summaryrefslogtreecommitdiff
path: root/source3/libsmb/cliconnect.c
AgeCommit message (Collapse)AuthorFilesLines
2002-06-16Two things: Check how many paramaters that the LDAP libs take for theAndrew Bartlett1-5/+6
rebind proc (some give an extra paramter to pass a void* paramater) and some small changes for the SMB signing code to reset things when the signing starts, and to 'turn off' signing if the session setup failed. Andrew Bartlett (This used to be commit a8805a34e5d96eeb5ffe15681b241d5a449a6144)
2002-06-16Fix up some of the SMB signing code:Andrew Bartlett1-17/+24
The problem was that *all* packets were being signed, even packets before signing was set up. (This broke the session request). This fixes it to be an 'opt in' measure - that is, we only attempt to sign things after we have got a valid, non-guest session setup as per the CIFS spec. I've not tested this against an MS server, becouse my VMware is down, but at least it doesn't break the build farm any more. Andrew Bartlett (This used to be commit 1dc5a8765876c1ca822e454651f8fd4a551965e9)
2002-06-14Ok, now I can try my first client test...Jeremy Allison1-8/+21
Jeremy. (This used to be commit 9d461933766f26ce772f6d5ea849ef9218c4d534)
2002-06-07A couple of updates for the SmbEncrypt code, and some of its users.Andrew Bartlett1-13/+31
(const, takes unix string as arg) Also update cli_full_connection to take NULL pointers as 'undefined' correctly, and therefore do its own lookup etc. This what was intended, but previously you needed to supply a 0.0.0.0 IP address. Andrew Bartlett (This used to be commit 8fb1a9c6ba07dbf04a6aa1e30fa7bbd4c676ed28)
2002-06-01More cleanup work preparing for SMB signing.Jeremy Allison1-88/+104
Jeremy. (This used to be commit 3c05f7c06fc8c45307ea75128b160a5945fc5197)
2002-05-25Update some of the LM hash code to better respect the seperation betweenAndrew Bartlett1-13/+14
unix and DOS strings. This pushes all the 'have to uppercase, must be 14 chars' stuff behind the the interface. Andrew Bartlett (This used to be commit dec650efa8ab1466114c2e6d469320a319499ea0)
2002-05-25Clean up a few unused functions, add a bit of static etc.Andrew Bartlett1-1/+2
Importantly: The removal of the silly 'delete user script' behaviour when secuity=domain. I have left the name the same - as it still does the (previously documented, but not in smb.conf(5)) sane behaviour of deleting users on request. When we decide what to do with the 'add user' functionality, we might rename it. Andrew Bartlett (This used to be commit cdcfe3671eb7570e15649b77f708e6579055e7bc)
2002-05-24Remove the password length paramater from cli_full_connection - it reallyAndrew Bartlett1-5/+6
didn't make any sense, and its was always just strlen(password) anyway. This fixes it to be strlen(password)+1 Andrew Bartlett (This used to be commit c205b18bd6b9b69200ff3db55f2c641631d4ab40)
2002-05-23Given Jeremy's positive response, and a lack of one from tpot, I'll commitAndrew Bartlett1-147/+1
this: More code cleanup - this lot a bit more dodgy than the last: The aim is to trim pwd_cache down to size. Its overly complex, and a pain to deal with. With a header comment like this: 'obfusticaion is planned' I think it deserved to die (at least partly). This was being done to allow 'cli_establish_connection' to die - its functionality has been replaced by cli_full_connection(), which does not duplicate code everywhere for creating names etc. This also removes the little 'init' fucntions for the various pipes, becouse they were only used in one place, and even then it was dodgy. (I've reworked smbcacls not to use anonymous connections any more, as this will (should) fail with a 'restrict anonymous' PDC). This allowed me to remove cli_pipe_util.c, which was calling cli_establish_connection. tpot: I'm not sure what direction you were going with the client stuff, and you may well have been wanting the init functions. If thats the case, give me a yell and I'll reimplement them against cli_full_connection. Andrew Bartlett (This used to be commit fa67e4626bed623333c571e76e06ccd52cba5cc5)
2002-05-17This removes --with-ssl from Samba.Andrew Bartlett1-13/+0
This option was badly maintained, useless and confused our users and distirbutors. (its SSL, therfore it must be good...) No windows client uses this protocol without help from an SSL tunnel. I can't see any reason why setting up a unix-side SSL wrapper would be any more difficult than the > 10 config options this mess added to samba in any case. On the Samba client end, I think the LIBSMB_PROG hack should be sufficient to start stunnel on the unix side. We might extend this to take %i and %p (IP and port) if there is demand. Andrew Bartlett (This used to be commit b04561d3fd3ee732877790fb4193b20ad72a75f8)
