sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00
Code
56,406 Commits 60 Branches 1,146 Tags
Commit Graph

392 Commits

Author SHA1 Message Date
Jelmer Vernooij
52a17e5c32 pygensec: Add initial work on a gensec Python module. 2009-09-26 19:41:59 +02:00
Matthias Dieter Wallnöfer
85276e120c s4:auth/gensec/schannel - fix a const warning 2009-09-25 10:59:13 +02:00
Stefan Metzmacher
36e889f2cf s4:schannel: fix some compiler warnings 
If we only do signing we can pass down a const data buffer.

metze
 2009-09-25 05:20:16 +02:00
Kouhei Sutou
f8dae40fc8 spnego: Support ASN.1 BIT STRING and use it in SPNEGO. 
Signed-off-by: Günther Deschner <gd@samba.org>
 2009-09-17 20:10:54 +02:00
Günther Deschner
503d035814 spnego: share spnego_parse. 
Guenther
 2009-09-17 01:12:20 +02:00
Stefan Metzmacher
033ced60ac libcli/auth: rewrite schannel sign/seal code to be more generic 
This prepares support for HMAC-SHA256/AES.

metze
 2009-09-16 12:29:06 +02:00
Günther Deschner
f3979b50a9 schannel: move schannel_sign to main directory. 
Guenther
 2009-09-16 01:54:59 +02:00
Günther Deschner
1a21db8ea1 s4-schannel: try to fix the build. 
Guenther
 2009-09-16 01:07:26 +02:00
Günther Deschner
1f4123677e s4-schannel: first step of decoupling schannel from gensec. 
Guenther
 2009-09-16 00:16:04 +02:00
Günther Deschner
9cb205d753 s4-schannel: strip trailing whitespace. 
Guenther
 2009-09-16 00:13:20 +02:00
Günther Deschner
8b0f54027c s4-schannel: use NL_AUTH_MESSAGE for schannel. 
Guenther
 2009-09-13 06:50:11 +02:00
Günther Deschner
760666c107 s4-schannel: strip trailing whitespace. 
Guenther
 2009-09-13 06:50:03 +02:00
Günther Deschner
17d3800e92 s4-schannel: add ldb suffix to schannel functions. 
Guenther
 2009-08-27 15:55:18 +02:00
Stefan Metzmacher
7204ea422b s4:gensec/spnego: only generate the mechListMic when the server expects it 
This fixes the ntvfs.cifs tests.

metze
 2009-07-28 12:16:13 +02:00
Stefan Metzmacher
210181de75 s4:gensec_gssapi: pass the correct oid to the gssapi layer. 
metze
 2009-07-24 09:48:13 +02:00
Stefan Metzmacher
c00e4040bc s4:gensec/spengo: make sure we send the blob with the micListMech signature to the peer 
We should even do this if the submech has no more data to send.

metze
 2009-07-24 09:38:30 +02:00
Andrew Bartlett
e16a2a1fa9 s4:gensec Rework gensec_krb5 mutual authentication defaults 
When emulating Samba3 (which we do to ensure we don't break
compatability), don't do mutual authentication by default, as it
breaks the session key with AES and isn't what Samba3 does anyway.

Andrew Bartlett
 2009-07-16 09:23:36 +10:00
Andrew Bartlett
bc354fb1a6 s4:gensec Allow mutual auth to be turned off in 'fake_gssapi_krb5' 
This allows the older 'like Samba3' GENSEC krb5 implementation to work
against Windows 2008.  I'm using this to track down interop issues in
this area.

Andrew Bartlett
 2009-07-16 09:23:35 +10:00
Andrew Tridgell
6a192020a2 gensec_start now steals the auth_context 2009-07-01 15:15:37 +10:00
Andrew Bartlett
0ac46b00ab s4:gensec Print GSSAPI error message when unable to find PAC 2009-06-18 13:49:30 +10:00
Andrew Bartlett
9b261c008a s4:heimdal: import lorikeet-heimdal-200906080040 (commit 904d0124b46eed7a8ad6e5b73e892ff34b6865ba) 
Also including the supporting changes required to pass make test

A number of heimdal functions and constants have changed since we last
imported a tree (for the better, but inconvenient for us).

Andrew Bartlett
 2009-06-12 07:45:48 +10:00
Jelmer Vernooij
f90782f228 Fix dependencies when using shared libraries. 2009-06-02 18:05:39 +02:00
Andrew Bartlett
7a54cd041e Remove unused headers 2009-04-19 22:01:09 +02:00
Andrew Bartlett
dbcd80ed01 Fix Samba4 build errors with common libcli/samsync 2009-04-16 10:17:17 +10:00
Andrew Bartlett
d78cdc5fe2 Rework to use new API for common netlogon credential chaining 2009-04-14 16:23:45 +10:00
Andrew Bartlett
5095d7b1c8 Rework Samba4 to use the new common libcli/auth code 
In particular, this is the rename from creds_ to netlogon_creds_, as
well as other links to use the new common crypto.

