summaryrefslogtreecommitdiff
path: root/source3/include/client.h
AgeCommit message (Collapse)AuthorFilesLines
2008-04-21Remove the "pwd" struct from rpc_pipe_clientVolker Lendecke1-1/+0
The only user of this was decrypt_trustdom_secret, and this only needs the NT hash anyway. (This used to be commit 3d8c2a47e677a4c4aacf4abf148b1bd8163c3351)
2008-04-20Refactoring: Move stuff around for creating a pipeVolker Lendecke1-4/+4
(This used to be commit 45be749ed69f8c1ad3ebe8ea1f35c806db2ed5d0)
2008-04-20Remove the pipe_idx variable from rpc_pipe_clientVolker Lendecke1-1/+3
(This used to be commit 4840febcd481563c3d9b2fabc1fe1b2ae5a76cf6)
2008-04-20Move srv_name_slash from cli_state to rpc_pipe_clientVolker Lendecke1-1/+1
(This used to be commit a9061e52e1ff8e31aa480f4a30cda64c9d93214e)
2008-04-20Add "desthost" to rpc_pipe_clientVolker Lendecke1-0/+2
This reduces the dependency on cli_state (This used to be commit 783afab9c891dd7bcb78895b2a639b6f3a0edf5b)
2008-04-20Refactoring: Make struct rpc_pipe_client its own talloc parentVolker Lendecke1-2/+0
(This used to be commit a6d74a5a562b54f0b36934965f545fdeb1e8b34a)
2008-04-08Add CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS define.Günther Deschner1-0/+1
This allows to switch on the cli->fallback_after_kerberos switch. Guenther (This used to be commit 15ba45e567d910c1b2336dcc0c475e12b082f30f)
2008-03-12For convenience reasons, always create cli->srv_name_slash in the rpc_client.Günther Deschner1-0/+1
Guenther (This used to be commit 6363c383d6989d2dfb2ee488ffa7aeb128c5385b)
2008-03-06Add infrastructure to support async SMB requestsVolker Lendecke1-0/+30
(This used to be commit e2153301351559f30f2714345f4c1ca6c5f1a45f)
2008-03-01Revert "Add infrastructure to support async SMB requests"Volker Lendecke1-30/+0
This reverts commit f5356825698a02df2d400b51dd95d1f857c83e81. (This used to be commit 5f53a62be8a21b8d92ac44b18d202882500356e8)
2008-02-28Add infrastructure to support async SMB requestsVolker Lendecke1-0/+30
(This used to be commit f5356825698a02df2d400b51dd95d1f857c83e81)
2008-02-28Don't define SMB_TRANS_ENC_GSS if we don't have KRB5.Jeremy Allison1-1/+6
Jeremy. (This used to be commit 6f2b33f6072629be393f88d4450fa6631ef672f6)
2007-12-26Add SMB encryption. Still fixing client decrypt butJeremy Allison1-0/+26
negotiation works. Jeremy. (This used to be commit d78045601af787731f0737b8627450018902b104)
2007-12-06Remove pstrings from client/client.c by doing a large rewrite.Jeremy Allison1-3/+2
Mostly compiles.... Jeremy. (This used to be commit c87f3eba9aa52f4ab25d77e2167262bf5c43b1a6)
2007-11-29Remove the explicit TALLOC_CTX * from cli_struct.Jeremy Allison1-3/+6
Make us very explicit about how long a talloc ctx should last. Jeremy. (This used to be commit ba9e2be2b5a59684e854609f9d82ea1633448c62)
2007-11-05Remove the horror that was the global smb_rw_error.Jeremy Allison1-1/+1
Each cli struct has it's own local copy of this variable, so use that in client code. In the smbd server, add one static to smbd/proccess.c and use that inside smbd. Fix a bunch of places where smb_rw_error could be set by calling read_data() in places where we weren't reading from the SMB client socket (ie. winbindd). Jeremy. (This used to be commit 255c2adf7b6ef30932b5bb9f142ccef4a5d3d0db)
2007-11-03Remove the smb_read_error global variable and replaceJeremy Allison1-1/+2
it with accessor functions. "One global or pstring a day...." :-). Jeremy. (This used to be commit d50d14c300abc83b7015718ec48acc8b3227a273)
2007-11-02Change the client library to write directly out ofJeremy Allison1-0/+1
the incoming buffer in the non-signed case. Speeds up writes by over 10% or so. Complete the server recvfile implementation. Jeremy. (This used to be commit 81ca5853b2475f123faab3b550f0a7b24ae3c208)
2007-10-24This is a large patch (sorry). Migrate from struct in_addrJeremy Allison1-1/+1
to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-10/+10
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10[GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch.Gerald (Jerry) Carter1-24/+0
(This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r22920: Add in the UNIX capability for 24-bit readX, as discussedJeremy Allison1-0/+2
with the Apple guys and Linux kernel guys. Still looking at how to do writeX as there's no recvfile(). Jeremy. (This used to be commit a53268fb2082de586e2df250d8ddfcff53379102)
