summaryrefslogtreecommitdiff
path: root/source3/libsmb/cliconnect.c
AgeCommit message (Collapse)AuthorFilesLines
2003-02-24Patch from Luke Howard to add mutual kerberos authentication, and SMB sessionAndrew Bartlett1-1/+1
keys for kerberos authentication. Andrew Bartlett (This used to be commit 8b798f03dbbdd670ff9af4eb46f7b0845c611e0f)
2003-02-21Doesn't anyone run ./configure.developer anymore?Tim Potter1-1/+1
(This used to be commit 09be123c6c1b67621eaf6c8ffb3016eccd375e5b)
2003-02-19Only do a kinit if we got told to use kerberos.Andrew Bartlett1-12/+12
Andrew Bartlett (This used to be commit 6af9ec50e010d171cf5287f40ec774e79e4a93fe)
2003-02-16Add the 'session key' output of the NTLMSSP exchange to the cli struct, soAndrew Bartlett1-0/+11
it can be used for 'net rpc join'. Also fix a bug in our server-side NTLMSSP code - a client without any domain trust links to us may calculate the NTLMv2 response with "" as the domain. Andrew Bartlett (This used to be commit ddaa42423bc952e59b95362f5f5aa7cca10d1ad4)
2003-02-15Move our NTLMSSP client code into ntlmssp.c. The intention is to provide aAndrew Bartlett1-113/+66
relitivly useful external lib from this code, and to remove the dupicate NTLMSSP code elsewhere in samba (RPC pipes, LDAP client). The code I've replaced this with in cliconnect.c is relitivly ugly, and I hope to replace it with a more general SPENGO layer at some later date. Andrew Bartlett (This used to be commit b2b66909ac2e251f8189e0696b6075dbf748521a)
2003-02-15Antti Andreimann <Antti.Andreimann@mail.ee> has done some changes to enableAndrew Bartlett1-0/+22
users w/o full administrative access on computer accounts to join a computer into AD domain. The patch and detailed changelog is available at: http://www.itcollege.ee/~aandreim/samba This is a list of changes in general: 1. When creating machine account do not fail if SD cannot be changed. setting SD is not mandatory and join will work perfectly without it. 2. Implement KPASSWD CHANGEPW protocol for changing trust password so machine account does not need to have reset password right for itself. 3. Command line utilities no longer interfere with user's existing kerberos ticket cache. 4. Command line utilities can do kerberos authentication even if username is specified (-U). Initial TGT will be requested in this case. I've modified the patch to share the kinit code, rather than copying it, and updated it to current CVS. The other change included in the original patch (local realms) has been left out for now. Andrew Bartlett (This used to be commit ce52f1c2ed4d3ddafe8ae6258c90b90fa434fe43)
2003-02-14Further extract our NTLMv2 code into smbencrypt.c, prior to merge into ourAndrew Bartlett1-32/+20
NTLMSSP client code. Andrew Bartlett (This used to be commit eaa8e7d1f82b30e7af14a0a58d7ca3eb66a06053)
2003-02-10Clean up our NTLMv2 code by moving the grunt work into a helper function.Andrew Bartlett1-41/+7
Andrew Bartlett (This used to be commit 6789e237d7b070624ba09e7ed43680b838337b74)
2003-02-09(only for HEAD at the moment).Andrew Bartlett1-31/+107
Add NTLMv2 support to our client, used when so configured ('client use NTLMv2 = yes') and only when 'client use spengo = no'. (A new option to allow the client and server ends to chose spnego seperatly). NTLMv2 signing doesn't yet work, and NTLMv2 is not done for NTLMSSP yet. Also some parinoia checks in our input parsing. Andrew Bartlett (This used to be commit 85e9c060eab59c7692198f14a447ad59f05af437)
2003-02-02Add some return values, and don't attempt signing for NTLMSSP yet (it uses aAndrew Bartlett1-3/+1
different algorithm). Andrew Bartlett (This used to be commit e6f87c7ee5c61f03f81159a8017d31f439c4454a)
2003-02-01We now have client-side SMB signing support!Andrew Bartlett1-1/+4
