Age | Commit message (Collapse) | Author | Files | Lines |
|
correct grammar
(This used to be commit 26a2fa97e4c819e630bc9b50e11c8d5328c7b8c8)
|
|
metze
(This used to be commit af63ed9eb3a5af3e4eeb84c66397255ea90ea764)
|
|
it's ugly, but they're used in torture tests
I hope to find a better solution for this later...
metze
(This used to be commit be8874e9d3f1a022a42ccd1262dc5ce7bd5d1a91)
|
|
- build gensec_ntlmssp always static for now, because torture/auth/ntlmssp.c
needs to access functions from it
metze
(This used to be commit 43733c9556c1c92336780206e3f71bdee6e43eee)
|
|
NTLM2 signing code.
Andrew Bartlett
(This used to be commit 16e5c968756c40b8595503da47a1adb9cb09c447)
|
|
We were causing mayhem by weakening the keys at the wrong point in time.
I think this is the correct place to do it. The session key for SMB
signing, and the 'smb session key' (used for encrypting password sets)
is never weakened.
The session key used for bulk data encryption/signing is weakened.
This also makes more sense, when we look at the NTLM2 code.
Andrew Bartlett
(This used to be commit 3fd32a12094ff2b6df52f5ab2af7c0ffceb5a4a0)
|
|
data to be signed/sealed. We can use this to split the data from the
signature portion of the resultant wrapped packet.
This required merging the gsskrb5_wrap_size patch from
lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no
longer use a static 45 byte value).
This fixes one of the krb5 issues in my list.
Andrew Bartlett
(This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104)
|
|
Andrew Bartlett
(This used to be commit 50e6229c7a13be9b5d10c954f9b895993cefe2b6)
|
|
into Samba3.
The NTLMSSP sign/seal code now assumes that GENSEC has already checked
to see if SIGN or SEAL should be permitted. This simplfies the code
ensures that no matter what the mech, the correct code paths have been
set in place.
Also remove duplication caused by the NTLMv2 code's history, and
document why some of the things a bit funny.
In SPNEGO, create a new routine to handle the negTokenInit creation.
We no longer send an OID for a mech we can't start (like kerberos on
the server without a valid trust account).
Andrew Bartlett
(This used to be commit fe45ef608f961a6950d4d19b4cb5e7c27b38ba5f)
|
|
this out by asking GENSEC, just like everybody else.
Andrew Bartlett
(This used to be commit 0268d6c46b73bf2097247639df2532b5e8591531)
|
|
This also includes other changes to reduce memory use by GENSEC when
not being used for sign/seal operations. This should lower tridge's K
'per connection' benchmark further.
Andrew Bartlett
(This used to be commit 4a5829401b20c10091185bbd93236477523459b2)
|
|
same time, but with different names. This just helps me avoid
conflicts when I merge up my other changes.
Andrew Bartlett
(This used to be commit 27e6a853a5160cb1ad595bea25e891eeae439662)
|
|
metze
(This used to be commit 0c1cd40bcea748d65938bb2dc8160ea07e9ec851)
|
|
struct ntlmssp_state, and pushes all the member elements into struct
gensec_ntlmssp_state.
This also removes the 2-layer start function, caused by the previous
double abstraction layer.
Andrew Bartlett
(This used to be commit eebbb4205b335214d24974f3be825846f6227f0c)
|
|
Andrew Bartlett
(This used to be commit 227f2578da140067734f55b559760871ee4d0d12)
|
|
with talloc() for the NTLMSSP system.
Andrew Bartlett
(This used to be commit 7a93ac49c28d433ccf0f077294f473fe728b9995)
|
|
client and server logic code. In future, this may allow us to build
only the NTLMSSP client, and not the server, but in the short-term, it
allows me greater sainity in moving around these files.
Andrew Bartlett
(This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
|