summaryrefslogtreecommitdiff
path: root/source4/auth/ntlmssp
AgeCommit message (Collapse)AuthorFilesLines
2007-12-21r25660: Add a new interface 'generate_secret_buffer()', to be used when weAndrew Bartlett1-1/+1
require top-quality entropy. We don't want to waste system enropy generating challenges (which simply need to be unpredictable, not secret) or when generating UUIDs. Rework generate_random_buffer() to use /dev/urandom less often, only to seed the existing RC4 based PRNG. (With an exception to ensure we don't waste this setup cost for very small entropy requests). Perhaps we should be using heimdal's code for this instead? This should drasticly reduce our entropy use, particularly in the build farm (automated Samba build on hosts without much other source of entropy). Andrew Bartlett (This used to be commit 6a5630d37191542022f02fae519227b7829ef620)
2007-10-10r25552: Convert to standard bool type.Jelmer Vernooij5-42/+42
(This used to be commit b8d6b82f1248d36a0aa91a1c58d06b4f7c66d245)
2007-10-10r25430: Add the loadparm context to all parametric options.Jelmer Vernooij2-16/+16
(This used to be commit fd697d77c9fe67a00939a1f04b35c451316fff58)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij3-13/+12
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25035: Fix some more warnings, use service pointer rather than service ↵Jelmer Vernooij2-16/+16
number in more places. (This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij2-0/+2
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r25005: Avoid pstring.Jelmer Vernooij1-61/+15
(This used to be commit 777959f862e6428d0bfa4a15a0f45a9bfde64821)
2007-10-10r25000: Fix some more C++ compatibility warnings.Jelmer Vernooij4-15/+15
(This used to be commit 08bb1ef643ab906f1645cf6f32763dc73b1884e4)
2007-10-10r24712: No longer expose the 'BOOL' data type in any interfaces.Jelmer Vernooij1-7/+7
(This used to be commit 1ce32673d960c8b05b6c1b1b99e1976a402417ae)
2007-10-10r23798: updated old Temple Place FSF addresses to new URLAndrew Tridgell1-2/+1
(This used to be commit 40c0919aaa9c1b14bbaebb95ecce53eb0380fdbb)
2007-10-10r23795: more v2->v3 conversionAndrew Tridgell1-1/+1
(This used to be commit 84b468b2f8f2dffda89593f816e8bc6a8b6d42ac)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell5-15/+10
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23680: Make it easier to setup a domain member server - the 'server role'Andrew Bartlett1-1/+1
will now control the auth methods, but an override is still available, ex: auth methods:domain controller = <methods> Andrew Bartlett (This used to be commit b7e727186ed8eda6a68c873e089f655dc24fe8ae)
2007-10-10r22404: more dependencies which should be privateStefan Metzmacher1-1/+1
metze (This used to be commit e0e35965d1eaab182941d17da744b70c4234ca52)
2007-10-10r21039: Test some more failure paths (trying to increase the lcov score).Andrew Bartlett1-5/+0
Andrew Bartlett (This used to be commit 76812a0337fbfcb19939c6ee7a57975b6d690a4d)
2007-10-10r20949: Looking over some lcov output, try and walk some error paths.Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit 9ed9a032c249461e69242afc2e0ccdd47524064e)
2007-10-10r19805: Add the (harmless, but apparently default)Andrew Bartlett3-2/+10
NTLMSSP_NEGOTIATE_ALWAYS_SIGN flags into the default set. Andrew Bartlett (This used to be commit 04709c75afda0234c7236fba674bf53a265f8dbb)
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett4-3/+10
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2007-10-10r18258: need to use .priority not .order hereAndrew Tridgell1-1/+1
(This used to be commit a47d65fe17a0e84615ff235380eb2462579199f0)
2007-10-10r18250: Add an ordering of GENSEC modules, so we do preferred modules first.Andrew Bartlett1-1/+2
Andrew Bartlett (This used to be commit 0afb4d1992b3c93557dec1e1cdca467efc299853)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij1-1/+0
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17341: pass a messaging context to auth_context_create()Stefan Metzmacher1-2/+3
and gensec_server_start(). calling them with NULL for event context or messaging context is no longer allowed! metze (This used to be commit 679ac74e71b111344f1097ab389c0b83a9247710)
2007-10-10r17285: some reformatingStefan Metzmacher1-10/+23
metze (This used to be commit c865aea260dd22b8b5d63e60fd917a52ed719993)
2007-10-10r17284: move the input checking stuff from ntlmssp_update() into itsStefan Metzmacher1-40/+44
own function. metze (This used to be commit ee81ad57938a9f54533a0028b87fd84bde90db8d)
2007-10-10r17170: Catch some more out-of-memory cases, and provide some clues whenAndrew Bartlett1-7/+18
chasing down bad signatures that may be due to data truncation. Andrew Bartlett (This used to be commit d304760d3d909e55cbf2c744cdb2b4137f74b81b)
2007-10-10r16961: Merge 'seperate policy from logic' changes from Samba3. The 56-bitAndrew Bartlett3-4/+12
flag is handled just like all the others. Also negotiate the unknown 0x02000000 flag, to match windows. Andrew Bartlett (This used to be commit 1d0befdb681ed9974d1bdff46ce56353552ee0e0)
2007-10-10r16569: - use push_string()Stefan Metzmacher1-4/+4
metze (This used to be commit f099fcb6e3a38d6df22cb3a0c7c666333e41f11b)
