1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

80 Commits

Author SHA1 Message Date
Günther Deschner
898c612335 s3-dcerpc: avoid talloc_move on schannel creds in cli_rpc_pipe_open_schannel_with_key().
Initially, the schannel creds were talloc memduped, then, during the netlogon
creds client merge (baf7274fed) they were first
talloc_referenced and then later (53765c81f7)
talloc_moved.

The issue with using talloc_move here is that users of that function in winbind
will only be able to have two schanneled connections, as the cached schannel
credentials pointer from the netlogon pipe will be set to NULL. Do a deep copy
of the struct instead.

Guenther
2010-08-24 02:04:27 +02:00
Günther Deschner
feb432292e ntlmssp: fix unitialized variable in ntlmssp_server_postauth().
Guenther
2010-08-12 16:28:10 +02:00
Volker Lendecke
f62756e8f0 Fix a typo 2010-08-12 08:07:50 +02:00
Andrew Bartlett
75adca63f2 libcli/auth Make the source3/ implementation of the NTLMSSP server common
This means that the core logic (but not the initialisation) of the
NTLMSSP server is in common, but uses different authentication backends.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10 16:22:04 +02:00
Günther Deschner
78fa58f8c3 libcli/auth/ntlmssp: remove outdated comment. The version flag is well understood now.
Guenther
2010-08-10 11:56:33 +02:00
Andrew Bartlett
1e83b36afb libcli/auth Move some source3/ NTLMSSP functions to the common code.
libcli/auth Use true and false rather than True and False in common code

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10 11:56:33 +02:00
Günther Deschner
3f453f73a8 s3-libads: move spnego defines to their appropriate header file.
Guenther
2010-07-01 23:20:40 +02:00
Andreas Schneider
45fc728498 libcli: Fixed a build warning for a missing prototype. 2010-06-30 10:26:59 +02:00
Andrew Bartlett
c84b74dddd schannel Change to TDB_CLEAR_IF_FIRST to reduce fsync()
By making this DB TDB_NOSYNC, and by making that safe with
TDB_CLEAR_IF_FIRST, we greatly reduce the fsync() load on the server.

This particularly helps the source4/ 'make test', which otherwise tries
to disable fsync() in ldb.

Andrew Bartlett

Signed-off-by: Jeremy Allison <jra@samba.org>
2010-06-25 12:00:36 -07:00
Andrew Bartlett
825b2f456c libcli/auth make open_schannel_session_store() public
This will allow TDB_CLEAR_IF_FIRST to be used

Signed-off-by: Jeremy Allison <jra@samba.org>
2010-06-25 11:57:23 -07:00
Andrew Bartlett
fdc6db34ca s4:ntlmssp Use common code for ntlmssp_sign.c
The common code does not have a mem_ctx on ntlmssp_check_packet() and
ntlmssp_unseal_packet().

We do however need some internal working of the code exposed, so some
structures are moved to ntlmssp_sign.h

Andrew Bartlett
2010-06-01 17:11:24 +10:00
Andrew Bartlett
62708fbd1b s3:ntlmssp Move ntlmssp_sign.c from source3 to common code.
This needs a small re-arrangement of the supporting code.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31 15:11:36 +02:00
Andrew Bartlett
ebae21f023 ntlmssp: Make the ntlmssp.h from source3/ a common header
The code is not yet in common, but I hope to fix that soon.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31 15:10:56 +02:00
Jeremy Allison
2d46e07c47 Fix what looks like a cut-and-paste error in our read_negTokenInit() function.
We should never be calling asn1_push_XXX functions inside an asn1
reading function. Change asn1_push_tag() -> asn1_start_tag() and
asn1_pop_tag() -> asn1_end_tag(). This allows us to connect to a
NetApp filer at the Microsoft plugfest.

Andrew PLEASE CHECK !

Jeremy.
2010-05-20 14:50:16 -07:00
Jeremy Allison
b0d7a3d123 Thanks to Andrew Bartlett's advice, fix the NTLMSSP version problem the correct way.
No more magic blobs :-). Use ndr_push_struct_blob() to
push a properly formatted VERSION struct.

Jeremy.
2010-05-19 10:36:39 -07:00
Jelmer Vernooij
b8268cf7b0 s3: Remove use of iconv_convenience. 2010-05-18 11:45:31 +02:00
Jelmer Vernooij
f9ca9e46ad Finish removal of iconv_convenience in public API's. 2010-05-18 11:45:30 +02:00
Volker Lendecke
4d84dab21d libcli/auth: Fix an uninitialized variable
value.dptr was used uninitialized in the "goto done;"
2010-04-11 22:57:25 +02:00
Andrew Tridgell
b0fb567f04 s4-waf: more dependencies on talloc
these are needed so we can support a system talloc without using the
bundled talloc.h
2010-04-06 20:27:13 +10:00
Andrew Tridgell
f9eae32f4b s4-waf: mark the wscript files as python so vim/emacs knows how to highlight them 2010-04-06 20:27:11 +10:00
Andrew Tridgell
aa5e08eb83 s4-waf: install the rest of the headers 2010-04-06 20:27:09 +10:00
Andrew Tridgell
845e0cbe6f build: commit all the waf build files in the tree 2010-04-06 20:26:48 +10:00
Matthias Dieter Wallnöfer
36175be5d4 libcli/auth/schannel_state_tdb.c - fix a memory leak 2010-03-16 17:11:47 +01:00
Matthias Dieter Wallnöfer
1deefcaee1 libcli/auth/schannel_state_tdb.c - fix an obviously wrong error handling 2010-03-09 17:18:26 +01:00
Stefan Metzmacher
6eedba102b libcli/auth: add a const to des_crypt112_16()
metze
2010-03-05 14:06:18 +01:00
Karolin Seeger
340797f3fa Fix typo in comments. 2010-03-03 16:03:13 +01:00
Stefan Metzmacher
d671b80cf5 libcli/auth: print the error in the debug message
metze
2010-02-26 10:43:46 +01:00
Simo Sorce
805f7507e2 s4:cleanup remove unused schannel ldb code 2010-02-23 12:46:51 -05:00
Simo Sorce
1203de99b1 s4:schannel merge code with s3
After looking at the s4 side of the (s)channel :) I found out that it makes
more sense to simply make it use the tdb based code than redo the same changes
done to s3 to simplify the interface.

Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet
that does not solve the lookup speed, with ldb it is always going to be slower.

Looking through the history it is evident that the schannel database doesn't
really need greate expanadability. And lookups are always done with a single
Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated.

The schannel database is not really a persistent one. It can be discared during
an upgrade without causing any real issue. all it contains is temproary session
data.
2010-02-23 12:46:50 -05:00
Simo Sorce
1d0938c629 schannel_tdb: make code compilable in both trees 2010-02-23 12:46:50 -05:00
Simo Sorce
3b12c38ac0 s3:schannel streamline interface
Make calling schannel much easier by removing the need to explicitly open the
database. Let the abstraction do it instead.
2010-02-23 12:46:50 -05:00
Simo Sorce
e5ab64a799 s3:schannel fix memory hierarchy
passing mem_ctx was causing creds->sid to be allocated on mem_ctx and not be
child of creds as expected. When later in schannel_check_creds_state() we
stole the creds on a different memory context the sid was left behind and the
memory it points to freed when the temporary context was freed.
2010-02-23 12:46:50 -05:00
Simo Sorce
bb9014d5cb schannel: merge header files
One almost empty header file was simply including another not included by
anything else. Just merge them together.
2010-02-23 12:46:50 -05:00
Simo Sorce
8e2f5fe7c5 s4:schannel more readable check logic
Make the initial schannel check logic more understandable.
Make it easy to define different policies depending on the caller's
security requirements (Integrity/Privacy/Both/None)

This is the same change applied to s3
2010-02-23 12:46:50 -05:00
Simo Sorce
b4c9dc3724 s3:schannel more readable check logic
Make the initial schannel check logic more understandable.
Make it easy to define different policies depending on ther caller's security
requirements (Integrity/Privacy/Both/None)
2010-02-23 12:46:50 -05:00
Matt Kraai
aa6a507e76 Change uint_t to unsigned int in libcli
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-02-02 07:18:17 +01:00
Volker Lendecke
be05d71b9e Simplify E_md5hash a bit 2010-01-07 11:07:55 +01:00
Andrew Bartlett
ba2cfceb96 libcli/auth Make gd's NDR NTLMSSP parsers helpers common
(but not built in Samba4 for now)
2009-12-22 21:07:51 +01:00
Stefan Metzmacher
dc8e681755 libcli/auth: initialize creds in netlogon_creds_client_init_session_key()
metze
2009-10-24 11:59:15 +02:00
Stefan Metzmacher
f2da9c8c1a libcli/auth: fix memory leak in schannel_creds_server_step_check_ldb()
metze
2009-10-24 11:59:14 +02:00
Stefan Metzmacher
5ae1d700eb libcli/auth: don't leak the ldb_msg in schannel_store_session_key_ldb()
metze
2009-10-24 11:59:13 +02:00
Matthias Dieter Wallnöfer
19302db6cb s3/s4 common: fix up header file 2009-10-04 20:18:28 +02:00
Kouhei Sutou
f8dae40fc8 spnego: Support ASN.1 BIT STRING and use it in SPNEGO.
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17 20:10:54 +02:00
Günther Deschner
43e198c188 spnego: add spnego_proto.h.
Guenther
2009-09-17 01:39:12 +02:00
Günther Deschner
503d035814 spnego: share spnego_parse.
Guenther
2009-09-17 01:12:20 +02:00
Günther Deschner
83023462f9 libcli/auth: remove trailing whitespace.
Guenther
2009-09-16 18:00:16 +02:00
Stefan Metzmacher
033ced60ac libcli/auth: rewrite schannel sign/seal code to be more generic
This prepares support for HMAC-SHA256/AES.

metze
2009-09-16 12:29:06 +02:00
Günther Deschner
5b86a0ac01 schannel: remove last traces of gensec.
Guenther
2009-09-16 03:23:05 +02:00
Günther Deschner
799f8d7e13 schannel: fully share schannel sign/seal between s3 and 4.
Guenther
2009-09-16 01:55:06 +02:00
Günther Deschner
f3979b50a9 schannel: move schannel_sign to main directory.
Guenther
2009-09-16 01:54:59 +02:00