summaryrefslogtreecommitdiff
path: root/source3/smbd/negprot.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r4018: * move claim_connection from the netbios session requestGerald Carter1-0/+6
reply code to the negprot reply code to cope with client connections on port 445. Fixes the spurious "register_message_flags: tdb fetch failed" errors. * don't run the backgroup LPQ daemon when we are running in interactive mode. (This used to be commit 88747a7da351261185222e78e9c8d470ff53a246)
2007-10-10r3946: Fix for bugid #2085 reported by Jason Mader <jason@ncac.gwu.edu>. Use ↵Jeremy Allison1-1/+1
consistent enum type for Protocol extern. Jeremy. (This used to be commit 65dfae7ea45d4c9452b2a08efa09b01d870142f3)
2007-10-10r1939: Ensure with my new change we set extended security in flags2 inJeremy Allison1-0/+3
the negprot reply. Jeremy. (This used to be commit 8b80b46b8b76ead72c17dc65f2de4c0cc0b263c7)
2007-10-10r1936: Fix bug noticed by Steve - ensure extended security bit is on onlyJeremy Allison1-0/+1
if we negotiated extended security. Do not merge for 3.0.6. Works with W2K but needs further testing. Jeremy. (This used to be commit 284689aa18d2711a9041598cdf490359466f7f77)
2007-10-10r1154: Change default setting for case sensitivity to "auto". If set to autoJeremy Allison1-3/+16
then is the client supports it (current clients supported are Samba and CIFSVFS - detected by the negprot strings "Samba", "POSIX 2" and a bare "NT LM 0.12" string) then the setting of the per packet flag smb_flag FLAG_CASELESS_PATHNAMES is taken into account per packet. This allows the linux CIFS client to use Samba in a case sensitive manner. Additional command in smbclient "case_sensitive", toggles the flag in subsequent packets. Docs to follow. Jeremy. (This used to be commit cf84c0fe1a061acc0313f7db124b8f947cdf623d)
2004-03-27As I raised (without objection) on the mailing list a while back, thisAndrew Bartlett1-5/+1
patch removes the 'unicode' smb.conf option. Clients are as always free not to negotiate unicode, but Samba will always accept unicode in smbd. Setting 'unicode = no' caused me more client BSODs than any other option I have seen, and I really want to protect some of our more silly users, who will, no matter what, select and change every option... Andrew Bartlett (This used to be commit 3f9177bd5df68809294335a36919994893ff8ead)
2004-03-13Modified fix for bugid #784. Based on a patch from moriyama@miraclelinux.com ↵Jeremy Allison1-3/+7
(MORIYAMA Masayuki). Don't use nstrings to hold workgroup and netbios names. The problem with them is that MB netbios and workgroup names in unix charset (particularly utf8) may be up to 3x bigger than the name when represented in dos charset (ie. cp932). So go back to using fstrings for these but translate into nstrings (ie. 16 byte length values) for transport on the wire. Jeremy. (This used to be commit b4ea493599ab414f7828b83f40a5a8b43479ff64)
2003-07-18Signing so far... the client code fails on a SMBtrans2 secondary transactionJeremy Allison1-5/+13
I think (my changes haven't affected this I believe). Initial support on the server side for smbclient. Still doesn't work for w2k clients I think... Work in progress..... (don't change). Jeremy. (This used to be commit e5714edc233424c2f74edb6d658f32f8e0ec9275)
2003-07-17Putting the framework for server signing in place. Ensure we don't useJeremy Allison1-0/+12
sendfile when signing (I need to add this for readbraw/writebraw too...). Jeremy. (This used to be commit f2e84f1ba67b13ff29e24a38099b559d9033a680)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-1/+1
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-05-31Got us happy running under valgrind again :-).Jeremy Allison1-0/+1
Jeremy. (This used to be commit b6ab9d73610861d225d72845d4df7cf970155e39)
