summaryrefslogtreecommitdiffstats
path: root/source4/auth/gensec
Commit message (Collapse)AuthorAgeFilesLines
* s4-schannel: add ldb suffix to schannel functions.Günther Deschner2009-08-271-2/+2
| | | | Guenther
* s4:gensec/spnego: only generate the mechListMic when the server expects itStefan Metzmacher2009-07-281-1/+2
| | | | | | This fixes the ntvfs.cifs tests. metze
* s4:gensec_gssapi: pass the correct oid to the gssapi layer.Stefan Metzmacher2009-07-241-4/+11
| | | | metze
* s4:gensec/spengo: make sure we send the blob with the micListMech signature ↵Stefan Metzmacher2009-07-241-1/+1
| | | | | | | | to the peer We should even do this if the submech has no more data to send. metze
* s4:gensec Rework gensec_krb5 mutual authentication defaultsAndrew Bartlett2009-07-161-24/+28
| | | | | | | | When emulating Samba3 (which we do to ensure we don't break compatability), don't do mutual authentication by default, as it breaks the session key with AES and isn't what Samba3 does anyway. Andrew Bartlett
* s4:gensec Allow mutual auth to be turned off in 'fake_gssapi_krb5'Andrew Bartlett2009-07-161-5/+15
| | | | | | | | This allows the older 'like Samba3' GENSEC krb5 implementation to work against Windows 2008. I'm using this to track down interop issues in this area. Andrew Bartlett
* gensec_start now steals the auth_contextAndrew Tridgell2009-07-011-1/+3
|
* s4:gensec Print GSSAPI error message when unable to find PACAndrew Bartlett2009-06-181-1/+3
|
* s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵Andrew Bartlett2009-06-121-0/+3
| | | | | | | | | | | 904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
* Fix dependencies when using shared libraries.Jelmer Vernooij2009-06-021-1/+1
|
* Remove unused headersAndrew Bartlett2009-04-191-4/+2
|
* Fix Samba4 build errors with common libcli/samsyncAndrew Bartlett2009-04-161-0/+1
|
* Rework to use new API for common netlogon credential chainingAndrew Bartlett2009-04-141-1/+1
|
* Rework Samba4 to use the new common libcli/auth codeAndrew Bartlett2009-04-143-13/+26
| | | | | | | In particular, this is the rename from creds_ to netlogon_creds_, as well as other links to use the new common crypto. Andrew Bartlett
* Push schannel_state.c into the top level.Andrew Bartlett2009-04-142-284/+1
| | | | | | This is the server side state for netlogon credential chaining Andrew Bartlett
* Push sam_get_server_info_principal into the auth subsystemAndrew Bartlett2009-02-133-7/+24
| | | | | | | | | This means it must be accessed via the supplied auth_context in the GENSEC server, and should remove the hard depenceny of GENSEC on the auth subsystem and ldb (allowing LDB not to rely on LDB is considered a good thing, apparently) Andrew Bartlett
* Remove auth/ntlm as a dependency of GENSEC by means of function pointers.Andrew Bartlett2009-02-133-17/+16
| | | | | | | | | | | When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett
* s4:auth/gensec: s/private/private_dataStefan Metzmacher2009-02-021-10/+10
| | | | metze
* Make schannel not depend on samdb anymore.Simo Sorce2009-02-012-6/+61
|
* s4:auth: move make_server_info_netlogon_validation() function arroundStefan Metzmacher2009-01-211-1/+1
| | | | metze
* s4:lib/tevent: rename structsStefan Metzmacher2008-12-294-17/+17
| | | | | | | | | | | | | | | | | | | | list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
* Rename samba-socket -> samba_socket to fix a couple more compilerJelmer Vernooij2008-12-241-1/+1
| | | | warnings.
* Add missing includes, required for use of gensec by 3rd-partyMatthias Dieter Wallnöfer2008-12-231-0/+3
| | | | applications.
* s4: fix LIBEVENTS dependencies and use more forward declarationsStefan Metzmacher2008-12-171-0/+1
| | | | | | | We should only include events.h where we really need it and prefer forward declarations of 'struct event_context' metze
* Fix the build.Jelmer Vernooij2008-11-023-19/+43
|
* Remove use of global_loadparm for disabled gensec backends.Jelmer Vernooij2008-11-023-4/+25
|
* Fix the build.Jelmer Vernooij2008-11-021-2/+2
|
* Add gensec_settings structure. This wraps loadparm_context for now, butJelmer Vernooij2008-11-025-47/+65
| | | | should in the future only contain some settings required for gensec.
* Make sure prototypes are always included, make some functions static andJelmer Vernooij2008-10-203-2/+3
| | | | remove some unused functions.
