summaryrefslogtreecommitdiff
path: root/source3/libsmb
AgeCommit message (Collapse)AuthorFilesLines
2003-08-15get rid of more compiler warningsHerb Lewis2-19/+19
(This used to be commit 398bd14fc6e2f8ab2f34211270e179b8928a6669)
2003-08-15Add the gss-spnego kerberos server side to ntml_auth. This uses theVolker Lendecke1-0/+14
same ads_verify_ticket routine that smbd uses, so in the current state we have to be have the host password in secrets.tdb instead of the keytab. This means we have to be an ADS member, but it's a start. Volker (This used to be commit dc2d2ad467927affbd1461df75f77f07ddfbc3b1)
2003-08-15Fix memleaks.Volker Lendecke1-1/+3
Currently I'm compiling against MIT Kerberos 1.2.8. Anthony, you said you have a heimdal installation available. Could you please compile this stuff with krb and check it with valgrind? Thanks, Volker (This used to be commit d8ab44685994b302bb46eed9001c72c194d13dc8)
2003-08-15get rid of some sompiler warnings on IRIXHerb Lewis7-53/+63
(This used to be commit a6a39c61e8228c8b3b7552ab3c61ec3a6a639143)
2003-08-14Change Samba to always use extended security for it's guest logins, (ie,Andrew Bartlett5-70/+33
NTLMSSP with "" username, NULL password), and add --machine-pass (-P) to all of Samba's clients. When connecting to an Active Directory DC, you must initiate the CIFS level session setup with Kerberos, not a guest login. If you don't, your machine account is demoted to NT4. Andrew Bartlett (This used to be commit 3547cb3def45a90f99f67829a533eac1ccba5e77)
2003-08-13Don't wrap up anything that is not there. Otherwise upper layersVolker Lendecke1-0/+3
can not figure that we got no ticket. Volker (This used to be commit 2a724a7a873c08f14644427766bfd48908ddb501)
2003-08-13Only close anything that is not fid 0. Was very confusing in ethereal...Volker Lendecke1-1/+3
Volker (This used to be commit 9f453f27be7eeb792b57d5c60284bb5efc84b408)
2003-08-12As described in http://davenport.sourceforge.net/ntlm.html add NTLM2Andrew Bartlett1-3/+40
authentication. NTLM2 is a version of NTLM, that involves both a client and server challenge, and the creating of a new (presuable more secure) session key. Unfortunetly this is not quite the same as NTLMv2, and we don't know how to get the session key. I suggest looking very closely at what MSCHAPv2, and other MS auth protocols do... Andrew Bartlett (This used to be commit d4a5f4fdf97b707b44a0787267e1e4388d1b5388)
2003-08-12Fix client autonegotiate signing.Volker Lendecke1-10/+15
Jeremy. (This used to be commit a4d2dd1d40f6b1322e69d430023aa89dac86fda3)
2003-08-11Fallback to not using NTLMv2 is extended security not supported.Jeremy Allison1-1/+1
Jeremy. (This used to be commit ba075ff03af06dfc2f4bcb952508bbc4a6967d85)
2003-08-11I think this is the one to check...Volker Lendecke1-0/+3
Volker (This used to be commit f6d853d36a37dd854a410717af2f7eaf9457eeb5)
2003-08-11Revert the latest fix. Need to investigate further.Volker Lendecke1-4/+2
Volker (This used to be commit 447f130619ad7aaab351c2b46d3e57eaf31a9454)
2003-08-11Fix a segfault in ntlm_auth when we can't find a domain or hostname.Volker Lendecke1-2/+4
Volker (This used to be commit 49c4f8a764a2b9e266c33f018515e6a742cfc8b0)
2003-08-10Store the server domain from the ntlmssp challenge in the client structVolker Lendecke2-0/+4
to be able to ask a LMB for the servers in its workgroup. Against W2k this only works on port 139.... Volker (This used to be commit 62b04d7776852098dd768268500f36c3a362f688)
2003-08-08fix 2 bugs:Gerald Carter1-3/+13
1) don't ask trusted DC's for a list of trusted domains. This causes us to treat non-transitive ones as if they were transitive. Not needed anyways 2) Fix dc lookup bug where we would always try to use DNS to resolve the DC's for a domain (even if it was a trusted NT4 domain). (This used to be commit 4d3acce5066d3adf53ee8fbaa627c42523b3cbc3)
2003-08-08RPC fix from Ronan Waide <waider@waider.ie>. Tested with rpcecho.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 68590b9e2266cf76b46a68cca0acaa47733811fe)
2003-08-07An oplock break reply from the client causes the sequence number to beJeremy Allison1-1/+40
updated by 2 if there is no open reply outstanding, else by one.... Yes - this makes no sense.... Jeremy. (This used to be commit b43ce1ff6109f6422a621329ceb713b42df40040)
2003-08-07Turns out I had my packet sequences wrong for oplock break code.Jeremy Allison1-46/+19
