summaryrefslogtreecommitdiff
path: root/source3/libsmb/ntlmssp.c
AgeCommit message (Collapse)AuthorFilesLines
2008-11-30remove the explicit mem_ctx from ntlmssp_state, use the state itselfVolker Lendecke1-46/+41
2008-11-30fix nonempty blank linesVolker Lendecke1-27/+27
2008-04-30ntlmssp: replace UNKNOWN_02000000 with NTLMSSP_NEGOTIATE_VERSION.Günther Deschner1-3/+5
Guenther (This used to be commit 2c41d69bcf6f0897ef9d444a8f167aff1772d562)
2008-02-29Restore 3.0 behaviour with empty /etc/hostsVolker Lendecke1-2/+5
Jeremy, in 3.0 we allowed get_mydnsdomname and get_mydnsfullname to fail without filling in anything useful. Worked fine. Without this patch and a empty /etc/hosts and no DNS configured, session setup would return NT_STATUS_BAD_NETWORK_NAME. This is confusing at best, BAD_NETWORK_NAME afaik is only ever returned from tcon normally. This restores the 3.0 behaviour. Comments? Volker (This used to be commit 2bd3b7d474768f842921945d283eac10da2a1684)
2008-02-29Check the right variable for being NULLVolker Lendecke1-1/+1
(This used to be commit f2c67803792f1fd3929e922c1f626f8247e08992)
2007-12-28Remove static zerosVolker Lendecke1-2/+5
(This used to be commit dbcc213710a9af31b6094d4741a6f68f573dcdad)
2007-11-08Remove more fstring/pstring bad useage. Go talloc !Jeremy Allison1-20/+24
Jeremy. (This used to be commit 2a0173743d2cf615d52278f3dd87cc804abe2d16)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-3/+3
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; andVolker Lendecke1-17/+17
replace all data_blob(NULL, 0) calls. (This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
2007-10-10r22001: change prototype of dump_data(), so that it takes unsigned char * now,Stefan Metzmacher1-6/+6
which matches what samba4 has. also fix all the callers to prevent compiler warnings metze (This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
2007-10-10r19936: Patch from Kai Blin <kai.blin@gmail.com> toJeremy Allison1-2/+4
match Windows NTLMSSP flags. Jeremy. (This used to be commit 786318f84bef76c6acffa1ddf7cdba947509fbac)
2007-10-10r18029: More C++ stuffVolker Lendecke1-1/+1
(This used to be commit 089b51e28cc5e3674e4edf5464c7a15673c5ec0f)
2007-10-10r18008: Ok, same fix as before. But this time also allocate the session key. ↵Volker Lendecke1-5/+14
This had worked in one test, no idea what memory I've overwritten that time. This time it survives the unpatched w2k password change. Volker (This used to be commit bf7bf8e4e9a279fe3ef1e9ff655b12f65c3c3e67)
2007-10-10r18005: The ntlmssp fix is not correct yet, working on itVolker Lendecke1-6/+5
(This used to be commit 3e4da5541c24b3c3c5104fc5120a9be8a2f9ae69)
2007-10-10r17977: To be honest, I have NO idea whatsoever what this does, but it fixes ↵Volker Lendecke1-5/+6
what I have been able to reproduce with smbtorture4 for bug number 4059. It's too late here now to check with W2k native, I'll do that tomorrow or over the weekend. I'll then also check in a samba4 torture test to walk this from now on. Abartlet, can you do me a favor and look over this? It is a 1:1 copy of the corresponding Samba4 code. Thanks, Volker (This used to be commit fb5ebab873ba5196f35a9801ab2e21811b0fa8a0)
2007-10-10r17620: Fix two C++ Warnings and a memleakVolker Lendecke1-2/+6
(This used to be commit d7246284e0117f7a97b3cbb80ff45b532559bf63)
2007-10-10r17612: Modify NTLMSSP session code so that it doesn't storeJeremy Allison1-22/+34
a copy of the plaintext password, only the NT and LM hashes (all it needs). Fix smbencrypt to expose hash verions of plaintext function. Andrew Bartlett, you might want to look at this for gensec. This should make it easier for winbindd to store cached credentials without having to store plaintext passwords in an NTLM-only environment (non krb5). Jeremy. (This used to be commit 629faa530f0422755823644f1c23bea74830912f)
2007-10-10r17216: From Kai Blin <kai.blin@gmail.com>:Andrew Bartlett1-6/+44
