Andrew Bartlett eb1d37c5a9 r7676: Make VUID and TID choice random, as this gives us protection against ...

replay attacks under SMB signing, where the session key is a fixed
derivitive of the user's password.

This removes the VID offset, but I'm not worried about random client
bytes mattering here, given the space (and the fact that it applies to
very, very old clients).

Andrew Bartlett

2007-10-10 13:18:21 -05:00

..

config.mk

r6310: Rename password.c to session.c, and remove the linked list of all

2007-10-10 13:11:30 -05:00

conn.c

r7676: Make VUID and TID choice random, as this gives us protection against

2007-10-10 13:18:21 -05:00

negprot.c

r7633: this patch started as an attempt to make the dcerpc code use a given

2007-10-10 13:18:15 -05:00

nttrans.c

r6342: fixed a bad union assumption that caused ACLs to fail on 64 bit machines

2007-10-10 13:11:33 -05:00

reply.c

r6313: Much better handling of LogoffAndX when the vuid is invalid (ie, don't

2007-10-10 13:11:30 -05:00

request.c

r6031: don't try to send errors when the socket has been destroyed

2007-10-10 13:11:16 -05:00

search.c

r4549: got rid of a lot more uses of plain talloc(), instead using

2007-10-10 13:08:25 -05:00

service.c

r7631: - remove unused function, as the disgn of samba4 doesn't allow the old style

2007-10-10 13:18:15 -05:00

session.c

r7676: Make VUID and TID choice random, as this gives us protection against

2007-10-10 13:18:21 -05:00

sesssetup.c

r7675: Use correct memory context for anonymous session setup auth context

2007-10-10 13:18:21 -05:00

signing.c

r5899: Fix spelling.

2007-10-10 13:11:07 -05:00

smb_server.c

r7523: blergh

2007-10-10 13:18:06 -05:00

smb_server.h

r6310: Rename password.c to session.c, and remove the linked list of all

2007-10-10 13:11:30 -05:00

srvtime.c

r4063: - change char * -> uint8_t in struct request_buffer

2007-10-10 13:06:21 -05:00

trans2.c

r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the

2007-10-10 13:09:15 -05:00