summaryrefslogtreecommitdiff
path: root/source3/libsmb
AgeCommit message (Collapse)AuthorFilesLines
2002-09-18Fixed compiler error when HAVE_KRB5 not defined.Tim Potter1-1/+1
(This used to be commit 66c2e25079b348188abd48868300771b1e49fff3)
2002-09-17Add clock skew handling to our kerberos code. This allows us to cope withAndrew Tridgell3-4/+16
the DC being out of sync with the local machine. (This used to be commit 0d28d769472ea3b98ae4c8757093dfd4499f6dd1)
2002-09-11Merge the cli_shutdown change from 2_2. All except one call toVolker Lendecke1-2/+0
attempt_netbios_... assumed that cli_shutdown was _not_ called on error anyway... Volker (This used to be commit f0c741594f0dad2da16b1d5692dd56a48b4157f1)
2002-09-10Added final Steve French patch for "required" attributes with oldJeremy Allison1-25/+23
dir listings. Added regression test in smbtorture (in HEAD) also. Jeremy. (This used to be commit 3c9d24d7c3bad2beb641880a97f0eda5cd3e4ec7)
2002-09-09Merged Volkers (correct) fix from 2.2 for crash on unable to connect.Jeremy Allison1-4/+6
Jeremy. (This used to be commit 05e2aba52f9b027bbab7c65cc02fd5c83d3c61aa)
2002-09-04don't use ENCTYPE_ARCFOUR_HMAC unless the kerberos lib supports itAndrew Tridgell1-5/+4
(This used to be commit 13dc9e37d2422c45ac5005dce26b349f88dbe505)
2002-09-03Fix the struct_blob.Richard Sharpe2-5/+9
(This used to be commit ce152b33c8b08905ea863d47a620c90ca47c8566)
2002-09-03Fix crashbug discovered by "Kim R. Pedersen" <krp@filanet.dk> whereJeremy Allison1-1/+7
cli struct was being deallocated in a called function. Jeremy. (This used to be commit e33e9defa657aa54594bb0c27f9be2f7b12aab1b)
2002-09-03Formatting tidyup and additon of cli_close_connection() before bugfix.Jeremy Allison2-118/+101
Jeremy. (This used to be commit 3b71529c694b5b1093d99b7ef80835e72b1f8436)
2002-09-03Fix the client side NTLMSSP. It now works between smbclient and smbd!Richard Sharpe2-4/+52
However, it does not work with Win2K over 445 with raw NTLMSSP! (This used to be commit 53e4975337be2cab3ee89f2f62e5659855365b73)
2002-09-03Parse the NTLMSSP Challenge in cliconnect.c.Richard Sharpe1-2/+28
This gets us closer ... Should have the challenge now. Need to check that it works. (This used to be commit 5784835db95baf62362d35d3beab5d534cc776e9)
2002-09-03Make sure that an NTLMSSP negotiate blob has the correct stuff in it!Richard Sharpe1-2/+3
(This used to be commit b28267f52c0a5c175b067d7c2d10eca83c20e640)
2002-09-03Add type A to the small MSRPC generator ...Richard Sharpe1-0/+2
(This used to be commit 7f8fd5f270af74dcb3fd18af74233f7db4d8f9a7)
2002-09-03The session key in NTLMSSP AUTH blobs is actually an empty string.Richard Sharpe1-1/+1
Also, the negotiate blob has two ASCI strings encoded in the same way that the UNICODE strings are, they are just in ASCII. The PARSER and Generator will have to deal with that. (This used to be commit aaa7a681ce4ee52edb23c73a53aeabb07fd5b7d8)
2002-08-31Add a dash of static.Andrew Bartlett2-3/+3
(This used to be commit e3af3adac1a01842bc5242e68393196497a1d71c)
2002-08-31Add a bit of 'const' and move a lot of our 'repeditive' DEBUG() statements toAndrew Bartlett1-16/+18
'DEBUGADD', so we don't repeat headers. (Makes them much easier to read). (Based on patch by kai) Andrew Bartlett (This used to be commit 9deada345c5f89f338530c4de62835cc1eeb3d0e)
2002-08-30added cli_net_auth_3 client code.Jean-François Micouleau1-1/+3
changed cli_nt_setup_creds() to call cli_net_auth_2 or cli_net_auth_3 based on a switch. pass also the negociation flags all the way. all the places calling cli_nt_setup_creds() are still using cli_net_aut2(), it's just for future use and for rpcclient. in the future we will be able to call auth_2 or auth_3 as we want. J.F. (This used to be commit 4d38caca40f98d0584fefb9d66424a3db5b5789e)
2002-08-30convert the LDAP/SASL code to use GSS-SPNEGO if possibleAndrew Tridgell3-8/+17
we now do this: - look for suported SASL mechanisms on the LDAP server - choose GSS-SPNEGO if possible - within GSS-SPNEGO choose KRB5 if we can do a kinit - otherwise use NTLMSSP This change also means that we no longer rely on having a gssapi library to do ADS. todo: - add TLS/SSL support over LDAP - change to using LDAP/SSL for password change in ADS (This used to be commit b04e91f660d3b26d23044075d4a7e707eb41462d)
