Age | Commit message (Collapse) | Author | Files | Lines |
|
authentication out of the various callers and into the kitchen
sink.. err, credentials subsystem.
This should ensure consistant logic, as well as get us one step closer
to security=server operation in future.
Andrew Bartlett
(This used to be commit 09c95763301c0f7770d56462e8af4169b8c171fb)
|
|
code in Samba3.
Andrew Bartlett
(This used to be commit 36e302bac87d0a07c86cc4c841d376c778630dab)
|
|
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(
I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes
In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.
Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
(This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
|
|
ldap. Also ensure we put a objectclass on our private ldb's, so they
have some chance of being stored in ldap if you want to
(This used to be commit 1af2cc067f70f6654d08387fc28def67229bb06a)
|
|
Andrew Bartlett
(This used to be commit f78982a0f1079b07be6d7bfd9cc0f92c2cebcf1c)
|
|
authenticated session down into LDB. This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.
Along the way, I cleaned up a few things, and added new helper functions
to assist. In particular the LSA pipe uses simpler queries for some of
the setup.
In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.
I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.
Andrew Bartlett
(This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
|
|
Andrew Bartlett
(This used to be commit 6021fa373405f8788dc216aae82a3f4a80df4ba7)
|
|
schannel connections.
Test for Win2k3 SP1 behaviour in RPC-SCHANNEL.
Andrew Bartlett
(This used to be commit 1c3911374ec65e4770c2fe9109d7b7d3ecd99f6a)
|
|
Andrew Bartlett
(This used to be commit 5b2114bb9c604e8d36887e1131175da327eabc84)
|
|
'make test'
I also think the method of getting rid of pstring isn't the right
one. I certainly do want to get rid of pstring/fstring, but the reason
for removing them is the use of arbitrary sized fixed length strings
on the stack and in structures. Changing to another fixed length stack
string format isn't really a win, and moving to use strncpy() is
actually worse than pstrcpy() as strncpy() has the absolutely awful
semantics of always zeroing all remaining bytes, so it ends up taking
a lot of cpu doing pointless memory writes.
I'd rather move to more use of asprintf()/talloc_asprintf() and
similar functions for dynamic string allocation.
You also have to be very careful about some of these system defined
string limits. One some systems PATH_MAX could be 64k or even larger,
which can quickly blow the stack out when you allocate a few of them.
(This used to be commit 194efd26e42d621b239052ed1fec8da916bd2144)
|
|
(This used to be commit 57cfbe51e61e27098fad3f9b1113c6f8f69f9a55)
|
|
Andrew Bartlett
(This used to be commit 51a0275a0e7ffc940f2403f3c74a00b3936a07f4)
|
|
auth/
Andrew Bartlett
(This used to be commit 2e76a4b8efd59c496d64241d654538d3222545c6)
|
|
then StaticLibrary()
(This used to be commit b53313dc517986c69a4e4cb8fe3885b696f8faa1)
|
|
(This used to be commit f547ab4644fd1c8ae2e44a25e874abf35e02d986)
|
|
This disables it for 'localhost' as well as for any host our KDC does
not recognise.
Andrew Bartlett
(This used to be commit 49c6c36763aae23880a20a8ee50c00e8935d8548)
|
|
at the Samba4 socket layer.
The intention here is to ensure that other events may be processed while
heimdal is waiting on the KDC. The interface is designed to be
sufficiently flexible, so that the plugin may choose how to time
communication with the KDC (ie multiple outstanding requests, looking
for a functional KDC).
I've hacked the socket layer out of cldap.c to handle this very
specific case of one udp packet and reply. Likewise I also handle
TCP, stolen from the winbind code.
This same plugin system might also be useful for a self-contained
testing mode in Heimdal, in conjunction with libkdc. I would suggest
using socket-wrapper instead however.
Andrew Bartlett
(This used to be commit 3b09f9e8f9f6f645cd03073ef833c8d0fb0d84e2)
|
|
(This used to be commit 87bb382445292755eff1c29f12358d4509ebe714)
|
|
use pstring is next_token() now.
