Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
|
|
|
|
|
|
metze
|
|
Even if signing is mandatory.
With NTLMSSP this happens for the session setup:
request1 => BSRSPYL
response1 => BSRSPYL
request2 => BSRSPYL
response2 => <SIGNATURE>
and with krb5:
request1 => BSRSPYL
response1 => <SIGNATURE>
metze
|
|
metze
|
|
Pinched from b53e6387e30010509034835acf88b91b380ff44a by metze.
Andrew Bartlett
(This used to be commit d55602e23e7947462cb402b20b2d354b96aa7ba3)
|
|
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
|
|
This converts our SMB and SMB2 code to use a common structure "struct
request_bufinfo" for information on the buffer bounds of a packet,
alignment information and string handling. This allows us to use a
common backend for SMB and SMB2 code, while still using all the same
string and blob handling functions.
Up to now we had been passing a NULL req handle into these common
routines from the SMB2 side of the server, which meant that we failed
any operation which did a bounds checked string extraction (such as a
RenameInformation setinfo call, which is what Vista uses for renaming
files)
There is still some more work to be done on this - for example we can
now remove many of the SMB2 specific buffer handling functions that we
had, and use the SMB ones.
(This used to be commit ca6d9be6cb6a403a81b18fa6e9a6a0518d7f0f68)
|
|
The number of arguments is getting a bit excessive now, so it
probably makes sense to pass in the smbcli_options struct rather than
all members individually and add a convenience function for obtaining a
smbcli_options struct from a loadparm context.
(This used to be commit 9f64213463b5bf3bcbf36913139e9a5042e967a2)
|
|
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
|
|
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
|
|
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
|
|
ts=4 lines that I accidently added earlier.
(This used to be commit 0bcb21ed740fcec0f48ad36bbc2deee2948e8fc7)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
(This used to be commit 7af59357b94e3819415b3a9257be0ced745ce130)
|
|
(This used to be commit c722f665c90103f3ed57621c460e32ad33e7a8a3)
|
|
metze
(This used to be commit f308b72b19ab1e0e2f5a732bd1bc13082a634a9c)
|
|
Andrew Bartlett
(This used to be commit 817160ec1a85724c8bf482f128ea687396de0888)
|
|
- change smbcli_read/write to take void * for the buffers to match read(2)/write(2)
all this fixes a lot of gcc-4 warnings
metze
(This used to be commit b94f92bc6637f748d6f7049f4f9a30b0b8d18a7a)
|
|
(This used to be commit 3f75117db921e493bb77a5dc14b8ce91a6288f30)
|
|
and made them private
(This used to be commit 386ac565c452ede1d74e06acb401ca9db99d3ff3)
|
|
setting of "server signing = auto", which means to offer signing
only if we have domain logons enabled (ie. we are a DC). This is a
better match for what windows clients want, as unfortunately windows
clients always use signing if it is offered, and when they use signing
they not only go slower because of the signing itself, they also
disable large readx/writex support, so they end up sending very small
IOs for.
- changed the default max xmit again, this time matching longhorn,
which uses 12288. That seems to be a fairly good compromise value.
(This used to be commit e63edc81716fefd58a3be25deb3b25e45471f196)
|
|
Dahyabhai <nalin@redhat.com>.
Jeremy.
(This used to be commit afed78f359a15809b2d9b7566e16ade294944fa9)
|
|
report from --leak-check
(This used to be commit 1ff41bbcae8dc7514a85d69679e44dc7c5b0342f)
|
|
signing code to be able to cope.
Andrew Bartlett
(This used to be commit cb74d52b563730a50e33c92d868c45ee96a598e8)
|
|
Andrew Bartlett
(This used to be commit 32b45fc9e8ff1d0b73bbec1eb1d249af3ec52e46)
|
|
Andrew Bartlett
(This used to be commit b176151b7294b03534921a26db4fb4be1e5d617c)
|
|
This removes the function pointer mess from the SMB signing code.
Andrew Bartlett
(This used to be commit 8830603e4bc821a11db87072a32a51b076a28e06)
|
|
a packet, so don't pretend we do...
Andrew Bartlett
(This used to be commit 68a6d5aeb35e8972182fffbb6cc506f89584b2d5)
|
|
and servers).
Andrew Bartlett
(This used to be commit b90b04e84bc8add235cf9ee7797a608ff48c4ca0)
|
|
Andrew Bartlett
(This used to be commit 4d563d7e4afad1c5f583aca3f42087bfff0fb895)
|
|
Andrew Bartlett
(This used to be commit 64fcd8ecebabdd09fed6b65e3c436bffc1da9de7)
|
|
rename CLI_ -> SMBCLI_
metze
(This used to be commit 8441750fd9427dd6fe477f27e603821b4026f038)
|
|
(This used to be commit d7e2f39b90122088e94d4a8e8c7ffa7c91d7d664)
|
|
copy here.
Andrew Bartlett
(This used to be commit 9efc94eeafbf0eb4488c53a1456cc7026c937f9f)
|
|
- This causes our client and server code to use the same core code,
with the same debugs etc.
- In turn, this will allow the 'mandetory/fallback' signing algorithms
to be shared, and only written once.
Updates to the SPNEGO code
- Don't wrap an empty token to the server, if we are actually already finished.
Andrew Bartlett
(This used to be commit 35b83eb329482ac1b3bc67285854cc47844ff353)
|
|
metze
(This used to be commit 463982bf3f37bac67e1aaa488e4142d0ecc23307)
|
|
- Spelling - it's SPNEGO, not SPENGO
- SMB signing - Krb5 logins are now correctly signed
- SPNEGO - Changes to always tell GENSEC about incoming packets, empty or not.
Andrew Bartlett
(This used to be commit cea578d6f39a2ea4a24e7a0064c95193ab6f6df7)
|
|
code
set lp_use_spnego = False, because I can't get it working yet
but I commit it so others can help me
metze
(This used to be commit 2445cceba9ab9bd928c8bc50927a39509e4526b0)
|
|
signing
mistakes.
Jeremy.
(This used to be commit 5c3a2417cfe1bdbdfb35d933d49f77f6696790b3)
|
|
metze
(This used to be commit b5378803fdcb3b3afe7c2932a38828e83470f61a)
|
|
metze
(This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
|
|
metze
(This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
|
|
- This required using NETLOGON_NEG_AUTH2_FLAGS for the
SetupCredentials2 negotiation flags, which is what Samba3 does,
because otherwise the server uses different crypto.
- This tests the returned session keys, which we decrypt.
- Update the Samba4 notion of a 'session key' to be a DATA_BLOB in
most places.
- Fix session key code to return NT_STATUS_NO_SESSION_KEY if none is
available.
- Remove a useless argument to SMBsesskeygen_ntv1
- move netr_CredentialState from the .idl to the new credentials.h
Andrew Bartlett
(This used to be commit 44f8b5b53e6abd4de8a676f78d729988fadff320)
|
|
(This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
|