9b5)
2008-08-12gensec_gssapi: add support for GENSEC_FEATURE_NEW_SPNEGOStefan Metzmacher1-0/+25
metze (This used to be commit 9246924effd4d0b08ca1ef87e45ad510020df93e)
2008-08-12gensec_gssapi: fix compiler warningsStefan Metzmacher1-2/+2
metze (This used to be commit f4f4bb7fe977301e468ab164ba750b69d9a92306)
2008-08-12gensec_gssapi: add a function to load the lucid structure onceStefan Metzmacher1-15/+44
metze (This used to be commit daa986d1d04e59550bb5d33b5075daa414d087ba)
2008-08-08gensec_gssapi: use the correct signature size for cfx/rfc4121 style signaturesStefan Metzmacher1-1/+1
metze (This used to be commit fcabe24f96c9677146ca754a502f336c23050339)
2008-08-08gensec_gssapi: use gsskrb5_get_subkey() to get the session keyStefan Metzmacher1-3/+3
This is needed to get the correct key, when aes keys are used. metze (This used to be commit 7587a7d8b65f27a5865d6873f63a450488da02c9)
2008-08-07gensec_gssapi: add support for GENSEC_FEATURE_SIGN_PKT_HEADERStefan Metzmacher1-4/+82
This only works for sign/verify_packet() yet, seal/unseal_packet() doesn't work yet... metze (This used to be commit c62e5d23a69789d23516a6d150fd3b756e270998)
2008-08-01gensec_gssapi: include <gssapi/gssapi.h>Stefan Metzmacher1-1/+1
metze (This used to be commit 49e01d00bded74190c8e3049ac5883fe211e86fd)
2008-07-26gensec_gssapi: add support for signing RPC messagesStefan Metzmacher1-35/+12
metze (This used to be commit dc2847c0acb0adaede4db72a7517046b93221162)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij1-2/+2
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2008-04-17Remove event context tracking from the credentials struct.Jelmer Vernooij1-3/+7
(This used to be commit 4d7fc946b2ec50e774689c9036423b6feef99b8e)
2008-04-02Install public header files again and include required prototypes.Jelmer Vernooij1-0/+2
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-02-21Avoid use of global_loadparm.Jelmer Vernooij1-1/+1
(This used to be commit c5a95bbe0ce55c29e135a9c6058bf192ec3bb546)
2008-02-20Make more module init functions public, since they are compiled with ↵Jelmer Vernooij1-1/+1
-fvisibility=hidden. Not doing this causes failures on Mac OS X. (This used to be commit da1a9438bd89569077ef1eaa9dc977b5f9d62836)
2007-12-21r26430: require explicit specification of loadparm context.Jelmer Vernooij1-2/+3
(This used to be commit 1b947fe0e6e16318e5a8127bb4932d6b5d20bcf6)
2007-12-21r26416: Janitorial: Fix warnings in auth/gensec/Kai Blin1-3/+3
As per metze's suggestion, the "unused variables" warning is left in to remind us to fix the #else part of the #if 1 (This used to be commit e9ef98b06466486d3b8a68a76a29728b9bffbe29)
2007-12-21r26264: pass name resolve order explicitly, use torture context for settings ↵Jelmer Vernooij1-1/+1
in dssync tests. (This used to be commit c7eae1c7842f9ff8b70cce9e5d6f3ebbbe78e83b)
2007-12-21r26260: Store loadparm context in gensec context.Jelmer Vernooij1-21/+20
(This used to be commit b9e3a4862e267be39d603fed8207a237c3d72081)
2007-12-21r26258: Use loadparm context in client_start function of gensec.Jelmer Vernooij1-5/+5
(This used to be commit bad1891cae2c688b17a6a2b932e754f51291035c)
2007-12-21r26252: Specify loadparm_context explicitly when creating sessions.Jelmer Vernooij1-1/+1
(This used to be commit 7280c1e9415daabb2712db1372e23f9846272ede)
2007-12-21r26234: More global_loadparm fixes.Jelmer Vernooij1-13/+14
(This used to be commit 84892d030de6266fc0f3a699cade960dd5dc37bc)
2007-12-21r26233: Pass loadparm context when creating krb5 contexts.Jelmer Vernooij1-0/+1
(This used to be commit 7780bf285fdfc30f89409d0436bad0d4b6de5cd4)
2007-12-21r26231: Spell check: credentails -> credentials.Jelmer Vernooij1-1/+1
(This used to be commit 4b46888bd0195ab12190f76868719fc018baafd6)
2007-10-10r25552: Convert to standard bool type.Jelmer Vernooij1-16/+16
(This used to be commit b8d6b82f1248d36a0aa91a1c58d06b4f7c66d245)
2007-10-10r25430: Add the loadparm context to all parametric options.Jelmer Vernooij1-7/+7
(This used to be commit fd697d77c9fe67a00939a1f04b35c451316fff58)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij1-5/+5
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25035: Fix some more warnings, use service pointer rather than service ↵Jelmer Vernooij1-7/+7
number in more places. (This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r25001: Fix more C++ and other warnings, fix some of the indentation with ↵Jelmer Vernooij1-1/+3
ts=4 lines that I accidently added earlier. (This used to be commit 0bcb21ed740fcec0f48ad36bbc2deee2948e8fc7)
2007-10-10r24282: Try to fix the occasional Samba4 crash in BASE-BENCH-READWRITE, asAndrew Bartlett1-1/+4
