summaryrefslogtreecommitdiff
path: root/source3/libsmb/credentials.c
AgeCommit message (Collapse)AuthorFilesLines
2009-05-07s3-credentials: protect netlogon_creds_server_step() against NULL creds.Günther Deschner1-0/+4
Found by SCHANNEL torture tests. Guenther
2009-04-14Rework Samba3 to use new libcli/auth code (partial)Andrew Bartlett1-78/+8
This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
2009-02-05s3: use struct netr_Credential in cred_step().Günther Deschner1-1/+1
Guenther
2008-02-17Remove unused creds_client_check and creds_client_step.Günther Deschner1-23/+0
Guenther (This used to be commit 1dcb32424d16cff968a8713352c93c48dec58674)
2008-02-16Remove unused creds_server_check and creds_server_step.Günther Deschner1-41/+0
Guenther (This used to be commit 2fb73a3545634982d17d3823cb629f06c5779fc0)
2008-02-15Replace DOM_CHAL with "struct netr_Credential" where we can right now.Günther Deschner1-15/+17
This allows to remove some more old netlogon client calls. Guenther (This used to be commit c0b1a876583230a5130f5df1965d6c742961bcdc)
2008-02-15Add netlogon_creds_server_check and netlogon_creds_server_step.Günther Deschner1-0/+45
Guenther (This used to be commit ea0bf74918e7b009439452ea14ed68b0ce620787)
2008-02-15Add netlogon_creds_client_check and netlogon_creds_client_step.Günther Deschner1-0/+31
Guenther (This used to be commit 41d33a2507e3fae7837bb8e42b1ac30cc31c31dc)
2007-12-05remove some staticsVolker Lendecke1-5/+7
(This used to be commit 97c9a4042d36178a728b5e0f8923091c7069366d)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-4/+4
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r21947: Fix the equivalent of memcpy(x, x, 16). FoundJeremy Allison1-1/+3
by valgrind on the build farm. Jeremy. (This used to be commit 6eed92dfd4da1f9979831bec8e0dcdee33fb53b4)
2007-10-10r13553: Fix all our warnings at -O6 on an x86_64 box.Jeremy Allison1-4/+4
Jeremy. (This used to be commit ea82958349a57ef4b7ce9638eec5f1388b0fba2a)
2007-10-10r13539: Add 128 bit creds processing client and server. Thanks to Andrew ↵Jeremy Allison1-9/+79
Bartlett's Samba4 code. Jeremy. (This used to be commit a2fb436fc5dd536cfe860be93f55f9cb58139a0e)
2007-10-10r13519: Fix the credentials chaining across netlogon pipe disconnects.Jeremy Allison1-6/+19
I mean it this time :-). Jeremy. (This used to be commit 80f4868944d349015d2b64c2414b06466a8194aa)
2007-10-10r13407: Change the credentials code to be more like the Samba4 structure,Jeremy Allison1-57/+40
makes fixes much easier to port. Fix the size of dc->sess_key to be 16 bytes, not 8 bytes - only store 8 bytes in the inter-smbd store in secrets.tdb though. Should fix some uses of the dc->sess_key where we where assuming we could read 16 bytes. Jeremy. (This used to be commit 5b3c2e63c73fee8949108abe19ac7a448a033a7f)
2007-10-10r13147: Raise creds_server_step fail log messages to debug level 2.Jeremy Allison1-1/+1
These can happen in normal operation (I think - not 100% sure) and don't want to alarm admins. Jerry please add this to 3.0.21b. Jeremy. (This used to be commit 47178b1b5ad06905f345a0f6b6267701d8aefddb)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison1-3/+3
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-116/+179
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r10269: Server-side fix for creds change - revert jcmd's change.Jeremy Allison1-30/+2
Jeremy. (This used to be commit e1c9813d63a441037bc71622a29acda099d72f71)
2007-10-10r9112: Fix #2953 - credentials chain on DC gets out of sync with client whenJim McDonough1-2/+30
