summaryrefslogtreecommitdiff
path: root/source3/libsmb/cliconnect.c
AgeCommit message (Collapse)AuthorFilesLines
2003-01-15Refactor the NTLMSSP code again - this time we use function pointers toAndrew Bartlett1-1/+2
eliminate the dependency on the auth subsystem. The next step is to add the required code to 'ntlm_auth', for export to Squid etc. Andrew Bartlett (This used to be commit 9e48ab86da40e4c1cafa70c04fb9ebdcce23dfab)
2003-01-13Updates to our NTLMSSP code:Andrew Bartlett1-2/+2
This tries to extract our server-side code out of sessetup.c, and into a more general lib. I hope this is only a temporay resting place - I indend to refactor it again into an auth-subsystem independent lib, using callbacks. Move some of our our NTLMSSP #defines into a new file, and add two that I found in the COMsource docs - we seem to have a double-up, but I've verified from traces that the NTLMSSP_TARGET_TYPE_{DOMAIN,SERVER} is real. This code also copes with ASCII clients - not that we will ever see any here, but I hope to use this for HTTP, were we can get them. Win2k authenticates fine under forced ASCII, btw. Tested with Win2k, NTLMv2 and Samba's smbclient. Andrew Bartlett (This used to be commit b6641badcbb2fb3bfec9d00a6466318203ea33e1)
2002-12-20Fixed bug in debug statement when tconX fails.Tim Potter1-1/+1
(This used to be commit a2159610b9d38cc7cfa7cb877ccee816cd2206b8)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-26/+25
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
2002-11-08patches from UrbanGerald Carter1-0/+3
(This used to be commit da269a73edb7f637b1e1f8b3dafe677f46f66f85)
2002-11-07Merge of scalable printing code fix... Needs testing.Jeremy Allison1-1/+1
Also tidied up some of Richard's code (I don't think he uses the compiler flags -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual like I do :-) :-). Jeremy. (This used to be commit 10024ed06e9d91f24fdc78d59eef2f76bf395438)
2002-10-17Added new error codes. Fix up connection code to retry in the same wayJeremy Allison1-1/+11
that app-head does. Jeremy. (This used to be commit b521abd86b10573ca8f9116907c81e6deb55f049)
2002-10-04merge of working dsrolegetprimdominfo() client code from APP_HEADGerald Carter1-1/+1
(This used to be commit f70caa25e4ee198151b915cf2bc0a26b2d0e243d)
2002-09-28Ok, hopefully final fix for this one. abartlet told a bit about theVolker Lendecke1-7/+1
history. Volker (This used to be commit d47aff38db23815a48e64718ecb6c957101ecdac)
2002-09-28Thanks to abartlet I looked at that function a bit closer. What didVolker Lendecke1-5/+0
the first cli_push_string do? I suspect that it's a leftover from times when the password length was needed at some point. Volker (This used to be commit df906c156aea46524dedc28ee54f4e87711c7160)
2002-09-27Touching somebody else's code again... Sorry, Richard.Volker Lendecke1-2/+9
smbclient would announce that it can send UNICODE, but would send the plain text password in ASCII. This confused Samba HEAD somewhat. This change has been tested against Samba HEAD of today and Samba 2.2.1a. I do not have any other servers that do plain text passwords. Anybody? Volker (This used to be commit c7de62d839634a85295d1a0ef5a48270ef30aa93)
2002-09-23Don't uppercase the username and domain in a session setup.Tim Potter1-2/+2
(This used to be commit 0ad19825df318030b1772404570cd993fe49e40a)
2002-09-17Add clock skew handling to our kerberos code. This allows us to cope withAndrew Tridgell1-1/+1
the DC being out of sync with the local machine. (This used to be commit 0d28d769472ea3b98ae4c8757093dfd4499f6dd1)
2002-09-11Merge the cli_shutdown change from 2_2. All except one call toVolker Lendecke1-2/+0
attempt_netbios_... assumed that cli_shutdown was _not_ called on error anyway... Volker (This used to be commit f0c741594f0dad2da16b1d5692dd56a48b4157f1)
2002-09-03Fix the struct_blob.Richard Sharpe1-5/+8
