summaryrefslogtreecommitdiff
path: root/source3/libsmb/ntlmssp.c
AgeCommit message (Collapse)AuthorFilesLines
2012-06-12S3: Add ntlmssp_set_password_hashVolker Lendecke1-0/+22
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-04-18libsmb: Actually use an introduced variableVolker Lendecke1-2/+2
Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Wed Apr 18 13:39:53 CEST 2012 on sn-devel-104
2012-04-17s3:libsmb/ntlmssp: improve anonymous loginsStefan Metzmacher1-2/+3
smbtorture3 (and maybe others) use fstrings for 'user' and 'password', so we need to check for empty strings. metze
2012-04-17s3:libsmb/ntlmssp: add ntlmssp_is_anonymous()Stefan Metzmacher1-0/+15
metze
2012-04-17s3:libsmb/ntlmssp: remove some indentation in ntlmssp_set_password()Stefan Metzmacher1-18/+20
metze
2012-04-17Revert "s3:libsmb/ntlmssp: an empty string should mean no password"Stefan Metzmacher1-1/+1
This reverts commit 92483eee254ef6844fe88abe1e64f67033a1ea2d.
2012-04-16s3:libsmb/ntlmssp: an empty string should mean no passwordStefan Metzmacher1-1/+1
metze
2012-02-24s3-libsmb: Remove unused ntlmssp_server_start()Andrew Bartlett1-121/+0
2012-02-17auth: Move the rest of the source4 gensec_ntlmssp code to the top levelAndrew Bartlett1-6/+6
The ntlmssp_server code will be in common shortly, and aside from a symbol name or two, moving the client code causes no harm and makes less mess. We will also get the client code in common very soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-06s3-ntlmssp Remove unused ntlmssp_set_hashes() and do not set an invalid LM hashAndrew Bartlett1-27/+21
When E_deshash() returns false, it indicates that the password is either > 14 chars in length, or could not be represented as an LM hash value for some other reason. In this case, we should not regard the LM hash being missing as an error or a no-password situation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Jan 6 14:59:13 CET 2012 on sn-devel-104
2012-01-06ntlmssp: merge initial packet implementationsAndrew Bartlett1-8/+21
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett1-3/+3
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-08-03s3-ntlmssp Remove calls to auth_ntlmssp_and_flags from the serverAndrew Bartlett1-3/+1
This is changed so that the callers ask for the additional flags that they need, starting with no additional flags. This helps to create a proper abstraction layer in ntlmssp_wrap/auth_ntlmssp. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp NTLMSSP sealing implies signing, so set both flagsAndrew Bartlett1-0/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-09s3-talloc Change TALLOC_MEMDUP() to talloc_memdup()Andrew Bartlett1-2/+2
Using the standard macro makes it easier to move code into common, as TALLOC_MEMDUP isn't standard talloc.
2011-03-30s3-winbind: remove global inclusion of libwbclient.Günther Deschner1-0/+1
Guenther
2011-03-29s3-libsmb: remove duplicate NTSTATUS variable.Günther Deschner1-1/+0
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Tue Mar 29 17:00:26 CEST 2011 on sn-devel-104
2011-03-28Fix inspired by work done by David Disseldorp for bug #8040 - smbclient ↵Jeremy Allison1-3/+11
segfaults when a Cyrillic netbios name or workgroup is configured. Change msrpc_gen to return NTSTATUS and ensure everywhere this is used it is correctly checked to return that status. Jeremy.
