Simo Sorce
3b12c38ac0
s3:schannel streamline interface
...
Make calling schannel much easier by removing the need to explicitly open the
database. Let the abstraction do it instead.
2010-02-23 12:46:50 -05:00
Simo Sorce
e5ab64a799
s3:schannel fix memory hierarchy
...
passing mem_ctx was causing creds->sid to be allocated on mem_ctx and not be
child of creds as expected. When later in schannel_check_creds_state() we
stole the creds on a different memory context the sid was left behind and the
memory it points to freed when the temporary context was freed.
2010-02-23 12:46:50 -05:00
Simo Sorce
bb9014d5cb
schannel: merge header files
...
One almost empty header file was simply including another not included by
anything else. Just merge them together.
2010-02-23 12:46:50 -05:00
Simo Sorce
8e2f5fe7c5
s4:schannel more readable check logic
...
Make the initial schannel check logic more understandable.
Make it easy to define different policies depending on the caller's
security requirements (Integrity/Privacy/Both/None)
This is the same change applied to s3
2010-02-23 12:46:50 -05:00
Simo Sorce
b4c9dc3724
s3:schannel more readable check logic
...
Make the initial schannel check logic more understandable.
Make it easy to define different policies depending on ther caller's security
requirements (Integrity/Privacy/Both/None)
2010-02-23 12:46:50 -05:00
Matt Kraai
aa6a507e76
Change uint_t to unsigned int in libcli
...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-02-02 07:18:17 +01:00
Volker Lendecke
be05d71b9e
Simplify E_md5hash a bit
2010-01-07 11:07:55 +01:00
Andrew Bartlett
ba2cfceb96
libcli/auth Make gd's NDR NTLMSSP parsers helpers common
...
(but not built in Samba4 for now)
2009-12-22 21:07:51 +01:00
Stefan Metzmacher
dc8e681755
libcli/auth: initialize creds in netlogon_creds_client_init_session_key()
...
metze
2009-10-24 11:59:15 +02:00
Stefan Metzmacher
f2da9c8c1a
libcli/auth: fix memory leak in schannel_creds_server_step_check_ldb()
...
metze
2009-10-24 11:59:14 +02:00
Stefan Metzmacher
5ae1d700eb
libcli/auth: don't leak the ldb_msg in schannel_store_session_key_ldb()
...
metze
2009-10-24 11:59:13 +02:00
Matthias Dieter Wallnöfer
19302db6cb
s3/s4 common: fix up header file
2009-10-04 20:18:28 +02:00
Kouhei Sutou
f8dae40fc8
spnego: Support ASN.1 BIT STRING and use it in SPNEGO.
...
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17 20:10:54 +02:00
Günther Deschner
43e198c188
spnego: add spnego_proto.h.
...
Guenther
2009-09-17 01:39:12 +02:00
Günther Deschner
503d035814
spnego: share spnego_parse.
...
Guenther
2009-09-17 01:12:20 +02:00
Günther Deschner
83023462f9
libcli/auth: remove trailing whitespace.
...
Guenther
2009-09-16 18:00:16 +02:00
Stefan Metzmacher
033ced60ac
libcli/auth: rewrite schannel sign/seal code to be more generic
...
This prepares support for HMAC-SHA256/AES.
metze
2009-09-16 12:29:06 +02:00
Günther Deschner
5b86a0ac01
schannel: remove last traces of gensec.
...
Guenther
2009-09-16 03:23:05 +02:00
Günther Deschner
799f8d7e13
schannel: fully share schannel sign/seal between s3 and 4.
...
Guenther
2009-09-16 01:55:06 +02:00
Günther Deschner
f3979b50a9
schannel: move schannel_sign to main directory.
...
Guenther
2009-09-16 01:54:59 +02:00
Günther Deschner
2287849074
s4: fix the build after ntlmssp header change.
...
Guenther
2009-08-28 11:37:44 +02:00
Günther Deschner
b7a5e7a5d6
libcli/auth: remove unused NTLMSSP_NAME_TYPE_ flags.
...
Guenther
2009-08-28 10:09:19 +02:00
Stefan Metzmacher
8d58472706
libcli/auth: add netlogon_creds_step_crypt() and netlogon_creds_first_step()
...
This abstracts the usage of crypto functions instead of directly calling
des_crypt112().
metze
Signed-off-by: Günther Deschner <gd@samba.org>
2009-08-27 15:55:20 +02:00
Stefan Metzmacher
a69d8ab35c
libcli/auth: remove some useless lines
...
metze
Signed-off-by: Günther Deschner <gd@samba.org>
2009-08-27 15:55:20 +02:00
Stefan Metzmacher
e115cb5cb1
libcli/auth: remember schannel type in netlogon_creds_server_init()
...
metze
Signed-off-by: Günther Deschner <gd@samba.org>
2009-08-27 15:55:20 +02:00
Günther Deschner
04310cc1c5
libcli/auth: add tdb backend for schannel state.
