1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

30 Commits

Author SHA1 Message Date
Stefan Metzmacher
71c63e85e7 auth/gensec: introduce gensec_internal.h
We should treat most gensec related structures private.

It's a long way, but this is a start.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:19:02 +02:00
Andrew Bartlett
fc13489c91 build: Build with system md5.h on OpenIndiana
This changes (again...) our system md5 detection to cope with how
OpenIndiana does md5.  I'm becoming increasingly convinced this isn't
worth our while (we should have just done samba_md5...), but for now
this change seems to work on FreeBSD, OpenIndiana and Linux with
libbsd.

This needs us to rename struct MD5Context -> MD5_CTX, but we provide a
config.h define to rename the type bad if MD5_CTX does not exist (it does
however exist in the md5.h from libbsd).

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
2013-06-19 21:32:36 +02:00
Andrew Bartlett
1dcd75df49 auth/ntlmssp: Avoid use-after-free of user_info after logon failure at log level 5
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-03-27 09:28:50 -07:00
Stefan Metzmacher
e8f486883f auth/ntlmssp: avoid talloc_tos() in ntlmssp_client_initial()
This avoids a smb_panic at log level = 10.
If we don't have a talloc stackframe yet.

metze
2012-08-04 09:10:20 +02:00
Andrew Bartlett
eba8799514 auth: Remove .get_challenge (only used for security=server)
With NTLMSSP, for NTLM2 we need to be able to set the effective challenge,
so if we ever did use a module that needed this functionlity, we would
downgrade to just NTLM.

Now that security=server has been removed, we have no such module.

This will make it easier to make the auth subsystem async, as we will
not need to consider making .get_challenge async.

Andrew Bartlett
2012-07-03 08:13:01 +10:00
Andrew Bartlett
b6ba8bdac3 auth/ntlmssp: Remove reference to struct ntlmssp_state 2012-03-09 14:31:25 +11:00
Andrew Bartlett
239c7a355c auth/ntlmssp: Remove gensec_security element from gensec_ntlmssp_state
This just means there is one less pointer to ensure we initialise.

Andrew Bartlett
2012-03-09 14:31:24 +11:00
Andrew Bartlett
111d9f3eb2 auth: Remove plugable password-check functions from gensec_ntlmssp
The auth4_context layer now provides the plugability here.

Andrew Bartlett
2012-02-24 11:23:18 +11:00
Andrew Bartlett
83810f8afa auth: consolidate gensec_ntlmssp_server wrapper functions 2012-02-24 11:23:18 +11:00
Andrew Bartlett
9de7fb8706 s3-ntlm_auth: Convert ntlm_auth to use gensec_ntlmssp server-side
This uses the common gensec_ntlmssp server code for ntlm_auth, removing
the last non-gensec use of the NTLMSSP server.

Andrew Bartlett
2012-02-24 11:23:18 +11:00
Andrew Bartlett
e3cebef0cf auth: Rename some elements of auth4_context
These operate on NTLM authentication, so make that clear.

Andrew Bartlett
2012-02-24 11:23:18 +11:00
Andrew Bartlett
e786e8fef9 auth: Reorder arguments to generate_session_info
This matches check_ntlm_password() and generate_session_info_pac()

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Feb 18 02:19:35 CET 2012 on sn-devel-104
2012-02-18 02:19:35 +01:00
Andrew Bartlett
c35a7e8c47 auth: Allow the netbios name and domain to be set from winbindd in ntlm_auth3
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Feb 17 12:18:51 CET 2012 on sn-devel-104
2012-02-17 12:18:51 +01:00
Andrew Bartlett
f433baa3c8 auth: Make more of the ntlmssp code private or static
Now that there is only one gensec_ntlmssp server, some of these functions can be static

For the rest, put the implemtnation of the gensec_ntlmssp code into ntlmssp_private.h

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17 10:48:10 +01:00
Andrew Bartlett
55c630404a auth: Provide a way to specify the NTLMSSP server name to GENSEC
This avoids us needing to assume lp_netbios_name().lp_dnsdomain() if the caller
knows better.  This will allow preservation of current s3 behaviour.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17 10:48:09 +01:00
Andrew Bartlett
8b8d1c3a63 auth: Rearrange ntlmssp code for clarity
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17 10:48:09 +01:00
Andrew Bartlett
725d551832 auth: Set NTLMSSP_NEGOTIATE_SIGN when session key support is required
This matches the s3 NTLMSSP server.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17 10:48:09 +01:00
Andrew Bartlett
9b147ce26d s3-auth Use the common gensec_ntlmssp_update in gensec_ntlmssp3_server
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17 10:48:09 +01:00
Andrew Bartlett
9c5b26f864 s3-auth: Use common gensec_ntlmssp server functions for more of gensec_ntlmssp3_server
This is possible because we now supply the auth4_context abstraction that this
code is looking for.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17 10:48:09 +01:00
Andrew Bartlett
2f74f2f180 s3-auth: Add extra error messages on authentication or authorization failure
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17 10:48:09 +01:00
Andrew Bartlett
b0aa49e9a3 auth: Cope with NO_USER_SESSION_KEY from security=server
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17 10:48:09 +01:00
Andrew Bartlett
52ac479764 auth: Move the rest of the source4 gensec_ntlmssp code to the top level
The ntlmssp_server code will be in common shortly, and aside from a
symbol name or two, moving the client code causes no harm and makes
less mess.  We will also get the client code in common very soon.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17 10:48:09 +01:00
Andrew Bartlett
8adde1b46b s3-auth Hook checking passwords and generating session_info via the auth4_context
This avoids creating a second auth_context, as it is a private pointer
in the auth4_context that has already been passed in, and makes the
gensec_ntlmssp code agnostic to the type of authentication backend
behind it. This will in turn allow the ntlmssp server code to be
further merged.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17 10:48:09 +01:00
Andrew Bartlett
e4546f50fe auth: rename ntlmssp.c to ntlmssp_util.c 2012-02-08 16:30:25 +11:00
Andrew Bartlett
a647df4607 auth: Make check_password and generate_session_info hook generic
gensec_ntlmssp does not need to know the internal form of the
struct user_info_dc or auth_serversupplied_info.  This will allow the
calling logic to be put in common.

Andrew Bartlett
2012-01-30 08:05:14 +01:00
Andrew Bartlett
7cf00e3231 gensec: Add parinoia about integer wrapping 2011-10-28 13:10:28 +02:00
Andrew Bartlett
3f9ab2e8e7 ntlmssp: Refuse to seal if we did not negotiate to sign
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18 13:13:33 +11:00
Andrew Bartlett
02eef4d130 ntlmssp: Put members from auth_ntlmssp_state into gensec_ntlmssp_state
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18 13:13:32 +11:00
Andrew Bartlett
968b3674b1 ntlmssp: Prepare gensec_ntlmssp_start() for broader use
This moves the allocation of the ntlmssp pointer back to the callers.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18 13:13:31 +11:00
Andrew Bartlett
0c6e4adcb2 ntlmssp: Move ntlmssp code to auth/ntlmssp
This brings in the code from both libcli/auth and
source4/auth/ntlmssp.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18 13:13:31 +11:00