summaryrefslogtreecommitdiff
path: root/source3/libsmb/ntlmssp.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r18008: Ok, same fix as before. But this time also allocate the session key. ↵Volker Lendecke1-5/+14
This had worked in one test, no idea what memory I've overwritten that time. This time it survives the unpatched w2k password change. Volker (This used to be commit bf7bf8e4e9a279fe3ef1e9ff655b12f65c3c3e67)
2007-10-10r18005: The ntlmssp fix is not correct yet, working on itVolker Lendecke1-6/+5
(This used to be commit 3e4da5541c24b3c3c5104fc5120a9be8a2f9ae69)
2007-10-10r17977: To be honest, I have NO idea whatsoever what this does, but it fixes ↵Volker Lendecke1-5/+6
what I have been able to reproduce with smbtorture4 for bug number 4059. It's too late here now to check with W2k native, I'll do that tomorrow or over the weekend. I'll then also check in a samba4 torture test to walk this from now on. Abartlet, can you do me a favor and look over this? It is a 1:1 copy of the corresponding Samba4 code. Thanks, Volker (This used to be commit fb5ebab873ba5196f35a9801ab2e21811b0fa8a0)
2007-10-10r17620: Fix two C++ Warnings and a memleakVolker Lendecke1-2/+6
(This used to be commit d7246284e0117f7a97b3cbb80ff45b532559bf63)
2007-10-10r17612: Modify NTLMSSP session code so that it doesn't storeJeremy Allison1-22/+34
a copy of the plaintext password, only the NT and LM hashes (all it needs). Fix smbencrypt to expose hash verions of plaintext function. Andrew Bartlett, you might want to look at this for gensec. This should make it easier for winbindd to store cached credentials without having to store plaintext passwords in an NTLM-only environment (non krb5). Jeremy. (This used to be commit 629faa530f0422755823644f1c23bea74830912f)
2007-10-10r17216: From Kai Blin <kai.blin@gmail.com>:Andrew Bartlett1-6/+44
A patch to make ntlm_auth recognize three new commands in ntlmssp-client-1 and squid-2.5-ntlmssp: The commands are the following: Command: SF <hex number> Reply: OK Description: Takes feature request flags similar to samba4's gensec_want_feature() call. So far, only NTLMSSP_FEATURE_SESSION_KEY, NTLMSSP_FEATURE_SIGN and NTLMSSP_FEATURE_SEAL are implemented, using the same values as the corresponding GENSEC_FEATURE_* flags in samba4. Command: GF Reply: GF <hex number> Description: Returns the negotiated flags. Command: GK Reply: GK <base64 encoded session key> Description: Returns the negotiated session key. (These commands assist a wine project to use ntlm_auth for signing and sealing of bulk data). Andrew Bartlett (This used to be commit bd3e06a0e4435f1c48fa3b7862333efe273119ee)
2007-10-10r15129: Separate out mechanism and policy for NTLMSSP auth/sign/seal.Jeremy Allison1-4/+16
With this change (and setting lanman auth = no in smb.conf) we have *identical* NTLMSSP flags to W2K3 in SPNEGO auth. Jeremy (This used to be commit 93ca3eee55297eb7fdd38fca38103ce129987e2a)
2007-10-10r13473: Back port r13470, r13471, r13472 from Samba4. Thanks Andrew:Jeremy Allison1-17/+26
----------------------------------- Thanks to a report from VL: We were causing mayhem by weakening the keys at the wrong point in time. I think this is the correct place to do it. The session key for SMB signing, and the 'smb session key' (used for encrypting password sets) is never weakened. The session key used for bulk data encryption/signing is weakened. This also makes more sense, when we look at the NTLM2 code. Andrew Bartlett ----------------------------------- With more 'try all options' testing, I found this 'simple' but in the NTLM2 signing code. Andrew Bartlett ----------------------------------- After Volker's advise, try every combination of parameters. This isn't every parameter on NTLMSSP, but it is most of the important ones. This showed up that we had the '128bit && LM_KEY' case messed up. This isn't supported, so we must look instead at the 56 bit flag. Andrew Bartlett ----------------------------------- We should now try retesting with NT4. This should be standalone enough to port into a SAMBA_3_0_RELEASE branch fix. Jeremy. (This used to be commit b9b8cd1752aeab049983c1a6038edf2231ec10a4)
