Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit b378aae95d4001c4cf4e6e59ed80ee1bd55382ee)
|
|
(This used to be commit 2c701f59a7f232fed624f7cec62dd494dd32c2d9)
|
|
This means that 'require NTLMv2 session security' now works for RPC
pipe signing. We don't yet have sealing, but it can't be much further.
This is almost all tridge's code, munged into a form that can work
with the GENSEC API.
This commit also includes more lsakey fixes - that key is used for all
DCE-RPC level authenticated connections, even over CIFS/ncacn_np.
No doubt I missed something, but I'm going to get some sleep :-)
Andrew Bartlett
(This used to be commit a1fe175eec884280fb7e9ca8f528134cf4600beb)
|
|
Andrew Bartlett
(This used to be commit 0237389ce765cbb6825b79de1b0727da0969efeb)
|
|
- implement key weakening
- don't create large 'hashes' when we only want a key (signing subkeys)
- make more useful debugs.
NTLM2 is still off by default, till I figure out how to do NTLM2 signing.
Andrew Bartlett
(This used to be commit 079c2654851536b0a7918d408ac9597abbab8fd2)
|
|
metze
(This used to be commit ac5f6f7e511a730448012c8a709887827aea2281)
|
|
metze
(This used to be commit 9f914e4af99e18b469d4cf9d8b1514a2bd28ddec)
|
|
metze
(This used to be commit 18062d2ed9fc9224c43143c10efbf2f6f1f5bbe0)
|
|
metze
(This used to be commit b5378803fdcb3b3afe7c2932a38828e83470f61a)
|
|
- added start of QueryDomainInfo in samr server
"net rpc info" from samba3 now works against a samba4 server. I
suspect join will work fairly soon.
(This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
|
|
metze
(This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
|
|
metze
(This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
|
|
Samba's NTLMSSP code is now fully talloc based, which should go a long
way to cleaning up the memory leaks in this code. This also avoids a
lot of extra copies of data, as we now allocate the 'return' blobs on
a caller-supplied context.
I have also been doing a lot of work towards NTLM2 signing and
sealing. I have this working for sealing, but not for the verifier
(MD5 integrity check on the stream) which is still incorrect.
(I can aim a rpcecho sinkdata from a Win2k3 box to my server, and the
data arrives intact, but the signature check fails. It does however
match the test values I have...).
The new torture test is cludged in - when we get a unit test suite
back, I'll happliy put it in the 'right' place....
Andrew Bartlett
(This used to be commit 399e2e2b1149b8d1c070aa7f0d5131c0b577d2b9)
|
|
The work here is trying to get the LM_KEY option for NLTMSSP
operating, however until that functions properly, it is now controlled
by some new smb.conf options, defaulting off.
Andrew Bartlett
(This used to be commit c63eb35b45c6db6e4c5302d1832bb5cef49a14f6)
|
|
Not all the auth code is merged - only those parts that are actually
being used in Samba4.
There is a lot more work to do in the NTLMSSP area, and I hope to
develop that work here. There is a start on this here - splitting
NTLMSSP into two parts that my operate in an async fashion (before and
after the actual authentication)
Andrew Bartlett
(This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f)
|
|
(This used to be commit c8ef04077413f44101ba071187554e65a8e1c8fc)
|
|
* removed a bunch of code that needs to be rewritten using the new
interfaces
(This used to be commit 9b02b486ef5906516f8cad79dbff5e3dd54cde66)
|
|
* moved ntlmssp code into libcli/auth/, and updated to latest ntlmssp
code from samba3 (thanks Andrew! the new interface is great)
* added signing/ntlmssp support in the dcerpc code
* added a dcerpc_auth.c module for the various dcerpc auth mechanisms
(This used to be commit c18c9b5585a3e5f7868562820c14f7cb529cdbcd)
|