sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-19 10:03:58 +03:00
Code
66,704 Commits 60 Branches 1,145 Tags
Commit Graph

127 Commits

Author SHA1 Message Date
Volker Lendecke
19280b65a5 s3: Fix an uninitialized variable 2010-08-14 10:08:45 +02:00
Andrew Bartlett
75adca63f2 libcli/auth Make the source3/ implementation of the NTLMSSP server common 
This means that the core logic (but not the initialisation) of the
NTLMSSP server is in common, but uses different authentication backends.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-08-10 16:22:04 +02:00
Andrew Bartlett
979b672dcb s3:ntlmssp Split the NTLMSSP server into before and after authentication 
This allows for a future where the auth subsystem is async, and the
session key generation needs to happen in a callback.

This code is originally reworked into this style by metze for the
source4/ implementation.

The other change here is to introduce an 'out_mem_ctx', which makes
the API match that used in source4.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-08-10 16:17:10 +02:00
Andrew Bartlett
4969b3de63 s3:ntlmssp Always call ntlmssp_sign_init() 
There is no code path that sets nt_status before this point, without
a return.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-08-10 12:13:00 +02:00
Andrew Bartlett
617ec0733d s3:ntlmssp Don't use talloc_tos() for NTLMSSP blobs for now 
This code will, I hope, soon be merged in common, and the Samba4
use case does not currently support talloc_tos() properly.  Use another
context for now.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-08-10 12:13:00 +02:00
Andrew Bartlett
d112557a05 s3:ntlmssp Don't permit LM_KEY in combination with NTLMv2 
This is another 'belts and braces' check to avoid the use of the
weak 'LM_KEY' encryption when the client has chosen NTLMv2.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-08-10 12:13:00 +02:00
Andrew Bartlett
f6cc686036 s3:ntlmssp Don't reply with the LM_KEY negotiation flag when not available 
This ensures the client isn't confused and we don't enter this
weaker authentication scheme when we don't really, really need to.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-08-10 12:13:00 +02:00
Andrew Bartlett
3c0a17a127 s3:ntlmssp Don't use the lm key if the user didn't supply one. 
This may help to avoid a number of possible MITM attacks where LM_KEY is
spoofed into the session.  If the login wasn't with lanman
(and so the user chose to disclose their lanman response),
don't disclose back anything based on their lanman password.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-08-10 12:13:00 +02:00
Andrew Bartlett
f744e42bd0 s3:ntlmssp Add extra DEBUG() message for auth system failures 
Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-08-10 12:13:00 +02:00
Andrew Bartlett
e0c94d14b3 s3:ntlmssp Redirect lp_lanman_auth() via 'allow_lm_key' 
This will allow this to be handled via common code in the future

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-08-10 12:13:00 +02:00
Andrew Bartlett
1e83b36afb libcli/auth Move some source3/ NTLMSSP functions to the common code. 
libcli/auth Use true and false rather than True and False in common code

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-08-10 11:56:33 +02:00
Simo Sorce
cdcdaaa6dd s3-ntlmssp: Remove ntlmssp_end and let the talloc hierarchy handle it. 
All the members are children of ntlmssp_state anyway.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-19 14:19:47 +10:00
Volker Lendecke
c4d5cbbdc5 s3: Fix some valgrind errors 
Essentially the same change as 15297ee, this time for the client side.

Günther, Andrew B, please check!

Thanks,

Volker
 2010-06-28 12:28:07 +02:00
Volker Lendecke
15297eea0e s3: Fix some valgrind errors 
With -d 10, there were a ton of uninitialized variables: The "NegotiateFlags"
in the automatically parsed ntlmssp structures were not initialized.

This also cleans up the talloc use a bit: do early TALLOC_FREE()

Günther, please check!

Thanks,

Volker
 2010-06-21 22:23:30 +02:00
Andrew Bartlett
62708fbd1b s3:ntlmssp Move ntlmssp_sign.c from source3 to common code. 
This needs a small re-arrangement of the supporting code.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-31 15:11:36 +02:00
Andrew Bartlett
ebae21f023 ntlmssp: Make the ntlmssp.h from source3/ a common header 
The code is not yet in common, but I hope to fix that soon.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-31 15:10:56 +02:00
Jeremy Allison
b7067ee5f7 Correctly check error code return. 
Jeremy.
 2010-05-19 21:27:17 -07:00
Jeremy Allison
b0d7a3d123 Thanks to Andrew Bartlett's advice, fix the NTLMSSP version problem the correct way. 
No more magic blobs :-). Use ndr_push_struct_blob() to
push a properly formatted VERSION struct.

Jeremy.
 2010-05-19 10:36:39 -07:00
Jeremy Allison
6a903078cb Fix our NTLMSSP implementation against the Microsoft torture tester. 
We need to return a version blob if we negotiate version info.

