summaryrefslogtreecommitdiff
path: root/source4/torture/auth/pac.c
AgeCommit message (Collapse)AuthorFilesLines
2012-05-04s4:torture: auth/pac.c: use Kerberos wrapper for krb5_keyblock_initAlexander Bokovoy1-4/+4
Signed-off-by: Simo Sorce <idra@samba.org>
2012-04-12auth-krb: Move pac related util functions in a single place.Simo Sorce1-0/+1
Signed-off-by: Andreas Schneider <asn@samba.org>
2011-07-20auth: Split out make_user_info_SamBaseInfo and add authenticated argumentAndrew Bartlett1-1/+3
This will allow the source3 auth code to call this without needing to double-parse the SIDs Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-04-20libcli/auth Move PAC parsing and verification in common.Andrew Bartlett1-14/+9
This uses the source3 PAC code (originally from Samba4) with some small changes to restore functionality needed by the torture tests, and to have a common API. Andrew Bartlett
2011-03-19source4/torture: Fix prototypes for all functions.Jelmer Vernooij1-0/+1
2011-02-09s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett1-30/+32
This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
2011-01-20s4-auth Remove special case for account_sid from auth_serversupplied_infoAndrew Bartlett1-12/+13
This makes everything reference a server_info->sids list, which is now a struct dom_sid *, not a struct dom_sid **. This is in keeping with the other sid lists in the security_token etc. In the process, I also tidy up the talloc tree (move more structures under their logical parents) and check for some possible overflows in situations with a pathological number of sids. Andrew Bartlett
2010-12-11s4-smbtorture: Make test names lowercase and dot-separated.Jelmer Vernooij1-1/+1
This is consistent with the test names used by selftest, should make the names less confusing and easier to integrate with other tools. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 11 04:16:13 CET 2010 on sn-devel-104
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-1/+1
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij1-14/+2
2009-10-20s4-torture: ran minimal_includes.pl over source4/tortureAndrew Tridgell1-1/+0
This reduces compile time somewhat.
2009-07-19Add missing includes.Jelmer Vernooij1-0/+1
2009-01-21s4:auth: move make_server_info_netlogon_validation() function arroundStefan Metzmacher1-1/+1
metze
2008-10-12Fix number of arguments for file_load() functions.Jelmer Vernooij1-1/+1
2008-08-28Heimdal provides Kerberos PAC parsing routines. Use them.Andrew Bartlett1-3/+66
This uses Heimdal's PAC parsing code in the: - LOCAL-PAC test - gensec_gssapi server - KDC (where is was already used, the support code refactored from here) In addition, the service and KDC checksums are recorded in the struct auth_serversupplied_info, allowing them to be extracted for validation across NETLOGON. Andrew Bartlett (This used to be commit 418b440a7b8cdb53035045f3981d47b078be6c1e)
2008-08-14cope with not knowing the kdc keyAndrew Tridgell1-41/+56
(This used to be commit 7e48dad4c7724f3f11236171a777603574224c42)
2008-04-02Install public header files again and include required prototypes.Jelmer Vernooij1-1/+2
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-02-21Avoid use of global_loadparm.Jelmer Vernooij1-8/+26
(This used to be commit c5a95bbe0ce55c29e135a9c6058bf192ec3bb546)
2008-01-03r26655: torture/auth/pac: remove uses of global_loadparmJelmer Vernooij1-2/+2
(This used to be commit ff67935be4980c701a9cd9a7fa435b8d1e02dfec)
2008-01-01r26639: librpc: Pass iconv convenience on from RPC connection to NDR ↵Jelmer Vernooij1-2/+4
library, so it can be overridden by OpenChange. (This used to be commit 2f29f80e07adef1f020173f2cd6d947d0ef505ce)
2007-12-21r26252: Specify loadparm_context explicitly when creating sessions.Jelmer Vernooij1-1/+1
(This used to be commit 7280c1e9415daabb2712db1372e23f9846272ede)
2007-12-21r26238: Add a loadparm context parameter to torture_context, remove more ↵Jelmer Vernooij1-2/+2
uses of global_loadparm. (This used to be commit a33a5530545086b81a3b205aa109dff11c546926)
