Age | Commit message (Collapse) | Author | Files | Lines |
|
"workgroup"
Unify the handling of the sessionsetup parsing so we don't get different
results when parsing a guest reply than an ntlmssp reply.
Jeremy.
|
|
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
should quieten some warnings with picky compilers on the buildfarm.
Jeremy.
|
|
|
|
|
|
|
|
Jeremy.
|
|
|
|
|
|
|
|
|
|
|
|
We store the seqnum/mid mapping in the cli_request structure
for async requests and in the cli_state structure for sync calls.
We skip the signing check for oplock requests while waiting
for async requests coming in.
metze
|
|
|
|
|
|
password talloc'ed strings within the cli_struct.
Jeremy.
|
|
|
|
*cli_initialise_ex()
This prepares the next changes.
metze
|
|
This is only cosmetic, but it makes it easier to understand.
metze
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The pushed strlen replaces the STR_TERMINATE flag which I personally always
find very confusing.
|
|
|
|
version.h changes rather frequently. Since it is included via includes.h,
this means each C file will be a cache miss. This applies to the following
situations:
* When building a new package with a new Samba version
* building in a git branch after calling mkversion.sh
after a new commit (i.e. virtually always)
This patch improves the situation in the following way:
* remove inlude "version.h" from includes.h
* Use samba_version_string() instead of SAMBA_VERSION_STRING
in files that use no other macro from version.h instead of
SAMBA_VERSION_STRING.
* explicitly include "version.h" in those files that use more
macros from "version.h" than just SAMBA_VERSION_STRING.
Michael
|
|
the connections list and authentication structures to worry about.
Jeremy
|
|
SMB signing works the same regardless of the used auth mech.
We need to start with the temp signing ("BSRSPYL ")
and the session setup response with NT_STATUS_OK
is the first signed packet.
Now we set the krb5 session key if we got the NT_STATUS_OK
from the server and then recheck the packet.
All this is needed to make the fallback from krb5 to
ntlmssp possible. This commit also resets the cli->vuid
value to 0, if the krb5 auth didn't succeed. Otherwise
the server handles NTLMSSP packets as krb5 packets.
The restructuring of the SMB signing code is needed to
make sure the krb5 code only starts the signing engine
on success. Otherwise the NTLMSSP fallback could not initialize
the signing engine (again).
metze
|
|
|
|
|
|
|
|
This parameter makes smb_spice_chain add padding before the bytes field
|
|
|
|
|
|
|
|
Every sane compiler will only allocate "*SMBSERVER" once
|
|
In this form, the prots array is fully read-only in the text segment and thus
can be shared between processes.
Probably pointless, but I had fun doing it :-)
|
|
Remove three pointless variables
|
|
Also eliminates name conflicts with OneFS system libraries
|
|
|
|
|
|
|
|
otherwise (to clarify we can also pass in structs smaller than
sockaddr_storage, such as sockaddr_in).
|
|
Guenther
|
|
as proposed by James Peach.
Jeremy.
(This used to be commit 5c27ad75836136c39774c9456d63f46fa62e281f)
|
|
buffers for large read/write - make sure we take account of the large
read/write SMB headers as well as the buffer space.
Jeremy.
(This used to be commit 19519bca9b64b736d2fe0447b7cd495f00dba60a)
|
|
Win2008 domain (merged from v3-0-test).
commit 8dc4e979776aae0ecaa74b51dc1eac78a7631405
Author: Steven Danneman <sdanneman@isilon.com>
Date: Wed May 7 13:34:26 2008 -0700
spnego SPN fix when contacting trusted domains
cli_session_setup_spnego() was not taking into consideration the situation
where we're connecting to a trusted domain, specifically one (like W2K8)
which doesn't return a SPN in the NegTokenInit.
This caused two problems:
1) When guessing the SPN using kerberos_get_default_realm_from_ccache() we
were always using our default realm, not the realm of the domain we're
connecting to.
2) When falling back on NTLMSSP for authentication we were passing the name
of the domain we're connecting to for use in our credentials when we should be
passing our own workgroup name.
The fix for both was to split the single "domain" parameter into
"user_domain" and "dest_realm" parameters. We use the "user_domain"
parameter to pass into the NTLM call, and we used "dest_realm" to create an SPN
if none was returned in the NegTokenInit2 packet. If no "dest_realm" is
provided we assume we're connecting to our own domain and use the credentials
cache to build the SPN.
Since we have a reasonable guess at the SPN, I removed the check that defaults
us directly to NTLM when negHint is empty.
(This used to be commit b78b14c88e8354aadf9ba7644bdb1c29245fe419)
|
|
Guenther
(This used to be commit a159ec5f1f3ec8e9232b8f3230a996a3f9986bc1)
|