summaryrefslogtreecommitdiff
path: root/source3/smbd/negprot.c
AgeCommit message (Collapse)AuthorFilesLines
2001-12-05added a REALLY gross hack into kerberos_kinit_password so thatAndrew Tridgell1-1/+1
winbindd can do a kinit this will be removed once we have code that gets a tgt and puts it in a place where cyrus-sasl can see it (This used to be commit 7d94f1b7365215a020d3678d03d820a7d086174f)
2001-11-29Make better use of the ads_init() function to get the kerberos relam etc.Andrew Bartlett1-9/+13
This allows us to use automagically obtained values in future, and the value from krb5.conf now. Also fix mem leaks etc. Andrew Bartlett (This used to be commit 8f9ce717819235d98a1463f20ac659cb4b4ebbd2)
2001-11-27always send an OID list until we handle raw (unwrapped) NTLMSSPAndrew Tridgell1-6/+15
packets in session setup (This used to be commit 3b3f8a935064811906cba221d386697e699af18c)
2001-11-26challange -> challengeTim Potter1-3/+3
(This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)
2001-11-26fixed spnego, non-kerberos negprotAndrew Tridgell1-2/+2
(This used to be commit 2e916222a915c27f919a9841bde5ba0967af2190)
2001-11-25added 'security=ADS'Andrew Tridgell1-0/+7
(This used to be commit 5a735a88e472a48cd4329832998dc31c1e230ecb)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett1-64/+38
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-10-31SPNEGO works perfectly well with security=domain, so don't exclude it.Andrew Bartlett1-3/+7
(This used to be commit 26a9479ad450a5135e54b45d659bf3558892d9e6)
2001-10-30Spnego on the 'server' end of security=server just does not work, so set theAndrew Bartlett1-1/+4
flags so we just do a 'normal' session setup. Also add some parinoia code to detect when sombody attempts to do a 'normal' session setup when spnego had been negoitiated. Andrew Bartlett (This used to be commit 190898586fa218c952fbd5bea56155d04e6f248b)
2001-10-23get rid of compiler warnings (casts and delete unused variables)Herb Lewis1-4/+4
(This used to be commit 51cb4411df61d1caec9d84809b1a53a6a632f808)
2001-10-22- fixed link order of krb5 libsAndrew Tridgell1-0/+1
- accept a wide range of principal names in session setup (This used to be commit 672df66296f540b606aa43effab5f021b8978e4b)
2001-10-21Ok, I know it's a language thing and it shouldn't matter.... but a kerberosJeremy Allison1-4/+4
name is a "principal", not a principle. English majors will complain :-). Jeremy. (This used to be commit b668d7d656cdd066820fb8044f24bcd4fda29524)
2001-10-21change smbd to use HOST/hostname principle form until I work out howAndrew Tridgell1-1/+3
to use the other form in netjoin (This used to be commit 58cfa13d6576bd34ceed7ba6ad52bced96e50544)
2001-10-21support both old and new kerberos OIDsAndrew Tridgell1-1/+1
(This used to be commit eac164c7e650a8f855e7b662b126a5dfc5516927)
2001-10-20better krb5 error handling (thanks andrewb!)Andrew Tridgell1-1/+1
(This used to be commit fd3a3daef3b8f7140e7006d30d23d739ac3aad2f)
2001-10-18the beginnings of kerberos support in smbd. It doesn't work yet, butAndrew Tridgell1-3/+0
it should give something for others to hack on and possibly find what I'm doing wrong. (This used to be commit 353c290f059347265b9be2aa1010c2956da06485)
2001-10-17added basic NTLMSSP support in smbd. This is still quite rough, andAndrew Tridgell1-14/+61
loses things like username mapping. I wanted to get this in then discuss it a bit to see how we want to split up the existing session setup code (This used to be commit b74fda69bf23207c26d8b2af23910d8f2eb89875)
2001-10-11initial kerberos/ADS/SPNEGO support in libsmb and smbclient. ToAndrew Tridgell1-4/+4
activate you need to: - install krb5 libraries - run configure - build smbclient - run kinit to get a TGT - run smbclient with the -k option to choose kerberos auth (This used to be commit d33057585644e1337bac743e25ed7653bfb39eef)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-1/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-26Kill of the reply.c end of the workstaion trust account mess.Andrew Bartlett1-14/+18
