[SCM] Samba Shared Repository - branch master updated
Günther Deschner
gd at samba.org
Wed Mar 24 10:34:59 MDT 2010
The branch, master has been updated
via 3b33fa7... s3:ntlmssp: use c99 types
via dee63fe... s3:ntlmssp: use client.netbios_name instead of workstation
via 2dfc78a... s3:ntlmssp: remove unused ntlmssp_set_workstation()
via 9f895ea... s3:ntlmssp: move sign/seal states to a private ntlmssp_crypt_state union
via 8804dc1... s3:ntlmssp: add const for *sig in ntlmssp_unseal_packet()
via 9172b4a... s3:ntlmssp: make whole_pdu const for ntlmssp_[un]seal_packet()
via d0ef97f... s3:ntlmssp: use a 'bool ok' variable to make the code more readable
via 0de3698... s3:ntlmssp: fix some formating
via b65e6f0... s3:ntlmssp: inline ntlmssp_weaken_keys()
via f0e7e94... s3:ntlmssp: make send_seal_key and recv_seal_key local variables
via ca2a569... s3:ntlmssp: rename void *auth_context; into void *callback_private;
via 7c42c5d... s3:ntlmssp: add some consts
via 7c0ea29... s3:ntlmssp: remove unused get_global_myname() and get_domain() from ntlmssp_state
via 7d977da... s3:ntlmssp: pass names and use_ntlmv2 to ntlmssp_client_start() and store them
via 55279df... s3:ntlmssp: remove server_name from ntlmssp_state and fill the server.* fields also for the client
via eb17809... s3:ntlmssp: pass names to ntlmssp_server_start() and store them in ntlmssp_state
via eca1186... s3:ntlmssp: replace server_role by a server.is_standalone in ntlmssp_state
via 5338305... s3:ntlmssp: make use of C99 types in ntlmssp_sign.c
via c2cc184... s3:ntlmssp: use uint8_t in calc_ntlmv2_key()
via 25a89b7... s4:ntlmssp: move sign/seal states to a private ntlmssp_crypt_state union
via 598bfdc... s4:ntlmssp: make use of dump_arc4_state()
via 48d8157... s4:ntlmssp: copy dump_arc4_state() from source3
via a692606... s4:ntlmssp: avoid usage of calc_ntlmv2_key_talloc()
via 00f99a3... s4:ntlmssp: make use of calc_ntlmv2_key() for seal keys
via fc120dd... s4:ntlmssp: add calc_ntlmv2_key() from source3
via e0c7d9c... s4:ntlmssp: rename calc_ntlmv2_key => calc_ntlmv2_key_talloc
via c64e6e0... s4:ntlmssp: inline ntlmssp_weakend_keys()
via 3220c84... s4:ntlmssp: use a 'bool ok' helper variable to make the code more readable
via e669ee4... s4:ntlmssp: fix some formating
via 44ce126... s4:ntlmssp: move doing_ntlm2 to ntlmssp_server_auth_state
via 40395ee... s4:ntlmssp: move NTLM2 session_nonce to ntlmssp_server_auth_state
via 1b20f71... s4:ntlmssp: move encrypted_session_key to ntlmssp_server_auth_state
via a56ae60... s4:ntlmssp: keep a ntlmssp_server_auth_state to transport variables from preauth to postauth hooks
via a42cad6... s4:ntlmssp: remove unused server_multiple_authentications feature.
via d3e7266... s4:ntlmssp: rename gensec_ntlmssp_state => ntlmssp_state
via 7063338... s4:ntlmssp: split gensec_ntlmssp_unseal_packet() and ntlmssp_unseal_packet()
via d4c2f25... s4:ntlmssp: split gensec_ntlmssp_seal_packet() and ntlmssp_seal_packet()
via 1564b2a... s4:ntlmssp: split gensec_ntlmssp_check_packet() and ntlmssp_check_packet()
via 23507c0... s4:ntlmssp: split gensec_ntlmssp_sign_packet() and ntlmssp_sign_packet()
via b47a849... s4:ntlmssp: make user a 'const char *' in (gensec_)ntlmssp_state
via 36669bf... s4:ntlmssp: remove server_name from (gensec_)ntlmssp_state and fill the server.* fields also for the client
via 282a2d8... s4:ntlmssp: calculate server names at startup and store them in (gensec_)ntlmssp_state->server.*
via 133a3e4... s4:ntlmssp: replace server_role by a server.is_standalone in (gensec_)ntlmssp_state
via c33e72b... s4:ntlmssp: remove more whitespaces...
