summaryrefslogtreecommitdiff
path: root/source3/libsmb/cliconnect.c
AgeCommit message (Collapse)AuthorFilesLines
2003-09-09sync 3.0 into HEAD for the last timeGerald Carter1-37/+77
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
2003-08-02port latest changes from SAMBA_3_0 treeSimo Sorce1-10/+24
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
2003-07-16trying to get HEAD building again. If you want the codeGerald Carter1-22/+91
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE (This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
2003-05-21fix for UNICODE plaintext passwords (bug #59) and fix smbclient to send the ↵Gerald Carter1-3/+16
unicode plain text password if negoitated (This used to be commit 207186e1c8ff0aac2a2aba9c4037d0be0c4819c8)
2003-05-14spellingTim Potter1-1/+1
(This used to be commit 249a6974702d050644d6d61f33f0034ce2a689ee)
2003-04-04Some more good stuff from coolo.Richard Sharpe1-0/+71
(This used to be commit 41b320ffc560117c0184999e30cc69723f40acbe)
2003-03-29added a simple test for the old SMBtcon interfaceAndrew Tridgell1-1/+42
(This used to be commit c95ae394c5dfe5e0fcc658119213b17bcb95fab5)
2003-03-15Specify buffer sizesAndrew Bartlett1-2/+2
(This used to be commit aa12379b3fd9646199a8ff3f217ec7dfef1942a5)
2003-03-10Further work on NTLMSSP-based SMB signing. Current status is that I cannnotAndrew Bartlett1-6/+41
get Win2k to send a valid signiture in it's session setup reply - which it will give to win2k clients. So, I need to look at becoming 'more like MS', but for now I'll get this code into the tree. It's actually based on the TNG cli_pipe_ntlmssp.c, as it was slightly easier to understand than our own (but only the utility functions remain in any way intact...). This includes the mysical 'NTLM2' code - I have no idea if it actually works. (I couldn't get TNG to use it for its pipes either). Andrew Bartlett (This used to be commit a034a5e381ba5612be21e2ba640d11f82cd945da)
2003-03-09Change the way we sign SMB packets, to a function pointer interface.Andrew Bartlett1-44/+3
The intention is to allow for NTLMSSP and kerberos signing of packets, but for now it's just what I call 'simple' signing. (aka SMB signing per the SNIA spec) Andrew Bartlett (This used to be commit b9cf95c3dc04a45de71fb16e85c1bfbae50e6d8f)
2003-03-05Connectathon fix. W2K -> W2K over port 445 doing a tconX does the fullJeremy Allison1-7/+2
\\server\share syntax, not just a "share" tconX syntax. This broke interop with a vendor. Jeremy. (This used to be commit 9d7ea5585c873156ede4b56e43a0d4d75077283a)
2003-02-24Patch from Luke Howard to add mutual kerberos authentication, and SMB sessionAndrew Bartlett1-1/+1
keys for kerberos authentication. Andrew Bartlett (This used to be commit 8b798f03dbbdd670ff9af4eb46f7b0845c611e0f)
2003-02-21Doesn't anyone run ./configure.developer anymore?Tim Potter1-1/+1
(This used to be commit 09be123c6c1b67621eaf6c8ffb3016eccd375e5b)
2003-02-19Only do a kinit if we got told to use kerberos.Andrew Bartlett1-12/+12
Andrew Bartlett (This used to be commit 6af9ec50e010d171cf5287f40ec774e79e4a93fe)
2003-02-16Add the 'session key' output of the NTLMSSP exchange to the cli struct, soAndrew Bartlett1-0/+11
it can be used for 'net rpc join'. Also fix a bug in our server-side NTLMSSP code - a client without any domain trust links to us may calculate the NTLMv2 response with "" as the domain. Andrew Bartlett (This used to be commit ddaa42423bc952e59b95362f5f5aa7cca10d1ad4)
2003-02-15Move our NTLMSSP client code into ntlmssp.c. The intention is to provide aAndrew Bartlett1-113/+66
