Age | Commit message (Collapse) | Author | Files | Lines |
|
--option 'gensec:krb5=no'
or put "gensec:krb5 = no" in smb.conf
Given the frustration I've had with kerberos I was very tempted to name
this option --nfk, but resisted the temptation
(This used to be commit 2d710a5eb5b36e46fa8f652305fa9ab2e09e02f3)
|
|
metze
(This used to be commit 492a00d909d6f3ff8305f102551f60d91d988ccd)
|
|
independent socket library.
this is not used, but compiled currently
there're maybe some api changes later...
metze
(This used to be commit de4447d7a57c614b80d0ac00dca900ea7e1c21ea)
|
|
metze
(This used to be commit 9177cd4285315175913aa2c9359f1173fa7d6eb7)
|
|
metze
(This used to be commit 75c3108955bab44ffda308406bae153e3a92cedf)
|
|
but do not support SPNEGO (such as XP, when not joined to a domain).
This is triggered by the presense or lack of a security blob in the
negprot reply.
Andrew Bartlett
(This used to be commit 99f7a38c077725b22475f2ba68d0955114879c24)
|
|
line. This makes testing much easier.
(This used to be commit 0a4723d250ba13e6374700fc6e80854ec6a3eddc)
|
|
NTLM sign
NTLM sign+seal
NTLM2 sign
NTLM2 sign+seal
and all of the above both with and without key exchange
the NTLM2 seal case is ugly and involves an extra data copy, which
some API changes in gensec or the ndr layer might avoid in future.
(This used to be commit fce7a4218b3136d880dd1a123e8525e3091bbed8)
|
|
'authenticated' connections.
Fix kerberos session key issues - we need to call the
routine for extracting the session key, not just read the cache.
Andrew Bartlett
(This used to be commit b80d849b6b586869fc7d3d4153db1a316f2867a9)
|
|
These fixes aim particularly at allowing PAC-less logins, as I don't
yet generate a PAC in the lorikeet-heimdal KDC.
This is for the benifit of a Kerbeors-enabled domain join, which seems
to be progressing quite well!
Andrew Bartlett
(This used to be commit f5a381094dd5bcbd795a134bc4b8b89901b5e3eb)
|
|
(This used to be commit 2c701f59a7f232fed624f7cec62dd494dd32c2d9)
|
|
This means that 'require NTLMv2 session security' now works for RPC
pipe signing. We don't yet have sealing, but it can't be much further.
This is almost all tridge's code, munged into a form that can work
with the GENSEC API.
This commit also includes more lsakey fixes - that key is used for all
DCE-RPC level authenticated connections, even over CIFS/ncacn_np.
No doubt I missed something, but I'm going to get some sleep :-)
Andrew Bartlett
(This used to be commit a1fe175eec884280fb7e9ca8f528134cf4600beb)
|
|
(This used to be commit 6c1a72c5d667245b1eec94f58e68acd22dd720ce)
|
|
(This used to be commit 7256945b526a1ee68d18eb579e592f7389740c22)
|
|
Volker
(This used to be commit 53f58c053b643c8b45d2f9394faf8cfdd5005f6d)
|
|
metze
(This used to be commit 46762c9ee011e5c37f3d94a1b80ed7d679c55434)
|
|
I had previously thought this was unnecessary, as windows doesn't use
standards compliant UTF-16, and for filesystem operations treats bytes
as UCS-2, but Bjoern Jacke has pointed out to me that this means we
don't correctly store extended UTF-16 characters as UTF-8 on
disk. This can be seen with (for example) the gothic characters with
codepoints above 64k.
This commit also adds a LOCAL-ICONV torture test that tests the first
1 million codepoints against the system iconv library, and tests 5
million random UTF-16LE buffers for identical error handling to the
system iconv library.
the lib/iconv.c changes need backporting to samba3
(This used to be commit 756f28ac95feaa84b42402723d5f7286865c78db)
|
|
Argl. I could never get the naming right. Having the most significant byte at
the lowest memory address is big endian, at least according to the google
search for 'big endian'....
Volker
(This used to be commit bc4c188362901423cc900fd4bdfa4a9ed6838f2b)
|
|
Fix bug found by Love H?\195?\182rnquist ?\195?\133strand: asn1_write_Integer needs to push
stuff little endian.
(This used to be commit 79bee828fbb70e71ad3fbd45758bcc7775ea977b)
|
|
Clean up use of unitilaised variable.
Andrew Bartlett
(This used to be commit e8d0246882f0d70dc3c63208d0a990804f36a05d)
|
|
table. Should get rid of the static buffer completely at some point.
(This used to be commit e0bda611121ed1f4afc2bfe83853e5521c494164)
|
|
(This used to be commit f5fd90848d350ba1016282a6ee9ea3c83a6e4a63)
|
|
Andrew Bartlett
(This used to be commit 0237389ce765cbb6825b79de1b0727da0969efeb)
|
|
signed or sealed.
This allows NTLM2 for SMB connections, and NTLMSSP over HTTP for example.
