summaryrefslogtreecommitdiff
path: root/source4/libcli/auth
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r1446: Another funciton to avoid in proto.hAndrew Bartlett1-0/+6
Andrew Bartlett (This used to be commit 310a570936c0d2d5af168aeca1b33206622d8355)
2007-10-10r1445: Ensure get_auth_data_from_tkt doesn't get into proto.hAndrew Bartlett2-2/+4
Andrew Bartlett (This used to be commit 159c234589e8e148180217f9ef4853b3031877db)
2007-10-10r1443: More changes towards Kerberos in Samba4's GENSEC.Andrew Bartlett2-132/+24
The kerberos context is now tied in life to the GENSEC context. Andrew Bartlett (This used to be commit 64e99170c3b53a14d7f8d29cf78283f2bc22c1f7)
2007-10-10r1441: Indentation and comment fixes.Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit 231e505dea9e9aca28eb336bcbcfb2b7b83c089c)
2007-10-10r1440: GENSEC improvements:Andrew Bartlett2-1/+66
- Infrustructure for kerberos - Don't segfault on un-implemented backend functions - Add comments. Andrew Bartlett (This used to be commit 1c31aa42710421917428d6ba86328ea5179751bd)
2007-10-10r1439: Once we are authenticated, always return NT_STATUS_OK. (Makes SPENGOAndrew Bartlett1-1/+1
easier to code, as it may return an 'ok' with an empty blob). Andrew Bartlett (This used to be commit e48557158ed99eee7d3ef8231c629bbd14cda9d3)
2007-10-10r1438: Record the principal name we are sent in the SPENGO mechListMIC in aAndrew Bartlett2-3/+3
seperate char *, not a DATA_BLOB. This allows us to tell if we were sent a string here, or a real MIC. (This used to be commit 06b997c826e3ec00e0528da800e3eae0e3497a54)
2007-10-10r1437: Intermediate commit of krb5 for GENSEC.Andrew Bartlett2-40/+360
The session key in the client is wrong, we don't do signing/sealing and we are sending raw Kerberos, not GSSAPI. But it's a start, and if we continue to have to call Krb5 directly, this will be the basis. I also intend to provide an alternate implementation, using just GSSAPI. Andrew Bartlett (This used to be commit eb0dd4a821dc3dbe370aea9a9c9fb05cf2592e4d)
2007-10-10r1426: Fix some of my silly compile errors...Andrew Bartlett2-2/+2
Andrew Bartlett (This used to be commit c283837556109b9392a8cdcd867e5ae0dac1509b)
2007-10-10r1423: Make sure to destory the mem_ctx.Andrew Bartlett1-2/+4
Andrew Bartlett (This used to be commit c5a1529d54e6b8ec2bbf7017a2f48d7535f1f016)
2007-10-10r1421: fix a uninitialized var (thanks valgrind:-)Stefan Metzmacher1-5/+15
add a view debug messages metze (This used to be commit 79953dccc1f21dbabddff73a4b6d862eace29eb9)
2007-10-10r1420: be more strict reject if the context has the wrong typeStefan Metzmacher1-0/+1
metze (This used to be commit db19d6047c25698d0c3b7aeaab77b2a02385dbb5)
2007-10-10r1418: Merge Samba 3.0's recent kerberos changes into Samba4. None of thisAndrew Bartlett3-107/+233
is used yet. Andrew Bartlett (This used to be commit 7596f311c9a18314716f64476030ce3dfcdd98bb)
2007-10-10r1372: Remove the 'default' case from the SPENGO state machine, and fix upAndrew Bartlett1-6/+6
some compiler warnings that allowed us to see. Andrew Bartlett (This used to be commit 1a6c2018dd49519e6fccdd5a7f35d70b67d45275)
2007-10-10r1367: SPNEGO know uses gensec_subcontext_start() in all placesStefan Metzmacher1-1/+2
metze (This used to be commit f7379324025c599cd201ce6d0905f0ca2c24ce73)
2007-10-10r1366: handle the case where the client need to send the negTokenInit beforeStefan Metzmacher1-1/+88
getting something from the server. (this is needed by SPNEGO in dcerpc) metze (This used to be commit ec978555f0bd612b80dfa49ccc880a3858285879)
2007-10-10r1365: in SPNEGO_SERVER_TARG we should not check the spnego_negResultStefan Metzmacher1-9/+0
because the client don't send this metze (This used to be commit b1217a4ef6592082bb02fd0596a0563bacdf1d8e)
2007-10-10r1364: the SPNEGO_SERVER_TARG state is different from the SPNEGO_CLIENT_TARGStefan Metzmacher1-4/+72
the client checks but not send spnego_negResult metze (This used to be commit 49e4d375e9504f595aaa64ac62ddb421f082c424)
2007-10-10r1363: add SPNEGO_NONE_RESULT as spnego_negResult valueStefan Metzmacher2-4/+7
this should indicate that we don't send a spnego_negResult t all over the wire metze (This used to be commit 69d685d81784e5fb33e41d3244498ac620a2f5f0)
2007-10-10r1360: - remove unused state SPNEGO_CLIENT_SEND_MECHSStefan Metzmacher1-5/+0
- remove unsed gensec_user forward, it's done by the gensec layer know metze (This used to be commit e19e5a91f2fd988546f42473bf241dff3c2fe198)
