Age | Commit message (Collapse) | Author | Files | Lines |
|
A much better SMB signing module, that allows for mulitple signing algorithms
and correctly backs down from signing when the server cannot sign the reply.
This also attempts to enable SMB signing on NTLMSSP connections, but I don't
know what NTLMSSP flags to set yet.
This would allow 'client use signing' to be set by default, for server
compatability. (A seperate option value should be provided for mandetory
signing, which would not back down).
Andrew Bartlett
(This used to be commit 1c87be7a3d127201a6ab78d22d17c971af16b86b)
|
|
signed/unsigned (mostly i counters)
a little bit of const.
Andrew Bartlett
(This used to be commit 50f0ca752e5058c4051f42a9337361373ba1f727)
|
|
Jeremy.
(This used to be commit 33b11d5eb53bdeb9d279d221fd5c01579253e1c7)
|
|
- new kerberos code, allowing the account to change it's own password
without special SD settings required
- NTLMSSP client code, now seperated from cliconnect.c
- NTLMv2 client code
- SMB signing fixes
Andrew Bartlett
(This used to be commit 837680ca517982f2e5944730581a83012d4181ae)
|
|
Jeremy.
(This used to be commit 8dcbfa4e770d74d4ce6faaf1a0597d07d0a5cc81)
|
|
Jeremy.
(This used to be commit d8d351eb01ea7c84828dbc96224d7b13d643b558)
|
|
Jeremy.
(This used to be commit 28d2eb934318818a3b0527e391987ea139dbf4a3)
|
|
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
(This used to be commit 3fb3bc0a1546dadb24231065b422349bd199e1bf)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
so that we can print it in later debug messages.
(This used to be commit 37ae84f782e1de6fcea92acb2189683cdf8e7e92)
|
|
(This used to be commit 911c57403bd116405876e73913ad73efd15f659b)
|
|
(This used to be commit c28956d8601c103c3f8dab4253de80e6a00a02d7)
|
|
NTLMSSP in cli_establish_connection()
What we really need to do is kill off the pwd_cache code. It is horrible,
and assumes the challenge comes in the negprot reply.
(This used to be commit 3f919b4360b3bfcc133f7d88bc5177e9d93f2db2)
|
|
enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM
(This used to be commit 076aa97bee54d182288d9e93ae160ae22a5f7757)
|
|
activate you need to:
- install krb5 libraries
- run configure
- build smbclient
- run kinit to get a TGT
- run smbclient with the -k option to choose kerberos auth
(This used to be commit d33057585644e1337bac743e25ed7653bfb39eef)
|
|
server. This is just a framework right now - I want this to eventually
replace the win32 test code from monyo
The interesting this about this test is that it shows up a really
horrible performance bug in our stat cache code. I'll see if I can fix
it.
(This used to be commit eb668b54af4925194c07b217724657f406ec00d0)
|
|
(This used to be commit 589aaa5fb1ac55d8b0d5ae95921f071eb6ddacf6)
|
|
complete testing of oplocks from smbtorture and would also be essential if a client app ever really did want to use oplocks properly
(This used to be commit 3d4a3bfacd9ef225aeaab801e5a216d12814b60a)
|
|
macros to STR_
(This used to be commit 95c9e4e0ba8f37f565aaf136f41eb76489441ff7)
|
|
it now handles -M LANMAN1 -f '.x' -m '?x' nicely
(This used to be commit e7ccb9be6da9b1426eb136b4a0a1171232471768)
|
|
interface for ascii-only fields
(This used to be commit cdf0316610803e6743936b29f232b32f9ec81422)
|
|
I've currently got this code disabled by default as it is
incomplete. You enable it by setting a USE_UNICODE environment
variable. Once the support is complete this check will be removed and
the CAP_UNICODE capability bit will be the sole determination of
whether the client library code uses unicode
right now I have converted session_setup and tconx. I will do more fns
over the next few days.
see clistr.c for the new client side string interface. Luckily it
tends to make the code smaller and neater while adding unicode
support.