via 4ab94f5... s4:ntlmssp: add NTLMSSP_FEATURE_* flags from s3
via ee24079... s4:ntlmssp: keep struct gensec_ntlmssp_context in gensec_security->private_data
via a0522a5... s4:ntlmssp: remove gensec_security from (gensec_)ntlmssp_state
via 32d822a... s4:ntlmssp: remove backend specifix stuff from (gensec_)ntlmssp_state
via 83cc137... s4:ntlmssp: create a gensec_ntlmssp_context between gensec_security and ntlmssp_state
via 8df0170... s4:ntlmssp: add definition of gensec_ntlmssp_context
via bd550df... s4:ntlmssp: add a callback_private pointer to gensec_ntlmssp_state
from a6bfc1a... s3-testparm: Throw warning when 'workgroup' and 'netbios name' are identical.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3b33fa72d6b57d1da807250ed6d5c136990ed415
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jan 16 09:32:35 2010 +0100
s3:ntlmssp: use c99 types
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit dee63fe4ca5d8dad820ff8b5f15edba41e6be65f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 16:53:08 2009 +0100
s3:ntlmssp: use client.netbios_name instead of workstation
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 2dfc78a41a34e181ba9dcacf58010ddb0883a619
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 14:20:31 2009 +0100
s3:ntlmssp: remove unused ntlmssp_set_workstation()
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 9f895ea236fb2e6a5ed93656f75ea853f20fd102
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jan 9 14:38:35 2010 +0100
s3:ntlmssp: move sign/seal states to a private ntlmssp_crypt_state union
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 8804dc13281acf7839762c9cfb5fb9cafd0ba6a0
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jan 9 11:30:39 2010 +0100
s3:ntlmssp: add const for *sig in ntlmssp_unseal_packet()
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 9172b4a0b1082f80ce8a1b551d67337005365b43
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jan 6 17:14:25 2010 +0100
s3:ntlmssp: make whole_pdu const for ntlmssp_[un]seal_packet()
Only data needs to be non-const.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit d0ef97f74b61f0441b078845d0637f5dad3e2e16
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 7 10:43:23 2010 +0100
s3:ntlmssp: use a 'bool ok' variable to make the code more readable
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 0de3698be23d23b79ef52a4a2c51b1ac56f36445
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jan 9 14:06:27 2010 +0100
s3:ntlmssp: fix some formating
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit b65e6f0c0da1ecb8d1b05a4190c1dc77ed9b465e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jan 6 15:45:38 2010 +0100
s3:ntlmssp: inline ntlmssp_weaken_keys()
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit f0e7e94ee1bf6a11091a1fc15780e27a57c2ea93
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jan 6 15:22:24 2010 +0100
s3:ntlmssp: make send_seal_key and recv_seal_key local variables
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit ca2a5693bf85ccfe5abe540e3a725945b52e8039
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 14:53:08 2009 +0100
s3:ntlmssp: rename void *auth_context; into void *callback_private;
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 7c42c5d8ffe87885f3ba96f1e0ba6ba69f1bab46
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 15:23:16 2009 +0100
s3:ntlmssp: add some consts
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 7c0ea293f93eb19de56ae3c642fa3e78a2b50096
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 14:17:51 2009 +0100
s3:ntlmssp: remove unused get_global_myname() and get_domain() from ntlmssp_state
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 7d977da92554c34539a475feb7dcb0a6dc0ad654
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 14:13:45 2009 +0100
s3:ntlmssp: pass names and use_ntlmv2 to ntlmssp_client_start() and store them
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 55279dfbe3770563016723c3ba7d1dbbec3d4437
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 13:29:54 2009 +0100
s3:ntlmssp: remove server_name from ntlmssp_state and fill the server.* fields also for the client
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit eb1780981252f05c792a1e40b7d0471f5b670ef5
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 11:55:23 2009 +0100
s3:ntlmssp: pass names to ntlmssp_server_start() and store them in ntlmssp_state
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit eca118614c1431855c88b9f43457c0d2d6502ebe
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 10:07:32 2009 +0100
s3:ntlmssp: replace server_role by a server.is_standalone in ntlmssp_state
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 533830543f4282dfb13173dcf8ccf5e65f9d1ed4
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 29 17:25:47 2009 +0100
s3:ntlmssp: make use of C99 types in ntlmssp_sign.c
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit c2cc18455b46f2015b916daacaca1fb0ba88ce87
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 29 17:25:20 2009 +0100
s3:ntlmssp: use uint8_t in calc_ntlmv2_key()
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 25a89b701596aea4e62ffdf11777022687ea5f44
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 7 10:10:13 2010 +0100
s4:ntlmssp: move sign/seal states to a private ntlmssp_crypt_state union
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 598bfdcfd8b7a21815db214b1f7be62cbf7fe720
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jan 8 14:11:10 2010 -0700
