Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-07-24 | s4:gensec_gssapi: pass the correct oid to the gssapi layer. | Stefan Metzmacher | 1 | -4/+11 | |
metze | |||||
2009-07-24 | s4:gensec/spengo: make sure we send the blob with the micListMech signature ↵ | Stefan Metzmacher | 1 | -1/+1 | |
to the peer We should even do this if the submech has no more data to send. metze | |||||
2009-07-16 | s4:gensec Rework gensec_krb5 mutual authentication defaults | Andrew Bartlett | 1 | -24/+28 | |
When emulating Samba3 (which we do to ensure we don't break compatability), don't do mutual authentication by default, as it breaks the session key with AES and isn't what Samba3 does anyway. Andrew Bartlett | |||||
2009-07-16 | s4:gensec Allow mutual auth to be turned off in 'fake_gssapi_krb5' | Andrew Bartlett | 1 | -5/+15 | |
This allows the older 'like Samba3' GENSEC krb5 implementation to work against Windows 2008. I'm using this to track down interop issues in this area. Andrew Bartlett | |||||
2009-07-01 | gensec_start now steals the auth_context | Andrew Tridgell | 1 | -1/+3 | |
2009-06-18 | s4:gensec Print GSSAPI error message when unable to find PAC | Andrew Bartlett | 1 | -1/+3 | |
2009-06-12 | s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵ | Andrew Bartlett | 1 | -0/+3 | |
904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett | |||||
2009-06-02 | Fix dependencies when using shared libraries. | Jelmer Vernooij | 1 | -1/+1 | |
2009-04-19 | Remove unused headers | Andrew Bartlett | 1 | -4/+2 | |
2009-04-16 | Fix Samba4 build errors with common libcli/samsync | Andrew Bartlett | 1 | -0/+1 | |
2009-04-14 | Rework to use new API for common netlogon credential chaining | Andrew Bartlett | 1 | -1/+1 | |
2009-04-14 | Rework Samba4 to use the new common libcli/auth code | Andrew Bartlett | 3 | -13/+26 | |
In particular, this is the rename from creds_ to netlogon_creds_, as well as other links to use the new common crypto. Andrew Bartlett | |||||
2009-04-14 | Push schannel_state.c into the top level. | Andrew Bartlett | 2 | -284/+1 | |
This is the server side state for netlogon credential chaining Andrew Bartlett | |||||
2009-02-13 | Push sam_get_server_info_principal into the auth subsystem | Andrew Bartlett | 3 | -7/+24 | |
This means it must be accessed via the supplied auth_context in the GENSEC server, and should remove the hard depenceny of GENSEC on the auth subsystem and ldb (allowing LDB not to rely on LDB is considered a good thing, apparently) Andrew Bartlett | |||||
2009-02-13 | Remove auth/ntlm as a dependency of GENSEC by means of function pointers. | Andrew Bartlett | 3 | -17/+16 | |
When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett | |||||
2009-02-02 | s4:auth/gensec: s/private/private_data | Stefan Metzmacher | 1 | -10/+10 | |
metze | |||||
2009-02-01 | Make schannel not depend on samdb anymore. | Simo Sorce | 2 | -6/+61 | |
2009-01-21 | s4:auth: move make_server_info_netlogon_validation() function arround | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2008-12-29 | s4:lib/tevent: rename structs | Stefan Metzmacher | 4 | -17/+17 | |
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze | |||||
2008-12-24 | Rename samba-socket -> samba_socket to fix a couple more compiler | Jelmer Vernooij | 1 | -1/+1 | |
warnings. | |||||
2008-12-23 | Add missing includes, required for use of gensec by 3rd-party | Matthias Dieter Wallnöfer | 1 | -0/+3 | |
applications. | |||||
2008-12-17 | s4: fix LIBEVENTS dependencies and use more forward declarations | Stefan Metzmacher | 1 | -0/+1 | |
We should only include events.h where we really need it and prefer forward declarations of 'struct event_context' metze | |||||
2008-11-02 | Fix the build. | Jelmer Vernooij | 3 | -19/+43 | |
2008-11-02 | Remove use of global_loadparm for disabled gensec backends. | Jelmer Vernooij | 3 | -4/+25 | |
2008-11-02 | Fix the build. | Jelmer Vernooij | 1 | -2/+2 | |
2008-11-02 | Add gensec_settings structure. This wraps loadparm_context for now, but | Jelmer Vernooij | 5 | -47/+65 | |
should in the future only contain some settings required for gensec. | |||||
2008-10-20 | Make sure prototypes are always included, make some functions static and | Jelmer Vernooij | 3 | -2/+3 | |
remove some unused functions. | |||||
2008-10-11 | Fix include paths to new location of libutil. | Jelmer Vernooij | 2 | -2/+2 | |
2008-10-11 | Provide the same set of helper functions for DEBUG in Samba 3 and Samba | Jelmer Vernooij | 1 | -11/+11 | |