...
Guenther
2009-08-27 15:55:19 +02:00
Günther Deschner
699266920b
libcli/auth: move netlogon_creds_CredentialState out of libcli.
...
Guenther
2009-08-27 15:55:18 +02:00
Günther Deschner
17d3800e92
s4-schannel: add ldb suffix to schannel functions.
...
Guenther
2009-08-27 15:55:18 +02:00
Günther Deschner
a18d6839ac
libcli/auth: rename schannel_state.c to schannel_state_ldb.c.
...
Guenther
2009-08-27 15:55:18 +02:00
Andrew Kroeger
71515ba190
s4: Call va_end() after all va_start()/va_copy() calls.
...
This corrects the issues reaised in bug #6129 , and some others that were not
originally identified. It also accounts for some code that was in the original
bug report but appears to have since been made common between S3 and S4.
Thanks to Erik Hovland <erik@hovland.org> for the original bug report.
2009-06-18 13:49:25 +10:00
Andrew Bartlett
f666da6940
Add const to cast, to fix warning
2009-06-18 13:49:25 +10:00
Volker Lendecke
2146310fb7
Fix a couple of warnings
2009-04-23 14:35:50 +02:00
Jeremy Allison
4e1b633dab
Stop autogenerated files from being created.
...
Jeremy.
2009-04-20 09:06:21 -07:00
Jeremy Allison
fe77eac5f3
Add previously generated header files now needed in merged build.
...
Jeremy.
2009-04-20 08:48:07 -07:00
Andrew Bartlett
8a5d94e329
libcli/auth Ensure we cancel the transaction when schannel not detected
...
(found by jra on code review)
Andrew Bartlett
2009-04-20 13:55:04 +02:00
Andrew Bartlett
02ecdd8f29
libcli/auth: Don't pass back lm_sess_key as the same pointer as user_sess_key
...
This ensures that a talloc_free() of both pointers won't double-free
(sharing pointers like this is evil anyway).
Andrew Bartlett
2009-04-20 10:54:57 +02:00
Andrew Bartlett
fa37dbf960
Fix building the now common msrpc_parse code
2009-04-16 10:17:57 +10:00
Andrew Bartlett
86b50a0e6e
Add missing header, remove generated header
...
(This isn't a rename, honest :-)
2009-04-15 14:23:33 +10:00
Andrew Bartlett
53afa1adac
libcli/auth Push schannel check into common libcli/auth
...
This means we have a single choke point to ensure the remote client is
using schannel.
Andrew Bartlett
2009-04-14 16:23:44 +10:00
Andrew Bartlett
5095d7b1c8
Rework Samba4 to use the new common libcli/auth code
...
In particular, this is the rename from creds_ to netlogon_creds_, as
well as other links to use the new common crypto.
Andrew Bartlett
2009-04-14 16:23:44 +10:00
Andrew Bartlett
eed0c4f6c9
Rework netlogon credentials for the top level
...
This makes constructor functions that return the allocated structure,
rather than having the caller pass them in, and makes the server init
function also check the first credential.
The rename of creds_ to netlogon_creds should make it more clear what
this code works with.
Andrew Bartlett
2009-04-14 16:23:43 +10:00
Andrew Bartlett
f23eea294a
Push schannel_state.c into the top level.
...
This is the server side state for netlogon credential chaining
Andrew Bartlett
2009-04-14 16:23:43 +10:00
Andrew Bartlett
7cff049e7e
libcli/auth Don't compile against un-needed Samba4 headers
2009-04-14 16:23:42 +10:00
Andrew Bartlett
6c8f7e4005
Port Samba4 to the new combined libcli/auth functions
...
For example, some of the new shared functionality was previously in the wkssvc
torture test.
Andrew Bartlett
2009-04-14 16:23:41 +10:00
Andrew Bartlett
a19966375a
Move ntlm_check.h into the common libcli/auth
2009-04-14 16:23:41 +10:00
Andrew Bartlett
f28f113d8e
Rework Samba3 to use new libcli/auth code (partial)
...
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).
We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server
Andrew Bartlett
2009-04-14 16:23:35 +10:00
Andrew Bartlett
fd3be5c4e5
Merge smbencrypt.c between Samba3 and Samba4
2009-04-14 14:19:42 +10:00
Andrew Bartlett
8e73b652f9
Rework trivial msrpc parser to use convert_string_talloc()
...
Also avoid still string conversions when trying to match NTLMSSP in
the header of the NTLMSSP packet.
This also changes a few things to avoid const warnings.
Andrew Bartlett
2009-04-14 14:19:40 +10:00
Andrew Bartlett
9feea7fa4c
Move MSRPC-PARSE into the common libcli/auth
...
This is a depenceny of smbencrypt.c
2009-04-14 14:19:39 +10:00
Andrew Bartlett
927a8b3304
Move libcli/auth to the top level
2009-04-14 14:19:39 +10:00