s4:ntlmssp: make use of dump_arc4_state()
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 48d815787924ec8ef4c421c91149a170d474533a
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jan 6 16:59:35 2010 +0100
s4:ntlmssp: copy dump_arc4_state() from source3
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit a69260642e9a08a1f3eceed2f77d5c246b171765
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jan 8 13:58:42 2010 -0700
s4:ntlmssp: avoid usage of calc_ntlmv2_key_talloc()
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 00f99a3df580598442250d38199a457aa8c1b2e7
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jan 8 13:49:54 2010 -0700
s4:ntlmssp: make use of calc_ntlmv2_key() for seal keys
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit fc120dd758277d22c00c3a8b9a1d0e1357fd95bf
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jan 8 13:37:43 2010 -0700
s4:ntlmssp: add calc_ntlmv2_key() from source3
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit e0c7d9c8aa10ee0eb927d248b3d46fb0f0a52524
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jan 8 13:36:37 2010 -0700
s4:ntlmssp: rename calc_ntlmv2_key => calc_ntlmv2_key_talloc
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit c64e6e0a0fd29fb462af90a2a0195280ef5e0696
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jan 8 13:07:33 2010 -0700
s4:ntlmssp: inline ntlmssp_weakend_keys()
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 3220c84b72212cb7619ecda60dd8a7c756742e3b
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jan 6 16:58:52 2010 +0100
s4:ntlmssp: use a 'bool ok' helper variable to make the code more readable
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit e669ee4c9d2b068073187326eb61d1ac751a03af
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jan 7 10:24:12 2010 +0100
s4:ntlmssp: fix some formating
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 44ce126b84d88eb8b3e84996f0292ae768f88b4f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jan 6 14:53:30 2010 +0100
s4:ntlmssp: move doing_ntlm2 to ntlmssp_server_auth_state
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 40395eee5b8a58e980b46a797042fb86ed4b63d8
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jan 5 18:24:02 2010 +0100
s4:ntlmssp: move NTLM2 session_nonce to ntlmssp_server_auth_state
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 1b20f7192a56933a094733bea042e753c7b27c48
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jan 5 18:21:10 2010 +0100
s4:ntlmssp: move encrypted_session_key to ntlmssp_server_auth_state
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit a56ae60851da0767d8cb2b56d2f8cf0273821189
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jan 5 18:18:29 2010 +0100
s4:ntlmssp: keep a ntlmssp_server_auth_state to transport variables from preauth to postauth hooks
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit a42cad635f781d76637c04c170f0ad59d8d10269
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jan 5 17:51:53 2010 +0100
s4:ntlmssp: remove unused server_multiple_authentications feature.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit d3e7266676f3516c4d5493d11cf75099365b69dc
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 17:57:54 2009 +0100
s4:ntlmssp: rename gensec_ntlmssp_state => ntlmssp_state
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 706333856b53c7544dcb44a6505ab82bd38d860c
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 16:02:37 2009 +0100
s4:ntlmssp: split gensec_ntlmssp_unseal_packet() and ntlmssp_unseal_packet()
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit d4c2f252dac7b756958c9df3192581cf9ccde529
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 16:02:37 2009 +0100
s4:ntlmssp: split gensec_ntlmssp_seal_packet() and ntlmssp_seal_packet()
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 1564b2a94beba168c20f961d438a78cebe79d72d
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 16:01:28 2009 +0100
s4:ntlmssp: split gensec_ntlmssp_check_packet() and ntlmssp_check_packet()
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 23507c022f9d926cc15674ae0158ce55478cf202
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 15:58:05 2009 +0100
s4:ntlmssp: split gensec_ntlmssp_sign_packet() and ntlmssp_sign_packet()
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit b47a849df2be9aa77616b870ffe9877a2ad12ad3
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 15:23:37 2009 +0100
s4:ntlmssp: make user a 'const char *' in (gensec_)ntlmssp_state
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 36669bfcf1d1ea9f0ec63280b85f3cb356dc10c1
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 15:00:02 2009 +0100
s4:ntlmssp: remove server_name from (gensec_)ntlmssp_state and fill the server.* fields also for the client
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 282a2d8591a9132dac1d70113a7e51287d3c1674
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 15:14:38 2009 +0100
s4:ntlmssp: calculate server names at startup and store them in (gensec_)ntlmssp_state->server.*
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 133a3e4ce81ea156461c5e8b922e234dbf1ce688
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 10:14:07 2009 +0100
s4:ntlmssp: replace server_role by a server.is_standalone in (gensec_)ntlmssp_state
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit c33e72b8c53625247202a2247ec2f4f9bdd24e9e
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 29 17:29:47 2009 +0100
s4:ntlmssp: remove more whitespaces...
