summaryrefslogtreecommitdiff
path: root/source4/libcli/auth
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r3805: Fix the LSA portions of the RPC-SAMSYNC test - I was not using the LSAAndrew Bartlett1-0/+77
secrets interface correctly. (New interface added). Andrew Bartlett (This used to be commit 994ac7f031e2b2d528595a4a0a446d92074d6ecf)
2007-10-10r3786: send a mechListMIC to make the current samba3 client happyStefan Metzmacher1-1/+9
metze (This used to be commit 2403186562698b8e13c20741a0cbed812e1b8e89)
2007-10-10r3770: - fix endless recursion loop in spnego fallback codeStefan Metzmacher1-7/+11
- fix compiler warnings metze (This used to be commit 37a8bd2e30cab98bc8b1bf10d0a516827cbb3373)
2007-10-10r3751: Some fixes to using enable and disable for subsystems, ext libs and ↵Jelmer Vernooij1-0/+2
modules (This used to be commit c7757dd9adc18549fa3f908c2714624ec3f91394)
2007-10-10r3739: Remove a bunch of unused m4 macrosJelmer Vernooij1-2/+2
(This used to be commit 2a38b77a1d8674b46028214896e37747c4082f13)
2007-10-10r3737: - Get rid of the register_subsystem() and register_backend() functions.Jelmer Vernooij3-12/+3
- Re-disable tdbtool (it was building fine on my Debian box but other machines were having problems) (This used to be commit 0d7bb2c40b7a9ed59df3f8944133ea562697e814)
2007-10-10r3735: Allow building subsystems as static libraries (.a files). To enableJelmer Vernooij1-3/+2
this support, run SUBSYSTEM_OUTPUT_TYPE=STATIC_LIBRARY ./config.status I haven't enabled this by default because there are some circular dependencies in the makefile that have to be resolved first (LIBRPC depends on LIBSMB and LIBSMB depends on LIBRPC..) (This used to be commit fc0432069bf3569a47a7c32f4bf789cec2ca44db)
2007-10-10r3733: More build system fixes/features:Jelmer Vernooij3-6/+3
- Use .mk files directly (no need for a SMB_*_MK() macro when adding a new SUBSYSTEM, MODULE or BINARY). This allows addition of new modules and subsystems without running configure - Add support for generating .dot files with the Samba4 dependency tree (as used by the graphviz and springgraph utilities) (This used to be commit 64826da834e26ee0488674e27a0eae36491ee179)
2007-10-10r3730: More build system fixes and simplificationsJelmer Vernooij1-2/+1
the hierarchy in the init functions is correct now will also make it easier to implement some other features (This used to be commit cbe819a75568403ac8850ea4d344c607a46d61c2)
2007-10-10r3721: We cracked the NTLM2 puzzle long ago, and set the flags elsewhere.Andrew Bartlett1-16/+0
Remove the conditional set. Andrew Bartlett (This used to be commit f5d8a4dde58a88408892501fd3ce53f19e67f1f1)
2007-10-10r3686: The results of some work on the NETLOGON pipe:Andrew Bartlett2-7/+0
Break out the samsync tests from RPC-NETLOGON into a new RPC-SAMSYNC, that will cross-verify all the values. Add support for the way netlogon credentials are shared between the pipe that sets up schannel and the pipe that is encrypted with it. Test this support, by calling both NETLOGON and SAMR operations in the RPC-SCHANNEL test. Move some of the Netlogon NEG flags into the .idl, now we have an idea what a few of them really are. Rename the sam_pwd_hash into a name that has meaning (all other crypto functions were renamed in Samba4 ages ago). Break out NTLMv2 functionality for operation on the NT hash - I intend to do NTLMv2 logins in the samsync test in future, and naturally I only have the hash. Andrew Bartlett (This used to be commit 6e6cc6fb9842113a1b0c7f6904dac709b320a6e5)
2007-10-10r3679: We now know a few more of the Netlogon negotiate flags.Andrew Bartlett1-5/+8