(This used to be commit ce152b33c8b08905ea863d47a620c90ca47c8566)
2002-09-03Fix crashbug discovered by "Kim R. Pedersen" <krp@filanet.dk> whereJeremy Allison1-1/+7
cli struct was being deallocated in a called function. Jeremy. (This used to be commit e33e9defa657aa54594bb0c27f9be2f7b12aab1b)
2002-09-03Formatting tidyup and additon of cli_close_connection() before bugfix.Jeremy Allison1-69/+46
Jeremy. (This used to be commit 3b71529c694b5b1093d99b7ef80835e72b1f8436)
2002-09-03Fix the client side NTLMSSP. It now works between smbclient and smbd!Richard Sharpe1-3/+6
However, it does not work with Win2K over 445 with raw NTLMSSP! (This used to be commit 53e4975337be2cab3ee89f2f62e5659855365b73)
2002-09-03Parse the NTLMSSP Challenge in cliconnect.c.Richard Sharpe1-2/+28
This gets us closer ... Should have the challenge now. Need to check that it works. (This used to be commit 5784835db95baf62362d35d3beab5d534cc776e9)
2002-09-03Make sure that an NTLMSSP negotiate blob has the correct stuff in it!Richard Sharpe1-2/+3
(This used to be commit b28267f52c0a5c175b067d7c2d10eca83c20e640)
2002-09-03The session key in NTLMSSP AUTH blobs is actually an empty string.Richard Sharpe1-1/+1
Also, the negotiate blob has two ASCI strings encoded in the same way that the UNICODE strings are, they are just in ASCII. The PARSER and Generator will have to deal with that. (This used to be commit aaa7a681ce4ee52edb23c73a53aeabb07fd5b7d8)
2002-08-30convert the LDAP/SASL code to use GSS-SPNEGO if possibleAndrew Tridgell1-4/+9
we now do this: - look for suported SASL mechanisms on the LDAP server - choose GSS-SPNEGO if possible - within GSS-SPNEGO choose KRB5 if we can do a kinit - otherwise use NTLMSSP This change also means that we no longer rely on having a gssapi library to do ADS. todo: - add TLS/SSL support over LDAP - change to using LDAP/SSL for password change in ADS (This used to be commit b04e91f660d3b26d23044075d4a7e707eb41462d)
2002-08-26Some fixes for SMB signing. I can now get Win2k to correctly respond with aAndrew Bartlett1-3/+14
security signiture, but I can't get it to accept ours. Andrew Bartlett (This used to be commit 7746de6a3c5798e321ed8300f763588fa3807964)
2002-08-26Updates!Andrew Bartlett1-27/+47
- Don't print an uninitialised buffer in service.c - Change some charcnv.c functions to take smb_ucs2_t ** instead of void ** - Update NTLMv2 code to use dynamic buffers - Update experimental SMB signing code - still more work to do - Move sys_getgrouplist() to SAFE_FREE() and do a DEBUG() on initgroups() failure. Andrew Bartlett (This used to be commit de1964f7fa855022258a84556b266100b917444b)
2002-08-22move where got_sig_term and reload_after_sighup are defined.Herb Lewis1-9/+9
populate cli structure with called name and calling name even for port 445 connects. (This used to be commit 123eee6206d9afb28c169540dc63824957b505f4)
2002-08-19fixed memory corruption in cli_full_connection()Andrew Tridgell1-2/+1
(This used to be commit 7c2167182becbf72ba062230e911d55d337a4709)
2002-07-30this fixes plaintext passwords with win2000Andrew Tridgell1-3/+2
there were 2 bugs: 1) we were sending a null challenge when we should have sent an empty challenge 2) the password can be in unicode if unicode is negotiated. This means our client code was wrong too :( (This used to be commit 1a6dfddf6788b30fc81794b1bfe749693183b2c1)
2002-07-26Mimir has been busy with patches again, and sent in the followingAndrew Bartlett1-3/+2
patches: Andrew Bartlett From his e-mail: Below I attach the following patches as a result of my work on trusted domains support: 1) srv_samr_nt.c.diff This fixes a bug which caused to return null string as the first entry of enumerated accounts list (no matter what entry, it was always null string and rid) and possibly spoiled further names, depeding on their length. I found that while testing my 'net rpc trustdom list' against nt servers and samba server. 2) libsmb.diff Now, fallback to anonymous connection works correctly. 3) smbpasswd.c.diff Just a little fix which actually allows one to create a trusting domain account using smbpasswd 4) typos.diff As the name suggests, it's just a few typos fix :) (This used to be commit 888d595fab4f6b28318b743f47378cb7ca35d479)
