| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
in clientutil.c (Luke, you can't just copy a global variable
declaration from one file to another, you need to declare one of them
extern)
(This used to be commit 944ecbcbd47afcc20e2e408a06d57c7b8d0d86a8)
|
|
adding bits for new nt domain code
byteorder.h :
trying to get macros right, and not to crash on SUNOS5...
client.c :
added #ifdef NTDOMAIN, and created do_nt_login() function. don't
want to have to recompile client.c unless absolutely necessary.
credentials.c :
moved deal_with_creds() [possibly inappropriately] into credentials.c
ipc.c reply.c server.c uid.c :
attempting to make (un)become_root() functions calleable from smbclient.
this is a little tricky: smbclient might have to be another setuid
root program, immediately setuid'ing to non-root, so that we can
reset-uid to root to get at the smbpasswd file. or, have a secure
pipe mechanism to smbd to grab smbpasswd entries. or the like.
smbdes.c smbencrypt.c :
created a function to generate lm and nt owf hashes.
lsaparse.c ntclient.c smbparse.c :
added nt client LSA_AUTH2 code. it works, too!
pipenetlog.c pipentlsa.c pipesrvsvc.c :
simplification. code-shuffling. getting that damn offset right
for the opcode in RPC_HDR.
smb.h :
changed dcinfo xxx_creds to DOM_CRED structures instead of DOM_CHAL.
we might need to store the server times as well.
proto.h :
the usual.
(This used to be commit 82436a3d99d4bdce249ce9ff27fd2ca4b2447e07)
|
|
(This used to be commit ab849a97821c9e1f199eea8ea2ec477687bed947)
|
|
(This used to be commit 9dfab27da3634539e99eb48c85dd5a64212e7005)
|
|
added credentials.c to smbd
credentials.c:
using credential structures instead of char*
password.c uid.c server.c:
added sid and attr to user_struct.
smbdes.c:
smbhash and str_to_key make public instead of private.
pipes.c smb.h:
lsa structures, sub-functions.
proto.h:
usual.
(This used to be commit 87a0a944855a673d693d934e446bdc231b1c7f02)
|
|
- move routines about a bit between smbencrypt.c and smbdes.c. Ensure
that there is no entry point for normal DES operation
- add the following comment:
This code is NOT a complete DES implementation. It implements only
the minimum necessary for SMB authentication, as used by all SMB
products (including every copy of Microsoft Windows95 ever sold)
In particular, it can only do a unchained forward DES pass. This
means it is not possible to use this code for encryption/decryption
of data, instead it is only useful as a "hash" algorithm.
There is no entry point into this code that allows normal DES operation.
I believe this means that this code does not come under ITAR
regulations but this is NOT a legal opinion. If you are concerned
about the applicability of ITAR regulations to this code then you
should confirm it for yourself (and maybe let me know if you come
up with a different answer to the one above)
(This used to be commit 35b92e725f351c9a9f2846a6b55f71c234f187c7)
|
|
I had one of the sbox[] constants wrong, which interestingly gave a
20% chance of the whole algorithm failing.
(This used to be commit 9a42f88a0963d006e8bf091775a3f55f6c6b4f77)
|
|
GPLd implementation so I decided to write one.
This version only does DES ecb encryption and isn't very general, so
it may in fact be exempt from ITAR regulations. ITAR regulations do
not prohibit the distribution of code that can be used for
authentication purposes only. This code has no decrypt function so it
would be useless for a normal encryption application and thus may be
ITAR exempt.
It is also very slow, but we don't need it to be fast. It is a literal
implementation from the standard and treats each bit as one byte to
make the code easy to write.
(This used to be commit c2bc073a878179dd56db97c66dc957d42fe0b81b)
|
