summaryrefslogtreecommitdiff
path: root/source3/libsmb/clientgen.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r22212: Cope with signature errors on sessionsetupX loginsJeremy Allison1-0/+20
where the server just reflects our signature back to us. Allow the upper layer to see the real error. Jeremy. (This used to be commit 6cf0b93b1d8cb97dc665e14ace94a259def67724)
2007-10-10r21994: Ignore keepalives in the correct buffer (out not in :-).Jeremy Allison1-1/+1
Jeremy. (This used to be commit 9785528ddf26c4943e8bdfcf7694314a52218520)
2007-10-10r21993: Don't let keepalives interferece with sign or sealJeremy Allison1-0/+5
in the client code. Jeremy. (This used to be commit 3e901389feedadd64c6ba712ab09cdfb497a9e0a)
2007-10-10r21992: Fix keepalive processing when encryption turned on.Jeremy Allison1-6/+26
Jeremy. (This used to be commit 8f113ad1918dcd2746ec527ceb79a2a7baa1d415)
2007-10-10r21991: I hate Steve French :-). Add support for encryptionJeremy Allison1-2/+5
contexts.... Jeremy. (This used to be commit ae8f3649f773b8a8dcb55921536d038d3475322e)
2007-10-10r21990: Stop messing with the signing engine just becauseJeremy Allison1-10/+10
we're encrypted. This will make further changes and spec much more clear. Jeremy. (This used to be commit ffa3a5c508a494d22e8ee3ada424a6517ddf8923)
2007-10-10r21939: Fix missing initialization thatJeremy Allison1-1/+1
broke the build farm. Thanks to Metze for the heads up. Jeremy. (This used to be commit bb3623be3f2b0686b2b2e671e3e7bd9978f6ed9b)
2007-10-10r21922: Fixed the build by rather horrid means. I really needJeremy Allison1-27/+31
to restructure libsmb/smb_signing.c so it isn't in the base libs path but lives in libsmb instead (like smb_seal.c does). Jeremy. (This used to be commit 1b828f051d0782201f697de15ff973bd6b097d5b)
2007-10-10r21880: Make client and server calls into encryption code symetrical,Jeremy Allison1-3/+10
depending on encryption context pointer. Jeremy. (This used to be commit d3f3ced6c8a03d971143baf878158d671dfcbc3b)
2007-10-10r21865: Add in the stubs for SMB transport encryption. Will fleshJeremy Allison1-5/+31
these out as I implement. Don't add to SAMBA_3_0_25, this is experimental code. NFSv4 you're now officially on notice... :-). Jeremy. (This used to be commit 5bfe638f2172e272741997100ee5ae8ff280494d)
2007-10-10r20124: clean up nested extern declaration warningsHerb Lewis1-1/+2
(This used to be commit ac3eb7813e33b9a2e78c9158433f7ed62c3b62bb)
2007-10-10r18014: revert a possibly unnecessary changeDerrell Lipman1-1/+2
(This used to be commit 9c93abf25e391348fe3864fca0079f231b89467c)
2007-10-10r18011: Should fix bug 3835.Derrell Lipman1-3/+2
Jeremy: requires your eyes... If the remote connection timed out while cli_list() was retrieving its list of files, the error was not returned to the user, e.g. via smbc_opendir(), so the user didn't have a way to know to set the timeout longer and try again. This problem would occur when a very large directory is being read with a too-small timeout on the cli. Jeremy, although there were a couple of areas that needed to be handled, I needed to make one change that you should bless, in libsmb/clientgen.c. It was setting cli->smb_rw_error = smb_read_error; but smb_read_error is zero, so this had no effect. I'm now doing cli->smb_rw_error = READ_TIMEOUT; instead, and according to the OP, these (cumulative) changes (in a slightly different form) solve the problem. Please confirm this smb_rw_error change will have no other adverse effects that you can see. Derrell (This used to be commit fa664b24b829f973156486896575c1007b6d7b01)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-31/+9
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16458: Increase debuglevel of cli_rpc_pipe_close().Günther Deschner1-1/+1
Guenther (This used to be commit 840ac23ec007df445892d851144d6458c4e06a6b)
2007-10-10r16356: Helping derrell out. Jeremy.Jeremy Allison1-1/+1
Only set the DFS capability flag if the share is a DFS root. Fixes bug 3814. (This used to be commit 6193f1170819096ea8a646e5a456f627df83872d)
2007-10-10r13676: have to return a value from a non-void functionGerald Carter1-1/+1
(This used to be commit 70e7c9de9dee9317164c0f96a44827ae8b959254)
2007-10-10r13671: fix return value in (void)fn()Gerald Carter1-1/+1
(This used to be commit 249dba0386833803805a742aa6697cc75566f05c)
2007-10-10r13614: First part of the bugfix for #3510 - net join failsJeremy Allison1-1/+7
against server with schannel disabled. Second part will come tomorrow (fixing net_rpc_join_ok()). Jeremy. (This used to be commit 7de1ee18619bf99c5db45692e085d0646e52378f)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-2/+6
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r12225: r11729@cabra: derrell | 2005-12-13 22:59:45 -0500Derrell Lipman1-5/+7