2002-07-22fixed a segv in net time when the host is unavailableAndrew Tridgell1-1/+1
(This used to be commit f4f2b613a2a804a6d2e5e78cc7dd7f3482675fcd)
2002-07-20Try to fix up warnings - particularly on the IRIX 64 bit compiler (which had aAndrew Bartlett1-8/+20
distinction between uchar and char). Lots of const etc. Andrew Bartlett (This used to be commit 8196ee908e10db2119e480fe1b0a71b31a16febc)
2002-07-20Fix up char/uchar casts etc. Fix up comments on some of the password hashAndrew Bartlett1-8/+5
wrappers. Andrew Bartlett (This used to be commit 95519d408caa7da00dbb2a8323cc4374a517cd69)
2002-07-15checking for NULL really is counter-productive, and this one was alsoAndrew Tridgell1-5/+0
generating a warning (This used to be commit cd82ba41b8df024f034fcfa24e967ed8c3c8d035)
2002-07-01The 17-bit length field in the header contains the number ofChristopher R. Hertel1-1/+8
bytes which follow the header, not the full packet size. [Yes, the length field is either 17-bits, or (per the RFCs) it is a 16-bit length field preceeded by an 8-bit flags field of which only the low-order bit may be used. If that bit is set, then add 65536 to the 16-bit length field. (In other words, it's a 17-bit unsigned length field.) ...unless, of course, the transport is native TCP [port 445] in which case the length field *might* be 24-bits wide.] Anyway, the change is a very minor one. We were including the four bytes of the header in the length count and, as a result, sending four bytes of garbage at the end of the SESSION REQUEST packet. Small fix in function cli_session_request(). (This used to be commit cd2b1357066a712efcf87ac61922ef871118e8de)
2002-06-26reverted some bogus test code that jeremy accidentally committedAndrew Tridgell1-8/+0
(This used to be commit 6b28ca8bd2a6613989bb23be951836d173296197)
2002-06-25Update cli_full_connection() to take a 'flags' paramater, and try to get aAndrew Bartlett1-15/+26
few more places to use it. Andrew Bartlett (This used to be commit 23689b0746d5ab030d8693abf71dd2e80ec1d7c7)
2002-06-21Don't use uint. It doesn't exist on some platforms and we don't define it.Jeremy Allison1-0/+8
Replaced with "unsigned int". Jeremy. (This used to be commit 5841ca54b6a8c36f3d76c12570ff8f2211ed2363)
2002-06-16Two things: Check how many paramaters that the LDAP libs take for theAndrew Bartlett1-5/+6
rebind proc (some give an extra paramter to pass a void* paramater) and some small changes for the SMB signing code to reset things when the signing starts, and to 'turn off' signing if the session setup failed. Andrew Bartlett (This used to be commit a8805a34e5d96eeb5ffe15681b241d5a449a6144)
2002-06-16Fix up some of the SMB signing code:Andrew Bartlett1-17/+24
The problem was that *all* packets were being signed, even packets before signing was set up. (This broke the session request). This fixes it to be an 'opt in' measure - that is, we only attempt to sign things after we have got a valid, non-guest session setup as per the CIFS spec. I've not tested this against an MS server, becouse my VMware is down, but at least it doesn't break the build farm any more. Andrew Bartlett (This used to be commit 1dc5a8765876c1ca822e454651f8fd4a551965e9)
2002-06-14Ok, now I can try my first client test...Jeremy Allison1-8/+21
Jeremy. (This used to be commit 9d461933766f26ce772f6d5ea849ef9218c4d534)
2002-06-07A couple of updates for the SmbEncrypt code, and some of its users.Andrew Bartlett1-13/+31
