summaryrefslogtreecommitdiff
path: root/source4/auth/ntlmssp/ntlmssp_server.c
AgeCommit message (Collapse)AuthorFilesLines
2009-02-13Remove auth/ntlm as a dependency of GENSEC by means of function pointers.Andrew Bartlett1-11/+10
When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett
2009-01-31s4:auth: try to fix the build on SolarisStefan Metzmacher1-0/+1
MAXHOSTNAMELEN comes in via system/network.h now. metze
2008-11-02Add gensec_settings structure. This wraps loadparm_context for now, butJelmer Vernooij1-13/+13
should in the future only contain some settings required for gensec.
2008-11-01Remove unused argument iconv_convenience.Jelmer Vernooij1-3/+0
2008-10-24Remove iconv_convenience parameter from simple string push/pullJelmer Vernooij1-2/+0
functions.
2008-09-24Move source4/lib/crypto to lib/crypto.Jelmer Vernooij1-1/+1
2008-09-19NTLMSSP Server: Correctly fills in the DNS server name and server domainMatthias Dieter Wallnöfer1-21/+17
Don't rely on "get*" system calls but rather on SAMBA "lp_*" calls. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-08-01auth/ntlmssp: don't crash when the backend give no challengeStefan Metzmacher1-0/+6
metze (This used to be commit c01fee80a79cd9e0f7bb295333bb03bd37328d05)
2008-05-05Fix the build after the auth/ -> auth/ntlm/ renameAndrew Bartlett1-1/+1
I need to fix up the header inclusion, but this fixes things for now. Andrew Bartlett (This used to be commit 7c07edb24b31e7dc3e9b836ec4a6680ee2b04276)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij1-1/+1
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2008-04-02Install public header files again and include required prototypes.Jelmer Vernooij1-0/+2
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-01-03r26652: msrpc_parse/msrpc_gen: Add iconv_convenience argument.Jelmer Vernooij1-1/+7
(This used to be commit e886f1bc0dc694971979716d1991535c7d2e08de)
2007-12-21r26264: pass name resolve order explicitly, use torture context for settings ↵Jelmer Vernooij1-1/+1
in dssync tests. (This used to be commit c7eae1c7842f9ff8b70cce9e5d6f3ebbbe78e83b)
2007-12-21r26260: Store loadparm context in gensec context.Jelmer Vernooij1-11/+11
(This used to be commit b9e3a4862e267be39d603fed8207a237c3d72081)
2007-12-21r26221: Add loadparm_context parameter to auth_context_create.Jelmer Vernooij1-0/+1
(This used to be commit a9a9634df8f3137ecb308adb90a755f12af94972)
2007-10-10r25552: Convert to standard bool type.Jelmer Vernooij1-4/+4
(This used to be commit b8d6b82f1248d36a0aa91a1c58d06b4f7c66d245)
2007-10-10r25430: Add the loadparm context to all parametric options.Jelmer Vernooij1-6/+6
(This used to be commit fd697d77c9fe67a00939a1f04b35c451316fff58)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij1-5/+5
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25035: Fix some more warnings, use service pointer rather than service ↵Jelmer Vernooij1-6/+6
number in more places. (This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r25005: Avoid pstring.Jelmer Vernooij1-61/+15
(This used to be commit 777959f862e6428d0bfa4a15a0f45a9bfde64821)
2007-10-10r25000: Fix some more C++ compatibility warnings.Jelmer Vernooij1-5/+5
(This used to be commit 08bb1ef643ab906f1645cf6f32763dc73b1884e4)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23680: Make it easier to setup a domain member server - the 'server role'Andrew Bartlett1-1/+1
will now control the auth methods, but an override is still available, ex: auth methods:domain controller = <methods> Andrew Bartlett (This used to be commit b7e727186ed8eda6a68c873e089f655dc24fe8ae)
2007-10-10r19805: Add the (harmless, but apparently default)Andrew Bartlett1-0/+4
NTLMSSP_NEGOTIATE_ALWAYS_SIGN flags into the default set. Andrew Bartlett (This used to be commit 04709c75afda0234c7236fba674bf53a265f8dbb)
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett1-1/+3
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2007-10-10r17341: pass a messaging context to auth_context_create()Stefan Metzmacher1-2/+3
and gensec_server_start(). calling them with NULL for event context or messaging context is no longer allowed! metze (This used to be commit 679ac74e71b111344f1097ab389c0b83a9247710)
2007-10-10r16961: Merge 'seperate policy from logic' changes from Samba3. The 56-bitAndrew Bartlett1-1/+5
flag is handled just like all the others. Also negotiate the unknown 0x02000000 flag, to match windows. Andrew Bartlett (This used to be commit 1d0befdb681ed9974d1bdff46ce56353552ee0e0)
2007-10-10r14380: Reduce the size of structs.hJelmer Vernooij1-1/+1
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2007-10-10r14064: - split out MSRPC_PARSE into a speperate subsystemStefan Metzmacher1-0/+1
- build gensec_ntlmssp always static for now, because torture/auth/ntlmssp.c needs to access functions from it metze (This used to be commit 43733c9556c1c92336780206e3f71bdee6e43eee)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+1
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r13470: Thanks to a report from VL:Andrew Bartlett1-3/+0
