summaryrefslogtreecommitdiff
path: root/source4/libcli/auth
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r2315: change formatStefan Metzmacher1-1/+1
metze (This used to be commit 9177cd4285315175913aa2c9359f1173fa7d6eb7)
2007-10-10r2314: fix compiler warningStefan Metzmacher1-2/+2
metze (This used to be commit 75c3108955bab44ffda308406bae153e3a92cedf)
2007-10-10r2307: Fix the use of 'raw' NTLMSSP to hosts that support extended security,Andrew Bartlett2-2/+14
but do not support SPNEGO (such as XP, when not joined to a domain). This is triggered by the presense or lack of a security blob in the negprot reply. Andrew Bartlett (This used to be commit 99f7a38c077725b22475f2ba68d0955114879c24)
2007-10-10r2303: allow setting of many ntlmssp options from smb.conf or the commandAndrew Tridgell1-7/+28
line. This makes testing much easier. (This used to be commit 0a4723d250ba13e6374700fc6e80854ec6a3eddc)
2007-10-10r2294: this fixes the NTLM2 sign+seal combination. I have now tested:Andrew Tridgell1-25/+15
NTLM sign NTLM sign+seal NTLM2 sign NTLM2 sign+seal and all of the above both with and without key exchange the NTLM2 seal case is ugly and involves an extra data copy, which some API changes in gensec or the ndr layer might avoid in future. (This used to be commit fce7a4218b3136d880dd1a123e8525e3091bbed8)
2007-10-10r2290: Fix 'lsakey' for the server-side, it is static forAndrew Bartlett1-4/+2
'authenticated' connections. Fix kerberos session key issues - we need to call the routine for extracting the session key, not just read the cache. Andrew Bartlett (This used to be commit b80d849b6b586869fc7d3d4153db1a316f2867a9)
2007-10-10r2286: Fixes towards krb5 logins into Samba's CIFS server.Andrew Bartlett4-89/+113
These fixes aim particularly at allowing PAC-less logins, as I don't yet generate a PAC in the lorikeet-heimdal KDC. This is for the benifit of a Kerbeors-enabled domain join, which seems to be progressing quite well! Andrew Bartlett (This used to be commit f5a381094dd5bcbd795a134bc4b8b89901b5e3eb)
2007-10-10r2285: Remove more static data, fix spelling in a comment.Andrew Bartlett2-3/+3
(This used to be commit 2c701f59a7f232fed624f7cec62dd494dd32c2d9)
2007-10-10r2284: Thanks to some great detective work by tridge, NTLM2 signing now works.Andrew Bartlett7-97/+203
This means that 'require NTLMv2 session security' now works for RPC pipe signing. We don't yet have sealing, but it can't be much further. This is almost all tridge's code, munged into a form that can work with the GENSEC API. This commit also includes more lsakey fixes - that key is used for all DCE-RPC level authenticated connections, even over CIFS/ncacn_np. No doubt I missed something, but I'm going to get some sleep :-) Andrew Bartlett (This used to be commit a1fe175eec884280fb7e9ca8f528134cf4600beb)
2007-10-10r2119: Noticed by jra:Andrew Bartlett1-6/+0
Clean up use of unitilaised variable. Andrew Bartlett (This used to be commit e8d0246882f0d70dc3c63208d0a990804f36a05d)
2007-10-10r2099: Get rid of another private ARCFOUR implementation from the codebase.Andrew Bartlett2-96/+47
Andrew Bartlett (This used to be commit 0237389ce765cbb6825b79de1b0727da0969efeb)
2007-10-10r2096: Enable use of NTLM2 for connections that do not got on to be NTLMSSPAndrew Bartlett1-0/+16
signed or sealed. This allows NTLM2 for SMB connections, and NTLMSSP over HTTP for example. Andrew Bartlett (This used to be commit e509451538eb5fac5a288e2c429d8481dbfb355f)
2007-10-10r2058: Merge heimdal krb5_locate_kdc-fix over from trunk/3_0 althoughGünther Deschner1-1/+11
krb5_locate_kdc is (yet) an unused function in Samba4. Guenther (This used to be commit fe93f58dfe208ec814f1e75efde4ececa2b2cb5f)
2007-10-10r2054: Fix compile warnings/build failures on non-gcc.Andrew Bartlett1-1/+2
Andrew Bartlett (This used to be commit 2cbbf123d26081687a15eb7b82738e8187153ba4)
2007-10-10r2053: All RPC sessions 'want' a session key. Of course, the key theyAndrew Bartlett1-0/+3