relitivly useful external lib from this code, and to remove the dupicate NTLMSSP code elsewhere in samba (RPC pipes, LDAP client). The code I've replaced this with in cliconnect.c is relitivly ugly, and I hope to replace it with a more general SPENGO layer at some later date. Andrew Bartlett (This used to be commit b2b66909ac2e251f8189e0696b6075dbf748521a)
2003-02-15Antti Andreimann <Antti.Andreimann@mail.ee> has done some changes to enableAndrew Bartlett1-0/+22
users w/o full administrative access on computer accounts to join a computer into AD domain. The patch and detailed changelog is available at: http://www.itcollege.ee/~aandreim/samba This is a list of changes in general: 1. When creating machine account do not fail if SD cannot be changed. setting SD is not mandatory and join will work perfectly without it. 2. Implement KPASSWD CHANGEPW protocol for changing trust password so machine account does not need to have reset password right for itself. 3. Command line utilities no longer interfere with user's existing kerberos ticket cache. 4. Command line utilities can do kerberos authentication even if username is specified (-U). Initial TGT will be requested in this case. I've modified the patch to share the kinit code, rather than copying it, and updated it to current CVS. The other change included in the original patch (local realms) has been left out for now. Andrew Bartlett (This used to be commit ce52f1c2ed4d3ddafe8ae6258c90b90fa434fe43)
2003-02-14Further extract our NTLMv2 code into smbencrypt.c, prior to merge into ourAndrew Bartlett1-32/+20
NTLMSSP client code. Andrew Bartlett (This used to be commit eaa8e7d1f82b30e7af14a0a58d7ca3eb66a06053)
2003-02-10Clean up our NTLMv2 code by moving the grunt work into a helper function.Andrew Bartlett1-41/+7
Andrew Bartlett (This used to be commit 6789e237d7b070624ba09e7ed43680b838337b74)
2003-02-09(only for HEAD at the moment).Andrew Bartlett1-31/+107
Add NTLMv2 support to our client, used when so configured ('client use NTLMv2 = yes') and only when 'client use spengo = no'. (A new option to allow the client and server ends to chose spnego seperatly). NTLMv2 signing doesn't yet work, and NTLMv2 is not done for NTLMSSP yet. Also some parinoia checks in our input parsing. Andrew Bartlett (This used to be commit 85e9c060eab59c7692198f14a447ad59f05af437)
2003-02-02Add some return values, and don't attempt signing for NTLMSSP yet (it uses aAndrew Bartlett1-3/+1
different algorithm). Andrew Bartlett (This used to be commit e6f87c7ee5c61f03f81159a8017d31f439c4454a)
2003-02-01We now have client-side SMB signing support!Andrew Bartlett1-1/+4
This checking allows us to connect to Microsoft servers the use SMB signing, within a few restrictions: - I've not get the NTLMSSP stuff going - it appears to work, but if you break the sig - say by writing a zero in it - it still passes... - We don't currently verfiy the server's reply - It works against one of my test servers, but not the other... However, it provides an excellent basis to work from. Enable it with 'client signing' in your smb.conf. Doc to come (tomorrow) and this is not for 3.0, till we get it complete. The CIFS Spec is misleading - the session key (for NTLMv1 at least) is the standard session key, ie MD4(NT#). Thanks to jra for the early work on this. Andrew Bartlett (This used to be commit 1a2738937e3d80b378bd0ed33cd8d395fba2d3c3)
2003-01-15Refactor the NTLMSSP code again - this time we use function pointers toAndrew Bartlett1-1/+2
eliminate the dependency on the auth subsystem. The next step is to add the required code to 'ntlm_auth', for export to Squid etc. Andrew Bartlett (This used to be commit 9e48ab86da40e4c1cafa70c04fb9ebdcce23dfab)
2003-01-13Updates to our NTLMSSP code:Andrew Bartlett1-2/+2
