summaryrefslogtreecommitdiff
path: root/source4/auth/ntlmssp/ntlmssp_sign.c
AgeCommit message (Collapse)AuthorFilesLines
2010-03-24s4:ntlmssp: move sign/seal states to a private ntlmssp_crypt_state unionStefan Metzmacher1-59/+60
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: make use of dump_arc4_state()Stefan Metzmacher1-8/+7
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: copy dump_arc4_state() from source3Stefan Metzmacher1-0/+6
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: avoid usage of calc_ntlmv2_key_talloc()Stefan Metzmacher1-27/+8
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: make use of calc_ntlmv2_key() for seal keysStefan Metzmacher1-15/+16
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: add calc_ntlmv2_key() from source3Stefan Metzmacher1-0/+11
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: rename calc_ntlmv2_key => calc_ntlmv2_key_tallocStefan Metzmacher1-5/+5
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: inline ntlmssp_weakend_keys()Stefan Metzmacher1-13/+41
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: use a 'bool ok' helper variable to make the code more readableStefan Metzmacher1-6/+14
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: fix some formatingStefan Metzmacher1-74/+110
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: rename gensec_ntlmssp_state => ntlmssp_stateStefan Metzmacher1-72/+73
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: split gensec_ntlmssp_unseal_packet() and ntlmssp_unseal_packet()Stefan Metzmacher1-17/+34
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: split gensec_ntlmssp_seal_packet() and ntlmssp_seal_packet()Stefan Metzmacher1-19/+37
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: split gensec_ntlmssp_check_packet() and ntlmssp_check_packet()Stefan Metzmacher1-13/+31
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: split gensec_ntlmssp_sign_packet() and ntlmssp_sign_packet()Stefan Metzmacher1-12/+27
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: remove more whitespaces...Stefan Metzmacher1-32/+32
metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s4:ntlmssp: keep struct gensec_ntlmssp_context in gensec_security->private_dataStefan Metzmacher1-6/+20
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-03Fix typo in comments.Karolin Seeger1-2/+2
2009-12-22s4:gensec Don't give a warning when Windows client connects with NTLMAndrew Bartlett1-11/+20
We have had the workaround for a long time, but at the time the log warnings remained. Andrew Bartlett
2009-10-20s4: ran minimal_includes.pl on source4/auth/ntlmsspAndrew Tridgell1-1/+0
2009-08-28s4-ntlmssp: use NTLMSSP headers from IDL and remove duplicate constants.Günther Deschner1-0/+1
Guenther
2009-07-08s4:auth/ntlmssp: let _unwrap fallback to seal if sign only doesn't workStefan Metzmacher1-6/+57
s4:auth/ntlmssp: let _unwrap fallback to seal if sign only doesn't work Windows always uses SEAL with NTLMSSP on LDAP connection even if not negotiated. metze
2009-04-19Remove unused headersAndrew Bartlett1-2/+0
2009-04-16Fix Samba4 build errors with common libcli/samsyncAndrew Bartlett1-1/+1
2008-10-24Remove unused include param/param.h.Jelmer Vernooij1-1/+0
2008-10-24Remove iconv_convenience parameter from simple string push/pullJelmer Vernooij1-2/+0
functions.
2008-09-24Move source4/lib/crypto to lib/crypto.Jelmer Vernooij1-1/+1
2008-04-02Install public header files again and include required prototypes.Jelmer Vernooij1-2/+2
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-01-03r26652: msrpc_parse/msrpc_gen: Add iconv_convenience argument.Jelmer Vernooij1-2/+7
(This used to be commit e886f1bc0dc694971979716d1991535c7d2e08de)
2007-10-10r25552: Convert to standard bool type.Jelmer Vernooij1-4/+4
(This used to be commit b8d6b82f1248d36a0aa91a1c58d06b4f7c66d245)
2007-10-10r25000: Fix some more C++ compatibility warnings.Jelmer Vernooij1-4/+4
(This used to be commit 08bb1ef643ab906f1645cf6f32763dc73b1884e4)
2007-10-10r23798: updated old Temple Place FSF addresses to new URLAndrew Tridgell1-2/+1
(This used to be commit 40c0919aaa9c1b14bbaebb95ecce53eb0380fdbb)
2007-10-10r23795: more v2->v3 conversionAndrew Tridgell1-1/+1
(This used to be commit 84b468b2f8f2dffda89593f816e8bc6a8b6d42ac)
2007-10-10r21039: Test some more failure paths (trying to increase the lcov score).Andrew Bartlett1-5/+0
Andrew Bartlett (This used to be commit 76812a0337fbfcb19939c6ee7a57975b6d690a4d)