(This used to be commit a5b88bcd420eb7ae42283293541519e142be36e3)
|
|
(This used to be commit 6df956edbab7ad5e72b2f20e74ab0f0d62528932)
|
|
that are then included by include/proto.h
(This used to be commit 703ffbaaaca11f3d8781cfe9e7542fcaa626d991)
|
|
Andrew Bartlett
(This used to be commit 1f726906c488355733dc1a3a89c53e194c192e68)
|
|
(This used to be commit 1b675a1bdfa7e50e1b418ae41479f1bebc445064)
|
|
safe) as it is removed on smbd restart
(This used to be commit 0951db6a89d15792ee1ea6b9f37c45486958ad57)
|
|
I still have issues with Win2k3 SP1, and Samba4 doesn't pass it's own
test for the moment, but I'm working on these issues :-)
This required a change to the credentials API, so that the special
case for NTLM logins using a principal was indeed handled as a
special, not general case.
Also don't set the realm from a ccache, as then it overrides --option=realm=.
Andrew Bartlett
(This used to be commit 194e8f07c0cb4685797c5a7a074577c62dfdebe3)
|
|
Andrew Bartlett
(This used to be commit 77aca9619d24a8e118f53bcd1a1e54b8437812a8)
|
|
Volker
(This used to be commit 3dc7e67dc5e5844523e9768081123c622e61c7e9)
|
|
use raw krb5, not GSSAPI. I still keep the 'fake GSSAPI' code, but
under the module name 'fake_gssapi_krb5'.
Andrew Bartlett
(This used to be commit 99efec2758ad6c996db65dd42cb72a81077c9b2b)
|
|
at every single build. Run 'scons configure=1' or delete sconf.cache
to force checks to be re-run.
Jelmer, I think this stuff is cached in the .sconf_cache directory but
the message is still displayed and it looks like it caches the compiled
test object file not the actual result of the test.
(This used to be commit 9d001dc083937bbf5642af90bc8a8b1a27825de0)
|
|
upper-case realm.
Andrew Bartlett
(This used to be commit 3e38456dd5c40730f3203e89393dad2b97996d56)
|
|
works now
(This used to be commit 22f18a84242e5e68a2d57b6d7ff77c089ee7434a)
|
|
-Udomain\\user.
This will probably break in a few configurations, so please let me
know. I'll also work to have a way to inhibit kerberos/ntlmssp, as
this removes -k.
Andrew Bartlett
(This used to be commit 3c0dc570b86e79aea5446d7c3bb9750a11bf8ca4)
|
|
but final linking still fails (as does generating files asn1, et, idl and proto
files)
(This used to be commit 4f0d7f75b99c7f4388d8acb0838577d86baf68b5)
|
|
on the kerberos mailing lists a couple of weeks ago: Don't use DNS at
all for expanding short names into long names.
Using the 'override krb5_init_context' code already in the tree, this
removes the DNS lag on a kerberos session setup/connection.
Andrew Bartlett
(This used to be commit de3ceab3d064a286e8662a2b9b62b212f0454156)
|
|
Start on custom Samba scons tools (for handling proto generation, pidl, etc)
(This used to be commit 4bffe4435944fffa3f9680b5a2fe63f2bdd98003)
|
|
Andrew Bartlett
(This used to be commit 096c751f37172b06bb42b5c4d73b2743322d2f71)
|
|
Samba to use the target principal name supplied in the mechTokenMIC of
an SPNEGO negTokenInit.
This isn't a great idea for security reasons, but is how Samba3 behaves,
and allows kerberos to function more often in some environments. It is
only available for CIFS session setups, due to the ordering of the
exchange.
Andrew Bartlett
(This used to be commit f6a645644127ae695a9f7288e0a469f2eb7f3066)
|
|
the other
ideas I have had.
When I get a full list of things I want to do to a krb5_context I'll
either add gsskrb5_ wrappers, or a way of speicfying the krb5 context
per gssapi context.
