summaryrefslogtreecommitdiff
path: root/auth/ntlmssp/ntlmssp_sign.c
Commit message (Collapse)AuthorAgeFilesLines
* define DBGC_AUTH classkkplein2018-01-081-0/+3
| | | | | | Signed-off-by: Mourik Jan C Heupink <heupink@merit.unu.edu> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Correct "intialise" typos.Chris Lamb2017-02-221-1/+1
| | | | | | Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* CVE-2016-2110: auth/ntlmssp: implement gensec_ntlmssp_may_reset_crypto()Stefan Metzmacher2016-04-121-12/+28
| | | | | | | | | | | | | | | [MS-SPNG] requires the NTLMSSP RC4 states to be reset after the SPNEGO exchange with mechListMic verification (new_spnego). The 'reset_full' parameter is needed to support the broken behavior that windows only resets the RC4 states but not the sequence numbers. Which means this functionality is completely useless... But we want to work against all windows versions... BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* auth/ntlmssp: remove ntlmssp_unwrap() fallback for LDAPStefan Metzmacher2016-03-101-44/+5
| | | | | | | | This is now handled by GENSEC_FEATURE_LDAP_STYLE. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/ntlmssp: implement GENSEC_FEATURE_LDAP_STYLEStefan Metzmacher2016-03-101-0/+16
| | | | | | | | | | | | | We need to handle NTLMSSP_NEGOTIATE_SIGN as NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE is requested. This works arround a bug in Windows, which allow signed only messages using NTLMSSP and LDAP. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* build: Build with system md5.h on OpenIndianaAndrew Bartlett2013-06-191-1/+1
| | | | | | | | | | | | | | | | | | | | This changes (again...) our system md5 detection to cope with how OpenIndiana does md5. I'm becoming increasingly convinced this isn't worth our while (we should have just done samba_md5...), but for now this change seems to work on FreeBSD, OpenIndiana and Linux with libbsd. This needs us to rename struct MD5Context -> MD5_CTX, but we provide a config.h define to rename the type bad if MD5_CTX does not exist (it does however exist in the md5.h from libbsd). Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
* gensec: Add parinoia about integer wrappingAndrew Bartlett2011-10-281-0/+7
|
* ntlmssp: Refuse to seal if we did not negotiate to signAndrew Bartlett2011-10-181-0/+5
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett2011-10-181-0/+694
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
View Lorry Controller Status