summaryrefslogtreecommitdiffstats
path: root/source/libsmb/clispnego.c
Commit message (Collapse)AuthorAgeFilesLines
* Add constAndrew Bartlett2003-03-031-1/+1
|
* Patch from Luke Howard to add mutual kerberos authentication, and SMB sessionAndrew Bartlett2003-02-241-13/+16
| | | | | | keys for kerberos authentication. Andrew Bartlett
* Move our NTLMSSP client code into ntlmssp.c. The intention is to provide aAndrew Bartlett2003-02-151-3/+53
| | | | | | | | | | relitivly useful external lib from this code, and to remove the dupicate NTLMSSP code elsewhere in samba (RPC pipes, LDAP client). The code I've replaced this with in cliconnect.c is relitivly ugly, and I hope to replace it with a more general SPENGO layer at some later date. Andrew Bartlett
* Move our NTLMSSP code into easily seperated peices, not relying on the wholeAndrew Bartlett2003-02-151-322/+0
| | | | | | of libsmb. Andrew Bartlett
* NTLMSSP parinoia - we really don't want to run over the end of our blob,Andrew Bartlett2003-02-141-8/+33
| | | | | | and make sure we can never get an 'authenticate' packet without a challenge. Andrew Bartlett
* A few typo fixes Andrew eventually let off to me.Rafal Szczesniak2003-02-131-4/+4
| | | | Rafal
* (only for HEAD at the moment).Andrew Bartlett2003-02-091-1/+2
| | | | | | | | | | | | Add NTLMv2 support to our client, used when so configured ('client use NTLMv2 = yes') and only when 'client use spengo = no'. (A new option to allow the client and server ends to chose spnego seperatly). NTLMv2 signing doesn't yet work, and NTLMv2 is not done for NTLMSSP yet. Also some parinoia checks in our input parsing. Andrew Bartlett
* Factor out common code in the NTLMSSP/SPNEGO code.Andrew Bartlett2003-01-281-49/+18
| | | | | | | | | | | | The idea here is to seperate, as much as possible, the SPNEGO layer from the NTLMSSP layer. This not only helps us with protocol correctness, but also should allow further mechinisms to be added with relitive ease. I indend to make the kerberos code use this shortly. I've never seen the 'zero length blob' form of the anonymous login, so I've removed that case. Andrew Bartlett
* (missed in last commit)Andrew Bartlett2003-01-161-1/+1
| | | | | | | | | | Change the 'cookie' to be the ntlmssp_context, and use the 'auth_context' on that to store the cookie. Ensures that simple callbacks can 'just work'. Also make it clear that we are doing a pull_string into a pstring, not just any sized buffer. Andrew Bartlett
* Updates to our NTLMSSP code:Andrew Bartlett2003-01-131-13/+48
| | | | | | | | | | | | | | | | | | This tries to extract our server-side code out of sessetup.c, and into a more general lib. I hope this is only a temporay resting place - I indend to refactor it again into an auth-subsystem independent lib, using callbacks. Move some of our our NTLMSSP #defines into a new file, and add two that I found in the COMsource docs - we seem to have a double-up, but I've verified from traces that the NTLMSSP_TARGET_TYPE_{DOMAIN,SERVER} is real. This code also copes with ASCII clients - not that we will ever see any here, but I hope to use this for HTTP, were we can get them. Win2k authenticates fine under forced ASCII, btw. Tested with Win2k, NTLMv2 and Samba's smbclient. Andrew Bartlett
* Add clock skew handling to our kerberos code. This allows us to cope withAndrew Tridgell2002-09-171-2/+2
| | | | the DC being out of sync with the local machine.
* Fix the struct_blob.Richard Sharpe2002-09-031-0/+1
|
* Fix the client side NTLMSSP. It now works between smbclient and smbd!Richard Sharpe2002-09-031-1/+46
| | | | However, it does not work with Win2K over 445 with raw NTLMSSP!
* Add type A to the small MSRPC generator ...Richard Sharpe2002-09-031-0/+2
|
* Add a bit of 'const' and move a lot of our 'repeditive' DEBUG() statements toAndrew Bartlett2002-08-311-16/+18
| | | | | | | | 'DEBUGADD', so we don't repeat headers. (Makes them much easier to read). (Based on patch by kai) Andrew Bartlett
* convert the LDAP/SASL code to use GSS-SPNEGO if possibleAndrew Tridgell2002-08-301-3/+1
| | | | | | | | | | | | | | | | we now do this: - look for suported SASL mechanisms on the LDAP server - choose GSS-SPNEGO if possible - within GSS-SPNEGO choose KRB5 if we can do a kinit - otherwise use NTLMSSP This change also means that we no longer rely on having a gssapi library to do ADS. todo: - add TLS/SSL support over LDAP - change to using LDAP/SSL for password change in ADS
* Fix from kai to correctly decode ntlmssp flags.Andrew Bartlett2002-08-251-1/+1
| | | | Andrew Bartlett
* Fix NTLMSSP challenge command and auth response. We can now service joinsJim McDonough2002-08-151-0/+61
| | | | | from win2k AND still use SPNEGO (provided you don't build with kerberos...I still have to fix that, as we are not properly falling back).
* Add support for NTLMv2 (tested!) with NTLMSSP.Andrew Bartlett2002-05-261-1/+42
| | | | | | | | | | | | | | | | The problem was the NTLMv2 uses extra data in order to make reply/lookup more difficult. That extra data includes the hostname, and the domain. This matches Win2k (sort of) by sending this information. Win2k connects with LMCompatibilityLevel=5 without a problem. We can change the negotiation bits if we want, this should allow us to make NTLMv2 the default for other clients as well. Some of the extra #defines were found in the squid source. Andrew Bartlett
* Try not to malloc -1 bytes (apx 4GB) when the data is already in error.Andrew Bartlett2002-02-151-2/+12
| | | | Andrew Bartlett
* Removed version number from file header.Tim Potter2002-01-301-2/+1
| | | | Changed "SMB/Netbios" to "SMB/CIFS" in file header.
* simple fix for creating blank data blobsAndrew Tridgell2002-01-051-3/+1
|
* added internal sasl/gssapi code. This means we are no longer dependent on ↵Andrew Tridgell2001-12-081-1/+1
| | | | cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm
* Ok, I know it's a language thing and it shouldn't matter.... but a kerberosJeremy Allison2001-10-211-8/+8
| | | | | name is a "principal", not a principle. English majors will complain :-). Jeremy.
* made smbclient cope better with arbitrary principle formsAndrew Tridgell2001-10-211-14/+1
|
* the beginnings of kerberos support in smbd. It doesn't work yet, butAndrew Tridgell2001-10-181-0/+23
| | | | | it should give something for others to hack on and possibly find what I'm doing wrong.
* added basic NTLMSSP support in smbd. This is still quite rough, andAndrew Tridgell2001-10-171-7/+215
| | | | | | loses things like username mapping. I wanted to get this in then discuss it a bit to see how we want to split up the existing session setup code
* fixed NTLMSSP with XP servers (who don't send the duplicate challengeAndrew Tridgell2001-10-141-3/+9
| | | | in the asn1 spnego structures)
* moved some OIDs to the ASN.1 headerAndrew Tridgell2001-10-121-6/+2
|
* added NTLMSSP authentication to libsmb. It seems to work well so I have ↵Andrew Tridgell2001-10-121-0/+395
enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM
generated by cgit (git 2.34.1) at 2025-09-26 06:26:25 +0000