summaryrefslogtreecommitdiff
path: root/source3/libsmb
AgeCommit message (Collapse)AuthorFilesLines
2003-03-03Add constAndrew Bartlett1-1/+1
(This used to be commit 251b91f46988053eccc53f814a23ed5ca787c852)
2003-03-01the new DEVELOPER checks for string overflows have (as expected)Andrew Tridgell1-3/+3
broken a lot of stuff. These two macros are meant to make life easier when fixing these bugs. I'm guessing we will see more macros like this (eg. fstrcpy_base) (This used to be commit 50389c0cb2504d7941ec691af21d6a20ae5c5de7)
2003-02-26Netlogon-unigroup changes needed for the winbind RID-to-SID conversion.Andrew Bartlett1-12/+25
This changes the cache format, which will simply invalidate existing entries, leaving them dead in the cache. Andrew Bartlett (This used to be commit 3fc179362ea849db23490b971a9f64f943e7f7f8)
2003-02-25Fix unused variable warning when ENCTYPE_ARCFOUR_HMAC is not defined.Tim Potter1-0/+2
(This used to be commit 92abafa62894a125c5a09fc92f5056e4d8b51089)
2003-02-24Clean up non-krb5 breakages from my modifications to luke howard's patch.Andrew Bartlett1-7/+1
Andrew Bartlett (This used to be commit 32fd0c49009e38022523cc5c14567dd55de08206)
2003-02-24Patch from Luke Howard to add mutual kerberos authentication, and SMB sessionAndrew Bartlett3-23/+64
keys for kerberos authentication. Andrew Bartlett (This used to be commit 8b798f03dbbdd670ff9af4eb46f7b0845c611e0f)
2003-02-21Fix IRIX build...void fn can't return another void fnJim McDonough1-1/+2
(This used to be commit df3c7c9cbb275e9c35356b4f1cab1a741de6f500)
2003-02-21Doesn't anyone run ./configure.developer anymore?Tim Potter1-1/+1
(This used to be commit 09be123c6c1b67621eaf6c8ffb3016eccd375e5b)
2003-02-19Can't return SAFE_FREE...put on its own line.Jim McDonough1-1/+2
(This used to be commit 9f1a4809b503f050189d5f87a294b7d8675b1e95)
2003-02-19Correct way to keep fucntion from proto.hJim McDonough1-7/+4
(This used to be commit 762b072efb0d6801775a874494cb19ea3d61fa97)
2003-02-19After a talloc_zero(), we don't need to ZERO_STRUCTP too..Andrew Bartlett1-4/+0
(This used to be commit 4fe8066394143c64c79c052c00f0d747e872103a)
2003-02-19Only do a kinit if we got told to use kerberos.Andrew Bartlett1-12/+12
Andrew Bartlett (This used to be commit 6af9ec50e010d171cf5287f40ec774e79e4a93fe)
2003-02-19Get non-krb systems to compile. How the heck do I keep something from being ↵Jim McDonough1-8/+9
sucked into proto.h? (This used to be commit 7e84497882df5bf933ab7ae7fe9af3728393202c)
2003-02-19Try to get heimdal working with HEAD.Jim McDonough1-4/+34
- Provide generic functions for - get valid encryption types - free encryption types - Add encryption type parm to generic function create_kerberos_key_from_string() - Try to merge the two versions (between HEAD and SAMBA_3_0) of kerberos_verify.c I think this should work for both MIT and heimdal, in HEAD. If all goes smooth, I'll move it over to 3.0 soon... (This used to be commit 45e409fc8da9f26cf888e13d004392660d7c55d4)
2003-02-17Correctly check for inet_addr fail. Patch from gregor.7@osu.edu.Jeremy Allison1-2/+5
Jeremy. (This used to be commit fb3548e5080812c037c2c134504cc9af4ecbfedd)
2003-02-17Don't leak a session_key worth of memory at the end of the NTLMSSP auth.Andrew Bartlett1-0/+1
(This used to be commit ae9765b84de0fd6eff790b3bff26dd3d43ec2bd6)
2003-02-16Add the 'session key' output of the NTLMSSP exchange to the cli struct, soAndrew Bartlett1-0/+11
it can be used for 'net rpc join'. Also fix a bug in our server-side NTLMSSP code - a client without any domain trust links to us may calculate the NTLMv2 response with "" as the domain. Andrew Bartlett (This used to be commit ddaa42423bc952e59b95362f5f5aa7cca10d1ad4)
2003-02-15Don't return NULL pointers for now.Andrew Bartlett1-4/+4
We should look into how to deal with NULL v "" strings, and the NTLMSSP code underneath properly at some stage. Andrew Bartlett (This used to be commit dc934412b0190ea75073cccddac45e74ebcd4a6b)
2003-02-15Move our NTLMSSP client code into ntlmssp.c. The intention is to provide aAndrew Bartlett6-128/+440
relitivly useful external lib from this code, and to remove the dupicate NTLMSSP code elsewhere in samba (RPC pipes, LDAP client). The code I've replaced this with in cliconnect.c is relitivly ugly, and I hope to replace it with a more general SPENGO layer at some later date. Andrew Bartlett (This used to be commit b2b66909ac2e251f8189e0696b6075dbf748521a)
2003-02-15Antti Andreimann <Antti.Andreimann@mail.ee> has done some changes to enableAndrew Bartlett2-1/+23
