Age | Commit message (Collapse) | Author | Files | Lines |
|
This is needed if we want to support SMB2 signing later.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Sep 3 16:21:35 CEST 2011 on sn-devel-104
|
|
The create_pipe_sock() function should only create the socket as the
name states and not start to listen on it too. We should start to listen
on in the individual places as we need different backlog values.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Aug 29 13:21:43 CEST 2011 on sn-devel-104
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Aug 28 20:29:01 CEST 2011 on sn-devel-104
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Aug 23 18:21:58 CEST 2011 on sn-devel-104
|
|
|
|
The caller should take care of the global cli_state values.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Aug 12 19:38:27 CEST 2011 on sn-devel-104
|
|
metze
|
|
This moves the SMB1 specific stuff to cli_smb_req_create(),
instead of having it in the core dispatching code.
metze
|
|
This will allow handling of SMB2 in future.
metze
|
|
metze
|
|
metze
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Aug 12 12:36:03 CEST 2011 on sn-devel-104
|
|
in cli_smb_received()
Callers of tevent_req_done() (or similar functions) have to return directly.
Otherwise the callback could invalidate the current stack state,
which is likely to trigger segfaults.
If there was only one pending request and we just got the response
for that one, we can use tevent_req_done() directly.
Otherwise there're more pending requests and we need to call
cli_state_receive_next() or we got the response for chained requests.
Both means that we have to use tevent_req_defer_callback().
metze
|
|
metze
|
|
It's up to the caller to notify the current request,
but we have to notify all other pending requests if
we're not able to read the next response from the server.
metze
|
|
metze
|
|
metze
|
|
for chained requests
metze
|
|
metze
|
|
If we got a problem on the connection we need to notify every
pending request. But we need to make use of tevent_req_defer_callback()
before tevent_req_nterror(), otherwise the callback, triggered
by tevent_req_nterror(), could invalidate the state of current caller,
which will likely cause segfaults.
metze
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Aug 10 12:31:55 CEST 2011 on sn-devel-104
|
|
cli_session_setup()
metze
|
|
metze
|
|
The max_data parameter of trans2/nttrans calls are not bound
to cli->max_xmit. Even with cli->max_xmit, which means the max
size of the whole SMB pdu, we would get fragmented trans2/nttrans
replies. That's why we can also use our maximum, which is CLI_BUFFER_SIZE.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Aug 9 18:14:38 CEST 2011 on sn-devel-104
|
|
Removing the return is reasonable here because while no callers
currently specify more than one flag at a time, the
ntlmssp_want_feature code allows it.
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Aug 4 02:19:46 CEST 2011 on sn-devel-104
|
|
This is explained where SESSION_KEY maps to SIGN at the NTLMSSP layer
Andrew Bartlett
|
|
Rather than passing this value around the callers, and eventually
setting it in register_existing_vuid(), we simply pass it to
create_local_token(). This also removes the need for
auth_ntlmssp_get_username().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
There is no need to mask out these flags as they simply are not set
yet.
The correct abstraction is to ask for NTLMSSP features.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The session key we want here (the only one that is availble to the
encryption layer) is the one obtained by cli_get_session_key(), as
NTLMSSP creates a per-session session key via key exchange and NTLMv2
negotiation.
The key was never directly the NT hash anyway (this is simply a
mistake, the extra MD4() was lost during my previous cleanup
f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT
hash) in early implementations of NTLMSSP.
However, regardless this call is not available on domain trusts
between AD domains and Windows 2003 R2, making this less useful.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
We now just use auth_ntlmssp_want_feature to get extra flags
on the NTLMSSP context
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This is changed so that the callers ask for the additional flags
that they need, starting with no additional flags.
This helps to create a proper abstraction layer in
ntlmssp_wrap/auth_ntlmssp.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This clarifies the lifetime of the returned token.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This allows the current behaviour of the NTLMSSP code to be unchanged
while adding a way to hook in an alternate implementation via an auth
module.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
This allows auth_ntlmssp_get_ntlmssp_state() to be removed.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Aug 3 10:16:18 CEST 2011 on sn-devel-104
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|