Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-12-20 | s3: Remove unused "retry" from cli_start_connection | Volker Lendecke | 1 | -11/+2 | |
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Dec 20 17:58:33 CET 2010 on sn-devel-104 | |||||
2010-12-20 | s3: Remove unused "retry" from cli_full_connection | Volker Lendecke | 1 | -5/+3 | |
2010-12-14 | s3-libsmb Improve error message when denying LM encryption | Andrew Bartlett | 1 | -9/+9 | |
Now that 'client ntlmv2 auth = yes' is the default, make it more clear what options a user may need to enable to get this to work. Andrew Bartlett | |||||
2010-12-10 | s3-libsmb Don't ever ask for machine$ principals as a target. | Andrew Bartlett | 1 | -30/+6 | |
It is never correct to ask for a machine$ principal as the target of a kerberos connection. You should always connect via the servicePrincipalName. This current code appears to have built up from a series of minimal changes, as the codebase adapted the to lack of a SPNEGO principal from Windows 2008. Andrew Bartlett | |||||
2010-12-10 | s3-libads Default to NOT using the server-supplied principal from SPNEGO | Andrew Bartlett | 1 | -3/+2 | |
This principal is not supplied by later versions of windows, and using it opens up some oportunities for man in the middle attacks. (Becuase it isn't the name being contacted that is verified with the KDC). This adds the option 'client use spnego principal' to the smb.conf (as used in Samba4) to control this behaivour. As in Samba4, this defaults to false. Against 2008 servers, this will not change behaviour. Against earlier servers, it may cause a downgrade to NTLMSSP more often, in environments where server names are not registered with the KDC as servicePrincipalName values. Andrew Bartlett | |||||
2010-09-26 | Fix bug #7698 - Assert causes smbd to panic on invalid NetBIOS session request. | Jeremy Allison | 1 | -4/+11 | |
Found by the CodeNomicon test suites at the SNIA plugfest. http://www.codenomicon.com/ If an invalid NetBIOS session request is received the code in name_len() in libsmb/nmblib.c can hit an assert. Re-write name_len() and name_extract() to use "buf/len" pairs and always limit reads. Jeremy. | |||||
2010-09-23 | Fix bug 7694 - Crash bug with invalid SPNEGO token. | Jeremy Allison | 1 | -1/+2 | |
Found by the CodeNomicon test suites at the SNIA plugfest. http://www.codenomicon.com/ If an invalid SPNEGO packet contains no OIDs we crash in the SMB1/SMB2 server as we indirect the first returned value OIDs[0], which is returned as NULL. Jeremy. | |||||
2010-09-20 | s3-build: only include async headers where needed. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-09-17 | Fix array size of a memmber of struct cli_ulogoff_state | Sumit Bose | 1 | -1/+1 | |
The too small array makes UID-REGRESSION-FIX fail on 32bit architectures. Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-09-09 | Fox missing SMB_MALLOC return checks noticed by "Andreas Moroder ↵ | Jeremy Allison | 1 | -0/+5 | |
<andreas.moroder@gmx.net>". Jeremy. | |||||
2010-08-26 | s3-build: only include krb5 environment variables where required. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-08-05 | s3: Remove some pointless wrapper functions | Volker Lendecke | 1 | -2/+2 | |
2010-08-05 | s3-popt: Only include popt-common.h when needed. | Andreas Schneider | 1 | -0/+1 | |
2010-08-05 | s3: avoid global include of ads.h. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-07-20 | Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL ↵ | Jeremy Allison | 1 | -3/+3 | |
contexts. Jeremy. | |||||
2010-07-20 | Fix one more data_blob -> data_blob_talloc. Move away from implicit NULL ↵ | Jeremy Allison | 1 | -2/+2 | |
context tallocs. Jeremy. | |||||
2010-07-20 | Add TALLOC_CTX argument to spnego_parse_negTokenInit, reduce | Jeremy Allison | 1 | -1/+3 | |
use of malloc, and data_blob(). Jeremy. | |||||
2010-07-20 | Rename spnego_gen_negTokenTarg() -> spnego_gen_krb5_negTokenInit() | Jeremy Allison | 1 | -3/+3 | |
as this correctly describes what this function does. Jeremy. | |||||
2010-07-19 | Remove gen_negTokenInit() - change all callers to spnego_gen_negTokenInit(). | Jeremy Allison | 1 | -1/+2 | |
We now have one function to do this in all calling code. More rationalization to follow. Jeremy. | |||||
2010-07-19 | Remove parse_negTokenTarg(), as it's actually incorrect. We're processing | Jeremy Allison | 1 | -1/+1 | |