2007-10-10r21991: I hate Steve French :-). Add support for encryptionJeremy Allison1-0/+1
contexts.... Jeremy. (This used to be commit ae8f3649f773b8a8dcb55921536d038d3475322e)
2007-10-10r21969: Start working on the gss-side of the server negotiation.Jeremy Allison1-1/+8
Jeremy. (This used to be commit fbc569b530104679e47fe743963eb0c4384de6ae)
2007-10-10r21926: Fix missing enum specifier pointed out by Don McCall @ HP.Jeremy Allison1-1/+1
Thanks Don ! Jeremy. (This used to be commit 662344d1ec3593689de7602afa518ed98e10dc37)
2007-10-10r21917: Start to do the gss versions of sign+seal.Jeremy Allison1-2/+2
Jeremy. (This used to be commit a226645353a40047b72de1b96c3a7676a2bf1034)
2007-10-10r21880: Make client and server calls into encryption code symetrical,Jeremy Allison1-0/+1
depending on encryption context pointer. Jeremy. (This used to be commit d3f3ced6c8a03d971143baf878158d671dfcbc3b)
2007-10-10r21876: Start adding in the seal implementation - prototype codeJeremy Allison1-2/+16
for the server side enc. (doesn't break anything). I'll keep updating this until I've got NTLM seal working on both client and server, then add in the gss level seal. Jeremy. (This used to be commit 530ac29abf23e920baa549e7cec55199edd8bd74)
2007-10-10r21768: Fix the client dfs code such that smbclient canJeremy Allison1-15/+15
process deep dfs links (ie. links that go to non root parts of a share). Make the directory handling conanonical in POSIX and Windows pathname processing. dfs should not be fully working in client tools. Please bug me if not. Jeremy. (This used to be commit 1c9e10569cd97ee41de39f9f012bea4e4c932b5d)
2007-10-10r18969: Fix typo.Günther Deschner1-1/+1
Guenther (This used to be commit 31f21282cd5fb27c867615790e7fd27df4cd4c0e)
2007-10-10r17800: Start using struct timespec internally for file timesJeremy Allison1-3/+3
on the wire. This allows us to go to nsec resolution for systems that support it. It should also now be easy to add a correct "create time" (birth time) for systems that support it (*BSD). I'll be watching the build farm closely after this one for breakage :-). Jeremy. (This used to be commit 425280a1d23f97ef0b0be77462386d619f47b21d)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-4/+0
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r15162: Patch for bug #3668. Windows has a bug with LARGE_READXJeremy Allison1-1/+3
where if you ask for exactly 64k bytes it returns 0. Jeremy. (This used to be commit dcef65acb5bc08ea4b61ef490a518b7e668ff2ee)
2007-10-10r10964: BUG 1051: store the directory path so we can send the full name in ↵Gerald Carter1-0/+1
the unlink call (del tmp\foo) (This used to be commit 49b8d7d7f5ed93a2b9b21404194452f35bcf7b26)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-32/+26
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter1-10/+25
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r5518: Add initial msdfs support to smbclient. Currently I can onlyGerald Carter1-0/+1
cd up and down the tree and get directory listings. Still have to figure out how to get a directory listing on a 2k dfs root. Also have to work out some issues with relative paths that cross dfs mount points. We're protected from the new code paths when connecting to a non-dfs root share ( the flag from the tcon&X is stored in the struct cli_state* ) (This used to be commit e57fd2c5f00de2b11a2b44374830e89a90bc0022)
2007-10-10r4970: Fix for bug 2092, allowing fallback after kerberos and allowJeremy Allison1-0/+1
gnome vfs to prevent auto-anonymous logon. Jeremy. (This used to be commit 843e85bcd978d025964c4d45d9a3886c7cf7f63c)
2007-10-10r4570: Replace cli->nt_pipe_fnum with an array of NT file numbers, one for eachVolker Lendecke1-1/+1
supported pipe. Netlogon is still special, as we open that twice, one to do the auth2, the other one with schannel. The client interface is completely unchanged for those who only use a single pie. cli->pipe_idx is used as the index for everything except the "real" client rpc calls, which have been explicitly converted in my last commit. Next step is to get winbind to just use a single smb connection for multiple pipes. Volker (This used to be commit dc294c52e0216424236057ca6cd35e1ebf51d0da)
2007-10-10r4186: Fix client & server to allow 127k READX calls.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 831cb21a874601e4536c2cf76c5351e1d0defcb5)
