samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

83 lines

2.3 KiB

C

Raw Normal View History

spnego: share spnego_parse. Guenther 2009-09-17 02:21:01 +04:00			`/*`
r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts. I have moved the SPNEGO and Kerberos code into libcli/auth, and intend to refactor them into the same format as NTLMSSP. Andrew Bartlett (This used to be commit 58da78a7460d5d0a4abee7d7b84799c228e6bc0b) 2004-06-19 12:15:41 +04:00			`Unix SMB/CIFS implementation.`

			`RFC2478 Compliant SPNEGO implementation`

			`Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003`

			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) 2007-07-10 06:07:03 +04:00			`the Free Software Foundation; either version 3 of the License, or`
r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts. I have moved the SPNEGO and Kerberos code into libcli/auth, and intend to refactor them into the same format as NTLMSSP. Andrew Bartlett (This used to be commit 58da78a7460d5d0a4abee7d7b84799c228e6bc0b) 2004-06-19 12:15:41 +04:00			`(at your option) any later version.`
spnego: share spnego_parse. Guenther 2009-09-17 02:21:01 +04:00
r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts. I have moved the SPNEGO and Kerberos code into libcli/auth, and intend to refactor them into the same format as NTLMSSP. Andrew Bartlett (This used to be commit 58da78a7460d5d0a4abee7d7b84799c228e6bc0b) 2004-06-19 12:15:41 +04:00			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

spnego: share spnego_parse. Guenther 2009-09-17 02:21:01 +04:00
r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts. I have moved the SPNEGO and Kerberos code into libcli/auth, and intend to refactor them into the same format as NTLMSSP. Andrew Bartlett (This used to be commit 58da78a7460d5d0a4abee7d7b84799c228e6bc0b) 2004-06-19 12:15:41 +04:00			`You should have received a copy of the GNU General Public License`
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) 2007-07-10 06:07:03 +04:00			`along with this program. If not, see <http://www.gnu.org/licenses/>.`
r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts. I have moved the SPNEGO and Kerberos code into libcli/auth, and intend to refactor them into the same format as NTLMSSP. Andrew Bartlett (This used to be commit 58da78a7460d5d0a4abee7d7b84799c228e6bc0b) 2004-06-19 12:15:41 +04:00			`*/`

spnego: share spnego_parse. Guenther 2009-09-17 02:21:01 +04:00			`#define OID_SPNEGO "1.3.6.1.5.5.2"`
			`#define OID_NTLMSSP "1.3.6.1.4.1.311.2.2.10"`
			`#define OID_KERBEROS5_OLD "1.2.840.48018.1.2.2"`
			`#define OID_KERBEROS5 "1.2.840.113554.1.2.2"`

libcli/auth bring ADS_IGNORE_PRINCIPAL in common 2010-12-04 07:23:44 +03:00			`#define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178@please_ignore"`

r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts. I have moved the SPNEGO and Kerberos code into libcli/auth, and intend to refactor them into the same format as NTLMSSP. Andrew Bartlett (This used to be commit 58da78a7460d5d0a4abee7d7b84799c228e6bc0b) 2004-06-19 12:15:41 +04:00			`#define SPNEGO_DELEG_FLAG 0x01`
			`#define SPNEGO_MUTUAL_FLAG 0x02`
			`#define SPNEGO_REPLAY_FLAG 0x04`
			`#define SPNEGO_SEQUENCE_FLAG 0x08`
			`#define SPNEGO_ANON_FLAG 0x10`
			`#define SPNEGO_CONF_FLAG 0x20`
			`#define SPNEGO_INTEG_FLAG 0x40`

s3-libads: move spnego defines to their appropriate header file. Guenther 2010-07-01 01:47:03 +04:00			`#define TOK_ID_KRB_AP_REQ ((const uint8_t *)"\x01\x00")`
			`#define TOK_ID_KRB_AP_REP ((const uint8_t *)"\x02\x00")`
			`#define TOK_ID_KRB_ERROR ((const uint8_t *)"\x03\x00")`
			`#define TOK_ID_GSS_GETMIC ((const uint8_t *)"\x01\x01")`
			`#define TOK_ID_GSS_WRAP ((const uint8_t *)"\x02\x01")`

