summaryrefslogtreecommitdiff
path: root/source3/libsmb
AgeCommit message (Collapse)AuthorFilesLines
2012-02-27libcli/smb/smbXcli: maintain smb2 channel_signing_key separate from the ↵Stefan Metzmacher1-2/+2
signing_key The signing_key is fix across all channels and is used for session setups on a channel binding. Note: - the last session setup response is signed with the new channel signing key. - the reauth session setups are signed with the channel signing key. It's also not needed to remember the main session key. metze
2012-02-26s3: Remove pointless parenthesesVolker Lendecke1-1/+1
Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Sun Feb 26 11:10:15 CET 2012 on sn-devel-104
2012-02-24s3-libsmb: Remove unused spnego_parse_auth_and_micAndrew Bartlett1-40/+0
2012-02-24s3-libsmb: Remove unused ntlmssp_server_start()Andrew Bartlett1-121/+0
2012-02-23s3-libsmb: Remove unused spnego functionsAndrew Bartlett1-109/+0
2012-02-18Fix a bunch of "unused variable" warnings.Jeremy Allison1-4/+3
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Feb 18 06:22:40 CET 2012 on sn-devel-104
2012-02-17auth: Make more of the ntlmssp code private or staticAndrew Bartlett1-0/+1
Now that there is only one gensec_ntlmssp server, some of these functions can be static For the rest, put the implemtnation of the gensec_ntlmssp code into ntlmssp_private.h Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17auth: Move the rest of the source4 gensec_ntlmssp code to the top levelAndrew Bartlett1-6/+6
The ntlmssp_server code will be in common shortly, and aside from a symbol name or two, moving the client code causes no harm and makes less mess. We will also get the client code in common very soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-16Rename obscure defined constants.Christopher R. Hertel (crh)2-8/+8
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT. Also replaced several hard-coded references to the well-known port numbers (139 and 445, respectively) as appropriate. Small changes to clarify some comments regarding the two transport types. Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
2012-02-10s3-libsmb: Remove unused kerberos_set_creds_enctype()Andrew Bartlett1-11/+0
Also remove the unused configure tests for krb5_c_enctype_compare. Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html Andrew Bartlett
2012-02-10s3-libsmb: Remove unused kerberos_compatible_enctypesAndrew Bartlett1-10/+0
Also remove the unused configure tests for krb5_c_enctype_compare. Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html Andrew Bartlett
2012-02-10s3-libsmb: Remove unused smb_krb5_mk_error()Andrew Bartlett1-37/+0
Also remove now-unused configure checks for krb5_mk_error(). Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html Andrew Bartlett
2012-02-09s3-libsmb: Remove obsolete smb_krb5_locate_kdc.Andreas Schneider1-89/+0
Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Thu Feb 9 14:58:57 CET 2012 on sn-devel-104
2012-02-02Allow a SACL to be sent in cli_set_secdesc().Jeremy Allison1-0/+2
2012-02-01s3-libsmb: Remove dead gssapi code.Andreas Schneider1-112/+0
Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Wed Feb 1 23:29:44 CET 2012 on sn-devel-104
2012-02-01s3-lib: Fix util_cmdline which doesn't use popt.Andreas Schneider3-2/+3
This creates its own header file for util_cmdline so it doesn't need to link against popt. This should fix linking on FreeBSD.
2012-01-31libcli/smb: Convert struct smb_trans_enc_state to tallocAndrew Bartlett1-25/+7
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-31s3-libsmb: Remove unused enum smb_trans_enc_typeAndrew Bartlett1-4/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-31s3-libsmb: Use gensec_spnego in smb seal clientAndrew Bartlett1-41/+6
This is intead of the inline, manual spnego code currently in use. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-31s3:libsmb/auth_generic: make use of gensec_spnego in the clientStefan Metzmacher1-4/+9
metze
2012-01-27s3-libsmb Do not limit read replies to NBT packet sizesAndrew Bartlett1-1/+1
With the posix extensions, we can read 16MB at a time, so we need to check the full size of the packet, not the size rounded down to the old NBT limit. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>
2012-01-20s3-libsmb: use struct gensec_security directlyAndrew Bartlett1-4/+4
This is rather than via a now one-element union. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-20s3-libcli Change krb5 smb sealing to call via gensec and gensec_gseAndrew Bartlett1-96/+50
This also fixes the support for smb sealing with krb5 in make test, as this now relies on secrets.tdb rather than /etc/krb5.keytab. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc: pass struct ndr_interface_table down to ↵Andrew Bartlett1-1/+1
cli_pipe_open_generic/spnego() This allows the target service (as determined from the IDL) to be passed to GSSAPI (rather than the current, incorrect, "cifs"). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-libsmb Use the gse_krb5 gensec module as clientAndrew Bartlett1-1/+6
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11s3-libsmb: split out auth_generic client functions into auth_generic.cAndrew Bartlett2-128/+155
