summaryrefslogtreecommitdiff
path: root/source3/libsmb/cliconnect.c
AgeCommit message (Collapse)AuthorFilesLines
2002-01-11Fix up 'net ads join' to delete and rejoin if the account already exists.Andrew Bartlett1-1/+1
This fixes up a problem where a machine would join (or downgrade by trust password change) to NT4 membership and not be able to regain full ADS membership until a 'net ads leave'. Andrew Bartlett (This used to be commit ab8ff85f03b25a0dfe4ab63886a10da81207393c)
2002-01-06Check for winbind separator in user name for cli_session_setup()Tim Potter1-1/+2
Patch from Alexander Bokovoy <a.bokovoy@sam-solutions.net> (This used to be commit 6c42bf208976ed3020e57efff6281f984d9fe893)
2001-12-31Ensure the output cli can't have spurious values if the connection fails...Andrew Bartlett1-1/+7
(This used to be commit 2d1612dd3560bb5ef35fa1eeee00e3d7976bcd62)
2001-12-21- handle kerberos session setup reply with broken null terminationAndrew Tridgell1-4/+5
- don't display Domain=[] for auth protocols that don't give us a domain (This used to be commit 20368455ea59e6e9b85632848bbe92069e7b0f38)
2001-12-21try to handle end of packet for not null terminated domain stringsAndrew Tridgell1-1/+3
(This used to be commit 1da988456dbd885820093ae43c74e0ac66f72802)
2001-12-11handle a NULL hostname in cli_connect()Andrew Tridgell1-0/+3
(This used to be commit a181f49b4269baa1752ce6ed4f9093e38d2d3ce5)
2001-12-11detect attempts to connect to names of the type NAME#xx and do aAndrew Tridgell1-1/+11
netbios lookup for name NAME with node type xx. This affects all our client progs. Very useful :) (This used to be commit b4304c5231159fc6295c445f2eb4470c179b8d5e)
2001-12-04when using non-encrypted password ignore the ntpass variable toAndrew Tridgell1-2/+2
session setup (This used to be commit c7665706cd5633ede710afe41413624124038238)
2001-12-03This change reworkes the connection code for both rpcclient and net newAndrew Bartlett1-1/+113
'net' untility. This should make it easier to port rpcclient code across to net. It also allows SPNEGO (the NTLMSSP subsystem in particular) to work, becouse it kills off the early destruction of the clear-text password. Andrew Bartlett (This used to be commit eee925861a3af3aa16efa3b1700a980c9510c14e)
2001-11-28fixed some krb5 ifdefsAndrew Tridgell1-2/+2
(This used to be commit 23ef22f11700bbaa5778a9678a990a2b041fcefe)
2001-11-28fixed a core dump in server level securityAndrew Tridgell1-2/+4
(This used to be commit e790bb21d3895bef97522b68c6f00812e6c286f2)
2001-11-28fix a bunch of places where we can double-free a cli structureAndrew Tridgell1-4/+4
(This used to be commit e2ba2383c9f679c076749a8f4fccefc3559e37ec)
2001-11-26Got medieval on another pointless extern. Removed extern struct ipzeroTim Potter1-2/+1
and replaced with two functions: void zero_ip(struct in_adder *ip); BOOL is_zero_ip(struct in_addr ip); (This used to be commit 778f5f77a66cda76348a7c6f64cd63afe2bfe077)
2001-11-26use DEBUG() not d_printf() in librariesAndrew Tridgell1-2/+2
(This used to be commit 5100ae4ae032545edaf525de1dfbe5dc9dafecfc)
2001-11-25Add a new torture test to extract a NT->DOS error map from an NT member of aAndrew Bartlett1-4/+1
samba domain. The PDC must be running a special authenticaion module that spits out NT errors based on username. Andrew Bartlett (This used to be commit adc7a6048c13342b79b6228beafb5142c50f318d)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett1-1/+1
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-20- make sure we use a non-zero session id so we can have multiple connsAndrew Tridgell1-8/+4
open to w2k - fix the string handling in the device name to match NT and smbd - don't pull the domain from negprot if CAP_EXTENDED_SECURITY is set (This used to be commit 618989b386b5564ba140afdc17ce7a07040c3c4e)
2001-11-14Removed the "reestablish" code. Tridge - scream if this was needed....Jeremy Allison1-51/+0
Jeremy. (This used to be commit e6afe40f85d7dbe79322c82dac735d901e7e71df)
2001-11-05free the negTokenInit structureAndrew Tridgell1-0/+2
(This used to be commit 5b1c942a5cab828ebfcf2e8f5decb754c4cdb70e)
2001-11-05merge from 2.2. Why is STR_CONVERT missing when comparingGerald Carter1-1/+1
2.2 to HEAD? (This used to be commit 4f47daf97b9e74ec75287f46e2c4aeddc944779e)
2001-10-29This patch applied, except without the structure changes to nmblib.cAndrew Bartlett1-1/+1
