summaryrefslogtreecommitdiff
path: root/source3/libsmb
AgeCommit message (Collapse)AuthorFilesLines
2004-01-06Merge NTLMSSP fixes from 3.0 to HEAD.Andrew Bartlett3-33/+93
Andrew Bartlett (This used to be commit f7d39c787771616ddb015bd77e3e6cd33f0c7a15)
2004-01-06(merge from 3.0)Andrew Bartlett2-17/+12
Change our Domain controller lookup routines to more carefully seperate DNS names (realms) from NetBIOS domain names. Until now, we would experience delays as we broadcast lookups for DNS names onto the local network segments. Now if DNS comes back negative, we fall straight back to looking up the short name. Andrew Bartlett (This used to be commit 4c3bd0a99e464198d243da302ff1868189b4dcff)
2004-01-05(merge from 3.0)Andrew Bartlett1-1/+1
Even if the 'device type' is always an ascii string, use push_string to get it out onto the wire. Avoids valgrind warnings because the fstrcpy() causes part of the wire buffer to be 'marked'. Andrew Bartlett (This used to be commit 326becbde23c8039e1f0f00930bcab094bf91ed2)
2004-01-05(merge from 3.0)Andrew Bartlett1-1/+1
auth/auth_util.c: - Fill in the 'backup' idea of a domain, if the DC didn't supply one. This doesn't seem to occour in reality, hence why we missed the typo. lib/charcnv.c: lib/smbldap.c: libads/ldap.c: libsmb/libsmbclient.c: printing/nt_printing.c: - all the callers to pull_utf8_allocate() pass a char ** as the first parammeter, so don't make them all cast it to a void ** nsswitch/winbind_util.c: - Allow for a more 'correct' view of when usernames should be qualified in winbindd. If we are a PDC, or have 'winbind trusted domains only', then for the authentication returns stip the domain portion. - Fix valgrind warning about use of free()ed name when looking up our local domain. lp_workgroup() is maniplated inside a procedure that uses it's former value. Instead, use the fact that our local domain is always the first in the list. -- Jerry rightly complained that we can't assume that the first domain is our primary domain - new domains are added to the front of the list. :-( Use a much more reliable 'flag test' instead. (note: changes winbind structures, make clean). -- Forgot to commit this for the 'get our primary domain' change. Andrew Bartlett (This used to be commit acacd27ba25f7ebfec40bfa66d34ece543569e23)
2004-01-05(merge from 3.0)Andrew Bartlett1-0/+377
Move our basic password checking code from inside the authentication subsystem into a seperate file - ntlm_check.c. This allows us to call these routines from ntlm_auth. The purpose of this exercise is to allow ntlm_auth (when operating as an NTLMSSP server) to avoid talking to winbind. This should allow for easier debugging. ntlm_auth itself has been reorgainised, so as to share more code between the SPNEGO-wrapped and 'raw' NTLMSSP modes. A new 'client' NTLMSSP mode has been added, for use with a Cyrus-SASL module I am writing (based on vl's work) Andrew Bartlett (This used to be commit 2f196bb31ac83cf7922583063c74a5f679ca5be7)
2004-01-05(merge from 3.0)Andrew Bartlett1-1/+0
Shutting down the connection closes outstanding sessions, so we don't need to do it twice... Amdrew Bartlett (This used to be commit 77b3515981ebe972a4c78e14b205d0c70a34b69f)
2003-12-27Preliminary fix for our signing problem with failed NTLMSSP logins. This patchVolker Lendecke2-9/+19
solves the problem for me here, I can still successfully set up signing using NTLMSSP against w2k3 and it does not show a signing error anymoe when the password was wrong. Jeremy, you might want to take a further look at it as this is not particularly elegant. Volker (This used to be commit 8a82060e3aee6d5ef38b1448035d865f9bce63a7)
2003-12-17Add in comments explaining NTLMv2 selection. Use lm session key if that'sJeremy Allison1-1/+13
all there is. Jeremy. (This used to be commit 3e6abeffe176cdba43d251f55f3b7aecd8fa55b1)
2003-12-17Tidyup debug message in ntlmssp code. Add brackets around dodgy if statement.Jeremy Allison1-5/+17
Jeremy (This used to be commit 6cd0f6e7c0a28ddccf55acb1e411e5ed5bd3cf47)
2003-12-17Make sure we correctly generate the lm session key.Gerald Carter2-2/+26
This fixes a problem joining a Samba domain from a vanilla win2k client that doesn't set the NTLMSSP_NEGOTIATE_NTLM2 flag. Reported on samba ml as "decode_pw: incorrect password length" when handling a samr_set_userinfo(23 or 24) RPC. (This used to be commit 14558c942beb05cd12c0e40c1bb30c3dcde8ce48)