2007-12-21r26233: Pass loadparm context when creating krb5 contexts.Jelmer Vernooij1-0/+2
(This used to be commit 7780bf285fdfc30f89409d0436bad0d4b6de5cd4)
2007-12-21r25920: ndr: change NTSTAUS into enum ndr_err_code (samba4 callers)Stefan Metzmacher1-4/+7
lib/messaging/ lib/registry/ lib/ldb-samba/ librpc/rpc/ auth/auth_winbind.c auth/gensec/ auth/kerberos/ dsdb/repl/ dsdb/samdb/ dsdb/schema/ torture/ cluster/ctdb/ kdc/ ntvfs/ipc/ torture/rap/ ntvfs/ utils/getntacl.c ntptr/ smb_server/ libcli/wrepl/ wrepl_server/ libcli/cldap/ libcli/dgram/ libcli/ldap/ libcli/raw/ libcli/nbt/ libnet/ winbind/ rpc_server/ metze (This used to be commit 6223c7fddc972687eb577e04fc1c8e0604c35435)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r22969: fix some more places where we could end up with more than one eventAndrew Tridgell1-2/+5
context. We now have an event context on the torture_context, and we can also get one from the cli_credentials structure (This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
2007-10-10r22184: On some hosts, parsing a compleatly invalid principal causes heimadalAndrew Bartlett1-2/+6
to try and figure out what realm the current host is in (by DNS lookup for it's full domain name). We don't want to do that for this test, just break the checksum. Andrew Bartlett (This used to be commit 791e87514505acc68c5a8ff71fe9a27efdc6a027)
2007-10-10r19649: Fix indentation.Andrew Bartlett1-65/+65
Andrew Bartlett (This used to be commit ffce0087759d45a8dff8647feffa3bedbf42023b)
2007-10-10r19604: This is a massive commit, and I appologise in advance for it's size.Andrew Bartlett1-3/+5
This merges Samba4 with lorikeet-heimdal, which itself has been tracking Heimdal CVS for the past couple of weeks. This is such a big change because Heimdal reorganised it's internal structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases. In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO PAC. This matches windows behavour. We also have an option to require the PAC to be present (which allows us to automate the testing of this code). This also includes a restructure of how the kerberos dependencies are handled, due to the fallout of the merge. Andrew Bartlett (This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
2007-10-10r19507: Merge my DSO fixes branch. Building Samba's libraries as shared ↵Jelmer Vernooij1-1/+1
libraries works again now, by specifying --enable-dso to configure. (This used to be commit 7a01235067a4800b07b8919a6a475954bfb0b04c)
2007-10-10r19339: Merge my 4.0-unittest branch. This adds an API for more fine-grainedJelmer Vernooij1-158/+123
output in the testsuite rather than just True or False for a set of tests. The aim is to use this for: * known failure lists (run all tests and detect tests that started working or started failing). This would allow us to get rid of the RPC-SAMBA3-* tests * nicer torture output * simplification of the testsuite system * compatibility with other unit testing systems * easier usage of smbtorture (being able to run one test and automatically set up the environment for that) This is still a work-in-progress; expect more updates over the next couple of days. (This used to be commit 0eb6097305776325c75081356309115f445a7218)
2007-10-10r16331: Split out registering of multi fn tests, fix typo in name of pac suite.Jelmer Vernooij1-1/+1
(This used to be commit 9e8574ac6cd38d1ff388f0c9ff37d86b316a431e)
2007-10-10r16328: Wrap all existing tests in simple single-function testsuites.Jelmer Vernooij1-4/+3
(This used to be commit 7e811adf59841936b7e634fca4e95630f890c5af)
2007-10-10r16304: Improve testing UI API. This now allows registering the fullJelmer Vernooij1-43/+13
test suite tree, looks a bit more like other unit testing API's, fixes some memory responsibility issues, introduces testcases, and removes the need for tests to call torture_ok(). (This used to be commit 0445b1a56a02552f895f400960b9ced39244a144)
2007-10-10r16158: Convert to use UI APIJelmer Vernooij1-125/+129
