summaryrefslogtreecommitdiff
path: root/source3/include/client.h
AgeCommit message (Collapse)AuthorFilesLines
2003-03-09Change the way we sign SMB packets, to a function pointer interface.Andrew Bartlett1-6/+7
The intention is to allow for NTLMSSP and kerberos signing of packets, but for now it's just what I call 'simple' signing. (aka SMB signing per the SNIA spec) Andrew Bartlett (This used to be commit b9cf95c3dc04a45de71fb16e85c1bfbae50e6d8f)
2003-02-16Add the 'session key' output of the NTLMSSP exchange to the cli struct, soAndrew Bartlett1-0/+4
it can be used for 'net rpc join'. Also fix a bug in our server-side NTLMSSP code - a client without any domain trust links to us may calculate the NTLMv2 response with "" as the domain. Andrew Bartlett (This used to be commit ddaa42423bc952e59b95362f5f5aa7cca10d1ad4)
2003-02-09(only for HEAD at the moment).Andrew Bartlett1-1/+1
Add NTLMv2 support to our client, used when so configured ('client use NTLMv2 = yes') and only when 'client use spengo = no'. (A new option to allow the client and server ends to chose spnego seperatly). NTLMv2 signing doesn't yet work, and NTLMv2 is not done for NTLMSSP yet. Also some parinoia checks in our input parsing. Andrew Bartlett (This used to be commit 85e9c060eab59c7692198f14a447ad59f05af437)
2003-02-01We now have client-side SMB signing support!Andrew Bartlett1-0/+1
This checking allows us to connect to Microsoft servers the use SMB signing, within a few restrictions: - I've not get the NTLMSSP stuff going - it appears to work, but if you break the sig - say by writing a zero in it - it still passes... - We don't currently verfiy the server's reply - It works against one of my test servers, but not the other... However, it provides an excellent basis to work from. Enable it with 'client signing' in your smb.conf. Doc to come (tomorrow) and this is not for 3.0, till we get it complete. The CIFS Spec is misleading - the session key (for NTLMv1 at least) is the standard session key, ie MD4(NT#). Thanks to jra for the early work on this. Andrew Bartlett (This used to be commit 1a2738937e3d80b378bd0ed33cd8d395fba2d3c3)
2002-12-10Fix client large file reporting.Jeremy Allison1-1/+1
Jeremy (This used to be commit 185804ac945e717a5e3d3602e8118b35080f6251)
2002-10-01Cope with rw errors and timeout to peer.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 736a7bab487d7e217eed452e2089adb6b4164ad5)
2002-10-01Added error string for server timeout on client call.Jeremy Allison1-0/+1
Jeremy. (This used to be commit abeebf33c132c4975ac5dadde57c22176ddc9fda)
2002-08-26Header file change from last commit.Andrew Bartlett1-0/+1
(This used to be commit a760bca56a55b119cf399c5ac6f8b0db418be2e0)
2002-06-25Update cli_full_connection() to take a 'flags' paramater, and try to get aAndrew Bartlett1-0/+4
few more places to use it. Andrew Bartlett (This used to be commit 23689b0746d5ab030d8693abf71dd2e80ec1d7c7)
2002-06-16Fix up some of the SMB signing code:Andrew Bartlett1-0/+1
The problem was that *all* packets were being signed, even packets before signing was set up. (This broke the session request). This fixes it to be an 'opt in' measure - that is, we only attempt to sign things after we have got a valid, non-guest session setup as per the CIFS spec. I've not tested this against an MS server, becouse my VMware is down, but at least it doesn't break the build farm any more. Andrew Bartlett (This used to be commit 1dc5a8765876c1ca822e454651f8fd4a551965e9)
2002-06-14More of SMB signing for client - not yet finished (should be harmless).Jeremy Allison1-1/+2
Jeremy. (This used to be commit c1b20db4bb4bb1ba485466f50b9795470027327c)
2002-06-12Removed eff_name field from cli_struct as it wasn't being used anywhere.Tim Potter1-1/+0
(This used to be commit aff65bf6c9f339ae1d3122d12114005c017b9b5d)
2002-05-31Removed some unused variables - tidy up some formating, add struct toJeremy Allison1-0/+9
client state to implement smb signing - this is a test at present. Jeremy. (This used to be commit a234e303558a25c4ea26b7f6788006e4fee651bf)
2002-02-16Removed some random crap that isn't used anymore.Tim Potter1-1/+0