2003-12-09Make intent to return only one address clear.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 08b6b1e43ce354cfb77701c8953565e1163ff76b)
2003-12-07Merge from 3.0:Andrew Bartlett1-8/+13
source/libsmb/ntlmssp.c: Picked up by the build farm - despite all my efforts, security=server was broken by my NTLM2 commit. This should correctly cause the NTLM2 case not to be negotiated when 'security=server' is in effect. testsuide/build_farm/runlist: Without 'non unix accounts' we can't test security=domain on the build farm. source/rpc_server/srv_samr_nt.c: Match Win2k and return 'invalid parameter' for creating of a new account with account flags of 0. Andrew Bartlett (This used to be commit e97f1eb62ae01b5259d7ecfab9b55b07103379c7)
2003-12-01Client connect signing error messages should be level zero elseJeremy Allison1-2/+2
they're easy to miss. Jeremy. (This used to be commit b5f32a0869017a3ce457bf45e4aa2c1b621162c6)
2003-12-01Fix spurious error msg. when seq=0.Jeremy Allison1-0/+2
Jeremy. (This used to be commit fd71acd1ffb3d3c2f2f82395c86512124769d592)
2003-12-01Ensure we use the same mid for the secondary trans requests, W2K3Jeremy Allison1-0/+6
does this. Jeremy. (This used to be commit e5bb3fdf4c8b2bb5b098bfbc0b4b80d947aeac6c)
2003-12-01Better fix for client signing bug. Ensure we don't malloc/free trans signingJeremy Allison2-36/+40
state info each packet. Jeremy. (This used to be commit c662e2dbc4d953b3718f69fef4517a3e7539151e)
2003-11-30Fix signing bug with secondary client trans requests. Turns out the lastJeremy Allison1-0/+20
packet is the one that matters for checking the signing replies. Need to check the server code does this correctly too.... Bug #832 reported by Volker. Jeremy. (This used to be commit 315f25fc1710e20051414bbf084cb5648129c3bb)
2003-11-26Merge from 3.0:Andrew Bartlett1-2/+6
- NTLM2 fixes, don't force NTLM2 - Don't use NTLM2 for RPC, it doesn't work yet - Add comments to winbindd_pam.c - Merge 64 bit fixes and better debug messages in winbindd.c Andrew Bartlett (This used to be commit ba94e4a1ab6dc3335bbb29686ca6795d0ffad5b0)
2003-11-25If signing starts successfully, don't just turn it off automatically ifJeremy Allison1-5/+5
it fails later. Only turn it off automatically if it fails at the start. Jeremy. (This used to be commit 2a00d538da61253455db1734b74ef1debaea24ea)
2003-11-25When server signing is set to "auto", if the client doesn't sign justJeremy Allison1-2/+23
ignore it. Only fail if signing is set to "required". Jeremy. (This used to be commit ab5db8873e2882900baa1c74706bb907baaff7fd)
2003-11-23Merge from 3.0:Andrew Bartlett1-0/+40
Add support for variable-length session keys in our client code. This means that we now support 'net rpc join' with KRB5 (des based) logins. Now, you need to hack 'net' to do that, but the principal is important... When we add kerberos to 'net rpc', it should be possible to still do user management and the like over RPC. - Add server-side support for variable-length session keys (as used by DES based krb5 logins). Andrew Bartlett (This used to be commit 1287cf5f921327c9ea758de46220c4e2dedc485c)
2003-11-22(merge from 3.0)Andrew Bartlett9-383/+671
Changes all over the shop, but all towards: - NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... Andrew Bartlett (This used to be commit 57a895aaabacc0c9147344d097d333793b77c947)
2003-11-22debug and swat fixes from 3.0Gerald Carter1-0/+1
(This used to be commit 52c1973f39f4c4161097843fcf395e0102531575)
2003-11-05Merge of 64-bit printf warning fixes.Tim Potter1-2/+2
(This used to be commit a6cc763333943bc6e360bb7e78cf9bfb1bc936e8)
2003-11-05Fix coredump in cli_get_backup_list.Jeremy Allison1-5/+2
Jeremy. (This used to be commit 13d32f561b23f2d69daf103a971acbdae547703d)
2003-10-31Merge from 3.0:Tim Potter1-10/+17
Revision 1.50.2.12: Put in a work-around for ENOTSUP not being defined on OpenBSD. Revision 1.50.2.10-11 Apply latest of Derrell Lippman's changes to libsmbclient. Commit Derrell's changes to libsmbclient plus a small change to configure.in to see if SGI and other platforms will build. (This used to be commit e32826980eefeb501e4ae19c689d83153d9fe5e6)
2003-10-31Merge from 3.0:Tim Potter1-3/+0
Revision 1.2.2.5: Remove some unused variables uncovered by the build farm. (This used to be commit c0585399ac3b6adb22b514478ba44e3c8a96b050)
2003-10-29Fixes to check for wraps which could cause coredumps.Jeremy Allison2-5/+4