(This used to be commit e1a04e621f1c28d8e6e543d43741ca0272e2237f)
|
|
a byte range lock (write lock only, but Win2k breaks on read lock also so I
do the same) - if you think about why, this is obvious. Also fixed our client
code to do level II oplocks, if requested, and fixed the code where we would
assume the client wanted level II if it advertised itself as being level II
capable - it may not want that.
Jeremy.
(This used to be commit 213cd0b5192307cd4b0026cae94b2f52fb1b0c02)
|
|
in the RPC code. This change was prompted by trying to save a long (>256)
character comment in the printer properties page.
The new system associates a TALLOC_CTX with the pipe struct, and frees
the pool on return of a complete PDU.
A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx
code, and is freed in the main loop.
This code works with insure, and seems to be free of memory leaks and
crashes (so far) but there are probably the occasional problem with
code that uses UNISTRxx structs on the stack and expects them to contain
storage without doing a init_unistrXX().
This means that rpcclient will probably be horribly broken.
A TALLOC_CTX also needed associating with the struct cli_state also,
to make the prs_xx code there work.
The main interface change is the addition of a TALLOC_CTX to the
prs_init calls - used for dynamic allocation in the prs_XXX calls.
Now this is in place it should make dynamic allocation of all RPC
memory on unmarshall *much* easier to fix.
Jeremy.
(This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4)
|
|
semi-connection and a rpcclient prompt, but no functionality there yet.
Will be a few more days on that.
The changes to the header files were minor. A few struct's and a few
additional fields to existing ones. No deletions. **minimal change
necessary** :-) Well, maybe not minimal, but I tried.
All other programs compile, link and run ok from what I can tell so
I don;t think I broke anything.
--jerry
(This used to be commit cd7f0b0b91afd3331c0607ba2fcb3ccdd41ecebf)
|
|
We finally have a perfect emulation of Microsoft wildcard
matching. The routine ms_fnmatch() does wildcard matching with all MS
wildcards (including the unicode wildcards), and masktest against a
NT4 workstation with hundreds of thousands of random exmaples has not
found a single error.
amazingly it is only about 60 lines of code, but it has taken us years
to get it right. I didn't sleep much last night :)
(This used to be commit cc9e007cdfdd300189f89e2a55e4234e47fa842d)
|
|
to using internal msrpc code in smbd.
(This used to be commit 8976e26d46cb991710bc77463f7f928ac00dd4d8)
|
|
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
|
|
damn, this one is bad.
started, at least two days ago, to add an authentication mechanism to
the smbd<->msrpc redirector/relay, such that sufficient unix / nt
information could be transferred across the unix socket to do a
become_user() on the other side of the socket.
it is necessary that the msrpc daemon inherit the same unix and nt
credentials as the smbd process from which it was spawned, until
such time as the msrpc daemon receives an authentication request
of its own, whereupon the msrpc daemon is responsible for authenticating
the new credentials and doing yet another become_user() etc sequence.
(This used to be commit 30c7fdd6ef10ecd35594311c1b250b95ff895489)
|
|
which isn't actually used right now :-)
(This used to be commit d54a64ae3ab7cdc1ac67fb49f7255e6a106d624e)
|
|
ideas from ssh-agent.
the intent is to be able to share smb sessions using cli_net_use_add()
across multiple processes, where one process knows the target server
name, user name and domain, but not the smb password.
(This used to be commit 294b653f2e9cdc1864ec638ae8b4300df25723cf)
|
|
(This used to be commit 44dd3efa6380544e9a515e91960f9271498cefaf)
|
|
is pretty much independent of SMB client states, which will make it
easier to add other transports.
