summaryrefslogtreecommitdiff
path: root/source3/libsmb/smbencrypt.c
AgeCommit message (Collapse)AuthorFilesLines
2002-08-26Updates!Andrew Bartlett1-14/+46
- Don't print an uninitialised buffer in service.c - Change some charcnv.c functions to take smb_ucs2_t ** instead of void ** - Update NTLMv2 code to use dynamic buffers - Update experimental SMB signing code - still more work to do - Move sys_getgrouplist() to SAFE_FREE() and do a DEBUG() on initgroups() failure. Andrew Bartlett (This used to be commit de1964f7fa855022258a84556b266100b917444b)
2002-07-20Try to fix up warnings - particularly on the IRIX 64 bit compiler (which had aAndrew Bartlett1-2/+2
distinction between uchar and char). Lots of const etc. Andrew Bartlett (This used to be commit 8196ee908e10db2119e480fe1b0a71b31a16febc)
2002-07-20Fix up char/uchar casts etc. Fix up comments on some of the password hashAndrew Bartlett1-4/+4
wrappers. Andrew Bartlett (This used to be commit 95519d408caa7da00dbb2a8323cc4374a517cd69)
2002-07-20Add support for a weird behaviour apparently used by Win9X pass-throughAndrew Bartlett1-2/+2
authentication - we can have an NT hash in the LM hash feild. (I need to double-check this fix with tpot, who discovered it). Also remove silly casts back and forth between uchar and char. Andrew Bartlett (This used to be commit 07e2b36311f91d7a20865a2ccc94716772e53fd7)
2002-06-16Two things: Check how many paramaters that the LDAP libs take for theAndrew Bartlett1-4/+6
rebind proc (some give an extra paramter to pass a void* paramater) and some small changes for the SMB signing code to reset things when the signing starts, and to 'turn off' signing if the session setup failed. Andrew Bartlett (This used to be commit a8805a34e5d96eeb5ffe15681b241d5a449a6144)
2002-06-16Fix up some of the SMB signing code:Andrew Bartlett1-0/+10
The problem was that *all* packets were being signed, even packets before signing was set up. (This broke the session request). This fixes it to be an 'opt in' measure - that is, we only attempt to sign things after we have got a valid, non-guest session setup as per the CIFS spec. I've not tested this against an MS server, becouse my VMware is down, but at least it doesn't break the build farm any more. Andrew Bartlett (This used to be commit 1dc5a8765876c1ca822e454651f8fd4a551965e9)
2002-06-14Ok, now I can try my first client test...Jeremy Allison1-0/+12
Jeremy. (This used to be commit 9d461933766f26ce772f6d5ea849ef9218c4d534)
2002-06-14More of SMB signing for client - not yet finished (should be harmless).Jeremy Allison1-0/+27
Jeremy. (This used to be commit c1b20db4bb4bb1ba485466f50b9795470027327c)
2002-06-07A couple of updates for the SmbEncrypt code, and some of its users.Andrew Bartlett1-1/+1
(const, takes unix string as arg) Also update cli_full_connection to take NULL pointers as 'undefined' correctly, and therefore do its own lookup etc. This what was intended, but previously you needed to supply a 0.0.0.0 IP address. Andrew Bartlett (This used to be commit 8fb1a9c6ba07dbf04a6aa1e30fa7bbd4c676ed28)
2002-05-25Update some of the LM hash code to better respect the seperation betweenAndrew Bartlett1-32/+41
unix and DOS strings. This pushes all the 'have to uppercase, must be 14 chars' stuff behind the the interface. Andrew Bartlett (This used to be commit dec650efa8ab1466114c2e6d469320a319499ea0)
2002-05-23This function is unused, and doesn't make any sense to me anyway.Andrew Bartlett1-17/+0
Wasn't this what got us some of the bugs with big-endien smbpasswd -j FOO -U ? Anyway, it deserves to die. Andrew Bartlett (This used to be commit 7201720048b31e48fb2600de8f7396088cc9b533)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-12-04Add 'net rpc join' to match the ADS equiv.Andrew Bartlett1-12/+5
