summaryrefslogtreecommitdiff
path: root/source4/libcli
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r1498: (merge from 3.0)Andrew Bartlett3-7/+7
Rework our random number generation system. On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). This also requires that we start the secrets subsystem, as that is where the reseed value is stored, for systems without /dev/urandom. In order to aviod identical streams in forked children, the random state is re-initialised after the fork(), at the same point were we do that to the tdbs. Andrew Bartlett (This used to be commit b97d3cb2efd68310b1aea8a3ac40a64979c8cdae)
2007-10-10r1497: add forward declaration for struct auth_session_infoStefan Metzmacher1-0/+2
(fix compiler warning) metze (This used to be commit 65147f5aa2a56220a387876d990a546beb93a2d7)
2007-10-10r1494: fix debug messageStefan Metzmacher1-1/+1
metze (This used to be commit 463982bf3f37bac67e1aaa488e4142d0ecc23307)
2007-10-10r1476: Don't print messages about the CCACHE not being found - this is normal.Andrew Bartlett1-2/+6
Andrew Bartlett (This used to be commit 30d88580efe45dc792f8d5c04f4abe0497d1551c)
2007-10-10r1475: More kerberos workAndrew Bartlett8-53/+338
- We can now connect to hosts that follow the SPNEGO RFC, and *do not* give us their principal name in the mechListMIC. - The client code now remembers the hostname it connects to - We now kinit for a user, if there is not valid ticket already - Re-introduce clock skew compensation TODO: - See if the username in the ccache matches the username specified - Use a private ccache, rather then the global one, for a 'new' kinit - Determine 'default' usernames. - The default for Krb5 is the one in the ccache, then $USER - For NTLMSSP, it's just $USER Andrew Bartlett (This used to be commit de5da669397db4ac87c6da08d3533ca3030da2b0)
2007-10-10r1469: fix a segfault and compiler warning,Stefan Metzmacher1-3/+2
introduced by the "compiler warning fix" in rev 1460... metze (This used to be commit ffb7ba35cdb2fb19b8271a3585eef075948bef9c)
2007-10-10r1467: disable gensec_krb5 by default till abartletStefan Metzmacher1-1/+2
add the kinit code metze (This used to be commit 9a876be76cee3983676d8c89549162b5c4eba8b0)
2007-10-10r1466: the name "oid" is taken by some silly system headers - avoid it in ↵Andrew Tridgell1-2/+2
our code (This used to be commit ea5659b051f95402441e69ba4ce5aea1ed6f5c86)
2007-10-10r1463: fix the krb5 buildStefan Metzmacher2-1/+5
metze (This used to be commit fc8d00b8ab28535da4ec0b7e6931bbf402a37013)
2007-10-10r1462: GENSEC Kerberos and SPENGO work:Andrew Bartlett7-110/+168
- Spelling - it's SPNEGO, not SPENGO - SMB signing - Krb5 logins are now correctly signed - SPNEGO - Changes to always tell GENSEC about incoming packets, empty or not. Andrew Bartlett (This used to be commit cea578d6f39a2ea4a24e7a0064c95193ab6f6df7)
2007-10-10r1461: ntlm_check.c is a server-side peice of code, so it belongs in AUTH.Andrew Bartlett1-447/+0
Andrew Bartlett (This used to be commit 67ac9600664e93aa2fe9426127313b57ddaec2cf)
2007-10-10r1460: Avoid a compile warning.Andrew Bartlett1-2/+5
Andrew Bartlett (This used to be commit 10a973da88441b255eda7cbc263ef5c4f2f0fcae)
2007-10-10r1457: Add the GSSAPI layer to our gensec_krb5 code.Andrew Bartlett2-33/+142
Andrew Bartlett (This used to be commit 893a9a3865d7046d8b1cb0418aaf48b88beefa05)
2007-10-10r1451: More missing files...Jelmer Vernooij2-0/+12
(This used to be commit 7e9884799e4f450b9693b6e29d7490288ebc969e)
2007-10-10r1450: Oops.. Missing files :-)Jelmer Vernooij2-0/+47
(This used to be commit eaa2940ba039f59e13d44c6e2dda919ed8e388f5)
2007-10-10r1449: Use the config system somewhat better in libcli/authJelmer Vernooij4-33/+3