(This used to be commit a1ff7e8fc3129ba4a04722f977bc2d3725d13624)
|
|
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)
soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api! cool!
the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
(This used to be commit 57bff6fe82d777e599d535f076efb2328ba1188b)
|
|
have we got. and what data do we have. hmm.. i wonder what the NTLMv2
user session key can be... hmmm... weell.... there's some hidden data
here, generated from the user password that doesn't go over-the-wire,
so that's _got_ to be involved. and... that bit of data took a lot of
computation to produce, so it's probably _also_ involved... and md4 no, md5?
no, how about hmac_md5 yes let's try that one (the other's didn't work)
oh goodie, it worked!
i love it when this sort of thing happens. took all of fifteen minutes to
guess it. tried concatenating client and server challenges. tried
concatenating _random_ bits of client and server challenges. tried
md5 of the above. tried hmac_md5 of the above. eventually, it boils down
to this:
kr = MD4(NT#,username,domainname)
hmacntchal=hmac_md5(kr, nt server challenge)
sess_key = hmac_md5(kr, hmacntchal);
(This used to be commit ab174759cd210fe1be888d0c589a5b2669f7ff1e)
|
|
(This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7)
|
|
However, it seems that the -s flag
in smbclient is also ignored :-(
(This used to be commit f6c78192664d611d4663ed7459a2789315861eec)
|
|
LsaLookupSids etc from within SamrQueryAliasMembers, for example.
fnum is now a parameter to client functions. thanks to mike black
for starting the ball rolling.
(This used to be commit bee8f7fa6b0f7f995f71303f4e14a4aaed0c2437)
|
|
client/client.c:
include/client.h: Added some debug messages that the old client used to
generate. These are needed to make scripts such as
'findsmb' work - there may be other changes to keep
backwards output compatibility. Do we need a -old-client-compat
argument ?
libsmb/clientgen.c: Fixed crash bug where malloc'ed data wasn't being
cleared - corrupted malloc chains.
web/swat.c: John's changes to get rid of "ghost" table entries.
(This used to be commit 3c45a3503ea57d17e98eb3e57514161a5c82e45e)
|
|
client/client.c:
client/clitar.c:
include/client.h:
smbwrapper/smbw_dir.c:
smbwrapper/smbw_stat.c:
smbwrapper/smbw.c:
lib/util.c: Converted all use of 'mode' to uint16.
smbd/quotas.c: Fixed stupid comment bug I put in there :-(.
printing/printing.c: Fix from J.F. to new code.
Jeremy.
(This used to be commit bacd3e9d2036a804e73644a28fc498f229c8446c)
|
|
changes uses the unique index number from a SMB_QUERY_FILE_ALL_INFO to
try to provide inode numbers. If it is 0 then use the hash of the
filename as before.
(This used to be commit 2565ccf9de9d5e80fdb5bcadbc7130faba386d95)
|
|
AS/U:
it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack
response, when they should be set in a (small) packet. they also,
in the bind/ack do not set a secondary address string at all, so
we can't check against that...
Win95:
client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState"
and has slightly different pipe-naming (\PIPE\LANMAN is joined by
\PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN
and \PIPE\).
Win95-USRMGR.EXE:
added LsaOpenPolicy (renamed existing to LsaOpenPolicy2).
added SamrConnect (renamed existing to SamrConnect2).
(This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655)
|
|
(This used to be commit 69f5f9f88935de1f63ffc9aa19c0629b395e66e6)
|
|
(This used to be commit 32d0f5e4a564686ad6b270dd24423ee49a81f223)
|
|
(This used to be commit 62fdeef1b79c5c4c9bf0e860881651711bb80b9a)
|
|
You can print using "cp filename /smb/SERVER/PRINTER/jobname"
You can list the current printqueue using ls
(This used to be commit 080fb61b69620e26e8122705383dc2bd0468a519)
|
|
(This used to be commit cc1a0cf82b25e259c35f8accbb948814cc28a9ba)
|
|
read/write requests for large reads. up to max_mux requests may be
outstanding. This gives _much_ better throughput and should allow
smbsh to saturate just about any network.
this is an implementation of the "fast SMB" method I described on the
CIFS list a couple of months back.
(This used to be commit c728d1c5d6e4626d2f8e318eab4df32acc8cb505)
|