This kills off the offending code in smbpasswd -j -Uab%c In the process we have changed from unsing compelatly random passwords to random, 15 char ascii strings. While this does produce a decrese in entropy, it is still vastly greater than we need, considering the application. In the meantime this allows us to actually *type* the machine account password duruign debugging. This code also adds a 'check' step to the join, confirming that the stored password does indeed do somthing of value :-) Andrew Bartlett (This used to be commit c0b7ee6ee547dc7ff798eaf8cb63fbe344073029)
2001-11-11Minor updates. A small dose of const.Andrew Bartlett1-1/+1
(This used to be commit 80667cb0dd1a2cdef17711c8580af9f524971cea)
2001-10-31This is a farily large patch (3300 lines) and reworks most of the AuthRewriteAndrew Bartlett1-8/+8
code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
2001-10-31More const.Andrew Bartlett1-2/+2
(This used to be commit ceba373aa30e09be948bd0980040cba204d12084)
2001-10-29This commit is number 4 of 4.Andrew Bartlett1-6/+6
In particular this commit focuses on: Actually adding the 'const' to the passdb interface, and the flow-on changes. Also kill off the 'disp_info' stuff, as its no longer used. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes introduces a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username --- This finishes this line of commits off, your tree should now compile again :-) Andrew Bartlett (This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-3/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-27Kill unused variablesAndrew Bartlett1-2/+0
(This used to be commit 758d923fa183b50acab9928e402f17bd25ba8f41)
2001-09-26Make use of the pdb_set_plaintext_passwd() update to vastly simplifyAndrew Bartlett1-49/+10
decode_pw_buffer() and the samr password changing routines. And yes, I know that we can lost some information in the Unicode->UTF->Unicode bit of this, but its worth the code cleanup. This also takes into account the possability of multibyte passwords. Andrew Bartlett (This used to be commit 42402c87d6bcff71b700e497b74d2600d7ce8b95)
2001-08-24get rid of compiler warningsHerb Lewis1-8/+8
(This used to be commit 0768991d04ea03e774ca8662c9cae5e1951b88e0)
2001-08-10A rewrite of the error handling in the libsmb client code. I've separatedTim Potter1-2/+1
out the error handling into a bunch of separate functions rather than all being handled in one big function. Fetch error codes from the last received packet: void cli_dos_error(struct cli_state *cli, uint8 *eclass, uint32 *num); uint32 cli_nt_error(struct cli_state *); Convert errors to UNIX errno values: int cli_errno_from_dos(uint8 eclass, uint32 num); int cli_errno_from_nt(uint32 status); int cli_errno(struct cli_state *cli); Detect different kinds of errors: BOOL cli_is_dos_error(struct cli_state *cli); BOOL cli_is_nt_error(struct cli_state *cli); BOOL cli_is_error(struct cli_state *cli); This also means we now support CAP_STATUS32 as we can decode and understand NT errors instead of just DOS errors. Yay! Ported a whole bunch of files in libsmb to use this new API instead of the just the DOS error. (This used to be commit 6dbdb0d813f3c7ab20b38baa1223b0b479aadec9)
2001-08-10Changed the order of arguments in make_oem_passwd_hash(). All the otherTim Potter1-1/+2
encryption functions have outputs as the last arguments. (This used to be commit fb60798a771a7a2358d78e5cef97487addf930e7)
2001-07-30Throw out crappy (non-ascii unaware) mbtows stuff and use proper unicodeJeremy Allison1-57/+6
