samba - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author	Files	Lines
2007-10-10	r1154: Change default setting for case sensitivity to "auto". If set to auto	Jeremy Allison	1	-1/+18
	then is the client supports it (current clients supported are Samba and CIFSVFS - detected by the negprot strings "Samba", "POSIX 2" and a bare "NT LM 0.12" string) then the setting of the per packet flag smb_flag FLAG_CASELESS_PATHNAMES is taken into account per packet. This allows the linux CIFS client to use Samba in a case sensitive manner. Additional command in smbclient "case_sensitive", toggles the flag in subsequent packets. Docs to follow. Jeremy. (This used to be commit cf84c0fe1a061acc0313f7db124b8f947cdf623d)
2007-10-10	r446: Close the open NT pipes before the tdis.	Volker Lendecke	1	-3/+3
	Volker (This used to be commit ef80490baf9ce38b505b4b322051ae6e3332d662)
2007-10-10	r76: Fix smbfs problem with Tree Disconnect issued before smbfs starts its work.	Alexander Bokovoy	1	-1/+5
	We use cli_state.smb_rw_error to pass this specific case into cli_close_connection() from smbmount as smb_rw_error can have only selected number of states and it is ignored in cli_close_connection(). Compiled and tested by Lars Mueller from SuSE on x86, x86_64, ppc, ppc64, s390 and s390x. (This used to be commit 738666ce0a310fae14476020fd6dac027b0e3ec5)
2004-03-27	Merge from HEAD the SMB signing patch that I developed a couple of weeks	Andrew Bartlett	1	-1/+1
	ago. This patch re-adds support for 'optional' SMB signing. It also ensures that we are much more careful about when we enable signing, particularly with on-the-fly smb.conf reloads. The client code will now attempt to use smb signing by default, and disable it if the server doesn't correctly support it. Andrew Bartlett (This used to be commit e27b5cbe75d89ec839dafd52dd33101885a4c263)
2004-03-19	updating release notes & merging Derrel Lipman's libsmbclient patch from HEAD	Gerald Carter	1	-0/+11
	(This used to be commit 5fbfaa687a3674287eeadd205f56b2b253a9e2a9)
2003-11-22	Changes all over the shop, but all towards:	Andrew Bartlett	1	-2/+3
	- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-10-21	Patch from Stefan Metzmacher <metze@metzemix.de> to fix signing problems	Jeremy Allison	1	-1/+1
	when reverse connecting back to a client for printer notify. Jeremy. (This used to be commit 06aa434c3fdb139e3f3143d19413556945cbcd4f)
2003-09-04	Used cachegrind to track down some bottlenecks.	Jeremy Allison	1	-0/+3
	Removed calls to clobber_region when not compiling with developer as they were hiding speed problems. Added fast path to convert_string() when dealing with ascii -> ascii, ucs2-le to ascii and ascii to ucs2-le with values <= 0x7F. This gives a speedup of 22% on my nbench tests. Next I will do this on convert_string_allocate. Jeremy. (This used to be commit ef140d15ea0d76a3e7cdcadbfd3e917c210a9411)
2003-08-13	Only close anything that is not fid 0. Was very confusing in ethereal...	Volker Lendecke	1	-1/+3
	Volker (This used to be commit 9f453f27be7eeb792b57d5c60284bb5efc84b408)
2003-08-02	Correct fix (removed the earlier band-aid) for what I thought was a signing	Jeremy Allison	1	-0/+4
	bug with w2k. Turns out that when we're doing a trans/trans2/nttrans call the MID and send_sequence_number and reply_sequence_number must remain constant. This was something we got very wrong in earlier versions of Samba. I can now get a directory listing from WINNT\SYSTEM32 with the older earlier parameters for clilist.c This still needs to be fixed for the server side of Samba, client appears to be working happily now (I'm doing a signed smbtar download of an entire W2K3 image to test this :-). Jeremy. (This used to be commit 2093a3130d4087d0659b497eebd580e7a66e5aa3)
