summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r10174: This patch implements generic PAC verification, without assumptionsAndrew Bartlett1-23/+98
about the size of the signature. In particular, this works with AES, which was previously broken Samba4/Samba4. Reviewed by metze (and thanks for help with the previous IDL commit). (This used to be commit 3c8be196cce3bf275a0bf8d0cf127df570b560d3)
2007-10-10r10155: Add more notes on required gsskrb5 functions.Andrew Bartlett1-2/+7
Andrew Bartlett (This used to be commit cdfcc093430c0a4ae2937dcbf29b8874e724ff29)
2007-10-10r10153: This patch adds a new parameter to gensec_sig_size(), the size of theAndrew Bartlett6-16/+53
data to be signed/sealed. We can use this to split the data from the signature portion of the resultant wrapped packet. This required merging the gsskrb5_wrap_size patch from lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no longer use a static 45 byte value). This fixes one of the krb5 issues in my list. Andrew Bartlett (This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104)
2007-10-10r10145: Allow a variable length signature, so we can support signing withAndrew Bartlett1-17/+7
other than arcfour-hmac-md5. Currently we still fail to verify other signatures however. Andrew Bartlett (This used to be commit 2e5884fc2472c6bcc7e6e083c28a4da6b2f72af1)
2007-10-10r10066: This is the second in my patches to work on Samba4's kerberos support,Andrew Bartlett6-317/+302
with an aim to make the code simpiler and more correct. Gone is the old (since the very early Samba 3.0 krb5 days) 'iterate over all keytypes)' code in gensec_krb5, we now follow the approach used in gensec_gssapi, and use a keytab. I have also done a lot of work in the GSSAPI code, to try and reduce the diff between us and upstream heimdal. It was becoming hard to track patches in this code, and I also want this patch (the DCE_STYLE support) to be in a 'manageable' state for when lha considers it for merging. (metze assures me it still has memory leak problems, but I've started to address some of that). This patch also includes a simple update of other code to current heimdal, as well as changes we need for better PAC verification. On the PAC side of things we now match windows member servers by checking the name and authtime on an incoming PAC. Not generating these right was the cause of the PAC pain, and so now both the main code and torture test validate this behaviour. One thing doesn't work with this patch: - the sealing of RPC pipes with kerberos, Samba -> Samba seems broken. I'm pretty sure this is related to AES, and the need to break apart the gss_wrap interface. Andrew Bartlett (This used to be commit a3aba57c00a9c5318f4706db55d03f64e8bea60c)
2007-10-10r10035: This patch removes the need for the special case hackAndrew Bartlett4-36/+84
'MEMORY_WILDCARD' keytab type. (part of this checking is in effect a merge from lorikeet-heimdal, where I removed this) This is achieved by correctly using the GSSAPI gsskrb5_acquire_cred() function, as this allows us to specify the target principal, regardless of which alias the client may use. This patch also tries to simplify some principal handling and fixes some error cases. Posted to samba-technical, reviewed by metze, and looked over by lha on IRC. Andrew Bartlett (This used to be commit 506a7b67aee949b102d8bf0d6ee9cd12def10d00)
2007-10-10r10021: More kerberos notes.Andrew Bartlett1-3/+20
(This used to be commit f36e657a416d7ec7146d84da88b28c2606ff838a)
2007-10-10r9927: Extend copyright for all the hard work I've done this year.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit b50e546eb4d5d9171d4ae5e9c9bebd8c7c878bd8)
2007-10-10r9792: Rename StrCaseCmp -> strcasecmp_m. All these years I was thinkingJelmer Vernooij1-1/+1
StrCaseCmp was sys_strcasecmp, while it is in fact strcasecmp_m! (This used to be commit 200a8f6652cb2de7a8037a7a4c2a204b50aee2b1)