This checking allows us to connect to Microsoft servers the use SMB signing, within a few restrictions: - I've not get the NTLMSSP stuff going - it appears to work, but if you break the sig - say by writing a zero in it - it still passes... - We don't currently verfiy the server's reply - It works against one of my test servers, but not the other... However, it provides an excellent basis to work from. Enable it with 'client signing' in your smb.conf. Doc to come (tomorrow) and this is not for 3.0, till we get it complete. The CIFS Spec is misleading - the session key (for NTLMv1 at least) is the standard session key, ie MD4(NT#). Thanks to jra for the early work on this. Andrew Bartlett (This used to be commit 1a2738937e3d80b378bd0ed33cd8d395fba2d3c3)
2003-01-15Refactor the NTLMSSP code again - this time we use function pointers toAndrew Bartlett1-1/+2
eliminate the dependency on the auth subsystem. The next step is to add the required code to 'ntlm_auth', for export to Squid etc. Andrew Bartlett (This used to be commit 9e48ab86da40e4c1cafa70c04fb9ebdcce23dfab)
2003-01-13Updates to our NTLMSSP code:Andrew Bartlett1-2/+2
This tries to extract our server-side code out of sessetup.c, and into a more general lib. I hope this is only a temporay resting place - I indend to refactor it again into an auth-subsystem independent lib, using callbacks. Move some of our our NTLMSSP #defines into a new file, and add two that I found in the COMsource docs - we seem to have a double-up, but I've verified from traces that the NTLMSSP_TARGET_TYPE_{DOMAIN,SERVER} is real. This code also copes with ASCII clients - not that we will ever see any here, but I hope to use this for HTTP, were we can get them. Win2k authenticates fine under forced ASCII, btw. Tested with Win2k, NTLMv2 and Samba's smbclient. Andrew Bartlett (This used to be commit b6641badcbb2fb3bfec9d00a6466318203ea33e1)
2002-12-20Fixed bug in debug statement when tconX fails.Tim Potter1-1/+1
(This used to be commit a2159610b9d38cc7cfa7cb877ccee816cd2206b8)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-26/+25
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
2002-11-08patches from UrbanGerald Carter1-0/+3
(This used to be commit da269a73edb7f637b1e1f8b3dafe677f46f66f85)
2002-11-07Merge of scalable printing code fix... Needs testing.Jeremy Allison1-1/+1
Also tidied up some of Richard's code (I don't think he uses the compiler flags -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual like I do :-) :-). Jeremy. (This used to be commit 10024ed06e9d91f24fdc78d59eef2f76bf395438)
2002-10-17Added new error codes. Fix up connection code to retry in the same wayJeremy Allison1-1/+11
that app-head does. Jeremy. (This used to be commit b521abd86b10573ca8f9116907c81e6deb55f049)
2002-10-04merge of working dsrolegetprimdominfo() client code from APP_HEADGerald Carter1-1/+1
(This used to be commit f70caa25e4ee198151b915cf2bc0a26b2d0e243d)
2002-09-28Ok, hopefully final fix for this one. abartlet told a bit about theVolker Lendecke1-7/+1
history. Volker (This used to be commit d47aff38db23815a48e64718ecb6c957101ecdac)
2002-09-28Thanks to abartlet I looked at that function a bit closer. What didVolker Lendecke1-5/+0
the first cli_push_string do? I suspect that it's a leftover from times when the password length was needed at some point. Volker (This used to be commit df906c156aea46524dedc28ee54f4e87711c7160)
2002-09-27Touching somebody else's code again... Sorry, Richard.Volker Lendecke1-2/+9
smbclient would announce that it can send UNICODE, but would send the plain text password in ASCII. This confused Samba HEAD somewhat. This change has been tested against Samba HEAD of today and Samba 2.2.1a. I do not have any other servers that do plain text passwords. Anybody? Volker (This used to be commit c7de62d839634a85295d1a0ef5a48270ef30aa93)
2002-09-23Don't uppercase the username and domain in a session setup.Tim Potter1-2/+2
(This used to be commit 0ad19825df318030b1772404570cd993fe49e40a)
2002-09-17Add clock skew handling to our kerberos code. This allows us to cope withAndrew Tridgell1-1/+1
the DC being out of sync with the local machine. (This used to be commit 0d28d769472ea3b98ae4c8757093dfd4499f6dd1)