currently get it bougs, but anyway... Andrew Bartlett (This used to be commit 46864dd9d778c008c2f1a3a6701360d4ca64a664)
2007-10-10r2042: missed a couple of places that should be talloc_free()Andrew Tridgell1-2/+2
(This used to be commit e1575a72a10252fdb88778f14bf3c44a65d72c5e)
2007-10-10r2041: Fix NTLMSSP RPC sealing, client -> win2k3 server.Andrew Bartlett5-17/+88
The bug (found by tridge) is that Win2k3 is being tighter about the NTLMSSP flags. If we don't negotiate sealing, we can't use it. We now have a way to indicate to the GENSEC implementation mechanisms what things we want for a connection. Andrew Bartlett (This used to be commit 86f61568ea44c5719f9b583beeeefb12e0c26f4c)
2007-10-10r2036: switched the spnego code to use tallocAndrew Tridgell1-5/+5
now that talloc_free() doesn't need to take a context ptr, there is no reason we can't use talloc everywhere that we currently use malloc(). (This used to be commit a2ad77fb3ac9638c5ef52494bf62083ec594b9f5)
2007-10-10r2020: fix compiler warningsStefan Metzmacher1-2/+2
metze (This used to be commit 17268837d21c2199b87bd78c1f62b49a37b86df8)
2007-10-10r1886: Fix the buildVolker Lendecke1-3/+3
(This used to be commit 7be7f25a57422fea3e763479629e18dc9a204aba)
2007-10-10r1794: fix the build MIT krb5Stefan Metzmacher2-5/+6
metze (This used to be commit fe655d047434422eae77486e5fd7fa51eb942677)
2007-10-10r1790: a few updates on krb5 PAC...Stefan Metzmacher1-10/+30
metze (This used to be commit 5a3a10c004ee2c94c42f08d52b36c75b413bdb79)
2007-10-10r1784: a few minor changes and debug the decoded PAC_DATAStefan Metzmacher1-8/+10
metze (This used to be commit 250485b69fbdd494bfd6c69bae94662e24fb0117)
2007-10-10r1770: here's the krb5 server code,Stefan Metzmacher3-28/+318
there're some cleanups needed and we need to verify the PAC correctly and create the auth_session_info correctly... metze (This used to be commit d8fe497097ee49611bb05c4a2fed36912d8e16b4)
2007-10-10r1752: Fix compile bugs on C (rather than C++) tolerant compilers.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 0949b72645024a6810f447fe8acb643f98588ab3)
2007-10-10r1748: don't segfault if there's no ticketStefan Metzmacher1-2/+2
metze (This used to be commit b8985892964e84ca09d611540811d5a50a31232e)
2007-10-10r1737: don't segfault when a mech don't have a session_info hookStefan Metzmacher1-0/+3
metze (This used to be commit 68f3e538265b59ec818917b914678485585795a6)
2007-10-10r1731: Add server-side SPNEGO support to Samba (disabled, until SMB signingAndrew Bartlett1-103/+207
is reworked). Andrew Bartlett (This used to be commit 73ee549b8c54e93556ff0105941996e0d4de8303)
2007-10-10r1724: Add a new function to return the list of available OIDs.Andrew Bartlett1-9/+39
(Used in our SPNEGO code). Andrew Bartlett (This used to be commit c91d6b6f9b53e64069fd5860f677bc1b4c250f0c)
2007-10-10r1685: Add the ability to lookup RPC auth types for the RPC-MGMT torture test.Andrew Bartlett1-0/+11
Andrew Bartlett (This used to be commit 0e4e3647e848605416fe79c742ac84d84dc4357c)
2007-10-10r1630: - fixed the replacement timegm() function to work correctly for DST ↵Andrew Tridgell2-3/+3
changes - got rid of global_myname(), using lp_netbios_name() instead (This used to be commit e8d4b390884e487163d81f66a5a7ac1de1305d9a)
2007-10-10r1605: GENSEC krb5 updates - fix a valgrind found uninitialised variable, andAndrew Bartlett2-14/+26
allow tests for 'unwrapped' krb5, allowed by Win2k3. SPENGO changes, trying to get the logic right (when and what sub-mechanisms to wrap). Andrew Bartlett (This used to be commit 8a0f7bf5e282d021afe93994a91fd76fa9c05f42)
2007-10-10r1521: Updates to our SMB signing code.Andrew Bartlett2-21/+26
- This causes our client and server code to use the same core code, with the same debugs etc. - In turn, this will allow the 'mandetory/fallback' signing algorithms to be shared, and only written once. Updates to the SPNEGO code - Don't wrap an empty token to the server, if we are actually already finished. Andrew Bartlett (This used to be commit 35b83eb329482ac1b3bc67285854cc47844ff353)