2003-07-30	Add a command line option (-S on\|off\|required) to enable signing on client	Jeremy Allison	1	-0/+21
	connections. Overrides smb.conf parameter if set. Jeremy. (This used to be commit 879309671df6b530e0bff69559422a417da4a307)
2003-07-16	Spelling.	Tim Potter	1	-1/+1
	(This used to be commit 2750418752e491c5e87f0f2adf253291e31ee4c2)
2003-07-15	Added the "required" keyword to the "client signing" parameter to force it	Jeremy Allison	1	-0/+3
	on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing to add signing on server side. Jeremy. (This used to be commit c390b3e4cd68cfc233ddf14d139e25d40f050f27)
2003-07-14	Jeremy requested that I get my NTLMSSP patch into CVS. He didn't request	Andrew Bartlett	1	-5/+37
	the schannel code, but I've included that anyway. :-) This patch revives the client-side NTLMSSP support for RPC named pipes in Samba, and cleans up the client and server schannel code. The use of the new code is enabled by the 'sign', 'seal' and 'schannel' commands in rpcclient. The aim was to prove that our separate NTLMSSP client library actually implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation, in the hope that knowing this will assist us in correctly implementing NTLMSSP signing for SMB packets. (Still not yet functional) This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with calls to libsmb/ntlmssp.c. In the process, we have gained the ability to use the more secure NT password, and the ability to sign-only, instead of having to seal the pipe connection. (Previously we were limited to sealing, and could only use the LM-password derived key). Our new client-side NTLMSSP code also needed alteration to cope with our comparatively simple server-side implementation. A future step is to replace it with calls to the same NTLMSSP library. Also included in this patch is the schannel 'sign only' patch I submitted to the team earlier. While not enabled (and not functional, at this stage) the work in this patch makes the code paths much easier to follow. I have also included similar hooks in rpccleint to allow the use of schannel on any pipe. rpcclient now defaults to not using schannel (or any other extra per-pipe authenticiation) for any connection. The 'schannel' command enables schannel for all pipes until disabled. This code is also much more secure than the previous code, as changes to our cli_pipe routines ensure that the authentication footer cannot be removed by an attacker, and more error states are correctly handled. (The same needs to be done to our server) Andrew Bartlett (This used to be commit 5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19)
2003-05-14	spelling	Tim Potter	1	-1/+1
	(This used to be commit 865c11275685c85124b506c9bbd2a8bde2e760b9)
2003-04-21	Merge SMB signing, cli buffer clobber and NTLMSSP signing tweaks from HEAD.	Andrew Bartlett	1	-4/+11
	(This used to be commit c6c4f69b8ddc500890a65829e1b9fb7a3e9839e9)
2003-04-09	This is the netlogon schannel client code. Try a	Volker Lendecke	1	-0/+1
	rpcclient -S pdc -U% -c "samlogon user password" and it should work with the schannel. Needs testing against platforms different from NT4SP6. Volker (This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8)
2003-03-18	Parinoia fixes from HEAD - malloc() some extra room after the allocated	Andrew Bartlett	1	-2/+2
	buffer size. (This used to be commit 27ec538eca0905e1f749de4c49cc2555c5932d5c)
2003-03-18	Merge from HEAD:	Andrew Bartlett	1	-5/+7
	A much better SMB signing module, that allows for mulitple signing algorithms and correctly backs down from signing when the server cannot sign the reply. This also attempts to enable SMB signing on NTLMSSP connections, but I don't know what NTLMSSP flags to set yet. This would allow 'client use signing' to be set by default, for server compatability. (A seperate option value should be provided for mandetory signing, which would not back down). Andrew Bartlett (This used to be commit 1c87be7a3d127201a6ab78d22d17c971af16b86b)