2007-10-10r9728: A *major* update to the credentials system, to incorporate theAndrew Bartlett5-169/+121
Kerberos CCACHE into the system. This again allows the use of the system ccache when no username is specified, and brings more code in common between gensec_krb5 and gensec_gssapi. It also has a side-effect that may (or may not) be expected: If there is a ccache, even if it is not used (perhaps the remote server didn't want kerberos), it will change the default username. Andrew Bartlett (This used to be commit 6202267f6ec1446d6bd11d1d37d05a977bc8d315)
2007-10-10r9693: Move the smb_krb5_context setup code to use the new pattern ofAndrew Bartlett1-5/+7
tmp_ctx, then steal at the last moment, on success. andrew Bartlett (This used to be commit c7a44518ad9acaf5708169e07aa03eae52262773)
2007-10-10r9681: We don't need the full smb_krb5_context here, so just pass the ↵Andrew Bartlett4-9/+9
krb5_context. Andrew Bartlett (This used to be commit 47699019dbb7aa48e7acd6bf8364e40917db8410)
2007-10-10r9678: Remove unused variables.Andrew Bartlett1-4/+0
Andrew Bartlett (This used to be commit 50e6229c7a13be9b5d10c954f9b895993cefe2b6)
2007-10-10r9648: this fixes the krb5 based login with the pac. The key to this whole ↵Andrew Tridgell2-1/+8
saga was that the logon_time field in the pac must match the authtime field in the ticket we gave the client in the AS-REP (and thus also the authtime field in the ticket we get back in the TGS-REQ). Many thanks to Andrew Bartlett for his patience in showing me the basic ropes of all this code! This was a joint effort. (This used to be commit 7bee374b3ffcdb0424a83f909fe5ad504ea3882e)
2007-10-10r9526: provide DCERPC auth type 16Stefan Metzmacher1-0/+1
metze (This used to be commit 995b805e046e6e25544487667d928187e13614d6)
2007-10-10r9505: Work on GENSEC and the code that calls it, for tighter interfaceAndrew Bartlett2-6/+13
requirements, and for better error reporting. In particular, the composite session setup (extended security/SPNEGO) code now returns errors, rather than NT_STATUS_NO_MEMORY. This is seen particularly when GENSEC fails to start. The tighter interface rules apply to NTLMSSP, which must be called exactly the right number of times. This is to match some of our other less-tested modules, where adding flexablity is harder. (and this is security code, so let's just get it right). As such, the DCE/RPC and LDAP clients have been updated. Andrew Bartlett (This used to be commit 134550cf752b9edad66c3368750bfb4bbd9d55d1)
2007-10-10r9420: Fix the SPNEGO system again: Update the state position afterAndrew Bartlett1-4/+6
processing the state. Andrew Bartlett (This used to be commit c3a8080a189e084c5774bdd1a9f3ea62daed715e)
2007-10-10r9419: Silly, silly, untested mistake...Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 66cdd4dbd7f4024b49bcc9fe1c7ff2a0de7e82e8)
2007-10-10r9418: SPNEGO fixes:Andrew Bartlett1-18/+29
- Fix mixing of code and data - send mechListMic again in SPENGO server - only send optomistic first packet in the client. (This used to be commit 9941da8081ef5a669b0946265860d2f20d3718d3)
2007-10-10r9416: Cleanups inspired by jra's work to migrate Samba4's NTLMSSP code backAndrew Bartlett6-170/+160
into Samba3. The NTLMSSP sign/seal code now assumes that GENSEC has already checked to see if SIGN or SEAL should be permitted. This simplfies the code ensures that no matter what the mech, the correct code paths have been set in place. Also remove duplication caused by the NTLMv2 code's history, and document why some of the things a bit funny. In SPNEGO, create a new routine to handle the negTokenInit creation. We no longer send an OID for a mech we can't start (like kerberos on the server without a valid trust account). Andrew Bartlett (This used to be commit fe45ef608f961a6950d4d19b4cb5e7c27b38ba5f)
2007-10-10r9415: Remove old kerberos code (including salt guessing code) that has onlyAndrew Bartlett3-713/+8