2007-10-10r1498: (merge from 3.0)Andrew Bartlett2-4/+4
Rework our random number generation system. On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). This also requires that we start the secrets subsystem, as that is where the reseed value is stored, for systems without /dev/urandom. In order to aviod identical streams in forked children, the random state is re-initialised after the fork(), at the same point were we do that to the tdbs. Andrew Bartlett (This used to be commit b97d3cb2efd68310b1aea8a3ac40a64979c8cdae)
2007-10-10r1497: add forward declaration for struct auth_session_infoStefan Metzmacher1-0/+2
(fix compiler warning) metze (This used to be commit 65147f5aa2a56220a387876d990a546beb93a2d7)
2007-10-10r1476: Don't print messages about the CCACHE not being found - this is normal.Andrew Bartlett1-2/+6
Andrew Bartlett (This used to be commit 30d88580efe45dc792f8d5c04f4abe0497d1551c)
2007-10-10r1475: More kerberos workAndrew Bartlett6-52/+321
- We can now connect to hosts that follow the SPNEGO RFC, and *do not* give us their principal name in the mechListMIC. - The client code now remembers the hostname it connects to - We now kinit for a user, if there is not valid ticket already - Re-introduce clock skew compensation TODO: - See if the username in the ccache matches the username specified - Use a private ccache, rather then the global one, for a 'new' kinit - Determine 'default' usernames. - The default for Krb5 is the one in the ccache, then $USER - For NTLMSSP, it's just $USER Andrew Bartlett (This used to be commit de5da669397db4ac87c6da08d3533ca3030da2b0)
2007-10-10r1467: disable gensec_krb5 by default till abartletStefan Metzmacher1-1/+2
add the kinit code metze (This used to be commit 9a876be76cee3983676d8c89549162b5c4eba8b0)
2007-10-10r1466: the name "oid" is taken by some silly system headers - avoid it in ↵Andrew Tridgell1-2/+2
our code (This used to be commit ea5659b051f95402441e69ba4ce5aea1ed6f5c86)
2007-10-10r1463: fix the krb5 buildStefan Metzmacher2-1/+5
metze (This used to be commit fc8d00b8ab28535da4ec0b7e6931bbf402a37013)
2007-10-10r1462: GENSEC Kerberos and SPENGO work:Andrew Bartlett4-70/+73
- Spelling - it's SPNEGO, not SPENGO - SMB signing - Krb5 logins are now correctly signed - SPNEGO - Changes to always tell GENSEC about incoming packets, empty or not. Andrew Bartlett (This used to be commit cea578d6f39a2ea4a24e7a0064c95193ab6f6df7)
2007-10-10r1461: ntlm_check.c is a server-side peice of code, so it belongs in AUTH.Andrew Bartlett1-447/+0
Andrew Bartlett (This used to be commit 67ac9600664e93aa2fe9426127313b57ddaec2cf)
2007-10-10r1457: Add the GSSAPI layer to our gensec_krb5 code.Andrew Bartlett2-33/+142
Andrew Bartlett (This used to be commit 893a9a3865d7046d8b1cb0418aaf48b88beefa05)
2007-10-10r1451: More missing files...Jelmer Vernooij2-0/+12
(This used to be commit 7e9884799e4f450b9693b6e29d7490288ebc969e)
2007-10-10r1450: Oops.. Missing files :-)Jelmer Vernooij2-0/+47
(This used to be commit eaa2940ba039f59e13d44c6e2dda919ed8e388f5)
2007-10-10r1449: Use the config system somewhat better in libcli/authJelmer Vernooij2-8/+3
(This used to be commit 69de0d95c585c1a73072e921884cbd427c160176)
2007-10-10r1448: Indent this so proto doesn't pick it up.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 1164be10af8e1b47824df391196ec37c395a4040)
2007-10-10r1447: Fix compile.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit b97ea8a63f044d2c20781c876575978cc4725285)
2007-10-10r1446: Another funciton to avoid in proto.hAndrew Bartlett1-0/+6
Andrew Bartlett (This used to be commit 310a570936c0d2d5af168aeca1b33206622d8355)
2007-10-10r1445: Ensure get_auth_data_from_tkt doesn't get into proto.hAndrew Bartlett2-2/+4
Andrew Bartlett (This used to be commit 159c234589e8e148180217f9ef4853b3031877db)