summaryrefslogtreecommitdiff
path: root/source4/auth/gensec
AgeCommit message (Collapse)AuthorFilesLines
2009-08-27s4-schannel: add ldb suffix to schannel functions.Günther Deschner1-2/+2
Guenther
2009-07-28s4:gensec/spnego: only generate the mechListMic when the server expects itStefan Metzmacher1-1/+2
This fixes the ntvfs.cifs tests. metze
2009-07-24s4:gensec_gssapi: pass the correct oid to the gssapi layer.Stefan Metzmacher1-4/+11
metze
2009-07-24s4:gensec/spengo: make sure we send the blob with the micListMech signature ↵Stefan Metzmacher1-1/+1
to the peer We should even do this if the submech has no more data to send. metze
2009-07-16s4:gensec Rework gensec_krb5 mutual authentication defaultsAndrew Bartlett1-24/+28
When emulating Samba3 (which we do to ensure we don't break compatability), don't do mutual authentication by default, as it breaks the session key with AES and isn't what Samba3 does anyway. Andrew Bartlett
2009-07-16s4:gensec Allow mutual auth to be turned off in 'fake_gssapi_krb5'Andrew Bartlett1-5/+15
This allows the older 'like Samba3' GENSEC krb5 implementation to work against Windows 2008. I'm using this to track down interop issues in this area. Andrew Bartlett
2009-07-01gensec_start now steals the auth_contextAndrew Tridgell1-1/+3
2009-06-18s4:gensec Print GSSAPI error message when unable to find PACAndrew Bartlett1-1/+3
2009-06-12s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵Andrew Bartlett1-0/+3
904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
2009-06-02Fix dependencies when using shared libraries.Jelmer Vernooij1-1/+1
2009-04-19Remove unused headersAndrew Bartlett1-4/+2
2009-04-16Fix Samba4 build errors with common libcli/samsyncAndrew Bartlett1-0/+1
2009-04-14Rework to use new API for common netlogon credential chainingAndrew Bartlett1-1/+1
2009-04-14Rework Samba4 to use the new common libcli/auth codeAndrew Bartlett3-13/+26
In particular, this is the rename from creds_ to netlogon_creds_, as well as other links to use the new common crypto. Andrew Bartlett
2009-04-14Push schannel_state.c into the top level.Andrew Bartlett2-284/+1
This is the server side state for netlogon credential chaining Andrew Bartlett
2009-02-13Push sam_get_server_info_principal into the auth subsystemAndrew Bartlett3-7/+24
This means it must be accessed via the supplied auth_context in the GENSEC server, and should remove the hard depenceny of GENSEC on the auth subsystem and ldb (allowing LDB not to rely on LDB is considered a good thing, apparently) Andrew Bartlett
2009-02-13Remove auth/ntlm as a dependency of GENSEC by means of function pointers.Andrew Bartlett3-17/+16
When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett
2009-02-02s4:auth/gensec: s/private/private_dataStefan Metzmacher1-10/+10
metze
2009-02-01Make schannel not depend on samdb anymore.Simo Sorce2-6/+61
2009-01-21s4:auth: move make_server_info_netlogon_validation() function arroundStefan Metzmacher1-1/+1
metze
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher4-17/+17
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-24Rename samba-socket -> samba_socket to fix a couple more compilerJelmer Vernooij1-1/+1
warnings.
2008-12-23Add missing includes, required for use of gensec by 3rd-partyMatthias Dieter Wallnöfer1-0/+3
applications.
2008-12-17s4: fix LIBEVENTS dependencies and use more forward declarationsStefan Metzmacher1-0/+1
We should only include events.h where we really need it and prefer forward declarations of 'struct event_context' metze
2008-11-02Fix the build.Jelmer Vernooij3-19/+43
2008-11-02Remove use of global_loadparm for disabled gensec backends.Jelmer Vernooij3-4/+25
2008-11-02Fix the build.Jelmer Vernooij1-2/+2
2008-11-02Add gensec_settings structure. This wraps loadparm_context for now, butJelmer Vernooij5-47/+65
should in the future only contain some settings required for gensec.
2008-10-20Make sure prototypes are always included, make some functions static andJelmer Vernooij3-2/+3
remove some unused functions.
