Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
|
|
|
|
|
|
We need to start signing when we got NT_STATUS_OK from the server
and manually check the signature of the servers response.
This is needed as the response might be signed with the krb5 acceptor subkey,
which comes within the server response.
With NTLMSSP this happens for the session setup:
request1 => BSRSPYL seqnum: 0
response1 => BSRSPYL seqnum: 0
request2 => BSRSPYL seqnum: 0
response2 => <SIGNATURE> seqnum: 1
and with krb5:
request1 => BSRSPYL seqnum: 0
response1 => <SIGNATURE> seqnum: 1
metze
|
|
metze
|
|
Even if signing is mandatory.
With NTLMSSP this happens for the session setup:
request1 => BSRSPYL
response1 => BSRSPYL
request2 => BSRSPYL
response2 => <SIGNATURE>
and with krb5:
request1 => BSRSPYL
response1 => <SIGNATURE>
metze
|
|
metze
|
|
the _recv functions
metze
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
|
|
|
|
UTF-16 input
The input checking is important, as otherwise we could set the wrong
password.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
Pinched from b53e6387e30010509034835acf88b91b380ff44a by metze.
Andrew Bartlett
(This used to be commit d55602e23e7947462cb402b20b2d354b96aa7ba3)
|
|
(This used to be commit b52fba5b2c63a24acbfc7e3e989c16b691d98162)
|
|
(This used to be commit f6e227b72bb56d12cb270d76f7f458136c4ca160)
|
|
(This used to be commit a555334db67527b57bc6172e3d08f65caf1e6760)
|
|
This is a partial fix towards bugs due to us walking past the end of
what we think are strings in ldb. There is much more work to do in
this area.
Andrew Bartlett
(This used to be commit 5805a9a8f35fd90fa4f718f73534817fa3bbdfd2)
|
|
(This used to be commit b337369d5c86b37d93ee1c62880068e14d6c09f6)
|
|
SMB2 returns NOT_SUPPORTED to some more NTCREATE_OPTIONS.
metze
(This used to be commit 3ea08d430370717463ffab44fed9c42db1002d97)
|
|
We now reuse ignored values for the ntvfs backend private flags.
metze
(This used to be commit 14eda93aeface307e1ffd1ea012d8f236fa78290)
|
|
metze
(This used to be commit fe74faf13dc64eaa58d757de156aedcb24abed1f)
|
|
metze
(This used to be commit 1380fb954a7d9d4b543c4650a060fef9f357af7b)
|
|
metze
(This used to be commit 3f6cbece4a199a42ad6583ea4bd4302629399625)
|
|
This produces a C structure that is sane, while still parsing the wire
blobs (as far as I can tell).
Andrew Bartlett
(This used to be commit b5dbe815e5dd3f865c7735bc76e02017a869f09b)
|
|
To make that work (as a client) with aes128 and aes256 krb5 keys
we need to use gsskrb5_get_subkey().
metze
(This used to be commit 0c6d988f2083067e1ac7b07a492f88cefd3ba906)
|
|
metze
(This used to be commit 8bc12dc77a59e792830d96e84a4e8d1b2c651505)
|
|
metze
(This used to be commit 35ee165b146b9157b0cff49e1139a0cb37d98926)
|
|
Also in particular the 'sync' flags (which Samba has traditionally
ignored).
Thanks to Olivier Salamin <olivier.salamin@gmail.com> for pointing out
more flags that needed to be handled.
Andrew Bartlett
(This used to be commit 370bb39cd79fe49efd36a1ceb3e896d386e6d3ce)
|
|
The MS-SMB document explains that some of these options should be
ignored. The test proves it.
/* Must be ignored by the server, per MS-SMB 2.2.8 */
/* Must be ignored by the server, per MS-SMB 2.2.8 */
If we implement HSM in samba4 (likely) we should honour this bit.
/* Don't pull this file off tape in a HSM system */
Andrew Bartlett
(This used to be commit 502739ff90d56d2c9aabe8e224317f6ceb175c17)
|
|
The DIGEST-MD5 SASL method requires a hostname, so provide one.
Andrew Bartlett
(This used to be commit edfb2ed1f22bc735af5a0c3d3ae6ab6771d28f2c)
|
|
With these changes, we don't leak the LDAP socket, and don't reset all
credentials feature flags, just the ones we are actually incompatible
with.
Andrew Bartlett
(This used to be commit 72e52a301102941c41ab423e0212fe9a1aed0405)
|
|
metze
(This used to be commit d235ce673705641e06b4ad5f5679e146b59a19e1)
|
|
metze
(This used to be commit a6aa055097313975299f214d8ebe8d45aa51d10a)
|
|
metze
(This used to be commit 48ccb51caf7976ec07c8a9bfc1afd3076bf4ee22)
|
|
metze
(This used to be commit e1d81388fcabba9a947ed0be9ccae875e2b19135)
|
|
metze
(This used to be commit ec67c61b6a82e4f39a15f37a98ae3fe93bb81316)
|
|
metze
(This used to be commit 5bf136e233e26b4372155f494bae5118ef777a76)
|
|
The recv helper will be called when a response comes
and the recv helper can decide to let the request
on the SMBCLI_REQUEST_RECV when more reponse packets
are expected. It's up to the helper function
to keep a reference to the in buffers, each incoming
response overwrites req->in.
metze
(This used to be commit 6d84af89ba96627abe142ba7080c24ae2421ed6c)
|
|
metze
(This used to be commit a65599cc83a12ec61e5a6ba6ad9628619a0dc8a3)
|
|
by fixing the signature of py_nbt_node_init().
Jelmer - please check!
Michael
(This used to be commit a7ee17a10f330297dc4d9d15499276b3985c7a51)
|
|
(This used to be commit 09cf8c7dd82bb95e2f8782782286869654d96375)
|
|
specific debug function.
By default do not debug, this is the most appropriate action for a library
as we cannot assume what stderr is use for in the main app.
The main app is responsible to set ev_debug_stderr if they so desire.
(This used to be commit e566a2f308ac6fb4b526a744f7059b565670aea5)
|