summaryrefslogtreecommitdiff
path: root/source3/libsmb/clientgen.c
AgeCommit message (Collapse)AuthorFilesLines
2003-07-15Added the "required" keyword to the "client signing" parameter to force itJeremy Allison1-0/+3
on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing to add signing on server side. Jeremy. (This used to be commit c390b3e4cd68cfc233ddf14d139e25d40f050f27)
2003-07-14Jeremy requested that I get my NTLMSSP patch into CVS. He didn't requestAndrew Bartlett1-5/+37
the schannel code, but I've included that anyway. :-) This patch revives the client-side NTLMSSP support for RPC named pipes in Samba, and cleans up the client and server schannel code. The use of the new code is enabled by the 'sign', 'seal' and 'schannel' commands in rpcclient. The aim was to prove that our separate NTLMSSP client library actually implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation, in the hope that knowing this will assist us in correctly implementing NTLMSSP signing for SMB packets. (Still not yet functional) This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with calls to libsmb/ntlmssp.c. In the process, we have gained the ability to use the more secure NT password, and the ability to sign-only, instead of having to seal the pipe connection. (Previously we were limited to sealing, and could only use the LM-password derived key). Our new client-side NTLMSSP code also needed alteration to cope with our comparatively simple server-side implementation. A future step is to replace it with calls to the same NTLMSSP library. Also included in this patch is the schannel 'sign only' patch I submitted to the team earlier. While not enabled (and not functional, at this stage) the work in this patch makes the code paths *much* easier to follow. I have also included similar hooks in rpccleint to allow the use of schannel on *any* pipe. rpcclient now defaults to not using schannel (or any other extra per-pipe authenticiation) for any connection. The 'schannel' command enables schannel for all pipes until disabled. This code is also much more secure than the previous code, as changes to our cli_pipe routines ensure that the authentication footer cannot be removed by an attacker, and more error states are correctly handled. (The same needs to be done to our server) Andrew Bartlett (This used to be commit 5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19)
2003-05-14spellingTim Potter1-1/+1
(This used to be commit 865c11275685c85124b506c9bbd2a8bde2e760b9)
2003-04-21Merge SMB signing, cli buffer clobber and NTLMSSP signing tweaks from HEAD.Andrew Bartlett1-4/+11
(This used to be commit c6c4f69b8ddc500890a65829e1b9fb7a3e9839e9)
2003-04-09This is the netlogon schannel client code. Try aVolker Lendecke1-0/+1
rpcclient -S pdc -U% -c "samlogon user password" and it should work with the schannel. Needs testing against platforms different from NT4SP6. Volker (This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8)
2003-03-18Parinoia fixes from HEAD - malloc() some extra room after the allocatedAndrew Bartlett1-2/+2
buffer size. (This used to be commit 27ec538eca0905e1f749de4c49cc2555c5932d5c)
2003-03-18Merge from HEAD:Andrew Bartlett1-5/+7
A much better SMB signing module, that allows for mulitple signing algorithms and correctly backs down from signing when the server cannot sign the reply. This also attempts to enable SMB signing on NTLMSSP connections, but I don't know what NTLMSSP flags to set yet. This would allow 'client use signing' to be set by default, for server compatability. (A seperate option value should be provided for mandetory signing, which would not back down). Andrew Bartlett (This used to be commit 1c87be7a3d127201a6ab78d22d17c971af16b86b)
2003-02-24Merge from HEAD client-side authentication changes:Andrew Bartlett1-6/+12
- new kerberos code, allowing the account to change it's own password without special SD settings required - NTLMSSP client code, now seperated from cliconnect.c - NTLMv2 client code - SMB signing fixes Andrew Bartlett (This used to be commit 837680ca517982f2e5944730581a83012d4181ae)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-1/+1
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison1-1/+1
named. Ensure we can query them. Jeremy. (This used to be commit 09a218a9f6fb0bd922940467bf8500eb4f1bcf84)
2002-10-15Added cli_set_timeout() call.Jeremy Allison1-0/+11
Jeremy. (This used to be commit 9225054179b6642ae8be790d35e6590aefa46dd3)
2002-10-01Cope with rw errors and timeout to peer.Jeremy Allison1-2/+3
Jeremy. (This used to be commit d8d351eb01ea7c84828dbc96224d7b13d643b558)
2002-10-01Tidy up client error processing.Jeremy Allison1-16/+15
Jeremy. (This used to be commit aea64f1c300b1ec5ec1c5d637f456f025ec12821)
2002-10-01Added error string for server timeout on client call.Jeremy Allison1-0/+2
Jeremy. (This used to be commit 28d2eb934318818a3b0527e391987ea139dbf4a3)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-55/+89
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-13/+48
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-01Another comment fix for mirmirAndrew Bartlett1-1/+1
(This used to be commit 7412890adc8f3dfddfabba545003715816e262bc)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-28Name another talloc.Andrew Bartlett1-1/+1
(This used to be commit 9d62f25f5d3c25d71d8b87801084d42ae9b66f8c)
2002-01-11Same fix as went into 2.2 (I'm waiting for jerry to finish some code).Jeremy Allison1-1/+1
Jeremy. (This used to be commit 01ff6ce4963e1daff019f2b936cef218e1c93f67)
2001-11-27prevent a memory leak of cli structuresAndrew Tridgell1-1/+7
(This used to be commit 911c57403bd116405876e73913ad73efd15f659b)
2001-11-25Add a new torture test to extract a NT->DOS error map from an NT member of aAndrew Bartlett1-0/+7
samba domain. The PDC must be running a special authenticaion module that spits out NT errors based on username. Andrew Bartlett (This used to be commit adc7a6048c13342b79b6228beafb5142c50f318d)
2001-11-21One more patch from Tom Jansen. Hope I didn't break the tree :-)Richard Sharpe1-0/+7
(This used to be commit 6d7c0f0bb4cbfdcd9a83416345432e07556f6cfc)
2001-11-14Close the socket and set the file descriptor to -1 if there was a socketTim Potter1-0/+9
error in cli_receive_smb() and cli_send_smb(). (This used to be commit bedd9c821521dad46df50e8b31e4a58bb0a9a604)
2001-11-14Removed the "reestablish" code. Tridge - scream if this was needed....Jeremy Allison1-9/+2
Jeremy. (This used to be commit e6afe40f85d7dbe79322c82dac735d901e7e71df)
2001-10-31Parionia to ensure people don't install libsmb based programs setuid root.Andrew Bartlett1-0/+6
libsmb has not been written to be setuid, with things like LIBSMB_PROG allowing all sort of fun and games. Andrew Bartlett (This used to be commit 0c8e9339d8238de92e9146d04091694b62874c33)
2001-10-22a quick fix to get rpcclient working again. This just disablesAndrew Tridgell1-1/+4
NTLMSSP in cli_establish_connection() What we really need to do is kill off the pwd_cache code. It is horrible, and assumes the challenge comes in the negprot reply. (This used to be commit 3f919b4360b3bfcc133f7d88bc5177e9d93f2db2)
2001-10-17added basic NTLMSSP support in smbd. This is still quite rough, andAndrew Tridgell1-1/+1
loses things like username mapping. I wanted to get this in then discuss it a bit to see how we want to split up the existing session setup code (This used to be commit b74fda69bf23207c26d8b2af23910d8f2eb89875)
2001-10-12added NTLMSSP authentication to libsmb. It seems to work well so I have ↵Andrew Tridgell1-4/+1
enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM (This used to be commit 076aa97bee54d182288d9e93ae160ae22a5f7757)
2001-10-11initial kerberos/ADS/SPNEGO support in libsmb and smbclient. ToAndrew Tridgell1-3/+9
activate you need to: - install krb5 libraries - run configure - build smbclient - run kinit to get a TGT - run smbclient with the -k option to choose kerberos auth (This used to be commit d33057585644e1337bac743e25ed7653bfb39eef)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-4/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-17move to SAFE_FREE()Simo Sorce1-11/+5
(This used to be commit 48fc6a6cd52e01b287030fbbf0aa08a6814c5e11)
2001-08-27converted smbd to use NTSTATUS by defaultAndrew Tridgell1-0/+3
major changes include: - added NSTATUS type - added automatic mapping between dos and nt error codes - changed all ERROR() calls to ERROR_DOS() and many to ERROR_NT() these calls auto-translate to the client error code system - got rid of the cached error code and the writebmpx code We eventually will need to also: - get rid of BOOL, so we don't lose error info - replace all ERROR_DOS() calls with ERROR_NT() calls but that is too much for one night (This used to be commit 83d9896c1ea8be796192b51a4678c2a3b87f7518)
2001-08-24fixed handling of 139/445 in clientsAndrew Tridgell1-4/+2
(This used to be commit 22b372f8a7996a19bebb8cdb411df999cffa32a4)
2001-08-10A rewrite of the error handling in the libsmb client code. I've separatedTim Potter1-1/+0
out the error handling into a bunch of separate functions rather than all being handled in one big function. Fetch error codes from the last received packet: void cli_dos_error(struct cli_state *cli, uint8 *eclass, uint32 *num); uint32 cli_nt_error(struct cli_state *); Convert errors to UNIX errno values: int cli_errno_from_dos(uint8 eclass, uint32 num); int cli_errno_from_nt(uint32 status); int cli_errno(struct cli_state *cli); Detect different kinds of errors: BOOL cli_is_dos_error(struct cli_state *cli); BOOL cli_is_nt_error(struct cli_state *cli); BOOL cli_is_error(struct cli_state *cli); This also means we now support CAP_STATUS32 as we can decode and understand NT errors instead of just DOS errors. Yay! Ported a whole bunch of files in libsmb to use this new API instead of the just the DOS error. (This used to be commit 6dbdb0d813f3c7ab20b38baa1223b0b479aadec9)
2001-08-06Fixed another possible memleak in cli_initialise()Tim Potter1-0/+6
(This used to be commit 4c9f010a1eef81addfea0315bef81570bc604f8a)
2001-08-06Cleaned up error handling in cli_initialise() to fix a memleak found byTim Potter1-10/+14
Claudia Moroder <claudiamoroder@st-ulrich.suedtirol.net> (This used to be commit b5373f4b59cfe1cffe915e5d4eb29ed83fe99ba6)
2001-06-18added a oplock break handler hook to the client code, this allows for more ↵Andrew Tridgell1-47/+7
complete testing of oplocks from smbtorture and would also be essential if a client app ever really did want to use oplocks properly (This used to be commit 3d4a3bfacd9ef225aeaab801e5a216d12814b60a)
2001-05-04Zero fnum when initialising a cli_state.Tim Potter1-0/+2
(This used to be commit 5a387f59c441d355fe4535eae5c2c924ae9dd451)
2001-02-21the unicode conversion of our client code is complete enough to beAndrew Tridgell1-12/+1
enabled by default you can disable it by setting the environment variable CLI_FORCE_ASCII (This used to be commit 4d59c08c5e6f54c0d6ced7650750cb987e77b6c9)
2001-02-20- neater setting of bccAndrew Tridgell1-0/+7
- converted cli_rename and cli_unlink (This used to be commit 0a8992e224b7a3d90d45b13d73fa8a6f155efa79)
2001-02-20initial client side unicode support (needed for netapp filer)Andrew Tridgell1-1/+17
I've currently got this code disabled by default as it is incomplete. You enable it by setting a USE_UNICODE environment variable. Once the support is complete this check will be removed and the CAP_UNICODE capability bit will be the sole determination of whether the client library code uses unicode right now I have converted session_setup and tconx. I will do more fns over the next few days. see clistr.c for the new client side string interface. Luckily it tends to make the code smaller and neater while adding unicode support. (This used to be commit e1a04e621f1c28d8e6e543d43741ca0272e2237f)
2000-12-15Fixed memory leaks in lsa_XX calls. Fixed memory leaks in smbcacls. MergedJeremy Allison1-2/+2
in fixes from appliance-head and 2.2. Fixed multiple connection.tdb open problem. Jeremy. (This used to be commit 0a40bc83e14c69a09948ec09bb6fc5026c4f4c14)
2000-11-16Ok - fixed a bug in our levelII oplock code. We need to break a level II onJeremy Allison1-1/+10
a byte range lock (write lock only, but Win2k breaks on read lock also so I do the same) - if you think about why, this is obvious. Also fixed our client code to do level II oplocks, if requested, and fixed the code where we would assume the client wanted level II if it advertised itself as being level II capable - it may not want that. Jeremy. (This used to be commit 213cd0b5192307cd4b0026cae94b2f52fb1b0c02)
2000-07-27Ok - this is a *BIG* change - but it fixes the problems with static stringsJeremy Allison1-0/+10
in the RPC code. This change was prompted by trying to save a long (>256) character comment in the printer properties page. The new system associates a TALLOC_CTX with the pipe struct, and frees the pool on return of a complete PDU. A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx code, and is freed in the main loop. This code works with insure, and seems to be free of memory leaks and crashes (so far) but there are probably the occasional problem with code that uses UNISTRxx structs on the stack and expects them to contain storage without doing a init_unistrXX(). This means that rpcclient will probably be horribly broken. A TALLOC_CTX also needed associating with the struct cli_state also, to make the prs_xx code there work. The main interface change is the addition of a TALLOC_CTX to the prs_init calls - used for dynamic allocation in the prs_XXX calls. Now this is in place it should make dynamic allocation of all RPC memory on unmarshall *much* easier to fix. Jeremy. (This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4)
2000-07-03first pass at merging rpcclient from TNG to HEAD. You can get aGerald Carter1-0/+17
semi-connection and a rpcclient prompt, but no functionality there yet. Will be a few more days on that. These files changed only with the addition of some support functions from TNG --jerry (This used to be commit a04ea15f723e559db3c60bed03318cc7be851f69)
2000-05-02Added sys_fork() and sys_getpid() functions to stop the overheadJeremy Allison1-1/+1
of doing a system call every time we want to just get our pid. Jeremy. (This used to be commit 148628b616b5c29ba6340d65fc3ddbcabba6e67a)
2000-04-25split clientgen.c into several partsAndrew Tridgell1-3061/+3
the next step is splitting out the auth code, to make adding lukes NTLMSSP support easier (This used to be commit 10c5470835b43116ed48b3137c3b9cc867a20989)
2000-04-11finally got sick of the "extern int Client" code and the stupidAndrew Tridgell1-7/+16
assumption that we have one socket everywhere while doing so I discovered a few bugs! 1) the clientgen session retarget code if used from smbd or nmbd would cause a crash as it called close_sockets() which closed our main socket! fixed by removing close_sockets() completely - it is unnecessary 2) the caching in client_addr() and client_name() was bogus - it could easily get fooled and give the wrong result. fixed. 3) the retarget could could recurse, allowing an easy denial of service attack on nmbd. fixed. (This used to be commit 5937ab14d222696e40a3fc6f0e6a536f2d7305d3)
2000-03-20Fix from christoph.pfisterer@rwg.de for large directory listing to OS/2Jeremy Allison1-2/+2
server. Jeremy. (This used to be commit ce1c36541255b51ae429e530c0ebf016009ab84e)