2007-10-10r1359: fix uninit var - found by valgrindStefan Metzmacher1-3/+1
metze (This used to be commit 264afea9ec3ada4df51e5f5de4c0b977024af40b)
2007-10-10r1358: Re-indent the SPENGO implementation, and work on the basis of aAndrew Bartlett1-146/+201
switch, rather than a series of if statements. Also start to use the GENSEC subcontexts, and add some comments explaining some of the 'odd' logic in parts. I'll probably break these out into subfunctions soon. Thanks to metze for getting me to do this :-) Andrew Bartlett (This used to be commit 73e03596d3b2ad5927e8154d0fbfbdae9ec3f717)
2007-10-10r1357: Work on GENSEC:Andrew Bartlett2-5/+51
- Add the concept of a 'subcontext' into gensec, so that the spengo code doesn't have to figure out how to make one. (A subcontext inherits the username, domain, password (or callback) from the main context). - Add comments to some other routines, and explain a bit about what the various 'start' functions are for. Andrew Bartlett (This used to be commit 7aedbfbdd92b4ca93cbd0babff16e7526201ee88)
2007-10-10r1353: Fix compile with new ASN1 peek code.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 9039a2a1128d8af278cae76c0aa6d5362b3671e4)
2007-10-10r1352: Add a 'peek' function to our ASN1 code, so we can safely perform theAndrew Bartlett1-18/+41
various switches without looking one byte past te end of the buffer. (This used to be commit 5bce188d429b4166f3d0314922ae40204de182a7)
2007-10-10r1350: - init nt_status- found by valgrindStefan Metzmacher1-1/+2
- set auth_type = DCERPC_AUTH_TYPE_SPNEGO metze (This used to be commit 7354521f3cfaa2ead8fac38a68b7704d43731f72)
2007-10-10r1349: don't segfault with empty data_blobStefan Metzmacher1-0/+5
metze (This used to be commit a826accd55e90cb0628f198886ba1ae6c845e68b)
2007-10-10r1348: get gensec backend by OID instead of nameStefan Metzmacher1-11/+0
metze (This used to be commit 38e00f87191b86901b603e66aec1e7e71f74c29f)
2007-10-10r1347: - remove typedefStefan Metzmacher2-6/+15
- pass down gensec_user to the sub context - if segfault when mechType is NULL metze (This used to be commit 3f84263c27add3bf01eea88618f707da925bed5c)
2007-10-10r1346: revert my last spnego changesStefan Metzmacher2-126/+116
metze (This used to be commit 7b8237bfb3c302a448a7db0236c0a953603dcd89)
2007-10-10r1344: add gensec_start_mech_by_name()Stefan Metzmacher3-116/+137
some gensec spnego fixes (NULL pointer and length checks) metze (This used to be commit 41ff6d0cd47f6295fe7fe1d31fec7306416ce199)
2007-10-10r1294: A nice, large, commit...Andrew Bartlett6-168/+811
This implements gensec for Samba's server side, and brings gensec up to the standards of a full subsystem. This means that use of the subsystem is by gensec_* functions, not function pointers in structures (this is internal). This causes changes in all the existing gensec users. Our RPC server no longer contains it's own generalised security scheme, and now calls gensec directly. Gensec has also taken over the role of auth/auth_ntlmssp.c An important part of gensec, is the output of the 'session_info' struct. This is now reference counted, so that we can correctly free it when a pipe is closed, no matter if it was inherited, or created by per-pipe authentication. The schannel code is reworked, to be in the same file for client and server. ntlm_auth is reworked to use gensec. The major problem with this code is the way it relies on subsystem auto-initialisation. The primary reason for this commit now.is to allow these problems to be looked at, and fixed. There are problems with the new code: - I've tested it with smbtorture, but currently don't have VMware and valgrind working (this I'll fix soon). - The SPNEGO code is client-only at this point. - We still do not do kerberos. Andrew Bartlett (This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
2007-10-10r1274: revert -r 1239 as discussed with abartletStefan Metzmacher3-145/+421
metze (This used to be commit 52e2d038252bd745d53c687d266ad3ad62efa6fc)
2007-10-10r1239: move the old msrpc_<gen|parse>() functions to ↵Stefan Metzmacher3-421/+145
ndr_<push|pull>_format_blob() simular to ndr_<push|pull>_struct_blob() metze (This used to be commit b25dd341e0febd550a2936ca484b6fecce2ff8c2)
2007-10-10r1229: the name of the protocol should be in first place of a function nameStefan Metzmacher2-10/+10
rename <read|write|free>_spnego_data() into spnego_<read|write|free>_data metze (This used to be commit 3f57c8f596eb6ad31a024acaf60fefcfd28d8387)
2007-10-10r1200: Add 'gensec', our generic security layer.Andrew Bartlett7-275/+930