Fix the NT errror codes, this time in line with WinXP/2k. - Return the normal error codes, expect for bad user/bad password. These map to logon failure, as a quick security hack. We follow suit. Simplfy some of the password extraction code, the auth subsytem has the intelegence to sort this stuff out, no need to do it here. Move to 'global_encrypted_passwords_negotiated' to determine the use of unencrypted hacks, replacing the current mess. Andrew Bartlett (This used to be commit c04f063573c61d8ef3f43815bbb9b6b076dc23eb)
2001-09-23Fix up NT_STATUS return for session setups, Win2k objects to anything otherAndrew Bartlett1-6/+4
than NT_STATUS_LOGON_FAILURE. This also brings us (almost) back in line with their implementation. Kill off SMBENCRYPT() macro Kill off 'nt smb support' paramater - tridge okayed this one. Andrew Bartlett (This used to be commit 67947bf6e31ee9758f8a2186f83031ba21b716f2)
2001-09-12- enable MSDFS by default, there seems no reason not to have it enabledAndrew Tridgell1-3/+1
by default in Samba 3.x - got rid of some unused parameters in Makefile.in - declare DEBUGLEVEL in debug.h rather than in each file (This used to be commit b8651acb9c0d7248a6a2e82c33b1e43633fd83fd)
2001-08-27converted smbd to use NTSTATUS by defaultAndrew Tridgell1-87/+89
major changes include: - added NSTATUS type - added automatic mapping between dos and nt error codes - changed all ERROR() calls to ERROR_DOS() and many to ERROR_NT() these calls auto-translate to the client error code system - got rid of the cached error code and the writebmpx code We eventually will need to also: - get rid of BOOL, so we don't lose error info - replace all ERROR_DOS() calls with ERROR_NT() calls but that is too much for one night (This used to be commit 83d9896c1ea8be796192b51a4678c2a3b87f7518)
2001-08-08Some better debugs for our security=server code. I want to track down whyAndrew Bartlett1-1/+3
we occasionally don't make the connection to the server. (This used to be commit 08e99f4c12ad8747a8fd0e47ed4165cea428128d)
2001-08-03This is my 'Authentication Rewrite' version 1.01, mostly as submitted toAndrew Bartlett1-0/+3
samba-technical a few weeks ago. The idea here is to standardize the checking of user names and passwords, thereby ensuring that all authtentications pass the same standards. The interface currently implemented in as nt_status = check_password(user_info, server_info) where user_info contains (mostly) the authentication data, and server_info contains things like the user-id they got, and their resolved user name. The current ugliness with the way the structures are created will be killed the next revision, when they will be created and malloced by creator functions. This patch also includes the first implementation of NTLMv2 in HEAD, but which needs some more testing. We also add a hack to allow plaintext passwords to be compared with smbpasswd, not the system password database. Finally, this patch probably reintroduces the PAM accounts bug we had in 2.2.0, I'll fix that once this hits the tree. (I've just finished testing it on a wide variety of platforms, so I want to get this patch in). (This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)
2001-07-04The big character set handling changeover!Andrew Tridgell1-1/+1
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)
2001-07-01- fix bug in reply_nt- fix bug in reply_nt1Simo Sorce1-4/+4
(This used to be commit 200110a3b4caeb0d8be87f02476af29165e35ada)
2001-06-21Added STR_NOALIGN flags to clistr and srvstr fns. Yes, NT actually doesAndrew Tridgell1-9/+9
send unaligned unicode strings sometimes! Fixed our handling of the workgroup name tacked on the end of the NT1 negprot response (a unaligned unicode) fixed a couple of places where we should be using the message_end fns instead of pre-calculated buffer lengths (This used to be commit 86613493a9b2e56523153486931d0bf8d39beb7a)