(This used to be commit 69de0d95c585c1a73072e921884cbd427c160176)
2007-10-10r1448: Indent this so proto doesn't pick it up.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 1164be10af8e1b47824df391196ec37c395a4040)
2007-10-10r1447: Fix compile.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit b97ea8a63f044d2c20781c876575978cc4725285)
2007-10-10r1446: Another funciton to avoid in proto.hAndrew Bartlett1-0/+6
Andrew Bartlett (This used to be commit 310a570936c0d2d5af168aeca1b33206622d8355)
2007-10-10r1445: Ensure get_auth_data_from_tkt doesn't get into proto.hAndrew Bartlett2-2/+4
Andrew Bartlett (This used to be commit 159c234589e8e148180217f9ef4853b3031877db)
2007-10-10r1443: More changes towards Kerberos in Samba4's GENSEC.Andrew Bartlett2-132/+24
The kerberos context is now tied in life to the GENSEC context. Andrew Bartlett (This used to be commit 64e99170c3b53a14d7f8d29cf78283f2bc22c1f7)
2007-10-10r1442: I was going to rename kerberos.c -> kerberos_kinit.c, but didn't.Andrew Bartlett1-1/+1
Fix config.mk... (oh, and this file is somehow marked as binary...) Andrew Bartlett (This used to be commit 3e9aa67e3fdd9be18bdead6d45a982d30e5fd5b4)
2007-10-10r1441: Indentation and comment fixes.Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit 231e505dea9e9aca28eb336bcbcfb2b7b83c089c)
2007-10-10r1440: GENSEC improvements:Andrew Bartlett2-1/+66
- Infrustructure for kerberos - Don't segfault on un-implemented backend functions - Add comments. Andrew Bartlett (This used to be commit 1c31aa42710421917428d6ba86328ea5179751bd)
2007-10-10r1439: Once we are authenticated, always return NT_STATUS_OK. (Makes SPENGOAndrew Bartlett1-1/+1
easier to code, as it may return an 'ok' with an empty blob). Andrew Bartlett (This used to be commit e48557158ed99eee7d3ef8231c629bbd14cda9d3)
2007-10-10r1438: Record the principal name we are sent in the SPENGO mechListMIC in aAndrew Bartlett2-3/+3
seperate char *, not a DATA_BLOB. This allows us to tell if we were sent a string here, or a real MIC. (This used to be commit 06b997c826e3ec00e0528da800e3eae0e3497a54)
2007-10-10r1437: Intermediate commit of krb5 for GENSEC.Andrew Bartlett2-40/+360
The session key in the client is wrong, we don't do signing/sealing and we are sending raw Kerberos, not GSSAPI. But it's a start, and if we continue to have to call Krb5 directly, this will be the basis. I also intend to provide an alternate implementation, using just GSSAPI. Andrew Bartlett (This used to be commit eb0dd4a821dc3dbe370aea9a9c9fb05cf2592e4d)
2007-10-10r1436: Move GENSEC across to config.mkAndrew Bartlett2-17/+25
Andrew Bartlett (This used to be commit 2de3a3082344fd292b1084a73a332549d6b2e25d)
2007-10-10r1429: enable spnego in smbclient too.Stefan Metzmacher1-6/+11
metze (This used to be commit ae2e6b58629397d75a3e446ff0c50b594d029206)
2007-10-10r1426: Fix some of my silly compile errors...Andrew Bartlett2-2/+2
Andrew Bartlett (This used to be commit c283837556109b9392a8cdcd867e5ae0dac1509b)
2007-10-10r1423: Make sure to destory the mem_ctx.Andrew Bartlett1-2/+4
Andrew Bartlett (This used to be commit c5a1529d54e6b8ec2bbf7017a2f48d7535f1f016)
2007-10-10r1421: fix a uninitialized var (thanks valgrind:-)Stefan Metzmacher1-5/+15
add a view debug messages metze (This used to be commit 79953dccc1f21dbabddff73a4b6d862eace29eb9)
2007-10-10r1420: be more strict reject if the context has the wrong typeStefan Metzmacher1-0/+1
metze (This used to be commit db19d6047c25698d0c3b7aeaab77b2a02385dbb5)
2007-10-10r1418: Merge Samba 3.0's recent kerberos changes into Samba4. None of thisAndrew Bartlett3-107/+233
is used yet. Andrew Bartlett (This used to be commit 7596f311c9a18314716f64476030ce3dfcdd98bb)
2007-10-10r1409: if we have no user name don't use extended securityStefan Metzmacher2-1/+2
