summaryrefslogtreecommitdiff
path: root/source4/libcli/auth
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r12694: Move some headers to the directory of the subsystem they belong to.Jelmer Vernooij1-0/+1
(This used to be commit c722f665c90103f3ed57621c460e32ad33e7a8a3)
2007-10-10r12670: Make a couple of dependencies stricterJelmer Vernooij1-1/+1
Re-introduce and use the OUTPUT_TYPE property for MODULEs to force specific modules to always be included (This used to be commit f9eede3d40098eddc3618ee48f9253cdddb94a6f)
2007-10-10r12500: Use init functions explicitly in a few more places. 'gensec' and ↵Jelmer Vernooij1-1/+1
'librpc' are the only two subsystems left to convert. (This used to be commit f6bbc72996aeee8607fc583140fd60be0e06e969)
2007-10-10r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not usingJelmer Vernooij1-1/+1
the difference between these at all, and in the future the fact that INIT_OBJ_FILES include smb_build.h will be sufficient to have recompiles at the right time. (This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
2007-10-10r11244: Relative path names in .mk filesJelmer Vernooij1-3/+3
(This used to be commit 24e10300906c380919d2d631bfb3b8fd6b3f54ba)
2007-10-10r11214: Remove scons files (see ↵Jelmer Vernooij1-0/+0
http://lists.samba.org/archive/samba-technical/2005-October/043443.html) (This used to be commit 7fffc5c9178158249be632ac0ca179c13bd1f98f)
2007-10-10r11198: The recent changes to netlogon changed this from a RID to a SID.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 24dbf3435277a51dd49c5e2189fc6655260eddf4)
2007-10-10r11052: bring samba4 uptodate with the samba4-winsrepl branch,Stefan Metzmacher1-3/+0
before the bad merge metze (This used to be commit 471c0ca4abb17fb5f73c0efed195c67628c1c06e)
2007-10-10r11037:Stefan Metzmacher1-0/+3
(This used to be commit 6913e338405a5aca5c70cf6e022532c596ed0a36)
2007-10-10r10847: Fix up new 'decrypt samlogon reply' routine to be more robust, and useAndrew Bartlett1-4/+18
it in the RPC-SAMLOGON test. Andrew Bartlett (This used to be commit 675b7df2eedbcb7ea89c0411f76429d8e2357222)
2007-10-10r10845: Add new function to decrypt the session keys in samlogon responses.Andrew Bartlett1-0/+44
Andrew Bartlett (This used to be commit 6d24d8d12cdc64b180fd6277f0775e943f26e82b)
2007-10-10r10712: Use data_blob_talloc, thanks to valgrind for finding the errors.Andrew Bartlett1-5/+5
Andrew Bartlett (This used to be commit 1f6fec8e6b0845ae6000eeda65641435fb18c9e3)
2007-10-10r10478: More work on proto headers; we now generate a couple of smaller onesJelmer Vernooij1-3/+0
that are then included by include/proto.h (This used to be commit 703ffbaaaca11f3d8781cfe9e7542fcaa626d991)
2007-10-10r10348: Add scons scripts for remaining subsystems. Most subsystems build now,Jelmer Vernooij1-0/+3
but final linking still fails (as does generating files asn1, et, idl and proto files) (This used to be commit 4f0d7f75b99c7f4388d8acb0838577d86baf68b5)
2007-10-10r8520: fixed a pile of warnings from the build farm gcc -Wall output onAndrew Tridgell1-1/+1
S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
2007-10-10r7757: Add NTLMv2 support to the NT1 Session setup (ie, not SPNEGO/NTLMSSP)Andrew Bartlett1-13/+22
Session Setup code. Add a mem_ctx argument to a few of the NTLMv2 support functions, and add smb.conf options to control client NTLMv2 behaviour. Andrew Bartlett (This used to be commit 3f35cdb218a3dae08a05e77452ca9f73716ceb28)
2007-10-10r7731: change debug level to not spam the build-farm smbd logStefan Metzmacher1-1/+1
metze (This used to be commit 3a1ed83fd0714fa46055c8fe5b039986909f9a45)
2007-10-10r6851: Typo in comment.Tim Potter1-1/+1
(This used to be commit e1864a7ac91b6bdd49c0cee26b592dc6d963e35d)
2007-10-10r6460: Push the client credentials into NTLMSSP, allowing logins of the formAndrew Bartlett1-1/+1
user@REALM for the first time. Fix the build for smbencrypt.c Andrew Bartlett (This used to be commit 5a6a57cd93e22e612bfbb8a8f7bc29269a9a3ac6)
2007-10-10r6113: Move GENSEC and the kerberos code out of libcli/auth, and intoAndrew Bartlett24-9464/+0