2007-10-10r16100: Patch from Michael Wood <mwood@icts.uct.ac.za>: s/then/than/ for ↵Gerald Carter1-1/+1
correct grammar (This used to be commit 26a2fa97e4c819e630bc9b50e11c8d5328c7b8c8)
2007-10-10r15298: Fix the build using a few hacks in the build system.Jelmer Vernooij1-1/+1
Recursive dependencies are now forbidden (the build system will bail out if there are any). I've split up auth_sam.c into auth_sam.c and sam.c. Andrew, please rename sam.c / move its contents to whatever/wherever you think suits best. (This used to be commit 6646384aaf3e7fa2aa798c3e564b94b0617ec4d0)
2007-10-10r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacementJelmer Vernooij1-1/+1
for REQUIRED_SUBSYSTEMS. (This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
2007-10-10r14952: Make sure the auth subsystem gets initialized if a gensec module ↵Jelmer Vernooij1-0/+3
needs it. (This used to be commit ecf84248b48783fb0ccbeff4d37d930b21fb96df)
2007-10-10r14701: Allow, with non-default options, NTLMSSP to access the LM session key,Andrew Bartlett1-2/+3
even when not sending the LM response. Needed to pass the test_session_key against Win2k3. Yes, I think this is a security flaw in the use of Win2k3-compatible NTLM. Andrew Bartlett (This used to be commit cb6c27b4f29878a6a904f798e228eea05cc658e1)
2007-10-10r14542: Remove librpc, libndr and libnbt from includes.hJelmer Vernooij1-0/+1
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
2007-10-10r14477: Remove the NOPROTO property - it's no longer used as proto.h is gone.Jelmer Vernooij1-1/+0
(This used to be commit 9c37f847d32d2f327a88c53a90af0c73126b76be)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij1-1/+1
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r14380: Reduce the size of structs.hJelmer Vernooij3-2/+3
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2007-10-10r14071: fix the buildStefan Metzmacher1-2/+4
metze (This used to be commit af63ed9eb3a5af3e4eeb84c66397255ea90ea764)
2007-10-10r14070: this functions need to be exported,Stefan Metzmacher1-2/+2
it's ugly, but they're used in torture tests I hope to find a better solution for this later... metze (This used to be commit be8874e9d3f1a022a42ccd1262dc5ce7bd5d1a91)
2007-10-10r14064: - split out MSRPC_PARSE into a speperate subsystemStefan Metzmacher5-2/+10
- build gensec_ntlmssp always static for now, because torture/auth/ntlmssp.c needs to access functions from it metze (This used to be commit 43733c9556c1c92336780206e3f71bdee6e43eee)
2007-10-10r13960: Generate makefile rules for installing/removing shared modules.Jelmer Vernooij1-2/+2
(This used to be commit 2c746980328431ab04852dc668899e3eb042da99)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij4-1/+4
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r13903: Don't generate prototypes for modules and binaries in include/proto.h byJelmer Vernooij1-1/+2
default. (This used to be commit c80a8f1102caf744b66c13bebde38fba74983dc4)
2007-10-10r13472: After Volker's advise, try every combination of parameters. ThisAndrew Bartlett1-4/+6
isn't every parameter on NTLMSSP, but it is most of the important ones. This showed up that we had the '128bit && LM_KEY' case messed up. This isn't supported, so we must look instead at the 56 bit flag. Andrew Bartlett (This used to be commit 990da31b5f63f1e707651af8bf1a3241a8309811)
2007-10-10r13471: With more 'try all options' testing, I found this 'simple' but in theAndrew Bartlett1-1/+1
NTLM2 signing code. Andrew Bartlett (This used to be commit 16e5c968756c40b8595503da47a1adb9cb09c447)
2007-10-10r13470: Thanks to a report from VL:Andrew Bartlett4-25/+39
We were causing mayhem by weakening the keys at the wrong point in time. I think this is the correct place to do it. The session key for SMB signing, and the 'smb session key' (used for encrypting password sets) is never weakened. The session key used for bulk data encryption/signing is weakened. This also makes more sense, when we look at the NTLM2 code. Andrew Bartlett (This used to be commit 3fd32a12094ff2b6df52f5ab2af7c0ffceb5a4a0)
2007-10-10r13467: Add new parametric options (for testing) controlling LM_KEY and 56-bitAndrew Bartlett1-5/+13
encryption behaviour. Andrew Bartlett (This used to be commit 2b3b2f33a4c531f2b0f65521cc352e6d762e95bd)
2007-10-10r13252: Cleanup, both in code, comments and talloc use:Andrew Bartlett2-11/+33
In particular, I've used the --leak-report-full option to smbd to track down memory that shouldn't be on a long-term context. This is now talloc_free()ed much earlier. Andrew Bartlett (This used to be commit c6eb74f42989d62c82d2a219251837b09df8491c)
2007-10-10r13170: Remove some dependencies on -1 implying the size of pstringJelmer Vernooij1-6/+4
(This used to be commit f7c28d31481f6479f258cd878d173cbc42ed9de0)
2007-10-10r12927: Fix typo.Andrew Bartlett1-1/+1
(This used to be commit 01e98966ca955e86ec46f8bce3892899e2717df9)
2007-10-10r12919: Ensure we never 'extend' the session key length, or fill in past theAndrew Bartlett1-1/+5
length of the (possibly null) pointer. In reality this should come to us either 16 or 0 bytes in length, but this is the safest test. This is bug 3401 in Samba3, thanks to Yau Lam Yiu <yiuext at cs.ust.hk> Andrew Bartlett (This used to be commit f3aa702944ed7086d93bf05075f910e7e4617d9c)