2002-09-11Merge the cli_shutdown change from 2_2. All except one call toVolker Lendecke1-2/+0
attempt_netbios_... assumed that cli_shutdown was _not_ called on error anyway... Volker (This used to be commit f0c741594f0dad2da16b1d5692dd56a48b4157f1)
2002-09-03Fix the struct_blob.Richard Sharpe1-5/+8
(This used to be commit ce152b33c8b08905ea863d47a620c90ca47c8566)
2002-09-03Fix crashbug discovered by "Kim R. Pedersen" <krp@filanet.dk> whereJeremy Allison1-1/+7
cli struct was being deallocated in a called function. Jeremy. (This used to be commit e33e9defa657aa54594bb0c27f9be2f7b12aab1b)
2002-09-03Formatting tidyup and additon of cli_close_connection() before bugfix.Jeremy Allison1-69/+46
Jeremy. (This used to be commit 3b71529c694b5b1093d99b7ef80835e72b1f8436)
2002-09-03Fix the client side NTLMSSP. It now works between smbclient and smbd!Richard Sharpe1-3/+6
However, it does not work with Win2K over 445 with raw NTLMSSP! (This used to be commit 53e4975337be2cab3ee89f2f62e5659855365b73)
2002-09-03Parse the NTLMSSP Challenge in cliconnect.c.Richard Sharpe1-2/+28
This gets us closer ... Should have the challenge now. Need to check that it works. (This used to be commit 5784835db95baf62362d35d3beab5d534cc776e9)
2002-09-03Make sure that an NTLMSSP negotiate blob has the correct stuff in it!Richard Sharpe1-2/+3
(This used to be commit b28267f52c0a5c175b067d7c2d10eca83c20e640)
2002-09-03The session key in NTLMSSP AUTH blobs is actually an empty string.Richard Sharpe1-1/+1
Also, the negotiate blob has two ASCI strings encoded in the same way that the UNICODE strings are, they are just in ASCII. The PARSER and Generator will have to deal with that. (This used to be commit aaa7a681ce4ee52edb23c73a53aeabb07fd5b7d8)
2002-08-30convert the LDAP/SASL code to use GSS-SPNEGO if possibleAndrew Tridgell1-4/+9
we now do this: - look for suported SASL mechanisms on the LDAP server - choose GSS-SPNEGO if possible - within GSS-SPNEGO choose KRB5 if we can do a kinit - otherwise use NTLMSSP This change also means that we no longer rely on having a gssapi library to do ADS. todo: - add TLS/SSL support over LDAP - change to using LDAP/SSL for password change in ADS (This used to be commit b04e91f660d3b26d23044075d4a7e707eb41462d)
2002-08-26Some fixes for SMB signing. I can now get Win2k to correctly respond with aAndrew Bartlett1-3/+14
security signiture, but I can't get it to accept ours. Andrew Bartlett (This used to be commit 7746de6a3c5798e321ed8300f763588fa3807964)
2002-08-26Updates!Andrew Bartlett1-27/+47
- Don't print an uninitialised buffer in service.c - Change some charcnv.c functions to take smb_ucs2_t ** instead of void ** - Update NTLMv2 code to use dynamic buffers - Update experimental SMB signing code - still more work to do - Move sys_getgrouplist() to SAFE_FREE() and do a DEBUG() on initgroups() failure. Andrew Bartlett (This used to be commit de1964f7fa855022258a84556b266100b917444b)
2002-08-22move where got_sig_term and reload_after_sighup are defined.Herb Lewis1-9/+9
populate cli structure with called name and calling name even for port 445 connects. (This used to be commit 123eee6206d9afb28c169540dc63824957b505f4)
2002-08-19fixed memory corruption in cli_full_connection()Andrew Tridgell1-2/+1
(This used to be commit 7c2167182becbf72ba062230e911d55d337a4709)
2002-07-30this fixes plaintext passwords with win2000Andrew Tridgell1-3/+2
there were 2 bugs: 1) we were sending a null challenge when we should have sent an empty challenge 2) the password can be in unicode if unicode is negotiated. This means our client code was wrong too :( (This used to be commit 1a6dfddf6788b30fc81794b1bfe749693183b2c1)
2002-07-26Mimir has been busy with patches again, and sent in the followingAndrew Bartlett1-3/+2