Andrew Bartlett
(This used to be commit e509451538eb5fac5a288e2c429d8481dbfb355f)
|
|
krb5_locate_kdc is (yet) an unused function in Samba4.
Guenther
(This used to be commit fe93f58dfe208ec814f1e75efde4ececa2b2cb5f)
|
|
Andrew Bartlett
(This used to be commit 2cbbf123d26081687a15eb7b82738e8187153ba4)
|
|
currently get it bougs, but anyway...
Andrew Bartlett
(This used to be commit 46864dd9d778c008c2f1a3a6701360d4ca64a664)
|
|
(This used to be commit e1575a72a10252fdb88778f14bf3c44a65d72c5e)
|
|
The bug (found by tridge) is that Win2k3 is being tighter about the
NTLMSSP flags. If we don't negotiate sealing, we can't use it.
We now have a way to indicate to the GENSEC implementation mechanisms
what things we want for a connection.
Andrew Bartlett
(This used to be commit 86f61568ea44c5719f9b583beeeefb12e0c26f4c)
|
|
(This used to be commit f6dc62bf119c294db060b0870b6ca80bc28bd4a5)
|
|
(This used to be commit c0862278cab106a441d1049c1da945fa11353f9f)
|
|
now that talloc_free() doesn't need to take a context ptr, there is no
reason we can't use talloc everywhere that we currently use malloc().
(This used to be commit a2ad77fb3ac9638c5ef52494bf62083ec594b9f5)
|
|
metze
(This used to be commit 17268837d21c2199b87bd78c1f62b49a37b86df8)
|
|
metze
(This used to be commit 699248fe821ffb738065002b5fef67cd59ca37f6)
|
|
metze
(This used to be commit 46d5ce350aeae352a9a14b14b968c299f11272f2)
|
|
an SPNEGO login from WinXP at least).
talloc_asprintf_append() lost an argument, but because TALLOC_CTX is
now a void*, this was not picked up by the compiler.
I've tested the login (asn1), but not the registry/gtk changes.
Andrew Bartlett
(This used to be commit 4294be44057124568fe1d176702056bb62ad3214)
|
|
(This used to be commit 6ffdfd779936ce8c5ca49c5f444e8da2bbeee0a8)
|
|
It simplifies our structure handling a lot, making the code shorter
and easier to understand. Look at the diff carefully and see if you
can understand it. If you're still confused then please ask.
(This used to be commit 03c341aca7f09cb1f0d33ec65e074e6a00caa30f)
|
|
This version does the following:
1) talloc_free(), talloc_realloc() and talloc_steal() lose their
(redundent) first arguments
2) you can use _any_ talloc pointer as a talloc context to allocate
more memory. This allows you to create complex data structures
where the top level structure is the logical parent of the next
level down, and those are the parents of the level below
that. Then destroy either the lot with a single talloc_free() or
destroy any sub-part with a talloc_free() of that part
3) you can name any pointer. Use talloc_named() which is just like
talloc() but takes the printf style name argument as well as the
parent context and the size.
The whole thing ends up being a very simple piece of code, although
some of the pointer walking gets hairy.
So far, I'm just using the new talloc() like the old one. The next
step is to actually take advantage of the new interface
properly. Expect some new commits soon that simplify some common
coding styles in samba4 by using the new talloc().
(This used to be commit e35bb094c52e550b3105dd1638d8d90de71d854f)
|
|
(This used to be commit 8be31e5c854e4462163b97b897ff41de95f181c4)
|
|
- print the received security_descriptor in the smbclient "acl" command
- make sure we zero the alignment data in nttrans packet sends
(This used to be commit 8925b8b2193905d084e1bfaaa3235ed7f9d1eb55)
|
|
metze
(This used to be commit 0164cac6df46ca5996aae30b8c48a602999f7e0b)
|
|
handle connections using the IP as the server name, while not trying
for NBT name resolution on names like "192" and "192.168.1.2".
also removed the ip address argument to smbcli_socket_connect() as it
isn't used and doesn't really make sense.
(This used to be commit 2ce4028842556328da4da0de9bee942bed02cc62)
|
|
(This used to be commit 30ab38559e8c52ecdaf7ca9b124875ade82c5c66)
|
|
ALL_INFO queryfileinfo level. It is useful having it here as many
non-Microsoft servers implement it this way, which breaks just about
all the torture tests, so when testing against these broken systems
just change this one #if line and recompile smbtorture.
(This used to be commit cd8887293e7735d8ee1cc2daebda233673801775)
|
|
(This used to be commit 7be7f25a57422fea3e763479629e18dc9a204aba)
|
|
tridge: can you please check if this is correct,
I have only compiled it, but haven'T run it.
metze
(This used to be commit d3123c2e7357d8db4dce9e0253ac405318d05c48)
|
|
metze
(This used to be commit 4c6c4d6bc8927b93f29beecf44aef5c228533a43)
|
|
metze
(This used to be commit 11c866d602fb4daefc1dced349606bd8ccd38ef2)
|
|
- merge some stuff from trunk
metze
(This used to be commit 267edf1c0bb1ed73f1ba19148e6412b9a1c41979)
|