summaryrefslogtreecommitdiff
path: root/source4/libcli/auth
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r4470: Try not to have GSSAPI built unless we detected krb5. We should splitAndrew Bartlett1-0/+2
these tests out a bit, but for now it's an indicator we can use. Andrew Bartlett (This used to be commit 2b0605dbaee18da4ebb676fc292b324d21805ef7)
2007-10-10r4460: Add a new GENSEC module: gensec_gssapiAndrew Bartlett3-6/+368
(disabled by default, set parametric option: gensec:gssapi=yes to enable). This module backs directly onto GSSAPI, and allows us to sign and seal GSSAPI/Krb5 connections in particular. This avoids me reinventing the entire GSSAPI wheel. Currently a lot of things are left as default - we will soon start specifiying OIDs as well as passwords (it uses the keytab only at the moment). Tested with our LDAP-* torture tests against Win2k3. My hope is to use this module to access the new SPNEGO implementation in Heimdal, to avoid having to standards-verify our own. Andrew Bartlett (This used to be commit 14b650c85db14a9bf97e24682b2643b63c51ff35)
2007-10-10r4459: GENSEC refinements:Andrew Bartlett5-11/+212
In developing a GSSAPI plugin for GENSEC, it became clear that the API needed to change: - GSSAPI exposes only a wrap() and unwrap() interface, and determines the location of the signature itself. - The 'have feature' API did not correctly function in the recursive SPNEGO environment. As such, NTLMSSP has been updated to support these methods. The LDAP client and server have been updated to use the new wrap() and unwrap() methods, and now pass the LDAP-* tests in our smbtorture. (Unfortunely I still get valgrind warnings, in the code that was previously unreachable). Andrew Bartlett (This used to be commit 9923c3bc1b5a6e93a5996aadb039bd229e888ac6)
2007-10-10r4446: attempt to fix the build - andrew, can you check I've done this right?Andrew Tridgell1-1/+1
(This used to be commit 9f0bf657aeee86d859742fb4da3a0f806e7060b6)
2007-10-10r4441: gensec_krb5 update:Andrew Bartlett1-6/+21
- Use more of the clikrb5.c wrapper calls - Don't use the session keytab if we kinit for the user. Andrew Bartlett (This used to be commit e15dbee00628475d5e1c1f329a7f9b199bc36360)
2007-10-10r4413: login failure doesn't warrant a level 1 debug (its filling my logs ↵Andrew Tridgell1-1/+1
during torture tests) (This used to be commit b9284c16dc37bf14fceeaa694e82f36a38b0dd93)
2007-10-10r4358: At metze's request, the Christmas elves have removed gensec_end inAndrew Bartlett2-33/+16
favor of talloc_free(). Andrew Bartlett (This used to be commit 1933cd12fbaed56e13f2386b19de6ade99bf9478)
2007-10-10r4357: Return a more sensible error code if a NULL (as opposed to the validAndrew Bartlett1-2/+3
"") username is asked for. Andrew Bartlett (This used to be commit 9c9055603e1171e204f67b019900339f88414841)
2007-10-10r4355: More work from the elves on Christmas eve:Andrew Bartlett10-211/+891
- Update Samba4's kerberos code to match the 'salting' changes in Samba3 (and many other cleanups by jra). - Move GENSEC into the modern era of talloc destructors. This avoids many of the memory leaks in this code, as we now can't somehow 'forget' to call the end routine. - This required fixing some of the talloc hierarchies. - The new krb5 seems more sensitive to getting the service name right, so start actually setting the service name on the krb5 context. Andrew Bartlett (This used to be commit 278bf1a61a6da6ef955a12c13d7b1a0357cebf1f)
2007-10-10r4338: reuse netlogon structs in the krb5 PACStefan Metzmacher1-105/+19
that simplifies the code a lot... also add a note: we should fail the krb5 auth if there's no PAC present (when heimdal is ready for that:-) metze (This used to be commit 532641a7003d23b034a253d166482f18c2de6191)
2007-10-10r4326: fix memory leakStefan Metzmacher1-1/+1
metze (This used to be commit 1ceeb77fc716729c69f2dba4a84579c366eefa1c)
2007-10-10r4325: add the GENSEC_FEATURE_DCE_STYLE flagStefan Metzmacher2-0/+2
this will be used by krb5 dcerpc auth metze (This used to be commit 04dc7fb9b24a1e38f31559ec6032701a176209ae)
2007-10-10r4151: added privilege attribute handling on samdb.Andrew Tridgell1-0/+7
pvfs will now honor some privileges on ACLs, and it will be quite easy to add the checks for more privileges in the necessary places, by making calls to sec_privilege_check(). (This used to be commit 3549039d0fbc54f87ae679e7288b82b28713e487)