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 4ab94f5836a9e0e3002d052eb4076c8d9ad28e2f
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 29 16:46:05 2009 +0100
s4:ntlmssp: add NTLMSSP_FEATURE_* flags from s3
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit ee240799b6d7918afffdd762ead5221283f5dd5d
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 08:23:13 2009 +0100
s4:ntlmssp: keep struct gensec_ntlmssp_context in gensec_security->private_data
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit a0522a5b2633b644fb16d9bdfc6f07e1bed30a15
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 30 08:06:28 2009 +0100
s4:ntlmssp: remove gensec_security from (gensec_)ntlmssp_state
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 32d822af813b74c33bc618b4130dc50a3b79c7af
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 29 17:56:56 2009 +0100
s4:ntlmssp: remove backend specifix stuff from (gensec_)ntlmssp_state
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 83cc137d5eef9d50af9b458c5c64fa9abc20adde
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 29 17:01:28 2009 +0100
s4:ntlmssp: create a gensec_ntlmssp_context between gensec_security and ntlmssp_state
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit 8df01705bf10c700ea2f76387cf6fedaacb24327
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 29 16:48:38 2009 +0100
s4:ntlmssp: add definition of gensec_ntlmssp_context
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
commit bd550df322251f4cf2b3d053563d601e5aca8f00
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 29 16:47:11 2009 +0100
s4:ntlmssp: add a callback_private pointer to gensec_ntlmssp_state
We'll remove any gensec specific stuff from gensec_ntlmssp_state
and rename it to ntlmssp_state again.
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/auth/auth_ntlmssp.c | 44 ++-
source3/include/ntlmssp.h | 51 ++--
source3/include/proto.h | 43 ++-
source3/libads/sasl.c | 7 +-
source3/libsmb/cliconnect.c | 8 +-
source3/libsmb/clifsinfo.c | 6 +-
source3/libsmb/ntlmssp.c | 271 +++++++-------
source3/libsmb/ntlmssp_sign.c | 346 ++++++++++-------
source3/rpc_client/cli_pipe.c | 6 +-
source3/rpc_server/srv_pipe.c | 3 +-
source3/utils/ntlm_auth.c | 57 ++-
source3/winbindd/winbindd_ccache_access.c | 6 +-
source4/auth/ntlmssp/ntlmssp.c | 168 ++++-----
source4/auth/ntlmssp/ntlmssp.h | 76 ++--
source4/auth/ntlmssp/ntlmssp_client.c | 126 ++++---
source4/auth/ntlmssp/ntlmssp_server.c | 469 ++++++++++++----------
source4/auth/ntlmssp/ntlmssp_sign.c | 610 ++++++++++++++++++-----------
source4/torture/auth/ntlmssp.c | 33 +-
source4/utils/ntlm_auth.c | 8 +-
19 files changed, 1343 insertions(+), 995 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 88f0e69..a62d429 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -32,7 +32,7 @@ static NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_s
uint8_t chal[8])
{
AUTH_NTLMSSP_STATE *auth_ntlmssp_state =
- (AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context;
+ (AUTH_NTLMSSP_STATE *)ntlmssp_state->callback_private;
auth_ntlmssp_state->auth_context->get_ntlm_challenge(
auth_ntlmssp_state->auth_context, chal);
return NT_STATUS_OK;
@@ -46,7 +46,7 @@ static NTSTATUS auth_ntlmssp_get_challenge(const struct ntlmssp_state *ntlmssp_s
static bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_state)
{
AUTH_NTLMSSP_STATE *auth_ntlmssp_state =
- (AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context;
+ (AUTH_NTLMSSP_STATE *)ntlmssp_state->callback_private;
struct auth_context *auth_context = auth_ntlmssp_state->auth_context;
return auth_context->challenge_may_be_modified;
@@ -59,7 +59,7 @@ static bool auth_ntlmssp_may_set_challenge(const struct ntlmssp_state *ntlmssp_s
static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge)
{
AUTH_NTLMSSP_STATE *auth_ntlmssp_state =
- (AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context;
+ (AUTH_NTLMSSP_STATE *)ntlmssp_state->callback_private;
struct auth_context *auth_context = auth_ntlmssp_state->auth_context;
SMB_ASSERT(challenge->length == 8);
@@ -84,7 +84,7 @@ static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state,
static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
{
AUTH_NTLMSSP_STATE *auth_ntlmssp_state =
- (AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context;
+ (AUTH_NTLMSSP_STATE *)ntlmssp_state->callback_private;
struct auth_usersupplied_info *user_info = NULL;
NTSTATUS nt_status;
bool username_was_mapped;
@@ -92,7 +92,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
/* the client has given us its machine name (which we otherwise would not get on port 445).