(I want to ensure that the only krb5_context variables created while
executing Samba4 are via our wrapper).
Andrew Bartlett
(This used to be commit 8a22d46e70e9f863831aba0c9913d195f833d625)
|
|
Move auth-specific file to auth/
(This used to be commit 8aa9711a306b30da905f53148ebe352462852d74)
|
|
about the size of the signature. In particular, this works with AES,
which was previously broken Samba4/Samba4.
Reviewed by metze (and thanks for help with the previous IDL commit).
(This used to be commit 3c8be196cce3bf275a0bf8d0cf127df570b560d3)
|
|
Andrew Bartlett
(This used to be commit cdfcc093430c0a4ae2937dcbf29b8874e724ff29)
|
|
data to be signed/sealed. We can use this to split the data from the
signature portion of the resultant wrapped packet.
This required merging the gsskrb5_wrap_size patch from
lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no
longer use a static 45 byte value).
This fixes one of the krb5 issues in my list.
Andrew Bartlett
(This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104)
|
|
other than arcfour-hmac-md5. Currently we still fail to verify other
signatures however.
Andrew Bartlett
(This used to be commit 2e5884fc2472c6bcc7e6e083c28a4da6b2f72af1)
|
|
with an aim to make the code simpiler and more correct.
Gone is the old (since the very early Samba 3.0 krb5 days) 'iterate over
all keytypes)' code in gensec_krb5, we now follow the approach used in
gensec_gssapi, and use a keytab.
I have also done a lot of work in the GSSAPI code, to try and reduce
the diff between us and upstream heimdal. It was becoming hard to
track patches in this code, and I also want this patch (the DCE_STYLE
support) to be in a 'manageable' state for when lha considers it for
merging. (metze assures me it still has memory leak problems, but
I've started to address some of that).
This patch also includes a simple update of other code to current
heimdal, as well as changes we need for better PAC verification.
On the PAC side of things we now match windows member servers by
checking the name and authtime on an incoming PAC. Not generating these
right was the cause of the PAC pain, and so now both the main code and
torture test validate this behaviour.
One thing doesn't work with this patch:
- the sealing of RPC pipes with kerberos, Samba -> Samba seems
broken. I'm pretty sure this is related to AES, and the need to break
apart the gss_wrap interface.
Andrew Bartlett
(This used to be commit a3aba57c00a9c5318f4706db55d03f64e8bea60c)
|
|
'MEMORY_WILDCARD' keytab type. (part of this checking is in effect a
merge from lorikeet-heimdal, where I removed this)
This is achieved by correctly using the GSSAPI gsskrb5_acquire_cred()
function, as this allows us to specify the target principal, regardless
of which alias the client may use.
This patch also tries to simplify some principal handling and fixes some
error cases.
Posted to samba-technical, reviewed by metze, and looked over by lha on IRC.
Andrew Bartlett
(This used to be commit 506a7b67aee949b102d8bf0d6ee9cd12def10d00)
|
|
(This used to be commit f36e657a416d7ec7146d84da88b28c2606ff838a)
|
|
Andrew Bartlett
(This used to be commit b50e546eb4d5d9171d4ae5e9c9bebd8c7c878bd8)
|
|
StrCaseCmp was sys_strcasecmp, while it is in fact strcasecmp_m!
(This used to be commit 200a8f6652cb2de7a8037a7a4c2a204b50aee2b1)
|
|
Kerberos CCACHE into the system.
This again allows the use of the system ccache when no username is
specified, and brings more code in common between gensec_krb5 and
gensec_gssapi.
It also has a side-effect that may (or may not) be expected: If there
is a ccache, even if it is not used (perhaps the remote server didn't
want kerberos), it will change the default username.
Andrew Bartlett
(This used to be commit 6202267f6ec1446d6bd11d1d37d05a977bc8d315)
|
|
tmp_ctx, then steal at the last moment, on success.
andrew Bartlett
(This used to be commit c7a44518ad9acaf5708169e07aa03eae52262773)
|