2002-08-28Sync up namecache code with HEAD and APPLIANCE_HEAD. Rerun unit tests.Tim Potter1-16/+24
(This used to be commit 41c2e7b162224a524a1bf4da012f383f2a6032d0)
2002-08-27merge from SAMBA_2_2Gerald Carter1-1/+1
(This used to be commit b58ddacf73589870252eea52da68841e7294672d)
2002-08-26Some fixes for SMB signing. I can now get Win2k to correctly respond with aAndrew Bartlett1-3/+14
security signiture, but I can't get it to accept ours. Andrew Bartlett (This used to be commit 7746de6a3c5798e321ed8300f763588fa3807964)
2002-08-26Updates!Andrew Bartlett4-43/+100
- Don't print an uninitialised buffer in service.c - Change some charcnv.c functions to take smb_ucs2_t ** instead of void ** - Update NTLMv2 code to use dynamic buffers - Update experimental SMB signing code - still more work to do - Move sys_getgrouplist() to SAFE_FREE() and do a DEBUG() on initgroups() failure. Andrew Bartlett (This used to be commit de1964f7fa855022258a84556b266100b917444b)
2002-08-25Use a function that actually exists for the keepalive send.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 82e7212bbbeefce873291c2fdb3b04ae1e6c26d6)
2002-08-25Fix from kai to correctly decode ntlmssp flags.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 2e74473551f0fce0384eacd31bc1a53ff3967464)
2002-08-23Cope with negative cache dns entries better.Tim Potter1-5/+6
(This used to be commit 3404023260a5d6fed5523eb378d4a1ad418302a0)
2002-08-23Moved calculation of secure channel type into a new function.Tim Potter1-2/+1
(This used to be commit b8dba26978c281259e02b9d6ebacaa7cba4f7787)
2002-08-23Don't take the sizeof(struct in_addr) * -1Tim Potter1-2/+4
(This used to be commit e13016bb42dbba675d6e7ee7e163543aad2e62c2)
2002-08-22move where got_sig_term and reload_after_sighup are defined.Herb Lewis1-9/+9
populate cli structure with called name and calling name even for port 445 connects. (This used to be commit 123eee6206d9afb28c169540dc63824957b505f4)
2002-08-22a ASN.1 fix from anthonyAndrew Tridgell1-1/+3
(This used to be commit 5ff687a839f805af56ae77cba94c466a0ff87ccc)
2002-08-22don't use spnego in the client unless enabled in smb.confAndrew Tridgell1-1/+3
(This used to be commit c00388de6cf5d0527505bfe4edfe2f0269c5a4c8)
2002-08-22fix a few segfaultsGerald Carter1-1/+1
(This used to be commit ccb02f7cfcec4a555cf7304816c739f4bf7b46f0)
2002-08-22A few fixes towards libsmbclient and rpcclient - get pointer types right andAndrew Bartlett1-5/+3
try to keep to functions inside libsmbclient. Andrew Bartlett (This used to be commit 340bc31fdb031d79fa87de27c2c46215dd8113a3)
2002-08-21fix segfaultGerald Carter1-5/+5
(This used to be commit 982eadf73bb3932ec3ac89c6112a8bf79dbec127)
2002-08-21Patch from Paul Green <Paul.Green@stratus.com> to be more POSIX-compatibleJelmer Vernooij1-1/+1
(This used to be commit addf29e6765393b25c35bd833d29e29e4581c233)
2002-08-20cannot use casts in the DLIST_xxx macrosHerb Lewis1-2/+2
(This used to be commit c9ffc416aeee2610fdc896a9d41dac182039a5f9)
2002-08-20fix irix compiler errorHerb Lewis1-1/+1
(This used to be commit 4df7983487545a432cfa8832eae1afbdf7866060)
2002-08-19fixed memory corruption in cli_full_connection()Andrew Tridgell1-2/+1
(This used to be commit 7c2167182becbf72ba062230e911d55d337a4709)
2002-08-19we now receive and parse the main cldap netlogon reply.Andrew Tridgell1-5/+2
we still need to parse the core of the structure (This used to be commit 6780ae25bf7ca291f612682dec7ee7ff44c24bef)
2002-08-19added a 'net ads lookup' command that does a CLDAP NetLogon query to aAndrew Tridgell1-0/+10
win2000 server. It does seem to work, and win200 sends us a valid reply, but we don't parse it yet. Maybe tomorrow :) (This used to be commit 6352508c54cee333ed7c0e3ebc372be7cd60ed62)
2002-08-16Merge of netbios namecache code from APPLIANCE_HEAD.Tim Potter2-4/+276
Tridge suggested a generic caching mechanism for Samba to avoid the proliferation of little cache files hanging around limpet like in the locks directory. Someone should probably implement this at some stage. (This used to be commit dad31483b3bd1790356ef1e40ac62624a403bce8)
