summaryrefslogtreecommitdiff
path: root/source4/libcli
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r2294: this fixes the NTLM2 sign+seal combination. I have now tested:Andrew Tridgell1-25/+15
NTLM sign NTLM sign+seal NTLM2 sign NTLM2 sign+seal and all of the above both with and without key exchange the NTLM2 seal case is ugly and involves an extra data copy, which some API changes in gensec or the ndr layer might avoid in future. (This used to be commit fce7a4218b3136d880dd1a123e8525e3091bbed8)
2007-10-10r2290: Fix 'lsakey' for the server-side, it is static forAndrew Bartlett1-4/+2
'authenticated' connections. Fix kerberos session key issues - we need to call the routine for extracting the session key, not just read the cache. Andrew Bartlett (This used to be commit b80d849b6b586869fc7d3d4153db1a316f2867a9)
2007-10-10r2286: Fixes towards krb5 logins into Samba's CIFS server.Andrew Bartlett4-89/+113
These fixes aim particularly at allowing PAC-less logins, as I don't yet generate a PAC in the lorikeet-heimdal KDC. This is for the benifit of a Kerbeors-enabled domain join, which seems to be progressing quite well! Andrew Bartlett (This used to be commit f5a381094dd5bcbd795a134bc4b8b89901b5e3eb)
2007-10-10r2285: Remove more static data, fix spelling in a comment.Andrew Bartlett2-3/+3
(This used to be commit 2c701f59a7f232fed624f7cec62dd494dd32c2d9)
2007-10-10r2284: Thanks to some great detective work by tridge, NTLM2 signing now works.Andrew Bartlett7-97/+203
This means that 'require NTLMv2 session security' now works for RPC pipe signing. We don't yet have sealing, but it can't be much further. This is almost all tridge's code, munged into a form that can work with the GENSEC API. This commit also includes more lsakey fixes - that key is used for all DCE-RPC level authenticated connections, even over CIFS/ncacn_np. No doubt I missed something, but I'm going to get some sleep :-) Andrew Bartlett (This used to be commit a1fe175eec884280fb7e9ca8f528134cf4600beb)
2007-10-10r2247: talloc_destroy -> talloc_freeTim Potter3-8/+8
(This used to be commit 6c1a72c5d667245b1eec94f58e68acd22dd720ce)
2007-10-10r2184: use the smb.conf socket options for client code tooAndrew Tridgell1-0/+1
(This used to be commit 7256945b526a1ee68d18eb579e592f7389740c22)
2007-10-10r2173: Fix asn1 BOOLEANs. Thanks to Love Hornquist-Astrand.Volker Lendecke2-15/+6
Volker (This used to be commit 53f58c053b643c8b45d2f9394faf8cfdd5005f6d)
2007-10-10r2166: sync the asn1 stuff with trunkStefan Metzmacher1-4/+40
metze (This used to be commit 46762c9ee011e5c37f3d94a1b80ed7d679c55434)
2007-10-10r2159: converted samba4 over to UTF-16.Andrew Tridgell1-2/+2
I had previously thought this was unnecessary, as windows doesn't use standards compliant UTF-16, and for filesystem operations treats bytes as UCS-2, but Bjoern Jacke has pointed out to me that this means we don't correctly store extended UTF-16 characters as UTF-8 on disk. This can be seen with (for example) the gothic characters with codepoints above 64k. This commit also adds a LOCAL-ICONV torture test that tests the first 1 million codepoints against the system iconv library, and tests 5 million random UTF-16LE buffers for identical error handling to the system iconv library. the lib/iconv.c changes need backporting to samba3 (This used to be commit 756f28ac95feaa84b42402723d5f7286865c78db)
2007-10-10r2124: merge from trunk (-r 2123):Stefan Metzmacher1-3/+3
Argl. I could never get the naming right. Having the most significant byte at the lowest memory address is big endian, at least according to the google search for 'big endian'.... Volker (This used to be commit bc4c188362901423cc900fd4bdfa4a9ed6838f2b)
2007-10-10r2122: merge from trunk (-r 2120):Stefan Metzmacher1-4/+12
Fix bug found by Love H?\195?\182rnquist ?\195?\133strand: asn1_write_Integer needs to push stuff little endian. (This used to be commit 79bee828fbb70e71ad3fbd45758bcc7775ea977b)
2007-10-10r2119: Noticed by jra:Andrew Bartlett1-6/+0
Clean up use of unitilaised variable. Andrew Bartlett (This used to be commit e8d0246882f0d70dc3c63208d0a990804f36a05d)
2007-10-10r2102: fixed a race condition when handling dos errors that are in ourAndrew Tridgell1-6/+5
table. Should get rid of the static buffer completely at some point. (This used to be commit e0bda611121ed1f4afc2bfe83853e5521c494164)
