sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-14 19:24:43 +03:00
Code
96,703 Commits 60 Branches 1,145 Tags
Commit Graph

1220 Commits

Author SHA1 Message Date
Stefan Metzmacher
6158ea1abd s3-gse: create memory keytab in gse_krb5_get_server_keytab() 
The other functions just add entries to it.

metze
 2012-01-20 23:55:53 +01:00
Stefan Metzmacher
f86ab29470 s3-gse: fix SECRETS_AND_KEYTAB fallback in gse_krb5_get_server_keytab() 
metze
 2012-01-20 23:55:53 +01:00
Andrew Bartlett
e249bdd32e s3-gse: align common elements between gse_context and gensec_gssapi_state 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:25 +01:00
Andrew Bartlett
45ec777e0e s3-gse: Make gensec_gse cope with non-DCE GSSAPI 
The validation of the mutual authentication reply produces no further
data to send to the server.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:25 +01:00
Stefan Metzmacher
545c1ad1b9 s3-gse: the server should not check for GSS_C_MUTUAL_FLAG 
It up to the client to ask for GSS_C_MUTUAL_FLAG,
except for the dcerpc case, where the server is stricter.

metze
 2012-01-18 16:23:25 +01:00
Stefan Metzmacher
c5864deadc s3-gse: verify that we got GSS_C_DCE_STYLE when expected 
GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG, so also check for it.

metze
 2012-01-18 16:23:24 +01:00
Andrew Bartlett
ed88012dd2 s3-gse Remove authenticated flag from gse 
The only user for this flag is called only directly after it was set.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:24 +01:00
Andrew Bartlett
c759097956 s3-gse remove special more_processing hook from gse 
The NT_STATUS_MORE_PROCESSING_REQUIRED status code is what gensec
is expecting in any case.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:24 +01:00
Andrew Bartlett
5b90bcf83b s3-gse Rename gss_c_flags and ret_flags in gse 
This make it clearer what type of flags these are and matches
gensec_gssapi

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:24 +01:00
Andrew Bartlett
cf39b63a7b s3-gse Rename gss_ctx to match gensec_gssapi_context 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:24 +01:00
Andrew Bartlett
e8c8d293d8 s3-gse Rename delegated_creds to match gensec_gssapi_context 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:24 +01:00
Stefan Metzmacher
f14bcdf8ec s3-gse gss_wrap_iov_length() only needs the type and length 
metze
 2012-01-18 16:23:23 +01:00
Andrew Bartlett
23a062b51b s3-gse Make seal parameter a boolean for clarity 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:23 +01:00
Andrew Bartlett
f2efb0f6a3 s3-librpc Remove special case for spnego session key 
SPNEGO is implemented only in terms of gensec mechanisms now.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:23 +01:00
Andrew Bartlett
1818612830 s3-librpc Remove special case for spnego dcerpc sign/seal 
SPNEGO is implemented only in terms of gensec mechanisms now.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:23 +01:00
Andrew Bartlett
ad14b8c655 s3-gse Move GSS_C_DCE_STYLE backup definition to gse.c 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:23 +01:00
Andrew Bartlett
0132cca825 s3-gse Add const 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:23 +01:00
Andrew Bartlett
90efbe0fad s3-gse Remove or make static unused/local-only GSE functions 
The GSE layer is now used via the GENSEC module, so we do not need these
functions exposed any more.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:23 +01:00
Andrew Bartlett
f70c9fb76c s3-librpc Remove layer around struct gensec_security 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:22 +01:00
Andrew Bartlett
5ddec1182e s3-librpc: Simplify SPNEGO code now that all mechs use a struct gensec_security 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:22 +01:00
Andrew Bartlett
0c1b4c2321 s3-librpc Call SPENGO/GSSAPI via the auth_generic layer and gensec 
This simplifies a lot of code, as we know we are always dealing
with a struct gensec_security, and allows the gensec module being
used to implement GSSAPI to be swapped for AD-server operation.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:22 +01:00
Andrew Bartlett
53cc9c6a30 s3-librpc Allow spnego_generic_init_client to handle kerberos too 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:22 +01:00
Andrew Bartlett
e012ad9d8b s3-librpc Call GSSAPI via the auth_generic layer and gensec 
This simplifies a lot of code, as we know we are always dealing with a
struct gensec_security, and allows the gensec module being used to
implement GSSAPI to be swapped when required for AD-server operation.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:22 +01:00
Andrew Bartlett
d95d59138c s3-gse Make gse available as a gensec client module 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:22 +01:00
Andrew Bartlett
cbd8231e34 s3-gse: Add gensec wrapper for gse GSSAPI client 
This brings in part of the s4 gensec_gssapi as the boilerplate for the
new module.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-18 16:23:21 +01:00
Volker Lendecke
cfebba96bd s3: Put an indirection layer into share_mode_lock 
Signed-off-by: Jeremy Allison <jra@samba.org>
 2012-01-12 23:59:22 +01:00
Andrew Bartlett
49bafcfa48 s3-librpc Supply target service and server to spnego_generic_init_client() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-11 09:09:43 +01:00
Andrew Bartlett
50a939ad85 s3-librpc: Rename spnego_ntlmssp_init_client and make generic 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-11 09:05:01 +01:00
Andrew Bartlett
e8cd972177 s3-librpc: rename get_ntlmssp_auth_footer to be more generic 
This can handle any gensec auth type now.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-11 09:04:52 +01:00
Andrew Bartlett
6412ff84ce s3-librpc Return user principal name on supplied mem_ctx 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-11 08:25:19 +01:00
Andrew Bartlett
a00032a92d s3-libsmb Make auth_ntlmssp client more generic 
As well as renaming, this allows us to start the mech by DCE/RPC auth
type or OID.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-06 08:12:49 +01:00
Andrew Bartlett
4ac34f3288 s3-librpc remove unused headers 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-05 17:17:29 +01:00
Stefan Metzmacher
73ed88df35 s3:gse: MIT krb5 1.8.1 has a bug in gss_wrap_iov() 
gss_krb5int_make_seal_token_v3_iov() doesn't set '*conf_state'.

