summaryrefslogtreecommitdiff
path: root/source4/libcli/auth
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ↵Andrew Tridgell6-9/+15
ioctl.h) (This used to be commit b97e395c814762024336c1cf4d7c25be8da5813a)
2007-10-10r3462: separate out the crypto includesAndrew Tridgell4-0/+4
(This used to be commit 3f75117db921e493bb77a5dc14b8ce91a6288f30)
2007-10-10r3453: - split out the auth and popt includesAndrew Tridgell9-3/+8
- tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
2007-10-10r3447: more include/system/XXX.h include filesAndrew Tridgell1-0/+1
(This used to be commit 264ce9181089922547e8f6f67116f2d7277a5105)
2007-10-10r3443: the next stage in the include files re-organisation.Andrew Tridgell4-0/+7
I have created the include/system/ directory, which will contain the wrappers for the system includes for logical subsystems. So far I have created include/system/kerberos.h and include/system/network.h, which contain all the system includes for kerberos code and networking code. These are the included in subsystems that need kerberos or networking respectively. Note that this method avoids the mess of #ifdef HAVE_XXX_H in every C file, instead each C module includes the include/system/XXX.h file for the logical system support it needs, and the details are kept isolated in include/system/ This patch also creates a "struct ipv4_addr" which replaces "struct in_addr" in our code. That avoids every C file needing to import all the system networking headers. (This used to be commit 2e25c71853f8996f73755277e448e7d670810349)
2007-10-10r3428: switched to using minimal includes for the auto-generated RPC code.Andrew Tridgell1-0/+1
The thing that finally convinced me that minimal includes was worth pursuing for rpc was a compiler (tcc) that failed to build Samba due to reaching internal limits of the size of include files. Also the fact that includes.h.gch was 16MB, which really seems excessive. This patch brings it back to 12M, which is still too large, but better. Note that this patch speeds up compile times for both the pch and non-pch case. This change also includes the addition iof a "depends()" option in our IDL files, allowing you to specify that one IDL file depends on another. This capability was needed for the auto-includes generation. (This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
2007-10-10r3391: fixed some memory leaks in the schannel codeAndrew Tridgell1-14/+4
(This used to be commit eb3366d3667ddddf7ab5eae5d1fbc5de86c41072)
2007-10-10r3390: fixed schannel server side support. RPC-SCHANNEL now works against ↵Andrew Tridgell3-51/+14
Samba4. (This used to be commit 01f5c1c72d9fc8f21029adc586154b0c54f76c9e)
2007-10-10r3365: Fill in the user and primary group SIDs into the 'server info' beforeAndrew Bartlett1-8/+11
the session info. Andrew Bartlett (This used to be commit 5db5c30ebedca1fee8924a9416bcb94ed13af372)
2007-10-10r3361: Allow Samba4 (I'm interested in ntlm_auth in particular) to useAndrew Bartlett1-2/+5
Samba3's winbind. This is also the start of domain membership code in Samba4, as we now (partially) parse the info3, and use it like Samba3 does. Andrew Bartlett (This used to be commit c1b7303c1c7d9fb815006c3bd2af20a0010d15a8)
2007-10-10r3323: more warning reductionsAndrew Tridgell1-4/+0
(This used to be commit 5921587ec26e4892efc678421277e4969417d7f5)
2007-10-10r3322: fixed a bunch of warnings in the build, including one case where it ↵Andrew Tridgell4-5/+5
was a real bug (This used to be commit 02d5d0f685e44bd66aff4a007f0bf34c8f915574)
2007-10-10r3289: Mr. L. and Mr. B.!Stefan Metzmacher2-8/+6
can we decide to not break WinXP clients:-) metze (This used to be commit 5eb0ff78d5e68f488a439545fdaec90c28ef877a)
2007-10-10r3219: Hi, Andrew B.!Volker Lendecke1-0/+2
Not sure which Samba3 you mean, but *my* one bails out with INVALID_PARAMETER... Volker (This used to be commit d91659b0370a6bd5eebd5730d304b5a2cf496594)