2007-10-10r2101: fixed a signed/unsigned char warningAndrew Tridgell1-2/+2
(This used to be commit f5fd90848d350ba1016282a6ee9ea3c83a6e4a63)
2007-10-10r2099: Get rid of another private ARCFOUR implementation from the codebase.Andrew Bartlett3-108/+77
Andrew Bartlett (This used to be commit 0237389ce765cbb6825b79de1b0727da0969efeb)
2007-10-10r2096: Enable use of NTLM2 for connections that do not got on to be NTLMSSPAndrew Bartlett1-0/+16
signed or sealed. This allows NTLM2 for SMB connections, and NTLMSSP over HTTP for example. Andrew Bartlett (This used to be commit e509451538eb5fac5a288e2c429d8481dbfb355f)
2007-10-10r2058: Merge heimdal krb5_locate_kdc-fix over from trunk/3_0 althoughGünther Deschner1-1/+11
krb5_locate_kdc is (yet) an unused function in Samba4. Guenther (This used to be commit fe93f58dfe208ec814f1e75efde4ececa2b2cb5f)
2007-10-10r2054: Fix compile warnings/build failures on non-gcc.Andrew Bartlett1-1/+2
Andrew Bartlett (This used to be commit 2cbbf123d26081687a15eb7b82738e8187153ba4)
2007-10-10r2053: All RPC sessions 'want' a session key. Of course, the key theyAndrew Bartlett1-0/+3
currently get it bougs, but anyway... Andrew Bartlett (This used to be commit 46864dd9d778c008c2f1a3a6701360d4ca64a664)
2007-10-10r2042: missed a couple of places that should be talloc_free()Andrew Tridgell1-2/+2
(This used to be commit e1575a72a10252fdb88778f14bf3c44a65d72c5e)
2007-10-10r2041: Fix NTLMSSP RPC sealing, client -> win2k3 server.Andrew Bartlett6-17/+90
The bug (found by tridge) is that Win2k3 is being tighter about the NTLMSSP flags. If we don't negotiate sealing, we can't use it. We now have a way to indicate to the GENSEC implementation mechanisms what things we want for a connection. Andrew Bartlett (This used to be commit 86f61568ea44c5719f9b583beeeefb12e0c26f4c)
2007-10-10r2040: fixed a memory handling error in clisocket (caught with valgrind)Andrew Tridgell1-2/+2
(This used to be commit f6dc62bf119c294db060b0870b6ca80bc28bd4a5)
2007-10-10r2037: switched the asn.1 code to use tallocAndrew Tridgell1-20/+16
(This used to be commit c0862278cab106a441d1049c1da945fa11353f9f)
2007-10-10r2036: switched the spnego code to use tallocAndrew Tridgell1-5/+5
now that talloc_free() doesn't need to take a context ptr, there is no reason we can't use talloc everywhere that we currently use malloc(). (This used to be commit a2ad77fb3ac9638c5ef52494bf62083ec594b9f5)
2007-10-10r2020: fix compiler warningsStefan Metzmacher1-2/+2
metze (This used to be commit 17268837d21c2199b87bd78c1f62b49a37b86df8)
2007-10-10r2019: fix compiler warningsStefan Metzmacher1-2/+2
metze (This used to be commit 699248fe821ffb738065002b5fef67cd59ca37f6)
2007-10-10r2004: remove unused fileStefan Metzmacher1-121/+0
metze (This used to be commit 46d5ce350aeae352a9a14b14b968c299f11272f2)
2007-10-10r1990: Fix breakage caused by the recent talloc changes. (Failure to processAndrew Bartlett1-2/+2
an SPNEGO login from WinXP at least). talloc_asprintf_append() lost an argument, but because TALLOC_CTX is now a void*, this was not picked up by the compiler. I've tested the login (asn1), but not the registry/gtk changes. Andrew Bartlett (This used to be commit 4294be44057124568fe1d176702056bb62ad3214)
2007-10-10r1985: take advantage of the new talloc in a few more placesAndrew Tridgell6-58/+32
(This used to be commit 6ffdfd779936ce8c5ca49c5f444e8da2bbeee0a8)
2007-10-10r1984: this change is what you should read to understand the new talloc()Andrew Tridgell2-16/+5
It simplifies our structure handling a lot, making the code shorter and easier to understand. Look at the diff carefully and see if you can understand it. If you're still confused then please ask. (This used to be commit 03c341aca7f09cb1f0d33ec65e074e6a00caa30f)
2007-10-10r1983: a completely new implementation of tallocAndrew Tridgell13-29/+28