This tries to extract our server-side code out of sessetup.c, and into a more general lib. I hope this is only a temporay resting place - I indend to refactor it again into an auth-subsystem independent lib, using callbacks. Move some of our our NTLMSSP #defines into a new file, and add two that I found in the COMsource docs - we seem to have a double-up, but I've verified from traces that the NTLMSSP_TARGET_TYPE_{DOMAIN,SERVER} is real. This code also copes with ASCII clients - not that we will ever see any here, but I hope to use this for HTTP, were we can get them. Win2k authenticates fine under forced ASCII, btw. Tested with Win2k, NTLMv2 and Samba's smbclient. Andrew Bartlett (This used to be commit b6641badcbb2fb3bfec9d00a6466318203ea33e1)
2002-12-20Fixed bug in debug statement when tconX fails.Tim Potter1-1/+1
(This used to be commit a2159610b9d38cc7cfa7cb877ccee816cd2206b8)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-26/+25
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
2002-11-08patches from UrbanGerald Carter1-0/+3
(This used to be commit da269a73edb7f637b1e1f8b3dafe677f46f66f85)
2002-11-07Merge of scalable printing code fix... Needs testing.Jeremy Allison1-1/+1
Also tidied up some of Richard's code (I don't think he uses the compiler flags -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual like I do :-) :-). Jeremy. (This used to be commit 10024ed06e9d91f24fdc78d59eef2f76bf395438)
2002-10-17Added new error codes. Fix up connection code to retry in the same wayJeremy Allison1-1/+11
that app-head does. Jeremy. (This used to be commit b521abd86b10573ca8f9116907c81e6deb55f049)
2002-10-04merge of working dsrolegetprimdominfo() client code from APP_HEADGerald Carter1-1/+1
(This used to be commit f70caa25e4ee198151b915cf2bc0a26b2d0e243d)
2002-09-28Ok, hopefully final fix for this one. abartlet told a bit about theVolker Lendecke1-7/+1
history. Volker (This used to be commit d47aff38db23815a48e64718ecb6c957101ecdac)
2002-09-28Thanks to abartlet I looked at that function a bit closer. What didVolker Lendecke1-5/+0
the first cli_push_string do? I suspect that it's a leftover from times when the password length was needed at some point. Volker (This used to be commit df906c156aea46524dedc28ee54f4e87711c7160)
2002-09-27Touching somebody else's code again... Sorry, Richard.Volker Lendecke1-2/+9
smbclient would announce that it can send UNICODE, but would send the plain text password in ASCII. This confused Samba HEAD somewhat. This change has been tested against Samba HEAD of today and Samba 2.2.1a. I do not have any other servers that do plain text passwords. Anybody? Volker (This used to be commit c7de62d839634a85295d1a0ef5a48270ef30aa93)
2002-09-23Don't uppercase the username and domain in a session setup.Tim Potter1-2/+2
(This used to be commit 0ad19825df318030b1772404570cd993fe49e40a)
2002-09-17Add clock skew handling to our kerberos code. This allows us to cope withAndrew Tridgell1-1/+1
the DC being out of sync with the local machine. (This used to be commit 0d28d769472ea3b98ae4c8757093dfd4499f6dd1)
2002-09-11Merge the cli_shutdown change from 2_2. All except one call toVolker Lendecke1-2/+0
attempt_netbios_... assumed that cli_shutdown was _not_ called on error anyway... Volker (This used to be commit f0c741594f0dad2da16b1d5692dd56a48b4157f1)
2002-09-03Fix the struct_blob.Richard Sharpe1-5/+8
(This used to be commit ce152b33c8b08905ea863d47a620c90ca47c8566)
2002-09-03Fix crashbug discovered by "Kim R. Pedersen" <krp@filanet.dk> whereJeremy Allison1-1/+7
cli struct was being deallocated in a called function. Jeremy. (This used to be commit e33e9defa657aa54594bb0c27f9be2f7b12aab1b)
2002-09-03Formatting tidyup and additon of cli_close_connection() before bugfix.Jeremy Allison1-69/+46
Jeremy. (This used to be commit 3b71529c694b5b1093d99b7ef80835e72b1f8436)