Andrew Bartlett
 2009-04-14 16:23:44 +10:00
Andrew Bartlett
f23eea294a Push schannel_state.c into the top level. 
This is the server side state for netlogon credential chaining

Andrew Bartlett
 2009-04-14 16:23:43 +10:00
Andrew Bartlett
cd6026135d Push sam_get_server_info_principal into the auth subsystem 
This means it must be accessed via the supplied auth_context in the
GENSEC server, and should remove the hard depenceny of GENSEC on the
auth subsystem and ldb (allowing LDB not to rely on LDB is considered
a good thing, apparently)

Andrew Bartlett
 2009-02-13 14:02:49 +11:00
Andrew Bartlett
71632a1697 Remove auth/ntlm as a dependency of GENSEC by means of function pointers. 
When starting GENSEC on the server, the auth subsystem context must be
passed in, which now includes function pointers to the key elements.

This should (when the other dependencies are fixed up) allow GENSEC to
exist as a client or server library without bundling in too much of
our server code.

Andrew Bartlett
 2009-02-13 10:24:16 +11:00
Stefan Metzmacher
e7454d46d4 s4:auth/gensec: s/private/private_data 
metze
 2009-02-02 13:08:04 +01:00
Simo Sorce
1dc745ec89 Make schannel not depend on samdb anymore. 2009-02-01 13:06:38 -05:00
Stefan Metzmacher
a83feb2fe3 s4:auth: move make_server_info_netlogon_validation() function arround 
metze
 2009-01-21 13:36:11 +01:00
Stefan Metzmacher
183c379fe5 s4:lib/tevent: rename structs 
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"

for s in $list; do
	o=`echo $s | cut -d ':' -f1`
	n=`echo $s | cut -d ':' -f2`
	r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
	files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
	for f in $files; do
		cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
		mv $f.tmp $f
	done
done

metze
 2008-12-29 20:46:40 +01:00
Jelmer Vernooij
1feab85be6 Rename samba-socket -> samba_socket to fix a couple more compiler 
warnings.
 2008-12-24 00:15:43 +01:00
Matthias Dieter Wallnöfer
7c6a20a439 Add missing includes, required for use of gensec by 3rd-party 
applications.
 2008-12-23 20:17:59 +01:00
Stefan Metzmacher
081f8883ba s4: fix LIBEVENTS dependencies and use more forward declarations 
We should only include events.h where we really need it
and prefer forward declarations of 'struct event_context'

metze
 2008-12-17 11:04:45 +01:00
Jelmer Vernooij
b45caa44e1 Fix the build. 2008-11-02 23:58:49 +01:00
Jelmer Vernooij
1e053df95c Remove use of global_loadparm for disabled gensec backends. 2008-11-02 19:28:17 +01:00
Jelmer Vernooij
c537f7a914 Fix the build. 2008-11-02 05:49:36 +01:00
Jelmer Vernooij
b034c519f5 Add gensec_settings structure. This wraps loadparm_context for now, but 
should in the future only contain some settings required for gensec.
 2008-11-02 02:05:48 +01:00
Jelmer Vernooij
87ec1d2532 Make sure prototypes are always included, make some functions static and 
remove some unused functions.
 2008-10-20 18:59:51 +02:00
Jelmer Vernooij
9565999755 Fix include paths to new location of libutil. 2008-10-11 21:31:42 +02:00
Jelmer Vernooij
2c4391e950 Provide the same set of helper functions for DEBUG in Samba 3 and Samba 
4, even though the macros are still different.

This makes it possible to use object code compiled with one DEBUG()
macro from the other sourceX directory.
 2008-10-11 20:44:19 +02:00
Stefan Metzmacher
999b69d176 s4:gensec: pass down want_features to the spnego backend mech 
metze
 2008-10-06 19:21:44 +02:00
Andrew Tridgell
a270ddb6e3 make the schannel creentials persistent 
this makes testing with the WSPP test suite much easier over samba
restarts
 2008-09-29 14:04:48 -07:00
Matthias Dieter Wallnöfer
57edd24ca0 Cosmetic corrections for the KERBEROS library 
This commit applies some cosmetic corrections for the KERBEROS library.
 2008-09-24 19:40:03 +02:00
Jelmer Vernooij
b9890af546 Merge branch 'master' of ssh://git.samba.org/data/git/samba into crypto 2008-09-24 16:11:13 +02:00
Jelmer Vernooij
6925202bde Move source4/lib/crypto to lib/crypto. 2008-09-24 15:30:23 +02:00
Simo Sorce
83b0c5d43f Fix nasty bug that would come up only if a client connection to a remote 
ldap server suddenly dies.
We were creating a wrong talloc hierarchy, so the event.fde was not
freed automatically as expected. This in turn made the event system call
the ldap io handlers with a null packet structure, causing a segfault.
Fix also the ordering in ldap_connection_dead()
Thanks to Metze for the huge help in tracking down this one.
 2008-09-24 01:43:57 -04:00
Simo Sorce
508527890a Merge ldb_search() and ldb_search_exp_fmt() into a simgle function. 
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
 2008-09-23 18:17:46 -04:00