Jeremy. (This used to be commit 124a8ddae63adff4f601242a8e6d05abcaf4d9bf)
2003-10-23Merge from 3_0:Volker Lendecke1-1/+1
According to Ethereal we have a 32-Bit quantity here. And with SSVAL valgrind reports an unitialized read which is obviously correct. And I hate valgrind errors ;-) Volker (This used to be commit 73fc6da6cf2b52f65c3dbfb7705899e6cbea447a)
2003-10-23Apply the changes to libsmbclient that derrell has contributed. Fix someRichard Sharpe2-392/+1931
of the problems with this. From: Derrell.Lipman@unwireduniverse.com (This used to be commit 8e3d2708c5e5a9968aeb9a6fe6c828aa8a5b22a9)
2003-10-22Put strcasecmp/strncasecmp on the banned list (except for needed callsJeremy Allison1-1/+1
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit 5c050a735f86927c7ef2a98b6f3a56abe39e4674)
2003-10-21Fix for bug #64, Win9x Nexus tools not working against Samba3.0. MissingJeremy Allison1-0/+4
map in errormap for ERROR_MORE_DATA -> ERRDOS, ERRmoredata. Jeremy. (This used to be commit 8458f4c52f32ef192287ddb8371638f42a370c6f)
2003-10-21Patch from Stefan Metzmacher <metze@metzemix.de> to fix signing problemsJeremy Allison1-1/+1
when reverse connecting back to a client for printer notify. Jeremy. (This used to be commit 7fde193efeb856ec325d5d563f1e710c45dc65d7)
2003-10-21Fix signing miss-sequence noticed by Stefan Metzmacher <metze@metzemix.de>Jeremy Allison1-46/+27
Jeremy. (This used to be commit 419834edee09567c8523ad3afba674a12504282d)
2003-10-20Merge Volker's fix.Jeremy Allison1-0/+11
We are doing NT error codes now.... If we have an NT error, report that back the same way we handle the DOS error. Although I don't see why BUFFER_TOO_SMALL should not be handled as an error, simply copy the logic. This is only called from smbcacls and smbcquotas. Jeremy. (This used to be commit f67154fe41d7d458a11dfb9b2f0c6c26609c9a72)
2003-10-14Enable us to see what sequence number we were expecting when we fail a signJeremy Allison1-4/+4
(should help track down out of sequence bugs). Jeremy. (This used to be commit c6a36d4e486bf1aa384adf7db37878e485476216)
2003-10-14Enclose usage of st_blksize and st_blocks struct stat members inTim Potter1-0/+4
#ifdef HAVE_STAT_ST_BLKSIZE and #ifdef HAVE_STAT_ST_BLOCKS, respectively. Fixes bug 550 reported by Joachim Schmitz <schmitz@hp.com>. (This used to be commit 3d777f5389ed6b4ab8c42eb110d41f7df309bead)
2003-10-08Fixup error code returns from Samba4 tester. Ensure invalid paths areJeremy Allison1-1/+1
validated the same way. Jeremy. (This used to be commit 960e2b4a5f09d3ef80a926894ee7a28549b8de45)
2003-09-19Merge from 3.0:Tim Potter1-3/+4
>Applied Steve Langasek's patch for bug #450. (This used to be commit 50ae61b674550082e30f7156f2a9129b7abebb14)
2003-09-16Fix #442 which Alexander considered a showstopper. Allow us to join mixedJeremy Allison2-8/+6
mode domains. Jeremy. (This used to be commit 07cfce283004d29d1f60e5d8c97e3e3d7c293805)
2003-09-09removing unused filesGerald Carter1-172/+0
(This used to be commit 1a9145015d4b2ee7e7399099760cda13d619e740)
2003-09-09sync 3.0 into HEAD for the last timeGerald Carter21-220/+712
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
2003-08-02port latest changes from SAMBA_3_0 treeSimo Sorce17-188/+850
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
2003-07-16ading new files from 3.0Gerald Carter2-0/+396
(This used to be commit 99feae7b5b1c229a925367b87c0c0f636d9a2d75)
2003-07-16trying to get HEAD building again. If you want the codeGerald Carter20-797/+1508
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE (This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
2003-05-27Merge from 3.0: quieten debug message for trust acct password change.Tim Potter1-1/+1
(This used to be commit ab60980461f31ce3dcb582f195b3754807dd9174)
2003-05-27Added string error for NT_STATUS_NOT_A_REPARSE_POINT error.Tim Potter1-0/+1
(This used to be commit cb4188941e93f8026a94a7378a51b0ec73ffcb8f)
2003-05-26Fix list of servers in 'smbclient -L' (debian bug #194553, patch by Heine ↵Jelmer Vernooij1-1/+1
Larsen) (This used to be commit c9c8eccdba820e82e1f987f9078d882668a8061b)
2003-05-21fix for UNICODE plaintext passwords (bug #59) and fix smbclient to send the ↵Gerald Carter1-3/+16
unicode plain text password if negoitated (This used to be commit 207186e1c8ff0aac2a2aba9c4037d0be0c4819c8)
2003-05-14spellingTim Potter2-2/+2
(This used to be commit 249a6974702d050644d6d61f33f0034ce2a689ee)