2002-09-03Fix the client side NTLMSSP. It now works between smbclient and smbd!Richard Sharpe1-3/+6
However, it does not work with Win2K over 445 with raw NTLMSSP! (This used to be commit 53e4975337be2cab3ee89f2f62e5659855365b73)
2002-09-03Parse the NTLMSSP Challenge in cliconnect.c.Richard Sharpe1-2/+28
This gets us closer ... Should have the challenge now. Need to check that it works. (This used to be commit 5784835db95baf62362d35d3beab5d534cc776e9)
2002-09-03Make sure that an NTLMSSP negotiate blob has the correct stuff in it!Richard Sharpe1-2/+3
(This used to be commit b28267f52c0a5c175b067d7c2d10eca83c20e640)
2002-09-03The session key in NTLMSSP AUTH blobs is actually an empty string.Richard Sharpe1-1/+1
Also, the negotiate blob has two ASCI strings encoded in the same way that the UNICODE strings are, they are just in ASCII. The PARSER and Generator will have to deal with that. (This used to be commit aaa7a681ce4ee52edb23c73a53aeabb07fd5b7d8)
2002-08-30convert the LDAP/SASL code to use GSS-SPNEGO if possibleAndrew Tridgell1-4/+9
we now do this: - look for suported SASL mechanisms on the LDAP server - choose GSS-SPNEGO if possible - within GSS-SPNEGO choose KRB5 if we can do a kinit - otherwise use NTLMSSP This change also means that we no longer rely on having a gssapi library to do ADS. todo: - add TLS/SSL support over LDAP - change to using LDAP/SSL for password change in ADS (This used to be commit b04e91f660d3b26d23044075d4a7e707eb41462d)
2002-08-26Some fixes for SMB signing. I can now get Win2k to correctly respond with aAndrew Bartlett1-3/+14
security signiture, but I can't get it to accept ours. Andrew Bartlett (This used to be commit 7746de6a3c5798e321ed8300f763588fa3807964)
2002-08-26Updates!Andrew Bartlett1-27/+47
- Don't print an uninitialised buffer in service.c - Change some charcnv.c functions to take smb_ucs2_t ** instead of void ** - Update NTLMv2 code to use dynamic buffers - Update experimental SMB signing code - still more work to do - Move sys_getgrouplist() to SAFE_FREE() and do a DEBUG() on initgroups() failure. Andrew Bartlett (This used to be commit de1964f7fa855022258a84556b266100b917444b)
2002-08-22move where got_sig_term and reload_after_sighup are defined.Herb Lewis1-9/+9
populate cli structure with called name and calling name even for port 445 connects. (This used to be commit 123eee6206d9afb28c169540dc63824957b505f4)
2002-08-19fixed memory corruption in cli_full_connection()Andrew Tridgell1-2/+1
(This used to be commit 7c2167182becbf72ba062230e911d55d337a4709)
2002-07-30this fixes plaintext passwords with win2000Andrew Tridgell1-3/+2
there were 2 bugs: 1) we were sending a null challenge when we should have sent an empty challenge 2) the password can be in unicode if unicode is negotiated. This means our client code was wrong too :( (This used to be commit 1a6dfddf6788b30fc81794b1bfe749693183b2c1)
2002-07-26Mimir has been busy with patches again, and sent in the followingAndrew Bartlett1-3/+2
patches: Andrew Bartlett From his e-mail: Below I attach the following patches as a result of my work on trusted domains support: 1) srv_samr_nt.c.diff This fixes a bug which caused to return null string as the first entry of enumerated accounts list (no matter what entry, it was always null string and rid) and possibly spoiled further names, depeding on their length. I found that while testing my 'net rpc trustdom list' against nt servers and samba server. 2) libsmb.diff Now, fallback to anonymous connection works correctly. 3) smbpasswd.c.diff Just a little fix which actually allows one to create a trusting domain account using smbpasswd 4) typos.diff As the name suggests, it's just a few typos fix :) (This used to be commit 888d595fab4f6b28318b743f47378cb7ca35d479)