sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Code
72,874 Commits 60 Branches 1,144 Tags 452 MiB
7d6ebe0de7
Commit Graph

179 Commits

Author SHA1 Message Date
Jeremy Allison
7d6ebe0de7 More const fixes. Remove CONST_DISCARD. 2011-05-06 01:44:07 +02:00
Volker Lendecke
d9b03cb4f0 s3: Fix Coverity ID 1136: CONSTANT_EXPRESSION_RESULT 2011-04-01 08:50:06 +02:00
Günther Deschner
3aa9d3005a s3-build: only include asn1 headers where actually needed. 
Guenther
 2011-03-16 23:46:18 +01:00
Stefan Metzmacher
f802075f08 s3:ntlm_auth: support clients which offer a spnego mechs we don't support 
Before we rejected the authentication if we don't support the
first spnego mech the client offered.

We now negotiate the first mech we support.

This fix works arround problems, when a client
sends the NEGOEX (1.3.6.1.4.1.311.2.2.30) oid,
which we don't support.

metze
 2010-12-07 17:39:03 +01:00
Stefan Metzmacher
ee4f5ac618 s3:ntlm_auth: free session key, as we don't use it (at least for now) 
metze
 2010-12-07 17:39:03 +01:00
Stefan Metzmacher
9a56ade6b1 s3:ntlm_auth: fix memory leak in the raw ntlmssp code path 
metze
 2010-12-07 17:39:03 +01:00
Andrew Bartlett
9da4ace1d9 s3-debug Impove setup_logging() to specify logging to stderr 
This change improves the setup_logging() API so that callers which
wish to set up logging to stderr can simply ask for it, rather than
directly modify the dbf global variable.

Andrew Bartlett
 2010-11-02 04:36:04 +00:00
Volker Lendecke
0858b7546e s3: Add the PAC info3 struct to the netsamlogon_cache in ntlm_auth 2010-09-16 12:02:57 -07:00
Volker Lendecke
547b268cfa s3: Correctly unwrap the krb ticket in gss-spnego 2010-09-16 12:02:56 -07:00
Volker Lendecke
70ab7eb530 s3: Fall back to raw NTLMSSP for the gss-spnego protocol 
This is to handle the mod_auth_ntlm_winbind protocol
sending "Negotiate" to IE, which sends raw NTLMSSP
instead of a SPNEGO wrapped NTLMSSP blob.
 2010-09-16 12:02:56 -07:00
Volker Lendecke
de2c143f4d s3: Split off output generation from manage_squid_ntlmssp_request 2010-09-16 12:02:56 -07:00
Volker Lendecke
ae483bbe9a s3: Wrap the ntlm_auth loop with a talloc_stackframe 2010-09-16 12:02:56 -07:00
Andrew Bartlett
6832d5e933 libcli/auth/ntlmssp Be clear about talloc parents for session keys 
The previous API was not clear as to who owned the returned session key.
This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code,
and avoids making allocations - we steal and zero instead.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-16 21:09:17 +10:00
Volker Lendecke
6400f3ee62 s3: Fix some debug msgs in ntlm_auth 2010-09-15 10:31:00 -07:00
Volker Lendecke
9271570516 s3: Remove some unnecessary if-statements 2010-09-13 22:02:44 -07:00
Volker Lendecke
69db4b4ccf ntlm_auth: Fix a valgrind error 2010-09-13 16:41:14 -07:00
Volker Lendecke
95a0b6830f s3: Fix a typo 2010-09-13 10:27:27 -07:00
Volker Lendecke
e03f8ded01 s3: Fix a typo (authentictaion->authentication) 2010-09-13 10:15:27 -07:00
Günther Deschner
7ff7eb0b52 s3-build: only include nsswitch header where needed. 
Guenther
 2010-08-26 00:20:28 +02:00
Andreas Schneider
ce2a086119 s3-popt: Only include popt-common.h when needed. 2010-08-05 12:08:31 +02:00
Günther Deschner
e7a6a3ec0d s3: avoid global include of ads.h. 
Guenther
 2010-08-05 00:32:02 +02:00
Simo Sorce
26f1218a36 s3-libsmb: Use data_blob_talloc to get krb5 ticket and session keys 2010-07-20 20:02:09 -04:00
Simo Sorce
cdcdaaa6dd s3-ntlmssp: Remove ntlmssp_end and let the talloc hierarchy handle it. 
All the members are children of ntlmssp_state anyway.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-19 14:19:47 +10:00
Andrew Bartlett
ebae21f023 ntlmssp: Make the ntlmssp.h from source3/ a common header 
The code is not yet in common, but I hope to fix that soon.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-31 15:10:56 +02:00
Günther Deschner
1d2dd47d31 s3-crypto: only include crypto headers when crypto is done. 
Guenther
 2010-05-18 00:44:27 +02:00
Andrew Bartlett
454b0b3f20 s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATA 
All the callers just want the PAC_LOGON_INFO, so search for that in
ads_verify_ticket(), and don't bother the callers with the rest of the
PAC.

