summaryrefslogtreecommitdiff
path: root/source4/libcli/auth/ntlmssp_sign.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r3960: fix compiler warningsStefan Metzmacher1-4/+4
metze (This used to be commit 54d5b418a75d421a9c6c09bc084454f11e9b7b44)
2007-10-10r3462: separate out the crypto includesAndrew Tridgell1-0/+1
(This used to be commit 3f75117db921e493bb77a5dc14b8ce91a6288f30)
2007-10-10r3453: - split out the auth and popt includesAndrew Tridgell1-0/+1
- tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
2007-10-10r2645: converted the NTLMSSP code to the new style of tallocAndrew Tridgell1-4/+4
(This used to be commit b378aae95d4001c4cf4e6e59ed80ee1bd55382ee)
2007-10-10r2294: this fixes the NTLM2 sign+seal combination. I have now tested:Andrew Tridgell1-25/+15
NTLM sign NTLM sign+seal NTLM2 sign NTLM2 sign+seal and all of the above both with and without key exchange the NTLM2 seal case is ugly and involves an extra data copy, which some API changes in gensec or the ndr layer might avoid in future. (This used to be commit fce7a4218b3136d880dd1a123e8525e3091bbed8)
2007-10-10r2284: Thanks to some great detective work by tridge, NTLM2 signing now works.Andrew Bartlett1-50/+85
This means that 'require NTLMv2 session security' now works for RPC pipe signing. We don't yet have sealing, but it can't be much further. This is almost all tridge's code, munged into a form that can work with the GENSEC API. This commit also includes more lsakey fixes - that key is used for all DCE-RPC level authenticated connections, even over CIFS/ncacn_np. No doubt I missed something, but I'm going to get some sleep :-) Andrew Bartlett (This used to be commit a1fe175eec884280fb7e9ca8f528134cf4600beb)
2007-10-10r2099: Get rid of another private ARCFOUR implementation from the codebase.Andrew Bartlett1-92/+43
Andrew Bartlett (This used to be commit 0237389ce765cbb6825b79de1b0727da0969efeb)
2007-10-10r2041: Fix NTLMSSP RPC sealing, client -> win2k3 server.Andrew Bartlett1-0/+10
The bug (found by tridge) is that Win2k3 is being tighter about the NTLMSSP flags. If we don't negotiate sealing, we can't use it. We now have a way to indicate to the GENSEC implementation mechanisms what things we want for a connection. Andrew Bartlett (This used to be commit 86f61568ea44c5719f9b583beeeefb12e0c26f4c)
2007-10-10r1294: A nice, large, commit...Andrew Bartlett1-2/+0
This implements gensec for Samba's server side, and brings gensec up to the standards of a full subsystem. This means that use of the subsystem is by gensec_* functions, not function pointers in structures (this is internal). This causes changes in all the existing gensec users. Our RPC server no longer contains it's own generalised security scheme, and now calls gensec directly. Gensec has also taken over the role of auth/auth_ntlmssp.c An important part of gensec, is the output of the 'session_info' struct. This is now reference counted, so that we can correctly free it when a pipe is closed, no matter if it was inherited, or created by per-pipe authentication. The schannel code is reworked, to be in the same file for client and server. ntlm_auth is reworked to use gensec. The major problem with this code is the way it relies on subsystem auto-initialisation. The primary reason for this commit now.is to allow these problems to be looked at, and fixed. There are problems with the new code: - I've tested it with smbtorture, but currently don't have VMware and valgrind working (this I'll fix soon). - The SPNEGO code is client-only at this point. - We still do not do kerberos. Andrew Bartlett (This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
2007-10-10r1274: revert -r 1239 as discussed with abartletStefan Metzmacher1-27/+5