2003-05-31Fixes to stop valgrind complaining about uninitialised memory when it'sJeremy Allison1-0/+9
copying clobbered buffer areas and doing hashes on them and sending them onto the wire. Jeremy. (This used to be commit 7dfcf714ae2e81fece489640e2341f132c9f567d)
2003-05-21merge LANMAN1/LANMAN2.1 fixes from headAndrew Tridgell1-0/+2
(This used to be commit 73c686ab771b6c3e9a9335032f851083d44701c7)
2003-03-18Jeremy merged across my string parinoia fixes, but forgot to enable them! :-)Andrew Bartlett1-3/+3
This patch catches up on the rest of the work - as much string checking as is possible is done at compile time, and the rest at runtime. Lots of code converted to pstrcpy() etc, and other code reworked to correctly call sizeof(). Andrew Bartlett (This used to be commit c5b604e2ee67d74241ae2fa07ae904647d35a2be)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-3/+3
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-4/+2
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-10-15Change default of max_xmit to match W2K. Ensure NT negprot uses it.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 0bf7187e3ba57ee2422a0f6f736266a55502123c)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-6/+8
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17Sync 3.0 branch with headJelmer Vernooij1-7/+14
(This used to be commit 42615b945e2e48e53a21ea47f2e45407913a6a1e)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-191/+189
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-17Renamed get_nt_error_msg() to nt_errstr().Tim Potter1-1/+1
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
2002-02-27Added "nt status support" parameter. Fix offline synchronisation.Jeremy Allison1-12/+13
Jeremy. (This used to be commit 9243a9778e52999d5c62cba484640637b24994d8)
2002-02-22don't do an ADS init when not in ADS modeAndrew Tridgell1-5/+4
(This used to be commit 68693ba4e80257bf895b1c8db18c138d5d9919bb)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-20Spelling fixes.Tim Potter1-7/+7
(This used to be commit e67c7c5852624bcdd5c565ea5f00b143aaf7fee4)
2002-01-11Same fix as went into 2.2 (I'm waiting for jerry to finish some code).Jeremy Allison1-1/+1
Jeremy. (This used to be commit 01ff6ce4963e1daff019f2b936cef218e1c93f67)
2002-01-10First part of UNIX extensions (#ifdefed out) more to follow.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 02b18f2cca6d6d046d2d8fd7375b207d44031ddc)
2002-01-09Better explanation message for dmalloc.Martin Pool1-1/+1
Also more insertion of parenthesis to handle struct members called 'free'. You can now get useful dmalloc output, as long as it is compatible with your C library. On RH7.1 it looks like you have to rebuild dmalloc to allow free(0) by default, because something in libcrypt does that. (sigh) (This used to be commit 391cbb690196537c8b6292b42c2e27408cc7e249)
2002-01-05I've decided to move the auth code around a bit more...Andrew Bartlett1-23/+28
The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
2001-12-07added a "use spnego" optionAndrew Tridgell1-0/+1
you need to set "use spnego = no" for w2k to be able to join a samba domain. Otherwise the w2k box will assume we can do kerberos as a KDC (This used to be commit b5cb57a367a6d9a82e082e2838e83e0997eb4930)
2001-12-05added a REALLY gross hack into kerberos_kinit_password so thatAndrew Tridgell1-1/+1
winbindd can do a kinit this will be removed once we have code that gets a tgt and puts it in a place where cyrus-sasl can see it (This used to be commit 7d94f1b7365215a020d3678d03d820a7d086174f)
2001-11-29Make better use of the ads_init() function to get the kerberos relam etc.Andrew Bartlett1-9/+13
This allows us to use automagically obtained values in future, and the value from krb5.conf now. Also fix mem leaks etc. Andrew Bartlett (This used to be commit 8f9ce717819235d98a1463f20ac659cb4b4ebbd2)
