summaryrefslogtreecommitdiff
path: root/source3/libsmb/smbdes.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r7033: Call a spade a spade :-).Jeremy Allison1-90/+84
Jeremy. (This used to be commit f5027f6370bd085a8d4c1a221881eebb0e4ffbab)
2007-10-10r7031: Added encrypt/decrypt function for LSA secrets and trustedJeremy Allison1-1/+1
domain passwords on the wire. Jeremy. (This used to be commit f82dcac25faf7876655cb1839846cc5e01e4add7)
2003-11-22Add support for variable-length session keys in our client code.Andrew Bartlett1-0/+40
This means that we now support 'net rpc join' with KRB5 (des based) logins. Now, you need to hack 'net' to do that, but the principal is important... When we add kerberos to 'net rpc', it should be possible to still do user management and the like over RPC. (server-side support to follow shortly) Andrew Bartlett (This used to be commit 9ecf9408d98639186b283f1acf0fac46417547d0)
2002-03-23Make a number of the lookup tables 'const'. I'm told this assists in sharingAndrew Bartlett1-9/+9
memory between users of shared libs. Andrew Bartlett (This used to be commit 41dd5a4d292bb08fa313f6220014cd9b4490237b)
2002-03-02Add a dash of const here and there...Andrew Bartlett1-3/+3
(This used to be commit 413a46292b4e963343abce2428955305052e9cb4)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-10-29This commit is number 4 of 4.Andrew Bartlett1-5/+5
In particular this commit focuses on: Actually adding the 'const' to the passdb interface, and the flow-on changes. Also kill off the 'disp_info' stuff, as its no longer used. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes introduces a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username --- This finishes this line of commits off, your tree should now compile again :-) Andrew Bartlett (This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
2001-09-14Merge of sam_pwd_hash() function from tng.Tim Potter1-0/+17
(This used to be commit b6cb6b837ac06d8b9cb898668e69236b64a8b698)
2001-07-07Add backend encryption support for NTLMv2.Andrew Bartlett1-4/+4
The leg-work for this was done by the folks at samba-tng.org, I'm just bringing it accross to HEAD. The MD5 implementation is seperatly derived, and does not have the copyright problems that the one in TNG has. Also add const to a few places where it makes sence. Andrew Bartlett (This used to be commit 8df8e841445dfe09fc7a06bb55d12adc3fecb345)
2001-06-20Fixed W2K SP2 joining a Samba PDC hosted domain.Jeremy Allison1-1/+1
Jermey. (This used to be commit 05a2911403a0710d994a618e72743205a3b0b87a)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-20/+3
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-11-25previous commit added an abstraction function that didn't even haveLuke Leighton1-2/+2
struct cli_state, uint16 fnum into the code: rpc_hnd_api_req(). modified cli_lsarpc.c to use this. the rest is const issues. (This used to be commit c1ea396de21309c4cf19fd92f2573f5257c24588)
1999-07-22BDC support.Matthew Chapman1-0/+13
Algorithm based on previous work of Jeremy's. (This used to be commit f0c71a804dc869a73eb6af6e0ac9f4fb64dd1f68)
1999-07-21BDC support.Luke Leighton1-1/+5
(This used to be commit 2331aa32ab36c3ee5fd8cfbe972e57299939e33d)
1999-03-19const char* instead of char* for inputLuke Leighton1-1/+1
(This used to be commit b51574174c5bbc554eb1c697cb22b2b73af44306)
1999-03-19Implemented encryption algorithm used for a number of RPC buffers.Matthew Chapman1-1/+1
(actually, decryption only currently because I need to get some sleep). Basically another Microsoft twist on DES; the "master key" is the user's NT hash MD4'd and subsets of this are chosen as the 56-bit DES keys. (This used to be commit f09388fa6f41a13ca035b5b2ff40be804608f619)
1998-11-12Moved some code (NTLMSSPcalc) out of smbdes and inline for paranioaJeremy Allison1-26/+0
resons and my own piece of mind... Jeremy. (This used to be commit 45131501f23ce1eec2f23fe2c1060cd5a2736ec9)
1998-10-22Removed previously #ifdef 0 'ed code.Jeremy Allison1-37/+0
Jeremy. (This used to be commit 7feaa13d02f84760d6857115ed253570f41911bb)
1998-10-22libsmb/smbdes.c: #ifdef'ed out code prior to removal.Jeremy Allison1-0/+5