(This used to be commit 3fb3bc0a1546dadb24231065b422349bd199e1bf)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-02struct cli_state remembers the pipe name that it's talking to, if any,Martin Pool1-0/+3
so that we can print it in later debug messages. (This used to be commit 37ae84f782e1de6fcea92acb2189683cdf8e7e92)
2001-11-27prevent a memory leak of cli structuresAndrew Tridgell1-0/+4
(This used to be commit 911c57403bd116405876e73913ad73efd15f659b)
2001-11-25oops, I forgot to include the header fileAndrew Bartlett1-0/+2
(This used to be commit c28956d8601c103c3f8dab4253de80e6a00a02d7)
2001-10-22a quick fix to get rpcclient working again. This just disablesAndrew Tridgell1-0/+1
NTLMSSP in cli_establish_connection() What we really need to do is kill off the pwd_cache code. It is horrible, and assumes the challenge comes in the negprot reply. (This used to be commit 3f919b4360b3bfcc133f7d88bc5177e9d93f2db2)
2001-10-12added NTLMSSP authentication to libsmb. It seems to work well so I have ↵Andrew Tridgell1-1/+1
enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM (This used to be commit 076aa97bee54d182288d9e93ae160ae22a5f7757)
2001-10-11initial kerberos/ADS/SPNEGO support in libsmb and smbclient. ToAndrew Tridgell1-1/+2
activate you need to: - install krb5 libraries - run configure - build smbclient - run kinit to get a TGT - run smbclient with the -k option to choose kerberos auth (This used to be commit d33057585644e1337bac743e25ed7653bfb39eef)
2001-09-25added a little smbtorture test for dumping the unicode table of aAndrew Tridgell1-1/+1
server. This is just a framework right now - I want this to eventually replace the win32 test code from monyo The interesting this about this test is that it shows up a really horrible performance bug in our stat cache code. I'll see if I can fix it. (This used to be commit eb668b54af4925194c07b217724657f406ec00d0)
2001-08-10Removed nt_error field from cli_state as it was not used anywhere.Tim Potter1-1/+0
(This used to be commit 589aaa5fb1ac55d8b0d5ae95921f071eb6ddacf6)
2001-06-18added a oplock break handler hook to the client code, this allows for more ↵Andrew Tridgell1-0/+3
complete testing of oplocks from smbtorture and would also be essential if a client app ever really did want to use oplocks properly (This used to be commit 3d4a3bfacd9ef225aeaab801e5a216d12814b60a)
2001-03-10to use the same macros in the client and server rename the CLISTR_Andrew Tridgell1-7/+0
macros to STR_ (This used to be commit 95c9e4e0ba8f37f565aaf136f41eb76489441ff7)
2001-02-26made some LANMAN1 wildcard progressAndrew Tridgell1-0/+1
it now handles -M LANMAN1 -f '.x' -m '?x' nicely (This used to be commit e7ccb9be6da9b1426eb136b4a0a1171232471768)
2001-02-21added support for a CLISTR_ASCII flag so we can use a uniformAndrew Tridgell1-0/+1
interface for ascii-only fields (This used to be commit cdf0316610803e6743936b29f232b32f9ec81422)
2001-02-20initial client side unicode support (needed for netapp filer)Andrew Tridgell1-0/+6
I've currently got this code disabled by default as it is incomplete. You enable it by setting a USE_UNICODE environment variable. Once the support is complete this check will be removed and the CAP_UNICODE capability bit will be the sole determination of whether the client library code uses unicode right now I have converted session_setup and tconx. I will do more fns over the next few days. see clistr.c for the new client side string interface. Luckily it tends to make the code smaller and neater while adding unicode support. (This used to be commit e1a04e621f1c28d8e6e543d43741ca0272e2237f)
2000-11-16Ok - fixed a bug in our levelII oplock code. We need to break a level II onJeremy Allison1-0/+1
a byte range lock (write lock only, but Win2k breaks on read lock also so I do the same) - if you think about why, this is obvious. Also fixed our client code to do level II oplocks, if requested, and fixed the code where we would assume the client wanted level II if it advertised itself as being level II capable - it may not want that. Jeremy. (This used to be commit 213cd0b5192307cd4b0026cae94b2f52fb1b0c02)
2000-07-27Ok - this is a *BIG* change - but it fixes the problems with static stringsJeremy Allison1-0/+2
