| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
If I'm not completely blind, we should return here. Not doing it here seems not
to be a major flaw, as far as I can see we're only missing the error code. This
might account for some of the very unhelpful NT_STATUS_UNSUCCESSFUL error
messages people see during joins.
All with stake in Samba client, please check!
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
During 'net ads join' the cli->desthost is a hostname (e.g.
rupert.galaxy.site). Check if we have a hostname and use only the
first part, the machine name, of the string.
|
| |
|
|
|
| |
negotiation works.
Jeremy.
|
| |
|
|
| |
Guenther
|
| |
|
|
|
| |
When warning that "client plaintext auth" is not enabled where the server
requested them we should not talk about "client use plaintext auth"
|
| |
|
|
|
|
| |
to cause us to behave like Vista when looking for remote
machine principal. Modified by me.
Jeremy.
|
| |
|
|
|
|
|
| |
for a server. We should have been doing this for a while,
but it's more critical with IPv6.
Original patch fixed up by James.
Jeremy.
|
| |
|
|
|
|
| |
Remove all vestiges of pstring (except for smbctool as noted
in previous commit).
Jeremy
|
| |
|
|
|
|
|
| |
Remove pstring from libsmb/clidfs.c except for a nasty
hack (that will be removed when pstrings are gone from
client/).
Jeremy.
|
| |
|
|
|
|
| |
Make us very explicit about how long a talloc ctx
should last.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
I'm not sure why this used to be static, to me it seems that every time this
variable is overwritten. I just don't see how name_status_find() could return
true and not overwrite name. Can someone please review this and potentially
check it in?
Thanks,
Volker
|
| |
|
|
| |
This is better done with a 'lp_do_parameter(-1, "socket options", ..);
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
it with accessor functions. "One global or pstring a day...." :-).
Jeremy.
|
| |
|
|
|
|
|
|
| |
zero_addr(&ss). All current uses were always of the
AF_INET form, so simplify the call. If in the future
we need to zero an addr to AF_INET6 this can be
done separately.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
|
| |
|
|
|
|
|
| |
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
|
| |
|
|
|
|
|
|
|
|
| |
IPv6 in winbindd, but moves most of the socket functions that were
wrongly in lib/util.c into lib/util_sock.c and provides generic
IPv4/6 independent versions of most things. Still lots of work
to do, but now I can see how I'll fix the access check code.
Nasty part that remains is the name resolution code which is
used to returning arrays of in_addr structs.
Jeremy.
|
| | |
|
| |
|
|
|
|
| |
The translate_name() used by cli_session_setup_spnego() cann rely
Winbindd since it is needed by the join process (and hence before
Winbind can be run).
|
| |
|
|
| |
and client fixes. Patch from Todd Stetcher <todd.stetcher@isilon.com>.
|
| |
|
|
|
|
| |
NTSTATUS.
Guenther
|
| |
|
|
|
|
|
|
|
|
| |
left as nonzero as returned by the failed cli_session_setup_spnego. When we then try
to authenticate as the user in cli_session_setup this returns an
error "Bad userid" (as seen in wireshark).
"We should only leave cli->vuid != 0 on success. Looks like it's
getting set in the cli_session_setup_blob_receive() call and not
cleared again on error."
Jeremy.
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
Long overdue fix....
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"Attempt to fix some build farm failures: On port 139 the first
successful packet gives len==0 from the server, so the = in
if (len <= 0) {
in line 136 of clientgen.c throws a failure."
The irritating thing is that I already had it correct in
SAMBA_3_0_26 and forgot to merge the change across.
len == 0 is a valid return - I messed that up when
converting client_receive_smb() to return a length
rather than a BOOL.
Doh !
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
successful packet gives len==0 from the server, so the = in
if (len <= 0) {
in line 136 of clientgen.c throws a failure.
Jeremy, please fix this properly, I'm not merging this to 3_0_26 so that
you can filter it when you merge.
Volker
|
| |
|
|
| |
replace all data_blob(NULL, 0) calls.
|
| |
|
|
| |
Guenther
|
| |
|
|
|
|
|
| |
to all callers of smb_setlen (via set_message()
calls). This will allow the server to reflect back
the correct encryption context.
Jeremy.
|
| |
|
|
|
|
| |
the extended 7 word response for tconX rather than the
3 word one we supported previously.
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
not specific for NTLMSSP
- it's possible that the server sends a mechOID and authdata
if negResult != SPNEGO_NEG_RESULT_INCOMPLETE, but we still
force the mechOID to be present if negResult == SPNEGO_NEG_RESULT_INCOMPLETE
metze
|
| |
|
|
|
|
| |
we're encrypted. This will make further changes and
spec much more clear.
Jeremy.
|
| |
|
|
|
|
|
| |
to restructure libsmb/smb_signing.c so it isn't in
the base libs path but lives in libsmb instead (like
smb_seal.c does).
Jeremy.
|
| |
|
|
|
| |
"raw" NTLM auth (no spnego).
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
removed).
Jeremy.
|
| |
|
|
|
|
| |
to allow client to fragment large SPNEGO blobs (large krb5
tickets). Tested against W2K3R2. Should fix bug #4400.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".
Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).
Guenther
|
| |
|
|
|
| |
The protocol negotiation string "LANMAN2.1" was not listed in the set of
negotiatiable possibilities, so non-optimal negotiation was taking place.
|
| |
|
|
|
|
|
|
|
| |
KRB5 in
SPNEGO, as long as we don't make use of it without krb libs. Makes the code a
bit simpler.
Volker
|
| |
|
|
| |
Volker
|
| |
|
|
|
|
|
|
|
|
|
| |
patch some
weeks ago.
We have some work before us, when in AD mode Vista sends
"not_defined_in_RFC4178@please_ignore" as the principal.....
Volker
|
| |
|
|
| |
Guenther
|