users w/o full administrative access on computer accounts to join a computer into AD domain. The patch and detailed changelog is available at: http://www.itcollege.ee/~aandreim/samba This is a list of changes in general: 1. When creating machine account do not fail if SD cannot be changed. setting SD is not mandatory and join will work perfectly without it. 2. Implement KPASSWD CHANGEPW protocol for changing trust password so machine account does not need to have reset password right for itself. 3. Command line utilities no longer interfere with user's existing kerberos ticket cache. 4. Command line utilities can do kerberos authentication even if username is specified (-U). Initial TGT will be requested in this case. I've modified the patch to share the kinit code, rather than copying it, and updated it to current CVS. The other change included in the original patch (local realms) has been left out for now. Andrew Bartlett (This used to be commit ce52f1c2ed4d3ddafe8ae6258c90b90fa434fe43)
2003-02-15Move our NTLMSSP code into easily seperated peices, not relying on the wholeAndrew Bartlett3-323/+345
of libsmb. Andrew Bartlett (This used to be commit b5ec7efa80478187124c1cfa8c7fcc4036506a37)
2003-02-14NTLMSSP parinoia - we really don't want to run over the end of our blob,Andrew Bartlett2-14/+46
and make sure we can never get an 'authenticate' packet without a challenge. Andrew Bartlett (This used to be commit 4d94f8e6912c1339515cd1f68d1b698e7c699626)
2003-02-14Ensure that only parse_prs.c access internal members of the prs_struct.Jeremy Allison1-3/+3
Needed to move to disk based i/o later. Jeremy. (This used to be commit 4c3ee228fcdb089eaeead95e79532a9cf6cb0de6)
2003-02-14Further extract our NTLMv2 code into smbencrypt.c, prior to merge into ourAndrew Bartlett2-32/+51
NTLMSSP client code. Andrew Bartlett (This used to be commit eaa8e7d1f82b30e7af14a0a58d7ca3eb66a06053)
2003-02-13A few typo fixes Andrew eventually let off to me.Rafal Szczesniak2-5/+5
Rafal (This used to be commit 16a66cf17a544a214b7c5b483c81c7568a18a779)
2003-02-12adding more descriptions for nt status codesGerald Carter1-1/+66
(This used to be commit dfceb0aab5d97df5b6b744143db254656398f0e9)
2003-02-10Clean up our NTLMv2 code by moving the grunt work into a helper function.Andrew Bartlett2-41/+34
Andrew Bartlett (This used to be commit 6789e237d7b070624ba09e7ed43680b838337b74)
2003-02-09(only for HEAD at the moment).Andrew Bartlett5-110/+186
Add NTLMv2 support to our client, used when so configured ('client use NTLMv2 = yes') and only when 'client use spengo = no'. (A new option to allow the client and server ends to chose spnego seperatly). NTLMv2 signing doesn't yet work, and NTLMv2 is not done for NTLMSSP yet. Also some parinoia checks in our input parsing. Andrew Bartlett (This used to be commit 85e9c060eab59c7692198f14a447ad59f05af437)
2003-02-02Add some return values, and don't attempt signing for NTLMSSP yet (it uses aAndrew Bartlett2-3/+3
different algorithm). Andrew Bartlett (This used to be commit e6f87c7ee5c61f03f81159a8017d31f439c4454a)
2003-02-02More signing updates - start checking that the server isn't being spoofed.Andrew Bartlett2-1/+42
Andrew Bartlett (This used to be commit b1c722e306533babeffeba9d8c7dcfa00e019423)
2003-02-01We now have client-side SMB signing support!Andrew Bartlett3-8/+15
This checking allows us to connect to Microsoft servers the use SMB signing, within a few restrictions: - I've not get the NTLMSSP stuff going - it appears to work, but if you break the sig - say by writing a zero in it - it still passes... - We don't currently verfiy the server's reply - It works against one of my test servers, but not the other... However, it provides an excellent basis to work from. Enable it with 'client signing' in your smb.conf. Doc to come (tomorrow) and this is not for 3.0, till we get it complete. The CIFS Spec is misleading - the session key (for NTLMv1 at least) is the standard session key, ie MD4(NT#). Thanks to jra for the early work on this. Andrew Bartlett (This used to be commit 1a2738937e3d80b378bd0ed33cd8d395fba2d3c3)
2003-01-30Stop tpot from trampling over my Heimdal fixes by moving some of themJeremy Allison1-0/+122
to HEAD :-). Jeremy. (This used to be commit 1fec0f50ed0e750afec5cdf551fcd37ef4858e94)
2003-01-28Factor out common code in the NTLMSSP/SPNEGO code.Andrew Bartlett2-53/+18