push calls. If this breaks authentication then good, it needed fixing anyway :-). Jeremy. (This used to be commit e3580b4033c551e215cb246d4e36c4870cb4a582)
2001-07-07Add backend encryption support for NTLMv2.Andrew Bartlett1-1/+96
The leg-work for this was done by the folks at samba-tng.org, I'm just bringing it accross to HEAD. The MD5 implementation is seperatly derived, and does not have the copyright problems that the one in TNG has. Also add const to a few places where it makes sence. Andrew Bartlett (This used to be commit 8df8e841445dfe09fc7a06bb55d12adc3fecb345)
2001-07-04The big character set handling changeover!Andrew Tridgell1-30/+11
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)
2001-06-20Fixed W2K SP2 joining a Samba PDC hosted domain.Jeremy Allison1-1/+1
Jermey. (This used to be commit 05a2911403a0710d994a618e72743205a3b0b87a)
2001-06-15Merged encode_pw_buffer() and nt_owf_genW() functions from TNG branch.Tim Potter1-0/+49
(This used to be commit fb80cf2aa13883c6dac461f95bc1000c4881d724)
2001-04-22merging from 2.2 to headAndrew Tridgell1-17/+63
(This used to be commit bfcc6f88271025760732271f03933839b1cbe0de)
2000-10-13last part of W2K support.Jean-François Micouleau1-4/+5
the trust domain list reply on netlogon pipe was wrong, interim hack until we have full trust relationships. changed some unistr2 to parse the ending NULL char. added a prs_align_needed() function. much like a prs_align but with a condition. needed for the unistr2 parsing. J.F. (This used to be commit d8bf81553c17d9ee3419d8150b96119ebb0b8fa9)
2000-10-11changes to sync with 2.2. treeHerb Lewis1-1/+1
.cvsignore remove config.h - not in this directory include/profile.h profile changes lib/messages.c added message to return debug level libsmb/clierror.c cast to get rid of compiler warning libsmb/smbencrypt.c cast to get rid of compiler warning profile/profile.c add flush profile stats changes for profile struct rpc_parse/parse_samr.c fix for compiler warning rpc_server/srv_samr.c cast to get rid of compiler warning smbd/ipc.c profile stats message.c profile stats smbd/negprot.c profile stats smbd/nttrans.c profile stats smbd/trans2.c profile stats utils/smbcontrol.c new flush stats command (This used to be commit bbb24daa25dca4e4b6b1f8942cd84ee3aa1bed8e)
2000-10-07added samr_set_user_info and info_2.Jean-François Micouleau1-0/+44
cleanup of create_user cleanup of rid/sid mix in samr. now we only have sid. some prs_align() missing in parse_samr.c a small debug change in srv_pipe.c You still can't change a user's password in this commit. Will be availble in the next one. J.F. (This used to be commit b655bc281fa183b1827a946ada1fcf500fb93aea)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-415/+66
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-01sys_select added one more argument (read, write selectors).Luke Leighton1-52/+50
(This used to be commit e4d92ff9dfc51735e6932748f66a7c20b2c1cb6a)
1999-11-25previous commit added an abstraction function that didn't even haveLuke Leighton1-6/+3
struct cli_state, uint16 fnum into the code: rpc_hnd_api_req(). modified cli_lsarpc.c to use this. the rest is const issues. (This used to be commit c1ea396de21309c4cf19fd92f2573f5257c24588)
1999-11-21implement server-side generation of NTLMv2 session key. YESSS :-)Luke Leighton1-0/+28
(This used to be commit 1092b4f6fbdf3770c0dab756b982a562def1738e)
1999-11-21you know what? this sort of thing makes me laugh. hmm, what functionsLuke Leighton1-1/+1