caused me pain (and covourty warnings). Simply gensec_gssapi to assume the properties of lorikeet-heimdal, rather than having #ifdef around critical features. This simplifies the code rather a lot. Andrew Bartlett (This used to be commit 11156f556db678c3d325fe5ced5e41a76ed6a3f1)
2007-10-10r9412: Simplfy this NTLM authentication code by requiring the caller toAndrew Bartlett2-96/+42
supply the user_sess_key and lm_sess_key parameters. Inspired by coverty complaining about inconsistant checking. Also factor out some of this code, where we deal with just NT and LM hashes, or embedded plaintext passwords. Andrew Bartlett (This used to be commit ceec35564f44c8043888c8ffa776f137bd1171c8)
2007-10-10r9411: Ensure we don't send a challenge without first getting a negotiate inAndrew Bartlett2-2/+9
NTLMSSP, unless we are in datagram mode (not fully implemented yet). Andrew Bartlett (This used to be commit 727f5109421e9414a335e42e3ad3dd3ff19776bd)
2007-10-10r9391: Convert all the code to use struct ldb_dn to ohandle ldap like ↵Simo Sorce2-15/+13
distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2007-10-10r9357: Remove DBGC_CLASS cruft copied over from Samba 3. I would like toTim Potter7-21/+0
replace this with something funkier. (This used to be commit 8d376d56c78894b9bbd27ed7fa70da415c0cd038)
2007-10-10r9240: - move struct security_token to the idl file, with this we canStefan Metzmacher1-1/+1
the ndr_pull/push/print functions for it in the ntacl-lsm module - fix compiler warnings in the ldap_encode_ndr_* code metze (This used to be commit 83d65d0d7ed9c240ad44aa2c881c1f07212bfda4)
2007-10-10r9233: Ensure that the output variable is initialised in this conversion fromAndrew Bartlett1-0/+1
error to non-error case. Andrew Bartlett (This used to be commit ab75cd53e7c65fa6242b8dde3bfede735a6b36d5)
2007-10-10r9196: - add a note about the Canonicalize KDCOPtion flagStefan Metzmacher1-0/+15
- add a note about old client using the wrong checksum type for GSSAPI in the Authenticator metze (This used to be commit 07e39bd94c3ce4d255e6cf6e68dc438bb5c9f9e6)
2007-10-10r9165: Fix inverted error check in untested code path. (My untested code...)Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit fba7a0edd4ba29e595bb6ebd77381b383701482d)
2007-10-10r9084: 'resign' the sample PAC for the validation of the signature algorithms.Andrew Bartlett4-97/+196
If we ever get problems with the kerberos code, it should show up as a different signature in this PAC. This involved returning more data from the pac functions, so changed some callers and split up some functions. Andrew Bartlett (This used to be commit d514a7491208afa0533bf9e99601147eb69e08c9)
2007-10-10r9022: One more step in the game of whack-a-mole with the PAC.Andrew Bartlett1-7/+27
This makes the PAC we generate match (closely) the PAC generated by my test win2k3 DC. Andrew Bartlett (This used to be commit 6172b1868020ac8e828c375f17f4c33fc40eaca4)
2007-10-10r8980: Make Samba4 honour account control flags (we were asking for aAndrew Bartlett1-3/+5
non-existant field). Also change time(NULL) into an NTTIME for comparison, rather than experience rounding bugs (size of time_t) when converting an NTTIME into a time_t. Andrew Bartlett (This used to be commit 181155f9e059a2eb74a7dd7c34a358724ec88bb8)
2007-10-10r8933: Fix missing prototype warningsJelmer Vernooij1-0/+1
(This used to be commit 39b2220a84b1860d8ee09b8c15049f18fd77da7d)
2007-10-10r8774: make some gensec errors a bit less verboseAndrew Tridgell2-3/+3
(This used to be commit 2134ca475586ed9e062fbf4ef7222fe286c60c57)
2007-10-10r8701: Fix up auth_developer for recent changes.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 1bc5a1190765571719dd0aaacef1413bba812617)
2007-10-10r8700: Propmted by tridge's need to do plaintext auth in ejs, rework theAndrew Bartlett10-379/+398
user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2007-10-10r8676: attribute lists in ldb searches must be NULL terminatedAndrew Tridgell1-1/+1
