summaryrefslogtreecommitdiff
path: root/source3/libsmb/cliconnect.c
AgeCommit message (Collapse)AuthorFilesLines
2010-12-20s3: Remove unused "retry" from cli_start_connectionVolker Lendecke1-11/+2
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Dec 20 17:58:33 CET 2010 on sn-devel-104
2010-12-20s3: Remove unused "retry" from cli_full_connectionVolker Lendecke1-5/+3
2010-12-14s3-libsmb Improve error message when denying LM encryptionAndrew Bartlett1-9/+9
Now that 'client ntlmv2 auth = yes' is the default, make it more clear what options a user may need to enable to get this to work. Andrew Bartlett
2010-12-10s3-libsmb Don't ever ask for machine$ principals as a target.Andrew Bartlett1-30/+6
It is never correct to ask for a machine$ principal as the target of a kerberos connection. You should always connect via the servicePrincipalName. This current code appears to have built up from a series of minimal changes, as the codebase adapted the to lack of a SPNEGO principal from Windows 2008. Andrew Bartlett
2010-12-10s3-libads Default to NOT using the server-supplied principal from SPNEGOAndrew Bartlett1-3/+2
This principal is not supplied by later versions of windows, and using it opens up some oportunities for man in the middle attacks. (Becuase it isn't the name being contacted that is verified with the KDC). This adds the option 'client use spnego principal' to the smb.conf (as used in Samba4) to control this behaivour. As in Samba4, this defaults to false. Against 2008 servers, this will not change behaviour. Against earlier servers, it may cause a downgrade to NTLMSSP more often, in environments where server names are not registered with the KDC as servicePrincipalName values. Andrew Bartlett
2010-09-26Fix bug #7698 - Assert causes smbd to panic on invalid NetBIOS session request.Jeremy Allison1-4/+11
Found by the CodeNomicon test suites at the SNIA plugfest. http://www.codenomicon.com/ If an invalid NetBIOS session request is received the code in name_len() in libsmb/nmblib.c can hit an assert. Re-write name_len() and name_extract() to use "buf/len" pairs and always limit reads. Jeremy.
2010-09-23Fix bug 7694 - Crash bug with invalid SPNEGO token.Jeremy Allison1-1/+2
Found by the CodeNomicon test suites at the SNIA plugfest. http://www.codenomicon.com/ If an invalid SPNEGO packet contains no OIDs we crash in the SMB1/SMB2 server as we indirect the first returned value OIDs[0], which is returned as NULL. Jeremy.
2010-09-20s3-build: only include async headers where needed.Günther Deschner1-0/+1
Guenther
2010-09-17Fix array size of a memmber of struct cli_ulogoff_stateSumit Bose1-1/+1
The too small array makes UID-REGRESSION-FIX fail on 32bit architectures. Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-09Fox missing SMB_MALLOC return checks noticed by "Andreas Moroder ↵Jeremy Allison1-0/+5
<andreas.moroder@gmx.net>". Jeremy.
2010-08-26s3-build: only include krb5 environment variables where required.Günther Deschner1-0/+1
Guenther
2010-08-05s3: Remove some pointless wrapper functionsVolker Lendecke1-2/+2
2010-08-05s3-popt: Only include popt-common.h when needed.Andreas Schneider1-0/+1
2010-08-05s3: avoid global include of ads.h.Günther Deschner1-0/+1
Guenther
2010-07-20Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL ↵Jeremy Allison1-3/+3
contexts. Jeremy.
2010-07-20Fix one more data_blob -> data_blob_talloc. Move away from implicit NULL ↵Jeremy Allison1-2/+2
context tallocs. Jeremy.
2010-07-20Add TALLOC_CTX argument to spnego_parse_negTokenInit, reduceJeremy Allison1-1/+3
use of malloc, and data_blob(). Jeremy.
2010-07-20Rename spnego_gen_negTokenTarg() -> spnego_gen_krb5_negTokenInit()Jeremy Allison1-3/+3
as this correctly describes what this function does. Jeremy.
2010-07-19Remove gen_negTokenInit() - change all callers to spnego_gen_negTokenInit().Jeremy Allison1-1/+2
We now have one function to do this in all calling code. More rationalization to follow. Jeremy.
2010-07-19Remove parse_negTokenTarg(), as it's actually incorrect. We're processingJeremy Allison1-1/+1
negTokenInit's here. Use common code in spnego_parse_negTokenInit(). Jeremy.
