summaryrefslogtreecommitdiff
path: root/source3/libsmb/cliconnect.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r17571: Change the return code of cli_session_setup from BOOL to NTSTATUSVolker Lendecke1-27/+38
Volker (This used to be commit 94817a8ef53589011bc4ead4e17807a101acf5c9)
2007-10-10r17216: From Kai Blin <kai.blin@gmail.com>:Andrew Bartlett1-0/+1
A patch to make ntlm_auth recognize three new commands in ntlmssp-client-1 and squid-2.5-ntlmssp: The commands are the following: Command: SF <hex number> Reply: OK Description: Takes feature request flags similar to samba4's gensec_want_feature() call. So far, only NTLMSSP_FEATURE_SESSION_KEY, NTLMSSP_FEATURE_SIGN and NTLMSSP_FEATURE_SEAL are implemented, using the same values as the corresponding GENSEC_FEATURE_* flags in samba4. Command: GF Reply: GF <hex number> Description: Returns the negotiated flags. Command: GK Reply: GK <base64 encoded session key> Description: Returns the negotiated session key. (These commands assist a wine project to use ntlm_auth for signing and sealing of bulk data). Andrew Bartlett (This used to be commit bd3e06a0e4435f1c48fa3b7862333efe273119ee)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-17/+22
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r15755: Fix Coverity bug # 294. Apparently password can be NULL, but ↵Volker Lendecke1-0/+4
cli_session_setup derefences it. Volker (This used to be commit b013b6908d22cfd38fcc56a9cb2ca675d75996d1)
2007-10-10r15681: fix segv in 'kinit && net ads join'Gerald Carter1-5/+3
(This used to be commit d77768cb237461b06119ee19f822b120623d77dd)
2007-10-10r15610: Fix Coverity #288 - possible null deref.Jeremy Allison1-3/+11
Jeremy. (This used to be commit b108ab7b122cc607f31772614b221379403b211b)
2007-10-10r15589: While trying to understand the vuid code I found that security=share ↵Volker Lendecke1-1/+3
is broken right now. r14112 broke it, in 3.0.22 register_vuid for security=share returns UID_FIELD_INVALID which in current 3_0 is turned into an error condition. This makes sure that we only call register_vuid if sec!=share and meanwhile also fixes a little memleak. Then I also found a crash in smbclient with sec=share and hostmsdfs=yes. There's another crash with sec=share when coming from w2k3, but I need sleep now. Someone (jerry,jra?) please review the sesssetup.c change. Thanks, Volker (This used to be commit 8059d0ae395604503cad3d9f197928305923e3f5)
2007-10-10r15162: Patch for bug #3668. Windows has a bug with LARGE_READXJeremy Allison1-3/+19
where if you ask for exactly 64k bytes it returns 0. Jeremy. (This used to be commit dcef65acb5bc08ea4b61ef490a518b7e668ff2ee)
2007-10-10r14585: Tighten argument list of kerberos_kinit_password again,Günther Deschner1-1/+1
kerberos_kinit_password_ext provides access to more options. Guenther (This used to be commit afc519530f94b420b305fc28f83c16db671d0d7f)
2007-10-10r13502: Fix error messages for usershares when smbd is notJeremy Allison1-3/+10
running. More generic error return cleanup in libsmb/ needs doing (everything returning NTSTATUS not BOOL). Jeremy (This used to be commit 654bb9853b450c5d509d182f67ec26ac320fd590)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-1/+1
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13310: first round of server affinity patches for winbindd & net ads joinGerald Carter1-5/+7
(This used to be commit 6c3480f9aecc061660ad5c06347b8f1d3e11a330)
2007-10-10r11975: Fix valgrind error -- bug 3291Volker Lendecke1-0/+1
(This used to be commit 9a6ce67fbf89ea7fc9eed72776dff4712ba67e2b)
2007-10-10r11511: A classic "friday night check-in" :-). This moves muchJeremy Allison1-2/+2