we need to possibly reload smb.conf if smb.conf includes depend on the machine name */
- set_remote_machine_name(auth_ntlmssp_state->ntlmssp_state->workstation, True);
+ set_remote_machine_name(auth_ntlmssp_state->ntlmssp_state->client.netbios_name, True);
/* setup the string used by %U */
/* sub_set_smb_name checks for weird internally */
@@ -103,7 +103,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
nt_status = make_user_info_map(&user_info,
auth_ntlmssp_state->ntlmssp_state->user,
auth_ntlmssp_state->ntlmssp_state->domain,
- auth_ntlmssp_state->ntlmssp_state->workstation,
+ auth_ntlmssp_state->ntlmssp_state->client.netbios_name,
auth_ntlmssp_state->ntlmssp_state->lm_resp.data ? &auth_ntlmssp_state->ntlmssp_state->lm_resp : NULL,
auth_ntlmssp_state->ntlmssp_state->nt_resp.data ? &auth_ntlmssp_state->ntlmssp_state->nt_resp : NULL,
NULL, NULL, NULL,
@@ -157,6 +157,26 @@ NTSTATUS auth_ntlmssp_start(AUTH_NTLMSSP_STATE **auth_ntlmssp_state)
{
NTSTATUS nt_status;
TALLOC_CTX *mem_ctx;
+ bool is_standalone;
+ const char *netbios_name;
+ const char *netbios_domain;
+ const char *dns_name;
+ char *dns_domain;
+
+ if ((enum server_types)lp_server_role() == ROLE_STANDALONE) {
+ is_standalone = true;
+ } else {
+ is_standalone = false;
+ }
+
+ netbios_name = global_myname();
+ netbios_domain = lp_workgroup();
+ /* This should be a 'netbios domain -> DNS domain' mapping */
+ dns_domain = get_mydnsdomname(talloc_tos());
+ if (dns_domain) {
+ strlower_m(dns_domain);
+ }
+ dns_name = get_mydnsfullname();
mem_ctx = talloc_init("AUTH NTLMSSP context");
@@ -171,7 +191,14 @@ NTSTATUS auth_ntlmssp_start(AUTH_NTLMSSP_STATE **auth_ntlmssp_state)
(*auth_ntlmssp_state)->mem_ctx = mem_ctx;
- if (!NT_STATUS_IS_OK(nt_status = ntlmssp_server_start(&(*auth_ntlmssp_state)->ntlmssp_state))) {
+ nt_status = ntlmssp_server_start(NULL,
+ is_standalone,
+ netbios_name,
+ netbios_domain,
+ dns_name,
+ dns_domain,
+ &(*auth_ntlmssp_state)->ntlmssp_state);
+ if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
@@ -179,12 +206,11 @@ NTSTATUS auth_ntlmssp_start(AUTH_NTLMSSP_STATE **auth_ntlmssp_state)
return nt_status;
}
- (*auth_ntlmssp_state)->ntlmssp_state->auth_context = (*auth_ntlmssp_state);
+ (*auth_ntlmssp_state)->ntlmssp_state->callback_private = (*auth_ntlmssp_state);
(*auth_ntlmssp_state)->ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge;
(*auth_ntlmssp_state)->ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;
(*auth_ntlmssp_state)->ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge;
(*auth_ntlmssp_state)->ntlmssp_state->check_password = auth_ntlmssp_check_password;
- (*auth_ntlmssp_state)->ntlmssp_state->server_role = (enum server_types)lp_server_role();
return NT_STATUS_OK;
}
diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h
index 31b614f..3dc3810 100644
--- a/source3/include/ntlmssp.h
+++ b/source3/include/ntlmssp.h
@@ -42,21 +42,33 @@ enum ntlmssp_message_type
#define NTLMSSP_FEATURE_SEAL 0x00000004
#define NTLMSSP_FEATURE_CCACHE 0x00000008
+union ntlmssp_crypt_state;
+
struct ntlmssp_state
{
enum ntlmssp_role role;
- enum server_types server_role;
uint32_t expected_state;
bool unicode;
bool use_ntlmv2;
bool use_ccache;
- char *user;
- char *domain;
- char *workstation;
- unsigned char *nt_hash;
- unsigned char *lm_hash;
- char *server_domain;
+ const char *user;
+ const char *domain;
+ uint8_t *nt_hash;
+ uint8_t *lm_hash;
+
+ struct {
+ const char *netbios_name;
+ const char *netbios_domain;
+ } client;
+
+ struct {
+ bool is_standalone;
+ const char *netbios_name;
+ const char *netbios_domain;
+ const char *dns_name;
+ const char *dns_domain;
+ } server;
DATA_BLOB internal_chal; /* Random challenge as supplied to the client for NTLM authentication */
@@ -67,7 +79,10 @@ struct ntlmssp_state
uint32_t neg_flags; /* the current state of negotiation with the NTLMSSP partner */
- void *auth_context;
+ /**
+ * Private data for the callback functions
+ */
+ void *callback_private;
/**
* Callback to get the 'challenge' used for NTLM authentication.
