summaryrefslogtreecommitdiff
path: root/auth/ntlmssp
AgeCommit message (Collapse)AuthorFilesLines
2013-06-19build: Build with system md5.h on OpenIndianaAndrew Bartlett2-2/+2
This changes (again...) our system md5 detection to cope with how OpenIndiana does md5. I'm becoming increasingly convinced this isn't worth our while (we should have just done samba_md5...), but for now this change seems to work on FreeBSD, OpenIndiana and Linux with libbsd. This needs us to rename struct MD5Context -> MD5_CTX, but we provide a config.h define to rename the type bad if MD5_CTX does not exist (it does however exist in the md5.h from libbsd). Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
2013-03-27auth/ntlmssp: Avoid use-after-free of user_info after logon failure at log ↵Andrew Bartlett1-1/+1
level 5 Reviewed-by: Jeremy Allison <jra@samba.org>
2012-08-04auth/ntlmssp: avoid talloc_tos() in ntlmssp_client_initial()Stefan Metzmacher1-1/+1
This avoids a smb_panic at log level = 10. If we don't have a talloc stackframe yet. metze
2012-07-03auth: Remove .get_challenge (only used for security=server)Andrew Bartlett1-7/+0
With NTLMSSP, for NTLM2 we need to be able to set the effective challenge, so if we ever did use a module that needed this functionlity, we would downgrade to just NTLM. Now that security=server has been removed, we have no such module. This will make it easier to make the auth subsystem async, as we will not need to consider making .get_challenge async. Andrew Bartlett
2012-03-09auth/ntlmssp: Remove reference to struct ntlmssp_stateAndrew Bartlett1-6/+1
2012-03-09auth/ntlmssp: Remove gensec_security element from gensec_ntlmssp_stateAndrew Bartlett4-8/+5
This just means there is one less pointer to ensure we initialise. Andrew Bartlett
2012-02-24auth: Remove plugable password-check functions from gensec_ntlmsspAndrew Bartlett5-228/+105
The auth4_context layer now provides the plugability here. Andrew Bartlett
2012-02-24auth: consolidate gensec_ntlmssp_server wrapper functionsAndrew Bartlett2-50/+18
2012-02-24s3-ntlm_auth: Convert ntlm_auth to use gensec_ntlmssp server-sideAndrew Bartlett2-0/+13
This uses the common gensec_ntlmssp server code for ntlm_auth, removing the last non-gensec use of the NTLMSSP server. Andrew Bartlett
2012-02-24auth: Rename some elements of auth4_contextAndrew Bartlett1-10/+10
These operate on NTLM authentication, so make that clear. Andrew Bartlett
2012-02-18auth: Reorder arguments to generate_session_infoAndrew Bartlett1-1/+1
This matches check_ntlm_password() and generate_session_info_pac() Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Feb 18 02:19:35 CET 2012 on sn-devel-104
2012-02-17auth: Allow the netbios name and domain to be set from winbindd in ntlm_auth3Andrew Bartlett1-2/+11
Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Feb 17 12:18:51 CET 2012 on sn-devel-104
2012-02-17auth: Make more of the ntlmssp code private or staticAndrew Bartlett3-96/+64
Now that there is only one gensec_ntlmssp server, some of these functions can be static For the rest, put the implemtnation of the gensec_ntlmssp code into ntlmssp_private.h Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17auth: Provide a way to specify the NTLMSSP server name to GENSECAndrew Bartlett1-17/+36
This avoids us needing to assume lp_netbios_name().lp_dnsdomain() if the caller knows better. This will allow preservation of current s3 behaviour. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17auth: Rearrange ntlmssp code for clarityAndrew Bartlett1-9/+8
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17auth: Set NTLMSSP_NEGOTIATE_SIGN when session key support is requiredAndrew Bartlett1-0/+3
This matches the s3 NTLMSSP server. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth Use the common gensec_ntlmssp_update in gensec_ntlmssp3_serverAndrew Bartlett2-4/+11
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth: Use common gensec_ntlmssp server functions for more of ↵Andrew Bartlett2-7/+47
gensec_ntlmssp3_server This is possible because we now supply the auth4_context abstraction that this code is looking for. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth: Add extra error messages on authentication or authorization failureAndrew Bartlett1-0/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17auth: Cope with NO_USER_SESSION_KEY from security=serverAndrew Bartlett1-2/+8
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17auth: Move the rest of the source4 gensec_ntlmssp code to the top levelAndrew Bartlett6-2/+1099
The ntlmssp_server code will be in common shortly, and aside from a symbol name or two, moving the client code causes no harm and makes less mess. We will also get the client code in common very soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth Hook checking passwords and generating session_info via the ↵Andrew Bartlett1-3/+0
auth4_context This avoids creating a second auth_context, as it is a private pointer in the auth4_context that has already been passed in, and makes the gensec_ntlmssp code agnostic to the type of authentication backend behind it. This will in turn allow the ntlmssp server code to be further merged. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-08auth: rename ntlmssp.c to ntlmssp_util.cAndrew Bartlett2-1/+1
2012-01-30auth: Make check_password and generate_session_info hook genericAndrew Bartlett1-4/+1
gensec_ntlmssp does not need to know the internal form of the struct user_info_dc or auth_serversupplied_info. This will allow the calling logic to be put in common. Andrew Bartlett
2011-10-28gensec: Add parinoia about integer wrappingAndrew Bartlett1-0/+7
2011-10-18ntlmssp: Refuse to seal if we did not negotiate to signAndrew Bartlett1-0/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Put members from auth_ntlmssp_state into gensec_ntlmssp_stateAndrew Bartlett1-1/+17
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Prepare gensec_ntlmssp_start() for broader useAndrew Bartlett1-11/+0
This moves the allocation of the ntlmssp pointer back to the callers. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett9-0/+2123
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>