2001-06-08Extra stuff for large readwrite support.Jeremy Allison1-1/+2
Jeremy. (This used to be commit 4338ee78c3d7bcf4b9fac383ff2f572d882ab97c)
2001-05-23This is *very* cool. I'm pretty convinced we can just set theJeremy Allison1-0/+1
CAP_LARGE_READX|CAP_LARGE_WRITEX bits on negprot and out W2K performance goes through the roof...... And as we *always* offer 64 buffers we can do this with this simple change..... Jeremy. (This used to be commit c328dda0fa081e79049d7a9ddac06e80cc8b331b)
2001-03-16enable unicode on the wire by default in smbdAndrew Tridgell1-2/+2
the unicode support isn't complete, but it is good enough to be usable for a test server. (This used to be commit e787fc1daf4a46c182e87bf0697eec80ff0ce87a)
2001-03-11Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMRJeremy Allison1-4/+0
RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
2001-03-10started support for unicode on the wire in smbd. Using a very similarAndrew Tridgell1-0/+6
method to what was used in the client I now have session setup and tconx working. Currently this is enabled with SMBD_USE_UNICODE environment variable. Once the code is complete this will become a smb.conf option. (This used to be commit 7684c1e67294266d018c6f0cab58f1a9d797174f)
2001-03-09merge of 'lanman auth' and 'min protocol' from 2.2Gerald Carter1-1/+2
(This used to be commit 1d84da779a0fe3219d77686a493d2b2fa1f8072a)
2000-11-16Ok - fixed a bug in our levelII oplock code. We need to break a level II onJeremy Allison1-1/+1
a byte range lock (write lock only, but Win2k breaks on read lock also so I do the same) - if you think about why, this is obvious. Also fixed our client code to do level II oplocks, if requested, and fixed the code where we would assume the client wanted level II if it advertised itself as being level II capable - it may not want that. Jeremy. (This used to be commit 213cd0b5192307cd4b0026cae94b2f52fb1b0c02)
2000-10-11changes to sync with 2.2. treeHerb Lewis1-0/+2
.cvsignore remove config.h - not in this directory include/profile.h profile changes lib/messages.c added message to return debug level libsmb/clierror.c cast to get rid of compiler warning libsmb/smbencrypt.c cast to get rid of compiler warning profile/profile.c add flush profile stats changes for profile struct rpc_parse/parse_samr.c fix for compiler warning rpc_server/srv_samr.c cast to get rid of compiler warning smbd/ipc.c profile stats message.c profile stats smbd/negprot.c profile stats smbd/nttrans.c profile stats smbd/trans2.c profile stats utils/smbcontrol.c new flush stats command (This used to be commit bbb24daa25dca4e4b6b1f8942cd84ee3aa1bed8e)
2000-05-26Changed MS_DFS to WITH_MSDFS throughout.Shirish Kalele1-1/+1
Fixed trans2 calls on IPC$ to let dfs referral calls through. (This used to be commit e0965a80bdca5239886b11ef55dc29fed261bfc0)
2000-05-10more merging voodooAndrew Tridgell1-0/+4
this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic - this isn't permanent, it should go after another few merge steps have been done (This used to be commit 92109d7b3c06f240452d39f669ecb8c9c86ab610)
2000-05-02Added sys_fork() and sys_getpid() functions to stop the overheadJeremy Allison1-3/+3
of doing a system call every time we want to just get our pid. Jeremy. (This used to be commit 148628b616b5c29ba6340d65fc3ddbcabba6e67a)
2000-03-13include/smb.h:Jeremy Allison1-1/+4
smbd/negprot.c: smbd/reply.c: Fixes to recognise Win2k. param/loadparm.c: Put debug timestamp parameter back to correct default. smbd/nttrans.c: Fix to detect Win2k unicode bug with transact create. Jeremy. (This used to be commit bb100352ab2f98fab3978008d269920e03efcf6d)
2000-03-08dded Microsoft Dfs services.Shirish Kalele1-0/+5