NT_STATUS_NO_USER returned. We were moving to the next step in the chain when the client wasn't. Only update when the user logs on. (This used to be commit b01a3a4111f544eef5bd678237d07a82d1ce9c22)
2002-03-02Add a dash of const here and there...Andrew Bartlett1-3/+3
(This used to be commit 413a46292b4e963343abce2428955305052e9cb4)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-4/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-24Removed extra '()' s.Jeremy Allison1-8/+6
Jeremy. (This used to be commit b5f4a97bb028394f56c904dbb8e12827cb99e785)
1998-08-14this is the bug change to using connection_struct* instead of cnum.Andrew Tridgell1-3/+3
Connections[] is now a local array in server.c I might have broken something with this change. In particular the oplock code is suspect and some .dll files aren't being oplocked when I expected them to be. I'll look at it after I've got some sleep. (This used to be commit c7ee025ead4a85b6fa44a832047b878451845fb6)
1998-05-12This is a security audit change of the main source.Jeremy Allison1-1/+1
It removed all ocurrences of the following functions : sprintf strcpy strcat The replacements are slprintf, safe_strcpy and safe_strcat. It should not be possible to use code in Samba that uses sprintf, strcpy or strcat, only the safe_equivalents. Once Andrew has fixed the slprintf implementation then this code will be moved back to the 1.9.18 code stream. Jeremy. (This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
1998-01-22This is *not* a big change (although it looks like one).Jeremy Allison1-1/+1
This is merely updating the Copyright statements from 1997 to 1998. It's a once a year thing :-). NO OTHER CHANGES WERE MADE. Jeremy. (This used to be commit b9c16977231efb274e08856f7f3f4408dad6d96c)
1997-11-02fix some uchar/char conflictsAndrew Tridgell1-2/+2
(This used to be commit c164681dfe2ad9623a59f01eea914bf27d4801e5)
1997-11-02convert the credentials code back to uchar[8] from uint32[2]Andrew Tridgell1-43/+41
This should fix the byte order problems (maybe!) (This used to be commit 21878e7d8628d05786c3c76f2943e31df1096577)
1997-10-26hooray. hooray some more. hooray a lot. got the client-side working.Luke Leighton1-59/+39
Q/R LSA_REQ_CHAL; Q/R LSA_AUTH2; Q/R LSA_SAMLOGON; Q/R LSA_SAMLOGOFF. the last (non-essential right now) bit is the LSA_SRV_PWSET. the next stage is to do LSA_OPENPOLICY; add the pipe binds (missing right now); then we can test against an NT Server. (This used to be commit 0a549e62fbf11a3ff1f1de663176e30006553e08)
1997-10-25Makefile :Luke Leighton1-0/+107
adding bits for new nt domain code byteorder.h : trying to get macros right, and not to crash on SUNOS5... client.c : added #ifdef NTDOMAIN, and created do_nt_login() function. don't want to have to recompile client.c unless absolutely necessary. credentials.c : moved deal_with_creds() [possibly inappropriately] into credentials.c ipc.c reply.c server.c uid.c : attempting to make (un)become_root() functions calleable from smbclient. this is a little tricky: smbclient might have to be another setuid root program, immediately setuid'ing to non-root, so that we can reset-uid to root to get at the smbpasswd file. or, have a secure pipe mechanism to smbd to grab smbpasswd entries. or the like. smbdes.c smbencrypt.c : created a function to generate lm and nt owf hashes. lsaparse.c ntclient.c smbparse.c : added nt client LSA_AUTH2 code. it works, too! pipenetlog.c pipentlsa.c pipesrvsvc.c : simplification. code-shuffling. getting that damn offset right for the opcode in RPC_HDR. smb.h : changed dcinfo xxx_creds to DOM_CRED structures instead of DOM_CHAL. we might need to store the server times as well. proto.h : the usual. (This used to be commit 82436a3d99d4bdce249ce9ff27fd2ca4b2447e07)
