sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-07 20:23:50 +03:00
Code Activity
14,056 Commits 64 Branches 1,179 Tags
61fc9a7b2eafdf8cbed1f8d9aae016b828c91a08
Commit Graph

18 Commits

Author SHA1 Message Date
Jeremy Allison
61fc9a7b2e Add API framework for server SMB signing. 
Jeremy.
 -
Jeremy Allison
dd46f8b22d Add krb5_princ_component to Heimdal. Remove cli_ from mark packet signed. 
Jeremy.
 -
Tim Potter
2750418752 Spelling. -
Jeremy Allison
c390b3e4cd Added the "required" keyword to the "client signing" parameter to force it 
on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing
to add signing on server side.
Jeremy.
 -
Jeremy Allison
0b8724ed65 Add a cli_ prefix to a few functions to ensure everything that takes a struct cli_state 
is so marked.
Jeremy
 -
Andrew Bartlett
95ec8317d4 Fix SMB signing when using NTLMSSP... 
It's so simple now I know how it works - and it has nothing to do with
NTLMSSP (it's just a slightly different use of the old algorithm). :-).

Note:  This is actually less secure then the non-NTLMSSP code, as there is
no per-session random data included for NTLM logins.  (NTLMv2 is better,
fortunetly).

Andrew Bartlett
 -
Andrew Bartlett
dd33212f1e Rework our smb signing code again, this factors out some of the common 
MAC calcuation code, and now supports multiple outstanding packets.

Fixes bug #40

Andrew Bartlett
 -
Tim Potter
865c112756 spelling -
Andrew Bartlett
7645d3d28a SMB Signing with NTLMv2 works! 
(well, under certain conditions :-)

There is no length limit on the size of the authentication response added
into the MD5 hash.  (We had previously limited this to lengths like 40, 44 or
64 in attempts to make sense of what the SNIA spec tells us).

Instead, the entire authentication response is added in.

Currently, this only works on a Win2k domain members with a Samba PDC,
becouse our NTLMv2 code currently fails against an Win2k PDC.

However, this splits the problem in half - particularly as the NTLMv2 format
is known, and even has an ethereal disector! (thanks tpot).

Andrew Bartlett
 -
Andrew Bartlett
7f1c271cfb Add doco to our SMB signing code. 
This should make it clearer what magic numbers refer to the magic numbers
in the CIFS spec, and what bits and peices are being appended into the MD5
calculation where.

Andrew Bartlett
 -
Andrew Bartlett
c6c4f69b8d Merge SMB signing, cli buffer clobber and NTLMSSP signing tweaks from HEAD. -
Volker Lendecke
8c70f657cf Merge a trivial fix across from HEAD. Not that this 
would work now...

Volker
 -
Andrew Bartlett
3d4c4b6cb3 Merge from HEAD - leave the SMB buffer untouched when checking it's SMB sig. 
Andrew Bartlett
 -
Jeremy Allison
f93c64b5ca Removed unused var. 
Jeremy.
 -
Rafal Szczesniak
d81b0d2690 We haven't implemented The Singing Contexts so far. 
Who knows what .NET server brings, though ...?  ;-)


Rafal
 -
Andrew Bartlett
a034a5e381 Further work on NTLMSSP-based SMB signing. Current status is that I cannnot 
get Win2k to send a valid signiture in it's session setup reply - which it will
give to win2k clients.

So, I need to look at becoming 'more like MS', but for now I'll get this code
into the tree.  It's actually based on the TNG cli_pipe_ntlmssp.c, as it was
slightly easier to understand than our own (but only the utility functions
remain in any way intact...).

This includes the mysical 'NTLM2' code - I have no idea if it actually works.

(I couldn't get TNG to use it for its pipes either).

Andrew Bartlett
 -
Andrew Bartlett
05cffbee56 Try not to clobber the session request. -
Andrew Bartlett
b9cf95c3dc Change the way we sign SMB packets, to a function pointer interface. 
The intention is to allow for NTLMSSP and kerberos signing of packets, but
for now it's just what I call 'simple' signing. (aka SMB signing per the SNIA
spec)

Andrew Bartlett
 -