2007-10-10r12922: Fix typo.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 1c32b352da270370e65d25939fdc56c2a415190f)
2007-10-10r12920: Fix for #3401 from Andrew Bartlett. Original fix fromJeremy Allison1-0/+5
Yau Lam Yiu <yiuext@cs.ust.hk>. Jeremy. (This used to be commit 4776101107923e425a153fe0457dbf61f4c99935)
2007-10-10r11079: Narrowing down on the #1828 PPC bug. The PPC client sends anJeremy Allison1-32/+6
initial NTLMSSP negotiate blob of only 16 bytes - no strings added ! (So don't try parsing them). Jeremy. (This used to be commit e15b758f5fa6f500214bb60599a89f3c795c9fed)
2007-10-10r11075: Still working on bug #1828, PPC hell. The PPC client sends theJeremy Allison1-2/+19
NTLMSSP client and domain strings as Unicode, even when setting flags as OEM. Cope with this. Jeremy. (This used to be commit 458da8987e8f406cdfd5bd602b3c3cf315675725)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-16/+68
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r8475: BUG 2872: fix cut-n-paste error when checking pointer value in ↵Gerald Carter1-1/+1
ntlmssp_set_workstation() (This used to be commit f1763c5decd14eb71ee3d7ea71859a85d5ee0dc1)
2007-10-10r7472: fix smbpasswd user password change (still worked by bad error ↵Gerald Carter1-2/+2
messages) due to trying to strdup a NULL pointer (This used to be commit a48ff479dd4fe99d199ff934aae14ac6e688d8f4)
2007-10-10r5455: Remove bogus DEBUG messages (dump for a failure to parse NTLMSSP,Andrew Bartlett1-4/+2
before trying the alternate format). This only caused confusion and bug reports... Andrew Bartlett (This used to be commit 5cb02b569b39aa7a9dc6692a79ff1d1dfa69aee6)
2007-10-10r5272: BUG 2132, 2134: patch from Jason Mader <jason@ncac.gwu.edu> to remove ↵Gerald Carter1-7/+0
unused variables (This used to be commit 82c4e2f37f1f4c581cd7c792808c9a81ef80db94)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-2/+2
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r1492: Rework our random number generation system.Andrew Bartlett1-3/+3
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). Andrew Bartlett (This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
2007-10-10r296: patch from j.lu -- don't force an upper case domain name in the ↵Gerald Carter1-3/+1
ntlmssp code (This used to be commit a2e93dda24d079693a220b4551d264cba4c2bc82)
2007-10-10r69: Global rename of 'nt_session_key' -> 'user_session_key'. The session ↵Andrew Bartlett1-10/+10
key could be anything, and may not be based on anything 'NT'. This is also what microsoft calls it. (This used to be commit 724e8d3f33719543146280062435c69a835c491e)
2004-03-27Add a few comments explaining KEY_EXCHAndrew Bartlett1-4/+7
Andrew Bartlett (This used to be commit e5422d7413e22775bc81e36559cb69254aedb102)
2004-03-27Based on the detective work of Jianliang Lu <j.lu@tiesse.com>, allow yetAndrew Bartlett1-1/+3
another NTLMv2 combination. We should allow the NTLMv2 response to be calculated with either the domain as supplied, or the domain in UPPER case (as we always did in the past). As a client, we always UPPER case it (as per the spec), but we also make sure to UPPER case the domain, when we send it. This should give us maximum compatability. Andrew Bartlett (This used to be commit 1e91cd0cf87b29899641585f46b0dcecaefd848e)
2004-01-30Fix up name canonicalization (needed for krb5 keytab support later).Jeremy Allison1-3/+2
Remove source_env handler (no longer used in any codepath). Jeremy. (This used to be commit 3a3e33603084048e647af86a9badaaf49433c789)
2004-01-09fix some warnings from the Sun compilerGerald Carter1-1/+1
(This used to be commit ebabf72a78f0165521268b73e0fcabe1ea7834fd)
2004-01-05Fix more cases to ensure that as a server, we don't complain to the clientAndrew Bartlett1-3/+1
about our server-side lack of session key. Andrew Bartlett (This used to be commit ba33f1e0d5fe2aed3e378c9c23511c0b4d6f7d14)
2004-01-05Ensure we set "always sign" flag if set. We don't currently do anything withJeremy Allison1-0/+4