2007-10-10r3190: When we don't have a PAC, do a lookup in the local ldb instead.Andrew Bartlett2-30/+57
This required reworking the auth_sam code, so that it would export the 'name -> server_info' functionality. It's a bit ugly from a modular point of view, but it's what we have to do... Fix up some of the code to better use the new talloc() Andrew Bartlett (This used to be commit 18e08b4497ebabc2f31210254e145458b7c6a198)
2007-10-10r3187: This 'optional' part of the ASN.1 in SPNEGO is required by Samba3 (butAndrew Bartlett1-5/+4
not Microsoft). Unfortunetly it's harder to fix Samba3 than to make Samba4 cope... Andrew Bartlett (This used to be commit bbd52ab2641d5d6fc184235ac838ce4a022174a9)
2007-10-10r3128: Return the correct error code for a secrets/kerberos login, butAndrew Bartlett1-7/+15
skipping 'bad encryption type'. Andrew Bartlett (This used to be commit 4efb87eb03acfa888d455e4ca0aff18bda7f7ba5)
2007-10-10r3115: Bugfixes and extra debug in our kerberos verify code.Andrew Bartlett2-27/+26
Andrew Bartlett (This used to be commit 9f19aae0c0812b156054385ef77785971488e21c)
2007-10-10r3110: Fix the krb5 client and server, so that it doesn't segfault. ThereAndrew Bartlett3-49/+49
were also gensec bugs that didn't turn up until we hit error paths in the krb5 code. Andrew Bartlett (This used to be commit e08366ffeb52e8c522d3808a2af1aa0bc632b55f)
2007-10-10r3075: Initialise (and check for intialisation) of the private pointer toAndrew Bartlett1-2/+4
ensure we don't segfault on the cleanup from an incomplete schannel bind. Andrew Bartlett (This used to be commit 173f29a1d8db111d5adb258eead5379d681d3bb2)
2007-10-10r2860: add gensec_have_feature() to check what feature are used in the ↵Stefan Metzmacher1-0/+15
connection metze (This used to be commit 30aa8af04498d674dbcf428a9e62df9055f53ea2)
2007-10-10r2859: It seems useful to allow the seal/unseal functions in gensec to passAndrew Bartlett1-0/+12
though to the sign/check_sig functions. Andrew Bartlett (This used to be commit 18367c4235cf16f3c2fee003153ec9b19b02aa9b)
2007-10-10r2857: this commit gets rid of smb_ucs2_t, wpstring and fpstring, plus lots ↵Andrew Tridgell1-2/+2
of associated functions. The motivation for this change was to avoid having to convert to/from ucs2 strings for so many operations. Doing that was slow, used many static buffers, and was also incorrect as it didn't cope properly with unicode codepoints above 65536 (which could not be represented correctly as smb_ucs2_t chars) The two core functions that allowed this change are next_codepoint() and push_codepoint(). These functions allow you to correctly walk a arbitrary multi-byte string a character at a time without converting the whole string to ucs2. While doing this cleanup I also fixed several ucs2 string handling bugs. See the commit for details. The following code (which counts the number of occuraces of 'c' in a string) shows how to use the new interface: size_t count_chars(const char *s, char c) { size_t count = 0; while (*s) { size_t size; codepoint_t c2 = next_codepoint(s, &size); if (c2 == c) count++; s += size; } return count; } (This used to be commit 814881f0e50019196b3aa9fbe4aeadbb98172040)
2007-10-10r2850: - check for GENSEC_WANT_SEAL in gensec_unseal_packet()Stefan Metzmacher2-2/+4
- pass functions to the subcontext in spnego metze (This used to be commit d02fab41f8261095ca8f9a819e0c25bef41b5807)
2007-10-10r2671: we're getting too many errors caused by the talloc_realloc() API notAndrew Tridgell1-1/+1
taking a context (so when you pass a NULL pointer you end up with memory in a top level context). Fixed it by changing the API to take a context. The context is only used if the pointer you are reallocing is NULL. (This used to be commit 8dc23821c9f54b2f13049b5e608a0cafb81aa540)
