summaryrefslogtreecommitdiff
path: root/source4/libcli/util/smbencrypt.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r3686: The results of some work on the NETLOGON pipe:Andrew Bartlett1-7/+18
Break out the samsync tests from RPC-NETLOGON into a new RPC-SAMSYNC, that will cross-verify all the values. Add support for the way netlogon credentials are shared between the pipe that sets up schannel and the pipe that is encrypted with it. Test this support, by calling both NETLOGON and SAMR operations in the RPC-SCHANNEL test. Move some of the Netlogon NEG flags into the .idl, now we have an idea what a few of them really are. Rename the sam_pwd_hash into a name that has meaning (all other crypto functions were renamed in Samba4 ages ago). Break out NTLMv2 functionality for operation on the NT hash - I intend to do NTLMv2 logins in the samsync test in future, and naturally I only have the hash. Andrew Bartlett (This used to be commit 6e6cc6fb9842113a1b0c7f6904dac709b320a6e5)
2007-10-10r3655: As required by the new torture test, add the LM session key outputAndrew Bartlett1-1/+8
parameter to SMBNTLMv2encrypt(). Andrew Bartlett (This used to be commit 75ff351faf0a3231e17f000b006beb9cb545d905)
2007-10-10r3462: separate out the crypto includesAndrew Tridgell1-0/+1
(This used to be commit 3f75117db921e493bb77a5dc14b8ce91a6288f30)
2007-10-10r3453: - split out the auth and popt includesAndrew Tridgell1-1/+1
- tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
2007-10-10r3447: more include/system/XXX.h include filesAndrew Tridgell1-0/+1
(This used to be commit 264ce9181089922547e8f6f67116f2d7277a5105)
2007-10-10r2857: this commit gets rid of smb_ucs2_t, wpstring and fpstring, plus lots ↵Andrew Tridgell1-19/+25
of associated functions. The motivation for this change was to avoid having to convert to/from ucs2 strings for so many operations. Doing that was slow, used many static buffers, and was also incorrect as it didn't cope properly with unicode codepoints above 65536 (which could not be represented correctly as smb_ucs2_t chars) The two core functions that allowed this change are next_codepoint() and push_codepoint(). These functions allow you to correctly walk a arbitrary multi-byte string a character at a time without converting the whole string to ucs2. While doing this cleanup I also fixed several ucs2 string handling bugs. See the commit for details. The following code (which counts the number of occuraces of 'c' in a string) shows how to use the new interface: size_t count_chars(const char *s, char c) { size_t count = 0; while (*s) { size_t size; codepoint_t c2 = next_codepoint(s, &size); if (c2 == c) count++; s += size; } return count; } (This used to be commit 814881f0e50019196b3aa9fbe4aeadbb98172040)
2007-10-10r2552: Character set conversion and string handling updates.Andrew Bartlett1-16/+23
The intial motivation for this commit was to merge in some of the bugfixes present in Samba3's chrcnv and string handling code into Samba4. However, along the way I found a lot of unused functions, and decided to do a bit more... The strlen_m code now does not use a fixed buffer, but more work is needed to finish off other functions in str_util.c. These fixed length buffers hav caused very nasty, hard to chase down bugs at some sites. The strupper_m() function has a strupper_talloc() to replace it (we need to go around and fix more uses, but it's a start). Use of these new functions will avoid bugs where the upper or lowercase version of a string is a different length. I have removed the push_*_allocate functions, which are replaced by calls to push_*_talloc. Likewise, pstring and other 'fixed length' wrappers are removed, where possible. I have removed the first ('base pointer') argument, used by push_ucs2, as the Samba4 way of doing things ensures that this is always on an even boundary anyway. (It was used in only one place, in any case). (This used to be commit dfecb0150627b500cb026b8a4932fe87902ca392)
2007-10-10r1654: rename cli_ -> smbcli_Stefan Metzmacher1-4/+4
rename CLI_ -> SMBCLI_ metze (This used to be commit 8441750fd9427dd6fe477f27e603821b4026f038)
2007-10-10r1498: (merge from 3.0)Andrew Bartlett1-3/+3
Rework our random number generation system. On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). This also requires that we start the secrets subsystem, as that is where the reseed value is stored, for systems without /dev/urandom. In order to aviod identical streams in forked children, the random state is re-initialised after the fork(), at the same point were we do that to the tdbs. Andrew Bartlett (This used to be commit b97d3cb2efd68310b1aea8a3ac40a64979c8cdae)
2007-10-10r1274: revert -r 1239 as discussed with abartletStefan Metzmacher1-14/+11
metze (This used to be commit 52e2d038252bd745d53c687d266ad3ad62efa6fc)
2007-10-10r1239: move the old msrpc_<gen|parse>() functions to ↵Stefan Metzmacher1-11/+14
ndr_<push|pull>_format_blob() simular to ndr_<push|pull>_struct_blob() metze (This used to be commit b25dd341e0febd550a2936ca484b6fecce2ff8c2)
2007-10-10r1129: Remove unused function.Andrew Bartlett1-30/+0
Andrew Bartlett (This used to be commit 4d23b9e039872273f3ef433d94d24759bcb87c30)
2007-10-10r961: convert 'uchar' to 'uint8_t'Stefan Metzmacher1-29/+29
metze (This used to be commit 9f914e4af99e18b469d4cf9d8b1514a2bd28ddec)
2007-10-10r943: change samba4 to use 'uint8_t' instead of 'unsigned char'Stefan Metzmacher1-7/+7
metze (This used to be commit b5378803fdcb3b3afe7c2932a38828e83470f61a)