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11s3-librpc Rename and rework cli_rpc_pipe_open_ntlmssp() to be genericAndrew Bartlett1-7/+9
This also includes renaming the helper function rpccli_ntlmssp_bind_data, and allows this function to operate on any gensec-supplied auth type. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-10krb5: Require krb5_set_real_time is available to build with krb5Andrew Bartlett1-20/+0
2012-01-10krb5: Require krb5_get_renewed_creds be available to build with krb5Andrew Bartlett1-49/+4
2012-01-10krb5: Require krb5_get_init_creds_opt_alloc/free for build with krb5Andrew Bartlett1-29/+0
This also assumes the modern API with a krb5_context argument. Andrew Bartlett
2012-01-10krb5: Require krb5_fwd_tgt_creds to be available to build with krb5Andrew Bartlett1-3/+3
2012-01-10krb5: Require krb5_c_enctype_compare is available to build with krb5Andrew Bartlett1-4/+0
2012-01-09s3: Remove an unused labelVolker Lendecke1-3/+0
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Jan 9 23:07:32 CET 2012 on sn-devel-104
2012-01-09s3-libsmb: Do not look up FQDN or use host/ for krb5 encrypted CIFSAndrew Bartlett1-12/+1
This is important, as we want to use exactly the same name and ticket that the libsmb session setup code used, so we do not hit the KDC twice. For the session setup to have succeded using the default 'client use spnego principal = no', the cifs/ principal must exist anyway, so looking for host/ is pointless. The case of 'client use spnego principal = yes' was never supported here. Andrew Bartlett
2012-01-09s3-libsmb: match the rest of Samba3 in kerberos name selection in smb sealingAndrew Bartlett1-17/+16
This mirrors 860ad734ba77238d187520f72afcbdc1c73d94ef which in turn mirrors the behaviour of the libsmb client code at session setup time. Andrew Bartlett
2012-01-06s3-ntlmssp Remove unused ntlmssp_set_hashes() and do not set an invalid LM hashAndrew Bartlett1-27/+21
When E_deshash() returns false, it indicates that the password is either > 14 chars in length, or could not be represented as an LM hash value for some other reason. In this case, we should not regard the LM hash being missing as an error or a no-password situation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Jan 6 14:59:13 CET 2012 on sn-devel-104
2012-01-06ntlmssp: merge initial packet implementationsAndrew Bartlett1-8/+21
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-06s3-libsmb Make auth_ntlmssp client more genericAndrew Bartlett2-22/+48
As well as renaming, this allows us to start the mech by DCE/RPC auth type or OID. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-06s3-libsmb Use gensec_settings to set s3 ntlmssp client backendAndrew Bartlett1-2/+10
This prepares us for making the code generic to multiple mechansims Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-libads Factor out a new routine ↵Andrew Bartlett1-36/+10
kerberos_get_principal_from_service_hostname() This is now used in the GSE GSSAPI client, so that when we connect to a target server at the CIFS level, we use the same name to connect at the DCE/RPC level. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22s3-auth rename auth_ntlmssp_state -> auth_generic_stateAndrew Bartlett2-8/+8
This structure handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-20s3: Fix some False/NULL hickupsVolker Lendecke2-2/+2
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Dec 20 13:13:17 CET 2011 on sn-devel-104
2011-12-15s3-libsmb: Don't duplicate kerberos service tickets.Andreas Schneider1-5/+0
This fixes bug #8628. Each time we do a client connection. Each time we call to function to get the service ticket from the cache we duplicate it. So with each connection we end up with one or three duplicated tickets. Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Thu Dec 15 19:30:42 CET 2011 on sn-devel-104
2011-12-04Revert fac5c654e2fe17c2c11d150b16088e8a51f6be20Jeremy Allison1-68/+19
s3: Add a fallback for missing open&x support in OS/X Lion This is now done inside the synchronous cli_open() wrapper function. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sun Dec 4 08:19:31 CET 2011 on sn-devel-104
2011-12-03Move the callers that need to use the new cli_open() back to callingJeremy Allison1-2/+2
it from cli_openx().
2011-12-03Add cli_open() back as a synchronous wrapper function the callsJeremy Allison2-0/+116
NtCreateX followed by openX() if NtCreateX is unsupported.
2011-12-03Rename cli_open -> cli_openx. Prelude to replacing generic cli_open()Jeremy Allison3-25/+25
with a call that uses NTCreateX in preference to OpenAndX.
2011-12-02s3: Use autogenerated open_files.idlVolker Lendecke1-0/+30
2011-12-02Ensure we map our own Samba return of ERRSRV, ERRunknownsmbJeremy Allison1-0/+1
on an unknown SMB request to NT_STATUS_NOT_IMPLEMENTED.
2011-12-01After a discussion with Volker, sdd a backup_intent state to the client struct.Jeremy Allison4-4/+20
This causes the backup_intent flags to be added to findfirst/findnext and ntcreate/nttrans_create calls. cli_set_backup_intent() sets the flag and returns the old value of its state.