have we got. and what data do we have. hmm.. i wonder what the NTLMv2 user session key can be... hmmm... weell.... there's some hidden data here, generated from the user password that doesn't go over-the-wire, so that's _got_ to be involved. and... that bit of data took a lot of computation to produce, so it's probably _also_ involved... and md4 no, md5? no, how about hmac_md5 yes let's try that one (the other's didn't work) oh goodie, it worked! i love it when this sort of thing happens. took all of fifteen minutes to guess it. tried concatenating client and server challenges. tried concatenating _random_ bits of client and server challenges. tried md5 of the above. tried hmac_md5 of the above. eventually, it boils down to this: kr = MD4(NT#,username,domainname) hmacntchal=hmac_md5(kr, nt server challenge) sess_key = hmac_md5(kr, hmacntchal); (This used to be commit ab174759cd210fe1be888d0c589a5b2669f7ff1e)
1999-11-19The First Necessary UNICODE String Support.Luke Leighton1-19/+67
the random workstation trust account password is TOTAL garbage. i mean, complete garbage. it's nowhere CLOSE to being a UNICODE string. therefore we can't just take every second character. created nt_owf_genW() which creates NT#(password) instead of NT#(Unicode(pw)). followed through to the password setting in srv_samr.c (This used to be commit 172601b84ae94044b27ded917d4e0e21e47a5a66)
1999-11-04samuserset <username> -p password. YESSSSS :)Luke Leighton1-0/+11
you have to use "ntlmv1" at the moment (i.e set client ntlmv2 = no). (This used to be commit f52504c553becc64b89d546a57b1bd9cf1bc5b5c)
1999-11-04adding experimental set user password command to rpcclient, it returnsLuke Leighton1-0/+66
error wrong password against nt. ???? (This used to be commit b3f16e6b5aa5ba1b6afa38ad698646c8e765ec90)
1999-10-14adding CAP_EXTENDED_SECURITY support in a hurry last week. forgot toLuke Leighton1-0/+29
deal with linking issues in other binaries (This used to be commit 57f95a01988fb4035b2e4448f4fd3ef0d652c106)
1999-06-29removed old code/comments.Luke Leighton1-66/+0
(This used to be commit bc8c46bc088298d6247830b673790032e59d7f6a)
1999-06-29smbclient modified to use cli_establish_connection(). smbclient thereforeLuke Leighton1-5/+11
now uses improved authentication. smbclient now "broken" for "scripts" based on DEBUG() output. cli_establish_connection() requires modification to support old scripts. (This used to be commit b0539d43407cb2b0bab7977908de09b21b145218)
1999-06-29improving authentication code (tidyup).Luke Leighton1-42/+229
(This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7)
1999-03-25fixed issues with "Welcome to SAMBA Domain" for when admin user/pass isLuke Leighton1-1/+1
used to add workstation to domain. unix account db not modified: only SAM password db is used. (This used to be commit 129a9a4d4b74897ed753a697a3aed9b194c25568)
1999-03-24NULL pointer handling in nt_lm_owf_genLuke Leighton1-1/+4
(This used to be commit 68841eeb64df5958a90a6471fd17e6e56fba7c67)
1999-03-19return type of nt_decrypt_string2 set to BOOL.Luke Leighton1-4/+3
(This used to be commit 674e4a3a73cd601c647a5069e2af943a6321ac06)
1999-03-19Implemented encryption algorithm used for a number of RPC buffers.Matthew Chapman1-0/+45
(actually, decryption only currently because I need to get some sleep). Basically another Microsoft twist on DES; the "master key" is the user's NT hash MD4'd and subsets of this are chosen as the 56-bit DES keys. (This used to be commit f09388fa6f41a13ca035b5b2ff40be804608f619)
1999-02-12UNICODE cleanup (see lib/util_unistr.c).Matthew Chapman1-1/+1
No more ugly static library buffers and all functions take a destination string length (especially unistrcpy was rather dangerous; we were only saved by the fact that datagrams are limited in size). (This used to be commit a1d39af1ce1d451b811dbd7c2ba391214851b87e)
1999-02-11the UNICODE issue...Luke Leighton1-1/+1
(This used to be commit 73db80f34183324845407b00f58462ff2d7b47ea)