Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit a9a9634df8f3137ecb308adb90a755f12af94972)
|
|
(This used to be commit abf2600a044cdbab6c5d7880d18217bff3d15c39)
|
|
require top-quality entropy. We don't want to waste system enropy
generating challenges (which simply need to be unpredictable, not
secret) or when generating UUIDs.
Rework generate_random_buffer() to use /dev/urandom less often, only
to seed the existing RC4 based PRNG. (With an exception to ensure we
don't waste this setup cost for very small entropy requests).
Perhaps we should be using heimdal's code for this instead?
This should drasticly reduce our entropy use, particularly in the
build farm (automated Samba build on hosts without much other source
of entropy).
Andrew Bartlett
(This used to be commit 6a5630d37191542022f02fae519227b7829ef620)
|
|
(This used to be commit b8d6b82f1248d36a0aa91a1c58d06b4f7c66d245)
|
|
(This used to be commit fd697d77c9fe67a00939a1f04b35c451316fff58)
|
|
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
|
|
number in more places.
(This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
|
|
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
|
|
(This used to be commit 777959f862e6428d0bfa4a15a0f45a9bfde64821)
|
|
(This used to be commit 08bb1ef643ab906f1645cf6f32763dc73b1884e4)
|
|
(This used to be commit 1ce32673d960c8b05b6c1b1b99e1976a402417ae)
|
|
(This used to be commit 40c0919aaa9c1b14bbaebb95ecce53eb0380fdbb)
|
|
(This used to be commit 84b468b2f8f2dffda89593f816e8bc6a8b6d42ac)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
will now control the auth methods, but an override is still available,
ex:
auth methods:domain controller = <methods>
Andrew Bartlett
(This used to be commit b7e727186ed8eda6a68c873e089f655dc24fe8ae)
|
|
metze
(This used to be commit e0e35965d1eaab182941d17da744b70c4234ca52)
|
|
Andrew Bartlett
(This used to be commit 76812a0337fbfcb19939c6ee7a57975b6d690a4d)
|
|
Andrew Bartlett
(This used to be commit 9ed9a032c249461e69242afc2e0ccdd47524064e)
|
|
NTLMSSP_NEGOTIATE_ALWAYS_SIGN flags into the default set.
Andrew Bartlett
(This used to be commit 04709c75afda0234c7236fba674bf53a265f8dbb)
|
|
Break up auth/auth.h not to include the world.
Add credentials_krb5.h with the kerberos dependent prototypes.
Andrew Bartlett
(This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
|
|
(This used to be commit a47d65fe17a0e84615ff235380eb2462579199f0)
|
|
Andrew Bartlett
(This used to be commit 0afb4d1992b3c93557dec1e1cdca467efc299853)
|
|
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
|
|
and gensec_server_start().
calling them with NULL for event context or messaging context
is no longer allowed!
metze
(This used to be commit 679ac74e71b111344f1097ab389c0b83a9247710)
|
|
metze
(This used to be commit c865aea260dd22b8b5d63e60fd917a52ed719993)
|
|
own function.
metze
(This used to be commit ee81ad57938a9f54533a0028b87fd84bde90db8d)
|
|
chasing down bad signatures that may be due to data truncation.
Andrew Bartlett
(This used to be commit d304760d3d909e55cbf2c744cdb2b4137f74b81b)
|
|
flag is handled just like all the others.
Also negotiate the unknown 0x02000000 flag, to match windows.
Andrew Bartlett
(This used to be commit 1d0befdb681ed9974d1bdff46ce56353552ee0e0)
|
|
metze
(This used to be commit f099fcb6e3a38d6df22cb3a0c7c666333e41f11b)
|
|
correct grammar
(This used to be commit 26a2fa97e4c819e630bc9b50e11c8d5328c7b8c8)
|
|
Recursive dependencies are now forbidden (the build system
will bail out if there are any).
I've split up auth_sam.c into auth_sam.c and sam.c. Andrew,
please rename sam.c / move its contents to whatever/wherever you think suits
best.
(This used to be commit 6646384aaf3e7fa2aa798c3e564b94b0617ec4d0)
|
|
for REQUIRED_SUBSYSTEMS.
(This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
|
|
needs it.
(This used to be commit ecf84248b48783fb0ccbeff4d37d930b21fb96df)
|
|
even when not sending the LM response. Needed to pass the
test_session_key against Win2k3.
Yes, I think this is a security flaw in the use of Win2k3-compatible NTLM.
Andrew Bartlett
(This used to be commit cb6c27b4f29878a6a904f798e228eea05cc658e1)
|
|
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
|
|
(This used to be commit 9c37f847d32d2f327a88c53a90af0c73126b76be)
|
|
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
|
|
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
|
|
metze
(This used to be commit af63ed9eb3a5af3e4eeb84c66397255ea90ea764)
|
|
it's ugly, but they're used in torture tests
I hope to find a better solution for this later...
metze
(This used to be commit be8874e9d3f1a022a42ccd1262dc5ce7bd5d1a91)
|
|
- build gensec_ntlmssp always static for now, because torture/auth/ntlmssp.c
needs to access functions from it
metze
(This used to be commit 43733c9556c1c92336780206e3f71bdee6e43eee)
|
|
(This used to be commit 2c746980328431ab04852dc668899e3eb042da99)
|
|
file dependencies
(This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
|
|
default.
(This used to be commit c80a8f1102caf744b66c13bebde38fba74983dc4)
|
|
isn't every parameter on NTLMSSP, but it is most of the important
ones.
This showed up that we had the '128bit && LM_KEY' case messed up.
This isn't supported, so we must look instead at the 56 bit flag.
Andrew Bartlett
(This used to be commit 990da31b5f63f1e707651af8bf1a3241a8309811)
|
|
NTLM2 signing code.
Andrew Bartlett
(This used to be commit 16e5c968756c40b8595503da47a1adb9cb09c447)
|
|
We were causing mayhem by weakening the keys at the wrong point in time.
I think this is the correct place to do it. The session key for SMB
signing, and the 'smb session key' (used for encrypting password sets)
is never weakened.
The session key used for bulk data encryption/signing is weakened.
This also makes more sense, when we look at the NTLM2 code.
Andrew Bartlett
(This used to be commit 3fd32a12094ff2b6df52f5ab2af7c0ffceb5a4a0)
|
|
encryption behaviour.
Andrew Bartlett
(This used to be commit 2b3b2f33a4c531f2b0f65521cc352e6d762e95bd)
|
|
In particular, I've used the --leak-report-full option to smbd to
track down memory that shouldn't be on a long-term context. This is
now talloc_free()ed much earlier.
Andrew Bartlett
(This used to be commit c6eb74f42989d62c82d2a219251837b09df8491c)
|
|
(This used to be commit f7c28d31481f6479f258cd878d173cbc42ed9de0)
|