summaryrefslogtreecommitdiff
path: root/source3/libsmb/ntlmssp.c
AgeCommit message (Collapse)AuthorFilesLines
2003-03-25Fix debug (thanks metze)Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 5562f1865c90e3f52a3178d9d9ded60909bbe5f0)
2003-03-23NTLM Authentication:Andrew Bartlett1-18/+32
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett (This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
2003-03-10Further work on NTLMSSP-based SMB signing. Current status is that I cannnotAndrew Bartlett1-12/+25
get Win2k to send a valid signiture in it's session setup reply - which it will give to win2k clients. So, I need to look at becoming 'more like MS', but for now I'll get this code into the tree. It's actually based on the TNG cli_pipe_ntlmssp.c, as it was slightly easier to understand than our own (but only the utility functions remain in any way intact...). This includes the mysical 'NTLM2' code - I have no idea if it actually works. (I couldn't get TNG to use it for its pipes either). Andrew Bartlett (This used to be commit a034a5e381ba5612be21e2ba640d11f82cd945da)
2003-02-19After a talloc_zero(), we don't need to ZERO_STRUCTP too..Andrew Bartlett1-4/+0
(This used to be commit 4fe8066394143c64c79c052c00f0d747e872103a)
2003-02-17Don't leak a session_key worth of memory at the end of the NTLMSSP auth.Andrew Bartlett1-0/+1
(This used to be commit ae9765b84de0fd6eff790b3bff26dd3d43ec2bd6)
2003-02-15Move our NTLMSSP client code into ntlmssp.c. The intention is to provide aAndrew Bartlett1-3/+301
relitivly useful external lib from this code, and to remove the dupicate NTLMSSP code elsewhere in samba (RPC pipes, LDAP client). The code I've replaced this with in cliconnect.c is relitivly ugly, and I hope to replace it with a more general SPENGO layer at some later date. Andrew Bartlett (This used to be commit b2b66909ac2e251f8189e0696b6075dbf748521a)
2003-02-15Move our NTLMSSP code into easily seperated peices, not relying on the wholeAndrew Bartlett1-1/+42
of libsmb. Andrew Bartlett (This used to be commit b5ec7efa80478187124c1cfa8c7fcc4036506a37)
2003-02-14NTLMSSP parinoia - we really don't want to run over the end of our blob,Andrew Bartlett1-6/+13
and make sure we can never get an 'authenticate' packet without a challenge. Andrew Bartlett (This used to be commit 4d94f8e6912c1339515cd1f68d1b698e7c699626)
2003-02-13A few typo fixes Andrew eventually let off to me.Rafal Szczesniak1-1/+1
Rafal (This used to be commit 16a66cf17a544a214b7c5b483c81c7568a18a779)
2003-02-09(only for HEAD at the moment).Andrew Bartlett1-69/+70
Add NTLMv2 support to our client, used when so configured ('client use NTLMv2 = yes') and only when 'client use spengo = no'. (A new option to allow the client and server ends to chose spnego seperatly). NTLMv2 signing doesn't yet work, and NTLMv2 is not done for NTLMSSP yet. Also some parinoia checks in our input parsing. Andrew Bartlett (This used to be commit 85e9c060eab59c7692198f14a447ad59f05af437)
2003-01-28Factor out common code in the NTLMSSP/SPNEGO code.Andrew Bartlett1-4/+0
The idea here is to seperate, as much as possible, the SPNEGO layer from the NTLMSSP layer. This not only helps us with protocol correctness, but also should allow further mechinisms to be added with relitive ease. I indend to make the kerberos code use this shortly. I've never seen the 'zero length blob' form of the anonymous login, so I've removed that case. Andrew Bartlett (This used to be commit a8773c9f825539c5bc17e4200b16d7ebbe0b7620)
2003-01-16(missed in last commit)Andrew Bartlett1-5/+8
Change the 'cookie' to be the ntlmssp_context, and use the 'auth_context' on that to store the cookie. Ensures that simple callbacks can 'just work'. Also make it clear that we are doing a pull_string into a pstring, not just any sized buffer. Andrew Bartlett (This used to be commit c7793f27188e658b7fc6336aa51d367eab36fc17)
2003-01-15Missed auth_ntlmssp.c in last night's checkin. Also keep track of the currentAndrew Bartlett1-0/+4
challenge in the NTLMSSP context. Andrew Bartlett (This used to be commit ba13e058d4533b1ffba723b9e98e95090ad63d85)
2003-01-15Refactor the NTLMSSP code again - this time we use function pointers toAndrew Bartlett1-0/+278
eliminate the dependency on the auth subsystem. The next step is to add the required code to 'ntlm_auth', for export to Squid etc. Andrew Bartlett (This used to be commit 9e48ab86da40e4c1cafa70c04fb9ebdcce23dfab)