summaryrefslogtreecommitdiff
path: root/source4/auth/ntlmssp/ntlmssp_server.c
AgeCommit message (Collapse)AuthorFilesLines
2010-09-16libcli/auth/ntlmssp Be clear about talloc parents for session keysAndrew Bartlett1-0/+5
The previous API was not clear as to who owned the returned session key. This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code, and avoids making allocations - we steal and zero instead. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-14s4:auth Move struct auth_usersupplied_info to a common locationAndrew Bartlett1-1/+1
This also changes the calling convention slightly - we should always allocate this with talloc_zero() to allow some elements to be optional. Some elements may only make sense in Samba3, which I hope will use this common structure. Andrew Bartlett
2010-08-10libcli/auth Make the source3/ implementation of the NTLMSSP server commonAndrew Bartlett1-520/+1
This means that the core logic (but not the initialisation) of the NTLMSSP server is in common, but uses different authentication backends. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10libcli/auth Move some source3/ NTLMSSP functions to the common code.Andrew Bartlett1-30/+0
libcli/auth Use true and false rather than True and False in common code Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-07s4:ntlmssp Merge more aspects of the source3/ NTLMSSP layerAndrew Bartlett1-20/+21
This changes the talloc treatment of the session keys to avoid memory duplication - the session key has always been allocated onto the ntlmssp_context by the auth subsystem callback. The remainder of the changes are cosmetics, such as avoiding using lm_session_key as a pointer (and avoiding then doing an if statement on something that is always true). Andrew Bartlett
2010-08-07s4:ntlmssp Re-add gensec_ntlmssp wrapper to allow merge with source3/Andrew Bartlett1-18/+52
By re-adding this wrapper, the actual guts of these functions are now very similar to that found in source3/libsmb/ntlmssp.c This should make it easier to merge the implementations. Andrew Bartlett
2010-08-07s4:ntlmssp Always setup the session keys and signing stateAndrew Bartlett1-9/+1
While it would save some CPU to only setup the session key when requested (like windows does), this instead matches the implementation in source3/libsmb/ntlmssp.c We could re-add this later after the codebase is merged. Andrew Bartlett
2010-08-06s4:ntlmssp Adjust Samba4 ntlmssp code to look more like the code in Samba3.Andrew Bartlett1-70/+118
This does not change behaviour, and some of the whitespace isn't ideal, but at the moment making this code more similar, even in cosmetics, will assist later merge efforts. Andrew Bartlett
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-5/+5
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-01s4:ntlmssp Merge ntlmssp structures with version from source3/Andrew Bartlett1-69/+9
Use this as an excuse to get rid of ntlmssp_set_domain() etc, which don't do anything useful now that msrpc_parse() use talloc anyway. Andrew Bartlett
2010-05-24Add in support for the NTLMSSP version reply.Jeremy Allison1-3/+30
Jeremy.
2010-04-14s4:auth Change auth_generate_session_info to take an auth contextAndrew Bartlett1-5/+5
The auth context was in the past only for NTLM authentication, but we need a SAM, an event context and and loadparm context for calculating the local groups too, so re-use that infrustructure we already have in place. However, to avoid problems where we may not have an auth_context (in torture tests, for example), allow a simpler 'session_info' to be generated, by passing this via an indirection in gensec and an generate_session_info() function pointer in the struct auth_context. In the smb_server (for old-style session setups) we need to change the async context to a new 'struct sesssetup_context'. This allows us to use the auth_context in processing the authentication reply . Andrew Bartlett
2010-03-24s4:ntlmssp: move doing_ntlm2 to ntlmssp_server_auth_stateStefan Metzmacher1-2/+3
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: move NTLM2 session_nonce to ntlmssp_server_auth_stateStefan Metzmacher1-5/+7
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: move encrypted_session_key to ntlmssp_server_auth_stateStefan Metzmacher1-26/+19
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: keep a ntlmssp_server_auth_state to transport variables from ↵Stefan Metzmacher1-10/+23