of the Samba4 timezone handling code back into Samba3. Gets rid of "kludge-gmt" and removes the effectiveness of the parameter "time offset" (I can add this back in very easily if needed) - it's no longer being looked at. I'm hoping this will fix the problems people have been having with DST transitions. I'll start comprehensive testing tomorrow, but for now all modifications are done. Splits time get/set functions into srv_XXX and cli_XXX as they need to look at different timezone offsets. Get rid of much of the "efficiency" cruft that was added to Samba back in the day when the C library timezone handling functions were slow. Jeremy. (This used to be commit 414303bc0272f207046b471a0364fa296b67c1f8)
2007-10-10r11240: * fix invalid read reported by valgrind in theGerald Carter1-1/+1
spoolss backchannel connection by rewriting spoolss_connect_to_client(). Ensure that we save the cli_state* in the rpc_pipe_client struct. * fix typo in debug message in cli_start_connection" (This used to be commit 18400f96628ffdd332c2fb2aa52b5e9aee5cb3ce)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-24/+3
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r8572: Remove crufty #define NO_SYSLOG as it's not used at all anymore.Tim Potter1-2/+0
(This used to be commit 985dbb47d925e79c1195ca219f7ab5d6648b22b8)
2007-10-10r6225: get rid of warnings from my compiler about nested externsHerb Lewis1-2/+1
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
2007-10-10r5994: proper fix for smbclient and win98 file servers; check the WCT value ↵Gerald Carter1-2/+6
in the tcon&X reply before setting the cli_state->dfsroot flag (This used to be commit d3822d889dbc0812335e9242566256a0f88bc00d)
2007-10-10r5952: BUG 2469: patch from Jason Mader to cleanup compiler warning when not ↵Gerald Carter1-0/+4
using krb5 (This used to be commit 19a639ac468237b22f16d917c0150fbf10c9623e)
2007-10-10r5729: partial fixes for BUG 2308; libsmbclient patches from Derrell Lipman ↵Gerald Carter1-1/+6
<derrell.lipman@unwireduniverse.com> (This used to be commit 88678bc05c3018eb181f97523a0b84b60e3c358d)
2007-10-10r5518: Add initial msdfs support to smbclient. Currently I can onlyGerald Carter1-0/+3
cd up and down the tree and get directory listings. Still have to figure out how to get a directory listing on a 2k dfs root. Also have to work out some issues with relative paths that cross dfs mount points. We're protected from the new code paths when connecting to a non-dfs root share ( the flag from the tcon&X is stored in the struct cli_state* ) (This used to be commit e57fd2c5f00de2b11a2b44374830e89a90bc0022)
2007-10-10r5495: * add in some code from Mike Nix <mnix@wanm.com.au> for the SMBsplopenGerald Carter1-1/+1
and SMBsplclose commands (BUG 2010) * clarify some debug messages in smbspool (also from Mike) my changes: * start adding msdfs client routines * enable smbclient to maintain multiple connections * set the CAP_DFS flag for our internal clienht routines. I actualy have a dfs referral working in do_cd() but that code is too ugly to live so I'm not checking it in just yet. Further work is to merge with vl's changes in trunk to support multiple TIDs per cli_state *. (This used to be commit 0449756309812d854037ba0af631abad678e670e)
2007-10-10r4970: Fix for bug 2092, allowing fallback after kerberos and allowJeremy Allison1-2/+6
gnome vfs to prevent auto-anonymous logon. Jeremy. (This used to be commit 843e85bcd978d025964c4d45d9a3886c7cf7f63c)
2007-10-10r4917: Merge some of Derrell.Lipman@UnwiredUniverse.com obvious fixes.Jeremy Allison1-1/+6
Added text explaining units in pdbedit time fields. Jeremy. (This used to be commit 3d09c15d8f06ad06fae362291a6c986f7b6107e6)
2007-10-10r4186: Fix client & server to allow 127k READX calls.Jeremy Allison1-6/+9
Jeremy. (This used to be commit 831cb21a874601e4536c2cf76c5351e1d0defcb5)
2007-10-10r3377: Merge in first part of modified patch from Nalin Dahyabhai ↵Jeremy Allison1-1/+1
<nalin@redhat.com> for bug #1717.The rest of the code needed to call this patch has not yet been checked in (that's my next task). This has not yet been tested - I'll do this once the rest of the patch is integrated. Jeremy. (This used to be commit 7565019286cf44f43c8066c005b1cd5c1556435f)
