| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Andrew Bartlett
(This used to be commit 6789e237d7b070624ba09e7ed43680b838337b74)
|
|
Add NTLMv2 support to our client, used when so configured ('client use NTLMv2 =
yes') and only when 'client use spengo = no'. (A new option to allow the
client and server ends to chose spnego seperatly).
NTLMv2 signing doesn't yet work, and NTLMv2 is not done for NTLMSSP yet.
Also some parinoia checks in our input parsing.
Andrew Bartlett
(This used to be commit 85e9c060eab59c7692198f14a447ad59f05af437)
|
|
different algorithm).
Andrew Bartlett
(This used to be commit e6f87c7ee5c61f03f81159a8017d31f439c4454a)
|
|
Andrew Bartlett
(This used to be commit b1c722e306533babeffeba9d8c7dcfa00e019423)
|
|
This checking allows us to connect to Microsoft servers the use SMB signing,
within a few restrictions:
- I've not get the NTLMSSP stuff going - it appears to work, but if you break
the sig - say by writing a zero in it - it still passes...
- We don't currently verfiy the server's reply
- It works against one of my test servers, but not the other...
However, it provides an excellent basis to work from. Enable it with 'client
signing' in your smb.conf.
Doc to come (tomorrow) and this is not for 3.0, till we get it complete.
The CIFS Spec is misleading - the session key (for NTLMv1 at least) is the
standard session key, ie MD4(NT#).
Thanks to jra for the early work on this.
Andrew Bartlett
(This used to be commit 1a2738937e3d80b378bd0ed33cd8d395fba2d3c3)
|
|
to HEAD :-).
Jeremy.
(This used to be commit 1fec0f50ed0e750afec5cdf551fcd37ef4858e94)
|
|
Jeremy.
(This used to be commit 90336900ad2a6d50e1d42f7bc59fdc7c762187d3)
|
|
the dog again.
(This used to be commit 6f89ee2c9dc7f03e3dbe7aa734bf67c6a434d135)
|
|
- NTLMSSP over SPENGO (sesssion-setup-and-x) cleanup and code refactor.
- also consequential changes to the NTLMSSP and SPNEGO parsing functions
- and the client code that uses the same functions
- Add ntlm_auth, a NTLMSSP authentication interface for use by applications
like Squid and Apache.
- also consquential changes to use common code for base64 encode/decode.
- Winbind changes to support ntlm_auth (I don't want this program to need
to read smb.conf, instead getting all it's details over the pipe).
- nmbd changes for fstrcat() instead of fstrcpy().
Andrew Bartlett
(This used to be commit fbb46da79cf322570a7e3318100c304bbf33409e)
|
|
used to be commit b741abd496621586040081c04674ae53cb5db47c)
|
|
The idea here is to seperate, as much as possible, the SPNEGO layer from the
NTLMSSP layer. This not only helps us with protocol correctness, but also
should allow further mechinisms to be added with relitive ease. I indend to
make the kerberos code use this shortly.
I've never seen the 'zero length blob' form of the anonymous login, so I've
removed that case.
Andrew Bartlett
(This used to be commit a8773c9f825539c5bc17e4200b16d7ebbe0b7620)
|
|
Jeremy.
(This used to be commit 1b71786c161cd8ec4c3c0c6b178370ed50feeef4)
|
|
Jeremy.
(This used to be commit 85dda434763bbcea260c800599e4b6b73afcf174)
|
|
I mistyped a comma :-).
Jeremy.
(This used to be commit 04cc149c756c396012cfa321a74724b077302b95)
|
|
(This used to be commit 09d8a8e87fbb13928b863f659381dddb09592985)
|
|
(This used to be commit 9b11ede90129fab8311344ce8621556fd6cff7dc)
|
|
(This used to be commit 51b319f57f28e3993919d7f3db0251a724902332)
|
|
(This used to be commit fcf63df8bfae37680ad7af48c65af62abc4e0020)
|
|
(This used to be commit b063acd9062704be6352647dae2ad801ecacec75)
|
|
kerberos_verify...
Jeremy.
(This used to be commit e8c4098da619a1429cc4c8251761333a7c0f3458)
|
|
if no kerberos selected. Noticed by Metze.
Jeremy.
(This used to be commit 1684719695acb7168115b032fc1ec672509239ea)
|
|
if no kerberos selected. Noticed by Metze.
Jeremy.
(This used to be commit 0c98f779f05431ac4d298c9f021fca85d16aebae)
|
|
Jeremy.
(This used to be commit a7ee6ed64500a0d949849da6996b7dc837518f00)
|
|
Jeremy.
