Age | Commit message (Collapse) | Author | Files | Lines |
|
Ignore optional req_flags. Use the Kerberos mechanism OID negotiated
with the client rather than hardcoding OID_KERBEROS5_OLD.
(This used to be commit 59a2bcf30fef14ecc826271862b645dd3a61cb48)
|
|
ignoring passwords.
Jeremy.
(This used to be commit e7b6ea46532a26611dfd9d9e2727d52ba6a9cf50)
|
|
Broken by pstring removal in 9ed12bfc48fe7f9b1863a9dd88e881974083053c.
Jeremy, please check.
Thanks to Yannick Bergeron <yaberger@ca.ibm.com> for noting this.
Michael
(This used to be commit 008c4bdbe5de064b4469fc1f7c7173290f35b3ef)
|
|
NTLMSSP and Kerberos session setup
Guenther
(This used to be commit 18b8c2c19e50aee8fc900c7507244cb95014a4fa)
|
|
Guenther
(This used to be commit c55160f8e866d9b24a4dad234af78ae46c236a37)
|
|
Previously we didn't implement the 'NEGO' part of SPNEGO :-).
Jeremy.
(This used to be commit 8767a0dab95c544878b4187157e494e740974bb8)
|
|
metze
(This used to be commit 9d6b43ea106df188b51060a8055fe5168220c314)
|
|
ads_verify_ticket as it's always derefed.
Jeremy.
(This used to be commit 0599d57efff0f417f75510e8b08c3cb7b4bcfcd8)
|
|
Jeremy.
(This used to be commit 34cd9b5b51a4209b4d970eb90bf1db0eb24a60bb)
|
|
an extra parameter. This cleans up quite a few places
we were passing it around without needing it.
Jeremy.
(This used to be commit 8f36def18e9f980e8db522e1de41e80cfd5f466e)
|
|
with Volker. Mostly making sure we have data on the incoming
packet type, not stored in the smb header.
Jeremy.
(This used to be commit c4e5a505043965eec77b5bb9bc60957e8f3b97c8)
|
|
Jeremy.
(This used to be commit 9ed12bfc48fe7f9b1863a9dd88e881974083053c)
|
|
I have a plan for dealing with the remaining..... Watch
this space.
Jeremy.
(This used to be commit 963fc7685212689f02b3adcc05b4273ee5c382d4)
|
|
Jeremy.
(This used to be commit 95d01279a5def709d0a5d5ae7224d6286006d120)
|
|
statics. Part of my library cleanups.
Jeremy.
(This used to be commit e848506c858bd16706c1d7f6b4b032005512b8ac)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
calls. Use the IPv6 varient for get_peer_addr().
Jeremy.
(This used to be commit baf1f52e34ae2465a7a34be1065da29ed97e7bea)
|
|
in -1 for maxlen.
Michael
(This used to be commit cd3d652d0d7609fc369ed0743c1fc54c87558438)
|
|
(This used to be commit 17df313db42199e26d7d2044f6a1d845aacd1a90)
|
|
Jeremy, there are two remaining diffs in sesssetup.c which I don't really
know which one is right. Can you take a look?
Thanks,
Volker
(This used to be commit d82f35448763eacd564836f34c9aa450b15ea582)
|
|
Jeremy
(This used to be commit fd682c3f397714ebdaf4af3f6d1cbcbab6a2f572)
|
|
should
have been :-).
Jeremy.
(This used to be commit 41611a22ed852bb74e2ef3f45766c0580ffd3a18)
|
|
vuid that was allocated whilst the connection is
being constructed and after the connection has been set up.
This is what Windows does and at least one client
(and HP printer) depends on this behaviour. As it
depends on the req struct not yet ported to SAMBA_3_2_0
(Volker, hint hint.... :-) I am not yet adding this
to that branch, but will investigate that tomorrow.
Jeremy.
(This used to be commit a54f2805df92c67e74a6764568eedebe394fd500)
|
|
This itself won't help much, because send_trans2_replies_new still allocates
the big buffers, but stay tuned :-)
Also add/update my copyright on stuff I recently touched.
Volker
(This used to be commit 248f15ff143474db2493cef89ba446892342a361)
|
|
As usual,
its history can be found on http://samba.org/~vlendec/sesssetup/. This very
obviously needs close review.
Volker
(This used to be commit 35675a6a33d584e5c3c97d1cb5ca9b0315a5fa92)
|
|
(This used to be commit 53027d0ee2dbe15beb2fce5d11a26f4ac0b08b9c)
|
|
InBuffer/OutBuffer
The complete history of this patch can be found under
http://www.samba.org/~vlendec/inbuf-checkin/.
