Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
|
|
metze
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov 30 15:13:36 CET 2011 on sn-devel-104
|
|
We'll remove transport->socket soon, but removing transport->ev
will take a bit longer.
metze
|
|
This avoids keeping the event context around on a the gensec_security
context structure long term.
In the Samba3 server, the event context we either supply is a NULL
pointer as no server-side modules currently use the event context.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Jelmer
|
|
|
|
gensec_session_key()
This is slightly less efficient, because we no longer keep a cache on
the gensec structures, but much clearer in terms of memory ownership.
Both gensec_session_info() and gensec_session_key() now take a mem_ctx
and put the result only on that context.
Some duplication of memory in the callers (who were rightly uncertain
about who was the rightful owner of the returned memory) has been
removed to compensate for the internal copy.
Andrew Bartlett
|
|
I have seen domain controllers rejecting NTLMv2 blobs presented to
NetrLogonSamLogonEx with LOGON_FAILURE when the MsvAvNbComputerName
was a FQDN or an IP address
I have not seen this field in NTLMv2 blobs send by Windows clients
when extended security was not available, so omitting the field
makes Samba similar to Windows.
This prevents errors with some smbtorture testcases that disable
spnego and when a target name is specified that is not a valid
netbios name.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Apr 14 02:19:08 CEST 2011 on sn-devel-104
|
|
metze
|
|
metze
|
|
|
|
should in the future only contain some settings required for gensec.
|
|
|
|
functions.
|
|
We need to manually free the request, otherwise the timeout handler is
triggered later.
metze
|
|
We need to start signing when we got NT_STATUS_OK from the server
and manually check the signature of the servers response.
This is needed as the response might be signed with the krb5 acceptor subkey,
which comes within the server response.
With NTLMSSP this happens for the session setup:
request1 => BSRSPYL seqnum: 0
response1 => BSRSPYL seqnum: 0
request2 => BSRSPYL seqnum: 0
response2 => <SIGNATURE> seqnum: 1
and with krb5:
request1 => BSRSPYL seqnum: 0
response1 => <SIGNATURE> seqnum: 1
metze
|
|
The ability to short-circuit the connection code to only do a negprot
allows us to do the rest once we have the user's password. We return
the 8 byte challenge so we can pass it to the client.
Andrew Bartlett
(This used to be commit 40fe386b0374df8b390b995c332d048dbbc08f1b)
|
|
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
|
|
(This used to be commit 5de88728ac5c567d3711d1ac6862bbdaced84b75)
|
|
(This used to be commit a1715b1f48ba44bd94844418cc9299649aaf1a5e)
|
|
cifsdd tests. Thanks to Andrew for catching this.
Also fixes a typo in sessetup.c.
(This used to be commit b97de4a655b989a481d5d001ce9a5d3969d2909c)
|
|
(This used to be commit b9e3a4862e267be39d603fed8207a237c3d72081)
|
|
(This used to be commit 4b46888bd0195ab12190f76868719fc018baafd6)
|
|
2007-09-29 More higher-level passing around of lp_ctx.
2007-09-29 Fix warning.
2007-09-29 Pass loadparm contexts on a higher level.
2007-09-29 Avoid using global loadparm context.
(This used to be commit 3468952e771ab31f90b6c374ade01c5550810f42)
|
|
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
|
|
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
|
|
(This used to be commit 925abf74fa1ed5ae726bae8781ec549302786b39)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
and free the smbcli_request explicit to fix a crash where
the request handler gets called after its private data is already
freed
metze
(This used to be commit 55306c618807f2661090d2189e269cb3e142ee06)
|
|
Break up auth/auth.h not to include the world.
Add credentials_krb5.h with the kerberos dependent prototypes.
Andrew Bartlett
(This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
|
|
- only touch session->vuid when needed
- it make no sense to set an .spnego.out.vuid
metze
(This used to be commit 1940fbed154c89d29214ddf293128a70a97bf923)
|
|
otherwise the callers callback function will not be called
and the caller is hanging forever...
metze
(This used to be commit e231eba828486e68c9d3a246e1e0c943fdb8301c)
|
|
as new levels
metze
(This used to be commit 91806353174704857dfcc15a730af7232cfde660)
|
|
don't care...
Andrew Bartlett
(This used to be commit 8abe7ba619a9499229937435b66005e278bcbf38)
|
|
attempts for the password, when talking to a remote CIFS server.
Andrew Bartlett
(This used to be commit 3a4ddc8f5978210ab3ad79f0332cee80a0d6e6c9)
|
|
(This used to be commit cd9f3adc759f1dc29043c435febfe78e56fece1b)
|
|
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
|
|
(This used to be commit 98c4c3051391c6f89df5d133665f51bef66b1563)
|
|
file dependencies
(This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
|
|
The switch to turn off SPNEGO in the client is a bit messy, but it works.
Andrew Bartlett
(This used to be commit 085ba80cc8a954bd84ecf30e5d57a1583f54062f)
|
|
just NTLMSSP.
Andrew Bartlett
(This used to be commit 3e96975d910496db87e8e34e310f0f6d283210bf)
|
|
Andrew Bartlett
(This used to be commit 8e2b461669d2d4d5a789da66b5049ecbddd8fd15)
|
|
simplies the torture code a lot.
(This used to be commit 7bf1046fbb7fd83fecb2fa645628ba9a17aab037)
|
|
authentication out of the various callers and into the kitchen
sink.. err, credentials subsystem.
This should ensure consistant logic, as well as get us one step closer
to security=server operation in future.
Andrew Bartlett
(This used to be commit 09c95763301c0f7770d56462e8af4169b8c171fb)
|
|
Andrew Bartlett
(This used to be commit 0d757b169a3d521a0d228bed51aa96cf199d5c42)
|
|
stuff.
- don't use SMBCLI_REQUEST_* state's in the genreic composite stuff
- move monitor_fn to libnet.
NOTE: I have maybe found some bugs, in code that is dirrectly in DONE or ERROR
state in the _send() function. I haven't fixed this bugs in this
commit! We may need some composite_trigger_*() functions or so.
And maybe some other generic helper functions...
metze
(This used to be commit 4527815a0a9b96e460f301cb1f0c0b3964c166fc)
|