2007-10-10r2466: Fix memleak found by sean.chandler@verizon.net.Volker Lendecke1-1/+6
Thanks! Volker (This used to be commit 587d863ae87042e0193b8d27b52ab3f75c58974b)
2007-10-10r2371: Fix for talking to OS/2 clients (max_mux ignored) by Guenter Kukkukk ↵Jeremy Allison1-0/+1
<guenter.kukkukk@kukkukk.com>. Bugid #1590. Jeremy. (This used to be commit 330025d1a669de927a3879a9c3a9fc20e1be464f)
2007-10-10r1612: Fix bug #1571 found by Guenter Kukkukk <guenter.kukkukk@kukkukk.com>Andrew Bartlett1-2/+5
(Botched LANMAN2 session setup code) Andrew Bartlett (This used to be commit 3baa4ef6c58eb13bec1a8ddb1561a504f4a16107)
2007-10-10r1487: Remove unused parameter for the client-side signing functions.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 6d594d5bb119b6bc3f4c7699752666ac24d04745)
2007-10-10r525: More memory leak fixes from kawasa_r@itg.hitachi.co.jp in error codeJeremy Allison1-5/+9
paths. Jeremy. (This used to be commit 88a97beac4f445f2a472167b3e5c0e8e1d019d17)
2007-10-10r523: Fix from kawasa_r@itg.hitachi.co.jp to initialise blob structs.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 6d0bdccaa67a2965fde5f9dff6cdc4059b8fbc90)
2007-10-10r176: Improve our fallback code for password changes - this would be betterAndrew Bartlett1-19/+44
with more correct NTLMSSP support in client and server, but it will do for now. Also implement LANMAN password only in the classical session setup code, but #ifdef'ed out. In Samba4, I'll make this run-time so we can torture it. Lanman passwords over 14 dos characters long could be considered 'invalid' (they are truncated) - so SMBencrypt now returns 'False' if it generates such a password. Andrew Bartlett (This used to be commit 565305f7bb30c08120c3def5367adfd6f5dd84df)
2004-03-31fix typoHerb Lewis1-2/+2
(This used to be commit 4b737b51a5cf0a862f4c1bd67d9d3dd49cc81b65)
2004-03-27Revert bogus part of smb signing commit - when Win2k supports singing/SPNEGO,Andrew Bartlett1-1/+1
it does sign the first packet. Andrew Bartlett (This used to be commit 4b9c50db853eaf9eb8c68b85760c40c1a8f9bd94)
2004-03-27Based on the detective work of Jianliang Lu <j.lu@tiesse.com>, allow yetAndrew Bartlett1-3/+5
another NTLMv2 combination. We should allow the NTLMv2 response to be calculated with either the domain as supplied, or the domain in UPPER case (as we always did in the past). As a client, we always UPPER case it (as per the spec), but we also make sure to UPPER case the domain, when we send it. This should give us maximum compatability. Andrew Bartlett (This used to be commit 1e91cd0cf87b29899641585f46b0dcecaefd848e)
2004-03-27Merge from HEAD the SMB signing patch that I developed a couple of weeksAndrew Bartlett1-9/+14
ago. This patch re-adds support for 'optional' SMB signing. It also ensures that we are much more careful about when we enable signing, particularly with on-the-fly smb.conf reloads. The client code will now attempt to use smb signing by default, and disable it if the server doesn't correctly support it. Andrew Bartlett (This used to be commit e27b5cbe75d89ec839dafd52dd33101885a4c263)
2004-03-24Fix bugzilla # 1208Jim McDonough1-1/+1
Winbind tickets expired. We now check the expiration time, and acquire new tickets. We couln't rely on renewing them, because if we didn't get a request before they expired, we wouldn't have renewed them. Also, there is a one-week limit in MS on renewal life, so new tickets would have been needed after a week anyway. Default is 10 hours, so we should only be acquiring them that often, unless the configuration on the DC is changed (and the minimum is 1 hour). (This used to be commit c2436c433afaab4006554a86307f76b6689d6929)
2004-03-19updating release notes & merging Derrel Lipman's libsmbclient patch from HEADGerald Carter1-20/+66
(This used to be commit 5fbfaa687a3674287eeadd205f56b2b253a9e2a9)