this but we should log the fact it was negotiated. Jeremy. (This used to be commit 84d34e32be03ec99ce19520f24bb4daaeeddbbc3)
2004-01-05Don't free the encrypted_session_key early - that causes the subsequentAndrew Bartlett1-1/+1
test for a valid length to fail... This should fix 'security=server' and hosts-equiv failures picked up by the build farm. Andrew Bartlett (This used to be commit 39311495de3bd0a902f730967f30176db97be05a)
2004-01-05Automaticly initialise the signing engine, if we have a session key.Andrew Bartlett1-0/+6
(This used to be commit cb063c1b6949a2a9637689537c6ab8dc881bc568)
2004-01-03There is not a particularly good excuse for complaining to the *client* thatAndrew Bartlett1-4/+12
it sent 'INVALID_PARAMETER', when it was us as the server that could not come up with a session key. Instead, allow normal authentication to take place, but do not setup a session key. Andrew Bartlett (This used to be commit e5abd93d799e5f86839560feca448743c13a9055)
2003-12-27This patch corrects some errors in the NTLMSSP implementation, thatAndrew Bartlett1-9/+18
would incorrectly return INVALID_PARAMETER, instead of allowing a login. Andrew Bartlett (This used to be commit 76c59469a340209959c420bd5c2e947d3347bdb1)
2003-12-17Add in comments explaining NTLMv2 selection. Use lm session key if that'sJeremy Allison1-1/+13
all there is. Jeremy. (This used to be commit b611f8d170743f1f4d71b1def83bb757d9f467af)
2003-12-17Tidyup debug message in ntlmssp code. Add brackets around dodgy if statement.Jeremy Allison1-5/+17
Jeremy (This used to be commit 5aab4b976c0aced68d71c1e71e85287072a6f3c7)
2003-12-17Make sure we correctly generate the lm session key.Gerald Carter1-2/+6
This fixes a problem joining a Samba domain from a vanilla win2k client that doesn't set the NTLMSSP_NEGOTIATE_NTLM2 flag. Reported on samba ml as "decode_pw: incorrect password length" when handling a samr_set_userinfo(23 or 24) RPC. (This used to be commit ef4ab8d7c497e4229d0c1deeb20d05c95bd8feb9)
2003-12-04Picked up by the build farm - despite all my efforts, security=server wasAndrew Bartlett1-8/+13
broken by my NTLM2 commit. This should correctly cause the NTLM2 case not to be negotiated when 'security=server' is in effect. Andrew Bartlett (This used to be commit 19bb4b582f98eb1da41e22c9a2a2c11602cb95e4)
2003-11-25Do not add NTLM2 to the NTLMSSP flags unconditionally - allow theAndrew Bartlett1-2/+6
defaults specified by the caller to prevail. Don't use NTLM2 for RPC pipes, until we know how it works in signing or sealing. Call ntlmssp_sign_init() unconditionally in the client - we setup the session key, why not setup the rest of the data. Andrew Bartlett (This used to be commit 48123f7e42c3fde85887de23c80ceee04c2f6281)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-245/+496
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-09-16Fix #442 which Alexander considered a showstopper. Allow us to join mixedJeremy Allison1-0/+6
mode domains. Jeremy. (This used to be commit c816aacefb6621533194a374251835f186ca838f)
2003-09-06address bug #359. Andrew B's patch for implementing clientGerald Carter1-27/+36
portion of NTLMv2 key exchange. Also revert the default for 'client ntlmv2 auth' to no. This caused no ends of grief in different cases. And based on abartlet's mail.... > All I care about at this point is that we use NTLMv2 > in our client code when connecting to a server that > supports it. There is *no* way to tell this. The server can't tell us, because it doesn't know what it's DC supports. The DC can't tell us, because it doesn't know what the trusted DC supports. One DC might be Win2k, and the PDC could be an older NT4. (This used to be commit fe585d49cc3df0d71314ff43d3271d276d7d4503)
2003-08-15get rid of some sompiler warnings on IRIXHerb Lewis1-4/+4
(This used to be commit a6a39c61e8228c8b3b7552ab3c61ec3a6a639143)
2003-08-14Change Samba to always use extended security for it's guest logins, (ie,Andrew Bartlett1-4/+10