2007-10-10r2669: convert make_user_info() and associated functions from malloc to tallocAndrew Tridgell1-1/+2
(This used to be commit 278cef77f083c002d17ecbbe18c20825a380eda3)
2007-10-10r2650: fixed a memory leak in make_server_info()Andrew Tridgell1-1/+1
(This used to be commit 4aba6e7101041100f7d400abd5e7144b95528fc3)
2007-10-10r2648: - use a destructor on struct server_connection to simplify theAndrew Tridgell1-2/+3
connection termination cleanup, and to ensure that the event contexts are properly removed for every process model - gave auth_context the new talloc treatment, which removes another source of memory leaks. (This used to be commit 230e1cd777b0fba82dffcbd656cfa23c155d0560)
2007-10-10r2646: - use a talloc destructor to ensure that sockets from the new socketAndrew Tridgell1-2/+1
library are closed on abnormal termination - convert the service.h structures to the new talloc methods (This used to be commit 2dc334a3284858eb1c7190f9687c9b6c879ecc9d)
2007-10-10r2645: converted the NTLMSSP code to the new style of tallocAndrew Tridgell6-103/+64
(This used to be commit b378aae95d4001c4cf4e6e59ed80ee1bd55382ee)
2007-10-10r2643: convert more of the auth subsyystem to the new talloc methods. ThisAndrew Tridgell2-11/+11
also fixes a memory leak found with --leak-check. (This used to be commit f19201ea274f0a542314c61c4af676197bf154ad)
2007-10-10r2629: convert gensec to the new talloc modelAndrew Tridgell3-33/+28
by making our gensec structures a talloc child of the open connection we can be sure that it will be destroyed when the connection is dropped. (This used to be commit f12ee2f241aab1549bc1d9ca4c35a35a1ca0d09d)
2007-10-10r2587: fixed a couple of authentication memory leaks. There are more to beAndrew Tridgell2-0/+6
fixed - I'll commit a little test suite soon. (This used to be commit 5b967c1cbb9831f7f2c6c6187f9e8e6dcc284497)
2007-10-10r2552: Character set conversion and string handling updates.Andrew Bartlett1-3/+3
The intial motivation for this commit was to merge in some of the bugfixes present in Samba3's chrcnv and string handling code into Samba4. However, along the way I found a lot of unused functions, and decided to do a bit more... The strlen_m code now does not use a fixed buffer, but more work is needed to finish off other functions in str_util.c. These fixed length buffers hav caused very nasty, hard to chase down bugs at some sites. The strupper_m() function has a strupper_talloc() to replace it (we need to go around and fix more uses, but it's a start). Use of these new functions will avoid bugs where the upper or lowercase version of a string is a different length. I have removed the push_*_allocate functions, which are replaced by calls to push_*_talloc. Likewise, pstring and other 'fixed length' wrappers are removed, where possible. I have removed the first ('base pointer') argument, used by push_ucs2, as the Samba4 way of doing things ensures that this is always on an even boundary anyway. (It was used in only one place, in any case). (This used to be commit dfecb0150627b500cb026b8a4932fe87902ca392)
2007-10-10r2534: Change NTLMSSP parsing to avoid a seperate str_chrnum() call - storingAndrew Bartlett1-44/+60
away the string as a data blob to be put in the buffers later. This also avoids a length-limited push_str, moving to push_ucs2_talloc(). Andrew Bartlett (This used to be commit 69163500e0b577f19d1ffeea87f08e05539f5bcc)
2007-10-10r2432: more string function updates.Andrew Tridgell1-1/+1
btw, the reason I want to use strncasecmp() instead of StrnCaseCmp() is that the Samba internal functions are built to deal with multi-byte, whereas in the cases I am converting we know we are dealing with solely ascii string constants, so going via the slow conversion libraries is pointless. (This used to be commit cef08d5789277bdaa25d5bf0e7cfca8615230f1b)