preauth to postauth hooks metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: remove unused server_multiple_authentications feature.Stefan Metzmacher1-11/+1
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: rename gensec_ntlmssp_state => ntlmssp_stateStefan Metzmacher1-164/+164
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: calculate server names at startup and store them in ↵Stefan Metzmacher1-24/+33
(gensec_)ntlmssp_state->server.* Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: replace server_role by a server.is_standalone in ↵Stefan Metzmacher1-2/+6
(gensec_)ntlmssp_state Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: keep struct gensec_ntlmssp_context in gensec_security->private_dataStefan Metzmacher1-8/+16
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: remove gensec_security from (gensec_)ntlmssp_stateStefan Metzmacher1-1/+1
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: remove backend specifix stuff from (gensec_)ntlmssp_stateStefan Metzmacher1-19/+46
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2009-12-29s4:ntlmssp: remove mem_ctx from check_password() callback to match s3Stefan Metzmacher1-4/+2
metze
2009-12-29s4:ntlmssp_server: always call ntlmssp_server_postauth() and decide there if ↵Stefan Metzmacher1-5/+11
it's a noop metze
2009-12-29s4:ntlmssp_server: don't use a mem_ctx for ntlmssp_server_auth()Stefan Metzmacher1-13/+7
metze
2009-12-29s4:ntlmssp_server: don't use mem_ctx in auth_ntlmssp_check_password()Stefan Metzmacher1-16/+8
metze
2009-12-29s4:ntlmssp_server: clear session key in ntlmssp_server_preauth()Stefan Metzmacher1-3/+1
metze
2009-12-29s4:ntlmssp: use data_blob_null in ntlmssp_server_auth()Stefan Metzmacher1-4/+6
metze
2009-12-29s4:ntlmssp_server: remove unused variableStefan Metzmacher1-7/+0
metze
2009-12-29s4:auth/ntlmssp: let get_challenge() return a NTSTATUS and fill a stack bufferStefan Metzmacher1-12/+11
metze
2009-12-22s4:auth Change 'get_challenge' API to be more like Samba3Andrew Bartlett1-2/+5
It is just easier to fill in the known to be 8 byte challenge than stuff about with allocated pointers. Andrew Bartlett
2009-12-16s4-gensec: Replace gensec_get_peer_addr with new tsocket based fn.Andreas Schneider1-1/+2
2009-10-20s4: ran minimal_includes.pl on source4/auth/ntlmsspAndrew Tridgell1-3/+0
2009-10-15s4:ntlmssp server - use also here the new "lp_dnsdomain()" callMatthias Dieter Wallnöfer1-2/+1
2009-08-28s4-ntlmssp: use interface constants in TargetInfo blob.Günther Deschner1-5/+5
Guenther
2009-08-28s4-ntlmssp: use NTLMSSP headers from IDL and remove duplicate constants.Günther Deschner1-3/+4
Guenther
2009-07-07s4:auth It is easier to copy the session key than get talloc right.Andrew Bartlett1-4/+3
The session keys as supplied already have a reference on them, so stealing them creates challenges. For 16 bytes, it is just easier to be consistant and copy them. Andrew Bartlett
2009-07-01fixed the use of talloc_steal in ntlmssp_server Andrew Tridgell1-3/+2
The previous use of talloc_steal could cause a steal of a pointer that had references. This ensures that doesn't happen
2009-04-19Remove unused headersAndrew Bartlett1-1/+0
2009-04-16Fix Samba4 build errors with common libcli/samsyncAndrew Bartlett1-2/+1
2009-02-13Remove auth/ntlm as a dependency of GENSEC by means of function pointers.Andrew Bartlett1-11/+10
When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett
2009-01-31s4:auth: try to fix the build on SolarisStefan Metzmacher1-0/+1
MAXHOSTNAMELEN comes in via system/network.h now. metze
2008-11-02Add gensec_settings structure. This wraps loadparm_context for now, butJelmer Vernooij1-13/+13
should in the future only contain some settings required for gensec.
2008-11-01Remove unused argument iconv_convenience.Jelmer Vernooij1-3/+0
2008-10-24Remove iconv_convenience parameter from simple string push/pullJelmer Vernooij1-2/+0
functions.
2008-09-24Move source4/lib/crypto to lib/crypto.Jelmer Vernooij1-1/+1
2008-09-19NTLMSSP Server: Correctly fills in the DNS server name and server domainMatthias Dieter Wallnöfer1-21/+17
Don't rely on "get*" system calls but rather on SAMBA "lp_*" calls. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-08-01auth/ntlmssp: don't crash when the backend give no challengeStefan Metzmacher1-0/+6
metze (This used to be commit c01fee80a79cd9e0f7bb295333bb03bd37328d05)
2008-05-05Fix the build after the auth/ -> auth/ntlm/ renameAndrew Bartlett1-1/+1
I need to fix up the header inclusion, but this fixes things for now. Andrew Bartlett (This used to be commit 7c07edb24b31e7dc3e9b836ec4a6680ee2b04276)