summaryrefslogtreecommitdiffstats
path: root/libcli/auth
Commit message (Collapse)AuthorAgeFilesLines
* libcli/auth: add more const to spnego_negTokenInit->mechTypesStefan Metzmacher2013-08-103-13/+18
| | | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Aug 10 11:11:54 CEST 2013 on sn-devel-104
* libcli/auth: avoid possible mem leak in read_negTokenInit()Stefan Metzmacher2013-08-101-4/+15
| | | | | | | | Also add error checks. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth/schannel: remove unused schannel_positionStefan Metzmacher2013-08-101-7/+0
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth/schannel: make struct schannel_state privateStefan Metzmacher2013-08-102-13/+12
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth: add netsec_create_state()Stefan Metzmacher2013-08-102-0/+26
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth: maintain the sequence number for the NETLOGON SSP as 64bitStefan Metzmacher2013-08-102-5/+14
| | | | | | | | See [MS-NPRC] 3.3.4.2 The Netlogon Signature Token. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth: add netlogon_creds_shallow_copy_logon()Stefan Metzmacher2013-08-052-0/+76
| | | | | | | | This can be used before netlogon_creds_encrypt_samlogon_logon() in order to keep the provided buffers unchanged. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/auth: add netlogon_creds_[de|en]crypt_samlogon_logon()Stefan Metzmacher2013-08-052-0/+124
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/auth: fix shadowed declaration in ↵Stefan Metzmacher2013-08-051-4/+4
| | | | | | | netlogon_creds_crypt_samlogon_validation() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/auth: make netlogon_creds_crypt_samlogon_validation more robustStefan Metzmacher2013-08-051-1/+5
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/auth: also set secure channel type in netlogon_creds_client_init().Günther Deschner2013-08-052-0/+3
| | | | | | Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* schannel: Fix an unused variableVolker Lendecke2013-07-311-1/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* build: Build with system md5.h on OpenIndianaAndrew Bartlett2013-06-193-6/+6
| | | | | | | | | | | | | | | | | | | | This changes (again...) our system md5 detection to cope with how OpenIndiana does md5. I'm becoming increasingly convinced this isn't worth our while (we should have just done samba_md5...), but for now this change seems to work on FreeBSD, OpenIndiana and Linux with libbsd. This needs us to rename struct MD5Context -> MD5_CTX, but we provide a config.h define to rename the type bad if MD5_CTX does not exist (it does however exist in the md5.h from libbsd). Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
* schannel_store.tdb: make it schannel_store.ntdb if 'use ntdb'.Rusty Russell2013-04-121-1/+1
| | | | | Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/auth: convert to dbwrap.Rusty Russell2013-04-123-39/+37
| | | | | Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/auth: avoid using transactions a chainlock is enoughStefan Metzmacher2013-03-281-10/+26
| | | | | | | | | | | | | We're just writting a single record into a CLEAR_IF_FIRST|TDB_NOSYNC tdb. We just need to make sure we lock the record between reading and writting. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Mar 28 14:52:14 CET 2013 on sn-devel-104
* libcli/auth: fix void function cannot return value errorAndrew Bartlett2013-01-221-2/+2
| | | | | | | Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jan 22 22:32:31 CET 2013 on sn-devel-104
* libcli: Check schannel state return value of tdb_transaction_commit().Andreas Schneider2012-12-211-1/+5
| | | | | | | Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* libcli/auth: add netlogon_creds_encrypt_samlogon_validation().Günther Deschner2012-12-152-6/+44
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth: rename netlogon_creds_decrypt_samlogon() to ↵Günther Deschner2012-12-152-6/+9
| | | | | | | | | netlogon_creds_decrypt_samlogon_validation(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth: support AES decryption in netlogon_creds_decrypt_samlogon().Günther Deschner2012-12-091-0/+14
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli/auth: remove trailing whitespace.Günther Deschner2012-12-091-38/+38
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli/auth: add netlogon_creds_aes_{en|de}crypt routines.Günther Deschner2012-12-092-0/+30
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Remove useless bool "upper_case_domain" parameter from ntv2_owf_gen().Jeremy Allison2012-08-243-13/+3
| | | | | | | | The code in SMBNTLMv2encrypt_hash() should not be requesting case changes on the domain name. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Aug 24 21:39:42 CEST 2012 on sn-devel-104
* Remove useless bool "upper_case_domain" parameter.Jeremy Allison2012-08-241-13/+2
|
* Move uppercasing the domain out of smb_pwd_check_ntlmv2()Jeremy Allison2012-08-241-9/+21
| | | | | | Allows us to remove a silly bool parameter. Based on work done by "Blohm, Guntram (I/FP-37, extern)" <extern.guntram.blohm@audi.de>.