We were causing mayhem by weakening the keys at the wrong point in time. I think this is the correct place to do it. The session key for SMB signing, and the 'smb session key' (used for encrypting password sets) is never weakened. The session key used for bulk data encryption/signing is weakened. This also makes more sense, when we look at the NTLM2 code. Andrew Bartlett (This used to be commit 3fd32a12094ff2b6df52f5ab2af7c0ffceb5a4a0)
2007-10-10r13252: Cleanup, both in code, comments and talloc use:Andrew Bartlett1-11/+32
In particular, I've used the --leak-report-full option to smbd to track down memory that shouldn't be on a long-term context. This is now talloc_free()ed much earlier. Andrew Bartlett (This used to be commit c6eb74f42989d62c82d2a219251837b09df8491c)
2007-10-10r12804: This patch reworks the Samba4 sockets layer to use a socket_addressAndrew Bartlett1-1/+2
structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
2007-10-10r11366: Pass around the flags which indicate if we should support plaintextAndrew Bartlett1-0/+1
logins and NTLM machine account logins. Andrew Bartlett (This used to be commit 421e64c2b4192bb13d2857d6c8648ff687ed653e)
2007-10-10r11081: Remember to remove unused variables.Jeremy Allison1-1/+0
Jeremy. (This used to be commit bfa41398a65037c6017b0af0ea1f0423011df150)
2007-10-10r11080: Narrowing down on the #1828 PPC bug. The PPC client sends anJeremy Allison1-19/+7
initial NTLMSSP negotiate blob of only 16 bytes - no strings added ! (So don't try parsing them). Jeremy. (This used to be commit 42d93a317ab424a0720620b83c285b5118bcc06f)
2007-10-10r11076: Still working on bug #1828, PPC hell. The PPC client sends theJeremy Allison1-2/+12
NTLMSSP client and domain strings as Unicode, even when setting flags as OEM. Cope with this. Jeremy. (This used to be commit 77399e1cecc44674c3398143d8a5bb59c600abcd)
2007-10-10r10669: reverted jelmers commit 10663 as it was causing lots of panics in ↵Andrew Tridgell1-5/+6
'make test' I also think the method of getting rid of pstring isn't the right one. I certainly do want to get rid of pstring/fstring, but the reason for removing them is the use of arbitrary sized fixed length strings on the stack and in structures. Changing to another fixed length stack string format isn't really a win, and moving to use strncpy() is actually worse than pstrcpy() as strncpy() has the absolutely awful semantics of always zeroing all remaining bytes, so it ends up taking a lot of cpu doing pointless memory writes. I'd rather move to more use of asprintf()/talloc_asprintf() and similar functions for dynamic string allocation. You also have to be very careful about some of these system defined string limits. One some systems PATH_MAX could be 64k or even larger, which can quickly blow the stack out when you allocate a few of them. (This used to be commit 194efd26e42d621b239052ed1fec8da916bd2144)
2007-10-10r10663: Eliminate use of pstringJelmer Vernooij1-6/+5
(This used to be commit 57cfbe51e61e27098fad3f9b1113c6f8f69f9a55)
2007-10-10r10292: This is set below from lp_server_role().Andrew Bartlett1-1/+0
Andrew Bartlett (This used to be commit 096c751f37172b06bb42b5c4d73b2743322d2f71)
2007-10-10r8700: Propmted by tridge's need to do plaintext auth in ejs, rework theAndrew Bartlett1-10/+15
user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
2007-10-10r8520: fixed a pile of warnings from the build farm gcc -Wall output onAndrew Tridgell1-4/+6
S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell1-1/+3
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r7597: removed the bogus get_myfullname() and get_mydomname() calls, and putAndrew Tridgell1-0/+56
them in the ntlmssp code, which is the only place they are used. Andrew, please remove them completely once you have some more reliable way to get this info they are bogus as gethostname() may give us a short hostname (and does on lot of systems), so the calls often give totally the wrong result anyway (This used to be commit 35ec292f86bf663618b4bd03133d9bbd6e2faf10)
2007-10-10r6799: Remove a rudundent variable from the context structure - we can figureAndrew Bartlett1-3/+3
this out by asking GENSEC, just like everybody else. Andrew Bartlett (This used to be commit 0268d6c46b73bf2097247639df2532b5e8591531)
2007-10-10r6738: My version of the patch by metze that I just reverted (-r 6734).Andrew Bartlett1-10/+16
This also includes other changes to reduce memory use by GENSEC when not being used for sign/seal operations. This should lower tridge's K 'per connection' benchmark further. Andrew Bartlett (This used to be commit 4a5829401b20c10091185bbd93236477523459b2)
2007-10-10r6736: Revert metze's -r 6734, as metze and I made the same changes at theAndrew Bartlett1-5/+5
same time, but with different names. This just helps me avoid conflicts when I merge up my other changes. Andrew Bartlett (This used to be commit 27e6a853a5160cb1ad595bea25e891eeae439662)
2007-10-10r6734: most compiler don't like struct elements without a name...Stefan Metzmacher1-5/+5
metze (This used to be commit 0c1cd40bcea748d65938bb2dc8160ea07e9ec851)
2007-10-10r6465: Use talloc_zero for the gensec_ntlmssp_state structure, as the historyAndrew Bartlett1-40/+5
of this code has too many pre-zeroed structure assumptions. Remove unused 'stub' functions Andrew Bartlett (This used to be commit 78dc57c65513ba4c271308d84fc2a2a533f76061)