This layer is used for DCERPC security, as well as ntlm_auth at this time. It expect things like SASL and the CIFS layer to use it as well. The particular purpose of this layer is to introduce SPENGO, which needs generic access to the actual implementation mechanisms. Schannel, due to it's 'interesting' setup properties is in GENSEC, but is only in the RPC code. Andrew Bartlett (This used to be commit 902af49006fb8cfecaadd3cc0c10e2e542083fb1)
2007-10-10r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts.Andrew Bartlett6-0/+1397
I have moved the SPNEGO and Kerberos code into libcli/auth, and intend to refactor them into the same format as NTLMSSP. Andrew Bartlett (This used to be commit 58da78a7460d5d0a4abee7d7b84799c228e6bc0b)
2007-10-10r1187: * Remove testing hack (actually check signatures on NTLM2).Andrew Bartlett1-5/+2
* Remove unreached counter increment * Print the correct NTLMSSP key. (This used to be commit b96700695479c19c7b2c190616420762409fdf0d)
2007-10-10r1170: Remove bogus part of previous commit - session keys, even in NTLMSSPAndrew Bartlett1-2/+4
are variable length. Remove extra casts Andrew Bartlett (This used to be commit 84f86b83f88cea5564347f3aa623be2d9feeb4b3)
2007-10-10r1169: Some more updates to the NTLMSSP NTLM2 code:Andrew Bartlett2-46/+48
- implement key weakening - don't create large 'hashes' when we only want a key (signing subkeys) - make more useful debugs. NTLM2 is still off by default, till I figure out how to do NTLM2 signing. Andrew Bartlett (This used to be commit 079c2654851536b0a7918d408ac9597abbab8fd2)
2007-10-10r1134: added a TODO regarding schannel credentialsAndrew Tridgell1-1/+2
(This used to be commit 17dacf494ac25bb6d9f6dea8cb81968ea2b84c55)
2007-10-10r1080: Make sure to initialise all the returned elements in the SamLogonAndrew Bartlett1-10/+13
reply also initialise the LM session key, when we have it (was failing because the auth code was setting it's length wrong). Andrew Bartlett (This used to be commit de97d9df224f769953e850a276515923a830839c)
2007-10-10r1043: allocate signature from the right mem_ctx. Samba4 now passes the ↵Andrew Tridgell1-2/+2
schannel torture test. (This used to be commit 95599e3ef79bf5cafb556121c99ffc5c3a8f3314)
2007-10-10r1041: - pulled the domain join code out of the netlogon test and made it a ↵Andrew Tridgell1-1/+1
separate utility function, to allow multiple torture tests to temporarily join a domain - fixed a session key size problem - added a schannel test suite - allow schannel to work with ncacn_ip_tcp (This used to be commit 36f05e4d575099fcb957b8a55781c38dcd2e1177)
2007-10-10r1028: More consistancy fixes, which should also fix the build.Andrew Bartlett1-10/+10
Andrew Bartlett (This used to be commit 0d2ae66d3a82134d86084f63c05214e03dfcb48b)
2007-10-10r1024: Use samr_Password for the machine password here - this ensures we canAndrew Bartlett1-8/+8
never pass in something of the wrong length. Andrew Bartlett (This used to be commit d6999ea9c07d8652b0d63147e7294bc35e7063fe)
2007-10-10r1009: Make all users of NT and LM passwords use the samr_Password structure.Andrew Bartlett1-6/+6
This includes the netlogon pipe, for the machine account password change system. Andrew Bartlett (This used to be commit 49d545a82057ee8b60d50aa55e908efe59875150)
2007-10-10r1001: in samba4 we don't(shouldn't) use typedef's anymore...Stefan Metzmacher3-27/+23
metze (This used to be commit ac5f6f7e511a730448012c8a709887827aea2281)
2007-10-10r995: - renamed many of our crypto routines to use the industry standardAndrew Tridgell5-41/+91
names rather than our crazy naming scheme. So DES is now called des_crypt() rather than smbhash() - added the code from the solution of the ADS crypto challenge that allows Samba to correctly handle a 128 bit session key in all of the netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard from PADL for solving this one! - restructured the server side rpc authentication to allow for other than NTLMSSP sign and seal. This commit just adds the structure, the next commit will add schannel server side support. - added 128 bit session key support to our client side code, and testing against w2k3 with smbtorture. Works well. (This used to be commit 729b2f41c924a0b435d44a14209e6dacc2304cee)
2007-10-10r962: convert 'unsigned' and 'unsigned int' to uint_tStefan Metzmacher1-1/+1
metze (This used to be commit 57151e80eb1090281401930c8fe25b20a8cf3a38)
generated by cgit (git 2.34.1) at 2024-11-07 13:52:56 +0000