2007-10-10r2385: the gensec:krb5 test is not needed here any more, as we do it in the ↵Andrew Tridgell1-4/+0
registration code (This used to be commit bcf9d787d6bced4c4482fa3e51ccea258563d89e)
2007-10-10r2377: added a more generic way of disabling gensec subsystems. For example,Andrew Tridgell1-0/+5
"gensec:ntlmssp=no" will disable ntlmssp. (This used to be commit 66f88c7d89154155b27bf8b7839c580fb1cd1e7c)
2007-10-10r2376: added a way to disable krb5 on the command line. Just useAndrew Tridgell1-0/+5
--option 'gensec:krb5=no' or put "gensec:krb5 = no" in smb.conf Given the frustration I've had with kerberos I was very tempted to name this option --nfk, but resisted the temptation (This used to be commit 2d710a5eb5b36e46fa8f652305fa9ab2e09e02f3)
2007-10-10r2315: change formatStefan Metzmacher1-1/+1
metze (This used to be commit 9177cd4285315175913aa2c9359f1173fa7d6eb7)
2007-10-10r2314: fix compiler warningStefan Metzmacher1-2/+2
metze (This used to be commit 75c3108955bab44ffda308406bae153e3a92cedf)
2007-10-10r2307: Fix the use of 'raw' NTLMSSP to hosts that support extended security,Andrew Bartlett2-2/+14
but do not support SPNEGO (such as XP, when not joined to a domain). This is triggered by the presense or lack of a security blob in the negprot reply. Andrew Bartlett (This used to be commit 99f7a38c077725b22475f2ba68d0955114879c24)
2007-10-10r2303: allow setting of many ntlmssp options from smb.conf or the commandAndrew Tridgell1-7/+28
line. This makes testing much easier. (This used to be commit 0a4723d250ba13e6374700fc6e80854ec6a3eddc)
2007-10-10r2294: this fixes the NTLM2 sign+seal combination. I have now tested:Andrew Tridgell1-25/+15
NTLM sign NTLM sign+seal NTLM2 sign NTLM2 sign+seal and all of the above both with and without key exchange the NTLM2 seal case is ugly and involves an extra data copy, which some API changes in gensec or the ndr layer might avoid in future. (This used to be commit fce7a4218b3136d880dd1a123e8525e3091bbed8)
2007-10-10r2290: Fix 'lsakey' for the server-side, it is static forAndrew Bartlett1-4/+2
'authenticated' connections. Fix kerberos session key issues - we need to call the routine for extracting the session key, not just read the cache. Andrew Bartlett (This used to be commit b80d849b6b586869fc7d3d4153db1a316f2867a9)
2007-10-10r2286: Fixes towards krb5 logins into Samba's CIFS server.Andrew Bartlett4-89/+113
These fixes aim particularly at allowing PAC-less logins, as I don't yet generate a PAC in the lorikeet-heimdal KDC. This is for the benifit of a Kerbeors-enabled domain join, which seems to be progressing quite well! Andrew Bartlett (This used to be commit f5a381094dd5bcbd795a134bc4b8b89901b5e3eb)
2007-10-10r2285: Remove more static data, fix spelling in a comment.Andrew Bartlett2-3/+3
(This used to be commit 2c701f59a7f232fed624f7cec62dd494dd32c2d9)
2007-10-10r2284: Thanks to some great detective work by tridge, NTLM2 signing now works.Andrew Bartlett7-97/+203
This means that 'require NTLMv2 session security' now works for RPC pipe signing. We don't yet have sealing, but it can't be much further. This is almost all tridge's code, munged into a form that can work with the GENSEC API. This commit also includes more lsakey fixes - that key is used for all DCE-RPC level authenticated connections, even over CIFS/ncacn_np. No doubt I missed something, but I'm going to get some sleep :-) Andrew Bartlett (This used to be commit a1fe175eec884280fb7e9ca8f528134cf4600beb)
2007-10-10r2119: Noticed by jra:Andrew Bartlett1-6/+0
Clean up use of unitilaised variable. Andrew Bartlett (This used to be commit e8d0246882f0d70dc3c63208d0a990804f36a05d)
2007-10-10r2099: Get rid of another private ARCFOUR implementation from the codebase.Andrew Bartlett2-96/+47
Andrew Bartlett (This used to be commit 0237389ce765cbb6825b79de1b0727da0969efeb)