2007-10-10r890: convert samba4 to use [u]int8_t instead of [u]int8Stefan Metzmacher1-3/+3
metze (This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
2007-10-10r889: convert samba4 to use [u]int16_t instead of [u]int16Stefan Metzmacher1-1/+1
metze (This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
2007-10-10r884: convert samba4 to use [u]int32_t instead of [u]int32Stefan Metzmacher1-1/+1
metze (This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
2007-10-10r874: This patch is a pile of work on NTLMSSP:Andrew Bartlett1-7/+14
Samba's NTLMSSP code is now fully talloc based, which should go a long way to cleaning up the memory leaks in this code. This also avoids a lot of extra copies of data, as we now allocate the 'return' blobs on a caller-supplied context. I have also been doing a lot of work towards NTLM2 signing and sealing. I have this working for sealing, but not for the verifier (MD5 integrity check on the stream) which is still incorrect. (I can aim a rpcecho sinkdata from a Win2k3 box to my server, and the data arrives intact, but the signature check fails. It does however match the test values I have...). The new torture test is cludged in - when we get a unit test suite back, I'll happliy put it in the 'right' place.... Andrew Bartlett (This used to be commit 399e2e2b1149b8d1c070aa7f0d5131c0b577d2b9)
2007-10-10r873: converted samba4 to use real 64 bit integers instead ofAndrew Tridgell1-1/+1
structures. This was suggested by metze recently. I checked on the build farm and all the machines we have support 64 bit ints, and support the LL suffix for 64 bit constants. I suspect some won't support strtoll() and related functions, so we will probably need replacements for those. (This used to be commit 9a9244a1c66654c12abe4379661cba83a73c4c21)
2007-10-10r610: - Merge the Samba3 'ntlm_auth --diagnostics' testsuite to Samba4.Andrew Bartlett1-2/+1
- This required using NETLOGON_NEG_AUTH2_FLAGS for the SetupCredentials2 negotiation flags, which is what Samba3 does, because otherwise the server uses different crypto. - This tests the returned session keys, which we decrypt. - Update the Samba4 notion of a 'session key' to be a DATA_BLOB in most places. - Fix session key code to return NT_STATUS_NO_SESSION_KEY if none is available. - Remove a useless argument to SMBsesskeygen_ntv1 - move netr_CredentialState from the .idl to the new credentials.h Andrew Bartlett (This used to be commit 44f8b5b53e6abd4de8a676f78d729988fadff320)
2007-10-10r451: More NTLMSSP work.Andrew Bartlett1-52/+10
The work here is trying to get the LM_KEY option for NLTMSSP operating, however until that functions properly, it is now controlled by some new smb.conf options, defaulting off. Andrew Bartlett (This used to be commit c63eb35b45c6db6e4c5302d1832bb5cef49a14f6)
2007-10-10r443: Update Samba4 to the auth and NTLMSSP code from Samba3.Andrew Bartlett1-59/+62
Not all the auth code is merged - only those parts that are actually being used in Samba4. There is a lot more work to do in the NTLMSSP area, and I hope to develop that work here. There is a start on this here - splitting NTLMSSP into two parts that my operate in an async fashion (before and after the actual authentication) Andrew Bartlett (This used to be commit 5876c78806e6a6c44613a1354e8d564b427d0c9f)
2007-10-10r324: - don't reseed on every password generateAndrew Tridgell1-1/+5
- check for overflow (very unlikely) in random buffer generation (This used to be commit 548ec1efefa6f337a362cbadae74f177774e9e29)
2007-10-10r305: - added IDL and test code for samr_RidToSid()Andrew Tridgell1-7/+14
- completed the IDL and test code for the various set user password mechanisms in samr. Three password mechanisms are now working, the UserInfo24 method, the OemChangePasswordUser2() method (which only sets the LM password) and the ChangePasswordUser2() method which sets both the LM and NT passwords. - updated some crypto routines to support the password change tests (This used to be commit 051efa2abf9d1fbbf783df411c02f2714027f813)
2007-10-10r275: added IDL and test code for samr_QueryDisplayInfo3(),Andrew Tridgell1-2/+6
samr_AddMultipleMembersToAlias(), samr_RemoveMultipleMembersFromAlias(), samr_OemChangePasswordUser2(), and samr_ChangePasswordUser2() The password change functions don't actually work yet (but should soon). At this stage I have just completed the IDL for them. Next step is to get the hash verifiers right and the torture test should be able to do password changes. (This used to be commit 849d0d314a2add80f2b2be6b503fea05973f998e)
2007-10-10r152: a quick airport commit ....Andrew Tridgell1-1/+4
added ldbedit, a _really_ useful command added ldbadd, ldbdel, ldbsearch and ldbmodify to build solved lots of timezone issues, we now pass the torture tests with client and server in different zones fixed several build issues I know this breaks the no-LDAP build. Wait till I arrive in San Jose for that fix. (This used to be commit af34710d4da1841653624fe304b1c8d812c0fdd9)
2003-11-26signed DCERPC over TCP now works !Andrew Tridgell1-31/+131
* moved ntlmssp code into libcli/auth/, and updated to latest ntlmssp code from samba3 (thanks Andrew! the new interface is great) * added signing/ntlmssp support in the dcerpc code * added a dcerpc_auth.c module for the various dcerpc auth mechanisms (This used to be commit c18c9b5585a3e5f7868562820c14f7cb529cdbcd)
2003-08-13first public release of samba4 codeAndrew Tridgell1-0/+418
(This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)