The idea here is to seperate, as much as possible, the SPNEGO layer from the NTLMSSP layer. This not only helps us with protocol correctness, but also should allow further mechinisms to be added with relitive ease. I indend to make the kerberos code use this shortly. I've never seen the 'zero length blob' form of the anonymous login, so I've removed that case. Andrew Bartlett (This used to be commit a8773c9f825539c5bc17e4200b16d7ebbe0b7620)
2003-01-23Fixed typo.Tim Potter1-1/+1
(This used to be commit 9b11ede90129fab8311344ce8621556fd6cff7dc)
2003-01-22fix for CR 1603; provide description of NT_STATUS_PIPE_NOT_AVAILABLEGerald Carter1-0/+1
(This used to be commit fcf63df8bfae37680ad7af48c65af62abc4e0020)
2003-01-21Fixup proto generation to not include krb5 specific symbolsJeremy Allison1-5/+5
if no kerberos selected. Noticed by Metze. Jeremy. (This used to be commit 1684719695acb7168115b032fc1ec672509239ea)
2003-01-21More fixes getting us closer to full Heimdal compile....Jeremy Allison1-0/+20
Jeremy. (This used to be commit 193cc4f4fc876c66e97ea6b82bae431d0247c1fa)
2003-01-20should be HAVE_KRB5_SET_REAL_TIME (HAVE_ was missing)...fix the buildJim McDonough1-1/+1
(This used to be commit aceaaad1c2efce41fe0e03655b0ca0583788d7ab)
2003-01-19Merge in more of the SuSE patches for Heimdal. These changes show howJeremy Allison1-0/+29
to add a function without an explicit #ifdef HEIMDAL which I'm trying to avoid. Jeremy. (This used to be commit 77aeb262ef7c7cd3d206afe2d5445caaca943dfd)
2003-01-16(missed in last commit)Andrew Bartlett2-6/+9
Change the 'cookie' to be the ntlmssp_context, and use the 'auth_context' on that to store the cookie. Ensures that simple callbacks can 'just work'. Also make it clear that we are doing a pull_string into a pstring, not just any sized buffer. Andrew Bartlett (This used to be commit c7793f27188e658b7fc6336aa51d367eab36fc17)
2003-01-15Missed auth_ntlmssp.c in last night's checkin. Also keep track of the currentAndrew Bartlett1-0/+4
challenge in the NTLMSSP context. Andrew Bartlett (This used to be commit ba13e058d4533b1ffba723b9e98e95090ad63d85)
2003-01-15small merges from SAMBA_3_0; mostly typos, renames, etc...Gerald Carter1-0/+179
(This used to be commit 9ac196dad4893b0ceef13281a140be5d85391e6c)
2003-01-15Refactor the NTLMSSP code again - this time we use function pointers toAndrew Bartlett2-1/+280
eliminate the dependency on the auth subsystem. The next step is to add the required code to 'ntlm_auth', for export to Squid etc. Andrew Bartlett (This used to be commit 9e48ab86da40e4c1cafa70c04fb9ebdcce23dfab)
2003-01-14query_alt_name takes a forced unicode string in win2000. It is notAndrew Tridgell1-1/+1
null terminated. Thanks to Metze for finding this. (This used to be commit e4ce26332b8f876e25ff9baf06d4767a473e2676)
2003-01-13Make sure that those cleanups actually went in.Richard Sharpe1-2/+2
(This used to be commit 9a38e378115a1c36d0cd7c41f4c5767c23b4eb3f)
2003-01-13Updates to our NTLMSSP code:Andrew Bartlett3-16/+51
This tries to extract our server-side code out of sessetup.c, and into a more general lib. I hope this is only a temporay resting place - I indend to refactor it again into an auth-subsystem independent lib, using callbacks. Move some of our our NTLMSSP #defines into a new file, and add two that I found in the COMsource docs - we seem to have a double-up, but I've verified from traces that the NTLMSSP_TARGET_TYPE_{DOMAIN,SERVER} is real. This code also copes with ASCII clients - not that we will ever see any here, but I hope to use this for HTTP, were we can get them. Win2k authenticates fine under forced ASCII, btw. Tested with Win2k, NTLMv2 and Samba's smbclient. Andrew Bartlett (This used to be commit b6641badcbb2fb3bfec9d00a6466318203ea33e1)
2003-01-13Don't force the DOS password into a 14 char space, as this would imply nullAndrew Bartlett1-1/+2
termination - the password will not be null terminated before hashing if len >= 14. related to debian bug #157432 Andrew Bartlett (This used to be commit c6535836f2e48903aa89a18c11cbb37576fb4a20)
2003-01-11Fix a number of client-side fstring/pstring mixups.Andrew Bartlett2-12/+14
Andrew Bartlett (This used to be commit fe1cc779d5ea77e87dbc0e2edf7c34a354fee6e0)
2003-01-03Fixed some simple typos, including one that would have resulted in aChristopher R. Hertel1-2/+2
DEBUG() message printing the wrong value. (This used to be commit 42a4e5b851aa7c9fd9dca5a6f8f42e5d91246c76)
2003-01-02One more const. Andrew, you seem to have krb5 :-)Volker Lendecke1-1/+1
Volker (This used to be commit f5494f5ef6a14020bd31541b1f87d48111f60ad8)