Age | Commit message (Collapse) | Author | Files | Lines |
|
signing_key
The signing_key is fix across all channels and is used for session setups
on a channel binding.
Note:
- the last session setup response is signed with the new channel signing key.
- the reauth session setups are signed with the channel signing key.
It's also not needed to remember the main session key.
metze
|
|
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Sun Feb 26 11:10:15 CET 2012 on sn-devel-104
|
|
|
|
|
|
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Feb 18 06:22:40 CET 2012 on sn-devel-104
|
|
Now that there is only one gensec_ntlmssp server, some of these functions can be static
For the rest, put the implemtnation of the gensec_ntlmssp code into ntlmssp_private.h
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
The ntlmssp_server code will be in common shortly, and aside from a
symbol name or two, moving the client code causes no harm and makes
less mess. We will also get the client code in common very soon.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants
with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT.
Also replaced several hard-coded references to the well-known port
numbers (139 and 445, respectively) as appropriate.
Small changes to clarify some comments regarding the two transport
types.
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
|
|
Also remove the unused configure tests for krb5_c_enctype_compare.
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html
Andrew Bartlett
|
|
Also remove the unused configure tests for krb5_c_enctype_compare.
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html
Andrew Bartlett
|
|
Also remove now-unused configure checks for krb5_mk_error().
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html
Andrew Bartlett
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Feb 9 14:58:57 CET 2012 on sn-devel-104
|
|
|
|
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Feb 1 23:29:44 CET 2012 on sn-devel-104
|
|
This creates its own header file for util_cmdline so it doesn't need to
link against popt.
This should fix linking on FreeBSD.
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This is intead of the inline, manual spnego code currently
in use.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
With the posix extensions, we can read 16MB at a time, so we need to check
the full size of the packet, not the size rounded down to the old NBT
limit.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
This is rather than via a now one-element union.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This also fixes the support for smb sealing with krb5 in make test, as
this now relies on secrets.tdb rather than /etc/krb5.keytab.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
cli_pipe_open_generic/spnego()
This allows the target service (as determined from the IDL) to be
passed to GSSAPI (rather than the current, incorrect, "cifs").
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This also includes renaming the helper function
rpccli_ntlmssp_bind_data, and allows this function to operate on any
gensec-supplied auth type.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
This also assumes the modern API with a krb5_context argument.
Andrew Bartlett
|
|
|
|
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jan 9 23:07:32 CET 2012 on sn-devel-104
|
|
This is important, as we want to use exactly the same name and ticket
that the libsmb session setup code used, so we do not hit the KDC twice.
For the session setup to have succeded using the default 'client use
spnego principal = no', the cifs/ principal must exist anyway, so
looking for host/ is pointless. The case of 'client use spnego
principal = yes' was never supported here.
Andrew Bartlett
|
|
This mirrors 860ad734ba77238d187520f72afcbdc1c73d94ef which in turn
mirrors the behaviour of the libsmb client code at session setup time.
Andrew Bartlett
|
|
When E_deshash() returns false, it indicates that the password is either > 14 chars
in length, or could not be represented as an LM hash value for some other
reason. In this case, we should not regard the LM hash being missing
as an error or a no-password situation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jan 6 14:59:13 CET 2012 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
As well as renaming, this allows us to start the mech by DCE/RPC auth
type or OID.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This prepares us for making the code generic to multiple mechansims
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
kerberos_get_principal_from_service_hostname()
This is now used in the GSE GSSAPI client, so that when we connect to
a target server at the CIFS level, we use the same name to connect
at the DCE/RPC level.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This structure handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Dec 20 13:13:17 CET 2011 on sn-devel-104
|
|
This fixes bug #8628.
Each time we do a client connection. Each time we call to function to
get the service ticket from the cache we duplicate it. So with each
connection we end up with one or three duplicated tickets.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Dec 15 19:30:42 CET 2011 on sn-devel-104
|
|
s3: Add a fallback for missing open&x support in OS/X Lion
This is now done inside the synchronous cli_open() wrapper
function.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sun Dec 4 08:19:31 CET 2011 on sn-devel-104
|
|
it from cli_openx().
|
|
NtCreateX followed by openX() if NtCreateX is unsupported.
|
|
with a call that uses NTCreateX in preference to OpenAndX.
|
|
|
|
on an unknown SMB request to NT_STATUS_NOT_IMPLEMENTED.
|
|
This causes the backup_intent flags to be added to findfirst/findnext
and ntcreate/nttrans_create calls.
cli_set_backup_intent() sets the flag and returns the old value of
its state.
|