I was storing the mid of the oplock break - I should have been storing the mid from the open. There are thus 2 types of deferred packet sequence returns - ones that increment the sequence number (returns from oplock causing opens) and ones that don't (change notify returns etc). Running with signing forced on does lead to some interesting tests :-). Jeremy. (This used to be commit 85907f02cec566502d9e4adabbd414020a26064d)
2003-08-04Changes to make gss-spnego ntlmssp client work against W2k AD.Volker Lendecke1-1/+17
Now I know where the mechListMIC changes came from: Ethereal ;-) Volker (This used to be commit 4e9eed1273035d09ac3b427b9711327ba8c6ebfc)
2003-08-04Fix unused variable warning.Tim Potter1-1/+1
(This used to be commit 73d02e3a2b0f9e84ab6d8685e4ad6a03ef9249b2)
2003-08-03Fix oplock break detection code on incoming oplock break responses. ThisJeremy Allison1-7/+15
fixes signing for oplocks. Jeremy. (This used to be commit 69c56ee8bce122839a8fec4e59198f84b0757166)
2003-08-02Ensure we don't leak any sign records on cancel of pending requests.Jeremy Allison1-0/+27
Jeremy. (This used to be commit 9a8ffc239c0f1aada713de7e9e007066738d8874)
2003-08-02Only look for mid sign records on incoming packets for oplock break replies.Jeremy Allison1-20/+28
Otherwise we find spurious mid sign records on reply_ntcancel calls (they cancel by mid). That took a *lot* of tracking down. I still need to remove the mid records from the sign state on reply_ntcancel to avoid leaking memory.... Jeremy. (This used to be commit 270bf20fe3e226ab5cfc689bd20ed4c22b2fa7e6)
2003-08-02More fixes for client and server side signing. Ensure sequence numbersJeremy Allison2-32/+103
are updated correctly on returning an error for server trans streams. Ensure we turn off client trans streams on error. Jeremy. (This used to be commit 3a789cb7f01115c37404e5a696de363287cb0e5f)
2003-08-02Leave the packet sequence checkers enabled whilst I track down a smbclient ↵Jeremy Allison1-2/+2
-> smbd sequence number problem. Jeremy. (This used to be commit 844898dbd8e99837ef1621aa73024714aa819ce4)
2003-08-02Add the same signing code to the server. Ensure we use identical sessionJeremy Allison1-12/+64
numbers and MIDs when in trans/trans2/nttrans code. Jeremy. (This used to be commit 901544b29b4d815709b3dbad3012f1d2c419d904)
2003-08-02Correct fix (removed the earlier band-aid) for what I thought was a signingJeremy Allison4-4/+97
bug with w2k. Turns out that when we're doing a trans/trans2/nttrans call the MID and send_sequence_number and reply_sequence_number must remain constant. This was something we got very wrong in earlier versions of Samba. I can now get a directory listing from WINNT\SYSTEM32 with the older earlier parameters for clilist.c This still needs to be fixed for the server side of Samba, client appears to be working happily now (I'm doing a signed smbtar download of an entire W2K3 image to test this :-). Jeremy. (This used to be commit 2093a3130d4087d0659b497eebd580e7a66e5aa3)
2003-08-01Update my copyrights according to my agreement with IBMJim McDonough2-2/+2
(This used to be commit c9b209be2b17c2e4677cc30b46b1074f48878f43)
2003-08-01Final fix for the bug tridge found. Only push locks onto a blocking lockJeremy Allison1-0/+1
queue if the posix lock failed with EACCES or EAGAIN (this means another lock conflicts). Else return an error and don't queue the request. Jeremy. (This used to be commit 43fbc18fdc184bf29c15186c16bc99fb208de963)
2003-07-31Fix off-by-one found by valgrind.Volker Lendecke1-1/+1
Volker (This used to be commit bc39c9b57fa6258674e1ee44b3446f25bf63661e)
2003-07-31This fixes an error I must have made when playing with spnego.c foundVolker Lendecke1-14/+35
by aliguori: NegTokenInit.mechListMIC is an Octet String. Second: add a free_spnego_data function. Both thanks to aliguori. Volker (This used to be commit 6c252440fba33eb69827d5515a95fbb3e8e9a653)
2003-07-31Turn the 'doing_signing' variable on - fix bug where it was only being setJeremy Allison1-1/+1
on when signing was mandatory. Jeremy. (This used to be commit 7c58673a103195435ca75ebb2684880d1f7242d3)
2003-07-30Add a command line option (-S on|off|required) to enable signing on clientJeremy Allison3-4/+28
connections. Overrides smb.conf parameter if set. Jeremy. (This used to be commit 879309671df6b530e0bff69559422a417da4a307)
2003-07-30Fix bug we discovered in W2K client signing on secondary trans2 packets.Jeremy Allison1-2/+3
