summaryrefslogtreecommitdiff
path: root/source4/auth/gensec
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r17197: This patch moves the encryption of bulk data on SASL negotiated securityAndrew Bartlett4-18/+503
contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett (This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
2007-10-10r17173: Check for oversize output, not oversize input, and fix the GSSAPI mechAndrew Bartlett1-10/+11
to work (it broke it in the previous commit). Andrew Bartlett (This used to be commit e96638bc74f0752ce8af6626a04c92d48b917ffe)
2007-10-10r17171: Add a gensec function to determine the maximum negotiated buffer size,Andrew Bartlett3-34/+134
and the maximum amount of user data that may be fitted into that. This is used in the new SASL code, to correctly honour SASL buffer sizes. Andrew Bartlett (This used to be commit cbbe99d9c1f0262e67a495fb098cacc09fd78e05)
2007-10-10r16829: Fix a number of issues raised by the IBM checker, or gcc warnings.Andrew Bartlett1-2/+3
In particular, this removes one use of the LDB_DN_NULL_FAILED macro, which was being used on more than DNs, had an embedded goto, and confused the IBM checker. In the password_hash code, ensure that sambaAttr is not, before checking the number of values. In GENSEC, note that this switch value can't occour. This seems to be the only way to quiet both the IBM checker and gcc, as well as cope with possibly invalid inputs. Andrew Bartlet (This used to be commit 3e58350ec2ab883795b1dd03ac46a3520cac67d0)
2007-10-10r16516: Get rid of file_exists() as there already is a file_exist().Jelmer Vernooij1-1/+1
(This used to be commit c4b3c2b18c6df43c8a4808fab72bc45439ba9421)
2007-10-10r16056: Fix errors found by trying to use our kpasswd server and the Apple ↵Andrew Bartlett1-1/+1
client. Andrew Bartlett (This used to be commit ae2913898c983dcba69b5d0b89c428e450e9bf5f)
2007-10-10r15853: started the process of removing the warnings now thatAndrew Tridgell2-5/+2
talloc_set_destructor() is type safe. The end result will be lots less use of void*, and less calls to talloc_get_type() (This used to be commit 6b4c085b862c0932b80b93e316396a53b993544c)
2007-10-10r15485: This 'fake' GSSAPI doesn't do the extra SASL negotiation correctly, soAndrew Bartlett1-1/+0
don't attribute the GSSAPI SASL mech to it. Andrew Bartlett (This used to be commit 23a4db28ed825bc8c45e5f704137a72386394f45)
2007-10-10r15426: Implement SPNEGO as the default RPC authentication mechanism. WhereAndrew Bartlett1-0/+9
this isn't supported, fallback to NTLM. Also, where we get a failure as 'logon failure', try and do a '3 tries' for the password, like we already do for CIFS. (Incomplete: needs a mapping between RPC errors and the logon failure NTSTATUS). Because we don't yet support Kerberos sign/seal to win2k3 SP1 for DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos isn't demanded. Andrew Bartlett (This used to be commit b3212d1fb91b26c1d326a289560106dffe1d2e80)
2007-10-10r15363: Fix dependencies for shared libraryJelmer Vernooij1-2/+3
(This used to be commit f2ca71f1229f4c20296895116c09bacbd6a53b55)
2007-10-10r15330: Add comment for IBM checker.Andrew Bartlett1-2/+1
Andrew Bartlett (This used to be commit d2832a849dd570a6cc1b49d8071735270b2fb83f)
2007-10-10r15304: Fix smbd build, more updates on getting --enable-dso to build againJelmer Vernooij1-1/+1
(This used to be commit 3ef9326386ba1c210166302cbcf02d2ed3f19944)
2007-10-10r15298: Fix the build using a few hacks in the build system.Jelmer Vernooij1-1/+1
Recursive dependencies are now forbidden (the build system will bail out if there are any). I've split up auth_sam.c into auth_sam.c and sam.c. Andrew, please rename sam.c / move its contents to whatever/wherever you think suits best. (This used to be commit 6646384aaf3e7fa2aa798c3e564b94b0617ec4d0)
2007-10-10r15297: Move create_security_token() to samdb as it requires SAMDB (and the ↵Jelmer Vernooij2-2/+2
rest of LIBSECURITY doesn't) Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal Some other dependency fixes (This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