Interestingly, all the interesting flags are a '4' (as hex digits in the flag). Andrew Bartlett (This used to be commit 295e09fa3ea2cae48da1e934c1ec180e5678f0c9)
2007-10-10r3677: Seperate the SamLogon tests from the main RPC-NETLOGON test into aAndrew Bartlett1-0/+21
RPC-SAMLOGON of their own. I have expanded the tests to validate the use of various flags, which change some of the crypto behaviour. Andrew Bartlett (This used to be commit 3a140a3691ce49ebf4d1efcb99cfffd26c68a28f)
2007-10-10r3655: As required by the new torture test, add the LM session key outputAndrew Bartlett1-1/+2
parameter to SMBNTLMv2encrypt(). Andrew Bartlett (This used to be commit 75ff351faf0a3231e17f000b006beb9cb545d905)
2007-10-10r3630: More work on DCOM server sideJelmer Vernooij1-3/+0
(This used to be commit e995a1c0e5d2ee2dc50c31c01ce281a303dd5231)
2007-10-10r3613: fixed a typoAndrew Tridgell1-2/+2
(This used to be commit 891e3097ee00d75f8f28efcccd8c15cd08b80e88)
2007-10-10r3612: This appears to be the 'offical' way to initialise this struct.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 47d67c6e5b265e4192fcae0d9cd72b3ac097785e)
2007-10-10r3610: prevent segv with heimdal and password krb5 initAndrew Tridgell1-2/+5
(This used to be commit a4598e7fa17c7ec0fed9cb81f5a0fb30b133861b)
2007-10-10r3609: Lets spew out a few less error messages for tridge, and hope to getAndrew Bartlett2-10/+3
krb5 going on recent heimdal installs. Andrew Bartlett (This used to be commit a758725407df0c87922a15aa32cc841bc4c059a2)
2007-10-10r3586: Fix some of the issues with the module init functions.Jelmer Vernooij2-19/+10
Both subsystems and modules can now have init functions, which can be specified in .mk files (INIT_FUNCTION = ...) The build system will define : - SUBSYSTEM_init_static_modules that calls the init functions of all statically compiled modules. Failing to load will generate an error which is not fatal - BINARY_init_subsystems that calls the init functions (if defined) for the subsystems the binary depends on This removes the hack with the "static bool Initialised = " and the "lazy_init" functions (This used to be commit 7a8244761bfdfdfb48f8264d76951ebdfbf7bd8a)
2007-10-10r3572: Thanks to tridge for his patience with my build breakage.Andrew Bartlett1-2/+0
This concludes the proper fixes. Andrew Bartlett (This used to be commit c1d025793f2994c8f1cab304c3394ab186654071)
2007-10-10r3571: rough guesses at what abartlet really wanted to do in his last commitAndrew Tridgell1-0/+2
(which I suspect was missing some pieces) this at least fixes the build so i can keep going on pvfs. Please review/fix Andrew. (This used to be commit bffd18d09df04c1e492ef12f744ff4b6c561d53c)
2007-10-10r3565: Move PAC parsing into the session_info generation, and out of theAndrew Bartlett1-16/+41
basic krb5 request path. The idea is that we should not do the extra work, if we are not going to use the results. Andrew Bartlett (This used to be commit 13a2a9e326c027d76d27ecd08fb9863fe881bf30)
2007-10-10r3519: Include time headers to fix the build.Andrew Bartlett3-0/+3
Andrew Bartlett (This used to be commit d13e2aa89e72c63e552f1b24547abe6fc319ee61)
2007-10-10r3476: fixed some const warningsAndrew Tridgell1-1/+1
(This used to be commit 7dc58dc01e19b342df76dcc14ee28ff37a8f9ace)
2007-10-10r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ↵Andrew Tridgell6-9/+15
ioctl.h) (This used to be commit b97e395c814762024336c1cf4d7c25be8da5813a)
2007-10-10r3462: separate out the crypto includesAndrew Tridgell4-0/+4
(This used to be commit 3f75117db921e493bb77a5dc14b8ce91a6288f30)
2007-10-10r3453: - split out the auth and popt includesAndrew Tridgell9-3/+8
- tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
2007-10-10r3447: more include/system/XXX.h include filesAndrew Tridgell1-0/+1
(This used to be commit 264ce9181089922547e8f6f67116f2d7277a5105)
2007-10-10r3443: the next stage in the include files re-organisation.Andrew Tridgell4-0/+7
I have created the include/system/ directory, which will contain the wrappers for the system includes for logical subsystems. So far I have created include/system/kerberos.h and include/system/network.h, which contain all the system includes for kerberos code and networking code. These are the included in subsystems that need kerberos or networking respectively. Note that this method avoids the mess of #ifdef HAVE_XXX_H in every C file, instead each C module includes the include/system/XXX.h file for the logical system support it needs, and the details are kept isolated in include/system/ This patch also creates a "struct ipv4_addr" which replaces "struct in_addr" in our code. That avoids every C file needing to import all the system networking headers. (This used to be commit 2e25c71853f8996f73755277e448e7d670810349)
2007-10-10r3428: switched to using minimal includes for the auto-generated RPC code.Andrew Tridgell1-0/+1
The thing that finally convinced me that minimal includes was worth pursuing for rpc was a compiler (tcc) that failed to build Samba due to reaching internal limits of the size of include files. Also the fact that includes.h.gch was 16MB, which really seems excessive. This patch brings it back to 12M, which is still too large, but better. Note that this patch speeds up compile times for both the pch and non-pch case. This change also includes the addition iof a "depends()" option in our IDL files, allowing you to specify that one IDL file depends on another. This capability was needed for the auto-includes generation. (This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
2007-10-10r3391: fixed some memory leaks in the schannel codeAndrew Tridgell1-14/+4
(This used to be commit eb3366d3667ddddf7ab5eae5d1fbc5de86c41072)
2007-10-10r3390: fixed schannel server side support. RPC-SCHANNEL now works against ↵Andrew Tridgell3-51/+14
Samba4. (This used to be commit 01f5c1c72d9fc8f21029adc586154b0c54f76c9e)
2007-10-10r3365: Fill in the user and primary group SIDs into the 'server info' beforeAndrew Bartlett1-8/+11
the session info. Andrew Bartlett (This used to be commit 5db5c30ebedca1fee8924a9416bcb94ed13af372)
2007-10-10r3361: Allow Samba4 (I'm interested in ntlm_auth in particular) to useAndrew Bartlett1-2/+5
Samba3's winbind. This is also the start of domain membership code in Samba4, as we now (partially) parse the info3, and use it like Samba3 does. Andrew Bartlett (This used to be commit c1b7303c1c7d9fb815006c3bd2af20a0010d15a8)
2007-10-10r3323: more warning reductionsAndrew Tridgell1-4/+0
(This used to be commit 5921587ec26e4892efc678421277e4969417d7f5)
2007-10-10r3322: fixed a bunch of warnings in the build, including one case where it ↵Andrew Tridgell4-5/+5
was a real bug (This used to be commit 02d5d0f685e44bd66aff4a007f0bf34c8f915574)
2007-10-10r3289: Mr. L. and Mr. B.!Stefan Metzmacher2-8/+6
can we decide to not break WinXP clients:-) metze (This used to be commit 5eb0ff78d5e68f488a439545fdaec90c28ef877a)
2007-10-10r3219: Hi, Andrew B.!Volker Lendecke1-0/+2
Not sure which Samba3 you mean, but *my* one bails out with INVALID_PARAMETER... Volker (This used to be commit d91659b0370a6bd5eebd5730d304b5a2cf496594)
2007-10-10r3190: When we don't have a PAC, do a lookup in the local ldb instead.Andrew Bartlett2-30/+57