NTLMSSP with "" username, NULL password), and add --machine-pass (-P) to all of Samba's clients. When connecting to an Active Directory DC, you must initiate the CIFS level session setup with Kerberos, not a guest login. If you don't, your machine account is demoted to NT4. Andrew Bartlett (This used to be commit 3547cb3def45a90f99f67829a533eac1ccba5e77)
2003-08-12As described in http://davenport.sourceforge.net/ntlm.html add NTLM2Andrew Bartlett1-3/+40
authentication. NTLM2 is a version of NTLM, that involves both a client and server challenge, and the creating of a new (presuable more secure) session key. Unfortunetly this is not quite the same as NTLMv2, and we don't know how to get the session key. I suggest looking very closely at what MSCHAPv2, and other MS auth protocols do... Andrew Bartlett (This used to be commit d4a5f4fdf97b707b44a0787267e1e4388d1b5388)
2003-08-11I think this is the one to check...Volker Lendecke1-0/+3
Volker (This used to be commit f6d853d36a37dd854a410717af2f7eaf9457eeb5)
2003-08-11Revert the latest fix. Need to investigate further.Volker Lendecke1-4/+2
Volker (This used to be commit 447f130619ad7aaab351c2b46d3e57eaf31a9454)
2003-08-11Fix a segfault in ntlm_auth when we can't find a domain or hostname.Volker Lendecke1-2/+4
Volker (This used to be commit 49c4f8a764a2b9e266c33f018515e6a742cfc8b0)
2003-08-10Store the server domain from the ntlmssp challenge in the client structVolker Lendecke1-0/+3
to be able to ask a LMB for the servers in its workgroup. Against W2k this only works on port 139.... Volker (This used to be commit 62b04d7776852098dd768268500f36c3a362f688)
2003-07-25More printf portability fixes. Got caught out by some gcc'isms lastTim Potter1-2/+2
time. )-: (This used to be commit 59dae1da66a5eb7e128263bd578f167d8746e9f0)
2003-07-24More printf fixes - size_t is long on some architectures.Tim Potter1-1/+1
(This used to be commit ba4d334b822248d8ab929c9568533431603d967e)
2003-07-14Jeremy requested that I get my NTLMSSP patch into CVS. He didn't requestAndrew Bartlett1-12/+95
the schannel code, but I've included that anyway. :-) This patch revives the client-side NTLMSSP support for RPC named pipes in Samba, and cleans up the client and server schannel code. The use of the new code is enabled by the 'sign', 'seal' and 'schannel' commands in rpcclient. The aim was to prove that our separate NTLMSSP client library actually implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation, in the hope that knowing this will assist us in correctly implementing NTLMSSP signing for SMB packets. (Still not yet functional) This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with calls to libsmb/ntlmssp.c. In the process, we have gained the ability to use the more secure NT password, and the ability to sign-only, instead of having to seal the pipe connection. (Previously we were limited to sealing, and could only use the LM-password derived key). Our new client-side NTLMSSP code also needed alteration to cope with our comparatively simple server-side implementation. A future step is to replace it with calls to the same NTLMSSP library. Also included in this patch is the schannel 'sign only' patch I submitted to the team earlier. While not enabled (and not functional, at this stage) the work in this patch makes the code paths *much* easier to follow. I have also included similar hooks in rpccleint to allow the use of schannel on *any* pipe. rpcclient now defaults to not using schannel (or any other extra per-pipe authenticiation) for any connection. The 'schannel' command enables schannel for all pipes until disabled. This code is also much more secure than the previous code, as changes to our cli_pipe routines ensure that the authentication footer cannot be removed by an attacker, and more error states are correctly handled. (The same needs to be done to our server) Andrew Bartlett (This used to be commit 5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19)
2003-07-14Delete obsolete comment.Tim Potter1-1/+0
(This used to be commit 5416c51133297e866210ec0d8454e04c25541d91)