summaryrefslogtreecommitdiff
path: root/source3/utils/ntlm_auth.c
AgeCommit message (Collapse)AuthorFilesLines
2011-03-16s3-build: only include asn1 headers where actually needed.Günther Deschner1-0/+1
Guenther
2010-12-07s3:ntlm_auth: support clients which offer a spnego mechs we don't supportStefan Metzmacher1-110/+169
Before we rejected the authentication if we don't support the first spnego mech the client offered. We now negotiate the first mech we support. This fix works arround problems, when a client sends the NEGOEX (1.3.6.1.4.1.311.2.2.30) oid, which we don't support. metze
2010-12-07s3:ntlm_auth: free session key, as we don't use it (at least for now)Stefan Metzmacher1-1/+2
metze
2010-12-07s3:ntlm_auth: fix memory leak in the raw ntlmssp code pathStefan Metzmacher1-0/+2
metze
2010-11-02s3-debug Impove setup_logging() to specify logging to stderrAndrew Bartlett1-1/+1
This change improves the setup_logging() API so that callers which wish to set up logging to stderr can simply ask for it, rather than directly modify the dbf global variable. Andrew Bartlett
2010-09-16s3: Add the PAC info3 struct to the netsamlogon_cache in ntlm_authVolker Lendecke1-0/+4
2010-09-16s3: Correctly unwrap the krb ticket in gss-spnegoVolker Lendecke1-1/+52
2010-09-16s3: Fall back to raw NTLMSSP for the gss-spnego protocolVolker Lendecke1-0/+25
This is to handle the mod_auth_ntlm_winbind protocol sending "Negotiate" to IE, which sends raw NTLMSSP instead of a SPNEGO wrapped NTLMSSP blob.
2010-09-16s3: Split off output generation from manage_squid_ntlmssp_requestVolker Lendecke1-17/+41
2010-09-16s3: Wrap the ntlm_auth loop with a talloc_stackframeVolker Lendecke1-0/+2
2010-09-16libcli/auth/ntlmssp Be clear about talloc parents for session keysAndrew Bartlett1-5/+7
The previous API was not clear as to who owned the returned session key. This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code, and avoids making allocations - we steal and zero instead. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-15s3: Fix some debug msgs in ntlm_authVolker Lendecke1-8/+8
2010-09-13s3: Remove some unnecessary if-statementsVolker Lendecke1-10/+5
2010-09-13ntlm_auth: Fix a valgrind errorVolker Lendecke1-1/+1
2010-09-13s3: Fix a typoVolker Lendecke1-1/+1
2010-09-13s3: Fix a typo (authentictaion->authentication)Volker Lendecke1-1/+3
2010-08-26s3-build: only include nsswitch header where needed.Günther Deschner1-0/+1
Guenther
2010-08-05s3-popt: Only include popt-common.h when needed.Andreas Schneider1-0/+1
2010-08-05s3: avoid global include of ads.h.Günther Deschner1-0/+1
Guenther
2010-07-20s3-libsmb: Use data_blob_talloc to get krb5 ticket and session keysSimo Sorce1-4/+6
2010-07-19s3-ntlmssp: Remove ntlmssp_end and let the talloc hierarchy handle it.Simo Sorce1-17/+17
All the members are children of ntlmssp_state anyway. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-05-31ntlmssp: Make the ntlmssp.h from source3/ a common headerAndrew Bartlett1-1/+1
The code is not yet in common, but I hope to fix that soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18s3-crypto: only include crypto headers when crypto is done.Günther Deschner1-0/+1
Guenther
2010-05-11s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATAAndrew Bartlett1-2/+2
All the callers just want the PAC_LOGON_INFO, so search for that in ads_verify_ticket(), and don't bother the callers with the rest of the PAC. This change makes sense on it's own (removing boilerplate wrappers that just confuse the code), but it also makes it much easier to implement a matching ads_verify_ticket() function in Samba4 for the s3compat proposal. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-26s3 ntlm_auth: Don't malloc data that will be talloc_free()dKai Blin1-12/+12
This fixes bug #7290 Thanks to Mohan <mohann@silver-peak.com> for the bug report.
2010-03-24s3:ntlmssp: use client.netbios_name instead of workstationStefan Metzmacher1-3/+4
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s3:ntlmssp: rename void *auth_context; into void *callback_private;Stefan Metzmacher1-6/+6
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s3:ntlmssp: remove unused get_global_myname() and get_domain() from ↵Stefan Metzmacher1-4/+0
ntlmssp_state Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s3:ntlmssp: pass names and use_ntlmv2 to ntlmssp_client_start() and store themStefan Metzmacher1-1/+5
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s3:ntlmssp: pass names to ntlmssp_server_start() and store them in ntlmssp_stateStefan Metzmacher1-1/+27
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-01-10s3: Fix some nonempty blank linesVolker Lendecke1-36/+36
2009-12-22s3:ntlmssp: only include ntlmssp.h where actually neededAndrew Bartlett1-0/+1
Andrew Bartlett
2009-12-22s3:ntlmssp: remove the typedef NTLMSSP_STATEAndrew Bartlett1-4/+4
Andrew Bartlett
2009-11-27s3-kerberos: only use krb5 headers where required.Günther Deschner1-0/+1
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther
2009-11-21ntlm_auth: use data_blob_talloc() to allocate session keyKai Blin1-2/+2
Thanks to Shibu Piriyath <shibunair80@ymail.com> for spotting the issue.
2009-11-06s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg.Günther Deschner1-2/+2
Guenther
2009-09-17spnego: Support ASN.1 BIT STRING and use it in SPNEGO.Kouhei Sutou1-2/+4
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17spnego: share spnego_parse.Günther Deschner1-19/+24
Guenther
2009-05-22s3: set winbindd request flags in ntlm_auth to make it contact trusted ↵Bo Yang1-1/+56
domain when krb5 auth is enabled Signed-off-by: Bo Yang <boyang@samba.org>
2009-04-14s3: Fix ntlm_auth and winbindd to use new common libcli/auth APIsAndrew Bartlett1-2/+2
2009-04-14Make Samba3 use the new common libcli/auth codeAndrew Bartlett1-3/+3
This is particuarly in the netlogon client (but not server at this stage)
2009-04-14Rework Samba3 to use new libcli/auth code (partial)Andrew Bartlett1-2/+3
This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
2009-04-14Add some harmless use of talloc_tos() in ntlm_authAndrew Bartlett1-2/+2
2009-04-07s3:kerberos Rework smb_krb5_unparse_name() to take a talloc contextAndrew Bartlett1-4/+2
Signed-off-by: Günther Deschner <gd@samba.org>
2009-02-13Fix an uninitialized variable, introdued with 4d100f2fVolker Lendecke1-1/+1
2009-02-13Fix Coverity ID 744Volker Lendecke1-1/+1
This was marked as a resource leak. This change makes the code a bit clearer that we always free error_string.
2009-02-13Fix Coverity ID 745 (RESOURCE_LEAK)Volker Lendecke1-0/+1
2009-02-10S3: Fixes for coverity issues.todd stecher1-2/+3
2008-11-30remove the explicit mem_ctx from ntlmssp_state, use the state itselfVolker Lendecke1-3/+4
2008-11-10ntlm_auth: Put huge NTLMv2 blobs into extra_data on CRAP auth.Kai Blin1-3/+15
This fixes bug #5865