negTokenInit's here. Use common code in spnego_parse_negTokenInit(). Jeremy. | |||||
2010-07-19 | s3-ntlmssp: Remove ntlmssp_end and let the talloc hierarchy handle it. | Simo Sorce | 1 | -3/+3 | |
All the members are children of ntlmssp_state anyway. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-05-31 | ntlmssp: Make the ntlmssp.h from source3/ a common header | Andrew Bartlett | 1 | -1/+1 | |
The code is not yet in common, but I hope to fix that soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-24 | s3:ntlmssp: pass names and use_ntlmv2 to ntlmssp_client_start() and store them | Stefan Metzmacher | 1 | -1/+5 | |
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-24 | s3:ntlmssp: remove server_name from ntlmssp_state and fill the server.* ↵ | Stefan Metzmacher | 1 | -1/+1 | |
fields also for the client Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-02-22 | s3: Explicitly handle inbuf in cli_negprot_done | Volker Lendecke | 1 | -2/+3 | |
2010-02-22 | s3: Explicitly handle inbuf in cli_tcon_andx_done | Volker Lendecke | 1 | -3/+6 | |
2010-02-22 | s3: Explicitly handle inbuf in cli_sesssetup_blob_done | Volker Lendecke | 1 | -5/+4 | |
2010-02-22 | s3: Explicitly handle inbuf in cli_session_setup_guest_done | Volker Lendecke | 1 | -5/+4 | |
2010-02-22 | s3: Add a talloc_move for the inbuf to cli_smb_recv | Volker Lendecke | 1 | -6/+10 | |
2010-01-30 | Fix bug #7079 - cliconnect gets realm wrong with trusted domains. | Jeremy Allison | 1 | -3/+22 | |
Passing NULL as dest_realm for cli_session_setup_spnego() was always using our own realm (as for a NetBIOS name). Change this to look for the mapped realm using krb5_get_host_realm() if the destination machine name is a DNS name (contains a '.'). Could get fancier with DNS name detection (length, etc.) but this will do for now. Jeremy. | |||||
2010-01-24 | s3: Add CLI_FULL_CONNECTION_USE_CCACHE | Volker Lendecke | 1 | -0/+3 | |
2010-01-24 | s3: Add ccache use to cli_session_setup_ntlmssp | Volker Lendecke | 1 | -0/+4 | |
2010-01-07 | s3 torture: Prevent smbcli segfault when running smbtorture3 against an smbd ↵ | Tim Prouty | 1 | -0/+5 | |
with security=share | |||||
2010-01-03 | s3: Convert cli_ulogoff to the async API | Volker Lendecke | 1 | -14/+77 | |
2010-01-03 | s3: Convert cli_tdis to the async API | Volker Lendecke | 1 | -13/+72 | |
2010-01-03 | s3: Fix some nonempty blank lines | Volker Lendecke | 1 | -14/+14 | |
2010-01-03 | s3: Remove some unused code | Volker Lendecke | 1 | -95/+0 | |
2010-01-03 | s3: Convert cli_sesssetup_ntlmssp to the async API | Volker Lendecke | 1 | -92/+196 | |
2010-01-03 | s3: Convert cli_session_setup_kerberos to the async API | Volker Lendecke | 1 | -83/+285 | |
This is still cheated, acquiring the ticket is not async yet, but the SMB part is | |||||
2009-12-22 | s3:ntlmssp: only include ntlmssp.h where actually needed | Andrew Bartlett | 1 | -0/+1 | |
Andrew Bartlett | |||||
2009-12-20 | s3: Fix an error case in cli_negprot | Volker Lendecke | 1 | -0/+1 | |
2009-11-27 | s3-kerberos: only use krb5 headers where required. | Günther Deschner | 1 | -0/+1 | |
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther | |||||
2009-09-17 | spnego: share spnego_parse. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2009-09-03 | s3:libsmb: Attempt to fix bug 6665 | Volker Lendecke | 1 | -0/+6 | |
Before the async libsmb rewrites, we sent tid==0 on negprot. With the rewrite, we send 0xffff. This *should* not matter, but this is one difference in the sniffs I see. | |||||
2009-08-26 | s3/debug: make SPENGO OID list appear under one debug header | Steven Danneman | 1 | -1/+4 | |
2009-06-01 | Fix bug #6419 - smbclient -L 127.0.0.1" displays "netbios name" instead of ↵ | Jeremy Allison | 1 | -3/+26 | |
"workgroup" Unify the handling of the sessionsetup parsing so we don't get different results when parsing a guest reply than an ntlmssp reply. Jeremy. | |||||
2009-05-13 | s3: return proper error code in cli_smb_req_send | Bo Yang | 1 | -4/+15 | |
Signed-off-by: Bo Yang <boyang@samba.org> | |||||
2009-05-12 | Clean up assignments to iov_base, ensure it's always cast to void *. This ↵ | Jeremy Allison | 1 | -2/+2 | |
should quieten some warnings with picky compilers on the buildfarm. Jeremy. | |||||
2009-05-07 | Make cli_tcon_andx chainable | Volker Lendecke | 1 | -15/+42 | |
2009-05-07 | Make cli_session_setup_guest chainable | Volker Lendecke | 1 | -9/+31 | |