2003-02-24	Merge from HEAD client-side authentication changes:	Andrew Bartlett	1	-6/+12
	- new kerberos code, allowing the account to change it's own password without special SD settings required - NTLMSSP client code, now seperated from cliconnect.c - NTLMv2 client code - SMB signing fixes Andrew Bartlett (This used to be commit 837680ca517982f2e5944730581a83012d4181ae)
2003-01-03	Merge from HEAD - make Samba compile with -Wwrite-strings without additional	Andrew Bartlett	1	-1/+1
	warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-12-20	Forward port the change to talloc_init() to make all talloc contexts	Jeremy Allison	1	-1/+1
	named. Ensure we can query them. Jeremy. (This used to be commit 09a218a9f6fb0bd922940467bf8500eb4f1bcf84)
2002-10-15	Added cli_set_timeout() call.	Jeremy Allison	1	-0/+11
	Jeremy. (This used to be commit 9225054179b6642ae8be790d35e6590aefa46dd3)
2002-10-01	Cope with rw errors and timeout to peer.	Jeremy Allison	1	-2/+3
	Jeremy. (This used to be commit d8d351eb01ea7c84828dbc96224d7b13d643b558)
2002-10-01	Tidy up client error processing.	Jeremy Allison	1	-16/+15
	Jeremy. (This used to be commit aea64f1c300b1ec5ec1c5d637f456f025ec12821)
2002-10-01	Added error string for server timeout on client call.	Jeremy Allison	1	-0/+2
	Jeremy. (This used to be commit 28d2eb934318818a3b0527e391987ea139dbf4a3)
2002-09-25	sync'ing up for 3.0alpha20 release	Gerald Carter	1	-55/+89
	(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-07-15	updated the 3.0 branch from the head branch - ready for alpha18	Andrew Tridgell	1	-13/+48
	(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-01	Another comment fix for mirmir	Andrew Bartlett	1	-1/+1
	(This used to be commit 7412890adc8f3dfddfabba545003715816e262bc)
2002-01-30	Removed version number from file header.	Tim Potter	1	-2/+1
	Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-28	Name another talloc.	Andrew Bartlett	1	-1/+1
	(This used to be commit 9d62f25f5d3c25d71d8b87801084d42ae9b66f8c)
2002-01-11	Same fix as went into 2.2 (I'm waiting for jerry to finish some code).	Jeremy Allison	1	-1/+1
	Jeremy. (This used to be commit 01ff6ce4963e1daff019f2b936cef218e1c93f67)
2001-11-27	prevent a memory leak of cli structures	Andrew Tridgell	1	-1/+7
	(This used to be commit 911c57403bd116405876e73913ad73efd15f659b)
2001-11-25	Add a new torture test to extract a NT->DOS error map from an NT member of a	Andrew Bartlett	1	-0/+7
	samba domain. The PDC must be running a special authenticaion module that spits out NT errors based on username. Andrew Bartlett (This used to be commit adc7a6048c13342b79b6228beafb5142c50f318d)
2001-11-21	One more patch from Tom Jansen. Hope I didn't break the tree :-)	Richard Sharpe	1	-0/+7
	(This used to be commit 6d7c0f0bb4cbfdcd9a83416345432e07556f6cfc)
2001-11-14	Close the socket and set the file descriptor to -1 if there was a socket	Tim Potter	1	-0/+9
	error in cli_receive_smb() and cli_send_smb(). (This used to be commit bedd9c821521dad46df50e8b31e4a58bb0a9a604)
2001-11-14	Removed the "reestablish" code. Tridge - scream if this was needed....	Jeremy Allison	1	-9/+2
	Jeremy. (This used to be commit e6afe40f85d7dbe79322c82dac735d901e7e71df)
2001-10-31	Parionia to ensure people don't install libsmb based programs setuid root.	Andrew Bartlett	1	-0/+6
	libsmb has not been written to be setuid, with things like LIBSMB_PROG allowing all sort of fun and games. Andrew Bartlett (This used to be commit 0c8e9339d8238de92e9146d04091694b62874c33)
2001-10-22	a quick fix to get rpcclient working again. This just disables	Andrew Tridgell	1	-1/+4