(This used to be commit 18f9584a791a7984560cdf577f3dde1ef1765fb0)
2007-10-10r15328: Move some functions around, remove dependencies.Jelmer Vernooij1-1/+0
Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher1-1/+1
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14720: Add torture_context argument to all torture testsJelmer Vernooij1-1/+2
(This used to be commit 3c7a5ce29108dd82210dc3e1f00414f545949e1d)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij1-0/+1
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+1
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r12696: Reduce the size of include/structs.hJelmer Vernooij1-0/+1
(This used to be commit 63917616016133c623fc6ff59454bc313ee7dd8f)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-1/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r11968: More warning fixes. We're on track to getting to double digits forTim Potter1-1/+1
the number of warnings generated now. (This used to be commit d479f2d7607adc698d71c5ba26932c72a26dcaab)
2007-10-10r11543: A major upgrade to our KDC and PAC handling.Andrew Bartlett1-7/+8
We now put the PAC in the AS-REP, so that the client has it in the TGT. We then validate it (and re-sign it) on a TGS-REQ, ie when the client wants a ticket. This should also allow us to interop with windows KDCs. If we get an invalid PAC at the TGS stage, we just drop it. I'm slowly trying to move the application logic out of hdb-ldb.c, and back in with the rest of Samba's auth system, for consistancy. This continues that trend. Andrew Bartlett (This used to be commit 36973b1eef7db5983cce76ba241e54d5f925c69c)
2007-10-10r11282: Fix memory leak in LOCAL-PAC test.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit c8bf7d32ebdc9bc795ce45a6d250a2378ac803aa)
2007-10-10r11277: fix compiler warningStefan Metzmacher1-1/+1
metze (This used to be commit 4d956b17c1f9e0d7a3c275b621380f1bc821b56e)
2007-10-10r11272: In trying to track down why Win2k3 is again rejecting our PAC, ensureAndrew Bartlett1-1/+80
we can round-trip all the way back to a server_info structure, not just a filled in PAC_DATA. (I was worried about generated fields being incorrect, or some other logical flaw). Andrew Bartlett (This used to be commit 11b1d78cc550c60201d12f8778ca8533712a5b1e)
2007-10-10r10146: Clarify which test is failing in error messages.Andrew Bartlett1-25/+29
Don't dump the pac to x.dat (accidental commit). Andrew Bartlett (This used to be commit a798d76a4ad6c0cb280d4e03e9819702acb16f55)
2007-10-10r10066: This is the second in my patches to work on Samba4's kerberos support,Andrew Bartlett1-9/+134
with an aim to make the code simpiler and more correct. Gone is the old (since the very early Samba 3.0 krb5 days) 'iterate over all keytypes)' code in gensec_krb5, we now follow the approach used in gensec_gssapi, and use a keytab. I have also done a lot of work in the GSSAPI code, to try and reduce the diff between us and upstream heimdal. It was becoming hard to track patches in this code, and I also want this patch (the DCE_STYLE support) to be in a 'manageable' state for when lha considers it for merging. (metze assures me it still has memory leak problems, but I've started to address some of that). This patch also includes a simple update of other code to current heimdal, as well as changes we need for better PAC verification. On the PAC side of things we now match windows member servers by checking the name and authtime on an incoming PAC. Not generating these right was the cause of the PAC pain, and so now both the main code and torture test validate this behaviour. One thing doesn't work with this patch: - the sealing of RPC pipes with kerberos, Samba -> Samba seems broken. I'm pretty sure this is related to AES, and the need to break apart the gss_wrap interface. Andrew Bartlett (This used to be commit a3aba57c00a9c5318f4706db55d03f64e8bea60c)
2007-10-10r9701: Provide correct parameters.Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit 1cd62944f1387a3922e01dbee9bcf28f96f131ad)