2007-10-10r1154: Change default setting for case sensitivity to "auto". If set to autoJeremy Allison1-0/+1
then is the client supports it (current clients supported are Samba and CIFSVFS - detected by the negprot strings "Samba", "POSIX 2" and a bare "NT LM 0.12" string) then the setting of the per packet flag smb_flag FLAG_CASELESS_PATHNAMES is taken into account per packet. This allows the linux CIFS client to use Samba in a case sensitive manner. Additional command in smbclient "case_sensitive", toggles the flag in subsequent packets. Docs to follow. Jeremy. (This used to be commit cf84c0fe1a061acc0313f7db124b8f947cdf623d)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-2/+2
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-07-16Refactor signing code to remove most dependencies on 'struct cli'.Jeremy Allison1-12/+0
Ensure a server can't do a downgrade attack if client signing is mandatory. Add a lp_server_signing() function and a 'server signing' parameter that will act as the client one does. Jeremy (This used to be commit 203e4bf0bfb66fd9239e9a0656438a71280113cb)
2003-07-15Added the "required" keyword to the "client signing" parameter to force itJeremy Allison1-1/+1
on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing to add signing on server side. Jeremy. (This used to be commit c390b3e4cd68cfc233ddf14d139e25d40f050f27)
2003-07-14Jeremy requested that I get my NTLMSSP patch into CVS. He didn't requestAndrew Bartlett1-5/+10
the schannel code, but I've included that anyway. :-) This patch revives the client-side NTLMSSP support for RPC named pipes in Samba, and cleans up the client and server schannel code. The use of the new code is enabled by the 'sign', 'seal' and 'schannel' commands in rpcclient. The aim was to prove that our separate NTLMSSP client library actually implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation, in the hope that knowing this will assist us in correctly implementing NTLMSSP signing for SMB packets. (Still not yet functional) This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with calls to libsmb/ntlmssp.c. In the process, we have gained the ability to use the more secure NT password, and the ability to sign-only, instead of having to seal the pipe connection. (Previously we were limited to sealing, and could only use the LM-password derived key). Our new client-side NTLMSSP code also needed alteration to cope with our comparatively simple server-side implementation. A future step is to replace it with calls to the same NTLMSSP library. Also included in this patch is the schannel 'sign only' patch I submitted to the team earlier. While not enabled (and not functional, at this stage) the work in this patch makes the code paths *much* easier to follow. I have also included similar hooks in rpccleint to allow the use of schannel on *any* pipe. rpcclient now defaults to not using schannel (or any other extra per-pipe authenticiation) for any connection. The 'schannel' command enables schannel for all pipes until disabled. This code is also much more secure than the previous code, as changes to our cli_pipe routines ensure that the authentication footer cannot be removed by an attacker, and more error states are correctly handled. (The same needs to be done to our server) Andrew Bartlett (This used to be commit 5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19)
2003-04-09This is the netlogon schannel client code. Try aVolker Lendecke1-0/+6
rpcclient -S pdc -U% -c "samlogon user password" and it should work with the schannel. Needs testing against platforms different from NT4SP6. Volker (This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8)
2003-03-18Merge from HEAD:Andrew Bartlett1-6/+7
A much better SMB signing module, that allows for mulitple signing algorithms and correctly backs down from signing when the server cannot sign the reply. This also attempts to enable SMB signing on NTLMSSP connections, but I don't know what NTLMSSP flags to set yet. This would allow 'client use signing' to be set by default, for server compatability. (A seperate option value should be provided for mandetory signing, which would not back down). Andrew Bartlett (This used to be commit 1c87be7a3d127201a6ab78d22d17c971af16b86b)
2003-03-17Merge from HEAD:Andrew Bartlett1-2/+2
signed/unsigned (mostly i counters) a little bit of const. Andrew Bartlett (This used to be commit 50f0ca752e5058c4051f42a9337361373ba1f727)