2007-10-10r4147: converted from NT_USER_TOKEN to struct security_tokenAndrew Tridgell1-13/+16
this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
2007-10-10r4079: implement the gensec_have_feature() correctly by askingStefan Metzmacher3-24/+41
the backend what is actually in use metze (This used to be commit 6f3eb7bc03609108b9e0ea5676fca3d04140e737)
2007-10-10r4077: don't add wrapping to empty blobsStefan Metzmacher1-1/+5
metze (This used to be commit e6d83d019dc46ff7ae32e7c8f9f7a3ab7d0cdcf3)
2007-10-10r4070: move some defines from asn_1.h to the places they belong toStefan Metzmacher7-14/+26
metze (This used to be commit ab2c2f27e1c61516e885f02bf26350f97209057a)
2007-10-10r4055: fixed more places to use type safe allocation macrosAndrew Tridgell2-3/+3
(This used to be commit eec698254f67365f27b4b7569fa982e22472aca1)
2007-10-10r4054: got rid of Realloc(), replacing it with the type safe macro realloc_p()Andrew Tridgell1-1/+3
(This used to be commit b0f6e21481745d1b2ced28d9ed6f09f6ffd99562)
2007-10-10r4045: readd krb5 support defaulted to disableStefan Metzmacher6-5/+17
use: gensec:krb5=yes gensec:ms_krb5=yes to enable it or -k on the client tools on the command line metze (This used to be commit 0ae5794cf44933d2554e0356baaca24c7a784f71)
2007-10-10r4044: only send supportedMech when we also send other dataStefan Metzmacher1-5/+8
metze (This used to be commit 1e0483a8482574fa0f8d7ad31cc4bf4a6155ec52)
2007-10-10r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 ↵Andrew Tridgell1-0/+2
in my compile (This used to be commit 0928b1f5b68c858922c3ea6c27ed03b5091c6221)
2007-10-10r4001: fix segfault fix auth failedStefan Metzmacher1-0/+3
metze (This used to be commit 6a7eee1d9917e0884072354dddae568645798da5)
2007-10-10r4000: DATA_BLOB.data is uint8_t * not void * :-)Stefan Metzmacher1-1/+1
(thanks abartlet for telling me) metze (This used to be commit 2783bf393f6310f9d827538329d619dad5b02dd0)
2007-10-10r3971: fix compiler warningsStefan Metzmacher1-1/+1
metze (This used to be commit 234166606dc86b9e98226cff94b3869ec173671e)
2007-10-10r3967: fix compiler warningsStefan Metzmacher1-2/+2
metze (This used to be commit 3f2c3ce2f0d11ea9f3c058690e0bb14d590c714c)
2007-10-10r3960: fix compiler warningsStefan Metzmacher1-4/+4
metze (This used to be commit 54d5b418a75d421a9c6c09bc084454f11e9b7b44)
2007-10-10r3959: fix compiler warningsStefan Metzmacher2-8/+8
metze (This used to be commit e28351f710525ca9863210974544a8b1a537e63a)
2007-10-10r3906: fix compiler warningsStefan Metzmacher1-1/+1
metze (This used to be commit df924e18220aedbfbfae569e1fb37da652914c0b)
2007-10-10r3805: Fix the LSA portions of the RPC-SAMSYNC test - I was not using the LSAAndrew Bartlett1-0/+77
secrets interface correctly. (New interface added). Andrew Bartlett (This used to be commit 994ac7f031e2b2d528595a4a0a446d92074d6ecf)
2007-10-10r3786: send a mechListMIC to make the current samba3 client happyStefan Metzmacher1-1/+9
metze (This used to be commit 2403186562698b8e13c20741a0cbed812e1b8e89)
2007-10-10r3770: - fix endless recursion loop in spnego fallback codeStefan Metzmacher1-7/+11
- fix compiler warnings metze (This used to be commit 37a8bd2e30cab98bc8b1bf10d0a516827cbb3373)
2007-10-10r3751: Some fixes to using enable and disable for subsystems, ext libs and ↵Jelmer Vernooij1-0/+2
modules (This used to be commit c7757dd9adc18549fa3f908c2714624ec3f91394)
2007-10-10r3739: Remove a bunch of unused m4 macrosJelmer Vernooij1-2/+2
(This used to be commit 2a38b77a1d8674b46028214896e37747c4082f13)
2007-10-10r3737: - Get rid of the register_subsystem() and register_backend() functions.Jelmer Vernooij3-12/+3
- Re-disable tdbtool (it was building fine on my Debian box but other machines were having problems) (This used to be commit 0d7bb2c40b7a9ed59df3f8944133ea562697e814)
2007-10-10r3735: Allow building subsystems as static libraries (.a files). To enableJelmer Vernooij1-3/+2
this support, run SUBSYSTEM_OUTPUT_TYPE=STATIC_LIBRARY ./config.status I haven't enabled this by default because there are some circular dependencies in the makefile that have to be resolved first (LIBRPC depends on LIBSMB and LIBSMB depends on LIBRPC..) (This used to be commit fc0432069bf3569a47a7c32f4bf789cec2ca44db)
