1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

50 Commits

Author SHA1 Message Date
Simo Sorce
3b12c38ac0 s3:schannel streamline interface
Make calling schannel much easier by removing the need to explicitly open the
database. Let the abstraction do it instead.
2010-02-23 12:46:50 -05:00
Simo Sorce
e5ab64a799 s3:schannel fix memory hierarchy
passing mem_ctx was causing creds->sid to be allocated on mem_ctx and not be
child of creds as expected. When later in schannel_check_creds_state() we
stole the creds on a different memory context the sid was left behind and the
memory it points to freed when the temporary context was freed.
2010-02-23 12:46:50 -05:00
Simo Sorce
bb9014d5cb schannel: merge header files
One almost empty header file was simply including another not included by
anything else. Just merge them together.
2010-02-23 12:46:50 -05:00
Simo Sorce
8e2f5fe7c5 s4:schannel more readable check logic
Make the initial schannel check logic more understandable.
Make it easy to define different policies depending on the caller's
security requirements (Integrity/Privacy/Both/None)

This is the same change applied to s3
2010-02-23 12:46:50 -05:00
Simo Sorce
b4c9dc3724 s3:schannel more readable check logic
Make the initial schannel check logic more understandable.
Make it easy to define different policies depending on ther caller's security
requirements (Integrity/Privacy/Both/None)
2010-02-23 12:46:50 -05:00
Matt Kraai
aa6a507e76 Change uint_t to unsigned int in libcli
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-02-02 07:18:17 +01:00
Volker Lendecke
be05d71b9e Simplify E_md5hash a bit 2010-01-07 11:07:55 +01:00
Andrew Bartlett
ba2cfceb96 libcli/auth Make gd's NDR NTLMSSP parsers helpers common
(but not built in Samba4 for now)
2009-12-22 21:07:51 +01:00
Stefan Metzmacher
dc8e681755 libcli/auth: initialize creds in netlogon_creds_client_init_session_key()
metze
2009-10-24 11:59:15 +02:00
Stefan Metzmacher
f2da9c8c1a libcli/auth: fix memory leak in schannel_creds_server_step_check_ldb()
metze
2009-10-24 11:59:14 +02:00
Stefan Metzmacher
5ae1d700eb libcli/auth: don't leak the ldb_msg in schannel_store_session_key_ldb()
metze
2009-10-24 11:59:13 +02:00
Matthias Dieter Wallnöfer
19302db6cb s3/s4 common: fix up header file 2009-10-04 20:18:28 +02:00
Kouhei Sutou
f8dae40fc8 spnego: Support ASN.1 BIT STRING and use it in SPNEGO.
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17 20:10:54 +02:00
Günther Deschner
43e198c188 spnego: add spnego_proto.h.
Guenther
2009-09-17 01:39:12 +02:00
Günther Deschner
503d035814 spnego: share spnego_parse.
Guenther
2009-09-17 01:12:20 +02:00
Günther Deschner
83023462f9 libcli/auth: remove trailing whitespace.
Guenther
2009-09-16 18:00:16 +02:00
Stefan Metzmacher
033ced60ac libcli/auth: rewrite schannel sign/seal code to be more generic
This prepares support for HMAC-SHA256/AES.

metze
2009-09-16 12:29:06 +02:00
Günther Deschner
5b86a0ac01 schannel: remove last traces of gensec.
Guenther
2009-09-16 03:23:05 +02:00
Günther Deschner
799f8d7e13 schannel: fully share schannel sign/seal between s3 and 4.
Guenther
2009-09-16 01:55:06 +02:00
Günther Deschner
f3979b50a9 schannel: move schannel_sign to main directory.
Guenther
2009-09-16 01:54:59 +02:00
Günther Deschner
2287849074 s4: fix the build after ntlmssp header change.
Guenther
2009-08-28 11:37:44 +02:00
Günther Deschner
b7a5e7a5d6 libcli/auth: remove unused NTLMSSP_NAME_TYPE_ flags.
Guenther
2009-08-28 10:09:19 +02:00
Stefan Metzmacher
8d58472706 libcli/auth: add netlogon_creds_step_crypt() and netlogon_creds_first_step()
This abstracts the usage of crypto functions instead of directly calling
des_crypt112().

