Age | Commit message (Collapse) | Author | Files | Lines |
|
but do not support SPNEGO (such as XP, when not joined to a domain).
This is triggered by the presense or lack of a security blob in the
negprot reply.
Andrew Bartlett
(This used to be commit 99f7a38c077725b22475f2ba68d0955114879c24)
|
|
(This used to be commit 6c1a72c5d667245b1eec94f58e68acd22dd720ce)
|
|
(This used to be commit 7256945b526a1ee68d18eb579e592f7389740c22)
|
|
I had previously thought this was unnecessary, as windows doesn't use
standards compliant UTF-16, and for filesystem operations treats bytes
as UCS-2, but Bjoern Jacke has pointed out to me that this means we
don't correctly store extended UTF-16 characters as UTF-8 on
disk. This can be seen with (for example) the gothic characters with
codepoints above 64k.
This commit also adds a LOCAL-ICONV torture test that tests the first
1 million codepoints against the system iconv library, and tests 5
million random UTF-16LE buffers for identical error handling to the
system iconv library.
the lib/iconv.c changes need backporting to samba3
(This used to be commit 756f28ac95feaa84b42402723d5f7286865c78db)
|
|
The bug (found by tridge) is that Win2k3 is being tighter about the
NTLMSSP flags. If we don't negotiate sealing, we can't use it.
We now have a way to indicate to the GENSEC implementation mechanisms
what things we want for a connection.
Andrew Bartlett
(This used to be commit 86f61568ea44c5719f9b583beeeefb12e0c26f4c)
|
|
(This used to be commit f6dc62bf119c294db060b0870b6ca80bc28bd4a5)
|
|
(This used to be commit 6ffdfd779936ce8c5ca49c5f444e8da2bbeee0a8)
|
|
It simplifies our structure handling a lot, making the code shorter
and easier to understand. Look at the diff carefully and see if you
can understand it. If you're still confused then please ask.
(This used to be commit 03c341aca7f09cb1f0d33ec65e074e6a00caa30f)
|
|
This version does the following:
1) talloc_free(), talloc_realloc() and talloc_steal() lose their
(redundent) first arguments
2) you can use _any_ talloc pointer as a talloc context to allocate
more memory. This allows you to create complex data structures
where the top level structure is the logical parent of the next
level down, and those are the parents of the level below
that. Then destroy either the lot with a single talloc_free() or
destroy any sub-part with a talloc_free() of that part
3) you can name any pointer. Use talloc_named() which is just like
talloc() but takes the printf style name argument as well as the
parent context and the size.
The whole thing ends up being a very simple piece of code, although
some of the pointer walking gets hairy.
So far, I'm just using the new talloc() like the old one. The next
step is to actually take advantage of the new interface
properly. Expect some new commits soon that simplify some common
coding styles in samba4 by using the new talloc().
(This used to be commit e35bb094c52e550b3105dd1638d8d90de71d854f)
|
|
- print the received security_descriptor in the smbclient "acl" command
- make sure we zero the alignment data in nttrans packet sends
(This used to be commit 8925b8b2193905d084e1bfaaa3235ed7f9d1eb55)
|
|
metze
(This used to be commit 0164cac6df46ca5996aae30b8c48a602999f7e0b)
|
|
handle connections using the IP as the server name, while not trying
for NBT name resolution on names like "192" and "192.168.1.2".
also removed the ip address argument to smbcli_socket_connect() as it
isn't used and doesn't really make sense.
(This used to be commit 2ce4028842556328da4da0de9bee942bed02cc62)
|
|
(This used to be commit 30ab38559e8c52ecdaf7ca9b124875ade82c5c66)
|
|
ALL_INFO queryfileinfo level. It is useful having it here as many
non-Microsoft servers implement it this way, which breaks just about
all the torture tests, so when testing against these broken systems
just change this one #if line and recompile smbtorture.
(This used to be commit cd8887293e7735d8ee1cc2daebda233673801775)
|
|
tridge: can you please check if this is correct,
I have only compiled it, but haven'T run it.
metze
(This used to be commit d3123c2e7357d8db4dce9e0253ac405318d05c48)
|
|
with the async SMB code
(This used to be commit cef94978f43a8326b6cf1888c15ca8c568ebe9f8)
|
|
classic case for a list)
(This used to be commit e53d32c65ab0751b3e01f4f699f5d0e1892369ae)
|
|
signing code to be able to cope.
Andrew Bartlett
(This used to be commit cb74d52b563730a50e33c92d868c45ee96a598e8)
|
|
SPNEGO/non-SPNEGO games.
Andrew Bartlett
(This used to be commit 90d70a63ee6d44172cec99a9115817f666b5d06d)
|
|
Andrew Bartlett
(This used to be commit 32b45fc9e8ff1d0b73bbec1eb1d249af3ec52e46)
|
|
Andrew Bartlett
(This used to be commit b176151b7294b03534921a26db4fb4be1e5d617c)
|
|
This removes the function pointer mess from the SMB signing code.
Andrew Bartlett
(This used to be commit 8830603e4bc821a11db87072a32a51b076a28e06)
|
|
ascii strings
(This used to be commit fc75dc49025f4beb0f1df656cfe4ec497e693dcc)
|
|
(This used to be commit b6664bdd0f4125a483620b76a87ea69cad866d6a)
|
|
a packet, so don't pretend we do...