in the RPC code. This change was prompted by trying to save a long (>256) character comment in the printer properties page. The new system associates a TALLOC_CTX with the pipe struct, and frees the pool on return of a complete PDU. A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx code, and is freed in the main loop. This code works with insure, and seems to be free of memory leaks and crashes (so far) but there are probably the occasional problem with code that uses UNISTRxx structs on the stack and expects them to contain storage without doing a init_unistrXX(). This means that rpcclient will probably be horribly broken. A TALLOC_CTX also needed associating with the struct cli_state also, to make the prs_xx code there work. The main interface change is the addition of a TALLOC_CTX to the prs_init calls - used for dynamic allocation in the prs_XXX calls. Now this is in place it should make dynamic allocation of all RPC memory on unmarshall *much* easier to fix. Jeremy. (This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4)
2000-07-03first pass at merging rpcclient from TNG to HEAD. You can get aGerald Carter1-0/+2
semi-connection and a rpcclient prompt, but no functionality there yet. Will be a few more days on that. The changes to the header files were minor. A few struct's and a few additional fields to existing ones. No deletions. **minimal change necessary** :-) Well, maybe not minimal, but I tried. All other programs compile, link and run ok from what I can tell so I don;t think I broke anything. --jerry (This used to be commit cd7f0b0b91afd3331c0607ba2fcb3ccdd41ecebf)
2000-04-30YIPEE!!!!!Andrew Tridgell1-0/+1
We finally have a perfect emulation of Microsoft wildcard matching. The routine ms_fnmatch() does wildcard matching with all MS wildcards (including the unicode wildcards), and masktest against a NT4 workstation with hundreds of thousands of random exmaples has not found a single error. amazingly it is only about 60 lines of code, but it has taken us years to get it right. I didn't sleep much last night :) (This used to be commit cc9e007cdfdd300189f89e2a55e4234e47fa842d)
2000-01-03simple mods to add msrpc pipe redirection. default behaviour: fall backLuke Leighton1-15/+0
to using internal msrpc code in smbd. (This used to be commit 8976e26d46cb991710bc77463f7f928ac00dd4d8)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-16/+27
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-08ABOUT TIME!!!!!!!!Luke Leighton1-33/+3
damn, this one is bad. started, at least two days ago, to add an authentication mechanism to the smbd<->msrpc redirector/relay, such that sufficient unix / nt information could be transferred across the unix socket to do a become_user() on the other side of the socket. it is necessary that the msrpc daemon inherit the same unix and nt credentials as the smbd process from which it was spawned, until such time as the msrpc daemon receives an authentication request of its own, whereupon the msrpc daemon is responsible for authenticating the new credentials and doing yet another become_user() etc sequence. (This used to be commit 30c7fdd6ef10ecd35594311c1b250b95ff895489)
1999-12-03starting "connection reuse" system in smb-agent. added version numberLuke Leighton1-0/+1
which isn't actually used right now :-) (This used to be commit d54a64ae3ab7cdc1ac67fb49f7255e6a106d624e)
1999-12-03cool! a unix socket smb redirector. code based on smbfilter andLuke Leighton1-0/+1
ideas from ssh-agent. the intent is to be able to share smb sessions using cli_net_use_add() across multiple processes, where one process knows the target server name, user name and domain, but not the smb password. (This used to be commit 294b653f2e9cdc1864ec638ae8b4300df25723cf)
1999-11-29first attempt at getting \PIPE\NETLOGON working. it's pretty horrible.Luke Leighton1-3/+0
(This used to be commit 44dd3efa6380544e9a515e91960f9271498cefaf)
1999-11-27further abstraction involving client states. main client-side codeLuke Leighton1-0/+2
is pretty much independent of SMB client states, which will make it easier to add other transports. (This used to be commit a1ff7e8fc3129ba4a04722f977bc2d3725d13624)
1999-11-24ok. *whew*. this is the first completed part of the restructure.Luke Leighton1-6/+14