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij2-2/+2
2008-10-11Provide the same set of helper functions for DEBUG in Samba 3 and SambaJelmer Vernooij1-11/+11
4, even though the macros are still different. This makes it possible to use object code compiled with one DEBUG() macro from the other sourceX directory.
2008-10-06s4:gensec: pass down want_features to the spnego backend mechStefan Metzmacher3-1/+24
metze
2008-09-29make the schannel creentials persistentAndrew Tridgell1-1/+1
this makes testing with the WSPP test suite much easier over samba restarts
2008-09-24Cosmetic corrections for the KERBEROS libraryMatthias Dieter Wallnöfer1-1/+1
This commit applies some cosmetic corrections for the KERBEROS library.
2008-09-24Merge branch 'master' of ssh://git.samba.org/data/git/samba into cryptoJelmer Vernooij2-6/+8
2008-09-24Move source4/lib/crypto to lib/crypto.Jelmer Vernooij1-1/+1
2008-09-24Fix nasty bug that would come up only if a client connection to a remoteSimo Sorce2-6/+8
ldap server suddenly dies. We were creating a wrong talloc hierarchy, so the event.fde was not freed automatically as expected. This in turn made the event system call the ldap io handlers with a null packet structure, causing a segfault. Fix also the ordering in ldap_connection_dead() Thanks to Metze for the huge help in tracking down this one.
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce1-1/+1
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-09-23gensec_krb5: only give away the session key, when the authentication is doneStefan Metzmacher1-0/+4
metze
2008-09-23gensec_gssapi: only give away the session key, when the authentication is doneStefan Metzmacher1-4/+5
metze
2008-08-28Heimdal provides Kerberos PAC parsing routines. Use them.Andrew Bartlett1-88/+41
This uses Heimdal's PAC parsing code in the: - LOCAL-PAC test - gensec_gssapi server - KDC (where is was already used, the support code refactored from here) In addition, the service and KDC checksums are recorded in the struct auth_serversupplied_info, allowing them to be extracted for validation across NETLOGON. Andrew Bartlett (This used to be commit 418b440a7b8cdb53035045f3981d47b078be6c1e)
2008-08-27Put the internal gensec_gssapi state into a header.Andrew Bartlett2-43/+69
This will allow a torture suite to inspect some otherwise internal details. Andrew Bartlett (This used to be commit 9701149ef75f9771f42000e2b6f44963abfee938)
2008-08-14gensec_gssapi: only cache the session key in STAGE_DONEStefan Metzmacher1-5/+9
The key may change because we switch from initiator to acceptor subkey. metze (This used to be commit 66244092a457b2cde6339cb31dcfa73b122ba9b5)
2008-08-12gensec_gssapi: add support for GENSEC_FEATURE_NEW_SPNEGOStefan Metzmacher1-0/+25
metze (This used to be commit 9246924effd4d0b08ca1ef87e45ad510020df93e)
2008-08-12gensec_gssapi: fix compiler warningsStefan Metzmacher1-2/+2
metze (This used to be commit f4f4bb7fe977301e468ab164ba750b69d9a92306)
2008-08-12gensec_gssapi: add a function to load the lucid structure onceStefan Metzmacher1-15/+44
metze (This used to be commit daa986d1d04e59550bb5d33b5075daa414d087ba)
2008-08-12gensec: add support for new style spnego and correctly handle mechListMICStefan Metzmacher3-7/+135
metze (This used to be commit 05a3403967d3cf64bca8b06536dc1b20cf835396)
2008-08-08gensec_gssapi: use the correct signature size for cfx/rfc4121 style signaturesStefan Metzmacher1-1/+1
metze (This used to be commit fcabe24f96c9677146ca754a502f336c23050339)
2008-08-08gensec_gssapi: use gsskrb5_get_subkey() to get the session keyStefan Metzmacher1-3/+3
This is needed to get the correct key, when aes keys are used. metze (This used to be commit 7587a7d8b65f27a5865d6873f63a450488da02c9)
2008-08-07gensec_gssapi: add support for GENSEC_FEATURE_SIGN_PKT_HEADERStefan Metzmacher1-4/+82
This only works for sign/verify_packet() yet, seal/unseal_packet() doesn't work yet... metze (This used to be commit c62e5d23a69789d23516a6d150fd3b756e270998)