plan9front.git - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author
2018-07-11	authsrv: log message when no AES key is found for pak	cinap_lenrek

2018-05-20	authsrv: implement AuthNTLM	cinap_lenrek

2018-05-20	authsrv: work arround linux omiting final Z(4) after the AvrPairs	cinap_lenrek

2018-05-19	cifsd: fix ntlmv2 authentication	cinap_lenrek
	in ntlmv2, the client will retry the challenge response trying a bunch of different domain names assuming the same server challenge. so we have to make retries work with factotum and the auth server. also, windows 7 with compatlevel=4 sends all zeros LM response.
2018-01-21	authsrv: implement mschapv2 authentication, include MPPE secret in the ticket	cinap_lenrek
	this adds new rpc for mschapv2 authentication (21) deliver the MPPE secret not after the ticket/authenticator response as cheartext, but include it in the first 128 bit of the ticket key. and the authenticator in the first 160 bit of the authenticator random field.
2018-01-15	authsrv: fix chap	cinap_lenrek
	use OCHAPREPLYLEN instead of sizeof(reply) (no padding). exit after sending ticket response to force eof as factotum unconditionally reads tailing secret hash (as of mschap).
2017-02-26	authsrv: handle short reads in initkeyseed()	cinap_lenrek

2017-02-26	authsrv: don't hash in hostowner key for keyseed	cinap_lenrek
	aiju → i don't like it, it's more bullshit ways to expose the key :) aiju → if someone can grab /adm/keyseed, they can also grab /adm/users and /adm/keys
2017-02-26	authsrv: salt the keyseed from /adm/keyseed file	cinap_lenrek
	change the keyseed key derivation to hkdf sha256 using the hostowners des key plus 256 bit random salt from /adm/keyseed.
2017-02-26	authsrv: fix mkkey() dummy key generation (thanks aiju)	cinap_lenrek

2017-02-26	authsrv: get rid of needreply parameter by changing vnc protocol handler	cinap_lenrek

2017-02-26	authsrv: more useful error reporting	aiju

2016-07-31	auth: various cleanups, use common readcons() from libauthsrv, zero keys ↵	cinap_lenrek
	after use
2016-01-06	auth: release dp9ik implementation and reentrant factotum	cinap_lenrek

2015-08-21	cmd/auth: remove private /dev/random reading routines, use genrandom()	cinap_lenrek

2015-08-21	authsrv: randomize aes key in mkkey(), not used yet.	cinap_lenrek

2015-08-21	authsrv: more aes key stuff	cinap_lenrek

2015-08-19	libauthsrv: generalize ticket service, not hardcoding ticket format and DES ↵	cinap_lenrek
	encryption this is in preparation for replacing DES ticket encryption with something better. but first need to make the code stop making assumptions. the wire encoding of the Ticket might be variable length with TICKETLEN just giving an upper bound. the details will be handled by libauthsrv _asgetticket() and _asgetresp() funciotns. the Authenticator and Passwordreq structures are encrypted with the random ticket key. The encryption schmeme will depend on the Ticket format used, so we pass the Ticket* structure instead of the DES key. introduce Authkey structure that will hold all the required cryptographic keys instead of passing DES key.
2015-06-02	authsrv: use plan9 key for http authentication	cinap_lenrek
	in addition to /sys/lib/httppasswords, allow http authentication to use the plan9 password, which can be changed by the user.
2014-02-15	factotum/authsrv: fix padding for mschap on amd64, use constants for ↵	cinap_lenrek
	structure sizes
2013-12-08	handle NIL user domain, and Z(4) at end of nt blob for ntlmv2	cinap_lenrek
	the nt blob ends with 4 zero bytes, this is not the same as the EOL av-pair terminator! this makes ntlmv2 work with windows xp with LmCompatibityLevel = 3
2013-12-08	experimental ntlmv2 server authenticaion support for cifsd	cinap_lenrek
	extending factotums and the auth servers mschap implementation to handle variable length NT response for NTLMv2. fix some minor bugs. only tested with cifs so far.
2011-03-30	Import sources from 2011-03-30 iso image - lib	Taru Karttunen

2011-03-30	Import sources from 2011-03-30 iso image	Taru Karttunen