metze

Signed-off-by: Günther Deschner <gd@samba.org>
2009-08-27 15:55:20 +02:00
Stefan Metzmacher
a69d8ab35c libcli/auth: remove some useless lines
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2009-08-27 15:55:20 +02:00
Stefan Metzmacher
e115cb5cb1 libcli/auth: remember schannel type in netlogon_creds_server_init()
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2009-08-27 15:55:20 +02:00
Günther Deschner
04310cc1c5 libcli/auth: add tdb backend for schannel state.
Guenther
2009-08-27 15:55:19 +02:00
Günther Deschner
699266920b libcli/auth: move netlogon_creds_CredentialState out of libcli.
Guenther
2009-08-27 15:55:18 +02:00
Günther Deschner
17d3800e92 s4-schannel: add ldb suffix to schannel functions.
Guenther
2009-08-27 15:55:18 +02:00
Günther Deschner
a18d6839ac libcli/auth: rename schannel_state.c to schannel_state_ldb.c.
Guenther
2009-08-27 15:55:18 +02:00
Andrew Kroeger
71515ba190 s4: Call va_end() after all va_start()/va_copy() calls.
This corrects the issues reaised in bug #6129, and some others that were not
originally identified.  It also accounts for some code that was in the original
bug report but appears to have since been made common between S3 and S4.

Thanks to Erik Hovland <erik@hovland.org> for the original bug report.
2009-06-18 13:49:25 +10:00
Andrew Bartlett
f666da6940 Add const to cast, to fix warning 2009-06-18 13:49:25 +10:00
Volker Lendecke
2146310fb7 Fix a couple of warnings 2009-04-23 14:35:50 +02:00
Jeremy Allison
4e1b633dab Stop autogenerated files from being created.
Jeremy.
2009-04-20 09:06:21 -07:00
Jeremy Allison
fe77eac5f3 Add previously generated header files now needed in merged build.
Jeremy.
2009-04-20 08:48:07 -07:00
Andrew Bartlett
8a5d94e329 libcli/auth Ensure we cancel the transaction when schannel not detected
(found by jra on code review)

Andrew Bartlett
2009-04-20 13:55:04 +02:00
Andrew Bartlett
02ecdd8f29 libcli/auth: Don't pass back lm_sess_key as the same pointer as user_sess_key
This ensures that a talloc_free() of both pointers won't double-free
(sharing pointers like this is evil anyway).

Andrew Bartlett
2009-04-20 10:54:57 +02:00
Andrew Bartlett
fa37dbf960 Fix building the now common msrpc_parse code 2009-04-16 10:17:57 +10:00
Andrew Bartlett
86b50a0e6e Add missing header, remove generated header
(This isn't a rename, honest :-)
2009-04-15 14:23:33 +10:00
Andrew Bartlett
53afa1adac libcli/auth Push schannel check into common libcli/auth
This means we have a single choke point to ensure the remote client is
using schannel.

Andrew Bartlett
2009-04-14 16:23:44 +10:00
Andrew Bartlett
5095d7b1c8 Rework Samba4 to use the new common libcli/auth code
In particular, this is the rename from creds_ to netlogon_creds_, as
well as other links to use the new common crypto.

Andrew Bartlett
2009-04-14 16:23:44 +10:00
Andrew Bartlett
eed0c4f6c9 Rework netlogon credentials for the top level
This makes constructor functions that return the allocated structure,
rather than having the caller pass them in, and makes the server init
function also check the first credential.

The rename of creds_ to netlogon_creds should make it more clear what
this code works with.

Andrew Bartlett
2009-04-14 16:23:43 +10:00
Andrew Bartlett
f23eea294a Push schannel_state.c into the top level.
This is the server side state for netlogon credential chaining

Andrew Bartlett
2009-04-14 16:23:43 +10:00
Andrew Bartlett
7cff049e7e libcli/auth Don't compile against un-needed Samba4 headers 2009-04-14 16:23:42 +10:00
Andrew Bartlett
6c8f7e4005 Port Samba4 to the new combined libcli/auth functions
For example, some of the new shared functionality was previously in the wkssvc
torture test.

Andrew Bartlett
2009-04-14 16:23:41 +10:00
Andrew Bartlett
a19966375a Move ntlm_check.h into the common libcli/auth 2009-04-14 16:23:41 +10:00
Andrew Bartlett
f28f113d8e Rework Samba3 to use new libcli/auth code (partial)
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).

We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server

Andrew Bartlett
2009-04-14 16:23:35 +10:00
Andrew Bartlett
fd3be5c4e5 Merge smbencrypt.c between Samba3 and Samba4 2009-04-14 14:19:42 +10:00
Andrew Bartlett
8e73b652f9 Rework trivial msrpc parser to use convert_string_talloc()
Also avoid still string conversions when trying to match NTLMSSP in
the header of the NTLMSSP packet.

This also changes a few things to avoid const warnings.

Andrew Bartlett
2009-04-14 14:19:40 +10:00
Andrew Bartlett
9feea7fa4c Move MSRPC-PARSE into the common libcli/auth
This is a depenceny of smbencrypt.c
2009-04-14 14:19:39 +10:00
Andrew Bartlett
927a8b3304 Move libcli/auth to the top level 2009-04-14 14:19:39 +10:00