Age | Commit message (Collapse) | Author | Files | Lines |
|
simplifies things quite a bit
(This used to be commit c82a9cf750829c4f6982ca3133295c8599023c4e)
|
|
rather than manual reference counts
- properly support SMBexit in the cifs and posix backends
- added a logoff method to all backends
With these changes the RAW-CONTEXT test now passes against the posix backend
(This used to be commit c315d6ac1cc40546fde1474702a6d66d07ee13c8)
|
|
smbcli raw context handling
(This used to be commit d5fd6388751944f11c34e5124d403d57c8670e3b)
|
|
of 16 bytes, caused by the 16 byte data_blob in the smb_signing
code.
(This used to be commit 2f1b788e09686e065d22f621f5c0c585192c6740)
|
|
by making our gensec structures a talloc child of the open connection
we can be sure that it will be destroyed when the connection is
dropped.
(This used to be commit f12ee2f241aab1549bc1d9ca4c35a35a1ca0d09d)
|
|
fixed - I'll commit a little test suite soon.
(This used to be commit 5b967c1cbb9831f7f2c6c6187f9e8e6dcc284497)
|
|
valgrind)
(This used to be commit b2bb41721817256618124907a6922a00d50643dc)
|
|
but do not support SPNEGO (such as XP, when not joined to a domain).
This is triggered by the presense or lack of a security blob in the
negprot reply.
Andrew Bartlett
(This used to be commit 99f7a38c077725b22475f2ba68d0955114879c24)
|
|
The bug (found by tridge) is that Win2k3 is being tighter about the
NTLMSSP flags. If we don't negotiate sealing, we can't use it.
We now have a way to indicate to the GENSEC implementation mechanisms
what things we want for a connection.
Andrew Bartlett
(This used to be commit 86f61568ea44c5719f9b583beeeefb12e0c26f4c)
|
|
(This used to be commit 6ffdfd779936ce8c5ca49c5f444e8da2bbeee0a8)
|
|
This version does the following:
1) talloc_free(), talloc_realloc() and talloc_steal() lose their
(redundent) first arguments
2) you can use _any_ talloc pointer as a talloc context to allocate
more memory. This allows you to create complex data structures
where the top level structure is the logical parent of the next
level down, and those are the parents of the level below
that. Then destroy either the lot with a single talloc_free() or
destroy any sub-part with a talloc_free() of that part
3) you can name any pointer. Use talloc_named() which is just like
talloc() but takes the printf style name argument as well as the
parent context and the size.
The whole thing ends up being a very simple piece of code, although
some of the pointer walking gets hairy.
So far, I'm just using the new talloc() like the old one. The next
step is to actually take advantage of the new interface
properly. Expect some new commits soon that simplify some common
coding styles in samba4 by using the new talloc().
(This used to be commit e35bb094c52e550b3105dd1638d8d90de71d854f)
|
|
SPNEGO/non-SPNEGO games.
Andrew Bartlett
(This used to be commit 90d70a63ee6d44172cec99a9115817f666b5d06d)
|
|
rename CLI_ -> SMBCLI_
metze
(This used to be commit 8441750fd9427dd6fe477f27e603821b4026f038)
|
|
(This used to be commit de764d9004a0d90479158e78e30b1266eb529e3e)
|
|
- This causes our client and server code to use the same core code,
with the same debugs etc.
- In turn, this will allow the 'mandetory/fallback' signing algorithms
to be shared, and only written once.
Updates to the SPNEGO code
- Don't wrap an empty token to the server, if we are actually already finished.
Andrew Bartlett
(This used to be commit 35b83eb329482ac1b3bc67285854cc47844ff353)
|
|
- We can now connect to hosts that follow the SPNEGO RFC, and *do not*
give us their principal name in the mechListMIC.
- The client code now remembers the hostname it connects to
- We now kinit for a user, if there is not valid ticket already
- Re-introduce clock skew compensation
TODO:
- See if the username in the ccache matches the username specified
- Use a private ccache, rather then the global one, for a 'new' kinit
- Determine 'default' usernames.
- The default for Krb5 is the one in the ccache, then $USER
- For NTLMSSP, it's just $USER
Andrew Bartlett
(This used to be commit de5da669397db4ac87c6da08d3533ca3030da2b0)
|
|
- Spelling - it's SPNEGO, not SPENGO
- SMB signing - Krb5 logins are now correctly signed
- SPNEGO - Changes to always tell GENSEC about incoming packets, empty or not.
Andrew Bartlett
(This used to be commit cea578d6f39a2ea4a24e7a0064c95193ab6f6df7)
|
|
the capabilities in the union smb_sesssetup should be used to decide
if we can use extented security
metze
(This used to be commit e3760fcc17cc645d942f0fc7f7325976391309ea)
|
|
so I set 'use spnego = True'
metze
(This used to be commit e06898f88c82c286574f9d73de1a9de829b1ded8)
|
|
metze
(This used to be commit 38e00f87191b86901b603e66aec1e7e71f74c29f)
|
|
code
set lp_use_spnego = False, because I can't get it working yet
but I commit it so others can help me
metze
(This used to be commit 2445cceba9ab9bd928c8bc50927a39509e4526b0)
|
|
(This used to be commit de5984c95602ca67e8ac3139c3aa4330b74266e0)
|
|
metze
(This used to be commit 9f914e4af99e18b469d4cf9d8b1514a2bd28ddec)
|
|
metze
(This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
|
|
- This required using NETLOGON_NEG_AUTH2_FLAGS for the
SetupCredentials2 negotiation flags, which is what Samba3 does,
because otherwise the server uses different crypto.
- This tests the returned session keys, which we decrypt.
- Update the Samba4 notion of a 'session key' to be a DATA_BLOB in
most places.
- Fix session key code to return NT_STATUS_NO_SESSION_KEY if none is
available.
- Remove a useless argument to SMBsesskeygen_ntv1
- move netr_CredentialState from the .idl to the new credentials.h
Andrew Bartlett
(This used to be commit 44f8b5b53e6abd4de8a676f78d729988fadff320)
|
|
in various crypto
routines
(This used to be commit f6cf9020c8899e784385ea0e14fa465685441ee6)
|
|
* fixed the handling of anonymous logins
(This used to be commit 7cbc4ad8710ad33387145bfc9974d0ed4b0fb231)
|
|
successful LSA OpenPolicy using smbtorture
(This used to be commit e925c315f55905060fcca1b188ae1f7e40baf514)
|
|
(This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
|