(const, takes unix string as arg) Also update cli_full_connection to take NULL pointers as 'undefined' correctly, and therefore do its own lookup etc. This what was intended, but previously you needed to supply a 0.0.0.0 IP address. Andrew Bartlett (This used to be commit 8fb1a9c6ba07dbf04a6aa1e30fa7bbd4c676ed28)
2002-06-01More cleanup work preparing for SMB signing.Jeremy Allison1-88/+104
Jeremy. (This used to be commit 3c05f7c06fc8c45307ea75128b160a5945fc5197)
2002-05-25Update some of the LM hash code to better respect the seperation betweenAndrew Bartlett1-13/+14
unix and DOS strings. This pushes all the 'have to uppercase, must be 14 chars' stuff behind the the interface. Andrew Bartlett (This used to be commit dec650efa8ab1466114c2e6d469320a319499ea0)
2002-05-25Clean up a few unused functions, add a bit of static etc.Andrew Bartlett1-1/+2
Importantly: The removal of the silly 'delete user script' behaviour when secuity=domain. I have left the name the same - as it still does the (previously documented, but not in smb.conf(5)) sane behaviour of deleting users on request. When we decide what to do with the 'add user' functionality, we might rename it. Andrew Bartlett (This used to be commit cdcfe3671eb7570e15649b77f708e6579055e7bc)
2002-05-24Remove the password length paramater from cli_full_connection - it reallyAndrew Bartlett1-5/+6
didn't make any sense, and its was always just strlen(password) anyway. This fixes it to be strlen(password)+1 Andrew Bartlett (This used to be commit c205b18bd6b9b69200ff3db55f2c641631d4ab40)
2002-05-23Given Jeremy's positive response, and a lack of one from tpot, I'll commitAndrew Bartlett1-147/+1
this: More code cleanup - this lot a bit more dodgy than the last: The aim is to trim pwd_cache down to size. Its overly complex, and a pain to deal with. With a header comment like this: 'obfusticaion is planned' I think it deserved to die (at least partly). This was being done to allow 'cli_establish_connection' to die - its functionality has been replaced by cli_full_connection(), which does not duplicate code everywhere for creating names etc. This also removes the little 'init' fucntions for the various pipes, becouse they were only used in one place, and even then it was dodgy. (I've reworked smbcacls not to use anonymous connections any more, as this will (should) fail with a 'restrict anonymous' PDC). This allowed me to remove cli_pipe_util.c, which was calling cli_establish_connection. tpot: I'm not sure what direction you were going with the client stuff, and you may well have been wanting the init functions. If thats the case, give me a yell and I'll reimplement them against cli_full_connection. Andrew Bartlett (This used to be commit fa67e4626bed623333c571e76e06ccd52cba5cc5)
2002-05-17This removes --with-ssl from Samba.Andrew Bartlett1-13/+0
This option was badly maintained, useless and confused our users and distirbutors. (its SSL, therfore it must be good...) No windows client uses this protocol without help from an SSL tunnel. I can't see any reason why setting up a unix-side SSL wrapper would be any more difficult than the > 10 config options this mess added to samba in any case. On the Samba client end, I think the LIBSMB_PROG hack should be sufficient to start stunnel on the unix side. We might extend this to take %i and %p (IP and port) if there is demand. Andrew Bartlett (This used to be commit b04561d3fd3ee732877790fb4193b20ad72a75f8)
2002-04-15better handling of DOS LANMAN2.1 protocolAndrew Tridgell1-4/+18
(This used to be commit 7f923d738b94eef042b21e4d0143861755620d91)
2002-04-06Always pass NT password as well as Lanman.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 146fb9d12bd3621087193f439e99c13d609ff658)
2002-03-06Removed duplicate \n from debug message.Tim Potter1-21/+13
Small tidyups. (This used to be commit 252da94ebb279c47263dfae36fd016d0a29a6dbf)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)