2001-11-27always send an OID list until we handle raw (unwrapped) NTLMSSPAndrew Tridgell1-6/+15
packets in session setup (This used to be commit 3b3f8a935064811906cba221d386697e699af18c)
2001-11-26challange -> challengeTim Potter1-3/+3
(This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)
2001-11-26fixed spnego, non-kerberos negprotAndrew Tridgell1-2/+2
(This used to be commit 2e916222a915c27f919a9841bde5ba0967af2190)
2001-11-25added 'security=ADS'Andrew Tridgell1-0/+7
(This used to be commit 5a735a88e472a48cd4329832998dc31c1e230ecb)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett1-64/+38
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-10-31SPNEGO works perfectly well with security=domain, so don't exclude it.Andrew Bartlett1-3/+7
(This used to be commit 26a9479ad450a5135e54b45d659bf3558892d9e6)
2001-10-30Spnego on the 'server' end of security=server just does not work, so set theAndrew Bartlett1-1/+4
flags so we just do a 'normal' session setup. Also add some parinoia code to detect when sombody attempts to do a 'normal' session setup when spnego had been negoitiated. Andrew Bartlett (This used to be commit 190898586fa218c952fbd5bea56155d04e6f248b)
2001-10-23get rid of compiler warnings (casts and delete unused variables)Herb Lewis1-4/+4
(This used to be commit 51cb4411df61d1caec9d84809b1a53a6a632f808)
2001-10-22- fixed link order of krb5 libsAndrew Tridgell1-0/+1
- accept a wide range of principal names in session setup (This used to be commit 672df66296f540b606aa43effab5f021b8978e4b)
2001-10-21Ok, I know it's a language thing and it shouldn't matter.... but a kerberosJeremy Allison1-4/+4
name is a "principal", not a principle. English majors will complain :-). Jeremy. (This used to be commit b668d7d656cdd066820fb8044f24bcd4fda29524)
2001-10-21change smbd to use HOST/hostname principle form until I work out howAndrew Tridgell1-1/+3
to use the other form in netjoin (This used to be commit 58cfa13d6576bd34ceed7ba6ad52bced96e50544)
2001-10-21support both old and new kerberos OIDsAndrew Tridgell1-1/+1
(This used to be commit eac164c7e650a8f855e7b662b126a5dfc5516927)
2001-10-20better krb5 error handling (thanks andrewb!)Andrew Tridgell1-1/+1
(This used to be commit fd3a3daef3b8f7140e7006d30d23d739ac3aad2f)
2001-10-18the beginnings of kerberos support in smbd. It doesn't work yet, butAndrew Tridgell1-3/+0
it should give something for others to hack on and possibly find what I'm doing wrong. (This used to be commit 353c290f059347265b9be2aa1010c2956da06485)
2001-10-17added basic NTLMSSP support in smbd. This is still quite rough, andAndrew Tridgell1-14/+61
loses things like username mapping. I wanted to get this in then discuss it a bit to see how we want to split up the existing session setup code (This used to be commit b74fda69bf23207c26d8b2af23910d8f2eb89875)
2001-10-11initial kerberos/ADS/SPNEGO support in libsmb and smbclient. ToAndrew Tridgell1-4/+4
activate you need to: - install krb5 libraries - run configure - build smbclient - run kinit to get a TGT - run smbclient with the -k option to choose kerberos auth (This used to be commit d33057585644e1337bac743e25ed7653bfb39eef)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-1/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-26Kill of the reply.c end of the workstaion trust account mess.Andrew Bartlett1-14/+18
Fix the NT errror codes, this time in line with WinXP/2k. - Return the normal error codes, expect for bad user/bad password. These map to logon failure, as a quick security hack. We follow suit. Simplfy some of the password extraction code, the auth subsytem has the intelegence to sort this stuff out, no need to do it here. Move to 'global_encrypted_passwords_negotiated' to determine the use of unencrypted hacks, replacing the current mess. Andrew Bartlett (This used to be commit c04f063573c61d8ef3f43815bbb9b6b076dc23eb)