summaryrefslogtreecommitdiff
path: root/libcli/auth
Commit message (Collapse)AuthorAgeFilesLines
* libcli:auth: Return NTSTATUS for netlogon_creds_arcfour_crypt()Andreas Schneider2019-06-273-23/+64
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Return NTSTATUS for netlogon_creds_crypt_samlogon_logon()Andreas Schneider2019-06-271-13/+11
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Return NTSTATUS for netlogon_creds_decrypt_samlogon_logon()Andreas Schneider2019-06-272-6/+8
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Return NTSTATUS for netlogon_creds_encrypt_samlogon_logon()Andreas Schneider2019-06-273-12/+24
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Return NTSTATUS for netlogon_creds_server_step_check()Andreas Schneider2019-06-271-15/+17
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Return NTSTATUS for netlogon_creds_decrypt_samlogon_validation()Andreas Schneider2019-06-273-12/+22
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Return NTSTATUS for netlogon_creds_encrypt_samlogon_validation()Andreas Schneider2019-06-272-6/+8
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Use GnuTLS RC4 for netlogon credentialsAndreas Schneider2019-06-271-4/+17
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Use gnutls_error_to_werror() in smbencryptAndreas Schneider2019-06-271-3/+4
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/crypto: move gnutls error wrapper to own subsystemAndrew Bartlett2019-06-272-2/+2
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli:auth: Use gnutls_error_to_ntstatus() in credentialsAndreas Schneider2019-06-241-11/+9
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth: Remove des_crypt64() from smbdesAndrew Bartlett2019-05-222-12/+0
| | | | | | | | | | This has been unused since it was introduced by ad8b47a2ba4e81420bc2272e8438a727cc2223ee in 2006 Found by callcatcher Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* libcli:auth: Add return codes for netlogon_creds_init_128bit()Andreas Schneider2019-05-211-9/+23
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Use GnuTLS MD5 and HMAC MD5 in netlogon_creds_init_128bitAndreas Schneider2019-05-211-11/+36
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Use 'bool ok' in ntv2_owf_gen()Andreas Schneider2019-05-211-5/+4
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Use GnuTLS MD5 HMAC in SMBsesskeygen_ntv2()Andreas Schneider2019-05-211-6/+6
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Use GnuTLS MD5 HMAC in SMBOWFencrypt_ntv2()Andreas Schneider2019-05-211-5/+21
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Use GnuTLS MD5 HMAC in ntv2_owf_gen()Andreas Schneider2019-05-211-7/+29
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Use GnuTLS MD5 in decode_wkssvc_join_password_buffer()Andreas Schneider2019-05-211-11/+36
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Use GnuTLS MD5 in encode_or_decode_arc4_passwd_buffer()Andreas Schneider2019-05-211-3/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Use GnuTLS MD5 in encode_wkssvc_join_password_buffer()Andreas Schneider2019-05-211-6/+27
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Use GnuTLS MD5 in encode_or_decode_arc4_passwd_buffer()Andreas Schneider2019-05-211-5/+24
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Use GnuTLS MD5 for E_md5hash() in smbcryptAndreas Schneider2019-05-211-5/+25
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Add return code for netlogon_creds_init_hmac_sha256()Andreas Schneider2019-04-301-15/+29
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Use GnuTLS SHA256 HMAC for credentialsAndreas Schneider2019-04-302-11/+30
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Remove unused header fileAndreas Schneider2019-02-271-1/+0
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Feb 27 10:00:32 UTC 2019 on sn-devel-144
* libcli:auth: Only use the required md4 headerAndreas Schneider2019-02-271-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* libcli:auth: Only use the required md4 headerAndreas Schneider2019-02-271-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* libcli:auth: Avoid explicit ZERO_STRUCTAndreas Schneider2019-02-271-3/+1
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Feb 27 03:22:50 CET 2019 on sn-devel-144
* libcli: Solaris cc can't return void valuesVolker Lendecke2019-02-031-2/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli:auth: Use C99 initializers or ZERO_ARRAY instead of ZERO_STRUCTAndreas Schneider2018-12-201-9/+6