(This used to be commit 193cc4f4fc876c66e97ea6b82bae431d0247c1fa)
|
|
(This used to be commit 9f1f3cb8bb3d7d9b4fb414b06ad10356f775bb28)
|
|
(This used to be commit aceaaad1c2efce41fe0e03655b0ca0583788d7ab)
|
|
to add a function without an explicit #ifdef HEIMDAL which I'm trying
to avoid.
Jeremy.
(This used to be commit 92ecd0bf0fe2cc4f6c86ca48e6e458e726470a50)
|
|
to add a function without an explicit #ifdef HEIMDAL which I'm trying
to avoid.
Jeremy.
(This used to be commit 77aeb262ef7c7cd3d206afe2d5445caaca943dfd)
|
|
Change the 'cookie' to be the ntlmssp_context, and use the 'auth_context' on
that to store the cookie. Ensures that simple callbacks can 'just work'.
Also make it clear that we are doing a pull_string into a pstring, not just
any sized buffer.
Andrew Bartlett
(This used to be commit c7793f27188e658b7fc6336aa51d367eab36fc17)
|
|
challenge in the NTLMSSP context.
Andrew Bartlett
(This used to be commit ba13e058d4533b1ffba723b9e98e95090ad63d85)
|
|
*sync up configure.in
*don't build torture tools in make all
*make sure to remove torture tools as part of make clean
(This used to be commit 0fb724b3216eeeb97e61ff12755ca3a31bcad6ef)
|
|
(This used to be commit 9ac196dad4893b0ceef13281a140be5d85391e6c)
|
|
(This used to be commit 7a4c87484237308cb3ad0d671687da7e0f6e733b)
|
|
eliminate the dependency on the auth subsystem. The next step is to add
the required code to 'ntlm_auth', for export to Squid etc.
Andrew Bartlett
(This used to be commit 9e48ab86da40e4c1cafa70c04fb9ebdcce23dfab)
|
|
- remove useless #else
- signed/unsigned fixes
- use an fstring for LM hash buffer.
Andrew Bartlett
(This used to be commit c0fb53c31fd7341745d14640e761affc5dae5230)
|
|
(This used to be commit 20ebdee36d5351731698bdef6602fc73a45b1651)
|
|
null terminated.
Thanks to Metze for finding this.
(This used to be commit e4ce26332b8f876e25ff9baf06d4767a473e2676)
|
|
(This used to be commit 9a38e378115a1c36d0cd7c41f4c5767c23b4eb3f)
|
|
1. reboot in parse_reg and cli_reg was shadowing a definition on FreeBSD
4.3 from system includes.
2. Added a bit of const to places.
3. Made sure internal functions were declared where needed.
(This used to be commit fd847aa93690eb72f0437a8d22c03b222eb2a016)
|
|
This tries to extract our server-side code out of sessetup.c, and into a more
general lib. I hope this is only a temporay resting place - I indend to
refactor it again into an auth-subsystem independent lib, using callbacks.
Move some of our our NTLMSSP #defines into a new file, and add two that I found
in the COMsource docs - we seem to have a double-up, but I've verified from
traces that the NTLMSSP_TARGET_TYPE_{DOMAIN,SERVER} is real.
This code also copes with ASCII clients - not that we will ever see any here,
but I hope to use this for HTTP, were we can get them. Win2k authenticates
fine under forced ASCII, btw.
Tested with Win2k, NTLMv2 and Samba's smbclient.
Andrew Bartlett
(This used to be commit b6641badcbb2fb3bfec9d00a6466318203ea33e1)
|
|
termination - the password will not be null terminated before hashing if
len >= 14.
related to debian bug #157432
Andrew Bartlett
(This used to be commit c6535836f2e48903aa89a18c11cbb37576fb4a20)
|
|
Andrew Bartlett
(This used to be commit fe1cc779d5ea77e87dbc0e2edf7c34a354fee6e0)
|
|
case.
Andrew Bartlett
(This used to be commit 8129529c4faec5ea630acf70b7514a3efc0fbdcf)
|
|
the actual error value :-)
Andrew Bartlett
(This used to be commit 123ae99c7d51c62e9f765cd41018dcc1a70cdd22)
|
|
Andrew Bartlett
(This used to be commit f79324f730c400342f445c931b0d75ff756d7cc7)
|
|
warnings. (Adds a lot of const).
Andrew Bartlett
(This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
|
|
to be printed in a DEBUG() message.
(This used to be commit 96e9fa5f224966531fa8f9cf18cbc4bbb2fe60ed)
|
|
DEBUG() message printing the wrong value.
(This used to be commit 42a4e5b851aa7c9fd9dca5a6f8f42e5d91246c76)
|
|
Volker
(This used to be commit f5494f5ef6a14020bd31541b1f87d48111f60ad8)
|
|
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
(This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
|