rpc_client/cli_pipe.c: Inlined code removed from smbdes.c rpc_server/srv_samr.c: Fixed unused variable warning. rpc_server/srv_util.c: Inlined code removed from smbdes.c Luke - the above changes are the first part of the changes you and I discussed as being neccessary at the CIFS conference. *PLEASE REVIEW THESE CHANGES* - make sure I haven't broken any of the authenticated DCE/RPC code. smbd/nttrans.c: Fixed to allow NT5.0beta2 to use Samba shares with NT SMB support. smbd/open.c: Fixed mkdir when called from nttrans calls. smbd/server.c: Set correct size for strcpy of global_myworkgroup. Jeremy. (This used to be commit d891421d16ff80998dee429227bd391455f9d1a1)
1998-10-17Small tidyups for gcc in 'preen' mode....Jeremy Allison1-0/+1
Jeremy. (This used to be commit 60dc1a4a00a22088d33369588b0d5eb292cf084a)
1998-10-1416 changed to 8 by mistake in samoemhash.Luke Leighton1-1/+1
(This used to be commit ed6ffa4430e3ae6e0c9f49650f53ce79d12af28e)
1998-10-09dce/rpcLuke Leighton1-10/+16
(This used to be commit 32d0f5e4a564686ad6b270dd24423ee49a81f223)
1998-10-08fixed bug pointed out by Herb.Andrew Tridgell1-1/+1
(This used to be commit 35a5e9ce4fd60806e652f221e25caa0664b69209)
1998-10-07dce/rpcLuke Leighton1-2/+53
(This used to be commit 6677b888bdb45df00646eb7cc13005b9465ff971)
1998-08-17reduced the memory footprint a bit by changing some large static intAndrew Tridgell1-9/+10
arrays to uchar (This used to be commit 01b642a3793a1bea0517370a9a64945fd86ddf02)
1998-04-29This is the checkin that adds the security=domain functionality.Jeremy Allison1-3/+3
WARNING - so far this has only been tested against a Samba PDC (still waiting for IS to add me the machine accounts :-). Still missing is the code in smbpasswd that will add a machine account password and change it on the domain controller, but this is not hard, and I will check it in soon. Jeremy. (This used to be commit 17b94a7084621b3f0106dd4d3386f05cdfc56d19)
1998-04-17Changing of machine passwords now works !!!!!!Jeremy Allison1-0/+9
smbdes.c: Added cred_hash3. smbpasswd.c: Fixes for adding a machine account (needs more work). lib/rpc/server/srv_netlog.c: Turn on the machine password changing code by default (calls cred_hash3). Jeremy. (This used to be commit 50aa513b969c6e41911aeee8207b065f93af0beb)
1998-03-19Adding the same changes to HEAD as were added to BRANCH_1_9_18.Jeremy Allison1-2/+8
Changed smbpasswd to be client-server for a normal user, rather than accessing the private/smbpasswd file directly (it still accesses this file directly when run as root, so root can add users/change a users password without knowing the old password). A shakeout of this change is that smbpasswd can now be used to change a users password on a remote NT machine (yep - you heard that one right - we can now change a NT password from UNIX !!!!!). Jeremy. (This used to be commit 20770b6f1c25288e90d3e0d215afa7f0809ce124)
1998-03-18Added SamOEMChangePassword functionality.Jeremy Allison1-0/+40
Jeremy. (This used to be commit e02e3bcbbd4333113dde7bef47763fb229148007)
1998-01-22This is *not* a big change (although it looks like one).Jeremy Allison1-1/+1
This is merely updating the Copyright statements from 1997 to 1998. It's a once a year thing :-). NO OTHER CHANGES WERE MADE. Jeremy. (This used to be commit b9c16977231efb274e08856f7f3f4408dad6d96c)
1998-01-17charcnv.c: Added codepage 866 support onto the file system. PatchJeremy Allison1-0/+6
from Max Khon <max@iclub.nsu.ru>. chgpasswd.c: Allow old RAP change password to work with encrypted passwords. Samba can now allow Windows 95/NT clients to securely change the Lanman password ! (But not the NT hash - that gets lost). ipc.c: smbdes.c: smbpass.c: Support for the above. server.c: #ifdef'ed out fix for NT redirector bug. util.c: Fix NIS bug with server name. Jeremy. (This used to be commit cd9fad92d0316e5a0007ba3c5668906dc2f011f1)
1998-01-16reply.c:Jeremy Allison1-13/+13
server.c: Test fix for NT worstation SMBmv oplock bug. smbdes.c: Addition of 'forward' parameter in preparation of allowing password change. Jeremy. (This used to be commit 0b0b1fb122a52e67a8fdc77d013ad0b3bbb90d19)
1997-10-26fix some casting errors in smbencrypt and some multiply-defined errorsAndrew Tridgell1-5/+0