Jeremy.
 2010-05-18 16:34:14 -07:00
Jelmer Vernooij
b8268cf7b0 s3: Remove use of iconv_convenience. 2010-05-18 11:45:31 +02:00
Günther Deschner
1d2dd47d31 s3-crypto: only include crypto headers when crypto is done. 
Guenther
 2010-05-18 00:44:27 +02:00
Stefan Metzmacher
3b33fa72d6 s3:ntlmssp: use c99 types 
metze

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-03-24 17:34:57 +01:00
Stefan Metzmacher
dee63fe4ca s3:ntlmssp: use client.netbios_name instead of workstation 
metze

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-03-24 17:34:56 +01:00
Stefan Metzmacher
2dfc78a41a s3:ntlmssp: remove unused ntlmssp_set_workstation() 
metze

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-03-24 17:34:56 +01:00
Stefan Metzmacher
b65e6f0c0d s3:ntlmssp: inline ntlmssp_weaken_keys() 
metze

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-03-24 17:34:55 +01:00
Stefan Metzmacher
7c0ea293f9 s3:ntlmssp: remove unused get_global_myname() and get_domain() from ntlmssp_state 
Inspired by the NTLMSSP merge work by Andrew Bartlett.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-03-24 17:34:55 +01:00
Stefan Metzmacher
7d977da925 s3:ntlmssp: pass names and use_ntlmv2 to ntlmssp_client_start() and store them 
Inspired by the NTLMSSP merge work by Andrew Bartlett.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-03-24 17:34:55 +01:00
Stefan Metzmacher
55279dfbe3 s3:ntlmssp: remove server_name from ntlmssp_state and fill the server.* fields also for the client 
Inspired by the NTLMSSP merge work by Andrew Bartlett.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-03-24 17:34:55 +01:00
Stefan Metzmacher
eb17809812 s3:ntlmssp: pass names to ntlmssp_server_start() and store them in ntlmssp_state 
Inspired by the NTLMSSP merge work by Andrew Bartlett.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-03-24 17:34:54 +01:00
Stefan Metzmacher
eca118614c s3:ntlmssp: replace server_role by a server.is_standalone in ntlmssp_state 
Inspired by the NTLMSSP merge work by Andrew Bartlett.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-03-24 17:34:54 +01:00
Volker Lendecke
ff0274c519 s3: Add NTLMSSP_FEATURE_CCACHE 
Uses the winbind ccache to do authentication if asked to do so
 2010-01-24 20:32:17 +01:00
Volker Lendecke
185815a647 s3: Remove some calls to memset -- reduces text size by some bytes for me 2010-01-24 14:52:33 +01:00
Stefan Metzmacher
c9b6ad2500 s3:ntlmssp: change get_challange() to return NTSTATUS 
metze
 2009-12-29 17:06:22 +01:00
Stefan Metzmacher
05f7a86a99 s3:ntlmssp: remove unused ntlmssp_stored_response() 
metze
 2009-12-29 08:46:12 +01:00
Stefan Metzmacher
7cff7d937e s3:ntlmssp: remove unused ref_count from ntlmssp_state 
metze
 2009-12-29 08:19:01 +01:00
Stefan Metzmacher
5ff127b641 s3:ntlmssp: rename NTLM_MESSAGE_TYPE into ntlmssp_message_type 
metze
 2009-12-29 08:19:00 +01:00
Andrew Bartlett
802e9328ed s3:ntlmssp: only include ntlmssp.h where actually needed 
Andrew Bartlett
 2009-12-22 21:07:53 +01:00
Andrew Bartlett
5b37cd23bf s3:ntlmssp: remove the typedef NTLMSSP_STATE 
Andrew Bartlett
 2009-12-22 21:07:53 +01:00
Andrew Bartlett
9b36fa0441 s3:ntlmssp: rename enum NTLMSSP_ROLE into enum ntlmssp_role 
Andrew Bartlett
 2009-12-22 21:07:52 +01:00
Andrew Bartlett
ba2cfceb96 libcli/auth Make gd's NDR NTLMSSP parsers helpers common 
(but not built in Samba4 for now)
 2009-12-22 21:07:51 +01:00
Günther Deschner
9afd44d03c s3-ntlmssp: use generated ntlmssp code for debugging purpose. 
Guenther
 2009-08-28 13:03:17 +02:00
Günther Deschner
82469deeac s3-ntlmssp: use interface constants in TargetInfo blob. 
Guenther
 2009-08-28 10:08:59 +02:00
Günther Deschner
25d6c0a518 s3-ntlmssp: use NTLMSSP headers from IDL and remove duplicate constants. 
Guenther
 2009-08-28 10:08:52 +02:00
Günther Deschner
1f3d0c5485 s3-ntlmssp: remove trailing whitespace. 
Guenther
 2009-08-27 16:06:37 +02:00
Andrew Bartlett
ddcc355f2b s3:ntlmssp Remove use of talloc(NULL) in NTLMSSP code 2009-04-20 11:55:49 +02:00
Andrew Bartlett
0c771bfc70 s3:ntlmssp Fix segfault: msrpc_gen now uses talloc() 2009-04-20 05:19:48 +10:00
Andrew Bartlett
34193cffc0 Fix crash bug in NTLMSSP caused by msrpc_parse() moving to talloc 2009-04-16 14:08:00 +10:00
Andrew Bartlett
27815a71a9 More work to adapt to merged libcli/auth function prototypes 2009-04-14 16:23:42 +10:00
Andrew Bartlett
f28f113d8e Rework Samba3 to use new libcli/auth code (partial) 
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).

We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server

Andrew Bartlett
 2009-04-14 16:23:35 +10:00
Volker Lendecke
4aed9abbf8 Remove the static "chal" from ntlmssp.c:get_challenge() 2009-02-21 14:04:14 +01:00