This required reworking the auth_sam code, so that it would export the 'name -> server_info' functionality. It's a bit ugly from a modular point of view, but it's what we have to do... Fix up some of the code to better use the new talloc() Andrew Bartlett (This used to be commit 18e08b4497ebabc2f31210254e145458b7c6a198)
2007-10-10r3187: This 'optional' part of the ASN.1 in SPNEGO is required by Samba3 (butAndrew Bartlett1-5/+4
not Microsoft). Unfortunetly it's harder to fix Samba3 than to make Samba4 cope... Andrew Bartlett (This used to be commit bbd52ab2641d5d6fc184235ac838ce4a022174a9)
2007-10-10r3128: Return the correct error code for a secrets/kerberos login, butAndrew Bartlett1-7/+15
skipping 'bad encryption type'. Andrew Bartlett (This used to be commit 4efb87eb03acfa888d455e4ca0aff18bda7f7ba5)
2007-10-10r3115: Bugfixes and extra debug in our kerberos verify code.Andrew Bartlett2-27/+26
Andrew Bartlett (This used to be commit 9f19aae0c0812b156054385ef77785971488e21c)
2007-10-10r3110: Fix the krb5 client and server, so that it doesn't segfault. ThereAndrew Bartlett3-49/+49
were also gensec bugs that didn't turn up until we hit error paths in the krb5 code. Andrew Bartlett (This used to be commit e08366ffeb52e8c522d3808a2af1aa0bc632b55f)
2007-10-10r3075: Initialise (and check for intialisation) of the private pointer toAndrew Bartlett1-2/+4
ensure we don't segfault on the cleanup from an incomplete schannel bind. Andrew Bartlett (This used to be commit 173f29a1d8db111d5adb258eead5379d681d3bb2)
2007-10-10r2860: add gensec_have_feature() to check what feature are used in the ↵Stefan Metzmacher1-0/+15
connection metze (This used to be commit 30aa8af04498d674dbcf428a9e62df9055f53ea2)
2007-10-10r2859: It seems useful to allow the seal/unseal functions in gensec to passAndrew Bartlett1-0/+12
though to the sign/check_sig functions. Andrew Bartlett (This used to be commit 18367c4235cf16f3c2fee003153ec9b19b02aa9b)
2007-10-10r2857: this commit gets rid of smb_ucs2_t, wpstring and fpstring, plus lots ↵Andrew Tridgell1-2/+2
of associated functions. The motivation for this change was to avoid having to convert to/from ucs2 strings for so many operations. Doing that was slow, used many static buffers, and was also incorrect as it didn't cope properly with unicode codepoints above 65536 (which could not be represented correctly as smb_ucs2_t chars) The two core functions that allowed this change are next_codepoint() and push_codepoint(). These functions allow you to correctly walk a arbitrary multi-byte string a character at a time without converting the whole string to ucs2. While doing this cleanup I also fixed several ucs2 string handling bugs. See the commit for details. The following code (which counts the number of occuraces of 'c' in a string) shows how to use the new interface: size_t count_chars(const char *s, char c) { size_t count = 0; while (*s) { size_t size; codepoint_t c2 = next_codepoint(s, &size); if (c2 == c) count++; s += size; } return count; } (This used to be commit 814881f0e50019196b3aa9fbe4aeadbb98172040)
2007-10-10r2850: - check for GENSEC_WANT_SEAL in gensec_unseal_packet()Stefan Metzmacher2-2/+4
- pass functions to the subcontext in spnego metze (This used to be commit d02fab41f8261095ca8f9a819e0c25bef41b5807)
2007-10-10r2671: we're getting too many errors caused by the talloc_realloc() API notAndrew Tridgell1-1/+1
taking a context (so when you pass a NULL pointer you end up with memory in a top level context). Fixed it by changing the API to take a context. The context is only used if the pointer you are reallocing is NULL. (This used to be commit 8dc23821c9f54b2f13049b5e608a0cafb81aa540)