Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 35f4ad4700de25085a2d0e5d0f9674ca2e606cd1)
|
|
changes
- got rid of global_myname(), using lp_netbios_name() instead
(This used to be commit e8d4b390884e487163d81f66a5a7ac1de1305d9a)
|
|
(This used to be commit 48b5b740f1d0c252f248aa944d8487a83c016fa1)
|
|
- make cli_list_new() use the last_name continue method rather than
the trans2 findnext continue flag, as the continue flag is broken on
win2003 (win2003 sometimes misses up to 1/3 of all files in a directory)
(This used to be commit daa9648b3f6919b1615a5737b96310c3a41a0192)
|
|
(This used to be commit bd4106a8e57fc98d1feddc01b58f87f68164247a)
|
|
allow tests for 'unwrapped' krb5, allowed by Win2k3.
SPENGO changes, trying to get the logic right (when and what
sub-mechanisms to wrap).
Andrew Bartlett
(This used to be commit 8a0f7bf5e282d021afe93994a91fd76fa9c05f42)
|
|
copy here.
Andrew Bartlett
(This used to be commit 9efc94eeafbf0eb4488c53a1456cc7026c937f9f)
|
|
my apologies to abartlett for thinking this was his bug!
(This used to be commit 6edbc55ddd2fc0d4686ec3075ba9bfc72ac24315)
|
|
(This used to be commit de764d9004a0d90479158e78e30b1266eb529e3e)
|
|
Up to now the client code has had an async API, and operated
asynchronously at the packet level, but was not truly async in that it
assumed that it could always write to the socket and when a partial
packet came in that it could block waiting for the rest of the packet.
This change makes the SMB client library full async, by adding a
separate outgoing packet queue, using non-blocking socket IO and
having a input buffer that can fill asynchonously until the full
packet has arrived.
The main complexity was in dealing with the events structure when
using the CIFS proxy backend. In that case the same events structure
needs to be used in both the client library and the main smbd server,
so that when the client library is waiting for a reply that the main
server keeps processing packets. This required some changes in the
events library code.
Next step is to make the generated rpc client code use these new
capabilities.
(This used to be commit 96bf4da3edc4d64b0f58ef520269f3b385b8da02)
|
|
e.g. we now have 'union smb_mkdir' and 'enum smb_mkdir_level' in sync
we may should also rename 'RAW_MKDIR_*' -> 'SMB_MKDIR_*'
metze
(This used to be commit 0bb50dcf1ccb9797000fcbea4d8a73f2d2a3db77)
|
|
- This causes our client and server code to use the same core code,
with the same debugs etc.
- In turn, this will allow the 'mandetory/fallback' signing algorithms
to be shared, and only written once.
Updates to the SPNEGO code
- Don't wrap an empty token to the server, if we are actually already finished.
Andrew Bartlett
(This used to be commit 35b83eb329482ac1b3bc67285854cc47844ff353)
|
|
Rework our random number generation system.
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().
For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation. This removes the 'need_reseed'
parameter from generate_random_buffer().
This also requires that we start the secrets subsystem, as that is
where the reseed value is stored, for systems without /dev/urandom.
In order to aviod identical streams in forked children, the random
state is re-initialised after the fork(), at the same point were we do
that to the tdbs.
Andrew Bartlett
(This used to be commit b97d3cb2efd68310b1aea8a3ac40a64979c8cdae)
|
|
(fix compiler warning)
metze
(This used to be commit 65147f5aa2a56220a387876d990a546beb93a2d7)
|
|
metze
(This used to be commit 463982bf3f37bac67e1aaa488e4142d0ecc23307)
|
|
Andrew Bartlett
(This used to be commit 30d88580efe45dc792f8d5c04f4abe0497d1551c)
|
|
- We can now connect to hosts that follow the SPNEGO RFC, and *do not*
give us their principal name in the mechListMIC.
- The client code now remembers the hostname it connects to
- We now kinit for a user, if there is not valid ticket already
- Re-introduce clock skew compensation
TODO:
- See if the username in the ccache matches the username specified
- Use a private ccache, rather then the global one, for a 'new' kinit
- Determine 'default' usernames.
- The default for Krb5 is the one in the ccache, then $USER
- For NTLMSSP, it's just $USER
Andrew Bartlett
(This used to be commit de5da669397db4ac87c6da08d3533ca3030da2b0)
|
|
introduced by the "compiler warning fix" in rev 1460...
metze
(This used to be commit ffb7ba35cdb2fb19b8271a3585eef075948bef9c)
|
|
add the kinit code
metze
(This used to be commit 9a876be76cee3983676d8c89549162b5c4eba8b0)
|
|
our code
(This used to be commit ea5659b051f95402441e69ba4ce5aea1ed6f5c86)
|
|
metze
(This used to be commit fc8d00b8ab28535da4ec0b7e6931bbf402a37013)
|
|
- Spelling - it's SPNEGO, not SPENGO
- SMB signing - Krb5 logins are now correctly signed
- SPNEGO - Changes to always tell GENSEC about incoming packets, empty or not.