verified that lsaquery, lsalookupsids work, and found some bugs in the parameters of these commands :-) soo... we now have an lsa_* api that has the same arguments as the nt Lsa* api! cool! the only significant coding difference is the introduction of a user_credentials structure, containing user, domain, pass and ntlmssp flags. (This used to be commit 57bff6fe82d777e599d535f076efb2328ba1188b)
1999-11-21you know what? this sort of thing makes me laugh. hmm, what functionsLuke Leighton1-0/+2
have we got. and what data do we have. hmm.. i wonder what the NTLMv2 user session key can be... hmmm... weell.... there's some hidden data here, generated from the user password that doesn't go over-the-wire, so that's _got_ to be involved. and... that bit of data took a lot of computation to produce, so it's probably _also_ involved... and md4 no, md5? no, how about hmac_md5 yes let's try that one (the other's didn't work) oh goodie, it worked! i love it when this sort of thing happens. took all of fifteen minutes to guess it. tried concatenating client and server challenges. tried concatenating _random_ bits of client and server challenges. tried md5 of the above. tried hmac_md5 of the above. eventually, it boils down to this: kr = MD4(NT#,username,domainname) hmacntchal=hmac_md5(kr, nt server challenge) sess_key = hmac_md5(kr, hmacntchal); (This used to be commit ab174759cd210fe1be888d0c589a5b2669f7ff1e)
1999-06-29improving authentication code (tidyup).Luke Leighton1-8/+19
(This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7)
1999-01-25Putting back the -p flag in smbclient.Richard Sharpe1-0/+1
However, it seems that the -s flag in smbclient is also ignored :-( (This used to be commit f6c78192664d611d4663ed7459a2789315861eec)
1998-12-07removed nt_pipe_fnum from struct cli_state. need to be able to callLuke Leighton1-1/+0
LsaLookupSids etc from within SamrQueryAliasMembers, for example. fnum is now a parameter to client functions. thanks to mike black for starting the ball rolling. (This used to be commit bee8f7fa6b0f7f995f71303f4e14a4aaed0c2437)
1998-11-12.cvsignore: Removed old entries.Herb Lewis1-0/+9
client/client.c: include/client.h: Added some debug messages that the old client used to generate. These are needed to make scripts such as 'findsmb' work - there may be other changes to keep backwards output compatibility. Do we need a -old-client-compat argument ? libsmb/clientgen.c: Fixed crash bug where malloc'ed data wasn't being cleared - corrupted malloc chains. web/swat.c: John's changes to get rid of "ghost" table entries. (This used to be commit 3c45a3503ea57d17e98eb3e57514161a5c82e45e)
1998-11-09Makefile.in: Removed rpc_server/srv_ldap_helpers.c per J.F.'s instructions.Jeremy Allison1-1/+1
client/client.c: client/clitar.c: include/client.h: smbwrapper/smbw_dir.c: smbwrapper/smbw_stat.c: smbwrapper/smbw.c: lib/util.c: Converted all use of 'mode' to uint16. smbd/quotas.c: Fixed stupid comment bug I put in there :-(. printing/printing.c: Fix from J.F. to new code. Jeremy. (This used to be commit bacd3e9d2036a804e73644a28fc498f229c8446c)
1998-10-24volker was concerned about unique inode numbers and smbsh. This set ofAndrew Tridgell1-9/+9
changes uses the unique index number from a SMB_QUERY_FILE_ALL_INFO to try to provide inode numbers. If it is 0 then use the hash of the filename as before. (This used to be commit 2565ccf9de9d5e80fdb5bcadbc7130faba386d95)
1998-10-15bug-fixing against:Luke Leighton1-0/+2
AS/U: it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack response, when they should be set in a (small) packet. they also, in the bind/ack do not set a secondary address string at all, so we can't check against that... Win95: client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState" and has slightly different pipe-naming (\PIPE\LANMAN is joined by \PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN and \PIPE\). Win95-USRMGR.EXE: added LsaOpenPolicy (renamed existing to LsaOpenPolicy2). added SamrConnect (renamed existing to SamrConnect2). (This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655)
1998-10-14dce/rpcLuke Leighton1-0/+1
(This used to be commit 69f5f9f88935de1f63ffc9aa19c0629b395e66e6)
1998-10-09dce/rpcLuke Leighton1-1/+1
(This used to be commit 32d0f5e4a564686ad6b270dd24423ee49a81f223)