seen in particular on opi. This looked like a Heimdal problem, but I think it was simply that we didn't do a talloc_reference() to keep tabs on the memory we were using, and in between obtaining the pointer and using it, it was assigned to unrelated memory. Andrew Bartlett (This used to be commit a650ad8b37d58ba64458a33313714d1abfc4850b)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23455: These buffers may not be null terminated. Ensure we don't run past theAndrew Bartlett1-1/+12
end of teh buffer printing the error strings. Andrew Bartlett (This used to be commit 37e7070ca92e2f48fa02f7fd6736e5b26520f559)
2007-10-10r23136: Set the event context onto the credentials in more places.Andrew Bartlett1-0/+1
This helps ensure that the kerberos code uses the right event context. Andrew Bartlett (This used to be commit cbdce358ae8f86c9b76a50537b931e56b07ee213)
2007-10-10r22969: fix some more places where we could end up with more than one eventAndrew Tridgell1-0/+2
context. We now have an event context on the torture_context, and we can also get one from the cli_credentials structure (This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
2007-10-10r22966: Make sure to return LOGON_FAILURE if the user's kerberos password isAndrew Bartlett1-0/+2
incorrect. Andrew Bartlett (This used to be commit 9dc6f36e43170bc5bf4f94d893b5a3689460d237)
2007-10-10r22635: make it possible to not turn off dns canonicalization of hostnamesStefan Metzmacher1-1/+1
with krb5:set_dns_canonicalize=yes needed for the drsuapi replication, but we should fix this with a kdc locator plugin ... metze (This used to be commit f0a12355bcfab47663e62f3d8ae820815210cdc5)
2007-10-10r22294: Lock the delegated credentials to being kerberos only, we just don'tAndrew Bartlett1-0/+6
have the data for anything else. Andrew Bartlett (This used to be commit 9e0c0cd0ff678388436430bb1ba4eb7595cbefbd)
2007-10-10r22208: Print the target principal name, to help with kdc unreachable errors.Andrew Bartlett1-7/+4
Andrew Bartlett (This used to be commit bbde5b6a2f85f22110d6840857eaceb6b923c1b4)
2007-10-10r22199: fix typoStefan Metzmacher1-2/+2
metze (This used to be commit 4e8f844be939a6e11a3bece4e7e66534fce00cc0)
2007-10-10r20108: match w2k3 and send 1.2.840.48018.1.2.2 before 1.2.840.113554.1.2.2Stefan Metzmacher1-1/+1
to work better against w2k, so we don't get redirected from 1.2.840.113554.1.2.2 to 1.2.840.48018.1.2.2 by a w2k server, causing 2 additional auth roundtrips. metze (This used to be commit fa5c942ee99d3b5779598aa75f71d0317ba3f622)
2007-10-10r19660: Forgot to tell gsskrb5 not to canonicalize hostnames. Shoudl fixAndrew Bartlett1-0/+8
valrind issues on fort, because we won't hit NSS any more. Andrew Bartlett (This used to be commit 6f67fa01ab4f946c9a9aae0d4e8d028153873e04)
2007-10-10r19650: Allow Samba to use Heimdal's SPNEGO code. Currently this can onlyAndrew Bartlett1-9/+49
negotiate krb5, but if this works, I'll add NTLM as a GSSAPI backend by some means or other. Andrew Bartlett (This used to be commit 476452e143f61a3878a3646864729daaddccdf68)
2007-10-10r19644: Merge up to current lorikeet-heimdal, incling addingAndrew Bartlett1-0/+18
gsskrb5_set_default_realm(), which should fix mimir's issues. Andrew Bartlett (This used to be commit 8117e76d2adee163925a29df872015ff5021a1d3)
2007-10-10r19635: It appears that under CFX, different keys are used in each directionAndrew Bartlett1-3/+3
(or something like that). In any case, we need to stick with the initiator subkey for now, until we figure out what Vista uses for the CIFS session key. Andrew Bartlett (This used to be commit b91a921e1393581ca0102ad1f49a1075acb91b4e)
2007-10-10r19633: Merge to lorikeet-heimdal, removing krb5_rd_req_return_keyblock in ↵Andrew Bartlett1-3/+3
favour of a more tasteful replacement. Remove kerberos_verify.c, as we don't need that code any more. Replace with code for using the new krb5_rd_req_ctx() borrowed from Heimdal's accecpt_sec_context.c Andrew Bartlett (This used to be commit 13c9df1d4f0517468c80040d3756310d4dcbdd50)
2007-10-10r19629: No need to special case use of DCE_STYLE sign and seal away any more...Andrew Bartlett1-9/+0
Andrew Bartlett (This used to be commit 247b9f1ca907cf921087e6840400ddf68289b8f2)
2007-10-10r19628: This hint via Love at the IETF meeting:Andrew Bartlett1-0/+3
Larry told me that most context flags needed to be set to, otherwise it wouldn't work. This fixes DCE_STYLE against Win2k3 SP1. It seems they just tightened up their end of the GSSAPI code, as DCE_STYLE is explicity rejected in the session setup too (being the wrong layer). Andrew Bartlett (This used to be commit b2b77f34a4d0cebb828cac7bf9a73826fecab5b6)