summaryrefslogtreecommitdiff
path: root/source4/auth
AgeCommit message (Collapse)AuthorFilesLines
2012-03-02s4:auth/gensec/schannel: initialize struct schannel_state to zeroStefan Metzmacher1-2/+1
metze
2012-03-02s4:auth/gensec/schannel: make a copy of netlogon_creds_CredentialState in ↵Stefan Metzmacher1-1/+8
the client This is really a copy for the lifetime of the rpc connection. metze
2012-02-24auth: Rename some elements of auth4_contextAndrew Bartlett1-3/+3
These operate on NTLM authentication, so make that clear. Andrew Bartlett
2012-02-18pygensec: Fix whitespace.Jelmer Vernooij1-8/+8
2012-02-18auth: Reorder arguments to generate_session_infoAndrew Bartlett2-8/+9
This matches check_ntlm_password() and generate_session_info_pac() Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Feb 18 02:19:35 CET 2012 on sn-devel-104
2012-02-17auth: Move the rest of the source4 gensec_ntlmssp code to the top levelAndrew Bartlett5-1021/+0
The ntlmssp_server code will be in common shortly, and aside from a symbol name or two, moving the client code causes no harm and makes less mess. We will also get the client code in common very soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17auth/kerberos: Move gse_get_session_key() to common code and use in ↵Andrew Bartlett1-33/+22
gensec_gssapi Thie ensures that both code bases use the same logic to determine the use of NEW_SPNEGO. Andrew Bartlett
2012-02-13auth: Pass in the SMB username (for %U) into generate_session_infoAndrew Bartlett4-5/+12
This matches what Samba3 does. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Feb 13 01:25:59 CET 2012 on sn-devel-104
2012-01-30gensec: inline gensec_generate_session_info() into only callerAndrew Bartlett2-9/+27
This avoids casting to and from the struct auth_user_info_dc *user_info_dc to to this, the if (user_info_dc->info->authenticated) is moved into auth_generate_session_info_wrapper(), which is the function that gensec_security->auth_context->generate_session_info points to. Andrew Bartlett
2012-01-30s4-auth: Return NT_STATUS_NOT_IMPLEMENTED if the challenge cannot be obtainedAndrew Bartlett1-1/+1
2012-01-30auth: Make check_password and generate_session_info hook genericAndrew Bartlett3-21/+51
gensec_ntlmssp does not need to know the internal form of the struct user_info_dc or auth_serversupplied_info. This will allow the calling logic to be put in common. Andrew Bartlett
2012-01-20s4:auth/gensec: make sure GSS_C_CONF_FLAG implies GSS_C_INTEG_FLAGStefan Metzmacher1-0/+1
metze
2012-01-13auth/gensec: move spnego.c to the toplevelStefan Metzmacher2-1411/+0
metze
2012-01-13auth/gensec: common helper functions should be in gensec_util.cStefan Metzmacher1-107/+0
This makes the dependencies easier to handle. metze
2012-01-13s4:auth/gensec: inline packet_full_request_u32()Stefan Metzmacher1-1/+9
This removes the dependency to s4 specific code. metze
2012-01-13s4:auth/gensec: fix compiler warnings in spnego.cStefan Metzmacher1-3/+0
metze
2012-01-12s4:auth/gensec/spnego: add support for fragmented spnego messagesStefan Metzmacher1-3/+205
metze
2012-01-12s4:pygensec: add set_max_update_size() and max_update_size() functionsStefan Metzmacher1-0/+25
metze
2012-01-11s4:auth: Make sure to check the optional auth_context hooks before using themAndrew Bartlett1-18/+26
These are optional to supply - some callers only provide an auth_context for the other plugin functions, and so we need to deal with this cleanly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jan 11 10:49:13 CET 2012 on sn-devel-104
2012-01-11gensec: Rename want_flags and got_flags in gensec_gssapiAndrew Bartlett1-26/+26
This make it clearer what type of flags these are. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11gensec: make gensec_gssapi.h commonAndrew Bartlett1-67/+0
This will make it easier to share elements of the GSSAPI gensec mechs, in much the same way elements of the NTLMSSP mech are shared. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11gensec: move gensec_util.c to the top levelAndrew Bartlett3-104/+1
To do this some defines need to move to common_auth.h Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11auth: make auth4_context common to provide access to generate_session_info_pac()Andrew Bartlett1-52/+0
By providing this context, a function pointer for generate_session_info_pac() can be inserted into gensec, allowing the s3 PAC processing in an otherwise more generic gensec module. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-10krb5: Require krb5_set_real_time is available to build with krb5Andrew Bartlett1-4/+0
2012-01-09s4-kerberos: remove some unused prototypes.Günther Deschner1-22/+0
These are defined in the krb5 abstraction headers elsewhere. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Jan 9 14:32:08 CET 2012 on sn-devel-104
2012-01-06ntlmssp: merge initial packet implementationsAndrew Bartlett1-6/+25
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-04s4:pygensec: add session_key() methodStefan Metzmacher1-0/+29
metze
2011-12-29s4-gensec: Rename memory contexts in gensec_util for greater clarityAndrew Bartlett1-2/+2
This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba. Thankyou Simo for the suggestion. Andrew Bartlett
2011-12-29s4-gensec: Rename memory contexts in gensec_krb5 for greater clarityAndrew Bartlett1-16/+16
