Age | Commit message (Collapse) | Author | Files | Lines |
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun May 29 22:25:55 CEST 2011 on sn-devel-104
|
|
|
|
A leftover of stuff that cli_connect() does
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun May 29 15:47:17 CEST 2011 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This builds up a cli_state until after the netbios session setup. It makes use
of smbsock_connect, so it connects to 139 and 445 simultaneously. This improves
the connection to Windows 2008 which does not listen on *SMBSERVER anymore.
|
|
|
|
Jeremy, please check!
|
|
If kerberos_get_realm_from_hostname() or kerberos_get_default_realm_from_ccache() fails due to
a misconfigured krb5.conf, try the "realm =" from smb.conf as a fallcback before going back to
NTLMSSP (which we'll do anyway).
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat May 21 00:58:09 CEST 2011 on sn-devel-104
|
|
cli_session_setup_kerberos(). Remove it.
|
|
|
|
|
|
with client ntlmv2 auth = yes, there is a small difference between
using smbclient -U user\domain and smbclient -U user -W domain
if domain is provided in lowercase
using -W will uppercase the given parameter, while picking the
domain name from -U will not convert it to uppercase and this
leads to failing NTLMv2 authentication
with this patch, there is no difference between
smbclient -U domain\user and smbclient -U user -W domain any more
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Mon May 16 11:42:55 CEST 2011 on sn-devel-104
|
|
Guenther
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Apr 30 20:40:46 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Apr 30 18:16:28 CEST 2011 on sn-devel-104
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Apr 29 14:00:30 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Apr 28 03:15:32 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Apr 27 21:56:29 CEST 2011 on sn-devel-104
|
|
never end up with a NULL pointer).
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Apr 27 00:25:35 CEST 2011 on sn-devel-104
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
(cherry picked from commit 69650a2aaa8649570261df7efccb35ad76d7cfc1)
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Apr 16 16:20:08 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Apr 3 18:32:51 CEST 2011 on sn-devel-104
|
|
We might find a better name for it and merge other namequery related things as
well here...
Guenther
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Mar 27 19:50:21 CEST 2011 on sn-devel-104
|
|
|
|
|
|
All callers had to cast this anyway
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb 27 11:02:53 CET 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Dec 20 17:58:33 CET 2010 on sn-devel-104
|
|
|
|
Now that 'client ntlmv2 auth = yes' is the default, make it more clear
what options a user may need to enable to get this to work.
Andrew Bartlett
|
|
It is never correct to ask for a machine$ principal as the target of a
kerberos connection. You should always connect via the
servicePrincipalName.
This current code appears to have built up from a series of minimal
changes, as the codebase adapted the to lack of a SPNEGO principal
from Windows 2008.
Andrew Bartlett
|
|
This principal is not supplied by later versions of windows, and using
it opens up some oportunities for man in the middle attacks. (Becuase
it isn't the name being contacted that is verified with the KDC).
This adds the option 'client use spnego principal' to the smb.conf (as
used in Samba4) to control this behaivour. As in Samba4, this
defaults to false.
Against 2008 servers, this will not change behaviour. Against earlier
servers, it may cause a downgrade to NTLMSSP more often, in
environments where server names are not registered with the KDC as
servicePrincipalName values.
Andrew Bartlett
|
|
Found by the CodeNomicon test suites at the SNIA plugfest.
http://www.codenomicon.com/
If an invalid NetBIOS session request is received the code in name_len() in
libsmb/nmblib.c can hit an assert.
Re-write name_len() and name_extract() to use "buf/len" pairs and
always limit reads.
Jeremy.
|
|
Found by the CodeNomicon test suites at the SNIA plugfest.
http://www.codenomicon.com/
If an invalid SPNEGO packet contains no OIDs we crash in the SMB1/SMB2 server
as we indirect the first returned value OIDs[0], which is returned as NULL.
Jeremy.
|
|
Guenther
|
|
The too small array makes UID-REGRESSION-FIX fail on 32bit
architectures.
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
<andreas.moroder@gmx.net>".
Jeremy.
|
|
Guenther
|
|
|
|
|
|
Guenther
|
|
contexts.
Jeremy.
|
|
context tallocs.
Jeremy.
|