Age | Commit message (Collapse) | Author | Files | Lines |
|
This checking allows us to connect to Microsoft servers the use SMB signing,
within a few restrictions:
- I've not get the NTLMSSP stuff going - it appears to work, but if you break
the sig - say by writing a zero in it - it still passes...
- We don't currently verfiy the server's reply
- It works against one of my test servers, but not the other...
However, it provides an excellent basis to work from. Enable it with 'client
signing' in your smb.conf.
Doc to come (tomorrow) and this is not for 3.0, till we get it complete.
The CIFS Spec is misleading - the session key (for NTLMv1 at least) is the
standard session key, ie MD4(NT#).
Thanks to jra for the early work on this.
Andrew Bartlett
(This used to be commit 1a2738937e3d80b378bd0ed33cd8d395fba2d3c3)
|
|
(This used to be commit dbb29495e7cd94b4ad07efd656d021d9551f5eb6)
|
|
(This used to be commit 8f495e8634a1777c4b03d3ec07c76f905ff2fb98)
|
|
(This used to be commit 9f3525967d3a55a0156544733a1e83711bf4be78)
|
|
(This used to be commit 013fa874733566169ecefb25458d26065190f302)
|
|
(This used to be commit 69e94440cd89a19bbcebc49d87836153b452da47)
|
|
password from 'display' to 'unix' before we check them.
Andrew Bartlett
(This used to be commit 98a4ebf55cfce9da2c187d89a4f9c7b34e5f999e)
|
|
get them in should be indeterminate, so just picking the first one would be
bad...
Andrew Bartlett
(This used to be commit 21da8c3bb39c507eb90865549c3bb3538dcea138)
|
|
blame for the realloc() stuff.
Plus a couple of minor updates to libads.
Andrew Bartlett
(This used to be commit 34b2e558a4b3cfd753339bb228a9799e27ed8170)
|
|
*before* you join, otherwise we don't have all the info that 'net join' needs.
Also move from smbpasswd -j to 'net join' in the examples.
Andrew Bartlett
(This used to be commit 9494c1e153a2a515841fb57506b7b9bff3eee7a6)
|
|
Andrew Bartlett
(This used to be commit 0944c69636eb60bc1a4b2a2257dd05f6d385bd4d)
|
|
Andrew Bartlett
(This used to be commit 0676b4e35f2ab5b58c44df9fe2eef112425d6013)
|
|
(This used to be commit 01d78b828b89f04b70b53ded01a7f4b356979317)
|
|
'security=server/domain' text, to try and explain the difference better, and
why you should always use the latter.
Also update the BDC-HOWTO to have some relation to current reality.
Andrew Bartlett
(This used to be commit 7fd0c9bd74a8513a0cbf67bb516c6c2642380c7f)
|
|
(This used to be commit 9931f50b396d7e7188de583e5732781e8bea587d)
|
|
join' as people are using the 'wrong' one and wondering why it doesn't quite
work.
Andrew Bartlett
(This used to be commit dfe565e6ce7ae724a95ba9f162ab51436cf4b63e)
|
|
Jeremy.
(This used to be commit fdc14aa6f67b95350796cd1075a3910e3e5d84b6)
|
|
Jeremy.
(This used to be commit 6624fa59d749b0c0d6aacc35b9b6ba2b567d6eb4)
|
|
messages. Stops build-up of large numbers of smbd's waiting to terminate
on large print throughput.
Jeremy.
(This used to be commit 4ae130bfa82be60de6a6f357f65207fcb24f45fb)
|
|
Jeremy.
(This used to be commit fa8647eb208a971063039c24da849021c5e25267)
|
|
Jeremy.
(This used to be commit 371f4aca9204f3c093af622ec6c9ea7c5145bf85)
|
|
Jeremy
(This used to be commit d63849db6d02b1a9430072e6e15a67e1c526e5e7)
|
|
to HEAD :-).
Jeremy.
(This used to be commit 1fec0f50ed0e750afec5cdf551fcd37ef4858e94)
|
|
(This used to be commit 726181537db6bdd299fd9256a5e6def6b4b8ae33)
|
|
(This used to be commit 08050a93d9c5b2276c4eaf933974607cf11a1876)
|
|
Removed duplicate message_register() for REQ_DEBUGLEVEL message.