* libcli/auth: add support for AES/HMAC-SHA256 to the netlogon schannel sign/sealStefan Metzmacher2012-07-171-51/+137
| | | | | | metze Signed-off-by: Günther Deschner <gd@samba.org>
* libcli/auth: add support for AES/HMAC-SHA256 schannel session key supportStefan Metzmacher2012-07-171-3/+63
| | | | | | metze Signed-off-by: Günther Deschner <gd@samba.org>
* s4:librpc/rpc/dcerpc_schannel: just append NETLOGON_NEG_RODC_PASSTHROUGH as rodcStefan Metzmacher2012-07-171-2/+0
| | | | | | | | The RODC stuff doesn't depend on the schannel algorithm. metze Signed-off-by: Günther Deschner <gd@samba.org>
* libcli: use tdb directly, not tdb_compat.Rusty Russell2012-06-191-2/+2
| | | | | Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* UTIL_TDB: lowercase name.Jelmer Vernooij2012-05-031-1/+1
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu May 3 20:18:22 CEST 2012 on sn-devel-104
* Make krb5 wrapper library common so they can be used all overSimo Sorce2012-04-233-310/+1
|
* krb5_wrap: krb5_string_to_key / krb5_encrypt_block are deprecated.Simo Sorce2012-04-121-4/+4
| | | | | | Remove checks and replace with krb5_c_string_to_key(). Signed-off-by: Andreas Schneider <asn@samba.org>
* auth-krb: Move pac related util functions in a single place.Simo Sorce2012-04-122-81/+0
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* auth-krb: Make functions static.Simo Sorce2012-04-121-4/+0
| | | | | | | The remaining gssapi_parse functions were used exclusively in gensec_krb5. Move them there and make them static. Signed-off-by: Andreas Schneider <asn@samba.org>
* auth-krb: Nove oid packet check to gensec_util.Simo Sorce2012-04-121-1/+0
| | | | | | | | This is clearly a utiliy function generic to gensec. Also the 3 callers had identical implementations. Provide a generic implementation for all of them and avoid duplicating the code everywhere. Signed-off-by: Andreas Schneider <asn@samba.org>
* krb5_wrap: remove duplicate declaration and dead ifdefSimo Sorce2012-04-121-4/+0
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* tdb_wrap: Move to specific directory.Jelmer Vernooij2012-03-101-1/+1
| | | | | | | | | | It's a bit confusing to mix low-level and high-level libraries. We had multiple libraries in one directory, and there were have circular dependencies with other libraries outside that directory (in this case, samba-hostconfig). Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Mar 10 23:13:01 CET 2012 on sn-devel-104
* libcli: Remove a pointless checkVolker Lendecke2012-02-251-3/+1
| | | | "n" is size_t, so it is always >=0.
* auth: Move the rest of the source4 gensec_ntlmssp code to the top levelAndrew Bartlett2012-02-171-2/+2
| | | | | | | | | | The ntlmssp_server code will be in common shortly, and aside from a symbol name or two, moving the client code causes no harm and makes less mess. We will also get the client code in common very soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* auth/kerberos: Move gse_get_session_key() to common code and use in ↵Andrew Bartlett2012-02-171-0/+17
| | | | | | | | | gensec_gssapi Thie ensures that both code bases use the same logic to determine the use of NEW_SPNEGO. Andrew Bartlett
* auth/kerberos: Remove unused TALLOC_CTX argument to check_pac_checksumAndrew Bartlett2012-01-121-2/+1
|
* krb5: Require krb5_string_to_key be available to build with krb5Andrew Bartlett2012-01-101-1/+1
|
* krb5: Require krb5_principal_compare_any_realm be available to build with krb5Andrew Bartlett2012-01-101-28/+0
|
* krb5: Require krb5_c_verify_checksum is available to build with krb5Andrew Bartlett2012-01-101-63/+20
|
* auth/kerberos: Move gssapi_parse.c to the top levelAndrew Bartlett2011-12-281-0/+4
| | | | | | This will help with writing a gensec module for the s3 gse layer. Andrew Bartlett
* s4-lsarpc handle more info levels in SetInfoTrustedDomain callsAndrew Bartlett2011-12-121-1/+1
| | | | | | | This uses the very helpful conversion functions written for the s3 lsa server and places these in common. Andrew Bartlett
* ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett2011-10-188-1827/+5
| | | | | | | | | This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* lib/util: Add back control of mmap and hash size in tdb for top level buildAndrew Bartlett2011-10-131-1/+1
| | | | | | | | This passes down a struct loadparm_context to allow these parameters to be checked. This may be s3 or s4 context, allowing the #if _SAMBA_BUILD_ macro to go away safely. Andrew Bartlett
* libcli/auth: Provide a struct loadparm_context to schannel callsAndrew Bartlett2011-10-134-13/+14
| | | | | | This will allow us to pass this down to the tdb_wrap layer. Andrew Bartlett
generated by cgit (git 2.34.1) at 2026-01-22 20:29:16 +0000