@@ -114,23 +129,5 @@ struct ntlmssp_state
*/
NTSTATUS (*check_password)(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key);
- const char *(*get_global_myname)(void);
- const char *(*get_domain)(void);
-
- /* ntlmv2 */
-
- unsigned char send_sign_key[16];
- unsigned char send_seal_key[16];
- unsigned char recv_sign_key[16];
- unsigned char recv_seal_key[16];
-
- struct arcfour_state send_seal_arc4_state;
- struct arcfour_state recv_seal_arc4_state;
-
- uint32_t ntlm2_send_seq_num;
- uint32_t ntlm2_recv_seq_num;
-
- /* ntlmv1 */
- struct arcfour_state ntlmv1_arc4_state;
- uint32_t ntlmv1_seq_num;
+ union ntlmssp_crypt_state *crypt;
};
diff --git a/source3/include/proto.h b/source3/include/proto.h
index b42f473..e8f9985 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3199,38 +3199,47 @@ NTSTATUS nt_status_squash(NTSTATUS nt_status);
void debug_ntlmssp_flags(uint32 neg_flags);
NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *user) ;
NTSTATUS ntlmssp_set_hashes(struct ntlmssp_state *ntlmssp_state,
- const unsigned char lm_hash[16],
- const unsigned char nt_hash[16]) ;
+ const uint8_t lm_hash[16],
+ const uint8_t nt_hash[16]) ;
NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *password) ;
NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *domain) ;
-NTSTATUS ntlmssp_set_workstation(struct ntlmssp_state *ntlmssp_state, const char *workstation) ;
void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *feature_list);
-void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32 feature);
+void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature);
NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
const DATA_BLOB in, DATA_BLOB *out) ;
void ntlmssp_end(struct ntlmssp_state **ntlmssp_state);
DATA_BLOB ntlmssp_weaken_keys(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx);
-NTSTATUS ntlmssp_server_start(struct ntlmssp_state **ntlmssp_state);
-NTSTATUS ntlmssp_client_start(struct ntlmssp_state **ntlmssp_state);
+NTSTATUS ntlmssp_server_start(TALLOC_CTX *mem_ctx,
+ bool is_standalone,
+ const char *netbios_name,
+ const char *netbios_domain,
+ const char *dns_name,
+ const char *dns_domain,
+ struct ntlmssp_state **ntlmssp_state);
+NTSTATUS ntlmssp_client_start(TALLOC_CTX *mem_ctx,
+ const char *netbios_name,
+ const char *netbios_domain,
+ bool use_ntlmv2,
+ struct ntlmssp_state **_ntlmssp_state);
/* The following definitions come from libsmb/ntlmssp_sign.c */
NTSTATUS ntlmssp_sign_packet(struct ntlmssp_state *ntlmssp_state,
- const uchar *data, size_t length,
- const uchar *whole_pdu, size_t pdu_length,
- DATA_BLOB *sig) ;
+ const uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ DATA_BLOB *sig);
NTSTATUS ntlmssp_check_packet(struct ntlmssp_state *ntlmssp_state,
- const uchar *data, size_t length,
- const uchar *whole_pdu, size_t pdu_length,
- const DATA_BLOB *sig) ;
+ const uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ const DATA_BLOB *sig) ;
NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
- uchar *data, size_t length,
- uchar *whole_pdu, size_t pdu_length,
+ uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
DATA_BLOB *sig);
NTSTATUS ntlmssp_unseal_packet(struct ntlmssp_state *ntlmssp_state,
- uchar *data, size_t length,
- uchar *whole_pdu, size_t pdu_length,
- DATA_BLOB *sig);
+ uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ const DATA_BLOB *sig);
NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state);
/* The following definitions come from libsmb/passchange.c */
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 6a0a1ae..3856f5b 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -134,7 +134,12 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