2004-01-15* BUG 446Gerald Carter1-1/+1
- setup_logging() in smbclient to be interactive (remove the timestamps) - Fix bad return value in pull_ucs2( needs more testing to make sure this didn't break something else) that caused clistr_pull() to always read the same string from the buffer (pull_usc2() could return -1 if the original source length was given as -1) - increment some debugging messages to avoid printing them out so often (This used to be commit 79fe75dcdf6cc38e18ca1231e4357893db4d4a08)
2004-01-08This merges in my 'always use ADS' patch. Tested on a mix of NT and ADSAndrew Bartlett1-14/+17
domains, this patch ensures that we always use the ADS backend when security=ADS, and the remote server is capable. The routines used for this behaviour have been upgraded to modern Samba codeing standards. This is a change in behaviour for mixed mode domains, and if the trusted domain cannot be reached with our current krb5.conf file, we will show that domain as disconnected. This is in line with existing behaviour for native mode domains, and for our primary domain. As a consequence of testing this patch, I found that our kerberos error handling was well below par - we would often throw away useful error values. These changes move more routines to ADS_STATUS to return kerberos errors. Also found when valgrinding the setup, fix a few memory leaks. While sniffing the resultant connections, I noticed we would query our list of trusted domains twice - so I have reworked some of the code to avoid that. Andrew Bartlett (This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
2004-01-08Make it clearer that the domain here is the domain of the user forAndrew Bartlett1-5/+5
authentication. Andrew Bartlett (This used to be commit 7e6cc8f0037f9948230a1e1bd380f30cec5d511e)
2004-01-04Even if the 'device type' is always an ascii string, use push_string to getAndrew Bartlett1-1/+1
it out onto the wire. Avoids valgrind warnings because the fstrcpy() causes part of the wire buffer to be 'marked'. Andrew Bartlett (This used to be commit 53d802c72aa712e099dc8de666ab66a21e18fae1)
2003-12-27Preliminary fix for our signing problem with failed NTLMSSP logins. This patchVolker Lendecke1-7/+15
solves the problem for me here, I can still successfully set up signing using NTLMSSP against w2k3 and it does not show a signing error anymoe when the password was wrong. Jeremy, you might want to take a further look at it as this is not particularly elegant. Volker (This used to be commit f5afaafd61dc7bd191225ffa8eee184125dd97c3)
2003-12-04Fix incorrect smb flags2 for connections to pre-NT servers (causes smbclient toSteve French1-0/+7
fail to OS2 for example) (This used to be commit 54e2fcb8f4a9d603b3210baa014b3f5f15070a22)
2003-12-01Client connect signing error messages should be level zero elseJeremy Allison1-2/+2
they're easy to miss. Jeremy. (This used to be commit 7fa89b093709053650d197d2d0f091b9a1cd8218)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-35/+64
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-09-16Fix #442 which Alexander considered a showstopper. Allow us to join mixedJeremy Allison1-8/+0
mode domains. Jeremy. (This used to be commit c816aacefb6621533194a374251835f186ca838f)
2003-09-06address bug #359. Andrew B's patch for implementing clientGerald Carter1-4/+1
portion of NTLMv2 key exchange. Also revert the default for 'client ntlmv2 auth' to no. This caused no ends of grief in different cases. And based on abartlet's mail.... > All I care about at this point is that we use NTLMv2 > in our client code when connecting to a server that > supports it. There is *no* way to tell this. The server can't tell us, because it doesn't know what it's DC supports. The DC can't tell us, because it doesn't know what the trusted DC supports. One DC might be Win2k, and the PDC could be an older NT4. (This used to be commit fe585d49cc3df0d71314ff43d3271d276d7d4503)