2002-04-15better handling of DOS LANMAN2.1 protocolAndrew Tridgell1-4/+18
(This used to be commit 7f923d738b94eef042b21e4d0143861755620d91)
2002-04-06Always pass NT password as well as Lanman.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 146fb9d12bd3621087193f439e99c13d609ff658)
2002-03-06Removed duplicate \n from debug message.Tim Potter1-21/+13
Small tidyups. (This used to be commit 252da94ebb279c47263dfae36fd016d0a29a6dbf)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-20Fix a couple of memory leaks in the cli_establish_connection() code's failureAndrew Bartlett1-0/+2
case. Thanks to Nigel Williams <nigel@wednesday.demon.co.uk> for spotting these! Andrew Bartlett (This used to be commit 20e0b562283f75606ac9a36f3f104c6aaa294c40)
2002-01-11Same fix as went into 2.2 (I'm waiting for jerry to finish some code).Jeremy Allison1-18/+18
Jeremy. (This used to be commit 01ff6ce4963e1daff019f2b936cef218e1c93f67)
2002-01-11fixed a crash bug in domain auth caused by an uninitialised nt_statusAndrew Tridgell1-0/+2
(This used to be commit 0b0b937b58f4bf4e005fb622f0db19175fc46a47)
2002-01-11Fix up 'net ads join' to delete and rejoin if the account already exists.Andrew Bartlett1-1/+1
This fixes up a problem where a machine would join (or downgrade by trust password change) to NT4 membership and not be able to regain full ADS membership until a 'net ads leave'. Andrew Bartlett (This used to be commit ab8ff85f03b25a0dfe4ab63886a10da81207393c)
2002-01-06Check for winbind separator in user name for cli_session_setup()Tim Potter1-1/+2
Patch from Alexander Bokovoy <a.bokovoy@sam-solutions.net> (This used to be commit 6c42bf208976ed3020e57efff6281f984d9fe893)
2001-12-31Ensure the output cli can't have spurious values if the connection fails...Andrew Bartlett1-1/+7
(This used to be commit 2d1612dd3560bb5ef35fa1eeee00e3d7976bcd62)
2001-12-21- handle kerberos session setup reply with broken null terminationAndrew Tridgell1-4/+5
- don't display Domain=[] for auth protocols that don't give us a domain (This used to be commit 20368455ea59e6e9b85632848bbe92069e7b0f38)
2001-12-21try to handle end of packet for not null terminated domain stringsAndrew Tridgell1-1/+3
(This used to be commit 1da988456dbd885820093ae43c74e0ac66f72802)
2001-12-11handle a NULL hostname in cli_connect()Andrew Tridgell1-0/+3
(This used to be commit a181f49b4269baa1752ce6ed4f9093e38d2d3ce5)
2001-12-11detect attempts to connect to names of the type NAME#xx and do aAndrew Tridgell1-1/+11
netbios lookup for name NAME with node type xx. This affects all our client progs. Very useful :) (This used to be commit b4304c5231159fc6295c445f2eb4470c179b8d5e)
2001-12-04when using non-encrypted password ignore the ntpass variable toAndrew Tridgell1-2/+2
session setup (This used to be commit c7665706cd5633ede710afe41413624124038238)
2001-12-03This change reworkes the connection code for both rpcclient and net newAndrew Bartlett1-1/+113
'net' untility. This should make it easier to port rpcclient code across to net. It also allows SPNEGO (the NTLMSSP subsystem in particular) to work, becouse it kills off the early destruction of the clear-text password. Andrew Bartlett (This used to be commit eee925861a3af3aa16efa3b1700a980c9510c14e)
2001-11-28fixed some krb5 ifdefsAndrew Tridgell1-2/+2
(This used to be commit 23ef22f11700bbaa5778a9678a990a2b041fcefe)
2001-11-28fixed a core dump in server level securityAndrew Tridgell1-2/+4
(This used to be commit e790bb21d3895bef97522b68c6f00812e6c286f2)
2001-11-28fix a bunch of places where we can double-free a cli structureAndrew Tridgell1-4/+4
(This used to be commit e2ba2383c9f679c076749a8f4fccefc3559e37ec)
2001-11-26Got medieval on another pointless extern. Removed extern struct ipzeroTim Potter1-2/+1
and replaced with two functions: void zero_ip(struct in_adder *ip); BOOL is_zero_ip(struct in_addr ip); (This used to be commit 778f5f77a66cda76348a7c6f64cd63afe2bfe077)
2001-11-26use DEBUG() not d_printf() in librariesAndrew Tridgell1-2/+2
(This used to be commit 5100ae4ae032545edaf525de1dfbe5dc9dafecfc)
2001-11-25Add a new torture test to extract a NT->DOS error map from an NT member of aAndrew Bartlett1-4/+1
samba domain. The PDC must be running a special authenticaion module that spits out NT errors based on username. Andrew Bartlett (This used to be commit adc7a6048c13342b79b6228beafb5142c50f318d)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett1-1/+1