This version does the following: 1) talloc_free(), talloc_realloc() and talloc_steal() lose their (redundent) first arguments 2) you can use _any_ talloc pointer as a talloc context to allocate more memory. This allows you to create complex data structures where the top level structure is the logical parent of the next level down, and those are the parents of the level below that. Then destroy either the lot with a single talloc_free() or destroy any sub-part with a talloc_free() of that part 3) you can name any pointer. Use talloc_named() which is just like talloc() but takes the printf style name argument as well as the parent context and the size. The whole thing ends up being a very simple piece of code, although some of the pointer walking gets hairy. So far, I'm just using the new talloc() like the old one. The next step is to actually take advantage of the new interface properly. Expect some new commits soon that simplify some common coding styles in samba4 by using the new talloc(). (This used to be commit e35bb094c52e550b3105dd1638d8d90de71d854f)
2007-10-10r1944: put ldif functions in a separate fileSimo Sorce4-412/+440
(This used to be commit 8be31e5c854e4462163b97b897ff41de95f181c4)
2007-10-10r1941: - fixed an allocation error with querying security descriptors remotelyAndrew Tridgell2-1/+5
- print the received security_descriptor in the smbclient "acl" command - make sure we zero the alignment data in nttrans packet sends (This used to be commit 8925b8b2193905d084e1bfaaa3235ed7f9d1eb55)
2007-10-10r1910: this should not be a local var in this blockStefan Metzmacher1-1/+1
metze (This used to be commit 0164cac6df46ca5996aae30b8c48a602999f7e0b)
2007-10-10r1897: added a choose_called_name() function that allows us to more sanelyAndrew Tridgell3-8/+37
handle connections using the IP as the server name, while not trying for NBT name resolution on names like "192" and "192.168.1.2". also removed the ip address argument to smbcli_socket_connect() as it isn't used and doesn't really make sense. (This used to be commit 2ce4028842556328da4da0de9bee942bed02cc62)
2007-10-10r1896: stricter check on packet parsing for NBT session repliesAndrew Tridgell1-1/+1
(This used to be commit 30ab38559e8c52ecdaf7ca9b124875ade82c5c66)
2007-10-10r1893: add a commented out lump of code to implement the "by the SPEC"Andrew Tridgell1-0/+15
ALL_INFO queryfileinfo level. It is useful having it here as many non-Microsoft servers implement it this way, which breaks just about all the torture tests, so when testing against these broken systems just change this one #if line and recompile smbtorture. (This used to be commit cd8887293e7735d8ee1cc2daebda233673801775)
2007-10-10r1886: Fix the buildVolker Lendecke1-3/+3
(This used to be commit 7be7f25a57422fea3e763479629e18dc9a204aba)
2007-10-10r1883: I don't know why this was broken...Stefan Metzmacher1-3/+3
tridge: can you please check if this is correct, I have only compiled it, but haven'T run it. metze (This used to be commit d3123c2e7357d8db4dce9e0253ac405318d05c48)
2007-10-10r1881: empty structs are not allowed by all compilersStefan Metzmacher1-0/+1
metze (This used to be commit 4c6c4d6bc8927b93f29beecf44aef5c228533a43)
2007-10-10r1862: add invalid_creds ldap errorStefan Metzmacher1-0/+1
metze (This used to be commit 11c866d602fb4daefc1dced349606bd8ccd38ef2)
2007-10-10r1856: - move asn1 functions to asn1.cStefan Metzmacher2-43/+71
- merge some stuff from trunk metze (This used to be commit 267edf1c0bb1ed73f1ba19148e6412b9a1c41979)
2007-10-10r1851: if we try to peek a subtag, check if the parent tag has remaining dataStefan Metzmacher1-0/+4
metze (This used to be commit 01626ed381bdc9cab3e94e80220c916bb61acf30)
2007-10-10r1824: nicer handling of NBT session replies, and handling of bad packetsAndrew Tridgell2-2/+8
with the async SMB code (This used to be commit cef94978f43a8326b6cf1888c15ca8c568ebe9f8)
2007-10-10r1819: changed "smb ports" to be a LIST parameter type in loadparm (its a ↵Andrew Tridgell1-2/+9
classic case for a list) (This used to be commit e53d32c65ab0751b3e01f4f699f5d0e1892369ae)
2007-10-10r1805: ...I just forgot to say that the sasl bind actually works now:-)Stefan Metzmacher1-0/+2
metze (This used to be commit a2cd725681fa7b10a5cca337554be17f628465c0)
2007-10-10r1804: get a bit closer to a sasl bindStefan Metzmacher1-2/+19
metze (This used to be commit d0278c6bef622feeda8da7a120e3d1abce4a74e5)
2007-10-10r1803: more progress on sasl binds, but decoding the response still failsStefan Metzmacher2-4/+28
metze (This used to be commit f6c44201073df37881191509ffb7badee3baac71)
2007-10-10r1802: start to support SASL in our ldap librariesSimo Sorce2-19/+165
does not work yet but we are close currently we send the right data on wire and fail to decode the answer (This used to be commit 10baf585821bf1f10a3786045a0965000cdffd12)