1. Fix a crash bug which should have reared its ugly head ages ago, but for some reason, remained dormant until recently. The bug pertained to libsmbclient doing a structure assignment of a cli after having opened a pipe. The pipe open code makes a copy of the cli pointer that was passed to it. If the cli is later copied (and that cli pointer that was saved is no longer valid), the pipe code will cause a crash during shutdown or when the copied cli is closed. 2. The 'type' field in enumerated shares was not being set correctly with the new RPC-based mechanism for enumerating shares. (This used to be commit 62a02b8f2a1fcb66881a9c9636e0b27e3049c5a1)
2007-10-10r11976: (Slightly modified) Volker fix for #3293. Use SMBecho instead ofJeremy Allison1-0/+34
chkpath to keep a connection alive. Jeremy. (This used to be commit f1c88de7a28942b6aaa634551dde7a8af91f4de3)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-42/+41
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r8572: Remove crufty #define NO_SYSLOG as it's not used at all anymore.Tim Potter1-2/+0
(This used to be commit 985dbb47d925e79c1195ca219f7ab5d6648b22b8)
2007-10-10r7554: Refactor very messy code in util_sock.c Remove ↵Jeremy Allison1-0/+15
write_socket_data/read_socket_data as they do nothing that write_socket/read_socket don't do. Add a more useful error message when read_socket/write_socket error out on the main client fd for a process (ie. try and list the IP of the client that errored). Jeremy. (This used to be commit cbd7578e7c226e6a8002542141b914ed4c7a8269)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter1-16/+15
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r6225: get rid of warnings from my compiler about nested externsHerb Lewis1-1/+2
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
2007-10-10r5729: partial fixes for BUG 2308; libsmbclient patches from Derrell Lipman ↵Gerald Carter1-0/+1
<derrell.lipman@unwireduniverse.com> (This used to be commit 88678bc05c3018eb181f97523a0b84b60e3c358d)
2007-10-10r5495: * add in some code from Mike Nix <mnix@wanm.com.au> for the SMBsplopenGerald Carter1-1/+3
and SMBsplclose commands (BUG 2010) * clarify some debug messages in smbspool (also from Mike) my changes: * start adding msdfs client routines * enable smbclient to maintain multiple connections * set the CAP_DFS flag for our internal clienht routines. I actualy have a dfs referral working in do_cd() but that code is too ugly to live so I'm not checking it in just yet. Further work is to merge with vl's changes in trunk to support multiple TIDs per cli_state *. (This used to be commit 0449756309812d854037ba0af631abad678e670e)
2007-10-10r4570: Replace cli->nt_pipe_fnum with an array of NT file numbers, one for eachVolker Lendecke1-5/+11
supported pipe. Netlogon is still special, as we open that twice, one to do the auth2, the other one with schannel. The client interface is completely unchanged for those who only use a single pie. cli->pipe_idx is used as the index for everything except the "real" client rpc calls, which have been explicitly converted in my last commit. Next step is to get winbind to just use a single smb connection for multiple pipes. Volker (This used to be commit dc294c52e0216424236057ca6cd35e1ebf51d0da)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-3/+3
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r1487: Remove unused parameter for the client-side signing functions.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 6d594d5bb119b6bc3f4c7699752666ac24d04745)
2007-10-10r1154: Change default setting for case sensitivity to "auto". If set to autoJeremy Allison1-1/+18
then is the client supports it (current clients supported are Samba and CIFSVFS - detected by the negprot strings "Samba", "POSIX 2" and a bare "NT LM 0.12" string) then the setting of the per packet flag smb_flag FLAG_CASELESS_PATHNAMES is taken into account per packet. This allows the linux CIFS client to use Samba in a case sensitive manner. Additional command in smbclient "case_sensitive", toggles the flag in subsequent packets. Docs to follow. Jeremy. (This used to be commit cf84c0fe1a061acc0313f7db124b8f947cdf623d)
2007-10-10r446: Close the open NT pipes before the tdis.Volker Lendecke1-3/+3
Volker (This used to be commit ef80490baf9ce38b505b4b322051ae6e3332d662)
2007-10-10r76: Fix smbfs problem with Tree Disconnect issued before smbfs starts its work.Alexander Bokovoy1-1/+5
We use cli_state.smb_rw_error to pass this specific case into cli_close_connection() from smbmount as smb_rw_error can have only selected number of states and it is ignored in cli_close_connection(). Compiled and tested by Lars Mueller from SuSE on x86, x86_64, ppc, ppc64, s390 and s390x. (This used to be commit 738666ce0a310fae14476020fd6dac027b0e3ec5)
2004-03-27Merge from HEAD the SMB signing patch that I developed a couple of weeksAndrew Bartlett1-1/+1
ago. This patch re-adds support for 'optional' SMB signing. It also ensures that we are much more careful about when we enable signing, particularly with on-the-fly smb.conf reloads. The client code will now attempt to use smb signing by default, and disable it if the server doesn't correctly support it. Andrew Bartlett (This used to be commit e27b5cbe75d89ec839dafd52dd33101885a4c263)
2004-03-19updating release notes & merging Derrel Lipman's libsmbclient patch from HEADGerald Carter1-0/+11
(This used to be commit 5fbfaa687a3674287eeadd205f56b2b253a9e2a9)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-2/+3
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-10-21Patch from Stefan Metzmacher <metze@metzemix.de> to fix signing problemsJeremy Allison1-1/+1
when reverse connecting back to a client for printer notify. Jeremy. (This used to be commit 06aa434c3fdb139e3f3143d19413556945cbcd4f)
2003-09-04Used cachegrind to track down some bottlenecks.Jeremy Allison1-0/+3
Removed calls to clobber_region when not compiling with developer as they were hiding speed problems. Added fast path to convert_string() when dealing with ascii -> ascii, ucs2-le to ascii and ascii to ucs2-le with values <= 0x7F. This gives a speedup of 22% on my nbench tests. Next I will do this on convert_string_allocate. Jeremy. (This used to be commit ef140d15ea0d76a3e7cdcadbfd3e917c210a9411)
2003-08-13Only close anything that is not fid 0. Was very confusing in ethereal...Volker Lendecke1-1/+3
Volker (This used to be commit 9f453f27be7eeb792b57d5c60284bb5efc84b408)
2003-08-02Correct fix (removed the earlier band-aid) for what I thought was a signingJeremy Allison1-0/+4
bug with w2k. Turns out that when we're doing a trans/trans2/nttrans call the MID and send_sequence_number and reply_sequence_number must remain constant. This was something we got very wrong in earlier versions of Samba. I can now get a directory listing from WINNT\SYSTEM32 with the older earlier parameters for clilist.c This still needs to be fixed for the server side of Samba, client appears to be working happily now (I'm doing a signed smbtar download of an entire W2K3 image to test this :-). Jeremy. (This used to be commit 2093a3130d4087d0659b497eebd580e7a66e5aa3)
2003-07-30Add a command line option (-S on|off|required) to enable signing on clientJeremy Allison1-0/+21
connections. Overrides smb.conf parameter if set. Jeremy. (This used to be commit 879309671df6b530e0bff69559422a417da4a307)
2003-07-16Spelling.Tim Potter1-1/+1
(This used to be commit 2750418752e491c5e87f0f2adf253291e31ee4c2)
2003-07-15Added the "required" keyword to the "client signing" parameter to force itJeremy Allison1-0/+3
on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing to add signing on server side. Jeremy. (This used to be commit c390b3e4cd68cfc233ddf14d139e25d40f050f27)
2003-07-14Jeremy requested that I get my NTLMSSP patch into CVS. He didn't requestAndrew Bartlett1-5/+37
the schannel code, but I've included that anyway. :-) This patch revives the client-side NTLMSSP support for RPC named pipes in Samba, and cleans up the client and server schannel code. The use of the new code is enabled by the 'sign', 'seal' and 'schannel' commands in rpcclient. The aim was to prove that our separate NTLMSSP client library actually implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation, in the hope that knowing this will assist us in correctly implementing NTLMSSP signing for SMB packets. (Still not yet functional) This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with calls to libsmb/ntlmssp.c. In the process, we have gained the ability to use the more secure NT password, and the ability to sign-only, instead of having to seal the pipe connection. (Previously we were limited to sealing, and could only use the LM-password derived key). Our new client-side NTLMSSP code also needed alteration to cope with our comparatively simple server-side implementation. A future step is to replace it with calls to the same NTLMSSP library. Also included in this patch is the schannel 'sign only' patch I submitted to the team earlier. While not enabled (and not functional, at this stage) the work in this patch makes the code paths *much* easier to follow. I have also included similar hooks in rpccleint to allow the use of schannel on *any* pipe. rpcclient now defaults to not using schannel (or any other extra per-pipe authenticiation) for any connection. The 'schannel' command enables schannel for all pipes until disabled. This code is also much more secure than the previous code, as changes to our cli_pipe routines ensure that the authentication footer cannot be removed by an attacker, and more error states are correctly handled. (The same needs to be done to our server) Andrew Bartlett (This used to be commit 5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19)
2003-05-14spellingTim Potter1-1/+1
(This used to be commit 865c11275685c85124b506c9bbd2a8bde2e760b9)
2003-04-21Merge SMB signing, cli buffer clobber and NTLMSSP signing tweaks from HEAD.Andrew Bartlett1-4/+11
(This used to be commit c6c4f69b8ddc500890a65829e1b9fb7a3e9839e9)
2003-04-09This is the netlogon schannel client code. Try aVolker Lendecke1-0/+1
rpcclient -S pdc -U% -c "samlogon user password" and it should work with the schannel. Needs testing against platforms different from NT4SP6. Volker (This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8)
2003-03-18Parinoia fixes from HEAD - malloc() some extra room after the allocatedAndrew Bartlett1-2/+2
buffer size. (This used to be commit 27ec538eca0905e1f749de4c49cc2555c5932d5c)