(This used to be commit 6fee7196d695ca813a301b1e6d7da687b7e7bda5)
|
|
level 2 and a request for open with no oplock is received then the
smbd should send *synchronous* break messages, not asynchronous,
otherwise it spins very rapidly, releasing the lock, sending the
'break to none' messages and then re-acquiring the lock before
any other process has a chance to get the lock and remove it's own
oplock (at least on linux).
Jeremy.
(This used to be commit d1e8991a76a57b7d96dd7db3c1d9bbf5b28da88e)
|
|
(This used to be commit c32c1bccc27f10e2f44f3e7f3778aae38bba8f25)
|
|
that are not configured with an add user script, and have an _nua backend for
storage.
We really need to get the PDB backends out of the IDMAP game...
Andrew Bartlett
(This used to be commit dceb7820d71ce624de60ce8f729d5d3711b64152)
|
|
(This used to be commit d3962da61a5717dda7e99996bbeb4735d4373041)
|
|
using a hardcoded value later on.
Added a helper function that returns the observed values for
max_entries and max_size for each cli_samr_query_dispinfo() call.
These values were obtained from watching the NT4 user manager
application with ethereal and are the only ones that can enumerate a
60k user domain reliably under Windows 2000.
(This used to be commit 2eea2813d9adc414f0a7ea074826b23697f376ee)
|
|
of hardcoding it to 0xffff.
(This used to be commit c3b077f763d94ba063b2d4231cd5d411e44933e7)
|
|
(This used to be commit 55d268fdd67e42244128dae8614d0e4aa2eb2da2)
|
|
inside this function.
(This used to be commit cdc7c599c72119e96a2a3d392458cd6d52bf56a5)
|
|
to rpcstr_pull()
(This used to be commit b9c4cc119588d6a564f0aaf12fd2ef867a42aeb8)
|
|
Perhaps we should try to open O_RDONLY if O_RDWR fails?
(This used to be commit 1e7236371d2b766b161acbb0c950cd3bb4a6ede7)
|
|
this now gives us complete remove privileges control in the client
libs, so we are in good shape for starting on the server side.
(This used to be commit bf99440398db86f46233eb2f5adddffb61280a1b)
|
|
support shared libraries
(This used to be commit f739a7263d9da6edc2ecba5b942253c22f7cb3f8)
|
|
(This used to be commit 06f641bcb59f932c994e6023d400df18b54c2067)
|
|
(This used to be commit 89f9a0a0c451a627b70c8373431e691ab964c1ef)
|
|
conform to the (more strict) XML syntax.
(This used to be commit d9cf973a466ff684f0867b5d7fd494de6967aa79)
|
|
with the (more strict) XML format.
(This used to be commit 0930628bd588096d5e5bc2e68fe78eb893d5f18a)
|
|
lsa_add_acct_rights function.
This allows us to add privileges remotely to accounts using rpcclient.
(This used to be commit 2e5e659e095a94b0716d97f673f993f0af99aabe)
|
|
identical behaviour with previous versions
(This used to be commit 7cbb194b58a4313497541c1f8153533c5034b928)
|
|
name being truncated... (either way, it's the correct thing to do).
Andrew Bartlett
(This used to be commit a058960c15944ac5a415307f0b016553ef42e101)
|
|
testing :-). This gets the 'signiture' after the extended security blob,
rather than over the top of it.
Also move that code to the top of the file, with some of the other util functions.
Andrew Bartlett
(This used to be commit e5c67a012424e71cee340b16946babe2399c0fa1)
|
|
The idea here is to seperate, as much as possible, the SPNEGO layer from the
NTLMSSP layer. This not only helps us with protocol correctness, but also
should allow further mechinisms to be added with relitive ease. I indend to
make the kerberos code use this shortly.
I've never seen the 'zero length blob' form of the anonymous login, so I've
removed that case.
Andrew Bartlett
(This used to be commit a8773c9f825539c5bc17e4200b16d7ebbe0b7620)
|
|
(This used to be commit 9180e2d062ac18dc5e7e8d0737973dc9e806e412)
|
|
(This used to be commit d74d4fe0b0c64d500367e4969be37f4541227d3e)
|
|
(This used to be commit f89a99bf881f691c4fd8063fe0c51b84466a4cf6)
|