summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2010-03-24s4:ntlmssp: move sign/seal states to a private ntlmssp_crypt_state unionStefan Metzmacher2-76/+63
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: make use of dump_arc4_state()Stefan Metzmacher1-8/+7
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: copy dump_arc4_state() from source3Stefan Metzmacher1-0/+6
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: avoid usage of calc_ntlmv2_key_talloc()Stefan Metzmacher2-29/+10
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: make use of calc_ntlmv2_key() for seal keysStefan Metzmacher1-15/+16
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: add calc_ntlmv2_key() from source3Stefan Metzmacher1-0/+11
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: rename calc_ntlmv2_key => calc_ntlmv2_key_tallocStefan Metzmacher1-5/+5
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: inline ntlmssp_weakend_keys()Stefan Metzmacher2-54/+41
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: use a 'bool ok' helper variable to make the code more readableStefan Metzmacher1-6/+14
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: fix some formatingStefan Metzmacher1-74/+110
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: move doing_ntlm2 to ntlmssp_server_auth_stateStefan Metzmacher2-4/+3
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: move NTLM2 session_nonce to ntlmssp_server_auth_stateStefan Metzmacher2-8/+7
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: move encrypted_session_key to ntlmssp_server_auth_stateStefan Metzmacher2-29/+19
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: keep a ntlmssp_server_auth_state to transport variables from ↵Stefan Metzmacher1-10/+23
preauth to postauth hooks metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: remove unused server_multiple_authentications feature.Stefan Metzmacher2-14/+1
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: rename gensec_ntlmssp_state => ntlmssp_stateStefan Metzmacher5-352/+352
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: split gensec_ntlmssp_unseal_packet() and ntlmssp_unseal_packet()Stefan Metzmacher1-17/+34
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: split gensec_ntlmssp_seal_packet() and ntlmssp_seal_packet()Stefan Metzmacher1-19/+37
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: split gensec_ntlmssp_check_packet() and ntlmssp_check_packet()Stefan Metzmacher1-13/+31
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: split gensec_ntlmssp_sign_packet() and ntlmssp_sign_packet()Stefan Metzmacher1-12/+27
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: make user a 'const char *' in (gensec_)ntlmssp_stateStefan Metzmacher1-1/+1
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: remove server_name from (gensec_)ntlmssp_state and fill the ↵Stefan Metzmacher2-2/+10
server.* fields also for the client Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: calculate server names at startup and store them in ↵Stefan Metzmacher2-26/+37
(gensec_)ntlmssp_state->server.* Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: replace server_role by a server.is_standalone in ↵Stefan Metzmacher2-4/+10
(gensec_)ntlmssp_state Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: remove more whitespaces...Stefan Metzmacher1-32/+32
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: add NTLMSSP_FEATURE_* flags from s3Stefan Metzmacher1-0/+6
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: keep struct gensec_ntlmssp_context in gensec_security->private_dataStefan Metzmacher4-23/+62
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: remove gensec_security from (gensec_)ntlmssp_stateStefan Metzmacher3-5/+5
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: remove backend specifix stuff from (gensec_)ntlmssp_stateStefan Metzmacher2-22/+46
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: create a gensec_ntlmssp_context between gensec_security and ↵Stefan Metzmacher2-9/+20
ntlmssp_state Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: add definition of gensec_ntlmssp_contextStefan Metzmacher1-0/+7
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: add a callback_private pointer to gensec_ntlmssp_stateStefan Metzmacher1-1/+6
We'll remove any gensec specific stuff from gensec_ntlmssp_state and rename it to ntlmssp_state again. Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp Ensure that we always negotiate signing if we negotiate sealing.Andrew Bartlett1-0/+1
Without this, a sealed LDAP connection to windows does not work. Andrew Bartlett
2010-03-16s4:auth/kerberos/kerberos.c - fix also here a memory leakMatthias Dieter Wallnöfer1-0/+1
The options need to be freed also on this error case.
2010-03-11s4: Modify auth/config.m4 to move pam tests to nsswitch.m4 so that we tests ↵Matthieu Patou1-6/+1
things in one place Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-03-08s4-gensec: Fixed wrong usage of error_string.Andreas Schneider1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-03-04s4:auth/sam.c - change base context for the "tmp_ctx" context in ↵Matthias Dieter Wallnöfer1-1/+1
"authsam_expand_nested_groups" Better use the "res_sids_ctx" as base context for the "tmp_ctx" and not the long-living "sam_ctx"/"ldb" context to prevent memory leaks.
2010-03-04s4:sam.c - make "authsam_expand_nested_groups" publicMatthias Dieter Wallnöfer2-1/+7
This is needed by the "tokenGroups" work in the operational LDB module.
2010-03-04s4:sam.c - cosmetic indentation fixMatthias Dieter Wallnöfer1-2/+1
2010-03-04s4:sam.c - change variable types to unsigned in "sids_contains_sid"Matthias Dieter Wallnöfer1-3/+4
Should also be unsigned - no need for a signed "i" and "num_sids" here.
2010-03-03Fix typo in comments.Karolin Seeger1-2/+2
2010-02-26s4:python Add bindings to set GENSEC flags on credentials in pythonAndrew Bartlett2-0/+32
This should allow these to be manipulated by python scripts that need encrypted connections. Andrew Bartlett
2010-02-26s4-krb5: propogate errors from a lot more kerberos functionsAndrew Tridgell10-99/+148
We need to be able to give sensible error messages when a kerberos calls fails. This propogates the kerberos error up the stack to the caller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-25s4:auth - make some parts "signed-safe"Matthias Dieter Wallnöfer2-7/+8
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-23s4:cleanup remove unused schannel ldb codeSimo Sorce1-67/+0
2010-02-23s4:schannel merge code with s3Simo Sorce2-22/+5
After looking at the s4 side of the (s)channel :) I found out that it makes more sense to simply make it use the tdb based code than redo the same changes done to s3 to simplify the interface. Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet that does not solve the lookup speed, with ldb it is always going to be slower. Looking through the history it is evident that the schannel database doesn't really need greate expanadability. And lookups are always done with a single Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated. The schannel database is not really a persistent one. It can be discared during an upgrade without causing any real issue. all it contains is temproary session data.
2010-02-22Spelling fixes for source4/auth.Brad Hards2-3/+3
The comment for USER_INFO_INTERACTIVE_LOGON looks like a cut-n-paste from the line above. Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-02-20s4:credentials Add hooks to extract a named Kerberos credentials cacheAndrew Bartlett5-63/+162
This allows the integration of external tools that can't be linked into C or python, but need to authenticate as the local machine account. The machineaccountccache script demonstrates this, and debugging has been improved in cli_credentials_set_secrets() by passing back and error string. Andrew Bartlett
2010-02-16s4-dsdb: removed gendb_search_single_extended_dn()Andrew Tridgell1-2/+3
Use dsdb_search_one() instead, which allows for arbitrary controls Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-16s4-dsdb: added dsdb_search_one() and cleanup dsdb_find_dn_by_guid()Andrew Tridgell1-4/+6
dsdb_find_dn_by_guid() now takes a struct GUID instead of a guid_string. All the callers in fact wanted a struct GUID, so we now avoid the extra conversion. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>