summaryrefslogtreecommitdiff
path: root/source3/libsmb/ntlmssp_wrap.c
AgeCommit message (Collapse)AuthorFilesLines
2012-02-17auth: Make more of the ntlmssp code private or staticAndrew Bartlett1-0/+1
Now that there is only one gensec_ntlmssp server, some of these functions can be static For the rest, put the implemtnation of the gensec_ntlmssp code into ntlmssp_private.h Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11s3-libsmb: split out auth_generic client functions into auth_generic.cAndrew Bartlett1-128/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-06s3-libsmb Make auth_ntlmssp client more genericAndrew Bartlett1-9/+34
As well as renaming, this allows us to start the mech by DCE/RPC auth type or OID. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-06s3-libsmb Use gensec_settings to set s3 ntlmssp client backendAndrew Bartlett1-2/+10
This prepares us for making the code generic to multiple mechansims Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth rename auth_ntlmssp_state -> auth_generic_stateAndrew Bartlett1-7/+7
This structure handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove auth_ntlmssp_session_key()Andrew Bartlett1-11/+0
We now just call the gensec_session_key() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove auth_ntlmssp_want_feature()Andrew Bartlett1-13/+0
We now just call the gensec_want_feature() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp use gensec_{seal,unseal,sign,check}_packetAndrew Bartlett1-46/+0
This avoids the indirection via the auth_ntlmsssp wrapper functions. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove auth_ntlmssp_negotiated_sign() and ↵Andrew Bartlett1-10/+0
auth_ntlmssp_negotiated_seal() We now just call the gensec_have_feature() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove auth_ntlmssp_update wrapperAndrew Bartlett1-7/+0
We now just call gensec_update directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.cAndrew Bartlett1-82/+193
This removes the need to have if (ans->gensec_security) everywhere. Andrew Bartlett
2011-10-18s3-ntlmssp split auth_ntlmssp_client_start() into two partsAndrew Bartlett1-6/+10
This will allow it to be a wrapper around a gensec module, which requires that they options be set on a context, but before the mechanism is started. This also simplfies the callers, by moving the lp_*() calls into one place. Andrew Bartlett
2011-10-18gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett1-1/+1
This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett1-1/+1
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-auth Add my copyrightAndrew Bartlett1-1/+1
I have done plenty of work here, I deserve some of the blame :-) Andrew Bartlett
2011-08-04s3-ntlmssp void function cannot return valueAndrew Bartlett1-3/+3
Removing the return is reasonable here because while no callers currently specify more than one flag at a time, the ntlmssp_want_feature code allows it. Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Aug 4 02:19:46 CEST 2011 on sn-devel-104
2011-08-03s3-ntlmssp Remove rudundent commentAndrew Bartlett1-1/+0
This is explained where SESSION_KEY maps to SIGN at the NTLMSSP layer Andrew Bartlett
2011-08-03s3-auth set session_info->sanitized_username in create_local_token()Andrew Bartlett1-9/+0
Rather than passing this value around the callers, and eventually setting it in register_existing_vuid(), we simply pass it to create_local_token(). This also removes the need for auth_ntlmssp_get_username(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Remove auth_ntlmssp_and_flags()Andrew Bartlett1-5/+0
There is no need to mask out these flags as they simply are not set yet. The correct abstraction is to ask for NTLMSSP features. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hashAndrew Bartlett1-5/+0
The session key we want here (the only one that is availble to the encryption layer) is the one obtained by cli_get_session_key(), as NTLMSSP creates a per-session session key via key exchange and NTLMv2 negotiation. The key was never directly the NT hash anyway (this is simply a mistake, the extra MD4() was lost during my previous cleanup f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT hash) in early implementations of NTLMSSP. However, regardless this call is not available on domain trusts between AD domains and Windows 2003 R2, making this less useful. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Remove auth_ntlmssp_or_flagsAndrew Bartlett1-5/+0
We now just use auth_ntlmssp_want_feature to get extra flags on the NTLMSSP context Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_updateAndrew Bartlett1-2/+9
This clarifies the lifetime of the returned token. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Add hooks to optionally call into GENSEC in auth_ntlmsspAndrew Bartlett1-1/+52
This allows the current behaviour of the NTLMSSP code to be unchanged while adding a way to hook in an alternate implementation via an auth module. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_get_session_key()Andrew Bartlett1-2/+2
2011-08-03s3-ntlmssp Use auth_ntlmssp_*() functions in more placesAndrew Bartlett1-6/+5
This allows auth_ntlmssp_get_ntlmssp_state() to be removed. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Remove unused auth_ntlmssp_get_domain()Andrew Bartlett1-6/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Remove unused auth_ntlmssp_get_clientAndrew Bartlett1-5/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-07-20s3-auth: Add auth_ntlmssp wrapper for client sideSimo Sorce1-0/+59
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-20s3-auth: Move auth_ntlmssp wrappers in their own fileSimo Sorce1-0/+118
Signed-off-by: Andrew Bartlett <abartlet@samba.org>