This change makes sense on it's own (removing boilerplate wrappers
that just confuse the code), but it also makes it much easier to
implement a matching ads_verify_ticket() function in Samba4 for the
s3compat proposal.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-11 22:52:37 +02:00
Kai Blin
e968db6739 s3 ntlm_auth: Don't malloc data that will be talloc_free()d 
This fixes bug #7290
Thanks to Mohan <mohann@silver-peak.com> for the bug report.
 2010-03-26 13:43:21 -07:00
Stefan Metzmacher
dee63fe4ca s3:ntlmssp: use client.netbios_name instead of workstation 
metze

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-03-24 17:34:56 +01:00
Stefan Metzmacher
ca2a5693bf s3:ntlmssp: rename void *auth_context; into void *callback_private; 
metze

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-03-24 17:34:55 +01:00
Stefan Metzmacher
7c0ea293f9 s3:ntlmssp: remove unused get_global_myname() and get_domain() from ntlmssp_state 
Inspired by the NTLMSSP merge work by Andrew Bartlett.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-03-24 17:34:55 +01:00
Stefan Metzmacher
7d977da925 s3:ntlmssp: pass names and use_ntlmv2 to ntlmssp_client_start() and store them 
Inspired by the NTLMSSP merge work by Andrew Bartlett.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-03-24 17:34:55 +01:00
Stefan Metzmacher
eb17809812 s3:ntlmssp: pass names to ntlmssp_server_start() and store them in ntlmssp_state 
Inspired by the NTLMSSP merge work by Andrew Bartlett.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-03-24 17:34:54 +01:00
Volker Lendecke
fd1b6bdef9 s3: Fix some nonempty blank lines 2010-01-10 20:56:16 +01:00
Andrew Bartlett
802e9328ed s3:ntlmssp: only include ntlmssp.h where actually needed 
Andrew Bartlett
 2009-12-22 21:07:53 +01:00
Andrew Bartlett
5b37cd23bf s3:ntlmssp: remove the typedef NTLMSSP_STATE 
Andrew Bartlett
 2009-12-22 21:07:53 +01:00
Günther Deschner
04f8c229de s3-kerberos: only use krb5 headers where required. 
This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.

Guenther
 2009-11-27 16:36:00 +01:00
Kai Blin
43ed7a413d ntlm_auth: use data_blob_talloc() to allocate session key 
Thanks to Shibu Piriyath <shibunair80@ymail.com> for spotting the issue.
 2009-11-21 07:29:33 +01:00
Günther Deschner
60bf0eb607 s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg. 
Guenther
 2009-11-06 13:31:17 +01:00
Kouhei Sutou
f8dae40fc8 spnego: Support ASN.1 BIT STRING and use it in SPNEGO. 
Signed-off-by: Günther Deschner <gd@samba.org>
 2009-09-17 20:10:54 +02:00
Günther Deschner
503d035814 spnego: share spnego_parse. 
Guenther
 2009-09-17 01:12:20 +02:00
Bo Yang
8c7a579bdc s3: set winbindd request flags in ntlm_auth to make it contact trusted domain when krb5 auth is enabled 
Signed-off-by: Bo Yang <boyang@samba.org>
 2009-05-22 02:03:32 +08:00
Andrew Bartlett
32062013c3 s3: Fix ntlm_auth and winbindd to use new common libcli/auth APIs 2009-04-14 19:33:04 +10:00
Andrew Bartlett
baf7274fed Make Samba3 use the new common libcli/auth code 
This is particuarly in the netlogon client (but not server at this
stage)
 2009-04-14 16:23:44 +10:00
Andrew Bartlett
f28f113d8e Rework Samba3 to use new libcli/auth code (partial) 
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).

We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server

Andrew Bartlett
 2009-04-14 16:23:35 +10:00
Andrew Bartlett
97af7f1ed1 Add some harmless use of talloc_tos() in ntlm_auth 2009-04-14 12:54:12 +10:00
Andrew Bartlett
574a6a8c35 s3:kerberos Rework smb_krb5_unparse_name() to take a talloc context 
Signed-off-by: Günther Deschner <gd@samba.org>
 2009-04-07 13:25:36 +02:00
Volker Lendecke
5b6c428763 Fix an uninitialized variable, introdued with 4d100f2f 2009-02-13 12:15:04 +01:00
Volker Lendecke
6e19b22c5a Fix Coverity ID 744 
This was marked as a resource leak. This change makes the code a bit clearer
that we always free error_string.
 2009-02-13 10:20:51 +01:00
Volker Lendecke
4d100f2f6a Fix Coverity ID 745 (RESOURCE_LEAK) 2009-02-13 10:20:45 +01:00
todd stecher
9d4d2f70cb S3: Fixes for coverity issues. 2009-02-10 14:43:14 -08:00