1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

6 Commits

Author SHA1 Message Date
Stefan Metzmacher
50ce5fd990 r1346: revert my last spnego changes
metze
(This used to be commit 7b8237bfb3)
2007-10-10 12:56:51 -05:00
Stefan Metzmacher
8bebc53df8 r1344: add gensec_start_mech_by_name()
some gensec spnego fixes
(NULL pointer and length checks)

metze
(This used to be commit 41ff6d0cd4)
2007-10-10 12:56:51 -05:00
Andrew Bartlett
dc9f55dbec r1294: A nice, large, commit...
This implements gensec for Samba's server side, and brings gensec up
to the standards of a full subsystem.

This means that use of the subsystem is by gensec_* functions, not
function pointers in structures (this is internal).  This causes
changes in all the existing gensec users.

Our RPC server no longer contains it's own generalised security
scheme, and now calls gensec directly.

Gensec has also taken over the role of auth/auth_ntlmssp.c

An important part of gensec, is the output of the 'session_info'
struct.  This is now reference counted, so that we can correctly free
it when a pipe is closed, no matter if it was inherited, or created by
per-pipe authentication.

The schannel code is reworked, to be in the same file for client and
server.

ntlm_auth is reworked to use gensec.

The major problem with this code is the way it relies on subsystem
auto-initialisation.  The primary reason for this commit now.is to
allow these problems to be looked at, and fixed.

There are problems with the new code:
- I've tested it with smbtorture, but currently don't have VMware and
  valgrind working (this I'll fix soon).
- The SPNEGO code is client-only at this point.
- We still do not do kerberos.

Andrew Bartlett
(This used to be commit 07fd885fd4)
2007-10-10 12:56:49 -05:00
Stefan Metzmacher
68e8c18e33 r1229: the name of the protocol should be in first place of a function name
rename <read|write|free>_spnego_data() into
spnego_<read|write|free>_data

metze
(This used to be commit 3f57c8f596)
2007-10-10 12:56:46 -05:00
Andrew Bartlett
be081037e0 r1200: Add 'gensec', our generic security layer.
This layer is used for DCERPC security, as well as ntlm_auth at this
time.  It expect things like SASL and the CIFS layer to use it as
well.

The particular purpose of this layer is to introduce SPENGO, which
needs generic access to the actual implementation mechanisms.

Schannel, due to it's 'interesting' setup properties is in GENSEC, but
is only in the RPC code.

Andrew Bartlett
(This used to be commit 902af49006)
2007-10-10 12:56:44 -05:00
Andrew Bartlett
bf598954f7 r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts.
I have moved the SPNEGO and Kerberos code into libcli/auth, and intend
to refactor them into the same format as NTLMSSP.

Andrew Bartlett
(This used to be commit 58da78a746)
2007-10-10 12:56:44 -05:00