metze (This used to be commit 52e2d038252bd745d53c687d266ad3ad62efa6fc)
2007-10-10r1239: move the old msrpc_<gen|parse>() functions to ↵Stefan Metzmacher1-5/+27
ndr_<push|pull>_format_blob() simular to ndr_<push|pull>_struct_blob() metze (This used to be commit b25dd341e0febd550a2936ca484b6fecce2ff8c2)
2007-10-10r1187: * Remove testing hack (actually check signatures on NTLM2).Andrew Bartlett1-5/+2
* Remove unreached counter increment * Print the correct NTLMSSP key. (This used to be commit b96700695479c19c7b2c190616420762409fdf0d)
2007-10-10r1170: Remove bogus part of previous commit - session keys, even in NTLMSSPAndrew Bartlett1-2/+4
are variable length. Remove extra casts Andrew Bartlett (This used to be commit 84f86b83f88cea5564347f3aa623be2d9feeb4b3)
2007-10-10r1169: Some more updates to the NTLMSSP NTLM2 code:Andrew Bartlett1-44/+48
- implement key weakening - don't create large 'hashes' when we only want a key (signing subkeys) - make more useful debugs. NTLM2 is still off by default, till I figure out how to do NTLM2 signing. Andrew Bartlett (This used to be commit 079c2654851536b0a7918d408ac9597abbab8fd2)
2007-10-10r1001: in samba4 we don't(shouldn't) use typedef's anymore...Stefan Metzmacher1-11/+7
metze (This used to be commit ac5f6f7e511a730448012c8a709887827aea2281)
2007-10-10r961: convert 'uchar' to 'uint8_t'Stefan Metzmacher1-9/+9
metze (This used to be commit 9f914e4af99e18b469d4cf9d8b1514a2bd28ddec)
2007-10-10r943: change samba4 to use 'uint8_t' instead of 'unsigned char'Stefan Metzmacher1-11/+11
metze (This used to be commit b5378803fdcb3b3afe7c2932a38828e83470f61a)
2007-10-10r884: convert samba4 to use [u]int32_t instead of [u]int32Stefan Metzmacher1-2/+2
metze (This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
2007-10-10r874: This patch is a pile of work on NTLMSSP:Andrew Bartlett1-76/+129
Samba's NTLMSSP code is now fully talloc based, which should go a long way to cleaning up the memory leaks in this code. This also avoids a lot of extra copies of data, as we now allocate the 'return' blobs on a caller-supplied context. I have also been doing a lot of work towards NTLM2 signing and sealing. I have this working for sealing, but not for the verifier (MD5 integrity check on the stream) which is still incorrect. (I can aim a rpcecho sinkdata from a Win2k3 box to my server, and the data arrives intact, but the signature check fails. It does however match the test values I have...). The new torture test is cludged in - when we get a unit test suite back, I'll happliy put it in the 'right' place.... Andrew Bartlett (This used to be commit 399e2e2b1149b8d1c070aa7f0d5131c0b577d2b9)
2007-10-10r443: Update Samba4 to the auth and NTLMSSP code from Samba3.Andrew Bartlett1-20/+47
Not all the auth code is merged - only those parts that are actually being used in Samba4. There is a lot more work to do in the NTLMSSP area, and I hope to develop that work here. There is a start on this here - splitting NTLMSSP into two parts that my operate in an async fashion (before and after the actual authentication) Andrew Bartlett (This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f)
2003-11-26fixed some memory leaks in the dcerpc use of ntlmssp signingAndrew Tridgell1-2/+6
(This used to be commit abbc9993b8f7eb9f57e079db1d0b170d0b9aa443)
2003-11-26signed DCERPC over TCP now works !Andrew Tridgell1-0/+378
* moved ntlmssp code into libcli/auth/, and updated to latest ntlmssp code from samba3 (thanks Andrew! the new interface is great) * added signing/ntlmssp support in the dcerpc code * added a dcerpc_auth.c module for the various dcerpc auth mechanisms (This used to be commit c18c9b5585a3e5f7868562820c14f7cb529cdbcd)