this is what was causing the panic on the s390 box (This used to be commit 3a49626ae17d6076f0fc54b0453acb459d88297c)
2007-10-10r8644: This is a more useful error than unsuccesful.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit d7136c93fb7ddf27d914329a7c9fd77de22d4356)
2007-10-10r8520: fixed a pile of warnings from the build farm gcc -Wall output onAndrew Tridgell4-8/+12
S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
2007-10-10r8460: removed the unused function krb5_locate_kdc(). It causes a build ↵Andrew Tridgell2-62/+0
failure on irix. Andrew, if you planned on using this in the future then we can put it back and work out how to make it portable (This used to be commit eaa74913fedefbf33f7cfab6648bf05aa3cdbbb3)
2007-10-10r8390: (smb_pam_start): move variable to scope within #ifdef to avoid warningLove Hörnquist Åstrand1-1/+4
for those PAM implementations w/o PAM_RHOST and/or PAM_TTY (This used to be commit 95cb2d942f7cffc9131519c865656fb615395d04)
2007-10-10r8321: Fix some uninitalized variable warningsVolker Lendecke1-1/+1
(This used to be commit 126cb3db4b0cf9c382ba7496ba08311f3b669f00)
2007-10-10r8259: We want to oset the provided flags not zeroSimo Sorce1-1/+1
(This used to be commit 50d8ccacca707738f131e47c739dcfacde1311e6)
2007-10-10r8252: Steal metze's thunder, and prove that with a few small tweaks, we canAndrew Bartlett1-2/+2
now push/pull a sample PAC, and still have the same byte buffer. (Metze set up the string code, and probably already has a similar patch). Unfortunetly win2k3 still doesn't like what we provide, but every step helps. Also use data_blob_const() when we are just wrapping data for API reasons. Andrew Bartlett (This used to be commit e7c8076fc1459ff2ccefdaf0b091d04ee6137957)
2007-10-10r8251: fixed a couple of valgrind errors in the unix auth code. Simo, can youAndrew Tridgell2-1/+2
please check that this is what you intended? (This used to be commit a57738769dfb5a47ac49e965750193ecdc903d5a)
2007-10-10r8250: More PAC work. We now sucessfully verify the KDC signature from my DCAndrew Bartlett4-26/+54
(I have included the krbtgt key from my test network). It turns out the krbtgt signature is over the 16 (or whatever, enc-type dependent) bytes of the signature, not the entire structure. Also do not even try to use Kerberos or GSSAPI on an IP address, it will only fail. Andrew Bartlett (This used to be commit 3b9558e82fdebb58f240d43f6a594d676eb04daf)
2007-10-10r8164: - match the ordering w2k3 uses for the PAC_BUFFER:Stefan Metzmacher2-15/+97
LOGON_INFO LOGON_NAME SRV_CHECKSUM KDC_CHECKSUM - w2k3 also don't use the groupmembership array with rids it uses the othersids array metze (This used to be commit 2286fad27d749ebba14f5448f1f635bb36750c9c)
2007-10-10r8163: if sidcount is zero it happened that we return NT_STATUS_NO_MEMORY...Stefan Metzmacher1-4/+6
metze (This used to be commit a9ff35a1a24f2d2935e67855fee5011ea528029f)
2007-10-10r8156: I found out that the unknown[2] field of the unknown[4] array is a ↵Stefan Metzmacher1-6/+4
length too, it's always 16 bytes smaller than the size in the PAC_BUFFER we now dump the blob's on LOCAL-PAC with -d 10 metze (This used to be commit 4ef721ce53539ac56ca8ac4d601f512149ca7283)
2007-10-10r8148: - make the PAC generation code a bit more readable and add some outof ↵Stefan Metzmacher1-62/+81
memory checks - move to handmodified pull/push code for PAC_BUFFER to get the _ndr_size field and the subcontext size right - after looking closely to the sample w2k3 PAC in our torture test (and some more in my archive) I found out that the first uint32 before the netr_SamInfo3 was also a pointer, (and we passed a NULL pointer there before, so I think that was the reason why the windows clients doesn't want our PAC) w2k3 uses this for unique pointers: ptr = ndr->ptr_count * 4; ptr |= 0x00020000; ndr->ptr_count; - do one more pull/push round with the sample PAC metze (This used to be commit 0eee17941595e9842a264bf89ac73ca66cea7ed5)