auth/gensec and auth/kerberos. This also pulls the kerberos configure code out of libads (which is otherwise dead), and into auth/kerberos/kerberos.m4 Andrew Bartlett (This used to be commit e074d63f3dcf4f84239a10879112ebaf1cfa6c4f)
2007-10-10r6094: Work on the Kerberos code recently merged from Samba 3.0. This fixesAndrew Bartlett3-31/+53
up issues I introduced during the merge, that caused a segfault. I've still not got the keytab code to work for me (using Samba3 to generate the keytab) so this is still not fully tested, but it's better than it was. To add debugging, I now use the krb5_get_error_message() function from Heimdal when present, to return the custom error string, which contains far, far more information than the simple error code does. (This last point may well be worth merging back into 3.0) Andrew Bartlett (This used to be commit ed5755d9d1e48df7ae77a9410d30e10cb8b0cbd7)
2007-10-10r6030: Missing from previous commit, a small header file to linkAndrew Bartlett1-0/+35
libcli/auth/schannel.c and libcli/auth/schannel_sign.c Andrew Bartlett (This used to be commit 1e0e66d7202d3f0e7fb3c90f2ca608fa08a713a6)
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett12-308/+361
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r6027: Add copyright, and add a useful debug message.Andrew Bartlett1-2/+3
Andrew Bartlett (This used to be commit b5260cf0d4c4f2e81a310d1c94160c9fbaaa331f)
2007-10-10r6026: Update the kerberos keytab code to match Samba3 again.Andrew Bartlett1-80/+122
(untested at this point). Andrew Bartlett (This used to be commit ef7f9a01b4f3fa41fd7981b260fa2fadc7ce10ad)
2007-10-10r6025: Remove unused variables. This code will be modified again for the newAndrew Bartlett1-6/+2
cli_credentials code shortly. Andrew Bartlett (This used to be commit 13d09c8e9a50ae265059e4a0d92a07c651018a6c)
2007-10-10r5992: Rename schannel.c -> schannel_sign.c. The rest of the schannel codeAndrew Bartlett2-1/+1
(from librpc) will be moved into schannel.c soon. Andrew Bartlett (This used to be commit d6c80ff74b0550641c253316b37f1050c207791c)
2007-10-10r5988: Fix the -P option (use machine account credentials) to use the Samba4Andrew Bartlett1-2/+2
secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2007-10-10r5940: fix schannel against w2k, it skips the confounder in the signature ↵Stefan Metzmacher1-1/+2
(24 bytes) for singed packets but it accepts 32 bytes from the client. (w2k3 accept it the otherway arround too) metze (This used to be commit 08d4c3b9f8558ee40c73a22b3ec110b052f28110)
2007-10-10r5928: Use cli_credentials in:Jelmer Vernooij1-59/+4
- gtk+ (returned by GtkHostBindingDialog as well now) - torture/ - librpc/ - lib/com/dcom/ (This used to be commit ccefd782335e01e8e6ecb2bcd28a4f999c53b1a6)
2007-10-10r5902: A rather large change...Andrew Bartlett9-25/+60
I wanted to add a simple 'workstation' argument to the DCERPC authenticated binding calls, but this patch kind of grew from there. With SCHANNEL, the 'workstation' name (the netbios name of the client) matters, as this is what ties the session between the NETLOGON ops and the SCHANNEL bind. This changes a lot of files, and these will again be changed when jelmer does the credentials work. I also correct some schannel IDL to distinguish between workstation names and account names. The distinction matters for domain trust accounts. Issues in handling this (issues with lifetime of talloc pointers) caused me to change the 'creds_CredentialsState' and 'struct dcerpc_binding' pointers to always be talloc()ed pointers. In the schannel DB, we now store both the domain and computername, and query on both. This should ensure we fault correctly when the domain is specified incorrectly in the SCHANNEL bind. In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out, where the comment claimed we re-used a connection, but in fact we made a new connection. This was achived by breaking apart some of the dcerpc_secondary_connection() logic. The addition of workstation handling was also propogated to NTLMSSP and GENSEC, for completeness. The RPC-SAMSYNC test has been cleaned up a little, using a loop over usernames/passwords rather than manually expanded tests. This will be expanded further (the code in #if 0 in this patch) to use a newly created user account for testing. In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO server, caused by the removal of [ref] and the assoicated pointer from the IDL. This has been re-added, until the underlying pidl issues are solved. (This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2007-10-10r5877: It is not an error to have a zero-length secret, after decryption.Andrew Bartlett1-3/+5
