summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2010-08-11s3-waf: fix the waf build with more recent MIT krb5 libs.Günther Deschner2-1/+4
(such as MIT krb5 1.7.1 on fedora 13). This whole area needs more work and love later, for now it builds at least. Kai, please check. Guenther
2010-08-10libcli/auth Make the source3/ implementation of the NTLMSSP server commonAndrew Bartlett1-527/+0
This means that the core logic (but not the initialisation) of the NTLMSSP server is in common, but uses different authentication backends. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Split the NTLMSSP server into before and after authenticationAndrew Bartlett1-62/+148
This allows for a future where the auth subsystem is async, and the session key generation needs to happen in a callback. This code is originally reworked into this style by metze for the source4/ implementation. The other change here is to introduce an 'out_mem_ctx', which makes the API match that used in source4. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Always call ntlmssp_sign_init()Andrew Bartlett1-3/+1
There is no code path that sets nt_status before this point, without a return. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Don't use talloc_tos() for NTLMSSP blobs for nowAndrew Bartlett1-2/+2
This code will, I hope, soon be merged in common, and the Samba4 use case does not currently support talloc_tos() properly. Use another context for now. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Don't permit LM_KEY in combination with NTLMv2Andrew Bartlett1-1/+4
This is another 'belts and braces' check to avoid the use of the weak 'LM_KEY' encryption when the client has chosen NTLMv2. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Don't reply with the LM_KEY negotiation flag when not availableAndrew Bartlett1-0/+15
This ensures the client isn't confused and we don't enter this weaker authentication scheme when we don't really, really need to. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Don't use the lm key if the user didn't supply one.Andrew Bartlett1-3/+3
This may help to avoid a number of possible MITM attacks where LM_KEY is spoofed into the session. If the login wasn't with lanman (and so the user chose to disclose their lanman response), don't disclose back anything based on their lanman password. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Add extra DEBUG() message for auth system failuresAndrew Bartlett1-0/+2
Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Redirect lp_lanman_auth() via 'allow_lm_key'Andrew Bartlett1-2/+4
This will allow this to be handled via common code in the future Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3: fix the waf build.Günther Deschner1-1/+2
Guenther
2010-08-10libcli/auth Move some source3/ NTLMSSP functions to the common code.Andrew Bartlett2-88/+2
libcli/auth Use true and false rather than True and False in common code Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-09Fix bug #7608 - Win7 SMB2 authentication causes smbd panicJeremy Allison1-2/+4
We need to call setup_ntlmssp_server_info() if status==NT_STATUS_OK, or if status is anything except NT_STATUS_MORE_PROCESSING_REQUIRED, as this can trigger map to guest. Jeremy.
2010-08-09s3-winbind: Fix Bug #7568: Make sure cm_connect_lsa_tcp does not reset the ↵Günther Deschner1-7/+13
secure channel. This is an important fix as the following could and is happening: * winbind authenticates a user via schannel secured netlogon samlogonex call, current secure channel cred state is stored in winbind state, winbind sucessfully decrypts session key from the info3 * winbind sets up a new schannel ncacn_ip_tcp lsa pipe (and thereby resets the secure channel on the dc) * subsequent samlogonex calls use the new secure channel creds on the dc to encrypt info3 session key, while winbind tries to use old schannel creds for decryption Guenther
2010-08-08s3: Remove the smbd_messaging_context from load_printersVolker Lendecke4-7/+8
2010-08-08s3: Remove the smbd_messaging_context from pcap_cache_reloadVolker Lendecke4-7/+10
2010-08-08s3: Remove the smbd_messaging_context from cups_cache_reloadVolker Lendecke3-9/+9
2010-08-08s3: Remove the smbd_messaging_context from cups_pcap_load_asyncVolker Lendecke1-5/+7
2010-08-08s3: Remove the smbd_messaging_context from smb_conf_updatedVolker Lendecke1-1/+1
2010-08-08s3: Remove the smbd_messaging_context from spoolss_init_cbVolker Lendecke1-2/+4
2010-08-08s3: Remove some smbd_messaging_context references from smbd_processVolker Lendecke1-7/+7
2010-08-08s3: Pass sconn to smbd_processVolker Lendecke3-32/+32
2010-08-08s3: Lift the server_messaging_context from housekeeping_fnVolker Lendecke1-3/+6
2010-08-08s3: Lift the server_messaging_context from check_reloadVolker Lendecke1-4/+4
2010-08-08s3: Make check_reload() staticVolker Lendecke2-2/+1
2010-08-08s3: Lift the server_messaging_context from spoolss_setjob_1Volker Lendecke1-3/+4
2010-08-08s3: Lift the server_messaging_context from construct_printer_info6Volker Lendecke1-2/+3
2010-08-08s3: Lift the server_messaging_context from construct_printer_info2Volker Lendecke1-3/+4
2010-08-08s3: Lift the server_messaging_context from construct_notify_jobs_infoVolker Lendecke1-5/+6
2010-08-08s3: Lift the server_messaging_context from construct_notify_printer_infoVolker Lendecke1-6/+8
2010-08-08s3: Pass messaging_context through s_notify_info_data_tableVolker Lendecke1-37/+70
2010-08-08s3: Lift the server_messaging_context from update_monitored_printq_cacheVolker Lendecke3-5/+4
2010-08-08s3: Lift the server_messaging_context from print_job_endpageVolker Lendecke3-5/+6
2010-08-08s3: Lift the server_messaging_context from print_job_writeVolker Lendecke3-5/+11
2010-08-08s3: Lift the server_messaging_context from print_job_delete1Volker Lendecke1-8/+8
2010-08-08s3: Lift the server_messaging_context from print_job_set_nameVolker Lendecke3-5/+10
2010-08-08s3: Lift the server_messaging_context from print_queue_update_with_lockVolker Lendecke1-5/+8
2010-08-08s3: Lift the server_messaging_context from print_queue_update_internalVolker Lendecke1-11/+12
2010-08-08s3: Lift the server_messaging_context from traverse_fn_deleteVolker Lendecke1-10/+10
2010-08-08s3: Lift the server_messaging_context from print_unix_jobVolker Lendecke1-5/+11
2010-08-08s3: Lift the server_messaging_context from pjob_deleteVolker Lendecke2-13/+22
2010-08-08s3: Lift the server_messaging_context from pjob_storeVolker Lendecke1-13/+23
2010-08-08s3: Lift the server_messaging_context from pjob_store_notifyVolker Lendecke1-17/+18
2010-08-08s3: Lift the server_messaging_context from notify_printer_bynameVolker Lendecke3-4/+11
2010-08-08s3: Lift the server_messaging_context from notify_printer_locationVolker Lendecke3-5/+13
2010-08-08s3: Lift the server_messaging_context from notify_printer_portVolker Lendecke3-4/+9
2010-08-08s3: Lift the server_messaging_context from notify_printer_printernameVolker Lendecke3-4/+9
2010-08-08s3: Lift the server_messaging_context from notify_printer_sharenameVolker Lendecke3-4/+10
2010-08-08s3: Lift the server_messaging_context from notify_printer_commentVolker Lendecke3-4/+9
2010-08-08s3: Lift the server_messaging_context from notify_printer_driverVolker Lendecke3-4/+9