2011-03-05nsswitch: wbcFreeMemory deals fine with NULLVolker Lendecke1-3/+1
2010-08-14s3: Fix an uninitialized variableVolker Lendecke1-0/+3
2010-08-10libcli/auth Make the source3/ implementation of the NTLMSSP server commonAndrew Bartlett1-527/+0
This means that the core logic (but not the initialisation) of the NTLMSSP server is in common, but uses different authentication backends. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Split the NTLMSSP server into before and after authenticationAndrew Bartlett1-62/+148
This allows for a future where the auth subsystem is async, and the session key generation needs to happen in a callback. This code is originally reworked into this style by metze for the source4/ implementation. The other change here is to introduce an 'out_mem_ctx', which makes the API match that used in source4. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Always call ntlmssp_sign_init()Andrew Bartlett1-3/+1
There is no code path that sets nt_status before this point, without a return. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Don't use talloc_tos() for NTLMSSP blobs for nowAndrew Bartlett1-2/+2
This code will, I hope, soon be merged in common, and the Samba4 use case does not currently support talloc_tos() properly. Use another context for now. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Don't permit LM_KEY in combination with NTLMv2Andrew Bartlett1-1/+4
This is another 'belts and braces' check to avoid the use of the weak 'LM_KEY' encryption when the client has chosen NTLMv2. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Don't reply with the LM_KEY negotiation flag when not availableAndrew Bartlett1-0/+15
This ensures the client isn't confused and we don't enter this weaker authentication scheme when we don't really, really need to. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Don't use the lm key if the user didn't supply one.Andrew Bartlett1-3/+3
This may help to avoid a number of possible MITM attacks where LM_KEY is spoofed into the session. If the login wasn't with lanman (and so the user chose to disclose their lanman response), don't disclose back anything based on their lanman password. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Add extra DEBUG() message for auth system failuresAndrew Bartlett1-0/+2
Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Redirect lp_lanman_auth() via 'allow_lm_key'Andrew Bartlett1-2/+4
This will allow this to be handled via common code in the future Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10libcli/auth Move some source3/ NTLMSSP functions to the common code.Andrew Bartlett1-87/+0
libcli/auth Use true and false rather than True and False in common code Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-07-19s3-ntlmssp: Remove ntlmssp_end and let the talloc hierarchy handle it.Simo Sorce1-17/+0
All the members are children of ntlmssp_state anyway. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-28s3: Fix some valgrind errorsVolker Lendecke1-19/+36
Essentially the same change as 15297ee, this time for the client side. Günther, Andrew B, please check! Thanks, Volker
2010-06-21s3: Fix some valgrind errorsVolker Lendecke1-18/+33
With -d 10, there were a ton of uninitialized variables: The "NegotiateFlags" in the automatically parsed ntlmssp structures were not initialized. This also cleans up the talloc use a bit: do early TALLOC_FREE() Günther, please check! Thanks, Volker
2010-05-31s3:ntlmssp Move ntlmssp_sign.c from source3 to common code.Andrew Bartlett1-51/+1
This needs a small re-arrangement of the supporting code. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-31ntlmssp: Make the ntlmssp.h from source3/ a common headerAndrew Bartlett1-1/+1
The code is not yet in common, but I hope to fix that soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-19Correctly check error code return.Jeremy Allison1-1/+1
Jeremy.
2010-05-19Thanks to Andrew Bartlett's advice, fix the NTLMSSP version problem the ↵Jeremy Allison1-32/+34
correct way. No more magic blobs :-). Use ndr_push_struct_blob() to push a properly formatted VERSION struct. Jeremy.
2010-05-18Fix our NTLMSSP implementation against the Microsoft torture tester.Jeremy Allison1-13/+37
We need to return a version blob if we negotiate version info. Jeremy.
2010-05-18s3: Remove use of iconv_convenience.Jelmer Vernooij1-6/+0
2010-05-18s3-crypto: only include crypto headers when crypto is done.Günther Deschner1-0/+3
Guenther
2010-03-24s3:ntlmssp: use c99 typesStefan Metzmacher1-22/+22
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s3:ntlmssp: use client.netbios_name instead of workstationStefan Metzmacher1-4/+6
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s3:ntlmssp: remove unused ntlmssp_set_workstation()Stefan Metzmacher1-13/+0
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s3:ntlmssp: inline ntlmssp_weaken_keys()Stefan Metzmacher1-41/+0
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s3:ntlmssp: remove unused get_global_myname() and get_domain() from ↵Stefan Metzmacher1-8/+0
ntlmssp_state Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s3:ntlmssp: pass names and use_ntlmv2 to ntlmssp_client_start() and store themStefan Metzmacher1-16/+41
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s3:ntlmssp: remove server_name from ntlmssp_state and fill the server.* ↵Stefan Metzmacher1-1/+10
fields also for the client Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s3:ntlmssp: pass names to ntlmssp_server_start() and store them in ntlmssp_stateStefan Metzmacher1-36/+65
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s3:ntlmssp: replace server_role by a server.is_standalone in ntlmssp_stateStefan Metzmacher1-2/+2
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-01-24s3: Add NTLMSSP_FEATURE_CCACHEVolker Lendecke1-0/+60
Uses the winbind ccache to do authentication if asked to do so