2002-08-15Fix NTLMSSP challenge command and auth response. We can now service joinsJim McDonough1-0/+61
from win2k AND still use SPNEGO (provided you don't build with kerberos...I still have to fix that, as we are not properly falling back). (This used to be commit 1f9b3d46c7c99e84b2983220f79613b7420c5ced)
2002-08-05This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell1-1/+1
setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
2002-08-03fixed a bug where we were truncating the returned names in a netbiosAndrew Tridgell1-1/+1
name status query to 14 bytes, so we could not join a DC who had a netbios name of 15 bytes in length. (This used to be commit a7588f21c24dac833f098c48e2337c100cf75ba4)
2002-08-02Moved rpc client routines from libsmb back to rpc_client where they belong.Tim Potter9-6501/+0
(This used to be commit cb946b5dadf3cfd21bf584437c6a8e9425f6d5a7)
2002-07-31added 'disable netbios = yes/no' option, default is noAndrew Tridgell1-2/+31
When this option is disabled we should not do *any* netbios operations. You should also not start nmbd at all. I have put initial checks in at the major points we do netbios operations in smbd but there are bound to be more needed. Right now I've disabled all netbios name queries, all WINS lookups and node status queries in smbd and winbindd. I've been testing this option and the most noticable thing is how much more responsive things are! wthout those damn netbios timeouts things certainly are much slicker. (This used to be commit 12e7953bf2497eeb7c0bc6585d9fe58b3aabc240)
2002-07-30this fixes plaintext passwords with win2000Andrew Tridgell1-3/+2
there were 2 bugs: 1) we were sending a null challenge when we should have sent an empty challenge 2) the password can be in unicode if unicode is negotiated. This means our client code was wrong too :( (This used to be commit 1a6dfddf6788b30fc81794b1bfe749693183b2c1)
2002-07-30Some crash fixes for netshareenum returning zero shares.Tim Potter1-0/+3
(This used to be commit a5a0ff8bd7ee4a3586647d14fd750ec6df73efa8)
2002-07-27Rafal 'Mimir' Szczesniak <mimir@diament.ists.pwr.wroc.pl> has been busyAndrew Bartlett2-4/+115
again, and has added 'net rpc trustdom list' support. This lists the trusted and trusting domains of a remote PDC. I've applied these almost directly, just fixing some special case code for when there are *no* trusting domains. We still have some parse errors in this case however. Andrew Bartlett. From mimir's e-mail: Here are another patches adding trust relationship features. More details: Better error reporting in cli_lsa_enum_trust_dom(). Implementation of cli_samr_enum_dom_users() which cli_samr.c lacked. More "consts" -- one of arguments in net_find_dc(). Modified implementation of run_rpc_command() -- now it allows to reuse already opened connection (if it is passed) to remote server's IPC$ (e.g. as part of longer exchange of rpc calls). I'm sure Andrew will argue ;-) More neat version of rpc_trustdom_list() function. (This used to be commit f0890026820ee3e432147130b46de4610e583381)
2002-07-26Mimir has been busy with patches again, and sent in the followingAndrew Bartlett1-3/+2
patches: Andrew Bartlett From his e-mail: Below I attach the following patches as a result of my work on trusted domains support: 1) srv_samr_nt.c.diff This fixes a bug which caused to return null string as the first entry of enumerated accounts list (no matter what entry, it was always null string and rid) and possibly spoiled further names, depeding on their length. I found that while testing my 'net rpc trustdom list' against nt servers and samba server. 2) libsmb.diff Now, fallback to anonymous connection works correctly. 3) smbpasswd.c.diff Just a little fix which actually allows one to create a trusting domain account using smbpasswd 4) typos.diff As the name suggests, it's just a few typos fix :) (This used to be commit 888d595fab4f6b28318b743f47378cb7ca35d479)
2002-07-22fixed a segv in net time when the host is unavailableAndrew Tridgell1-1/+1
(This used to be commit f4f2b613a2a804a6d2e5e78cc7dd7f3482675fcd)