summaryrefslogtreecommitdiffstats
path: root/auth/ntlmssp
Commit message (Collapse)AuthorAgeFilesLines
* auth/ntlmssp: GENSEC_FEATURE_SIGN_PKT_HEADER is always supportedStefan Metzmacher2014-01-071-0/+4
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: introduce gensec_internal.hStefan Metzmacher2013-08-105-0/+5
| | | | | | | | | | We should treat most gensec related structures private. It's a long way, but this is a start. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* build: Build with system md5.h on OpenIndianaAndrew Bartlett2013-06-192-2/+2
| | | | | | | | | | | | | | | | | | | | This changes (again...) our system md5 detection to cope with how OpenIndiana does md5. I'm becoming increasingly convinced this isn't worth our while (we should have just done samba_md5...), but for now this change seems to work on FreeBSD, OpenIndiana and Linux with libbsd. This needs us to rename struct MD5Context -> MD5_CTX, but we provide a config.h define to rename the type bad if MD5_CTX does not exist (it does however exist in the md5.h from libbsd). Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
* auth/ntlmssp: Avoid use-after-free of user_info after logon failure at log ↵Andrew Bartlett2013-03-271-1/+1
| | | | | | level 5 Reviewed-by: Jeremy Allison <jra@samba.org>
* auth/ntlmssp: avoid talloc_tos() in ntlmssp_client_initial()Stefan Metzmacher2012-08-041-1/+1
| | | | | | | This avoids a smb_panic at log level = 10. If we don't have a talloc stackframe yet. metze
* auth: Remove .get_challenge (only used for security=server)Andrew Bartlett2012-07-031-7/+0
| | | | | | | | | | | | | With NTLMSSP, for NTLM2 we need to be able to set the effective challenge, so if we ever did use a module that needed this functionlity, we would downgrade to just NTLM. Now that security=server has been removed, we have no such module. This will make it easier to make the auth subsystem async, as we will not need to consider making .get_challenge async. Andrew Bartlett
* auth/ntlmssp: Remove reference to struct ntlmssp_stateAndrew Bartlett2012-03-091-6/+1
|
* auth/ntlmssp: Remove gensec_security element from gensec_ntlmssp_stateAndrew Bartlett2012-03-094-8/+5
| | | | | | This just means there is one less pointer to ensure we initialise. Andrew Bartlett
* auth: Remove plugable password-check functions from gensec_ntlmsspAndrew Bartlett2012-02-245-228/+105
| | | | | | The auth4_context layer now provides the plugability here. Andrew Bartlett
* auth: consolidate gensec_ntlmssp_server wrapper functionsAndrew Bartlett2012-02-242-50/+18
|
* s3-ntlm_auth: Convert ntlm_auth to use gensec_ntlmssp server-sideAndrew Bartlett2012-02-242-0/+13
| | | | | | | This uses the common gensec_ntlmssp server code for ntlm_auth, removing the last non-gensec use of the NTLMSSP server. Andrew Bartlett
* auth: Rename some elements of auth4_contextAndrew Bartlett2012-02-241-10/+10
| | | | | | These operate on NTLM authentication, so make that clear. Andrew Bartlett
* auth: Reorder arguments to generate_session_infoAndrew Bartlett2012-02-181-1/+1
| | | | | | | | | This matches check_ntlm_password() and generate_session_info_pac() Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Feb 18 02:19:35 CET 2012 on sn-devel-104
* auth: Allow the netbios name and domain to be set from winbindd in ntlm_auth3Andrew Bartlett2012-02-171-2/+11
| | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Feb 17 12:18:51 CET 2012 on sn-devel-104
* auth: Make more of the ntlmssp code private or staticAndrew Bartlett2012-02-173-96/+64
| | | | | | | | | | Now that there is only one gensec_ntlmssp server, some of these functions can be static For the rest, put the implemtnation of the gensec_ntlmssp code into ntlmssp_private.h Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* auth: Provide a way to specify the NTLMSSP server name to GENSECAndrew Bartlett2012-02-171-17/+36
| | | | | | | | | This avoids us needing to assume lp_netbios_name().lp_dnsdomain() if the caller knows better. This will allow preservation of current s3 behaviour. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* auth: Rearrange ntlmssp code for clarityAndrew Bartlett2012-02-171-9/+8
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* auth: Set NTLMSSP_NEGOTIATE_SIGN when session key support is requiredAndrew Bartlett2012-02-171-0/+3
| | | | | | | | This matches the s3 NTLMSSP server. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Use the common gensec_ntlmssp_update in gensec_ntlmssp3_serverAndrew Bartlett2012-02-172-4/+11
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Use common gensec_ntlmssp server functions for more of ↵Andrew Bartlett2012-02-172-7/+47
| | | | | | | | | | | gensec_ntlmssp3_server This is possible because we now supply the auth4_context abstraction that this code is looking for. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: Add extra error messages on authentication or authorization failureAndrew Bartlett2012-02-171-0/+4
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* auth: Cope with NO_USER_SESSION_KEY from security=serverAndrew Bartlett2012-02-171-2/+8
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* auth: Move the rest of the source4 gensec_ntlmssp code to the top levelAndrew Bartlett2012-02-176-2/+1099
| | | | | | | | | | The ntlmssp_server code will be in common shortly, and aside from a symbol name or two, moving the client code causes no harm and makes less mess. We will also get the client code in common very soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Hook checking passwords and generating session_info via the ↵Andrew Bartlett2012-02-171-3/+0
| | | | | | | | | | | | | | auth4_context This avoids creating a second auth_context, as it is a private pointer in the auth4_context that has already been passed in, and makes the gensec_ntlmssp code agnostic to the type of authentication backend behind it. This will in turn allow the ntlmssp server code to be further merged. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* auth: rename ntlmssp.c to ntlmssp_util.cAndrew Bartlett2012-02-082-1/+1
|
* auth: Make check_password and generate_session_info hook genericAndrew Bartlett2012-01-301-4/+1
| | | | | | | | gensec_ntlmssp does not need to know the internal form of the struct user_info_dc or auth_serversupplied_info. This will allow the calling logic to be put in common. Andrew Bartlett
* gensec: Add parinoia about integer wrappingAndrew Bartlett2011-10-281-0/+7
|
* ntlmssp: Refuse to seal if we did not negotiate to signAndrew Bartlett2011-10-181-0/+5
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* ntlmssp: Put members from auth_ntlmssp_state into gensec_ntlmssp_stateAndrew Bartlett2011-10-181-1/+17
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* ntlmssp: Prepare gensec_ntlmssp_start() for broader useAndrew Bartlett2011-10-181-11/+0
| | | | | | | | This moves the allocation of the ntlmssp pointer back to the callers. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett2011-10-189-0/+2123
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>