Use W2K parameters. tpot please re-test smbclient with your problem directory. Jeremy. (This used to be commit 677d3a3c4ca0b67148e5e56fa876773a067679bd)
2003-07-30Eliminate valgrind error when client gets bad sig on list. Some reformatting.Jeremy Allison2-12/+25
Jeremy. (This used to be commit b8f6b836468b3a0ae75977dc65cae8400f74734c)
2003-07-29This adds gss-spnego to ntlm_auth. It contains some new spnego supportVolker Lendecke1-0/+292
from Jim McDonough. It is to enable cyrus sasl to provide the gss-spnego support. For a preliminary patch to cyrus sasl see http://samba.sernet.de/cyrus-gss-spnego.diff Volker (This used to be commit 45cef8f66e46abe4a25fd2b803a7d1051c1c6602)
2003-07-27Fix commentAndrew Bartlett1-1/+1
(This used to be commit 2c395a3904395c2743df9c3035459c6f3866232d)
2003-07-27Try again to fix up 'session request' name exchange. This time we actualyAndrew Bartlett1-3/+3
get the names... Andrew Bartlett (This used to be commit 7c9e204f7eb15139532f2cc522ed87d0ac34d118)
2003-07-27Some small fixes to our charset conversion code:Andrew Bartlett1-4/+8
- Treat the NMB names in the 'session request' packet as 'ASCII'. This means that we do not get invalid multibyte from the wire, even if we truncate in the conversion. (Otherwise we panic when we try to strupper_m it). - Remove acnv_uxu2(), as it was duplicated by push_ucs2_allocate() - Remove acnv_dosu2(), as it is not used. - In push_ucs2(), with the STR_UPPER flag, do the case conversion *after* the UCS2 conversion, when it we know that the length can't change. Also faster, as we don't need to do another 2 UCS2 conversions. Andrew Bartlett (This used to be commit 912035af1178424583d0bf887a391a0cac2acd87)
2003-07-25W00t! Client smb signing is now working correctly with krb5 and w2k server.Jeremy Allison4-16/+44
Server code *should* also work (I'll check shortly). May be the odd memory leak. Problem was we (a) weren't setting signing on in the client krb5 sessionsetup code (b) we need to ask for a subkey... (c). The client and server need to ask for local and remote subkeys respectively. Thanks to Paul Nelson @ Thursby for some sage advice on this :-). Jeremy. (This used to be commit 3f9e3b60709df5ab755045a093e642510d4cde00)
2003-07-25More printf portability fixes. Got caught out by some gcc'isms lastTim Potter2-3/+3
time. )-: (This used to be commit 59dae1da66a5eb7e128263bd578f167d8746e9f0)
2003-07-24More printf fixes - size_t is long on some architectures.Tim Potter2-2/+2
(This used to be commit ba4d334b822248d8ab929c9568533431603d967e)
2003-07-24Fix packet signing with asynchronous oplock breaks. Removed bad error messageJeremy Allison1-5/+67
due to w2k bug. I think this code is now working.... Need more testing of course but works on all the obvious cases I can think of. Jeremy. (This used to be commit a6e537f6611cc1357fffea0b69901fba7c9ad6ea)
2003-07-24SMB signing is now working with change notify. Need to fix the disconnectJeremy Allison1-18/+28
when bad signature received, plus check the oplock breaks.... Jermey. (This used to be commit dd83931a00ec0a2c4b78b939c54bc101ec82312f)
2003-07-24Server side NTLM signing works - until the first async packet. Working on thisJeremy Allison1-22/+114
next.... Jeremy. (This used to be commit eff74a1fcc597497a4c70589a44c1b70e93ab549)
2003-07-23convert snprintf() calls using pstrings & fstringsGerald Carter3-5/+5
to pstr_sprintf() and fstr_sprintf() to try to standardize. lots of snprintf() calls were using len-1; some were using len. At least this helps to be consistent. (This used to be commit 9f835b85dd38cbe655eb19021ff763f31886ac00)
2003-07-23fixed segv in calls to pstrcpy() in cliprint.cAndrew Tridgell1-6/+6
(This used to be commit 36bc2b99b4fec2c14f8471d89381b2d6c2f9d339)
2003-07-23Don't check in two places for signing turned off...Jeremy Allison1-3/+0
Jeremy. (This used to be commit f4b02e52e25556e5b101d493e2e6404563bf96dd)
2003-07-18Signing so far... the client code fails on a SMBtrans2 secondary transactionJeremy Allison1-50/+114
I think (my changes haven't affected this I believe). Initial support on the server side for smbclient. Still doesn't work for w2k clients I think... Work in progress..... (don't change). Jeremy. (This used to be commit e5714edc233424c2f74edb6d658f32f8e0ec9275)
2003-07-17Correctly toggle the signing state to what it was previosly when sendingJeremy Allison1-12/+5
an oplock break. Jeremy. (This used to be commit 9515de83a864250c417cf490b7be714c8e1e127e)