| | | | | | | | | | ZERO_STRUCT is not wrong here, it will give the same result, but better use macros with correct naming as it makes clear what happens when you read the code. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Fix uClibc build on 64bit platforms by including stdint.hBernd Kuhls2018-08-241-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Fixes an error detected by buildroot autobuilders: http://autobuild.buildroot.net/results/573/573e2268e205e10d1352fa81122d8f225fdb4575/build-end.log /home/rclinux/rc-buildroot-test/scripts/instance-1/output/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/stdint.h:122:27: error: conflicting types for 'uintptr_t' typedef unsigned long int uintptr_t; ^ In file included from ../lib/ldb/tests/ldb_msg.c:17:0: ../third_party/cmocka/cmocka.h:126:28: note: previous declaration of 'uintptr_t' was here typedef unsigned int uintptr_t; The define __WORDSIZE is missing when cmocka.h decides how to define uintptr_t, this patch includes stdint.h when needed. Patch sent upstream: https://lists.samba.org/archive/samba-technical/2018-January/125306.html Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Aug 24 17:22:10 CEST 2018 on sn-devel-144
* CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled ↵Günther Deschner2018-08-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | via "ntlm auth". This fixes a regression that came in via 00db3aba6cf9ebaafdf39ee2f9c7ba5ec2281ea0. Found by Vivek Das <vdas@redhat.com> (Red Hat QE). In order to demonstrate simply run: smbclient //server/share -U user%password -mNT1 -c quit \ --option="client ntlmv2 auth"=no \ --option="client use spnego"=no against a server that uses "ntlm auth = ntlmv2-only" (our default setting). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360 CVE-2018-1139: Weak authentication protocol allowed. Guenther Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* CVE-2018-1139 libcli/auth: fix debug messages in hash_password_check()Günther Deschner2018-08-141-4/+4
| | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360 CVE-2018-1139: Weak authentication protocol allowed. Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check()Andrew Bartlett2018-08-142-0/+426
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* dbwrap: Remove calls to loadparmVolker Lendecke2018-04-242-2/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: Call dbwrap_local_open with the correct tdb flagsVolker Lendecke2018-04-241-2/+5
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: Call dbwrap_local_open with the correct hash sizeVolker Lendecke2018-04-241-6/+13
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: Call dbwrap_local_open with the correct tdb_flagsVolker Lendecke2018-04-241-2/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: Call dbwrap_local_open with the correct hash sizeVolker Lendecke2018-04-241-4/+13
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Make g_lock_unlock use TDB_DATAVolker Lendecke2018-02-081-2/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* lib: Make g_lock_lock_send use TDB_DATAVolker Lendecke2018-02-081-2/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* netlogon_creds_cli: Pass "capabilities" up from creds_cli_checkVolker Lendecke2017-09-252-5/+15
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Protect netlogon_creds_cli_auth by _lckVolker Lendecke2017-09-251-60/+2
| | | | | | | | | This widens the lock range to cover the check for established credentials. Before this patch it could happen that more than one winbind finds no credentials and does the auth3. This can pile up. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Protect netlogon_creds_cli_check by _lckVolker Lendecke2017-09-251-63/+38
| | | | | | | netlogon_creds_cli_lck provides the locking around the operation Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Add netlogon_creds_cli_delete_lckVolker Lendecke2017-09-252-0/+15
| | | | | | | | Like netlogon_creds_cli_delete, protected by netlogon_creds_cli_lck instead of netlogon_creds_cli_lock. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Add netlogon_creds_cli_lckVolker Lendecke2017-09-252-0/+163
| | | | | | | | | | This adds an external locking scheme to protect our netlogon_creds_CredentialState. This is needed because the routines exposed by netlogon_creds_cli.h need a more flexible locking to set up our credentials in a properly protected way. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* rpc_client3: Avoid "cli_credentials" in cli_rpc_pipe_open_schannel_with_credsVolker Lendecke2017-09-251-0/+1
| | | | | | | | | This provides cleaner data dependencies. A netlogon_creds_ctx contains everything required to open an schannel, there is no good reason to require cli_credentials here. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Create cli_credentials from netlogon creds ctxVolker Lendecke2017-09-252-0/+36
| | | | | | | | A netlogon_creds_cli_context holds all information required to do an schannel bind. Used in the next commit. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Factor out netlogon_creds_cli_delete_internalVolker Lendecke2017-09-251-7/+10
| | | | | | | | In a future commit we'll need a version that does not check for context->db.locked_state Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status