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-20- make sure we use a non-zero session id so we can have multiple connsAndrew Tridgell1-8/+4
open to w2k - fix the string handling in the device name to match NT and smbd - don't pull the domain from negprot if CAP_EXTENDED_SECURITY is set (This used to be commit 618989b386b5564ba140afdc17ce7a07040c3c4e)
2001-11-14Removed the "reestablish" code. Tridge - scream if this was needed....Jeremy Allison1-51/+0
Jeremy. (This used to be commit e6afe40f85d7dbe79322c82dac735d901e7e71df)
2001-11-05free the negTokenInit structureAndrew Tridgell1-0/+2
(This used to be commit 5b1c942a5cab828ebfcf2e8f5decb754c4cdb70e)
2001-11-05merge from 2.2. Why is STR_CONVERT missing when comparingGerald Carter1-1/+1
2.2 to HEAD? (This used to be commit 4f47daf97b9e74ec75287f46e2c4aeddc944779e)
2001-10-29This patch applied, except without the structure changes to nmblib.cAndrew Bartlett1-1/+1
Andrew Bartlett. From kai@cmail.ru Mon Oct 29 18:50:42 2001 Date: Fri, 19 Oct 2001 17:26:06 +0300 From: Andrew V. Samoilov <kai@cmail.ru> To: samba-technical@lists.samba.org Subject: [patch]: makes some arrays const to be shared between processes Hi! This patch makes some arrays const. So these arrays go to text/rodata segment and are shared between all of the processes which use shared library with these arrays. Regards, Andrew V. Samoilov. P.S. Please cc your answer to kai@cmail.ru, I don't subscribed to this list. ChangeLog: * cliconnect.c (prots): Make const. * clierror.c (rap_errmap): Likewise. * nmblib.c (nmb_header_opcode_names): Likewise. (lookup_opcode_name): Make opcode_namep const. Eliminate i. * nterr.c (nt_err_code_struct): Typedef const. * smberr.c (err_code_struct): Make const. (err_classes): Likewise. (This used to be commit cb84485a2b0e1fdcb6fa90e0bfb97e125ae1b3dd)
2001-10-23more compiler warningsHerb Lewis1-2/+2
(This used to be commit 12c10e876ea528fdf33e8ecfe42ab0ebb346b143)
2001-10-22a quick fix to get rpcclient working again. This just disablesAndrew Tridgell1-0/+4
NTLMSSP in cli_establish_connection() What we really need to do is kill off the pwd_cache code. It is horrible, and assumes the challenge comes in the negprot reply. (This used to be commit 3f919b4360b3bfcc133f7d88bc5177e9d93f2db2)
2001-10-21Ok, I know it's a language thing and it shouldn't matter.... but a kerberosJeremy Allison1-7/+7
name is a "principal", not a principle. English majors will complain :-). Jeremy. (This used to be commit b668d7d656cdd066820fb8044f24bcd4fda29524)
2001-10-21made smbclient cope better with arbitrary principle formsAndrew Tridgell1-0/+4
(This used to be commit d1341d74b7aa5f6b3f72e5409b245f87f1ad670b)
2001-10-21support both old and new kerberos OIDsAndrew Tridgell1-1/+2
(This used to be commit eac164c7e650a8f855e7b662b126a5dfc5516927)
2001-10-18the beginnings of kerberos support in smbd. It doesn't work yet, butAndrew Tridgell1-0/+4
it should give something for others to hack on and possibly find what I'm doing wrong. (This used to be commit 353c290f059347265b9be2aa1010c2956da06485)
2001-10-17added basic NTLMSSP support in smbd. This is still quite rough, andAndrew Tridgell1-12/+20
loses things like username mapping. I wanted to get this in then discuss it a bit to see how we want to split up the existing session setup code (This used to be commit b74fda69bf23207c26d8b2af23910d8f2eb89875)
2001-10-14fixed NTLMSSP with XP servers (who don't send the duplicate challengeAndrew Tridgell1-0/+8
in the asn1 spnego structures) (This used to be commit 131010e9fb842b4d5a8660c538a3313c95fadae7)
2001-10-14fixed two bugs in the NTLMSSP codeAndrew Tridgell1-2/+8
- handle servers that don't send a kerberos principle (non-member servers) - enable spnego without KRB5 (This used to be commit b218d465a1968a11d2d6a42afa7e552fea8b7f5e)
2001-10-12moved some OIDs to the ASN.1 headerAndrew Tridgell1-2/+2
(This used to be commit 7092beef9d7a68018ede569883b22c822300c7ff)
2001-10-12added NTLMSSP authentication to libsmb. It seems to work well so I have ↵Andrew Tridgell1-52/+154
enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM (This used to be commit 076aa97bee54d182288d9e93ae160ae22a5f7757)
2001-10-11added a ASN.1 parser, so now I can properly parse the negTokenInitAndrew Tridgell1-1/+32
packet which means I can extract the service and realm, so we should now work with realms other than the local realm. it also means we now check the list of OIDs given by the server just in case it says that it doesn't support kerberos. In that case we should fall back to NTLMSSP but that isn't written yet. (This used to be commit 395cfeea94febb5280ea57027e8a8a3c7c3f9291)