Andrew Bartlett
(This used to be commit 68a6d5aeb35e8972182fffbb6cc506f89584b2d5)
|
|
and servers).
Andrew Bartlett
(This used to be commit b90b04e84bc8add235cf9ee7797a608ff48c4ca0)
|
|
Andrew Bartlett
(This used to be commit 4d563d7e4afad1c5f583aca3f42087bfff0fb895)
|
|
unexpectedly. bug found by abartlett.
(This used to be commit 566b7a9ce986cdfeabb69f17c472782fc7494d43)
|
|
Andrew Bartlett
(This used to be commit 64fcd8ecebabdd09fed6b65e3c436bffc1da9de7)
|
|
- use lp_maxprotocol() in the libcli/raw/ negotiate code, so we obey
the smb.conf "max protocol" option
- better handling of -M option in masktest
(This used to be commit 8685a584c92ab73a35b29a8c719f1ec207562837)
|
|
(This used to be commit 17a331529706266bd53b2d1c7b873cf4bbd7aaa7)
|
|
rename CLI_ -> SMBCLI_
metze
(This used to be commit 8441750fd9427dd6fe477f27e603821b4026f038)
|
|
plus disalllow any more sends
(This used to be commit 326fdc8c9d2848c6c08a49e34c72430fe0116d23)
|
|
order. Fixed the linked list add to always add to the end for outgoing
requests.
(This used to be commit 81c450b434bb28b0fa8620c309f39203e8950497)
|
|
(This used to be commit d7e2f39b90122088e94d4a8e8c7ffa7c91d7d664)
|
|
(This used to be commit 35f4ad4700de25085a2d0e5d0f9674ca2e606cd1)
|
|
(This used to be commit bd4106a8e57fc98d1feddc01b58f87f68164247a)
|
|
copy here.
Andrew Bartlett
(This used to be commit 9efc94eeafbf0eb4488c53a1456cc7026c937f9f)
|
|
my apologies to abartlett for thinking this was his bug!
(This used to be commit 6edbc55ddd2fc0d4686ec3075ba9bfc72ac24315)
|
|
(This used to be commit de764d9004a0d90479158e78e30b1266eb529e3e)
|
|
Up to now the client code has had an async API, and operated
asynchronously at the packet level, but was not truly async in that it
assumed that it could always write to the socket and when a partial
packet came in that it could block waiting for the rest of the packet.
This change makes the SMB client library full async, by adding a
separate outgoing packet queue, using non-blocking socket IO and
having a input buffer that can fill asynchonously until the full
packet has arrived.
The main complexity was in dealing with the events structure when
using the CIFS proxy backend. In that case the same events structure
needs to be used in both the client library and the main smbd server,
so that when the client library is waiting for a reply that the main
server keeps processing packets. This required some changes in the
events library code.
Next step is to make the generated rpc client code use these new
capabilities.
(This used to be commit 96bf4da3edc4d64b0f58ef520269f3b385b8da02)
|
|
e.g. we now have 'union smb_mkdir' and 'enum smb_mkdir_level' in sync
we may should also rename 'RAW_MKDIR_*' -> 'SMB_MKDIR_*'
metze
(This used to be commit 0bb50dcf1ccb9797000fcbea4d8a73f2d2a3db77)
|
|
- This causes our client and server code to use the same core code,
with the same debugs etc.
- In turn, this will allow the 'mandetory/fallback' signing algorithms
to be shared, and only written once.
Updates to the SPNEGO code
- Don't wrap an empty token to the server, if we are actually already finished.
Andrew Bartlett
(This used to be commit 35b83eb329482ac1b3bc67285854cc47844ff353)
|
|
metze
(This used to be commit 463982bf3f37bac67e1aaa488e4142d0ecc23307)
|
|
- We can now connect to hosts that follow the SPNEGO RFC, and *do not*
give us their principal name in the mechListMIC.
- The client code now remembers the hostname it connects to
- We now kinit for a user, if there is not valid ticket already
- Re-introduce clock skew compensation
TODO:
- See if the username in the ccache matches the username specified
- Use a private ccache, rather then the global one, for a 'new' kinit
- Determine 'default' usernames.
- The default for Krb5 is the one in the ccache, then $USER
- For NTLMSSP, it's just $USER
Andrew Bartlett
(This used to be commit de5da669397db4ac87c6da08d3533ca3030da2b0)
|
|
introduced by the "compiler warning fix" in rev 1460...
metze
(This used to be commit ffb7ba35cdb2fb19b8271a3585eef075948bef9c)
|
|
- Spelling - it's SPNEGO, not SPENGO
- SMB signing - Krb5 logins are now correctly signed
- SPNEGO - Changes to always tell GENSEC about incoming packets, empty or not.
Andrew Bartlett
(This used to be commit cea578d6f39a2ea4a24e7a0064c95193ab6f6df7)
|
|
Andrew Bartlett
(This used to be commit 10a973da88441b255eda7cbc263ef5c4f2f0fcae)
|
|
the capabilities in the union smb_sesssetup should be used to decide
if we can use extented security
metze
(This used to be commit e3760fcc17cc645d942f0fc7f7325976391309ea)
|
|
so I set 'use spnego = True'
metze
(This used to be commit e06898f88c82c286574f9d73de1a9de829b1ded8)
|