samba - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author	Files	Lines
2003-03-25	Fix debug (thanks metze)	Andrew Bartlett	1	-1/+1
	Andrew Bartlett (This used to be commit 5562f1865c90e3f52a3178d9d9ded60909bbe5f0)
2003-03-23	NTLM Authentication:	Andrew Bartlett	1	-18/+32
	- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This will break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett (This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
2003-03-10	Further work on NTLMSSP-based SMB signing. Current status is that I cannnot	Andrew Bartlett	1	-12/+25
	get Win2k to send a valid signiture in it's session setup reply - which it will give to win2k clients. So, I need to look at becoming 'more like MS', but for now I'll get this code into the tree. It's actually based on the TNG cli_pipe_ntlmssp.c, as it was slightly easier to understand than our own (but only the utility functions remain in any way intact...). This includes the mysical 'NTLM2' code - I have no idea if it actually works. (I couldn't get TNG to use it for its pipes either). Andrew Bartlett (This used to be commit a034a5e381ba5612be21e2ba640d11f82cd945da)
2003-02-19	After a talloc_zero(), we don't need to ZERO_STRUCTP too..	Andrew Bartlett	1	-4/+0
	(This used to be commit 4fe8066394143c64c79c052c00f0d747e872103a)
2003-02-17	Don't leak a session_key worth of memory at the end of the NTLMSSP auth.	Andrew Bartlett	1	-0/+1
	(This used to be commit ae9765b84de0fd6eff790b3bff26dd3d43ec2bd6)
2003-02-15	Move our NTLMSSP client code into ntlmssp.c. The intention is to provide a	Andrew Bartlett	1	-3/+301
	relitivly useful external lib from this code, and to remove the dupicate NTLMSSP code elsewhere in samba (RPC pipes, LDAP client). The code I've replaced this with in cliconnect.c is relitivly ugly, and I hope to replace it with a more general SPENGO layer at some later date. Andrew Bartlett (This used to be commit b2b66909ac2e251f8189e0696b6075dbf748521a)
2003-02-15	Move our NTLMSSP code into easily seperated peices, not relying on the whole	Andrew Bartlett	1	-1/+42
	of libsmb. Andrew Bartlett (This used to be commit b5ec7efa80478187124c1cfa8c7fcc4036506a37)
2003-02-14	NTLMSSP parinoia - we really don't want to run over the end of our blob,	Andrew Bartlett	1	-6/+13
	and make sure we can never get an 'authenticate' packet without a challenge. Andrew Bartlett (This used to be commit 4d94f8e6912c1339515cd1f68d1b698e7c699626)
2003-02-13	A few typo fixes Andrew eventually let off to me.	Rafal Szczesniak	1	-1/+1
	Rafal (This used to be commit 16a66cf17a544a214b7c5b483c81c7568a18a779)
2003-02-09	(only for HEAD at the moment).	Andrew Bartlett	1	-69/+70
	Add NTLMv2 support to our client, used when so configured ('client use NTLMv2 = yes') and only when 'client use spengo = no'. (A new option to allow the client and server ends to chose spnego seperatly). NTLMv2 signing doesn't yet work, and NTLMv2 is not done for NTLMSSP yet. Also some parinoia checks in our input parsing. Andrew Bartlett (This used to be commit 85e9c060eab59c7692198f14a447ad59f05af437)
2003-01-28	Factor out common code in the NTLMSSP/SPNEGO code.	Andrew Bartlett	1	-4/+0
	The idea here is to seperate, as much as possible, the SPNEGO layer from the NTLMSSP layer. This not only helps us with protocol correctness, but also should allow further mechinisms to be added with relitive ease. I indend to make the kerberos code use this shortly. I've never seen the 'zero length blob' form of the anonymous login, so I've removed that case. Andrew Bartlett (This used to be commit a8773c9f825539c5bc17e4200b16d7ebbe0b7620)
2003-01-16	(missed in last commit)	Andrew Bartlett	1	-5/+8
	Change the 'cookie' to be the ntlmssp_context, and use the 'auth_context' on that to store the cookie. Ensures that simple callbacks can 'just work'. Also make it clear that we are doing a pull_string into a pstring, not just any sized buffer. Andrew Bartlett (This used to be commit c7793f27188e658b7fc6336aa51d367eab36fc17)
2003-01-15	Missed auth_ntlmssp.c in last night's checkin. Also keep track of the current	Andrew Bartlett	1	-0/+4
	challenge in the NTLMSSP context. Andrew Bartlett (This used to be commit ba13e058d4533b1ffba723b9e98e95090ad63d85)
2003-01-15	Refactor the NTLMSSP code again - this time we use function pointers to	Andrew Bartlett	1	-0/+278
	eliminate the dependency on the auth subsystem. The next step is to add the required code to 'ntlm_auth', for export to Squid etc. Andrew Bartlett (This used to be commit 9e48ab86da40e4c1cafa70c04fb9ebdcce23dfab)