4, even though the macros are still different. This makes it possible to use object code compiled with one DEBUG() macro from the other sourceX directory. | |||||
2008-10-06 | s4:gensec: pass down want_features to the spnego backend mech | Stefan Metzmacher | 3 | -1/+24 | |
metze | |||||
2008-09-29 | make the schannel creentials persistent | Andrew Tridgell | 1 | -1/+1 | |
this makes testing with the WSPP test suite much easier over samba restarts | |||||
2008-09-24 | Cosmetic corrections for the KERBEROS library | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
This commit applies some cosmetic corrections for the KERBEROS library. | |||||
2008-09-24 | Merge branch 'master' of ssh://git.samba.org/data/git/samba into crypto | Jelmer Vernooij | 2 | -6/+8 | |
2008-09-24 | Move source4/lib/crypto to lib/crypto. | Jelmer Vernooij | 1 | -1/+1 | |
2008-09-24 | Fix nasty bug that would come up only if a client connection to a remote | Simo Sorce | 2 | -6/+8 | |
ldap server suddenly dies. We were creating a wrong talloc hierarchy, so the event.fde was not freed automatically as expected. This in turn made the event system call the ldap io handlers with a null packet structure, causing a segfault. Fix also the ordering in ldap_connection_dead() Thanks to Metze for the huge help in tracking down this one. | |||||
2008-09-23 | Merge ldb_search() and ldb_search_exp_fmt() into a simgle function. | Simo Sorce | 1 | -1/+1 | |
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful. | |||||
2008-09-23 | gensec_krb5: only give away the session key, when the authentication is done | Stefan Metzmacher | 1 | -0/+4 | |
metze | |||||
2008-09-23 | gensec_gssapi: only give away the session key, when the authentication is done | Stefan Metzmacher | 1 | -4/+5 | |
metze | |||||
2008-08-28 | Heimdal provides Kerberos PAC parsing routines. Use them. | Andrew Bartlett | 1 | -88/+41 | |
This uses Heimdal's PAC parsing code in the: - LOCAL-PAC test - gensec_gssapi server - KDC (where is was already used, the support code refactored from here) In addition, the service and KDC checksums are recorded in the struct auth_serversupplied_info, allowing them to be extracted for validation across NETLOGON. Andrew Bartlett (This used to be commit 418b440a7b8cdb53035045f3981d47b078be6c1e) | |||||
2008-08-27 | Put the internal gensec_gssapi state into a header. | Andrew Bartlett | 2 | -43/+69 | |
This will allow a torture suite to inspect some otherwise internal details. Andrew Bartlett (This used to be commit 9701149ef75f9771f42000e2b6f44963abfee938) | |||||
2008-08-14 | gensec_gssapi: only cache the session key in STAGE_DONE | Stefan Metzmacher | 1 | -5/+9 | |
The key may change because we switch from initiator to acceptor subkey. metze (This used to be commit 66244092a457b2cde6339cb31dcfa73b122ba9b5) | |||||
2008-08-12 | gensec_gssapi: add support for GENSEC_FEATURE_NEW_SPNEGO | Stefan Metzmacher | 1 | -0/+25 | |
metze (This used to be commit 9246924effd4d0b08ca1ef87e45ad510020df93e) | |||||
2008-08-12 | gensec_gssapi: fix compiler warnings | Stefan Metzmacher | 1 | -2/+2 | |
metze (This used to be commit f4f4bb7fe977301e468ab164ba750b69d9a92306) | |||||
2008-08-12 | gensec_gssapi: add a function to load the lucid structure once | Stefan Metzmacher | 1 | -15/+44 | |
metze (This used to be commit daa986d1d04e59550bb5d33b5075daa414d087ba) | |||||
2008-08-12 | gensec: add support for new style spnego and correctly handle mechListMIC | Stefan Metzmacher | 3 | -7/+135 | |
metze (This used to be commit 05a3403967d3cf64bca8b06536dc1b20cf835396) | |||||
2008-08-08 | gensec_gssapi: use the correct signature size for cfx/rfc4121 style signatures | Stefan Metzmacher | 1 | -1/+1 | |
metze (This used to be commit fcabe24f96c9677146ca754a502f336c23050339) | |||||
2008-08-08 | gensec_gssapi: use gsskrb5_get_subkey() to get the session key | Stefan Metzmacher | 1 | -3/+3 | |
This is needed to get the correct key, when aes keys are used. metze (This used to be commit 7587a7d8b65f27a5865d6873f63a450488da02c9) | |||||
2008-08-07 | gensec_gssapi: add support for GENSEC_FEATURE_SIGN_PKT_HEADER | Stefan Metzmacher | 1 | -4/+82 | |
This only works for sign/verify_packet() yet, seal/unseal_packet() doesn't work yet... metze (This used to be commit c62e5d23a69789d23516a6d150fd3b756e270998) | |||||
2008-08-07 | gensec: add GENSEC_FEATURE_SIGN_PKT_HEADER flag | Stefan Metzmacher | 1 | -0/+1 | |
metze (This used to be commit d7dfdbaf34843cb6783d8e686e659c53c5ac27ef) | |||||
2008-08-01 | gensec_gssapi: include <gssapi/gssapi.h> | Stefan Metzmacher | 1 | -1/+1 | |
metze (This used to be commit 49e01d00bded74190c8e3049ac5883fe211e86fd) |