samba.git/libcli/auth, branch talloc-2.4.4 Unnamed repository; edit this file 'description' to name the repository. libcli/auth: let NTLMv2_RESPONSE_verify_netlogon_creds() check RODC callers check computer_name 2025-02-22T16:00:36+00:00 Stefan Metzmacher metze@samba.org 2025-02-14T22:22:45+00:00 c5d2659688f3c017cf4d63eb2217a2098cffd6a3 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
 libcli/auth: let NTLMv2_RESPONSE_verify_netlogon_creds() return the computer_name 2025-02-22T16:00:36+00:00 Stefan Metzmacher metze@samba.org 2025-02-14T21:57:20+00:00 8bbea061409cd36352f10125a318955c11e48d69 This will be used to implement the MS-NRPC 3.5.4.5.1.2 RODC server cachability validation. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> 
This will be used to implement the MS-NRPC 3.5.4.5.1.2 RODC server cachability validation.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
 libcli/auth: add NTLMv2_RESPONSE_verify_trust() checking 2025-02-22T16:00:36+00:00 Stefan Metzmacher metze@samba.org 2025-02-14T20:54:46+00:00 29b07aff09d8a6e592414134873bef3178d4c1e0 This implements MS-NRPC 3.5.4.5.1.1 Pass-through domain name validation. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> 
This implements MS-NRPC 3.5.4.5.1.1 Pass-through domain name validation.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
 libcli/auth: pass trust_forest_domain_info array to NTLMv2_RESPONSE_verify_netlogon_creds 2025-02-22T16:00:36+00:00 Stefan Metzmacher metze@samba.org 2025-02-14T19:02:30+00:00 97e256566ffe42fc1bb62623b658247b5d899bde This will be used in the next commits in order to implement MS-NRPC 3.5.4.5.1.1 Pass-through domain name validation. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> 
This will be used in the next commits in order to
implement MS-NRPC 3.5.4.5.1.1 Pass-through domain name validation.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
 libcli/auth: split out NTLMv2_RESPONSE_verify_workstation() 2025-02-22T16:00:36+00:00 Stefan Metzmacher metze@samba.org 2025-02-13T17:19:42+00:00 1e09a2846f555e98a6f534225cc4acb90c3d6c6c Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
 libcli/auth: add support for ServerAuthenticateKerberos() 2025-01-13T23:40:30+00:00 Stefan Metzmacher metze@samba.org 2024-09-06T12:07:15+00:00 87b1679c6ff32f746d4b20a1f2bec15efbc04f5d Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
libcli/auth: add netlogon_creds_cli_use_kerberos() helper 2025-01-13T23:40:30+00:00 Stefan Metzmacher metze@samba.org 2024-09-06T12:07:15+00:00 473893738a4c9381207204b1b35770599193411e This allows the calling code to decide if a krb5 or anonymous netlogon connection should be tried. Currently we don't try ServerAuthenticateKerberos, but that will change in a few commits. But before we need to prepare the callers... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> 
This allows the calling code to decide if a krb5 or anonymous
netlogon connection should be tried.

Currently we don't try ServerAuthenticateKerberos, but that will change
in a few commits. But before we need to prepare the callers...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
libcli/auth: let schannel_check_creds_state() take an access_check callback 2024-12-12T13:59:29+00:00 Stefan Metzmacher metze@samba.org 2024-11-26T11:54:02+00:00 2cf8a8ea35d75c7dcac0e724b473f66a36acd8b2 This allows the callback to decide if the updated creds should be stored or not. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 
This allows the callback to decide if the updated creds should be stored
or not.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 libcli/auth: add infrastructure for netr_ServerAuthenticateKerberos() 2024-12-12T13:59:29+00:00 Stefan Metzmacher metze@samba.org 2024-10-29T17:02:19+00:00 c7a0efb29e1cd2e8655a1fe0c89fe7ac79b52f2c This shows that STRONG_KEY without ARCFOUR means no encryption for ServerPasswordSet2. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 
This shows that STRONG_KEY without ARCFOUR means no encryption
for ServerPasswordSet2.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 libcli/auth: add let netlogon_creds_alloc() use _talloc_keep_secret() 2024-12-12T13:59:29+00:00 Stefan Metzmacher metze@samba.org 2024-12-11T09:14:44+00:00 36b5a75123742b69be190618b549e06374852b58 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>