2007-10-10r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacementJelmer Vernooij1-4/+4
for REQUIRED_SUBSYSTEMS. (This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
2007-10-10r14952: Make sure the auth subsystem gets initialized if a gensec module ↵Jelmer Vernooij2-1/+5
needs it. (This used to be commit ecf84248b48783fb0ccbeff4d37d930b21fb96df)
2007-10-10r14816: Simplify test for comparison_fn_tJelmer Vernooij1-0/+2
(This used to be commit 594215d1176b23596549fd4e4098d42ef41f7d0d)
2007-10-10r14713: For testing, it is sometimes useful to specify a hostname for kerberosAndrew Bartlett1-0/+6
that differs from the hostname the connect() uses. In particular, this helps in running Kerberos tests in 'make test'. Andrew Bartlett (This used to be commit 78447333b0fc9450e18cd1d1c15df62acb5f0f36)
2007-10-10r14700: Fix spelling, and change these informational messages to debug level 5.Andrew Bartlett1-6/+6
Andrew Bartlett (This used to be commit 8f96f524bfde99667410ec98087831b9c14c66e5)
2007-10-10r14575: Move some path-related functions to libsamba-config so libsamba-utilJelmer Vernooij1-1/+1
doesn't have to depend on the lp_* functions. (This used to be commit f97df7d90a41b77a9edd2d6bdc47c27bf1b6bb07)
2007-10-10r14572: Give libraries saner names, remove some .pc files, make some thingsJelmer Vernooij1-1/+1
subsystems in case a library doesn't make sense. (This used to be commit ed382873fd01457a53e0a1e1f5ba6753dfbc0646)
2007-10-10r14542: Remove librpc, libndr and libnbt from includes.hJelmer Vernooij5-0/+5
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
2007-10-10r14497: Fix build with shared librariesJelmer Vernooij1-2/+2
(This used to be commit c74fc55831ca24819ae7f5e0920d0351e2b46a08)
2007-10-10r14492: Fix shared libs - set SO_VERSION to 0 everywhere for now.Jelmer Vernooij1-1/+1
(This used to be commit 4682bc5ce047d81586447b9df82c91ed1fe677cf)
2007-10-10r14484: Install more headersJelmer Vernooij2-3/+3
(This used to be commit 430c6516d383bfd7f27287394bf8eef9f174b3e6)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij2-2/+2
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r14409: quieten warningsAndrew Tridgell1-0/+2
(This used to be commit 2ec2894f72b44ba4e400961921b65b03ad8742de)
2007-10-10r14383: Fix non-developer build.Jelmer Vernooij2-2/+2
(This used to be commit f4de155c94b89e586640d11992953a0d5fc0716d)
2007-10-10r14380: Reduce the size of structs.hJelmer Vernooij2-0/+2
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2007-10-10r14363: Remove credentials.h from the global includes.Jelmer Vernooij1-0/+6
(This used to be commit 98c4c3051391c6f89df5d133665f51bef66b1563)
2007-10-10r14327: Replace MAJOR_VERSION/MINOR_VERSION/RELEASE_VERSION with two parameters:Jelmer Vernooij1-3/+2
- VERSION: should contain the current version. Will be made part of the filename. - SO_VERSION: should contain the latest version that this on is compatible to. Will be used for setting the soname of the shared library. Fix sonames and use them on platforms that support them Remove symlinking code. ldconfig will take care of creating the symlinks now that we set the soname. (This used to be commit 7871b07e21c85c63d0ecac4c31b98dc112d18af5)
2007-10-10r14071: fix the buildStefan Metzmacher1-1/+2
metze (This used to be commit af63ed9eb3a5af3e4eeb84c66397255ea90ea764)
2007-10-10r14070: this functions need to be exported,Stefan Metzmacher1-1/+1
it's ugly, but they're used in torture tests I hope to find a better solution for this later... metze (This used to be commit be8874e9d3f1a022a42ccd1262dc5ce7bd5d1a91)
2007-10-10r14065: build gensec_schannel always static as libnet needs functions from itStefan Metzmacher1-0/+1
metze (This used to be commit 91a3a0b795ebe73d29b69bb40ae9e67b40f90212)
2007-10-10r13969: Make these names lowercase as well (just like they are now in the ↵Jelmer Vernooij1-1/+1
buildsystem) (This used to be commit 04c49e211fc4f80e03d9322b983bbde15baba640)
2007-10-10r13960: Generate makefile rules for installing/removing shared modules.Jelmer Vernooij1-10/+10