patches: Andrew Bartlett From his e-mail: Below I attach the following patches as a result of my work on trusted domains support: 1) srv_samr_nt.c.diff This fixes a bug which caused to return null string as the first entry of enumerated accounts list (no matter what entry, it was always null string and rid) and possibly spoiled further names, depeding on their length. I found that while testing my 'net rpc trustdom list' against nt servers and samba server. 2) libsmb.diff Now, fallback to anonymous connection works correctly. 3) smbpasswd.c.diff Just a little fix which actually allows one to create a trusting domain account using smbpasswd 4) typos.diff As the name suggests, it's just a few typos fix :) (This used to be commit 888d595fab4f6b28318b743f47378cb7ca35d479)
2002-07-22fixed a segv in net time when the host is unavailableAndrew Tridgell1-1/+1
(This used to be commit f4f2b613a2a804a6d2e5e78cc7dd7f3482675fcd)
2002-07-20Try to fix up warnings - particularly on the IRIX 64 bit compiler (which had aAndrew Bartlett1-8/+20
distinction between uchar and char). Lots of const etc. Andrew Bartlett (This used to be commit 8196ee908e10db2119e480fe1b0a71b31a16febc)
2002-07-20Fix up char/uchar casts etc. Fix up comments on some of the password hashAndrew Bartlett1-8/+5
wrappers. Andrew Bartlett (This used to be commit 95519d408caa7da00dbb2a8323cc4374a517cd69)
2002-07-15checking for NULL really is counter-productive, and this one was alsoAndrew Tridgell1-5/+0
generating a warning (This used to be commit cd82ba41b8df024f034fcfa24e967ed8c3c8d035)
2002-07-01The 17-bit length field in the header contains the number ofChristopher R. Hertel1-1/+8
bytes which follow the header, not the full packet size. [Yes, the length field is either 17-bits, or (per the RFCs) it is a 16-bit length field preceeded by an 8-bit flags field of which only the low-order bit may be used. If that bit is set, then add 65536 to the 16-bit length field. (In other words, it's a 17-bit unsigned length field.) ...unless, of course, the transport is native TCP [port 445] in which case the length field *might* be 24-bits wide.] Anyway, the change is a very minor one. We were including the four bytes of the header in the length count and, as a result, sending four bytes of garbage at the end of the SESSION REQUEST packet. Small fix in function cli_session_request(). (This used to be commit cd2b1357066a712efcf87ac61922ef871118e8de)
2002-06-26reverted some bogus test code that jeremy accidentally committedAndrew Tridgell1-8/+0
(This used to be commit 6b28ca8bd2a6613989bb23be951836d173296197)
2002-06-25Update cli_full_connection() to take a 'flags' paramater, and try to get aAndrew Bartlett1-15/+26
few more places to use it. Andrew Bartlett (This used to be commit 23689b0746d5ab030d8693abf71dd2e80ec1d7c7)
2002-06-21Don't use uint. It doesn't exist on some platforms and we don't define it.Jeremy Allison1-0/+8
Replaced with "unsigned int". Jeremy. (This used to be commit 5841ca54b6a8c36f3d76c12570ff8f2211ed2363)
2002-06-16Two things: Check how many paramaters that the LDAP libs take for theAndrew Bartlett1-5/+6
rebind proc (some give an extra paramter to pass a void* paramater) and some small changes for the SMB signing code to reset things when the signing starts, and to 'turn off' signing if the session setup failed. Andrew Bartlett (This used to be commit a8805a34e5d96eeb5ffe15681b241d5a449a6144)
2002-06-16Fix up some of the SMB signing code:Andrew Bartlett1-17/+24
The problem was that *all* packets were being signed, even packets before signing was set up. (This broke the session request). This fixes it to be an 'opt in' measure - that is, we only attempt to sign things after we have got a valid, non-guest session setup as per the CIFS spec. I've not tested this against an MS server, becouse my VMware is down, but at least it doesn't break the build farm any more. Andrew Bartlett (This used to be commit 1dc5a8765876c1ca822e454651f8fd4a551965e9)
2002-06-14Ok, now I can try my first client test...Jeremy Allison1-8/+21
Jeremy. (This used to be commit 9d461933766f26ce772f6d5ea849ef9218c4d534)