A patch to make ntlm_auth recognize three new commands in ntlmssp-client-1 and squid-2.5-ntlmssp: The commands are the following: Command: SF <hex number> Reply: OK Description: Takes feature request flags similar to samba4's gensec_want_feature() call. So far, only NTLMSSP_FEATURE_SESSION_KEY, NTLMSSP_FEATURE_SIGN and NTLMSSP_FEATURE_SEAL are implemented, using the same values as the corresponding GENSEC_FEATURE_* flags in samba4. Command: GF Reply: GF <hex number> Description: Returns the negotiated flags. Command: GK Reply: GK <base64 encoded session key> Description: Returns the negotiated session key. (These commands assist a wine project to use ntlm_auth for signing and sealing of bulk data). Andrew Bartlett (This used to be commit bd3e06a0e4435f1c48fa3b7862333efe273119ee)
2007-10-10r15129: Separate out mechanism and policy for NTLMSSP auth/sign/seal.Jeremy Allison1-4/+16
With this change (and setting lanman auth = no in smb.conf) we have *identical* NTLMSSP flags to W2K3 in SPNEGO auth. Jeremy (This used to be commit 93ca3eee55297eb7fdd38fca38103ce129987e2a)
2007-10-10r13473: Back port r13470, r13471, r13472 from Samba4. Thanks Andrew:Jeremy Allison1-17/+26
----------------------------------- Thanks to a report from VL: We were causing mayhem by weakening the keys at the wrong point in time. I think this is the correct place to do it. The session key for SMB signing, and the 'smb session key' (used for encrypting password sets) is never weakened. The session key used for bulk data encryption/signing is weakened. This also makes more sense, when we look at the NTLM2 code. Andrew Bartlett ----------------------------------- With more 'try all options' testing, I found this 'simple' but in the NTLM2 signing code. Andrew Bartlett ----------------------------------- After Volker's advise, try every combination of parameters. This isn't every parameter on NTLMSSP, but it is most of the important ones. This showed up that we had the '128bit && LM_KEY' case messed up. This isn't supported, so we must look instead at the 56 bit flag. Andrew Bartlett ----------------------------------- We should now try retesting with NT4. This should be standalone enough to port into a SAMBA_3_0_RELEASE branch fix. Jeremy. (This used to be commit b9b8cd1752aeab049983c1a6038edf2231ec10a4)
2007-10-10r12922: Fix typo.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 1c32b352da270370e65d25939fdc56c2a415190f)
2007-10-10r12920: Fix for #3401 from Andrew Bartlett. Original fix fromJeremy Allison1-0/+5
Yau Lam Yiu <yiuext@cs.ust.hk>. Jeremy. (This used to be commit 4776101107923e425a153fe0457dbf61f4c99935)
2007-10-10r11079: Narrowing down on the #1828 PPC bug. The PPC client sends anJeremy Allison1-32/+6
initial NTLMSSP negotiate blob of only 16 bytes - no strings added ! (So don't try parsing them). Jeremy. (This used to be commit e15b758f5fa6f500214bb60599a89f3c795c9fed)
2007-10-10r11075: Still working on bug #1828, PPC hell. The PPC client sends theJeremy Allison1-2/+19
NTLMSSP client and domain strings as Unicode, even when setting flags as OEM. Cope with this. Jeremy. (This used to be commit 458da8987e8f406cdfd5bd602b3c3cf315675725)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-16/+68
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r8475: BUG 2872: fix cut-n-paste error when checking pointer value in ↵Gerald Carter1-1/+1
ntlmssp_set_workstation() (This used to be commit f1763c5decd14eb71ee3d7ea71859a85d5ee0dc1)
2007-10-10r7472: fix smbpasswd user password change (still worked by bad error ↵Gerald Carter1-2/+2
messages) due to trying to strdup a NULL pointer (This used to be commit a48ff479dd4fe99d199ff934aae14ac6e688d8f4)
2007-10-10r5455: Remove bogus DEBUG messages (dump for a failure to parse NTLMSSP,Andrew Bartlett1-4/+2
before trying the alternate format). This only caused confusion and bug reports... Andrew Bartlett (This used to be commit 5cb02b569b39aa7a9dc6692a79ff1d1dfa69aee6)
2007-10-10r5272: BUG 2132, 2134: patch from Jason Mader <jason@ncac.gwu.edu> to remove ↵Gerald Carter1-7/+0
unused variables (This used to be commit 82c4e2f37f1f4c581cd7c792808c9a81ef80db94)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-2/+2
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r1492: Rework our random number generation system.Andrew Bartlett1-3/+3
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). Andrew Bartlett (This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
2007-10-10r296: patch from j.lu -- don't force an upper case domain name in the ↵Gerald Carter1-3/+1
ntlmssp code (This used to be commit a2e93dda24d079693a220b4551d264cba4c2bc82)
2007-10-10r69: Global rename of 'nt_session_key' -> 'user_session_key'. The session ↵Andrew Bartlett1-10/+10
