summaryrefslogtreecommitdiff
path: root/libcli
AgeCommit message (Collapse)AuthorFilesLines
2012-04-12krb5_wrap: krb5_string_to_key / krb5_encrypt_block are deprecated.Simo Sorce1-4/+4
Remove checks and replace with krb5_c_string_to_key(). Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12auth-krb: Move pac related util functions in a single place.Simo Sorce2-81/+0
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12auth-krb: Make functions static.Simo Sorce1-4/+0
The remaining gssapi_parse functions were used exclusively in gensec_krb5. Move them there and make them static. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12auth-krb: Nove oid packet check to gensec_util.Simo Sorce1-1/+0
This is clearly a utiliy function generic to gensec. Also the 3 callers had identical implementations. Provide a generic implementation for all of them and avoid duplicating the code everywhere. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12krb5_wrap: remove duplicate declaration and dead ifdefSimo Sorce1-4/+0
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-27s4 dns: Add a simple async client libraryKai Blin3-0/+230
2012-03-25smb2: Move smb2cli session setup code to cli_smb_common.Jelmer Vernooij2-0/+234
2012-03-25libcli/smb: Stop generating unused proto file.Jelmer Vernooij1-1/+0
2012-03-14Fix bug #8811 - sd_has_inheritable_components segfaults on an SD that ↵Jeremy Allison1-0/+4
se_access_check accepts. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Mar 14 05:08:03 CET 2012 on sn-devel-104
2012-03-14Fix bug #8795 - Samba does not handle the Owner Rights permissions at allRichard Sharpe3-6/+49
Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Mar 14 02:26:34 CET 2012 on sn-devel-104
2012-03-10tdb_wrap: Move to specific directory.Jelmer Vernooij1-1/+1
It's a bit confusing to mix low-level and high-level libraries. We had multiple libraries in one directory, and there were have circular dependencies with other libraries outside that directory (in this case, samba-hostconfig). Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Mar 10 23:13:01 CET 2012 on sn-devel-104
2012-03-10Fix bug #8797 - Samba does not correctly handle DENY ACEs when privileges apply.Richard Sharpe1-26/+28
Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Mar 10 01:33:45 CET 2012 on sn-devel-104
2012-03-04libcli:smb: define SMB2_HDR_FLAG_REPLAY_OPERATIONMichael Adam1-0/+1
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Sun Mar 4 15:10:38 CET 2012 on sn-devel-104
2012-03-03smbXcli: add the possiblilty to negotiate client capabilites in smb >= 2.2Michael Adam2-3/+11
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
2012-03-03libcli:smb: define SMB2_DHANDLE_FLAG_PERSISTENTMichael Adam1-0/+5
2012-03-03libcli:smb: add new SMB2 share flagsMichael Adam1-1/+5
* FORCE_LEVELII_OPLOCKS * ENABLE_HASH_V1 * ENABLE_HASH_V2 * ENCRYPT_DATA
2012-03-03libcli:smb: upgrade SMB2_CAP_ALL to include the newly known capsMichael Adam1-1/+8
2012-03-03libcli:smb: add defines for SMB2.2 share capabilitiesMichael Adam1-1/+4
* continuous avaliability * cluster * scaleout
2012-03-03libcli:smb: add defines for SMB2.2 global capabilitiesMichael Adam1-4/+9
* multi channel * persistent handles * directory leasing * encryption
2012-03-03libcli:smb: define DH2Q and DH2C tags for smb2 extra create blobsMichael Adam1-0/+2
These are the tags for the SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2 and SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2, the second version of the SMB2_CREATE_DURABLE_HANDLE_REQUEST (DHnQ) and SMB2_CREATE_DURABLE_HANDLE_RECONNECT (DHnC), which are only available for SMB 2.2 (and newer).
2012-03-03smb2_constants: fix a typoChristian Ambach1-1/+1
Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Sat Mar 3 09:04:40 CET 2012 on sn-devel-104
2012-03-02smb2_constants: add SMB2_WATCH_TREEChristian Ambach1-0/+3
2012-02-29libcli/smb/smb2_signing: rename smb2_key_deviration -> smb2_key_derivationMichael Adam3-5/+5
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Wed Feb 29 09:01:54 CET 2012 on sn-devel-104
2012-02-29libcli/smb/smbXcli: use smb2_key_deviration() to setup SMB 2.24 keysStefan Metzmacher1-2/+41
This uses the key diveration function from "NIST Special Publication 800-108" in counter mode (section 5.1). Thanks to Jeremy, Michael and Volker for the debugging! metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Feb 29 04:54:48 CET 2012 on sn-devel-104
2012-02-29libcli/smb/smb2_signing: implement aes_cmac_128 based signing for SMB 2.24Stefan Metzmacher1-18/+58
metze
2012-02-29libcli/smb/smb2_signing: add smb2_key_deviration()Stefan Metzmacher2-0/+37
This implements a simplified version of "NIST Special Publication 800-108" section 5.1 using hmac-sha256. Thanks to Jeremy, Michael and Volker for the debugging! metze
2012-02-27libcli/smb/smb2_signing: pass down 'protocol' to smb2_signing_[sign|check]_pdu()Stefan Metzmacher4-2/+11
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Feb 27 14:26:32 CET 2012 on sn-devel-104
2012-02-27libcli/smb/smb2_signing: rename session_key to signing_keyStefan Metzmacher2-9/+9
metze
2012-02-27libcli/smb/smbXcli: remove unused if statement from ↵Stefan Metzmacher1-3/+1
smb2cli_conn_dispatch_incoming() metze
2012-02-27libcli/smb/smbXcli: add smb2cli_session_application_key()Stefan Metzmacher2-0/+28
metze
2012-02-27libcli/smb/smbXcli: maintain smb2 channel_signing_key separate from the ↵Stefan Metzmacher2-58/+131
signing_key The signing_key is fix across all channels and is used for session setups on a channel binding. Note: - the last session setup response is signed with the new channel signing key. - the reauth session setups are signed with the channel signing key. It's also not needed to remember the main session key. metze
2012-02-27libcli/smb/smbXcli: remove unused checks from smb2cli_session_create_channel()Stefan Metzmacher1-11/+0
metze
2012-02-25libcli: Remove a pointless checkVolker Lendecke1-3/+1
"n" is size_t, so it is always >=0.
