1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

3741 Commits

Author SHA1 Message Date
Andrew Bartlett
41ed715d42 s3-libsmb: use struct gensec_security directly
This is rather than via a now one-element union.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-20 23:55:55 +01:00
Andrew Bartlett
06f7105490 s3-libcli Change krb5 smb sealing to call via gensec and gensec_gse
This also fixes the support for smb sealing with krb5 in make test, as
this now relies on secrets.tdb rather than /etc/krb5.keytab.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-20 23:55:54 +01:00
Andrew Bartlett
40715e1251 s3-librpc: pass struct ndr_interface_table down to cli_pipe_open_generic/spnego()
This allows the target service (as determined from the IDL) to be
passed to GSSAPI (rather than the current, incorrect, "cifs").

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:24 +01:00
Andrew Bartlett
1b6356298c s3-libsmb Use the gse_krb5 gensec module as client
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18 16:23:22 +01:00
Andrew Bartlett
138121c516 s3-libsmb: split out auth_generic client functions into auth_generic.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11 09:04:56 +01:00
Andrew Bartlett
b89a0439b3 s3-librpc Rename and rework cli_rpc_pipe_open_ntlmssp() to be generic
This also includes renaming the helper function
rpccli_ntlmssp_bind_data, and allows this function to operate on any
gensec-supplied auth type.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11 09:04:41 +01:00
Andrew Bartlett
cfe68f2d5f krb5: Require krb5_set_real_time is available to build with krb5 2012-01-10 21:50:07 +01:00
Andrew Bartlett
39d73e2420 krb5: Require krb5_get_renewed_creds be available to build with krb5 2012-01-10 21:50:07 +01:00
Andrew Bartlett
39b476d1c9 krb5: Require krb5_get_init_creds_opt_alloc/free for build with krb5
This also assumes the modern API with a krb5_context argument.

Andrew Bartlett
2012-01-10 21:50:07 +01:00
Andrew Bartlett
fc7b34c83a krb5: Require krb5_fwd_tgt_creds to be available to build with krb5 2012-01-10 21:50:07 +01:00
Andrew Bartlett
17e61e4290 krb5: Require krb5_c_enctype_compare is available to build with krb5 2012-01-10 21:50:07 +01:00
Volker Lendecke
7104ce3220 s3: Remove an unused label
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jan  9 23:07:32 CET 2012 on sn-devel-104
2012-01-09 23:07:31 +01:00
Andrew Bartlett
13f5414f93 s3-libsmb: Do not look up FQDN or use host/ for krb5 encrypted CIFS
This is important, as we want to use exactly the same name and ticket
that the libsmb session setup code used, so we do not hit the KDC twice.

For the session setup to have succeded using the default 'client use
spnego principal = no', the cifs/ principal must exist anyway, so
looking for host/ is pointless.  The case of 'client use spnego
principal = yes' was never supported here.

Andrew Bartlett
2012-01-09 11:39:54 +11:00
Andrew Bartlett
4b9d52d735 s3-libsmb: match the rest of Samba3 in kerberos name selection in smb sealing
This mirrors 860ad734ba which in turn
mirrors the behaviour of the libsmb client code at session setup time.

Andrew Bartlett
2012-01-09 10:56:27 +11:00
Andrew Bartlett
fd69ebda26 s3-ntlmssp Remove unused ntlmssp_set_hashes() and do not set an invalid LM hash
When E_deshash() returns false, it indicates that the password is either > 14 chars
in length, or could not be represented as an LM hash value for some other
reason.  In this case, we should not regard the LM hash being missing
as an error or a no-password situation.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jan  6 14:59:13 CET 2012 on sn-devel-104
2012-01-06 14:59:12 +01:00
Andrew Bartlett
60c66118b3 ntlmssp: merge initial packet implementations
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-06 13:18:40 +01:00
Andrew Bartlett
a00032a92d s3-libsmb Make auth_ntlmssp client more generic
As well as renaming, this allows us to start the mech by DCE/RPC auth
type or OID.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-06 08:12:49 +01:00
Andrew Bartlett
21415568fe s3-libsmb Use gensec_settings to set s3 ntlmssp client backend
This prepares us for making the code generic to multiple mechansims

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-06 08:12:48 +01:00
Andrew Bartlett
860ad734ba s3-libads Factor out a new routine kerberos_get_principal_from_service_hostname()
This is now used in the GSE GSSAPI client, so that when we connect to
a target server at the CIFS level, we use the same name to connect
at the DCE/RPC level.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05 17:17:28 +01:00
Andrew Bartlett
6391fff9da s3-auth rename auth_ntlmssp_state -> auth_generic_state
This structure handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-22 19:25:10 +01:00
Volker Lendecke
75d3b9ce08 s3: Fix some False/NULL hickups
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Dec 20 13:13:17 CET 2011 on sn-devel-104
2011-12-20 13:13:17 +01:00
Andreas Schneider
d0330c7dd6 s3-libsmb: Don't duplicate kerberos service tickets.
This fixes bug #8628.

Each time we do a client connection. Each time we call to function to
get the service ticket from the cache we duplicate it. So with each
connection we end up with one or three duplicated tickets.