1997-10-20casting cleanupsAndrew Tridgell1-6/+6
(This used to be commit ab849a97821c9e1f199eea8ea2ec477687bed947)
1997-10-20move calls to smbhash() inside smbdes.c (for legal reasons)Andrew Tridgell1-9/+2
(This used to be commit 9dfab27da3634539e99eb48c85dd5a64212e7005)
1997-10-17pipenetlog.c lsaparse.c smb.h :Luke Leighton1-1/+10
SAM logon sorting. too many buffer pointers. added in the missing switch value (value of 3). dealing with the buffer pointers to the user info structure in a slightly different way. (This used to be commit 7993e17c9a1edddae6407d3f12790c461def705a)
1997-10-15smb.h smbparse.c pipenetlog.c :Luke Leighton1-2/+1
whoops, the SAM Logon structure was wrong. updated this, and cifsntdomain.txt. more debug info in pipenetlog.c. the crash is somewhere around deal_with_credentials(). byteorder.h : put in uint8, uint16 and uint32 typecasts around debug info, because sign extending was resulting in ffffffe8 being displayed instead of e8. credentials.c : some debugging info, because i'm tracking a coredump. without gdb. nothing like making things difficult. reply.c : whoops, missed this (important) bit from paul's code, which tells the NT workstation that the MACHINE$ entry doesn't already exist, and we're going to create a default entry with a password "machine" right now. proto.h: the usual. (This used to be commit ed606bc7d4e6fb1091e527ea70a3e950d50a1db4)
1997-10-15fixed a stack overflow bug in api_lsa_req_chal()Andrew Tridgell1-4/+4
changed the order of arguments to smbhash() in credentials.c. Luke, when you changed from E1() to smbhash() you didn't notice that the arguments are in a different order. This is why your new code was failing. NT logon still fails, but now gets to SAMLOGON. It shouldn't take much to get it working now. (This used to be commit 708edc348f0fb81d9c918e4bf857f339a13a3781)
1997-10-14credentials, query info reply.Luke Leighton1-36/+32
(This used to be commit 9b095887df204393090d7da9a47508685ddd5163)
1997-10-13debugging... no idea what i'm doing.Luke Leighton1-1/+1
(This used to be commit d7a9a02e0a9e1e791810c24bcfcbd39a6bd7dac5)
1997-10-13debug info addedLuke Leighton1-7/+36
(This used to be commit a3f96555b47265b8cd4d1f735af58375e2591d56)
1997-10-13byteorder.h :Luke Leighton1-3/+13
debugging output wasn't (still isn't) perfect. credentials.c lsaparse.c smbparse.c : added DEBUG strings. pipes.c : lost some changes, to do with setup of RPC headers. arg. (This used to be commit 9fdd697d17b68293bb95fd68f44c24f0f5b97f5f)
1997-10-10Makefile:Luke Leighton1-15/+15
added credentials.c to smbd credentials.c: using credential structures instead of char* password.c uid.c server.c: added sid and attr to user_struct. smbdes.c: smbhash and str_to_key make public instead of private. pipes.c smb.h: lsa structures, sub-functions. proto.h: usual. (This used to be commit 87a0a944855a673d693d934e446bdc231b1c7f02)
1997-10-09credentials.c:Luke Leighton1-4/+4
use UTIME structure (defined and commented in smb.h to be time, secs, since 01jan1970) pipes.c: another sub-function. util.c: added char *unistr2(uint16 *buff) function. same as unistr except it takes uint16* instead of char*. smbparse.c smb.h: more structure sorting. proto.h: the usual. (This used to be commit 72a86f514f0c92b69499718e63f5dd73ebece56e)
1997-10-09an implementation of the NT domain credentials protocolAndrew Tridgell1-0/+101
(This used to be commit dd6ac9b1eea3b0ace27fbd014b5ad4625c1fdf94)