the capabilities in the union smb_sesssetup should be used to decide if we can use extented security metze (This used to be commit e3760fcc17cc645d942f0fc7f7325976391309ea)
2007-10-10r1406: I got spnego in the smb client workingStefan Metzmacher1-0/+3
so I set 'use spnego = True' metze (This used to be commit e06898f88c82c286574f9d73de1a9de829b1ded8)
2007-10-10r1372: Remove the 'default' case from the SPENGO state machine, and fix upAndrew Bartlett1-6/+6
some compiler warnings that allowed us to see. Andrew Bartlett (This used to be commit 1a6c2018dd49519e6fccdd5a7f35d70b67d45275)
2007-10-10r1367: SPNEGO know uses gensec_subcontext_start() in all placesStefan Metzmacher1-1/+2
metze (This used to be commit f7379324025c599cd201ce6d0905f0ca2c24ce73)
2007-10-10r1366: handle the case where the client need to send the negTokenInit beforeStefan Metzmacher1-1/+88
getting something from the server. (this is needed by SPNEGO in dcerpc) metze (This used to be commit ec978555f0bd612b80dfa49ccc880a3858285879)
2007-10-10r1365: in SPNEGO_SERVER_TARG we should not check the spnego_negResultStefan Metzmacher1-9/+0
because the client don't send this metze (This used to be commit b1217a4ef6592082bb02fd0596a0563bacdf1d8e)
2007-10-10r1364: the SPNEGO_SERVER_TARG state is different from the SPNEGO_CLIENT_TARGStefan Metzmacher1-4/+72
the client checks but not send spnego_negResult metze (This used to be commit 49e4d375e9504f595aaa64ac62ddb421f082c424)
2007-10-10r1363: add SPNEGO_NONE_RESULT as spnego_negResult valueStefan Metzmacher2-4/+7
this should indicate that we don't send a spnego_negResult t all over the wire metze (This used to be commit 69d685d81784e5fb33e41d3244498ac620a2f5f0)
2007-10-10r1360: - remove unused state SPNEGO_CLIENT_SEND_MECHSStefan Metzmacher1-5/+0
- remove unsed gensec_user forward, it's done by the gensec layer know metze (This used to be commit e19e5a91f2fd988546f42473bf241dff3c2fe198)
2007-10-10r1359: fix uninit var - found by valgrindStefan Metzmacher1-3/+1
metze (This used to be commit 264afea9ec3ada4df51e5f5de4c0b977024af40b)
2007-10-10r1358: Re-indent the SPENGO implementation, and work on the basis of aAndrew Bartlett1-146/+201
switch, rather than a series of if statements. Also start to use the GENSEC subcontexts, and add some comments explaining some of the 'odd' logic in parts. I'll probably break these out into subfunctions soon. Thanks to metze for getting me to do this :-) Andrew Bartlett (This used to be commit 73e03596d3b2ad5927e8154d0fbfbdae9ec3f717)
2007-10-10r1357: Work on GENSEC:Andrew Bartlett2-5/+51
- Add the concept of a 'subcontext' into gensec, so that the spengo code doesn't have to figure out how to make one. (A subcontext inherits the username, domain, password (or callback) from the main context). - Add comments to some other routines, and explain a bit about what the various 'start' functions are for. Andrew Bartlett (This used to be commit 7aedbfbdd92b4ca93cbd0babff16e7526201ee88)
2007-10-10r1353: Fix compile with new ASN1 peek code.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 9039a2a1128d8af278cae76c0aa6d5362b3671e4)
2007-10-10r1352: Add a 'peek' function to our ASN1 code, so we can safely perform theAndrew Bartlett2-18/+63
various switches without looking one byte past te end of the buffer. (This used to be commit 5bce188d429b4166f3d0314922ae40204de182a7)
2007-10-10r1350: - init nt_status- found by valgrindStefan Metzmacher1-1/+2
- set auth_type = DCERPC_AUTH_TYPE_SPNEGO metze (This used to be commit 7354521f3cfaa2ead8fac38a68b7704d43731f72)
2007-10-10r1349: don't segfault with empty data_blobStefan Metzmacher1-0/+5
metze (This used to be commit a826accd55e90cb0628f198886ba1ae6c845e68b)