2007-10-10r3733: More build system fixes/features:Jelmer Vernooij3-6/+3
- Use .mk files directly (no need for a SMB_*_MK() macro when adding a new SUBSYSTEM, MODULE or BINARY). This allows addition of new modules and subsystems without running configure - Add support for generating .dot files with the Samba4 dependency tree (as used by the graphviz and springgraph utilities) (This used to be commit 64826da834e26ee0488674e27a0eae36491ee179)
2007-10-10r3730: More build system fixes and simplificationsJelmer Vernooij1-2/+1
the hierarchy in the init functions is correct now will also make it easier to implement some other features (This used to be commit cbe819a75568403ac8850ea4d344c607a46d61c2)
2007-10-10r3721: We cracked the NTLM2 puzzle long ago, and set the flags elsewhere.Andrew Bartlett1-16/+0
Remove the conditional set. Andrew Bartlett (This used to be commit f5d8a4dde58a88408892501fd3ce53f19e67f1f1)
2007-10-10r3686: The results of some work on the NETLOGON pipe:Andrew Bartlett2-7/+0
Break out the samsync tests from RPC-NETLOGON into a new RPC-SAMSYNC, that will cross-verify all the values. Add support for the way netlogon credentials are shared between the pipe that sets up schannel and the pipe that is encrypted with it. Test this support, by calling both NETLOGON and SAMR operations in the RPC-SCHANNEL test. Move some of the Netlogon NEG flags into the .idl, now we have an idea what a few of them really are. Rename the sam_pwd_hash into a name that has meaning (all other crypto functions were renamed in Samba4 ages ago). Break out NTLMv2 functionality for operation on the NT hash - I intend to do NTLMv2 logins in the samsync test in future, and naturally I only have the hash. Andrew Bartlett (This used to be commit 6e6cc6fb9842113a1b0c7f6904dac709b320a6e5)
2007-10-10r3679: We now know a few more of the Netlogon negotiate flags.Andrew Bartlett1-5/+8
Interestingly, all the interesting flags are a '4' (as hex digits in the flag). Andrew Bartlett (This used to be commit 295e09fa3ea2cae48da1e934c1ec180e5678f0c9)
2007-10-10r3677: Seperate the SamLogon tests from the main RPC-NETLOGON test into aAndrew Bartlett1-0/+21
RPC-SAMLOGON of their own. I have expanded the tests to validate the use of various flags, which change some of the crypto behaviour. Andrew Bartlett (This used to be commit 3a140a3691ce49ebf4d1efcb99cfffd26c68a28f)
2007-10-10r3655: As required by the new torture test, add the LM session key outputAndrew Bartlett1-1/+2
parameter to SMBNTLMv2encrypt(). Andrew Bartlett (This used to be commit 75ff351faf0a3231e17f000b006beb9cb545d905)
2007-10-10r3630: More work on DCOM server sideJelmer Vernooij1-3/+0
(This used to be commit e995a1c0e5d2ee2dc50c31c01ce281a303dd5231)
2007-10-10r3613: fixed a typoAndrew Tridgell1-2/+2
(This used to be commit 891e3097ee00d75f8f28efcccd8c15cd08b80e88)
2007-10-10r3612: This appears to be the 'offical' way to initialise this struct.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 47d67c6e5b265e4192fcae0d9cd72b3ac097785e)
2007-10-10r3610: prevent segv with heimdal and password krb5 initAndrew Tridgell1-2/+5
(This used to be commit a4598e7fa17c7ec0fed9cb81f5a0fb30b133861b)
2007-10-10r3609: Lets spew out a few less error messages for tridge, and hope to getAndrew Bartlett2-10/+3
krb5 going on recent heimdal installs. Andrew Bartlett (This used to be commit a758725407df0c87922a15aa32cc841bc4c059a2)
2007-10-10r3586: Fix some of the issues with the module init functions.Jelmer Vernooij2-19/+10
Both subsystems and modules can now have init functions, which can be specified in .mk files (INIT_FUNCTION = ...) The build system will define : - SUBSYSTEM_init_static_modules that calls the init functions of all statically compiled modules. Failing to load will generate an error which is not fatal - BINARY_init_subsystems that calls the init functions (if defined) for the subsystems the binary depends on This removes the hack with the "static bool Initialised = " and the "lazy_init" functions (This used to be commit 7a8244761bfdfdfb48f8264d76951ebdfbf7bd8a)
2007-10-10r3572: Thanks to tridge for his patience with my build breakage.Andrew Bartlett1-2/+0
This concludes the proper fixes. Andrew Bartlett (This used to be commit c1d025793f2994c8f1cab304c3394ab186654071)
generated by cgit (git 2.34.1) at 2024-11-06 02:09:36 +0000