Andrew Bartlett
(This used to be commit cea578d6f39a2ea4a24e7a0064c95193ab6f6df7)
|
|
Andrew Bartlett
(This used to be commit 67ac9600664e93aa2fe9426127313b57ddaec2cf)
|
|
Andrew Bartlett
(This used to be commit 10a973da88441b255eda7cbc263ef5c4f2f0fcae)
|
|
Andrew Bartlett
(This used to be commit 893a9a3865d7046d8b1cb0418aaf48b88beefa05)
|
|
(This used to be commit 7e9884799e4f450b9693b6e29d7490288ebc969e)
|
|
(This used to be commit eaa2940ba039f59e13d44c6e2dda919ed8e388f5)
|
|
(This used to be commit 69de0d95c585c1a73072e921884cbd427c160176)
|
|
Andrew Bartlett
(This used to be commit 1164be10af8e1b47824df391196ec37c395a4040)
|
|
Andrew Bartlett
(This used to be commit b97ea8a63f044d2c20781c876575978cc4725285)
|
|
Andrew Bartlett
(This used to be commit 310a570936c0d2d5af168aeca1b33206622d8355)
|
|
Andrew Bartlett
(This used to be commit 159c234589e8e148180217f9ef4853b3031877db)
|
|
The kerberos context is now tied in life to the GENSEC context.
Andrew Bartlett
(This used to be commit 64e99170c3b53a14d7f8d29cf78283f2bc22c1f7)
|
|
Fix config.mk...
(oh, and this file is somehow marked as binary...)
Andrew Bartlett
(This used to be commit 3e9aa67e3fdd9be18bdead6d45a982d30e5fd5b4)
|
|
Andrew Bartlett
(This used to be commit 231e505dea9e9aca28eb336bcbcfb2b7b83c089c)
|
|
- Infrustructure for kerberos
- Don't segfault on un-implemented backend functions
- Add comments.
Andrew Bartlett
(This used to be commit 1c31aa42710421917428d6ba86328ea5179751bd)
|
|
easier to code, as it may return an 'ok' with an empty blob).
Andrew Bartlett
(This used to be commit e48557158ed99eee7d3ef8231c629bbd14cda9d3)
|
|
seperate char *, not a DATA_BLOB.
This allows us to tell if we were sent a string here, or a real MIC.
(This used to be commit 06b997c826e3ec00e0528da800e3eae0e3497a54)
|
|
The session key in the client is wrong, we don't do signing/sealing
and we are sending raw Kerberos, not GSSAPI.
But it's a start, and if we continue to have to call Krb5 directly,
this will be the basis.
I also intend to provide an alternate implementation, using just
GSSAPI.
Andrew Bartlett
(This used to be commit eb0dd4a821dc3dbe370aea9a9c9fb05cf2592e4d)
|
|
Andrew Bartlett
(This used to be commit 2de3a3082344fd292b1084a73a332549d6b2e25d)
|
|
metze
(This used to be commit ae2e6b58629397d75a3e446ff0c50b594d029206)
|
|
Andrew Bartlett
(This used to be commit c283837556109b9392a8cdcd867e5ae0dac1509b)
|
|
Andrew Bartlett
(This used to be commit c5a1529d54e6b8ec2bbf7017a2f48d7535f1f016)
|
|
add a view debug messages
metze
(This used to be commit 79953dccc1f21dbabddff73a4b6d862eace29eb9)
|
|
metze
(This used to be commit db19d6047c25698d0c3b7aeaab77b2a02385dbb5)
|
|
is used yet.
Andrew Bartlett
(This used to be commit 7596f311c9a18314716f64476030ce3dfcdd98bb)
|
|
the capabilities in the union smb_sesssetup should be used to decide
if we can use extented security
metze
(This used to be commit e3760fcc17cc645d942f0fc7f7325976391309ea)
|
|
so I set 'use spnego = True'
metze
(This used to be commit e06898f88c82c286574f9d73de1a9de829b1ded8)
|
|
some compiler warnings that allowed us to see.
Andrew Bartlett
(This used to be commit 1a6c2018dd49519e6fccdd5a7f35d70b67d45275)
|
|
metze
(This used to be commit f7379324025c599cd201ce6d0905f0ca2c24ce73)
|