| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This ensures that we use the same SPNEGO code on session setup and on
DCE/RPC binds, and simplfies the calling code as spnego is no longer
a special case in cli_pipe.c
A special case wrapper function remains to avoid changing the
application layer callers in this patch.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
| |
SPNEGO is implemented only in terms of gensec mechanisms now.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
|
|
| |
This simplifies a lot of code, as we know we are always dealing
with a struct gensec_security, and allows the gensec module being
used to implement GSSAPI to be swapped for AD-server operation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
|
| |
As well as renaming, this allows us to start the mech by DCE/RPC auth
type or OID.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
|
| |
This structure handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
|
| |
We always dereferenced auth_ntlmssp_state->gensec_security, so now we
do not bother passing around the whole auth_ntlmssp_state.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
| |
We now just call the gensec_session_key() directly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
| |
We now just call the gensec_want_feature() directly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
| |
This avoids the indirection via the auth_ntlmsssp wrapper functions.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
| |
We now just call gensec_update directly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This will allow it to be a wrapper around a gensec module, which
requires that they options be set on a context, but before the
mechanism is started.
This also simplfies the callers, by moving the lp_*() calls
into one place.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
| |
This brings in the code from both libcli/auth and
source4/auth/ntlmssp.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
There is no need to mask out these flags as they simply are not set
yet.
The correct abstraction is to ask for NTLMSSP features.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
| |
|
|
|
|
|
|
|
| |
We now just use auth_ntlmssp_want_feature to get extra flags
on the NTLMSSP context
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is changed so that the callers ask for the additional flags
that they need, starting with no additional flags.
This helps to create a proper abstraction layer in
ntlmssp_wrap/auth_ntlmssp.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
| |
|
|
|
|
|
|
| |
This clarifies the lifetime of the returned token.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
| | |
|
| |
|
|
|
|
|
|
| |
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.
Andrew Bartlett
|
| |
|
|
|
|
| |
squashed: add michlistMIC signature checks
Signed-off-by: Günther Deschner <gd@samba.org>
|
| |
|
|
| |
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