Andrew Bartlett (This used to be commit b484776cc4d48690d45c668f9253015eb0d6207d)
2007-10-10r5668: Add tests to RPC-SAMLOGON to test for user@REALM style logins. TheseAndrew Bartlett1-0/+8
need a NULL domain (or a "" domain, except this breaks NTLMv2, and I need to look into it a bit more). Add support to the Samba4 server for these logins. This will need extension when we handle trusted domains as a DC, as it is a principal name, not just another format for the username. Andrew Bartlett (This used to be commit de02c7c222a32d2b3fb8ee8b715749b96cb647f9)
2007-10-10r5667: Move schannel state into libcli/auth (as it belongs with schannel,Andrew Bartlett3-0/+236
which will move in with the rest of GENSEC shortly). Add the RID as another element in the schannel state. Andrew Bartlett (This used to be commit 69114b4a8e1c937ab5ff12ca91dd22bd83fd9a3b)
2007-10-10r5601: add a gsskrb5 backend that uses lorikeet-heimdal's new gssapi withStefan Metzmacher3-0/+598
GSS_C_DCE_STYLE support, it's just a start and does work correctly yet metze (This used to be commit 87ff661703f467db3dfcb33084041c3e2951e0ee)
2007-10-10r5437: Allow Samba4 to be compiled by tcc (www.tinycc.org). It still crashes ↵Jelmer Vernooij1-46/+46
when linking though. (This used to be commit 2e1e8db6dc877eb32b51cfc3d9c8f463d14530ec)
2007-10-10r5330: Remove #include <sys/time.h> from includes.h.Andrew Bartlett3-0/+3
Add #include "system/time.h" back (it was removed in some of these places because the definitions were provided by <sys/time.h> on tridge's platform.) Andrew Bartlett (This used to be commit 34b1da730304bed7fee5bae7cbde7fbccecb6af5)
2007-10-10r5322: removed a whole bunch of #include lines that minimal_includes.plAndrew Tridgell6-7/+0
thinks are not needed. Now to see how this fares on the build farm :) (This used to be commit 80ffcc650c9c86141507edd8338b97814a85f868)
2007-10-10r5309: removed ads.h from includes.hAndrew Tridgell1-1/+2
(This used to be commit 196c45b834c39f293b9533cec5cfe5a77382d4e2)
2007-10-10r5300: more uint32 and system/filesys.h build fixes when developer mode is ↵Andrew Tridgell4-4/+6
enabled (This used to be commit 93931b1a741a3722c311ada80c4c9d3d670f91b2)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell5-3/+6
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5199: fix some minor configure bugsStefan Metzmacher1-1/+1
metze (This used to be commit 274ef2a206aa00b3155adc27f5b7e35d3fa52bf6)
2007-10-10r5136: fix typesStefan Metzmacher4-8/+8
metze (This used to be commit 344367cc4cdb232c394ce45ab64cc357cce4259f)
2007-10-10r5092: Add a bit more const - moving it further into the LDB layer.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit ffad9b22be595279b247fa72d51145830fecbb06)
2007-10-10r5053: - fix up the library dependencies so that tools that need nbt don'tAndrew Tridgell2-1/+506
need to pull in the whole dcerpc subsystem - moved smbencrypt.c code into libcli/auth/ (This used to be commit 3351c636af23ad88649e84f4cb88fc1167d5c654)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell10-15/+15
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4958: fix compiler warningsStefan Metzmacher1-2/+2
metze (This used to be commit 522af7ecc0020b7c56182ca628f6d1623abe303e)
2007-10-10r4893: Move to using secrets.ldb for the Kerberos verify, instead ofAndrew Bartlett1-12/+33
secrets.tdb from Samba3. Andrew Bartlett (This used to be commit 21bfda2a0d1c8373f8800269ed9b982e1b9a19e5)
2007-10-10r4890: Try to cope with mechanism mismatch in the client speaks first versionAndrew Bartlett1-7/+98
of the SPNEGO state-machine. (Such as on LDAP and HTTP) Andrew Bartlett (This used to be commit c1cae6b3b1efe109a09e449ed2e09983431eac7e)
2007-10-10r4692: Make the client SPNEGO code bail out in a couple more cases.Andrew Bartlett1-1/+4
Andrew Bartlett (This used to be commit a062ac122c402fb2cf31eb8e76f4077b1f33b8eb)