2012-02-22Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but ↵Richard Sharpe1-0/+5
has no permission for that, but token has SeTakeOwnershipPrivilege Autobuild-User: Richard Sharpe <sharpe@samba.org> Autobuild-Date: Wed Feb 22 19:19:32 CET 2012 on sn-devel-104
2012-02-17auth: Move the rest of the source4 gensec_ntlmssp code to the top levelAndrew Bartlett2-3/+3
The ntlmssp_server code will be in common shortly, and aside from a symbol name or two, moving the client code causes no harm and makes less mess. We will also get the client code in common very soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17auth/kerberos: Move gse_get_session_key() to common code and use in ↵Andrew Bartlett1-0/+17
gensec_gssapi Thie ensures that both code bases use the same logic to determine the use of NEW_SPNEGO. Andrew Bartlett
2012-01-31libcli/smb: Convert struct smb_trans_enc_state to tallocAndrew Bartlett3-22/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-31s3-libsmb: Remove unused enum smb_trans_enc_typeAndrew Bartlett1-7/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-29libcli/util: fix typo in nt_errs[] for NT_STATUS_NETWORK_SESSION_EXPIREDStefan Metzmacher1-1/+1
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sun Jan 29 14:11:12 CET 2012 on sn-devel-104
2012-01-27libcli/smb: fix smbXcli_negprot(..., PROTOCOL_NT1, PROTOCOL_SMB2_02)Stefan Metzmacher1-3/+6
The SMB1 negprot request already consumed the SMB2 sequence '0'. This also happens for the SMB 2.02 case. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Jan 27 15:27:41 CET 2012 on sn-devel-104
2012-01-23lib: use differing NTSTATUS and WERROR struct membersDavid Disseldorp1-2/+2
This allows the compiler to catch uses of incorrectly typed arguments for [NT_STATUS|W_ERROR]_IS_OK() and [NT_STATUS|W_ERROR]_EQUAL(). I.e. WERROR werr; werr = my_fn(); /* XXX returns WERROR type */ if (NT_STATUS_EQUAL(werr, NT_STATUS_OBJECT_NAME_COLLISION)) {
2012-01-21s3-libsmb: Always allow SMB_TRANS_ENC_GSS to be definedAndrew Bartlett1-4/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sat Jan 21 01:28:54 CET 2012 on sn-devel-104
2012-01-20s3-libsmb: Remove unused smb_tran_enc_state_gss and gssapi headersAndrew Bartlett1-15/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-20s3-libsmb: use struct gensec_security directlyAndrew Bartlett2-7/+5
This is rather than via a now one-element union. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-20s3-libcli Change krb5 smb sealing to call via gensec and gensec_gseAndrew Bartlett2-199/+4
This also fixes the support for smb sealing with krb5 in make test, as this now relies on secrets.tdb rather than /etc/krb5.keytab. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-12auth/kerberos: Remove unused TALLOC_CTX argument to check_pac_checksumAndrew Bartlett1-2/+1
2012-01-11Second part of fix for bug #8673 - NT ACL issue.Jeremy Allison1-3/+4
Ensure we process the entire ACE list instead of returning ACCESS_DENIED and terminating the walk - ensure we only return the exact bits that cause the access to be denied. Some of the S3 fileserver needs to know if we are only denied DELETE access before overriding it by looking at the containing directory ACL. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Jan 11 19:24:53 CET 2012 on sn-devel-104
2012-01-10krb5: Require krb5_string_to_key be available to build with krb5Andrew Bartlett1-1/+1
2012-01-10krb5: Require krb5_principal_compare_any_realm be available to build with krb5Andrew Bartlett1-28/+0
2012-01-10krb5: Require krb5_c_verify_checksum is available to build with krb5Andrew Bartlett1-63/+20