Andrew Bartlett. From kai@cmail.ru Mon Oct 29 18:50:42 2001 Date: Fri, 19 Oct 2001 17:26:06 +0300 From: Andrew V. Samoilov <kai@cmail.ru> To: samba-technical@lists.samba.org Subject: [patch]: makes some arrays const to be shared between processes Hi! This patch makes some arrays const. So these arrays go to text/rodata segment and are shared between all of the processes which use shared library with these arrays. Regards, Andrew V. Samoilov. P.S. Please cc your answer to kai@cmail.ru, I don't subscribed to this list. ChangeLog: * cliconnect.c (prots): Make const. * clierror.c (rap_errmap): Likewise. * nmblib.c (nmb_header_opcode_names): Likewise. (lookup_opcode_name): Make opcode_namep const. Eliminate i. * nterr.c (nt_err_code_struct): Typedef const. * smberr.c (err_code_struct): Make const. (err_classes): Likewise. (This used to be commit cb84485a2b0e1fdcb6fa90e0bfb97e125ae1b3dd)
2001-10-23more compiler warningsHerb Lewis1-2/+2
(This used to be commit 12c10e876ea528fdf33e8ecfe42ab0ebb346b143)
2001-10-22a quick fix to get rpcclient working again. This just disablesAndrew Tridgell1-0/+4
NTLMSSP in cli_establish_connection() What we really need to do is kill off the pwd_cache code. It is horrible, and assumes the challenge comes in the negprot reply. (This used to be commit 3f919b4360b3bfcc133f7d88bc5177e9d93f2db2)
2001-10-21Ok, I know it's a language thing and it shouldn't matter.... but a kerberosJeremy Allison1-7/+7
name is a "principal", not a principle. English majors will complain :-). Jeremy. (This used to be commit b668d7d656cdd066820fb8044f24bcd4fda29524)
2001-10-21made smbclient cope better with arbitrary principle formsAndrew Tridgell1-0/+4
(This used to be commit d1341d74b7aa5f6b3f72e5409b245f87f1ad670b)
2001-10-21support both old and new kerberos OIDsAndrew Tridgell1-1/+2
(This used to be commit eac164c7e650a8f855e7b662b126a5dfc5516927)
2001-10-18the beginnings of kerberos support in smbd. It doesn't work yet, butAndrew Tridgell1-0/+4
it should give something for others to hack on and possibly find what I'm doing wrong. (This used to be commit 353c290f059347265b9be2aa1010c2956da06485)
2001-10-17added basic NTLMSSP support in smbd. This is still quite rough, andAndrew Tridgell1-12/+20
loses things like username mapping. I wanted to get this in then discuss it a bit to see how we want to split up the existing session setup code (This used to be commit b74fda69bf23207c26d8b2af23910d8f2eb89875)
2001-10-14fixed NTLMSSP with XP servers (who don't send the duplicate challengeAndrew Tridgell1-0/+8
in the asn1 spnego structures) (This used to be commit 131010e9fb842b4d5a8660c538a3313c95fadae7)
2001-10-14fixed two bugs in the NTLMSSP codeAndrew Tridgell1-2/+8
- handle servers that don't send a kerberos principle (non-member servers) - enable spnego without KRB5 (This used to be commit b218d465a1968a11d2d6a42afa7e552fea8b7f5e)
2001-10-12moved some OIDs to the ASN.1 headerAndrew Tridgell1-2/+2
(This used to be commit 7092beef9d7a68018ede569883b22c822300c7ff)
2001-10-12added NTLMSSP authentication to libsmb. It seems to work well so I have ↵Andrew Tridgell1-52/+154
enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM (This used to be commit 076aa97bee54d182288d9e93ae160ae22a5f7757)
2001-10-11added a ASN.1 parser, so now I can properly parse the negTokenInitAndrew Tridgell1-1/+32
packet which means I can extract the service and realm, so we should now work with realms other than the local realm. it also means we now check the list of OIDs given by the server just in case it says that it doesn't support kerberos. In that case we should fall back to NTLMSSP but that isn't written yet. (This used to be commit 395cfeea94febb5280ea57027e8a8a3c7c3f9291)
2001-10-11initial kerberos/ADS/SPNEGO support in libsmb and smbclient. ToAndrew Tridgell1-144/+387
activate you need to: - install krb5 libraries - run configure - build smbclient - run kinit to get a TGT - run smbclient with the -k option to choose kerberos auth (This used to be commit d33057585644e1337bac743e25ed7653bfb39eef)
2001-09-05use cli_is_error() instead of looking in smb_rcls, otherwise NT statusAndrew Tridgell1-7/+5
codes don't work correctly (This used to be commit 55d5828e608671f070a9e96938be0d16d50aeb26)
2001-08-24fixed handling of 139/445 in clientsAndrew Tridgell1-1/+1
(This used to be commit 22b372f8a7996a19bebb8cdb411df999cffa32a4)
2001-08-24Fixed debug in cli_establish_connection() - print out the called name onTim Potter1-1/+1
connection failure rather than the calling name. (This used to be commit 946f6eb9320c9897942adee8b513d8caaa3232c0)
2001-08-23better error reporting for servers that don't do port 445Andrew Tridgell1-1/+4