* added a new msdfs/ directory under source/ * added msdfs sources under this directory. * modified configure setup to add a --with-msdfs configure time option Modified Files: Makefile.in acconfig.h configure configure.in include/config.h.in include/includes.h include/proto.h include/smb.h include/smb_macros.h param/loadparm.c smbd/negprot.c smbd/nttrans.c smbd/process.c smbd/reply.c smbd/server.c smbd/trans2.c Added Files: include/msdfs.h msdfs/README msdfs/msdfs.c msdfs/msdfs_tdb.c msdfs/parse_dfs_map.c ---------------------------------------------------------------------- (This used to be commit 4684b4a188b54493dbe7f0de2909a8d3c5c3ebf9)
2000-01-08smbd/mangle.cJeremy Allison1-1/+1
smbd/negprot.c: Tidyup of static initializers. smbd/server.c: Fix -l option. Jeremy. (This used to be commit d120f22fefde21b38e43ea5ad0180bf27304d2eb)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-49/+46
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-09-16reading in smb server domain name from SMBnegprot responseLuke Leighton1-3/+4
(This used to be commit 25025f450531c66c0fd9f7eed886cb288d76d025)
1999-07-12Jean-Francois Micouleau's rewritten DFS patch, originally written byLuke Leighton1-0/+7
Nigel Williams. despite the data format being *exactly* the same as NT's, this still doesn't work yet. more work needed. (This used to be commit 270981960bb5aab52d2f8e494827101ece6729c4)
1999-05-01added server ntlmv2 false/auto/true parameter, defaults to off.Luke Leighton1-13/+20
(This used to be commit 209944dabc764c6ea0c471e7868306c7d8d020d4)
1998-09-18gto ri of a bunch more #ifdef LARGE_SMB_OFF_T checks by introducing aAndrew Tridgell1-5/+2
SOFF_T() macro for setting an SMB_OFF_T variable also limited mmap based reads to MAX_MMAP_SIZE. We really can't mmap 2^50 bytes due to virtual address space problems. (This used to be commit 4e784b18899eddd2399a51fa7d8c219560432922)
1998-09-17configure configure.in: Added checks for statvfs64. Last bit of 64 bit ↵Jeremy Allison1-4/+6
widening (I hope :-). include/config.h.in: Added #undef STAT_STATVFS64. include/includes.h: Added SMB_STRUCT_STATVFS type, Changed SMB_BIG_INTEGER to SMB_BIG_UINT and SMB_BIG_INT types. include/smb.h: Added flag defines from CIFS spec. lib/debug.c: Fixed one more mode_t issue. lib/system.c: Added sys_statvfs wrapper. lib/util.c: Changed trim_string to use size_t. param/loadparm.c: Moved "blocking locks" into locking section. Alphabetised locking options. Question - shuld we do this for all options ? passdb/ldap.c: Changed SMB_BIG_INTEGER to SMB_BIG_UINT. passdb/nispass.c: Changed SMB_BIG_INTEGER to SMB_BIG_UINT. passdb/smbpass.c: Changed SMB_BIG_INTEGER to SMB_BIG_UINT. smbd/dfree.c: Changed to use 64 bit types if available. Moved to use unsigned types. smbd/dosmode.c: Fixed one more mode_t issue. smbd/negprot.c: Changed literals to be FLAG_ #defines. smbd/nttrans.c: Removed dead code. smbd/open.c: Changed disk_free call. smbd/process.c: Changed literals to be FLAG_ #defines. smbd/reply.c: Changed disk_free call. smbd/trans2.c: Fixed but in SMB_QUERY_FS_VOLUME_INFO call. Was using UNICODE - should use ascii. tests/summary.c: Added STAT_STATVFS64 check. Jeremy. (This used to be commit c512b1b91fb7f2a7a93b9033a33e06d966daadb4)
1998-09-11Ok - this is the 'expose 64 bit to the clients' checkin.Jeremy Allison1-2/+6
I have tested it by creating a 'holey' 20GB file - checking that it shows up correctl in the NT file view (it does) and am busily copying it to NULL: on the NT box. All good so far.... :-). Also implemented NT 'delete on close' semantics. Jeremy. (This used to be commit 1654faee80648583e6a47ab7eda990fefdf85124)
1998-09-10Improved stat cache code by uppercasing any search name that gets added toJeremy Allison1-2/+2
it if we're in case insensitive mode, and then doing a memcmp rather than a StrnCaseCmp (which is *horribly* slow) on every lookup. Fixed bug with refusing NT SMB's (use *brackets* where needed :-). Jeremy. (This used to be commit 02b3fddce33a58a4db2102670b502fc0c6f45fab)