summaryrefslogtreecommitdiffstats
path: root/source3/utils/ntlm_auth.c
Commit message (Collapse)AuthorAgeFilesLines
* Use global context for winbindd_request_responseMatthew Newton2015-03-101-8/+8
| | | | | | | | | Updating API call in libwbclient, wbinfo, ntlm_auth and winbind_nss_* as per previous commit to wb_common.c. Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* ntlm_auth: Allow the --option parameter to work against ntlm_authAndrew Bartlett2014-10-171-0/+1
| | | | | | | | | Change-Id: Iee386624359c2bf8437719f286e306cdfbb628c6 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Oct 17 15:20:59 CEST 2014 on sn-devel-104
* ntlm_auth: Allow us to use kerberos when we are an AD DCAndrew Bartlett2014-10-171-1/+1
| | | | | | Change-Id: I88caff9ded915d914cb7fda8829ccbcd3ad64af1 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Replace all uses of iniparser with tiniparser.Jeremy Allison2014-08-141-5/+5
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* auth/gensec: remove tevent_context argument from gensec_update()Stefan Metzmacher2014-03-271-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Stop use after freeAlistair Leslie-Hughes2013-09-271-1/+5
| | | | | | | | | | | | Fixes bug #10087 Thanks to Man Min Yan for their analysis and providing a solution to the issue. Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Sep 27 14:29:46 CEST 2013 on sn-devel-104
* libcli/auth: add more const to spnego_negTokenInit->mechTypesStefan Metzmacher2013-08-101-1/+1
| | | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Aug 10 11:11:54 CEST 2013 on sn-devel-104
* auth/gensec: treat struct gensec_security_ops as const if possible.Stefan Metzmacher2013-08-101-11/+11
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: introduce gensec_internal.hStefan Metzmacher2013-08-101-0/+1
| | | | | | | | | | We should treat most gensec related structures private. It's a long way, but this is a start. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:ntlm_auth: remove pointless credentials->priv_data = NULL;Stefan Metzmacher2013-08-051-1/+0
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* source3/utils/ntlm_auth.c: Fix typo in debug message.Karolin Seeger2013-05-151-1/+1
| | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* ntlm_auth: Use new samba_getpass() function.Andreas Schneider2012-12-031-1/+7
| | | | Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* ntlm_auth: Increase debug level if we use config domain name.Andreas Schneider2012-10-261-2/+2
| | | | | | | | | | If an application like evolution-ews is using ntlm_auth it will alwys get this message cause the is no winbind running and it is not needed. Reviewed-by: Simo Sorce <idra@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Oct 26 20:13:45 CEST 2012 on sn-devel-104
* Check error returns from strupper_m() (in all reasonable places).Jeremy Allison2012-08-091-3/+1
|
* lib/param: Move all enum declarations to lib/paramAndrew Bartlett2012-07-241-0/+1
| | | | | | | | This is in preperation for the parameter table being made common. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
* auth: Common function for retrieving PAC_LOGIN_INFO from PACChristof Schmitt2012-07-061-26/+2
| | | | | | | | Several functions use the same logic as kerberos_pac_logon_info. Move kerberos_pac_logon_info to common code and reuse it to remove the code duplication. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* auth: Remove .get_challenge (only used for security=server)Andrew Bartlett2012-07-031-13/+0
| | | | | | | | | | | | | With NTLMSSP, for NTLM2 we need to be able to set the effective challenge, so if we ever did use a module that needed this functionlity, we would downgrade to just NTLM. Now that security=server has been removed, we have no such module. This will make it easier to make the auth subsystem async, as we will not need to consider making .get_challenge async. Andrew Bartlett
* s3-param: Rename loadparm_s3_context -> loadparm_s3_helpersAndrew Bartlett2012-06-271-1/+1
| | | | | | | | | | | | | | | | | This helps clarify the role of this structure and wrapper function. The purpose here is to provide helper functions to the lib/param loadparm_context that point back at the s3 lp_ functions. This allows a struct loadparm_context to be passed to any point in the code, and always refer to the correct loadparm system. If this has not been set, the variables loaded in the lib/param code will be returned. As requested by Michael Adam. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 27 17:11:16 CEST 2012 on sn-devel-104
* s3: Attempt to fix the build without kerberosVolker Lendecke2012-04-241-0/+3
| | | | | Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Tue Apr 24 15:04:14 CEST 2012 on sn-devel-104
* Make krb5 wrapper library common so they can be used all overSimo Sorce2012-04-231-1/+3
|
* s3: Fix a "ISO C90 forbids mixed declarations and code"Volker Lendecke2012-04-191-3/+7
| | | | | Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Thu Apr 19 10:32:27 CEST 2012 on sn-devel-104
* s3-ntlm_auth: use manage_gensec_request for squid-2.5-ntlmsspAndrew Bartlett2012-04-031-178/+9
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Order GENSEC mechs by priority, krb5 before NTLMSSPAndrew Bartlett2012-04-031-2/+3
| | | | | | | | | Otherwise, really simple clients (such as the current ntlm_auth gss-spnego client) will not select krb5. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-ntlm_auth: add ntlm_auth_generate_session_info_pac()Andrew Bartlett2012-04-031-0/+144
| | | | | | Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-ntlm_auth Use GENSEC for gss-spnego serverAndrew Bartlett2012-04-031-404/+390
| | | | | | | | | | This imports the gensec handling code from the source4 ntlm_auth, which will eventually be used for all the NTLMSSP and SPNEGO clients and servers but which is only used for gss-spnego for now. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-krb5: Remove GSS_WRAP_IOV conditionalAndrew Bartlett2012-03-151-1/+1
| | | | | | | We already confirm that we have this functionality before we set HAVE_KRB5 at configure time. Andrew Bartlett
* s3-ntlm_auth fix up gss-spnego-client so as to work with gss-spnegoAndrew Bartlett2012-03-011-16/+5
| | | | | | The SPNEGO code changed since this was last tested. Andrew Bartlett
* s3-ntlm_auth: Wrap kerberos token in GSSAPIAndrew Bartlett2012-03-011-2/+6
| | | | | | | | | | | | While windows will accept this ticket without the wrapping, it is nicer to follow the standard and wrap it up in GSSAPI. This should allow the ntlm_auth gss-spnego-client to talk to the ntlm_auth gss-spengo server. Reported by Christof Schmitt <christof.schmitt@us.ibm.com> Andrew Bartlett
* s3-ntlm_auth: Add --target-service and --target-hostname optionsAndrew Bartlett2012-03-011-9/+40
| | | | | | | This will allow the gss-spnego-client protocol to work with modern SPNEGO servers that do not send the principal in the mechListMIC. Andrew Bartlett
* s3-ntlm_auth: Convert ntlm_auth to use gensec_ntlmssp server-sideAndrew Bartlett2012-02-241-99/+327
| | | | | | | This uses the common gensec_ntlmssp server code for ntlm_auth, removing the last non-gensec use of the NTLMSSP server. Andrew Bartlett
* s3-ntlm_auth: allow ntlm_auth --diagnostics to pass againAndrew Bartlett2012-02-201-3/+6
| | | | | | | This still requires that the server permit LM passwords, but our s3dc test environment has this enabled. Andrew Bartlett
* s3-build: Rework object lists to allow gse gensec moduleAndrew Bartlett2012-01-181-39/+0
| | | | | | | | This also allows the spnego_parse_krb5_wrap() function to be shared. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett2011-10-181-1/+1
| | | | | | | | | This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-ntlmssp Remove calls to auth_ntlmssp_and_flags from the serverAndrew Bartlett2011-08-031-0/+4
| | | | | | | | | | | | This is changed so that the callers ask for the additional flags that they need, starting with no additional flags. This helps to create a proper abstraction layer in ntlmssp_wrap/auth_ntlmssp. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3:ntlm_auth: use lp_load_global()Michael Adam2011-07-281-1/+1
|
* s3-param Remove special case for global_myname(), rename to lp_netbios_name()Andrew Bartlett2011-06-091-5/+5
| | | | | | | | There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett
* s3-lib Replace StrnCaseCmp() with strncasecmp_m()Andrew Bartlett2011-05-181-1/+1
| | | | | | | strncasecmp_m() never needs to call to talloc, and via next_codepoint() still has an ASCII fast-path bypassing iconv() calls. Andrew Bartlett
* More const fixes. Remove CONST_DISCARD.Jeremy Allison2011-05-061-3/+3
|
* s3: Fix Coverity ID 1136: CONSTANT_EXPRESSION_RESULTVolker Lendecke2011-04-011-1/+1
|
* s3-build: only include asn1 headers where actually needed.Günther Deschner2011-03-161-0/+1
| | | | Guenther
* s3:ntlm_auth: support clients which offer a spnego mechs we don't supportStefan Metzmacher2010-12-071-110/+169
| | | | | | | | | | | | | Before we rejected the authentication if we don't support the first spnego mech the client offered. We now negotiate the first mech we support. This fix works arround problems, when a client sends the NEGOEX (1.3.6.1.4.1.311.2.2.30) oid, which we don't support. metze
* s3:ntlm_auth: free session key, as we don't use it (at least for now)Stefan Metzmacher2010-12-071-1/+2
| | | | metze
* s3:ntlm_auth: fix memory leak in the raw ntlmssp code pathStefan Metzmacher2010-12-071-0/+2
| | | | metze
* s3-debug Impove setup_logging() to specify logging to stderrAndrew Bartlett2010-11-021-1/+1
| | | | | | | | This change improves the setup_logging() API so that callers which wish to set up logging to stderr can simply ask for it, rather than directly modify the dbf global variable. Andrew Bartlett
* s3: Add the PAC info3 struct to the netsamlogon_cache in ntlm_authVolker Lendecke2010-09-161-0/+4
|
* s3: Correctly unwrap the krb ticket in gss-spnegoVolker Lendecke2010-09-161-1/+52
|
* s3: Fall back to raw NTLMSSP for the gss-spnego protocolVolker Lendecke2010-09-161-0/+25
| | | | | | This is to handle the mod_auth_ntlm_winbind protocol sending "Negotiate" to IE, which sends raw NTLMSSP instead of a SPNEGO wrapped NTLMSSP blob.
* s3: Split off output generation from manage_squid_ntlmssp_requestVolker Lendecke2010-09-161-17/+41
|
* s3: Wrap the ntlm_auth loop with a talloc_stackframeVolker Lendecke2010-09-161-0/+2
|
* libcli/auth/ntlmssp Be clear about talloc parents for session keysAndrew Bartlett2010-09-161-5/+7
| | | | | | | | | | The previous API was not clear as to who owned the returned session key. This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code, and avoids making allocations - we steal and zero instead. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
generated by cgit (git 2.34.1) at 2025-06-14 08:11:40 +0000