(This used to be commit a896dc299eba12886d800e6c88309d534232cabc)
2001-08-22added port 445 support to our client codeAndrew Tridgell1-5/+19
(This used to be commit 0c3120ae475fb53662d6ab9f0d96a832c3c90625)
2001-08-20a bunch of fixes from the sflight to seattleAndrew Tridgell1-1/+0
in particular: - fixed NT status code for a bunch of ops - fixed handling of protocol levels in ms_fnmatch (This used to be commit 3eba9606f71f90bfd9820af26f8676277ed22390)
2001-08-10A rewrite of the error handling in the libsmb client code. I've separatedTim Potter1-0/+9
out the error handling into a bunch of separate functions rather than all being handled in one big function. Fetch error codes from the last received packet: void cli_dos_error(struct cli_state *cli, uint8 *eclass, uint32 *num); uint32 cli_nt_error(struct cli_state *); Convert errors to UNIX errno values: int cli_errno_from_dos(uint8 eclass, uint32 num); int cli_errno_from_nt(uint32 status); int cli_errno(struct cli_state *cli); Detect different kinds of errors: BOOL cli_is_dos_error(struct cli_state *cli); BOOL cli_is_nt_error(struct cli_state *cli); BOOL cli_is_error(struct cli_state *cli); This also means we now support CAP_STATUS32 as we can decode and understand NT errors instead of just DOS errors. Yay! Ported a whole bunch of files in libsmb to use this new API instead of the just the DOS error. (This used to be commit 6dbdb0d813f3c7ab20b38baa1223b0b479aadec9)
2001-07-08formatting fixAndrew Tridgell1-1/+1
(This used to be commit 3dc9fd076a2c4c352d51f7b9dfa8b570a231c9e2)
2001-07-04strchr and strrchr are macros when compiling with optimisation in gcc, so we ↵Andrew Tridgell1-1/+1
can't redefine them. damn. (This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf)
2001-07-04The big character set handling changeover!Andrew Tridgell1-30/+23
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)
2001-06-25- make the regresison test mode code build in by default. This shouldAndrew Tridgell1-4/+1
allow us to have test targets without special configure options - fixed make proto so that it actually does something (This used to be commit 55109a752578e9389d853cb27ec17c2114ecff77)
2001-06-22added the ability to test smbd safely as an ordinary user. The way it works isAndrew Tridgell1-3/+9
that libsmb/ creates a local tcp socket then launches smbd as a subprocess attached to that socket. smbd thinks it is being launched from inetd. to use it do the following: - compile with -DSMB_REGRESSION_TEST - run like this (also works with smbtorture etc) export SMBD_TEST=1 export LIBSMB_PROG=bin/smbd smbclient //server/share -Uuser%pass obviously you need to setup a smb.conf etc. Using --prefix to configure is useful. The aim of all this stuff is to add a decent set of regression tests to the build farm, so we know if smbd actually runs correctly on all the platforms, not just builds. We can run smbtorture, masktest, locktest etc, plus a bunch of smbclient scripts and any new tests we write. This doesn't help much with nmbd (at least not yet) but its a good start. (This used to be commit 7e8e6ae9a88c4d2587eb4e7f0501cd71bd36ebb2)
2001-06-21Added STR_NOALIGN flags to clistr and srvstr fns. Yes, NT actually doesAndrew Tridgell1-0/+6
send unaligned unicode strings sometimes! Fixed our handling of the workgroup name tacked on the end of the NT1 negprot response (a unaligned unicode) fixed a couple of places where we should be using the message_end fns instead of pre-calculated buffer lengths (This used to be commit 86613493a9b2e56523153486931d0bf8d39beb7a)
2001-03-14set of changes in the beginning of bringing rpcclient changesGerald Carter1-1/+1
back to working order. The main change is that the cli_*() RPC functions from libsmb/*.c now should accept a struct cli_state*. The reason for this is that rpcclient should establish the connection to the server at startup so that it is not necessary to keep the clear test or password hash in memory for each command. enumports and enumprinters now works as well. lsa* functions have been tested. SAMR calls may or may not work (one of the core dumps I know), but it compiles :-) jerry (This used to be commit d98ac8852ae6b39b6fcff92c346ba56d9e63c518)
2001-03-10to use the same macros in the client and server rename the CLISTR_Andrew Tridgell1-12/+12
macros to STR_ (This used to be commit 95c9e4e0ba8f37f565aaf136f41eb76489441ff7)
2001-03-01Fixed compiler warning.Tim Potter1-4/+4
(This used to be commit 33e5c56ab049fe5e156579dbf2f9cd54897f1dd3)