struct ntlmssp_state *ntlmssp_state;
- if (!NT_STATUS_IS_OK(nt_status = ntlmssp_client_start(&ntlmssp_state))) {
+ nt_status = ntlmssp_client_start(NULL,
+ global_myname(),
+ lp_workgroup(),
+ lp_client_ntlmv2_auth(),
+ &ntlmssp_state);
+ if (!NT_STATUS_IS_OK(nt_status)) {
return ADS_ERROR_NT(nt_status);
}
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_SIGN;
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 256ca2e..9ac3551 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1000,7 +1000,11 @@ static struct tevent_req *cli_session_setup_ntlmssp_send(
cli_temp_set_signing(cli);
- status = ntlmssp_client_start(&state->ntlmssp_state);
+ status = ntlmssp_client_start(state,
+ global_myname(),
+ lp_workgroup(),
+ lp_client_ntlmv2_auth(),
+ &state->ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
@@ -1061,7 +1065,7 @@ static void cli_session_setup_ntlmssp_done(struct tevent_req *subreq)
if (NT_STATUS_IS_OK(status)) {
if (state->cli->server_domain[0] == '\0') {
fstrcpy(state->cli->server_domain,
- state->ntlmssp_state->server_domain);
+ state->ntlmssp_state->server.netbios_domain);
}
cli_set_session_key(
state->cli, state->ntlmssp_state->session_key);
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
index b3c9d5f..3297ec7 100644
--- a/source3/libsmb/clifsinfo.c
+++ b/source3/libsmb/clifsinfo.c
@@ -634,7 +634,11 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli,
if (!es) {
return NT_STATUS_NO_MEMORY;
}
- status = ntlmssp_client_start(&es->s.ntlmssp_state);
+ status = ntlmssp_client_start(NULL,
+ global_myname(),
+ lp_workgroup(),
+ lp_client_ntlmv2_auth(),
+ &es->s.ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 8a5b7ac..56dd6d9 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -61,7 +61,7 @@ static const struct ntlmssp_callbacks {
* @param neg_flags The flags from the packet
*/
-void debug_ntlmssp_flags(uint32 neg_flags)
+void debug_ntlmssp_flags(uint32_t neg_flags)
{
DEBUG(3,("Got NTLMSSP neg_flags=0x%08x\n", neg_flags));
@@ -161,12 +161,12 @@ NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *u
*
*/
NTSTATUS ntlmssp_set_hashes(struct ntlmssp_state *ntlmssp_state,
- const unsigned char lm_hash[16],
- const unsigned char nt_hash[16])
+ const uint8_t lm_hash[16],
+ const uint8_t nt_hash[16])
{
- ntlmssp_state->lm_hash = (unsigned char *)
+ ntlmssp_state->lm_hash = (uint8_t *)
TALLOC_MEMDUP(ntlmssp_state, lm_hash, 16);
- ntlmssp_state->nt_hash = (unsigned char *)
+ ntlmssp_state->nt_hash = (uint8_t *)
TALLOC_MEMDUP(ntlmssp_state, nt_hash, 16);
if (!ntlmssp_state->lm_hash || !ntlmssp_state->nt_hash) {
TALLOC_FREE(ntlmssp_state->lm_hash);
@@ -186,8 +186,8 @@ NTSTATUS ntlmssp_set_password(struct ntlmssp_state *ntlmssp_state, const char *p
ntlmssp_state->lm_hash = NULL;
ntlmssp_state->nt_hash = NULL;
} else {
- unsigned char lm_hash[16];
- unsigned char nt_hash[16];
+ uint8_t lm_hash[16];
+ uint8_t nt_hash[16];
E_deshash(password, lm_hash);
E_md4hash(password, nt_hash);
@@ -211,19 +211,6 @@ NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *dom
}
/**
- * Set a workstation on an NTLMSSP context - ensures it is talloc()ed
- *
- */
-NTSTATUS ntlmssp_set_workstation(struct ntlmssp_state *ntlmssp_state, const char *workstation)
-{
- ntlmssp_state->workstation = talloc_strdup(ntlmssp_state, workstation);
- if (!ntlmssp_state->workstation) {
- return NT_STATUS_NO_MEMORY;
- }
- return NT_STATUS_OK;
-}
-
-/**
* Request features for the NTLMSSP negotiation
*
* @param ntlmssp_state NTLMSSP state
@@ -256,7 +243,7 @@ void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *featur
* @param ntlmssp_state NTLMSSP state
* @param feature Bit flag specifying the requested feature