r1347: - remove typedef - pass down gensec_user to the sub context - if segfault when mechType is NULL metze (This used to be commit 3f84263c27add3bf01eea88618f707da925bed5c) 2004-07-06 04:15:39 +04:00			`enum spnego_negResult {`
r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts. I have moved the SPNEGO and Kerberos code into libcli/auth, and intend to refactor them into the same format as NTLMSSP. Andrew Bartlett (This used to be commit 58da78a7460d5d0a4abee7d7b84799c228e6bc0b) 2004-06-19 12:15:41 +04:00			`SPNEGO_ACCEPT_COMPLETED = 0,`
			`SPNEGO_ACCEPT_INCOMPLETE = 1,`
r1363: add SPNEGO_NONE_RESULT as spnego_negResult value this should indicate that we don't send a spnego_negResult t all over the wire metze (This used to be commit 69d685d81784e5fb33e41d3244498ac620a2f5f0) 2004-07-06 21:46:47 +04:00			`SPNEGO_REJECT = 2,`
CVE-2016-2110: libcli/auth: add SPNEGO_REQUEST_MIC to enum spnego_negResult This is defined in http://www.ietf.org/rfc/rfc4178.txt. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> 2013-12-17 15:42:35 +04:00			`SPNEGO_REQUEST_MIC = 3,`
			`/*`
			`* The max value is 0xff (255) on the wire`
			`*/`
			`SPNEGO_NONE_RESULT = 256`
r1347: - remove typedef - pass down gensec_user to the sub context - if segfault when mechType is NULL metze (This used to be commit 3f84263c27add3bf01eea88618f707da925bed5c) 2004-07-06 04:15:39 +04:00			`};`
r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts. I have moved the SPNEGO and Kerberos code into libcli/auth, and intend to refactor them into the same format as NTLMSSP. Andrew Bartlett (This used to be commit 58da78a7460d5d0a4abee7d7b84799c228e6bc0b) 2004-06-19 12:15:41 +04:00
			`struct spnego_negTokenInit {`
libcli/auth: add more const to spnego_negTokenInit->mechTypes Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Aug 10 11:11:54 CEST 2013 on sn-devel-104 2013-08-05 12:46:47 +04:00			`const char * const *mechTypes;`
spnego: Support ASN.1 BIT STRING and use it in SPNEGO. Signed-off-by: Günther Deschner <gd@samba.org> 2009-08-13 10:12:01 +04:00			`DATA_BLOB reqFlags;`
			`uint8_t reqFlagsPadding;`
r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts. I have moved the SPNEGO and Kerberos code into libcli/auth, and intend to refactor them into the same format as NTLMSSP. Andrew Bartlett (This used to be commit 58da78a7460d5d0a4abee7d7b84799c228e6bc0b) 2004-06-19 12:15:41 +04:00			`DATA_BLOB mechToken;`
			`DATA_BLOB mechListMIC;`
r1438: Record the principal name we are sent in the SPENGO mechListMIC in a seperate char *, not a DATA_BLOB. This allows us to tell if we were sent a string here, or a real MIC. (This used to be commit 06b997c826e3ec00e0528da800e3eae0e3497a54) 2004-07-11 14:20:42 +04:00			`char *targetPrincipal;`
r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts. I have moved the SPNEGO and Kerberos code into libcli/auth, and intend to refactor them into the same format as NTLMSSP. Andrew Bartlett (This used to be commit 58da78a7460d5d0a4abee7d7b84799c228e6bc0b) 2004-06-19 12:15:41 +04:00			`};`

			`struct spnego_negTokenTarg {`
CVE-2016-2110: libcli/auth: use enum spnego_negResult instead of uint8_t BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> 2013-12-17 15:42:06 +04:00			`enum spnego_negResult negResult;`
r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts. I have moved the SPNEGO and Kerberos code into libcli/auth, and intend to refactor them into the same format as NTLMSSP. Andrew Bartlett (This used to be commit 58da78a7460d5d0a4abee7d7b84799c228e6bc0b) 2004-06-19 12:15:41 +04:00			`const char *supportedMech;`
			`DATA_BLOB responseToken;`
			`DATA_BLOB mechListMIC;`
			`};`

			`struct spnego_data {`
			`int type;`
			`struct spnego_negTokenInit negTokenInit;`
			`struct spnego_negTokenTarg negTokenTarg;`
			`};`

r1200: Add 'gensec', our generic security layer. This layer is used for DCERPC security, as well as ntlm_auth at this time. It expect things like SASL and the CIFS layer to use it as well. The particular purpose of this layer is to introduce SPENGO, which needs generic access to the actual implementation mechanisms. Schannel, due to it's 'interesting' setup properties is in GENSEC, but is only in the RPC code. Andrew Bartlett (This used to be commit 902af49006fb8cfecaadd3cc0c10e2e542083fb1) 2004-06-20 04:58:09 +04:00			`enum spnego_message_type {`
spnego: share spnego_parse. Guenther 2009-09-17 02:21:01 +04:00			`SPNEGO_NEG_TOKEN_INIT = 0,`
r1200: Add 'gensec', our generic security layer. This layer is used for DCERPC security, as well as ntlm_auth at this time. It expect things like SASL and the CIFS layer to use it as well. The particular purpose of this layer is to introduce SPENGO, which needs generic access to the actual implementation mechanisms. Schannel, due to it's 'interesting' setup properties is in GENSEC, but is only in the RPC code. Andrew Bartlett (This used to be commit 902af49006fb8cfecaadd3cc0c10e2e542083fb1) 2004-06-20 04:58:09 +04:00			`SPNEGO_NEG_TOKEN_TARG = 1,`
			`};`

spnego: add spnego_proto.h. Guenther 2009-09-17 03:39:12 +04:00			`#include "../libcli/auth/spnego_proto.h"`

83 lines 2.3 KiB C Raw Normal View History Unescape Escape

83 lines

2.3 KiB

C

Raw Normal View History