Commit Graph

92 Commits

Author SHA1 Message Date
Kai Blin 9dd206d28e secur32: Use NTLM2 instead of NTLMv2.
In the current code NTLMv2 is used when talking about second generation
NTLM crypto algorithms. Most other publiations call this NTLM2, and use
NTLMv2 to describe a different crypto handshake that can be used by
either NTLM1 or NTLM2 crypto.
2010-04-19 14:56:12 +02:00
Rob Shearman 1346834605 secur32: Fix memory leaks in ntlm_InitializeSecurityContextW. 2009-12-30 13:40:31 +01:00
Kai Blin 9a81b032c4 secur32: Pretend the NTLM provider also does Negotiate.
We had to enable the Negotiate provider a while back so programs that expected 
that provider to be present would be happy. This broke programs that expect a 
Negotiate provider to actually do something if it is present. This fix works 
around that new issue by thunking all calls to Negotiate to NTLM.
2009-12-30 13:31:12 +01:00
Rob Shearman 3cd88cfab3 secur32: Fix memory leak in NTLM's FreeCredentialsHandle. 2009-12-14 12:04:05 +01:00
Kai Blin e987ec4299 secur32: Use empty credentials when cached creds fail. 2009-11-09 19:38:00 +01:00
Kai Blin e6ac20e814 secur32: Revert "secur32: Work around ntlm_auth in Samba 3.0.28a being broken for cached credentials".
This reverts commit 7788c8ed0d, as well
as commit ec443be738. Due to erroneous
user input, these commits actually broke more than they fixed.
2009-08-12 12:51:02 +02:00
Kai Blin ec443be738 secur32: Don't try to use ntlm_auth --use-cred-cache.
If ntlm_auth actually uses the cred cache, it will not give a session key.
As the Wine NTLM code depends on the session key to do transport crypto, don't
attempt to use the winbind cred cache.