2010-07-19s3-ntlmssp: Remove ntlmssp_end and let the talloc hierarchy handle it.Simo Sorce1-3/+3
All the members are children of ntlmssp_state anyway. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-05-31ntlmssp: Make the ntlmssp.h from source3/ a common headerAndrew Bartlett1-1/+1
The code is not yet in common, but I hope to fix that soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s3:ntlmssp: pass names and use_ntlmv2 to ntlmssp_client_start() and store themStefan Metzmacher1-1/+5
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-24s3:ntlmssp: remove server_name from ntlmssp_state and fill the server.* ↵Stefan Metzmacher1-1/+1
fields also for the client Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org>
2010-02-22s3: Explicitly handle inbuf in cli_negprot_doneVolker Lendecke1-2/+3
2010-02-22s3: Explicitly handle inbuf in cli_tcon_andx_doneVolker Lendecke1-3/+6
2010-02-22s3: Explicitly handle inbuf in cli_sesssetup_blob_doneVolker Lendecke1-5/+4
2010-02-22s3: Explicitly handle inbuf in cli_session_setup_guest_doneVolker Lendecke1-5/+4
2010-02-22s3: Add a talloc_move for the inbuf to cli_smb_recvVolker Lendecke1-6/+10
2010-01-30Fix bug #7079 - cliconnect gets realm wrong with trusted domains.Jeremy Allison1-3/+22
Passing NULL as dest_realm for cli_session_setup_spnego() was always using our own realm (as for a NetBIOS name). Change this to look for the mapped realm using krb5_get_host_realm() if the destination machine name is a DNS name (contains a '.'). Could get fancier with DNS name detection (length, etc.) but this will do for now. Jeremy.
2010-01-24s3: Add CLI_FULL_CONNECTION_USE_CCACHEVolker Lendecke1-0/+3
2010-01-24s3: Add ccache use to cli_session_setup_ntlmsspVolker Lendecke1-0/+4
2010-01-07s3 torture: Prevent smbcli segfault when running smbtorture3 against an smbd ↵Tim Prouty1-0/+5
with security=share
2010-01-03s3: Convert cli_ulogoff to the async APIVolker Lendecke1-14/+77
2010-01-03s3: Convert cli_tdis to the async APIVolker Lendecke1-13/+72
2010-01-03s3: Fix some nonempty blank linesVolker Lendecke1-14/+14
2010-01-03s3: Remove some unused codeVolker Lendecke1-95/+0
2010-01-03s3: Convert cli_sesssetup_ntlmssp to the async APIVolker Lendecke1-92/+196
2010-01-03s3: Convert cli_session_setup_kerberos to the async APIVolker Lendecke1-83/+285
This is still cheated, acquiring the ticket is not async yet, but the SMB part is
2009-12-22s3:ntlmssp: only include ntlmssp.h where actually neededAndrew Bartlett1-0/+1
Andrew Bartlett
2009-12-20s3: Fix an error case in cli_negprotVolker Lendecke1-0/+1
2009-11-27s3-kerberos: only use krb5 headers where required.Günther Deschner1-0/+1
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther
2009-09-17spnego: share spnego_parse.Günther Deschner1-0/+1
Guenther
2009-09-03s3:libsmb: Attempt to fix bug 6665Volker Lendecke1-0/+6
Before the async libsmb rewrites, we sent tid==0 on negprot. With the rewrite, we send 0xffff. This *should* not matter, but this is one difference in the sniffs I see.
2009-08-26s3/debug: make SPENGO OID list appear under one debug headerSteven Danneman1-1/+4
2009-06-01Fix bug #6419 - smbclient -L 127.0.0.1" displays "netbios name" instead of ↵Jeremy Allison1-3/+26
"workgroup" Unify the handling of the sessionsetup parsing so we don't get different results when parsing a guest reply than an ntlmssp reply. Jeremy.
2009-05-13s3: return proper error code in cli_smb_req_sendBo Yang1-4/+15
Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-12Clean up assignments to iov_base, ensure it's always cast to void *. This ↵Jeremy Allison1-2/+2
should quieten some warnings with picky compilers on the buildfarm. Jeremy.
2009-05-07Make cli_tcon_andx chainableVolker Lendecke1-15/+42
2009-05-07Make cli_session_setup_guest chainableVolker Lendecke1-9/+31