(This used to be commit 2c746980328431ab04852dc668899e3eb042da99)
2007-10-10r13938: Around round of splitupsJelmer Vernooij2-0/+2
(This used to be commit 2d655f05285a86bb1bbb882e4dd843def15c9dfa)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij3-1/+4
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r13903: Don't generate prototypes for modules and binaries in include/proto.h byJelmer Vernooij3-0/+4
default. (This used to be commit c80a8f1102caf744b66c13bebde38fba74983dc4)
2007-10-10r13840: Mark some functions as public.Jelmer Vernooij1-13/+13
(This used to be commit 9a188eb1f48a50d92a67a4fc2b3899b90074059a)
2007-10-10r13655: Use new name of build headerJelmer Vernooij1-1/+1
(This used to be commit bca0e8054f6d9c7adc9d92e0c30d4323f994c9e9)
2007-10-10r13619: fix compiler warningStefan Metzmacher1-1/+1
metze (This used to be commit 7b284174aa36fdd5d6841dab4934f1f6ecfba4ce)
2007-10-10r13584: Another try at SPNEGO stuff. I need to write a better testsuite for ↵Andrew Bartlett1-0/+23
this. This tries to ensure that when we are a client, we cope with mechs (like GSSAPI) that only abort (unknown server) at first runtime. Andrew Bartlett (This used to be commit cb5d18c6190fa1809478aeb60e352cb93c4214f6)
2007-10-10r13583: Realise that the member server name appears in all calls that use theAndrew Bartlett1-1/+1
credentials. Consistantly rename these elements in the IDL to computer_name. Fix the server-side code to always lookup by this name. Add new, even nastier tests to RPC-SCHANNEL to prove this. Andrew Bartlett (This used to be commit 341a0abeb4a9f88d64ffd4681249cb1f643a7a5a)
2007-10-10r13481: As far as I can tell, my changes in -r 12863 were dangerously untested.Andrew Bartlett1-7/+8
We do need the gsskrb5_get_initiator_subkey() routine. But we should ensure that we do always get a valid key, to prevent any segfaults. Without this code, we get a different session key compared with Win2k3, and so kerberised smb signing fails. Andrew Bartlett (This used to be commit cfd0df16b74b0432670b33c7bf26316b741b1bde)
2007-10-10r13402: Make Samba4 pass a nastier RPC-SCHANNEL test.Andrew Bartlett3-50/+89
The new RPC-SCHANNEL test shows that the full credentials state must be kept in some shared memory, for some length of time. In particular, clients will reconnect with SCHANNEL (after loosing all connections) and expect that the credentials chain will remain in the same place. To achive this, we do the server-side crypto in a transaction, including the fetch/store of the shared state. Andrew Bartlett (This used to be commit 982a6aa871c9fce17410a9712cd9fa726025ff90)
2007-10-10r13344: Trust SASL to have subtle distinctions between NULL and zero-lengthAndrew Bartlett1-10/+24
responses... Also trust OpenLDAP to be pedantic about it, breaking connections to AD. In any case, we now get this 'right' (by nasty overloading hacks, but hey), and we can now use system-supplied OpenLDAP libs and SASL/GSSAPI to talk to Samba4. Andrew Bartlett (This used to be commit 0cbe18211a95f811b51865bc0e8729e9a302ad25)
2007-10-10r13342: Make the GSSAPI SASL mech actually work, by (shock horror) reading ↵Andrew Bartlett2-73/+436
the spec. GSSAPI differs from GSS-SPNEGO in an additional 3 packets, negotiating a buffer size and what integrity protection/privacy should be used. I worked off draft-ietf-sasl-gssapi-03, and this works against Win2k3. I'm doing this in the hope that Apple clients as well as SASL-based LDAP tools may get a bit further. I still can't get ldapsearch to work, it fails with the ever-helpful 'Local error'. Andrew Bartlett (This used to be commit 3e462897754b30306c1983af2d137329dd937ad6)
2007-10-10r13250: I missed a couple of talloc_free()'sAndrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit 3570a62876dcd656b328bf8c2c1be617ae9a8fd7)
2007-10-10r13247: Try to make better use of talloc in the auth/ and auth/gensec code.Andrew Bartlett2-12/+30
We don't want temporary memory hanging around on the long-term contexts. Andrew Bartlett (This used to be commit 85b3f6ebddfb655fdd08d1799752e562a6ff9cb1)