1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

28 Commits

Author SHA1 Message Date
Volker Lendecke
602ec8884b libcli: Apply some const
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-09-16 08:36:18 +02:00
Volker Lendecke
3d9b1bdf6c libcli: Use "all_zero" where appropriate
... Saves a few bytes of footprint

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-03 16:04:28 +01:00
Stefan Metzmacher
409cf45147 libcli/auth: add some const to netlogon_creds_server_{init,step_check}()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-03-20 20:43:11 +01:00
Stefan Metzmacher
cd648ec00f libcli/auth: s/encrypt/do_encrypt
This avoids compiler warnings.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-04-02 09:03:42 +02:00
Stefan Metzmacher
e6afeae695 libcli/auth: try to use the current timestamp creds->sequence
If the last usage of netlogon_creds_client_authenticator()
is in the past try to use the current timestamp and increment
more than just 2.

If we use netlogon_creds_client_authenticator() a lot within a
second, we increment keep incrementing by 2.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Dec 24 13:18:18 CET 2013 on sn-devel-104
2013-12-24 13:18:18 +01:00
Stefan Metzmacher
636daac3b7 libcli/auth: remove bogus comment regarding replay attacks
creds->sequence (timestamp) is the value that is used to increment the internal
state, it's not a real sequence number. The sequence comes
from adding all timestamps of the whole session.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-12-24 09:10:06 +01:00
Stefan Metzmacher
202bcf9096 libcli/auth: set the return_authenticator->timestamp = 0
This is what windows returns, the value is ignored by the client anyway.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-12-24 09:10:06 +01:00
Stefan Metzmacher
2ea749a1a4 libcli/auth: add netlogon_creds_shallow_copy_logon()
This can be used before netlogon_creds_encrypt_samlogon_logon()
in order to keep the provided buffers unchanged.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:01 +02:00
Stefan Metzmacher
c7319fce60 libcli/auth: add netlogon_creds_[de|en]crypt_samlogon_logon()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:01 +02:00
Stefan Metzmacher
291f6a1e03 libcli/auth: fix shadowed declaration in netlogon_creds_crypt_samlogon_validation()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:01 +02:00
Stefan Metzmacher
39fedd2718 libcli/auth: make netlogon_creds_crypt_samlogon_validation more robust
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:01 +02:00
Günther Deschner
a9d5b2fdf0 libcli/auth: also set secure channel type in netlogon_creds_client_init().
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:00 +02:00
Andrew Bartlett
fc13489c91 build: Build with system md5.h on OpenIndiana
This changes (again...) our system md5 detection to cope with how
OpenIndiana does md5.  I'm becoming increasingly convinced this isn't
worth our while (we should have just done samba_md5...), but for now
this change seems to work on FreeBSD, OpenIndiana and Linux with
libbsd.

This needs us to rename struct MD5Context -> MD5_CTX, but we provide a
config.h define to rename the type bad if MD5_CTX does not exist (it does
however exist in the md5.h from libbsd).

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
2013-06-19 21:32:36 +02:00
Andrew Bartlett
988350ccef libcli/auth: fix void function cannot return value error
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 22 22:32:31 CET 2013 on sn-devel-104
2013-01-22 22:32:31 +01:00
Günther Deschner
301f69b0ca libcli/auth: add netlogon_creds_encrypt_samlogon_validation().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-12-15 21:50:36 +01:00
Günther Deschner
563cc67ac6 libcli/auth: rename netlogon_creds_decrypt_samlogon() to netlogon_creds_decrypt_samlogon_validation().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-12-15 21:50:36 +01:00
Günther Deschner
f6cb8049b2 libcli/auth: support AES decryption in netlogon_creds_decrypt_samlogon().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09 19:39:08 +01:00
Günther Deschner
be296a21fc libcli/auth: remove trailing whitespace.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09 19:39:08 +01:00
Günther Deschner
429600c5f3 libcli/auth: add netlogon_creds_aes_{en|de}crypt routines.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09 19:39:07 +01:00
Stefan Metzmacher
99e5241d36 libcli/auth: add support for AES/HMAC-SHA256 schannel session key support
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 10:58:39 +02:00
Günther Deschner
898c612335 s3-dcerpc: avoid talloc_move on schannel creds in cli_rpc_pipe_open_schannel_with_key().
Initially, the schannel creds were talloc memduped, then, during the netlogon
creds client merge (baf7274fed) they were first
talloc_referenced and then later (53765c81f7)
talloc_moved.

The issue with using talloc_move here is that users of that function in winbind
will only be able to have two schanneled connections, as the cached schannel
credentials pointer from the netlogon pipe will be set to NULL. Do a deep copy
of the struct instead.

Guenther
2010-08-24 02:04:27 +02:00
Stefan Metzmacher
dc8e681755 libcli/auth: initialize creds in netlogon_creds_client_init_session_key()
metze
2009-10-24 11:59:15 +02:00
Stefan Metzmacher
8d58472706 libcli/auth: add netlogon_creds_step_crypt() and netlogon_creds_first_step()
This abstracts the usage of crypto functions instead of directly calling
des_crypt112().

metze

Signed-off-by: Günther Deschner <gd@samba.org>
2009-08-27 15:55:20 +02:00
Stefan Metzmacher
a69d8ab35c libcli/auth: remove some useless lines
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2009-08-27 15:55:20 +02:00
Stefan Metzmacher
e115cb5cb1 libcli/auth: remember schannel type in netlogon_creds_server_init()
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2009-08-27 15:55:20 +02:00
Andrew Bartlett
eed0c4f6c9 Rework netlogon credentials for the top level
This makes constructor functions that return the allocated structure,
rather than having the caller pass them in, and makes the server init
function also check the first credential.

The rename of creds_ to netlogon_creds should make it more clear what
this code works with.

Andrew Bartlett
2009-04-14 16:23:43 +10:00
Andrew Bartlett
7cff049e7e libcli/auth Don't compile against un-needed Samba4 headers 2009-04-14 16:23:42 +10:00
Andrew Bartlett
927a8b3304 Move libcli/auth to the top level 2009-04-14 14:19:39 +10:00