key could be anything, and may not be based on anything 'NT'. This is also what microsoft calls it. (This used to be commit 724e8d3f33719543146280062435c69a835c491e)
2004-03-27Add a few comments explaining KEY_EXCHAndrew Bartlett1-4/+7
Andrew Bartlett (This used to be commit e5422d7413e22775bc81e36559cb69254aedb102)
2004-03-27Based on the detective work of Jianliang Lu <j.lu@tiesse.com>, allow yetAndrew Bartlett1-1/+3
another NTLMv2 combination. We should allow the NTLMv2 response to be calculated with either the domain as supplied, or the domain in UPPER case (as we always did in the past). As a client, we always UPPER case it (as per the spec), but we also make sure to UPPER case the domain, when we send it. This should give us maximum compatability. Andrew Bartlett (This used to be commit 1e91cd0cf87b29899641585f46b0dcecaefd848e)
2004-01-30Fix up name canonicalization (needed for krb5 keytab support later).Jeremy Allison1-3/+2
Remove source_env handler (no longer used in any codepath). Jeremy. (This used to be commit 3a3e33603084048e647af86a9badaaf49433c789)
2004-01-09fix some warnings from the Sun compilerGerald Carter1-1/+1
(This used to be commit ebabf72a78f0165521268b73e0fcabe1ea7834fd)
2004-01-05Fix more cases to ensure that as a server, we don't complain to the clientAndrew Bartlett1-3/+1
about our server-side lack of session key. Andrew Bartlett (This used to be commit ba33f1e0d5fe2aed3e378c9c23511c0b4d6f7d14)
2004-01-05Ensure we set "always sign" flag if set. We don't currently do anything withJeremy Allison1-0/+4
this but we should log the fact it was negotiated. Jeremy. (This used to be commit 84d34e32be03ec99ce19520f24bb4daaeeddbbc3)
2004-01-05Don't free the encrypted_session_key early - that causes the subsequentAndrew Bartlett1-1/+1
test for a valid length to fail... This should fix 'security=server' and hosts-equiv failures picked up by the build farm. Andrew Bartlett (This used to be commit 39311495de3bd0a902f730967f30176db97be05a)
2004-01-05Automaticly initialise the signing engine, if we have a session key.Andrew Bartlett1-0/+6
(This used to be commit cb063c1b6949a2a9637689537c6ab8dc881bc568)
2004-01-03There is not a particularly good excuse for complaining to the *client* thatAndrew Bartlett1-4/+12
it sent 'INVALID_PARAMETER', when it was us as the server that could not come up with a session key. Instead, allow normal authentication to take place, but do not setup a session key. Andrew Bartlett (This used to be commit e5abd93d799e5f86839560feca448743c13a9055)
2003-12-27This patch corrects some errors in the NTLMSSP implementation, thatAndrew Bartlett1-9/+18
would incorrectly return INVALID_PARAMETER, instead of allowing a login. Andrew Bartlett (This used to be commit 76c59469a340209959c420bd5c2e947d3347bdb1)
2003-12-17Add in comments explaining NTLMv2 selection. Use lm session key if that'sJeremy Allison1-1/+13
all there is. Jeremy. (This used to be commit b611f8d170743f1f4d71b1def83bb757d9f467af)
2003-12-17Tidyup debug message in ntlmssp code. Add brackets around dodgy if statement.Jeremy Allison1-5/+17
Jeremy (This used to be commit 5aab4b976c0aced68d71c1e71e85287072a6f3c7)
2003-12-17Make sure we correctly generate the lm session key.Gerald Carter1-2/+6
This fixes a problem joining a Samba domain from a vanilla win2k client that doesn't set the NTLMSSP_NEGOTIATE_NTLM2 flag. Reported on samba ml as "decode_pw: incorrect password length" when handling a samr_set_userinfo(23 or 24) RPC. (This used to be commit ef4ab8d7c497e4229d0c1deeb20d05c95bd8feb9)
2003-12-04Picked up by the build farm - despite all my efforts, security=server wasAndrew Bartlett1-8/+13
broken by my NTLM2 commit. This should correctly cause the NTLM2 case not to be negotiated when 'security=server' is in effect. Andrew Bartlett (This used to be commit 19bb4b582f98eb1da41e22c9a2a2c11602cb95e4)
2003-11-25Do not add NTLM2 to the NTLMSSP flags unconditionally - allow theAndrew Bartlett1-2/+6
defaults specified by the caller to prevail. Don't use NTLM2 for RPC pipes, until we know how it works in signing or sealing. Call ntlmssp_sign_init() unconditionally in the client - we setup the session key, why not setup the rest of the data. Andrew Bartlett (This used to be commit 48123f7e42c3fde85887de23c80ceee04c2f6281)