* Fix include paths to new location of libutil.Jelmer Vernooij2008-10-112-2/+2
|
* Provide the same set of helper functions for DEBUG in Samba 3 and SambaJelmer Vernooij2008-10-111-11/+11
| | | | | | | 4, even though the macros are still different. This makes it possible to use object code compiled with one DEBUG() macro from the other sourceX directory.
* s4:gensec: pass down want_features to the spnego backend mechStefan Metzmacher2008-10-063-1/+24
| | | | metze
* make the schannel creentials persistentAndrew Tridgell2008-09-291-1/+1
| | | | | this makes testing with the WSPP test suite much easier over samba restarts
* Cosmetic corrections for the KERBEROS libraryMatthias Dieter Wallnöfer2008-09-241-1/+1
| | | | This commit applies some cosmetic corrections for the KERBEROS library.
* Merge branch 'master' of ssh://git.samba.org/data/git/samba into cryptoJelmer Vernooij2008-09-242-6/+8
|\
| * Fix nasty bug that would come up only if a client connection to a remoteSimo Sorce2008-09-242-6/+8
| | | | | | | | | | | | | | | | | | ldap server suddenly dies. We were creating a wrong talloc hierarchy, so the event.fde was not freed automatically as expected. This in turn made the event system call the ldap io handlers with a null packet structure, causing a segfault. Fix also the ordering in ldap_connection_dead() Thanks to Metze for the huge help in tracking down this one.
* | Move source4/lib/crypto to lib/crypto.Jelmer Vernooij2008-09-241-1/+1
|/
* Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce2008-09-231-1/+1
| | | | | The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
* gensec_krb5: only give away the session key, when the authentication is doneStefan Metzmacher2008-09-231-0/+4
| | | | metze
* gensec_gssapi: only give away the session key, when the authentication is doneStefan Metzmacher2008-09-231-4/+5
| | | | metze
* Heimdal provides Kerberos PAC parsing routines. Use them.Andrew Bartlett2008-08-281-88/+41
| | | | | | | | | | | | | | This uses Heimdal's PAC parsing code in the: - LOCAL-PAC test - gensec_gssapi server - KDC (where is was already used, the support code refactored from here) In addition, the service and KDC checksums are recorded in the struct auth_serversupplied_info, allowing them to be extracted for validation across NETLOGON. Andrew Bartlett (This used to be commit 418b440a7b8cdb53035045f3981d47b078be6c1e)
* Put the internal gensec_gssapi state into a header.Andrew Bartlett2008-08-272-43/+69
| | | | | | | | This will allow a torture suite to inspect some otherwise internal details. Andrew Bartlett (This used to be commit 9701149ef75f9771f42000e2b6f44963abfee938)
* gensec_gssapi: only cache the session key in STAGE_DONEStefan Metzmacher2008-08-141-5/+9
| | | | | | | | The key may change because we switch from initiator to acceptor subkey. metze (This used to be commit 66244092a457b2cde6339cb31dcfa73b122ba9b5)
* gensec_gssapi: add support for GENSEC_FEATURE_NEW_SPNEGOStefan Metzmacher2008-08-121-0/+25
| | | | | metze (This used to be commit 9246924effd4d0b08ca1ef87e45ad510020df93e)
* gensec_gssapi: fix compiler warningsStefan Metzmacher2008-08-121-2/+2
| | | | | metze (This used to be commit f4f4bb7fe977301e468ab164ba750b69d9a92306)
* gensec_gssapi: add a function to load the lucid structure onceStefan Metzmacher2008-08-121-15/+44
| | | | | metze (This used to be commit daa986d1d04e59550bb5d33b5075daa414d087ba)
* gensec: add support for new style spnego and correctly handle mechListMICStefan Metzmacher2008-08-123-7/+135
| | | | | metze (This used to be commit 05a3403967d3cf64bca8b06536dc1b20cf835396)
* gensec_gssapi: use the correct signature size for cfx/rfc4121 style signaturesStefan Metzmacher2008-08-081-1/+1
| | | | | metze (This used to be commit fcabe24f96c9677146ca754a502f336c23050339)
* gensec_gssapi: use gsskrb5_get_subkey() to get the session keyStefan Metzmacher2008-08-081-3/+3
| | | | | | | This is needed to get the correct key, when aes keys are used. metze (This used to be commit 7587a7d8b65f27a5865d6873f63a450488da02c9)
* gensec_gssapi: add support for GENSEC_FEATURE_SIGN_PKT_HEADERStefan Metzmacher2008-08-071-4/+82
| | | | | | | | This only works for sign/verify_packet() yet, seal/unseal_packet() doesn't work yet... metze (This used to be commit c62e5d23a69789d23516a6d150fd3b756e270998)
generated by cgit (git 2.34.1) at 2025-09-03 01:00:55 +0000