This completely reverts my attempted fix 7788c8ed and also parts of Rob's
888a8e27 and 8a2125f9. It does not affect the code using wine's own credential
cache.
2009-05-20 13:34:16 +02:00
Kai Blin 7788c8ed0d secur32: Work around ntlm_auth in Samba 3.0.28a being broken for cached credentials.
Samba 3.0.28a (as shipped with Ubuntu 8.04) seems to break when using
cached credentials backed by winbindd, returning a BH error in our test
if we still need to provide a password. Handle this and report a more
correct error.
2009-04-14 11:28:34 -05:00
Alexandre Julliard 21a7b21b65 secur32: Properly initialize the helper structure when fork support is missing. 2009-02-16 11:53:22 +01:00
Michael Stefaniuc e01ae46cac secur32: Remove superfluous pointer casts. 2009-01-22 12:04:52 +01:00
Michael Stefaniuc 57ab0cd9a6 include: sspi.h: Use the Win types as per MSDN.
This improves the Win64 compatibility.
2009-01-06 12:43:46 +01:00
Andrew Talbot 140c0423f5 secur32: Memory allocation size fix. 2008-05-13 10:40:03 +02:00
Andrew Talbot 49939ed544 secur32: Remove unused variables. 2008-04-25 11:28:43 +02:00
Rob Shearman 088ae3b81c secur32: Fix ntlm_GetCachedCredential to not call strlenW on a NULL pointer.
pszHost should just be set to pszTargetName if pszTargetName doesn't
contain any other information.
2008-03-10 19:12:54 +01:00
Rob Shearman 8a2125f932 secur32: Try to retrive credentials by using the credential manager to retrieve credentials saved for the target server in InitializeContextHandleW, if possible. 2008-02-04 11:10:50 +01:00
Rob Shearman 506ba701bb secur32: If using cached credentials failed in InitializeSecurityContext then fail with SEC_E_NO_CREDENTIALS instead of carrying on with a blank password. 2008-02-04 11:10:05 +01:00
Rob Shearman 72ffc3fad9 secur32: Move the detection of NULL credentials from AcquireCredentialsHandle to InitializeSecurityContext.
Only use cached credentials if the credentials were NULL. Don't pass a 
domain into ntlm_auth when using cached credentials as 
ntlm_auth/winbindd should be able to figure that out.
2008-02-04 11:10:01 +01:00
Andrew Talbot e4ca5c5647 secur32: Remove unneeded casts. 2008-01-21 11:38:45 +01:00
Michael Stefaniuc d117938f7a secur32: Remove the SECUR32_ALLOC() macro around HeapAlloc(). 2007-12-06 12:07:12 +01:00
Kai Blin fdfa760c85 secur32: ntlm_auth returns BH if the connection to winbindd fails. 2007-10-09 12:34:35 +02:00
Andrew Talbot 9b1082ef3b secur32: Fix some memory leaks. 2007-10-05 10:26:20 +02:00
Kai Blin 5afd341aec secur32: Remove hardcoded assumption that the SECBUFFER_DATA is always at index 1 for en/decrypting. 2007-10-02 11:42:10 +02:00
Kai Blin 78b047e4e4 secur32: Give a hint where to find ntlm_auth. 2007-08-30 11:57:18 +02:00
Rob Shearman 610a3b1ad2 secur32: Remove valid_session_key from NegoHelper since it is only ever set and not read. 2007-08-08 15:32:00 +02:00
Rob Shearman 888a8e27b8 secur32: Split the NTLM credential and context handles into separate objects.
This prevents races with two threads using the helper object at the same
time on two different context handles, eliminates the need to free the
credential handle after freeing the context handles and also prevents a
crash caused by not clearing session_key in DeleteSecurityContext.
2007-08-08 15:32:00 +02:00
Rob Shearman 2ede1370d3 secur32: Don't free the password in InitializeSecurityContextW to enable the credentials handle to be re-used in further InitializeSecurityContextW calls. 2007-07-03 12:29:19 +02:00
Kai Blin c1e724bc88 secur32: Downgrade WARN to TRACE, fix another TRACE. 2007-05-29 11:54:22 +02:00
Rob Shearman aa1be492cd secur32: Fix NTLM's InitializeSecurityContextA/W to be flexible with the index of the token buffer in both the input and output buffer descriptions. 2007-05-25 20:17:11 +02:00
Rob Shearman 4d275bcf10 secur32: Don't set the output buffer type in NTLM's IntializeSecurityContextA/W. 2007-05-25 20:16:58 +02:00
Rob Shearman 661b49785e secur32: Make the NTLM SSP cope with a NULL phCredential parameter when InitializeSecurityContext is called more than once. 2007-05-25 20:16:42 +02:00
Kai Blin 7e6c5aad3c secur32: Move NTLM debug output to a seperate "ntlm" channel. 2007-04-16 12:08:44 +02:00
Rob Shearman b814c45f00 secur32: NTLM's AcquireCredentialHandleA/W should accept domains and usernames with lengths of 0.
Add tests for these cases.
2007-03-06 21:59:39 +01:00
Rob Shearman d9229bd1c5 secur32: NTLM - don't bother nul terminating the password string as nothing relies on it being nul terminated. 2007-03-06 21:59:34 +01:00
Rob Shearman 3012038e73 secur32: NTLM - don't copy more data from User, Domain and Password
pointers in the SEC_WINNT_AUTH_IDENTITY structure than the
corresponding Length fields say the pointers hold.
2007-03-06 21:59:28 +01:00
Kai Blin 7325bbd127 secur32: Fix ntlm_auth version number check when registering the NTLM SSP. 2007-02-06 12:30:21 +01:00
Kai Blin 809e4124d7 secur32: Bump minimal required samba version to 3.0.25, 3.0.24 is a bugfix release. 2007-02-06 12:30:16 +01:00
Kai Blin 747ab4bf74 secur32: Fix off-by-one error in converting the password to unicode. 2007-01-24 12:56:33 +01:00
Kai Blin dc98ac1adb secur32: Fix off-by-one error when copying the password to the helper.
This fixes NTLM authentication with Outlook2003.
2007-01-24 12:07:41 +01:00
Francois Gouget aab5e5856e Don't put single quotes around '%s' when using the debugstr_*() functions. 2007-01-18 12:55:50 +01:00
Patrik Stridvall f46da1f985 secur32: Use constants instead of hardcoded values. 2006-12-24 15:12:34 +01:00
Dmitry Timoshkov 098e82d81e secur32: Make some data const. 2006-12-14 20:11:44 +01:00
Kai Blin 3dc6390e72 secur32: Improve version detection, move all the version detection to ntlm.c.
Also, as starting with Samba 3.0.24, ntlm_auth will have all the features
we need, require that as minimal version and remove odd old-version
compatibility hacks.
2006-11-29 12:37:20 +01:00
Kai Blin 1037e20bc7 secur32: Fix handling of ISC_REQ* flags in InitializeSecurityContext. 2006-11-14 11:34:19 +01:00
Kai Blin 48f934ee96 secur32: work around a bug in ntlm_auth that breaks RPC. 2006-11-10 11:34:41 +01:00
Kai Blin d5c0acd057 secur32: Implement NTLM2 encryption. 2006-11-09 14:33:31 +01:00
Kai Blin 1360339422 secur32: Implement ntlmv2 signing. 2006-11-09 10:39:20 +01:00
Kai Blin a51e02c5d6 secur32: Use a helper function for creating the signature as this simplifies implementing NTLM2 signing a lot. 2006-11-08 20:12:34 +01:00
Kai Blin 6720a129f3 secur32: Delete session key and arc4 context when the session based security context is deleted. 2006-11-08 20:08:09 +01:00
Kai Blin 3af72bec1e secur32: Test and fix DecryptMessage for multiple data buffers. 2006-11-06 13:47:29 +01:00
Kai Blin cd8332ae1c secur32: Fix handling of buffers that don't have the SECBUFFER_TOKEN as the first buffer.
Thanks to Robert Shearman for catching this one and providing some of the test code.
2006-11-04 12:07:05 +01:00