Jeremy, Jerry: If possible I would like to see this in 3.2.0. I'm only
checking into 3_2 at the moment, as it currently will slow down operations for
all non-converted (i.e. all at this moment) operations, as it will copy the
talloc'ed inbuf over the global InBuffer. It will need quite a bit of effort
to convert everything necessary for the normal operations an XP box does.
I have patches for negprot, session setup, tcon_and_X, open_and_X, close. More
to come, but I would appreciate some help here.
Volker
(This used to be commit 5594af2b208c860d3f4b453af6a649d9e4295d1c)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
Jeremy.
(This used to be commit 9e1663b1f18d716a7f307bea2b09dadeef392ab8)
|
|
checkin will pull this up to srvstr_get_path. At that point we can get more
independent of the inbuf, the base_ptr in pull_string will only be used
to satisfy UCS2 alignment constraints.
(This used to be commit 836782b07bf133e9b2598c4a089f1c810e4c7754)
|
|
when verifying a ticket from winbindd_pam.c.
I've found during multiple, fast, automated SSH logins (such
as from a cron script) that the replay cache in MIT's krb5
lib will occasionally fail the krb5_rd_req() as a replay attack.
There seems to be a small window during which the MIT krb5
libs could reproduce identical time stamps for ctime and cusec
in the authenticator since Unix systems only give back
milli-seconds rather than the micro-seconds needed by the
authenticator. Checked against MIT 1.5.1. Have not
researched how Heimdal does it.
My thinking is that if someone can spoof the KDC and TDS
services we are pretty hopeless anyways.
(This used to be commit cbd33da9f78373e29729325bbab1ae9040712b11)
|
|
session_traverse.
(This used to be commit ccb5eb245e962b0264b337c2d0275c22e2a36830)
|
|
tomorrow.
(This used to be commit 74fa57ca5d7fa8eace72bbe948a08a0bca3cc4ca)
|
|
replace all data_blob(NULL, 0) calls.
(This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
|
|
server_id' instead of a 'uint32 pid'
(This used to be commit be7bac55c37676a8137c59a22dfb2e4c4821ac21)
|
|
(This used to be commit a66a04e9f11f6c4462f2b56b447bae4eca7b177c)
|
|
to all callers of smb_setlen (via set_message()
calls). This will allow the server to reflect back
the correct encryption context.
Jeremy.
(This used to be commit 2d80a96120a5fe2fe726f00746d36d85044c4bdb)
|
|
absence of native OS and Lanman strings in the session setup request)
(This used to be commit e5c9fc937d40046030c0d3bcfced505410a14caf)
|
|
not just an NTLMSSP - grr. This complicates the re-use of
common client and server code but I think I've got it right.
Not turned on of valgrinded yet, but you can see it start
to take shape !
Jeremy.
(This used to be commit 60fc9c0aedf42dcd9df2ef9f1df07eaf3bca9bce)
|
|
in sasl bind. Wonder why coverity didn't find these ?
Jeremy.
(This used to be commit 89bdd30e4b2bb9dbc2ab57c54be8c6d01cae5a26)
|
|
to return a NT_STATUS_TIME_DIFFERENCE_AT_DC error to
a client when there's clock skew. Will help people
debug this. Prepare us for being able to return the
correct sessionsetupX "NT_STATUS_MORE_PROCESSING_REQUIRED"
error with associated krb5 clock skew error to allow
clients to re-sync time with us when we're eventually
able to be a KDC.
Jeremy.
(This used to be commit c426340fc79a6b446033433b8de599130adffe28)
|
|
Jeremy.
(This used to be commit 4a74d042c9108ed68cc92f27b390c261c0bc8885)
|
|
Jeremy
(This used to be commit 6be078da267677e3e558033c28099e3932a17712)
|
|
But I'd
see this as a design flaw in data_blob() and it made me look in that routine.
Jeremy, revert or merge please :-)
Volker
(This used to be commit e7e6b8b5e0b00cc0746db4e9baa2e860074f903a)
|
|
fragmented into "max xmit" size security blob
chunks. Bug #4400. Needs limits adding, and also
a client-side version.
Jeremy.
(This used to be commit aa69f2481aafee5dccc3783b8a6e23ca4eb0dbfa)
|
|
Vista sends the NTLMv2 blob by default in the tconX
packet. Make sure we save off the workgroup the user
was logged into on the client in the sessionsetupX
and re-use it for the NTLMv2 calc.
Jeremy.
(This used to be commit 45dcf62960c2815c4d8e0c5f4a2d0af24df83290)
|
|
(This used to be commit ac3eb7813e33b9a2e78c9158433f7ed62c3b62bb)
|
|
(This used to be commit 97f150fbbbee4837c15de121b418881241f321e2)
|
|
Freeing memctx is all we need, fix double free stupidity
(This used to be commit 2a7454959e93e5bd11161707d0bd16a431b92351)
|