in clientutil.c (Luke, you can't just copy a global variable declaration from one file to another, you need to declare one of them extern) (This used to be commit 944ecbcbd47afcc20e2e408a06d57c7b8d0d86a8)
1997-10-25Makefile :Luke Leighton1-0/+5
adding bits for new nt domain code byteorder.h : trying to get macros right, and not to crash on SUNOS5... client.c : added #ifdef NTDOMAIN, and created do_nt_login() function. don't want to have to recompile client.c unless absolutely necessary. credentials.c : moved deal_with_creds() [possibly inappropriately] into credentials.c ipc.c reply.c server.c uid.c : attempting to make (un)become_root() functions calleable from smbclient. this is a little tricky: smbclient might have to be another setuid root program, immediately setuid'ing to non-root, so that we can reset-uid to root to get at the smbpasswd file. or, have a secure pipe mechanism to smbd to grab smbpasswd entries. or the like. smbdes.c smbencrypt.c : created a function to generate lm and nt owf hashes. lsaparse.c ntclient.c smbparse.c : added nt client LSA_AUTH2 code. it works, too! pipenetlog.c pipentlsa.c pipesrvsvc.c : simplification. code-shuffling. getting that damn offset right for the opcode in RPC_HDR. smb.h : changed dcinfo xxx_creds to DOM_CRED structures instead of DOM_CHAL. we might need to store the server times as well. proto.h : the usual. (This used to be commit 82436a3d99d4bdce249ce9ff27fd2ca4b2447e07)
1997-10-20casting cleanupsAndrew Tridgell1-6/+6
(This used to be commit ab849a97821c9e1f199eea8ea2ec477687bed947)
1997-10-20move calls to smbhash() inside smbdes.c (for legal reasons)Andrew Tridgell1-1/+18
(This used to be commit 9dfab27da3634539e99eb48c85dd5a64212e7005)
1997-10-10Makefile:Luke Leighton1-2/+2
added credentials.c to smbd credentials.c: using credential structures instead of char* password.c uid.c server.c: added sid and attr to user_struct. smbdes.c: smbhash and str_to_key make public instead of private. pipes.c smb.h: lsa structures, sub-functions. proto.h: usual. (This used to be commit 87a0a944855a673d693d934e446bdc231b1c7f02)
1997-09-16- change generate_challenge() to use md4 instead of desAndrew Tridgell1-7/+45
- move routines about a bit between smbencrypt.c and smbdes.c. Ensure that there is no entry point for normal DES operation - add the following comment: This code is NOT a complete DES implementation. It implements only the minimum necessary for SMB authentication, as used by all SMB products (including every copy of Microsoft Windows95 ever sold) In particular, it can only do a unchained forward DES pass. This means it is not possible to use this code for encryption/decryption of data, instead it is only useful as a "hash" algorithm. There is no entry point into this code that allows normal DES operation. I believe this means that this code does not come under ITAR regulations but this is NOT a legal opinion. If you are concerned about the applicability of ITAR regulations to this code then you should confirm it for yourself (and maybe let me know if you come up with a different answer to the one above) (This used to be commit 35b92e725f351c9a9f2846a6b55f71c234f187c7)
1997-09-16bug fix in the new des code.Andrew Tridgell1-21/+13
I had one of the sbox[] constants wrong, which interestingly gave a 20% chance of the whole algorithm failing. (This used to be commit 9a42f88a0963d006e8bf091775a3f55f6c6b4f77)
1997-09-14This is a written from scratch DES implementation. I couldn't find aAndrew Tridgell1-0/+290
GPLd implementation so I decided to write one. This version only does DES ecb encryption and isn't very general, so it may in fact be exempt from ITAR regulations. ITAR regulations do not prohibit the distribution of code that can be used for authentication purposes only. This code has no decrypt function so it would be useless for a normal encryption application and thus may be ITAR exempt. It is also very slow, but we don't need it to be fast. It is a literal implementation from the standard and treats each bit as one byte to make the code easy to write. (This used to be commit c2bc073a878179dd56db97c66dc957d42fe0b81b)