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Dec 15 19:30:42 CET 2011 on sn-devel-104
2011-12-15 19:30:42 +01:00
Jeremy Allison
6be10cb761 Revert fac5c654e2
s3: Add a fallback for missing open&x support in OS/X Lion

This is now done inside the synchronous cli_open() wrapper
function.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sun Dec  4 08:19:31 CET 2011 on sn-devel-104
2011-12-04 08:19:31 +01:00
Jeremy Allison
c8a1082f2b Move the callers that need to use the new cli_open() back to calling
it from cli_openx().
2011-12-03 21:36:47 -08:00
Jeremy Allison
b44cfdf163 Add cli_open() back as a synchronous wrapper function the calls
NtCreateX followed by openX() if NtCreateX is unsupported.
2011-12-03 21:31:32 -08:00
Jeremy Allison
4e709dc42f Rename cli_open -> cli_openx. Prelude to replacing generic cli_open()
with a call that uses NTCreateX in preference to OpenAndX.
2011-12-03 21:13:08 -08:00
Volker Lendecke
1c46fb5c3e s3: Use autogenerated open_files.idl 2011-12-02 22:43:05 +01:00
Jeremy Allison
3e0d923096 Ensure we map our own Samba return of ERRSRV, ERRunknownsmb
on an unknown SMB request to NT_STATUS_NOT_IMPLEMENTED.
2011-12-02 20:41:02 +01:00
Jeremy Allison
af76d2588c After a discussion with Volker, sdd a backup_intent state to the client struct.
This causes the backup_intent flags to be added to findfirst/findnext
and ntcreate/nttrans_create calls.

cli_set_backup_intent() sets the flag and returns the old value of
its state.
2011-12-01 13:24:22 -08:00
Volker Lendecke
29735327f6 s3: Add some const
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Nov 25 10:21:07 CET 2011 on sn-devel-104
2011-11-25 10:21:07 +01:00
Stefan Metzmacher
b01d80a25e s3:smb2cli: zero tid in smb2cli_tdis*
metze
2011-11-24 19:02:33 +01:00
Stefan Metzmacher
cc67f7e548 s3:smb2cli: free session in smb2cli_logoff*
metze
2011-11-24 19:02:33 +01:00
Stefan Metzmacher
ee36217c40 s3:libsmb: make use of cli_tree_connect()
metze
2011-11-24 19:02:32 +01:00
Stefan Metzmacher
665593d6ac s3:libsmb: add cli_tree_connect() for a generic tree connect
metze
2011-11-24 19:02:32 +01:00
Stefan Metzmacher
8428db0a17 s3:smb2cli: remove unused smb2cli_sesssetup_ntlmssp*
metze
2011-11-24 19:02:32 +01:00
Stefan Metzmacher
8a9bfd61b7 s3:libsmb: add SMB2 support to cli_session_setup()
metze
2011-11-24 19:02:32 +01:00
Stefan Metzmacher
dd28b28ede s3:libsmb: implement cli_trans* on top of smb1cli_trans*
metze
2011-11-24 19:02:32 +01:00
Stefan Metzmacher
f60b768df4 s3:smb2cli: remove unused smb2cli_negprot()
metze
2011-11-24 19:02:32 +01:00
Stefan Metzmacher
6ab3f8cedb s3:smb2cli: pass struct smbXcli_conn directly to smb2cli_req_create/_send()
metze
2011-11-24 19:02:31 +01:00
Stefan Metzmacher
9ebdee2817 s3:libsmb: implement cli_state based functions on top of smbXcli_conn/smbXcli_req
metze
2011-11-24 19:02:31 +01:00
Stefan Metzmacher
bf1ff0572d s3:smb2cli: add forward declaration for struct cli_state
metze
2011-11-24 19:02:31 +01:00
Stefan Metzmacher
3327c1e86e s3:smb2cli: make smb2cli_session_setup_send/recv non-static
metze
2011-11-24 19:02:31 +01:00
Stefan Metzmacher
99b3d57fc3 s3:smb2cli: make use of smbXcli_session and setup the session key for SMB2 signing
metze
2011-11-24 19:02:31 +01:00
Stefan Metzmacher
7e7bca4188 s3:smb2cli: implement smb2cli_negprot() on top of smbXcli_negprot()
metze
2011-11-24 19:02:31 +01:00
Stefan Metzmacher
1cfeb3f8a0 smbXcli: pass client_guid to smbXcli_conn_create()
metze
2011-11-24 19:02:31 +01:00
Stefan Metzmacher
349977e1a0 s3:smb2cli: replace smb2cli_base.c code with the more generic smbXcli_base.c code
metze
2011-11-24 19:02:30 +01:00
Stefan Metzmacher
b895f1fb01 s3:libsmb: close fd on error in cli_connect_nb()
metze
2011-11-21 18:03:07 +01:00
Stefan Metzmacher
20df0f34a8 s3:libsmb: verify num_setup for SMBnttrans in cli_pull_trans()
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Nov 18 15:13:52 CET 2011 on sn-devel-104
2011-11-18 15:13:52 +01:00
Stefan Metzmacher
d3cb61cf05 s3:libsmb: fix compiler warning in cli_pull_trans()
metze
2011-11-18 13:30:48 +01:00
Stefan Metzmacher
48bcb8c846 s3:libsmb: only align unicode pipe_name (bug #8586)
metze
2011-11-18 13:30:48 +01:00