Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
The ntlmssp_server code will be in common shortly, and aside from a
symbol name or two, moving the client code causes no harm and makes
less mess. We will also get the client code in common very soon.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
When E_deshash() returns false, it indicates that the password is either > 14 chars
in length, or could not be represented as an LM hash value for some other
reason. In this case, we should not regard the LM hash being missing
as an error or a no-password situation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jan 6 14:59:13 CET 2012 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This brings in the code from both libcli/auth and
source4/auth/ntlmssp.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This is changed so that the callers ask for the additional flags
that they need, starting with no additional flags.
This helps to create a proper abstraction layer in
ntlmssp_wrap/auth_ntlmssp.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Using the standard macro makes it easier to move code into common, as
TALLOC_MEMDUP isn't standard talloc.
|
|
Guenther
|
|
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Tue Mar 29 17:00:26 CEST 2011 on sn-devel-104
|
|
segfaults when a Cyrillic netbios name or workgroup is configured.
Change msrpc_gen to return NTSTATUS and ensure everywhere this is
used it is correctly checked to return that status.
Jeremy.
|
|
|
|
|
|
This means that the core logic (but not the initialisation) of the
NTLMSSP server is in common, but uses different authentication backends.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
This allows for a future where the auth subsystem is async, and the
session key generation needs to happen in a callback.
This code is originally reworked into this style by metze for the
source4/ implementation.
The other change here is to introduce an 'out_mem_ctx', which makes
the API match that used in source4.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
There is no code path that sets nt_status before this point, without
a return.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
This code will, I hope, soon be merged in common, and the Samba4
use case does not currently support talloc_tos() properly. Use another
context for now.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
This is another 'belts and braces' check to avoid the use of the
weak 'LM_KEY' encryption when the client has chosen NTLMv2.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
This ensures the client isn't confused and we don't enter this
weaker authentication scheme when we don't really, really need to.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
This may help to avoid a number of possible MITM attacks where LM_KEY is
spoofed into the session. If the login wasn't with lanman
(and so the user chose to disclose their lanman response),
don't disclose back anything based on their lanman password.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
This will allow this to be handled via common code in the future
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
libcli/auth Use true and false rather than True and False in common code
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
All the members are children of ntlmssp_state anyway.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Essentially the same change as 15297ee, this time for the client side.
Günther, Andrew B, please check!
Thanks,
Volker
|
|
With -d 10, there were a ton of uninitialized variables: The "NegotiateFlags"
in the automatically parsed ntlmssp structures were not initialized.
This also cleans up the talloc use a bit: do early TALLOC_FREE()
Günther, please check!
Thanks,
Volker
|
|
This needs a small re-arrangement of the supporting code.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
The code is not yet in common, but I hope to fix that soon.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Jeremy.
|
|
correct way.
No more magic blobs :-). Use ndr_push_struct_blob() to
push a properly formatted VERSION struct.
Jeremy.
|
|
We need to return a version blob if we negotiate version info.
Jeremy.
|
|
|
|
Guenther
|
|
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
ntlmssp_state
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
fields also for the client
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Uses the winbind ccache to do authentication if asked to do so
|
|
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
Andrew Bartlett
|
|
Andrew Bartlett
|