2007-10-10r20949: Looking over some lcov output, try and walk some error paths.Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit 9ed9a032c249461e69242afc2e0ccdd47524064e)
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett1-0/+2
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2007-10-10r17170: Catch some more out-of-memory cases, and provide some clues whenAndrew Bartlett1-7/+18
chasing down bad signatures that may be due to data truncation. Andrew Bartlett (This used to be commit d304760d3d909e55cbf2c744cdb2b4137f74b81b)
2007-10-10r16100: Patch from Michael Wood <mwood@icts.uct.ac.za>: s/then/than/ for ↵Gerald Carter1-1/+1
correct grammar (This used to be commit 26a2fa97e4c819e630bc9b50e11c8d5328c7b8c8)
2007-10-10r14071: fix the buildStefan Metzmacher1-2/+4
metze (This used to be commit af63ed9eb3a5af3e4eeb84c66397255ea90ea764)
2007-10-10r14070: this functions need to be exported,Stefan Metzmacher1-2/+2
it's ugly, but they're used in torture tests I hope to find a better solution for this later... metze (This used to be commit be8874e9d3f1a022a42ccd1262dc5ce7bd5d1a91)
2007-10-10r14064: - split out MSRPC_PARSE into a speperate subsystemStefan Metzmacher1-0/+1
- build gensec_ntlmssp always static for now, because torture/auth/ntlmssp.c needs to access functions from it metze (This used to be commit 43733c9556c1c92336780206e3f71bdee6e43eee)
2007-10-10r13471: With more 'try all options' testing, I found this 'simple' but in theAndrew Bartlett1-1/+1
NTLM2 signing code. Andrew Bartlett (This used to be commit 16e5c968756c40b8595503da47a1adb9cb09c447)
2007-10-10r13470: Thanks to a report from VL:Andrew Bartlett1-11/+17
We were causing mayhem by weakening the keys at the wrong point in time. I think this is the correct place to do it. The session key for SMB signing, and the 'smb session key' (used for encrypting password sets) is never weakened. The session key used for bulk data encryption/signing is weakened. This also makes more sense, when we look at the NTLM2 code. Andrew Bartlett (This used to be commit 3fd32a12094ff2b6df52f5ab2af7c0ffceb5a4a0)
2007-10-10r10153: This patch adds a new parameter to gensec_sig_size(), the size of theAndrew Bartlett1-1/+1
data to be signed/sealed. We can use this to split the data from the signature portion of the resultant wrapped packet. This required merging the gsskrb5_wrap_size patch from lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no longer use a static 45 byte value). This fixes one of the krb5 issues in my list. Andrew Bartlett (This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104)
2007-10-10r9678: Remove unused variables.Andrew Bartlett1-4/+0
Andrew Bartlett (This used to be commit 50e6229c7a13be9b5d10c954f9b895993cefe2b6)
2007-10-10r9416: Cleanups inspired by jra's work to migrate Samba4's NTLMSSP code backAndrew Bartlett1-81/+26
into Samba3. The NTLMSSP sign/seal code now assumes that GENSEC has already checked to see if SIGN or SEAL should be permitted. This simplfies the code ensures that no matter what the mech, the correct code paths have been set in place. Also remove duplication caused by the NTLMv2 code's history, and document why some of the things a bit funny. In SPNEGO, create a new routine to handle the negTokenInit creation. We no longer send an OID for a mech we can't start (like kerberos on the server without a valid trust account). Andrew Bartlett (This used to be commit fe45ef608f961a6950d4d19b4cb5e7c27b38ba5f)
2007-10-10r6799: Remove a rudundent variable from the context structure - we can figureAndrew Bartlett1-1/+1
this out by asking GENSEC, just like everybody else. Andrew Bartlett (This used to be commit 0268d6c46b73bf2097247639df2532b5e8591531)
2007-10-10r6738: My version of the patch by metze that I just reverted (-r 6734).Andrew Bartlett1-45/+66
This also includes other changes to reduce memory use by GENSEC when not being used for sign/seal operations. This should lower tridge's K 'per connection' benchmark further. Andrew Bartlett (This used to be commit 4a5829401b20c10091185bbd93236477523459b2)
2007-10-10r6736: Revert metze's -r 6734, as metze and I made the same changes at theAndrew Bartlett1-45/+45
same time, but with different names. This just helps me avoid conflicts when I merge up my other changes. Andrew Bartlett (This used to be commit 27e6a853a5160cb1ad595bea25e891eeae439662)
2007-10-10r6734: most compiler don't like struct elements without a name...Stefan Metzmacher1-45/+45
metze (This used to be commit 0c1cd40bcea748d65938bb2dc8160ea07e9ec851)