summaryrefslogtreecommitdiff
path: root/source3/libsmb
AgeCommit message (Collapse)AuthorFilesLines
2010-08-15s3: Remove some unused codeVolker Lendecke1-31/+0
2010-08-14s3: Fix an uninitialized variableVolker Lendecke1-0/+3
2010-08-13s3-krb5 Only build ADS support if arcfour-hmac-md5 is availableAndrew Bartlett1-2/+0
Modern Kerberos implementations have either defines or enums for these key types, which makes doing #ifdef difficult. This shows up in files such as libnet_samsync_keytab.c, the bulk of which is not compiled on current Fedora 12, for example. The downside is that this makes Samba unconditionally depend on the arcfour-hmac-md5 encryption type at build time. We will no longer support libraries that only support the DES based encryption types. However, the single-DES types that are supported in common with AD are already painfully weak - so much so that they are disabled by default in modern Kerberos libraries. If not found, ADS support will not be compiled in. This means that our 'net ads join' will no longer set the ACB_USE_DES_KEY_ONLY flag, and we will always try to use arcfour-hmac-md5. A future improvement would be to remove the use of the DES encryption types totally, but this would require that any ACB_USE_DES_KEY_ONLY flag be removed from existing joins. Andrew Bartlett Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-10libcli/auth Make the source3/ implementation of the NTLMSSP server commonAndrew Bartlett1-527/+0
This means that the core logic (but not the initialisation) of the NTLMSSP server is in common, but uses different authentication backends. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Split the NTLMSSP server into before and after authenticationAndrew Bartlett1-62/+148
This allows for a future where the auth subsystem is async, and the session key generation needs to happen in a callback. This code is originally reworked into this style by metze for the source4/ implementation. The other change here is to introduce an 'out_mem_ctx', which makes the API match that used in source4. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Always call ntlmssp_sign_init()Andrew Bartlett1-3/+1
There is no code path that sets nt_status before this point, without a return. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Don't use talloc_tos() for NTLMSSP blobs for nowAndrew Bartlett1-2/+2
This code will, I hope, soon be merged in common, and the Samba4 use case does not currently support talloc_tos() properly. Use another context for now. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Don't permit LM_KEY in combination with NTLMv2Andrew Bartlett1-1/+4
This is another 'belts and braces' check to avoid the use of the weak 'LM_KEY' encryption when the client has chosen NTLMv2. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Don't reply with the LM_KEY negotiation flag when not availableAndrew Bartlett1-0/+15
This ensures the client isn't confused and we don't enter this weaker authentication scheme when we don't really, really need to. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Don't use the lm key if the user didn't supply one.Andrew Bartlett1-3/+3
This may help to avoid a number of possible MITM attacks where LM_KEY is spoofed into the session. If the login wasn't with lanman (and so the user chose to disclose their lanman response), don't disclose back anything based on their lanman password. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Add extra DEBUG() message for auth system failuresAndrew Bartlett1-0/+2
Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10s3:ntlmssp Redirect lp_lanman_auth() via 'allow_lm_key'Andrew Bartlett1-2/+4
This will allow this to be handled via common code in the future Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-10libcli/auth Move some source3/ NTLMSSP functions to the common code.Andrew Bartlett1-87/+0
libcli/auth Use true and false rather than True and False in common code Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-06s3-libsmb: include nbt.h in namequery_dc code.Günther Deschner1-0/+1
Guenther
2010-08-06s3-krb5: include krb5pac.h where needed.Günther Deschner1-0/+1
Guenther
2010-08-06s3-rap: include svcctl.h where needed.Günther Deschner1-0/+1
Guenther
2010-08-06s3-passdb: include samr.h where needed.Günther Deschner1-1/+1
Guenther
2010-08-05s3: Remove some direct cli->inbuf references in interpret_long_filenameVolker Lendecke1-2/+2
2010-08-05s3: Remove a pointless wrapper functionVolker Lendecke2-6/+1
2010-08-05s3: Explicitly pass flags2 to clistr_pull_tallocVolker Lendecke4-9/+22
Required to eventually make cli_list async
2010-08-05s3: Remove some pointless wrapper functionsVolker Lendecke1-4/+7
2010-08-05s3: Remove some pointless wrapper functionsVolker Lendecke4-16/+23
2010-08-05s3: Save the received trans2 from the inbuf in cli_transVolker Lendecke5-15/+28
2010-08-05s3-popt: Only include popt-common.h when needed.Andreas Schneider2-0/+2
2010-08-05s3-secrets: only include secrets.h when needed.Günther Deschner2-0/+2
Guenther
2010-08-05s3: avoid global include of ads.h.Günther Deschner2-0/+2
Guenther
2010-08-04s3: Convert cli_list() to return NTSTATUSVolker Lendecke2-14/+25
If needed, the callback functions can count themselves
2010-08-04s3: Use data_blob_nullVolker Lendecke1-1/+1
2010-07-30s3: Remove "cli" from "struct finfo"Volker Lendecke1-2/+0
2010-07-28s3: Fix cli_qpathinfo2Volker Lendecke1-1/+1
Does not fix the DIR_CREATETIME test, but it is definitely an error.
2010-07-27s3: Remove a typedef (struct file_info)Volker Lendecke2-9/+12
2010-07-26s3: Convert cli_qpathinfo_streams to cli_qpathinfo_sendVolker Lendecke1-42/+93
2010-07-26s3: Factor out parse_streams_blobVolker Lendecke1-8/+22
2010-07-26s3: Convert cli_qpathinfo_basic to cli_qpathinfo_sendVolker Lendecke1-49/+86
2010-07-26s3: Convert cli_qpathinfo2 to cli_qpathinfo_sendVolker Lendecke2-52/+103
2010-07-26s3: Callers of cli_qpathinfo_recv might ignore the outputVolker Lendecke1-2/+8
2010-07-26s3: cli_qpathinfo2 expects at least 68 bytesVolker Lendecke1-1/+1
2010-07-26s3: Convert cli_qpathinfo1 to cli_qpathinfoVolker Lendecke1-61/+105
2010-07-26s3: Fix a structure mess-upVolker Lendecke1-1/+1
I wonder why the compiler did not complain -- maybe because the structs have the same data members? No clue.
2010-07-26s3: Remove some unused struct membersVolker Lendecke1-6/+0
2010-07-25s3: Convert cli_get_ea_list_path to cli_qpathinfo_sendVolker Lendecke1-20/+94
2010-07-25s3: Factor out parse_ea_blobVolker Lendecke1-25/+41
2010-07-25s3: Convert cli_posix_stat to cli_qpathinfo_sendVolker Lendecke1-57/+20
2010-07-25s3: Convert cli_posix_getfacl to cli_qpathinfo_sendVolker Lendecke1-53/+21
2010-07-25s3: Convert cli_posix_readlink to cli_qpathinfo_sendVolker Lendecke1-67/+33
2010-07-25s3: Add async cli_qpathinfoVolker Lendecke1-0/+135
2010-07-25s3: cli_qpathinfo->cli_qpathinfo1Volker Lendecke1-1/+1
2010-07-25s3: Fix cli_posix_statVolker Lendecke1-4/+4
nlink seems to be defined as 8 bytes, not 4 Jeremy, please check!
2010-07-23Fix bug 7583 - Smbclient fails to kerberos connect to a Alfresco JLAN CIFS ↵Jeremy Allison1-152/+151
Server Correctly calculate the gssapi channel binding checkum. Jeremy Signed off by: simo <idra@samba.org>
2010-07-20s3-libsmb: Use data_blob_talloc to get krb5 ticket and session keysSimo Sorce2-15/+23