metze
 2012-01-05 17:17:28 +01:00
Andrew Bartlett
a1fd1a4c65 s3-librpc store the sign/seal flags we got in the gssapi client 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-05 17:17:28 +01:00
Andrew Bartlett
860ad734ba s3-libads Factor out a new routine kerberos_get_principal_from_service_hostname() 
This is now used in the GSE GSSAPI client, so that when we connect to
a target server at the CIFS level, we use the same name to connect
at the DCE/RPC level.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-05 17:17:28 +01:00
Andrew Bartlett
25d7675d69 s3-librpc Use gsskrb5_get_subkey() where available to get the session key 
This allows gse_get_session_key() to work against Heimdal.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-05 17:17:28 +01:00
Andrew Bartlett
21fb9a47ea s3-librpc Use gensec_sig_size() instead of a fixed NTLMSSP_SIG_SIZE 
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 22 20:57:27 CET 2011 on sn-devel-104
 2011-12-22 20:57:27 +01:00
Andrew Bartlett
6391fff9da s3-auth rename auth_ntlmssp_state -> auth_generic_state 
This structure handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-12-22 19:25:10 +01:00
Volker Lendecke
3441c01b16 s3: Convert open_files.idl to tab indents 2011-12-13 14:14:24 +01:00
Stefan Metzmacher
4eb5b0b392 s3:messaging.idl: obsolete unused MSG_SMB_SAM_* 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Dec 13 14:13:38 CET 2011 on sn-devel-104
 2011-12-13 14:13:38 +01:00
Volker Lendecke
1c46fb5c3e s3: Use autogenerated open_files.idl 2011-12-02 22:43:05 +01:00
Volker Lendecke
0c325463a2 s3: Add open_files.idl 2011-12-02 22:43:05 +01:00
Volker Lendecke
a86c536227 s3: Remove some leftovers of old ctdb tdb2 code 2011-10-31 12:48:06 +01:00
Andrew Bartlett
321204eaeb s3-ntlmssp Remove references to auth_ntlmssp_context from the rpc code 
We always dereferenced auth_ntlmssp_state->gensec_security, so now we
do not bother passing around the whole auth_ntlmssp_state.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-21 08:50:55 +02:00
Andrew Bartlett
0a0839821a s3-ntlmssp Remove auth_ntlmssp_session_key() 
We now just call the gensec_session_key() directly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-21 08:43:38 +02:00
Andrew Bartlett
3f079885b2 s3-ntlmssp Remove auth_ntlmssp_want_feature() 
We now just call the gensec_want_feature() directly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-21 08:43:33 +02:00
Andrew Bartlett
bd29f79463 s3-ntlmssp use gensec_{seal,unseal,sign,check}_packet 
This avoids the indirection via the auth_ntlmsssp wrapper functions.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-21 08:43:23 +02:00
Andrew Bartlett
083025ccd5 s3-ntlmssp Remove auth_ntlmssp_update wrapper 
We now just call gensec_update directly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-21 08:43:10 +02:00
Andrew Bartlett
f9b042641f s3-ntlmssp split auth_ntlmssp_client_start() into two parts 
This will allow it to be a wrapper around a gensec module, which
requires that they options be set on a context, but before the
mechanism is started.

This also simplfies the callers, by moving the lp_*() calls
into one place.

Andrew Bartlett
 2011-10-18 12:25:30 +02:00
Andrew Bartlett
0c6e4adcb2 ntlmssp: Move ntlmssp code to auth/ntlmssp 
This brings in the code from both libcli/auth and
source4/auth/ntlmssp.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-18 13:13:31 +11:00