This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba. Thankyou Simo for the suggestion. Andrew Bartlett
2011-12-29s4-gensec: Rename memory contexts in gensec_gssapi for greater clarityAndrew Bartlett1-16/+16
This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba. Thankyou Simo for the suggestion. Andrew Bartlett
2011-12-29s4-auth: Rename memory contexts for greater clarityAndrew Bartlett2-10/+10
This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba. Thankyou Simo for the suggestion. Andrew Bartlett
2011-12-29s4-gensec remove auth_session dep from gensec_gssapi.cAndrew Bartlett1-1/+1
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 29 05:37:11 CET 2011 on sn-devel-104
2011-12-29s4-gensec Remove fallback for simple privilegesAndrew Bartlett1-6/+2
This makes the dependencies simpler, as this code path is no longer required. (That is, it makes no sense to have an NTLM login without an auth context, and the gensec_gssapi and gensec_krb5 modules call the PAC blob function below instead). Andrew Bartlett
2011-12-29s4-torture: Demonstrate handling of the PAC in a custom auth_contextAndrew Bartlett2-59/+5
This demonstrates how a different function pointer can be supplied to handle the PAC blob, without depending on the provisioned samdb etc. Andrew Bartlett
2011-12-29s4-pyauth: Make sure event context allows nestingAndrew Bartlett1-1/+2
2011-12-29s4-gensec: Move parsing of the PAC blob and creating the session_info into authAndrew Bartlett8-169/+247
This uses a single callback to handle the PAC from the DATA_BLOB format until it becomes a struct auth_session_info. This allows a seperation between the GSS acceptor code and the PAC interpretation code based on the supplied auth context. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 29 01:10:59 CET 2011 on sn-devel-104
2011-12-29s4-gensec: fix cyrus sasl module after update() protype changeAndrew Bartlett1-0/+1
2011-12-28s4-auth Remove unused auth_context_create_from_ldb()Andrew Bartlett2-27/+0
2011-12-28s4-gensec: Allow a PAC to be obtained from any GSS mechAndrew Bartlett1-7/+0
This may allow Luke Howard's moonshot to work with a little less effort at some point in the future. Andrew Bartlett
2011-12-28auth/kerberos: Move gssapi_parse.c to the top levelAndrew Bartlett2-123/+2
This will help with writing a gensec module for the s3 gse layer. Andrew Bartlett
2011-12-28s4-ntlmssp Do not allow LM key without a LM passwordAndrew Bartlett1-3/+5
2011-12-07auth: Allow a NULL principal to be obtained from the credentialsAndrew Bartlett2-3/+14
This is important when trying to let GSSAPI search the keytab. Andrew Bartlett
2011-12-03Revert making public of the samba-module library.Jelmer Vernooij2-4/+4
This library was tiny - containing just two public functions than were themselves trivial. The amount of overhead this causes isn't really worth the benefits of sharing the code with other projects like OpenChange. In addition, this code isn't really generically useful anyway, as it can only load from the module path set for Samba at configure time. Adding a new library was breaking the API/ABI anyway, so OpenChange had to be updated to cope with the new situation one way or another. I've added a simpler (compatible) routine for loading modules to OpenChange, which is less than 100 lines of code. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
2011-11-30s4:gensec/spnego: only try the mechs that match the client given onesStefan Metzmacher1-0/+4
Windows-Members of NT4/Samba3 domains, send MechTypes: 1.3.6.1.4.1.311.2.2.10 [NTLMSSP] 1.2.840.48018.1.2.2 [krb5 broken] 1.2.840.113554.1.2.2 [krb5] MechToken for NTLMSSP. This patch makes sure we start NTLMSSP with the given MechToken, instead of trying to pass the NTLMSSP MechToken to the krb5 backend first. As that would fail the authentication with an error instead of trying fallbacks. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Nov 30 17:03:29 CET 2011 on sn-devel-104
2011-11-29s4-samba-tool: Add --principal argument to samba-tool domain exportkeytabAndrew Bartlett1-61/+134
This allows only a particular principal to be exported to the keytab. This is useful when setting up unix servers in a Samba controlled domain. Based on a request by Gémes Géza <geza@kzsdabas.hu> Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Nov 29 09:20:55 CET 2011 on sn-devel-104
2011-11-18s4-auth log details about any token we fail to convert to a unix tokenAndrew Bartlett1-0/+17
Now that entries are being added into the idmap DB from Samba3, and may be UID or GID but not BOTH, failures are more likely. Andrew Bartlett
2011-10-28lib/util Rename samba_init_module_fns_run -> samba_module_init_fns_runAndrew Bartlett1-1/+1
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-28lib/util Rename samba_init_module_fn -> samba_module_init_fnAndrew Bartlett1-1/+1
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-28lib/util Split samba-modules library into public and private partsAndrew Bartlett2-2/+2
This will allow OpenChange to get at the symbols it needs, without exposing any more of this as a public API than we must. Andrew Bartlett
2011-10-28lib/util Rename run_init_functions -> samba_init_module_fns_runAndrew Bartlett1-1/+1
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett