summaryrefslogtreecommitdiff
path: root/source3/libsmb/clientgen.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r12225: r11729@cabra: derrell | 2005-12-13 22:59:45 -0500Derrell Lipman1-5/+7
1. Fix a crash bug which should have reared its ugly head ages ago, but for some reason, remained dormant until recently. The bug pertained to libsmbclient doing a structure assignment of a cli after having opened a pipe. The pipe open code makes a copy of the cli pointer that was passed to it. If the cli is later copied (and that cli pointer that was saved is no longer valid), the pipe code will cause a crash during shutdown or when the copied cli is closed. 2. The 'type' field in enumerated shares was not being set correctly with the new RPC-based mechanism for enumerating shares. (This used to be commit 62a02b8f2a1fcb66881a9c9636e0b27e3049c5a1)
2007-10-10r11976: (Slightly modified) Volker fix for #3293. Use SMBecho instead ofJeremy Allison1-0/+34
chkpath to keep a connection alive. Jeremy. (This used to be commit f1c88de7a28942b6aaa634551dde7a8af91f4de3)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-42/+41
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r8572: Remove crufty #define NO_SYSLOG as it's not used at all anymore.Tim Potter1-2/+0
(This used to be commit 985dbb47d925e79c1195ca219f7ab5d6648b22b8)
2007-10-10r7554: Refactor very messy code in util_sock.c Remove ↵Jeremy Allison1-0/+15
write_socket_data/read_socket_data as they do nothing that write_socket/read_socket don't do. Add a more useful error message when read_socket/write_socket error out on the main client fd for a process (ie. try and list the IP of the client that errored). Jeremy. (This used to be commit cbd7578e7c226e6a8002542141b914ed4c7a8269)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter1-16/+15
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r6225: get rid of warnings from my compiler about nested externsHerb Lewis1-1/+2
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
2007-10-10r5729: partial fixes for BUG 2308; libsmbclient patches from Derrell Lipman ↵Gerald Carter1-0/+1
<derrell.lipman@unwireduniverse.com> (This used to be commit 88678bc05c3018eb181f97523a0b84b60e3c358d)
2007-10-10r5495: * add in some code from Mike Nix <mnix@wanm.com.au> for the SMBsplopenGerald Carter1-1/+3
and SMBsplclose commands (BUG 2010) * clarify some debug messages in smbspool (also from Mike) my changes: * start adding msdfs client routines * enable smbclient to maintain multiple connections * set the CAP_DFS flag for our internal clienht routines. I actualy have a dfs referral working in do_cd() but that code is too ugly to live so I'm not checking it in just yet. Further work is to merge with vl's changes in trunk to support multiple TIDs per cli_state *. (This used to be commit 0449756309812d854037ba0af631abad678e670e)
2007-10-10r4570: Replace cli->nt_pipe_fnum with an array of NT file numbers, one for eachVolker Lendecke1-5/+11
supported pipe. Netlogon is still special, as we open that twice, one to do the auth2, the other one with schannel. The client interface is completely unchanged for those who only use a single pie. cli->pipe_idx is used as the index for everything except the "real" client rpc calls, which have been explicitly converted in my last commit. Next step is to get winbind to just use a single smb connection for multiple pipes. Volker (This used to be commit dc294c52e0216424236057ca6cd35e1ebf51d0da)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-3/+3
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r1487: Remove unused parameter for the client-side signing functions.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 6d594d5bb119b6bc3f4c7699752666ac24d04745)
2007-10-10r1154: Change default setting for case sensitivity to "auto". If set to autoJeremy Allison1-1/+18
then is the client supports it (current clients supported are Samba and CIFSVFS - detected by the negprot strings "Samba", "POSIX 2" and a bare "NT LM 0.12" string) then the setting of the per packet flag smb_flag FLAG_CASELESS_PATHNAMES is taken into account per packet. This allows the linux CIFS client to use Samba in a case sensitive manner. Additional command in smbclient "case_sensitive", toggles the flag in subsequent packets. Docs to follow. Jeremy. (This used to be commit cf84c0fe1a061acc0313f7db124b8f947cdf623d)
2007-10-10r446: Close the open NT pipes before the tdis.Volker Lendecke1-3/+3
Volker (This used to be commit ef80490baf9ce38b505b4b322051ae6e3332d662)
2007-10-10r76: Fix smbfs problem with Tree Disconnect issued before smbfs starts its work.Alexander Bokovoy1-1/+5
We use cli_state.smb_rw_error to pass this specific case into cli_close_connection() from smbmount as smb_rw_error can have only selected number of states and it is ignored in cli_close_connection(). Compiled and tested by Lars Mueller from SuSE on x86, x86_64, ppc, ppc64, s390 and s390x. (This used to be commit 738666ce0a310fae14476020fd6dac027b0e3ec5)
2004-03-27Merge from HEAD the SMB signing patch that I developed a couple of weeksAndrew Bartlett1-1/+1
ago. This patch re-adds support for 'optional' SMB signing. It also ensures that we are much more careful about when we enable signing, particularly with on-the-fly smb.conf reloads. The client code will now attempt to use smb signing by default, and disable it if the server doesn't correctly support it. Andrew Bartlett (This used to be commit e27b5cbe75d89ec839dafd52dd33101885a4c263)
2004-03-19updating release notes & merging Derrel Lipman's libsmbclient patch from HEADGerald Carter1-0/+11
(This used to be commit 5fbfaa687a3674287eeadd205f56b2b253a9e2a9)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-2/+3
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-10-21Patch from Stefan Metzmacher <metze@metzemix.de> to fix signing problemsJeremy Allison1-1/+1
when reverse connecting back to a client for printer notify. Jeremy. (This used to be commit 06aa434c3fdb139e3f3143d19413556945cbcd4f)
2003-09-04Used cachegrind to track down some bottlenecks.Jeremy Allison1-0/+3
Removed calls to clobber_region when not compiling with developer as they were hiding speed problems. Added fast path to convert_string() when dealing with ascii -> ascii, ucs2-le to ascii and ascii to ucs2-le with values <= 0x7F. This gives a speedup of 22% on my nbench tests. Next I will do this on convert_string_allocate. Jeremy. (This used to be commit ef140d15ea0d76a3e7cdcadbfd3e917c210a9411)
2003-08-13Only close anything that is not fid 0. Was very confusing in ethereal...Volker Lendecke1-1/+3
Volker (This used to be commit 9f453f27be7eeb792b57d5c60284bb5efc84b408)
2003-08-02Correct fix (removed the earlier band-aid) for what I thought was a signingJeremy Allison1-0/+4
bug with w2k. Turns out that when we're doing a trans/trans2/nttrans call the MID and send_sequence_number and reply_sequence_number must remain constant. This was something we got very wrong in earlier versions of Samba. I can now get a directory listing from WINNT\SYSTEM32 with the older earlier parameters for clilist.c This still needs to be fixed for the server side of Samba, client appears to be working happily now (I'm doing a signed smbtar download of an entire W2K3 image to test this :-). Jeremy. (This used to be commit 2093a3130d4087d0659b497eebd580e7a66e5aa3)
2003-07-30Add a command line option (-S on|off|required) to enable signing on clientJeremy Allison1-0/+21
connections. Overrides smb.conf parameter if set. Jeremy. (This used to be commit 879309671df6b530e0bff69559422a417da4a307)
2003-07-16Spelling.Tim Potter1-1/+1
(This used to be commit 2750418752e491c5e87f0f2adf253291e31ee4c2)
2003-07-15Added the "required" keyword to the "client signing" parameter to force itJeremy Allison1-0/+3
on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing to add signing on server side. Jeremy. (This used to be commit c390b3e4cd68cfc233ddf14d139e25d40f050f27)
2003-07-14Jeremy requested that I get my NTLMSSP patch into CVS. He didn't requestAndrew Bartlett1-5/+37
the schannel code, but I've included that anyway. :-) This patch revives the client-side NTLMSSP support for RPC named pipes in Samba, and cleans up the client and server schannel code. The use of the new code is enabled by the 'sign', 'seal' and 'schannel' commands in rpcclient. The aim was to prove that our separate NTLMSSP client library actually implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation, in the hope that knowing this will assist us in correctly implementing NTLMSSP signing for SMB packets. (Still not yet functional) This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with calls to libsmb/ntlmssp.c. In the process, we have gained the ability to use the more secure NT password, and the ability to sign-only, instead of having to seal the pipe connection. (Previously we were limited to sealing, and could only use the LM-password derived key). Our new client-side NTLMSSP code also needed alteration to cope with our comparatively simple server-side implementation. A future step is to replace it with calls to the same NTLMSSP library. Also included in this patch is the schannel 'sign only' patch I submitted to the team earlier. While not enabled (and not functional, at this stage) the work in this patch makes the code paths *much* easier to follow. I have also included similar hooks in rpccleint to allow the use of schannel on *any* pipe. rpcclient now defaults to not using schannel (or any other extra per-pipe authenticiation) for any connection. The 'schannel' command enables schannel for all pipes until disabled. This code is also much more secure than the previous code, as changes to our cli_pipe routines ensure that the authentication footer cannot be removed by an attacker, and more error states are correctly handled. (The same needs to be done to our server) Andrew Bartlett (This used to be commit 5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19)
2003-05-14spellingTim Potter1-1/+1
(This used to be commit 865c11275685c85124b506c9bbd2a8bde2e760b9)
2003-04-21Merge SMB signing, cli buffer clobber and NTLMSSP signing tweaks from HEAD.Andrew Bartlett1-4/+11
(This used to be commit c6c4f69b8ddc500890a65829e1b9fb7a3e9839e9)
2003-04-09This is the netlogon schannel client code. Try aVolker Lendecke1-0/+1
rpcclient -S pdc -U% -c "samlogon user password" and it should work with the schannel. Needs testing against platforms different from NT4SP6. Volker (This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8)
2003-03-18Parinoia fixes from HEAD - malloc() some extra room after the allocatedAndrew Bartlett1-2/+2
buffer size. (This used to be commit 27ec538eca0905e1f749de4c49cc2555c5932d5c)
2003-03-18Merge from HEAD:Andrew Bartlett1-5/+7
A much better SMB signing module, that allows for mulitple signing algorithms and correctly backs down from signing when the server cannot sign the reply. This also attempts to enable SMB signing on NTLMSSP connections, but I don't know what NTLMSSP flags to set yet. This would allow 'client use signing' to be set by default, for server compatability. (A seperate option value should be provided for mandetory signing, which would not back down). Andrew Bartlett (This used to be commit 1c87be7a3d127201a6ab78d22d17c971af16b86b)
2003-02-24Merge from HEAD client-side authentication changes:Andrew Bartlett1-6/+12
- new kerberos code, allowing the account to change it's own password without special SD settings required - NTLMSSP client code, now seperated from cliconnect.c - NTLMv2 client code - SMB signing fixes Andrew Bartlett (This used to be commit 837680ca517982f2e5944730581a83012d4181ae)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-1/+1
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison1-1/+1
named. Ensure we can query them. Jeremy. (This used to be commit 09a218a9f6fb0bd922940467bf8500eb4f1bcf84)
2002-10-15Added cli_set_timeout() call.Jeremy Allison1-0/+11
Jeremy. (This used to be commit 9225054179b6642ae8be790d35e6590aefa46dd3)
2002-10-01Cope with rw errors and timeout to peer.Jeremy Allison1-2/+3
Jeremy. (This used to be commit d8d351eb01ea7c84828dbc96224d7b13d643b558)
2002-10-01Tidy up client error processing.Jeremy Allison1-16/+15
Jeremy. (This used to be commit aea64f1c300b1ec5ec1c5d637f456f025ec12821)
2002-10-01Added error string for server timeout on client call.Jeremy Allison1-0/+2
Jeremy. (This used to be commit 28d2eb934318818a3b0527e391987ea139dbf4a3)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-55/+89
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-13/+48
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-01Another comment fix for mirmirAndrew Bartlett1-1/+1
(This used to be commit 7412890adc8f3dfddfabba545003715816e262bc)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-28Name another talloc.Andrew Bartlett1-1/+1
(This used to be commit 9d62f25f5d3c25d71d8b87801084d42ae9b66f8c)
2002-01-11Same fix as went into 2.2 (I'm waiting for jerry to finish some code).Jeremy Allison1-1/+1
Jeremy. (This used to be commit 01ff6ce4963e1daff019f2b936cef218e1c93f67)
2001-11-27prevent a memory leak of cli structuresAndrew Tridgell1-1/+7
(This used to be commit 911c57403bd116405876e73913ad73efd15f659b)
2001-11-25Add a new torture test to extract a NT->DOS error map from an NT member of aAndrew Bartlett1-0/+7
samba domain. The PDC must be running a special authenticaion module that spits out NT errors based on username. Andrew Bartlett (This used to be commit adc7a6048c13342b79b6228beafb5142c50f318d)
2001-11-21One more patch from Tom Jansen. Hope I didn't break the tree :-)Richard Sharpe1-0/+7
(This used to be commit 6d7c0f0bb4cbfdcd9a83416345432e07556f6cfc)
2001-11-14Close the socket and set the file descriptor to -1 if there was a socketTim Potter1-0/+9
error in cli_receive_smb() and cli_send_smb(). (This used to be commit bedd9c821521dad46df50e8b31e4a58bb0a9a604)
2001-11-14Removed the "reestablish" code. Tridge - scream if this was needed....Jeremy Allison1-9/+2
Jeremy. (This used to be commit e6afe40f85d7dbe79322c82dac735d901e7e71df)
2001-10-31Parionia to ensure people don't install libsmb based programs setuid root.Andrew Bartlett1-0/+6
libsmb has not been written to be setuid, with things like LIBSMB_PROG allowing all sort of fun and games. Andrew Bartlett (This used to be commit 0c8e9339d8238de92e9146d04091694b62874c33)