	NTLMSSP in cli_establish_connection() What we really need to do is kill off the pwd_cache code. It is horrible, and assumes the challenge comes in the negprot reply. (This used to be commit 3f919b4360b3bfcc133f7d88bc5177e9d93f2db2)
2001-10-17	added basic NTLMSSP support in smbd. This is still quite rough, and	Andrew Tridgell	1	-1/+1
	loses things like username mapping. I wanted to get this in then discuss it a bit to see how we want to split up the existing session setup code (This used to be commit b74fda69bf23207c26d8b2af23910d8f2eb89875)
2001-10-12	added NTLMSSP authentication to libsmb. It seems to work well so I have ↵	Andrew Tridgell	1	-4/+1
	enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM (This used to be commit 076aa97bee54d182288d9e93ae160ae22a5f7757)
2001-10-11	initial kerberos/ADS/SPNEGO support in libsmb and smbclient. To	Andrew Tridgell	1	-3/+9
	activate you need to: - install krb5 libraries - run configure - build smbclient - run kinit to get a TGT - run smbclient with the -k option to choose kerberos auth (This used to be commit d33057585644e1337bac743e25ed7653bfb39eef)
2001-10-02	Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.	Tim Potter	1	-4/+0
	(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-17	move to SAFE_FREE()	Simo Sorce	1	-11/+5
	(This used to be commit 48fc6a6cd52e01b287030fbbf0aa08a6814c5e11)
2001-08-27	converted smbd to use NTSTATUS by default	Andrew Tridgell	1	-0/+3
	major changes include: - added NSTATUS type - added automatic mapping between dos and nt error codes - changed all ERROR() calls to ERROR_DOS() and many to ERROR_NT() these calls auto-translate to the client error code system - got rid of the cached error code and the writebmpx code We eventually will need to also: - get rid of BOOL, so we don't lose error info - replace all ERROR_DOS() calls with ERROR_NT() calls but that is too much for one night (This used to be commit 83d9896c1ea8be796192b51a4678c2a3b87f7518)
2001-08-24	fixed handling of 139/445 in clients	Andrew Tridgell	1	-4/+2
	(This used to be commit 22b372f8a7996a19bebb8cdb411df999cffa32a4)
2001-08-10	A rewrite of the error handling in the libsmb client code. I've separated	Tim Potter	1	-1/+0
	out the error handling into a bunch of separate functions rather than all being handled in one big function. Fetch error codes from the last received packet: void cli_dos_error(struct cli_state cli, uint8 eclass, uint32 num); uint32 cli_nt_error(struct cli_state ); Convert errors to UNIX errno values: int cli_errno_from_dos(uint8 eclass, uint32 num); int cli_errno_from_nt(uint32 status); int cli_errno(struct cli_state cli); Detect different kinds of errors: BOOL cli_is_dos_error(struct cli_state cli); BOOL cli_is_nt_error(struct cli_state cli); BOOL cli_is_error(struct cli_state cli); This also means we now support CAP_STATUS32 as we can decode and understand NT errors instead of just DOS errors. Yay! Ported a whole bunch of files in libsmb to use this new API instead of the just the DOS error. (This used to be commit 6dbdb0d813f3c7ab20b38baa1223b0b479aadec9)
2001-08-06	Fixed another possible memleak in cli_initialise()	Tim Potter	1	-0/+6
	(This used to be commit 4c9f010a1eef81addfea0315bef81570bc604f8a)
2001-08-06	Cleaned up error handling in cli_initialise() to fix a memleak found by	Tim Potter	1	-10/+14
	Claudia Moroder <claudiamoroder@st-ulrich.suedtirol.net> (This used to be commit b5373f4b59cfe1cffe915e5d4eb29ed83fe99ba6)
2001-06-18	added a oplock break handler hook to the client code, this allows for more ↵	Andrew Tridgell	1	-47/+7
	complete testing of oplocks from smbtorture and would also be essential if a client app ever really did want to use oplocks properly (This used to be commit 3d4a3bfacd9ef225aeaab801e5a216d12814b60a)