summaryrefslogtreecommitdiff
path: root/source4/auth/gensec/schannel.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r13402: Make Samba4 pass a nastier RPC-SCHANNEL test.Andrew Bartlett1-2/+2
The new RPC-SCHANNEL test shows that the full credentials state must be kept in some shared memory, for some length of time. In particular, clients will reconnect with SCHANNEL (after loosing all connections) and expect that the credentials chain will remain in the same place. To achive this, we do the server-side crypto in a transaction, including the fetch/store of the shared state. Andrew Bartlett (This used to be commit 982a6aa871c9fce17410a9712cd9fa726025ff90)
2007-10-10r10796: Make getting an anonymous session info a utility function.Andrew Bartlett1-21/+1
Andrew Bartlett (This used to be commit 6021fa373405f8788dc216aae82a3f4a80df4ba7)
2007-10-10r10764: To match Win2k3 SP1, we need to set an anonymous user token forAndrew Bartlett1-10/+21
schannel connections. Test for Win2k3 SP1 behaviour in RPC-SCHANNEL. Andrew Bartlett (This used to be commit 1c3911374ec65e4770c2fe9109d7b7d3ecd99f6a)
2007-10-10r10153: This patch adds a new parameter to gensec_sig_size(), the size of theAndrew Bartlett1-1/+1
data to be signed/sealed. We can use this to split the data from the signature portion of the resultant wrapped packet. This required merging the gsskrb5_wrap_size patch from lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no longer use a static 45 byte value). This fixes one of the krb5 issues in my list. Andrew Bartlett (This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104)
2007-10-10r9416: Cleanups inspired by jra's work to migrate Samba4's NTLMSSP code backAndrew Bartlett1-0/+6
into Samba3. The NTLMSSP sign/seal code now assumes that GENSEC has already checked to see if SIGN or SEAL should be permitted. This simplfies the code ensures that no matter what the mech, the correct code paths have been set in place. Also remove duplication caused by the NTLMv2 code's history, and document why some of the things a bit funny. In SPNEGO, create a new routine to handle the negTokenInit creation. We no longer send an OID for a mech we can't start (like kerberos on the server without a valid trust account). Andrew Bartlett (This used to be commit fe45ef608f961a6950d4d19b4cb5e7c27b38ba5f)
2007-10-10r6620: the type 23 schannel bind uses a workstation name, not an account nameAndrew Tridgell1-3/+6
(This used to be commit 250f1f69dd719a7981ec4c1698942b31826888d2)
2007-10-10r6113: Move GENSEC and the kerberos code out of libcli/auth, and intoAndrew Bartlett1-0/+268
auth/gensec and auth/kerberos. This also pulls the kerberos configure code out of libads (which is otherwise dead), and into auth/kerberos/kerberos.m4 Andrew Bartlett (This used to be commit e074d63f3dcf4f84239a10879112ebaf1cfa6c4f)
generated by cgit (git 2.34.1) at 2024-07-13 00:32:14 +0000