*/
-void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32 feature)
+void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32_t feature)
{
/* As per JRA's comment above */
if (feature & NTLMSSP_FEATURE_SESSION_KEY) {
@@ -285,7 +272,7 @@ void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32 feature)
NTSTATUS ntlmssp_update(struct ntlmssp_state *ntlmssp_state,
const DATA_BLOB input, DATA_BLOB *out)
{
- uint32 ntlmssp_command;
+ uint32_t ntlmssp_command;
int i;
if (ntlmssp_state->expected_state == NTLMSSP_DONE) {
@@ -362,17 +349,17 @@ void ntlmssp_end(struct ntlmssp_state **ntlmssp_state)
*/
static const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state,
- uint32 neg_flags, uint32 *chal_flags)
+ uint32_t neg_flags, uint32_t *chal_flags)
{
if (neg_flags & NTLMSSP_REQUEST_TARGET) {
*chal_flags |= NTLMSSP_NEGOTIATE_TARGET_INFO;
*chal_flags |= NTLMSSP_REQUEST_TARGET;
- if (ntlmssp_state->server_role == ROLE_STANDALONE) {
+ if (ntlmssp_state->server.is_standalone) {
*chal_flags |= NTLMSSP_TARGET_TYPE_SERVER;
- return ntlmssp_state->get_global_myname();
+ return ntlmssp_state->server.netbios_name;
} else {
*chal_flags |= NTLMSSP_TARGET_TYPE_DOMAIN;
- return ntlmssp_state->get_domain();
+ return ntlmssp_state->server.netbios_domain;
};
} else {
return "";
@@ -380,7 +367,7 @@ static const char *ntlmssp_target_name(struct ntlmssp_state *ntlmssp_state,
}
static void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
- uint32 neg_flags, bool allow_lm) {
+ uint32_t neg_flags, bool allow_lm) {
if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_OEM;
@@ -439,47 +426,6 @@ static void ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
}
/**
- Weaken NTLMSSP keys to cope with down-level clients and servers.
-
- We probably should have some parameters to control this, but as
- it only occours for LM_KEY connections, and this is controlled
- by the client lanman auth/lanman auth parameters, it isn't too bad.
-*/
-
-DATA_BLOB ntlmssp_weaken_keys(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx)
-{
- DATA_BLOB weakened_key = data_blob_talloc(mem_ctx,
- ntlmssp_state->session_key.data,
- ntlmssp_state->session_key.length);
-
- /* Nothing to weaken. We certainly don't want to 'extend' the length... */
- if (weakened_key.length < 16) {
- /* perhaps there was no key? */
- return weakened_key;
- }
-
- /* Key weakening not performed on the master key for NTLM2
- and does not occour for NTLM1. Therefore we only need
- to do this for the LM_KEY.
- */
-
- if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) {
- /* LM key doesn't support 128 bit crypto, so this is
- * the best we can do. If you negotiate 128 bit, but
- * not 56, you end up with 40 bit... */
- if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {
- weakened_key.data[7] = 0xa0;
- } else { /* forty bits */
- weakened_key.data[5] = 0xe5;
- weakened_key.data[6] = 0x38;
- weakened_key.data[7] = 0xb0;
- }
- weakened_key.length = 8;
- }
- return weakened_key;
-}
-
-/**
* Next state function for the Negotiate packet
*
* @param ntlmssp_state NTLMSSP State
@@ -492,10 +438,8 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
const DATA_BLOB request, DATA_BLOB *reply)
{
DATA_BLOB struct_blob;
- const char *dnsname;
- char *dnsdomname = NULL;
- uint32 neg_flags = 0;
- uint32 ntlmssp_command, chal_flags;
+ uint32_t neg_flags = 0;
+ uint32_t ntlmssp_command, chal_flags;
uint8_t cryptkey[8];
const char *target_name;
struct NEGOTIATE_MESSAGE negotiate;
@@ -560,29 +504,14 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->internal_chal = data_blob_talloc(ntlmssp_state,
--
Samba Shared Repository
More information about the samba-cvs
mailing list