| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
(should help track down out of sequence bugs).
Jeremy.
|
| | |
|
| |
|
|
|
|
| |
updated by 2 if there is no open reply outstanding, else by one....
Yes - this makes no sense....
Jeremy.
|
| |
|
|
|
|
|
|
|
|
| |
I was storing the mid of the oplock break - I should have been
storing the mid from the open. There are thus 2 types of deferred
packet sequence returns - ones that increment the sequence number
(returns from oplock causing opens) and ones that don't (change notify
returns etc). Running with signing forced on does lead to some
interesting tests :-).
Jeremy.
|
| |
|
|
|
| |
fixes signing for oplocks.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
| |
Otherwise we find spurious mid sign records on reply_ntcancel calls (they cancel
by mid). That took a *lot* of tracking down. I still need to remove the mid
records from the sign state on reply_ntcancel to avoid leaking memory....
Jeremy.
|
| |
|
|
|
|
| |
are updated correctly on returning an error for server trans streams.
Ensure we turn off client trans streams on error.
Jeremy.
|
| |
|
|
|
|
|
| |
-> smbd
sequence number problem.
Jeremy.
|
| |
|
|
|
| |
numbers and MIDs when in trans/trans2/nttrans code.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
bug with w2k. Turns out that when we're doing a trans/trans2/nttrans call
the MID and send_sequence_number and reply_sequence_number must remain constant.
This was something we got very wrong in earlier versions of Samba. I can now
get a directory listing from WINNT\SYSTEM32 with the older earlier parameters
for clilist.c
This still needs to be fixed for the server side of Samba, client appears to
be working happily now (I'm doing a signed smbtar download of an entire W2K3
image to test this :-).
Jeremy.
|
| |
|
|
|
| |
on when signing was mandatory.
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Server code *should* also work (I'll check shortly). May be the odd memory
leak. Problem was we (a) weren't setting signing on in the client krb5 sessionsetup
code (b) we need to ask for a subkey... (c). The client and server need to
ask for local and remote subkeys respectively.
Thanks to Paul Nelson @ Thursby for some sage advice on this :-).
Jeremy.
|
| |
|
|
|
|
| |
due to w2k bug. I think this code is now working.... Need more testing of course
but works on all the obvious cases I can think of.
Jeremy.
|
| |
|
|
|
| |
when bad signature received, plus check the oplock breaks....
Jermey.
|
| |
|
|
|
| |
next....
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
| |
I think (my changes haven't affected this I believe). Initial support on the
server side for smbclient. Still doesn't work for w2k clients I think...
Work in progress..... (don't change).
Jeremy.
|
| |
|
|
|
| |
an oplock break.
Jeremy.
|
| |
|
|
|
| |
sendfile when signing (I need to add this for readbraw/writebraw too...).
Jeremy.
|
| |
|
|
|
|
|
| |
Ensure a server can't do a downgrade attack if client signing is mandatory.
Add a lp_server_signing() function and a 'server signing' parameter that
will act as the client one does.
Jeremy
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
|
|
| |
on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing
to add signing on server side.
Jeremy.
|
| |
|
|
|
|
|
| |
struct cli_state
is so marked.
Jeremy
|
| |
|
|
|
|
|
|
|
|
|
| |
It's so simple now I know how it works - and it has nothing to do with
NTLMSSP (it's just a slightly different use of the old algorithm). :-).
Note: This is actually less secure then the non-NTLMSSP code, as there is
no per-session random data included for NTLM logins. (NTLMv2 is better,
fortunetly).
Andrew Bartlett
|
| |
|
|
|
|
|
|
| |
MAC calcuation code, and now supports multiple outstanding packets.
Fixes bug #40
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(well, under certain conditions :-)
There is no length limit on the size of the authentication response added
into the MD5 hash. (We had previously limited this to lengths like 40, 44 or
64 in attempts to make sense of what the SNIA spec tells us).
Instead, the entire authentication response is added in.
Currently, this only works on a Win2k domain members with a Samba PDC,
becouse our NTLMv2 code currently fails against an Win2k PDC.
However, this splits the problem in half - particularly as the NTLMv2 format
is known, and even has an ethereal disector! (thanks tpot).
Andrew Bartlett
|
| |
|
|
|
|
|
|
| |
This should make it clearer what magic numbers refer to the magic numbers
in the CIFS spec, and what bits and peices are being appended into the MD5
calculation where.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
| |
would work now...
Volker
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
| |
Who knows what .NET server brings, though ...? ;-)
Rafal
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
get Win2k to send a valid signiture in it's session setup reply - which it will
give to win2k clients.
So, I need to look at becoming 'more like MS', but for now I'll get this code
into the tree. It's actually based on the TNG cli_pipe_ntlmssp.c, as it was
slightly easier to understand than our own (but only the utility functions
remain in any way intact...).
This includes the mysical 'NTLM2' code - I have no idea if it actually works.
(I couldn't get TNG to use it for its pipes either).
Andrew Bartlett
|
| | |
|
|
|
The intention is to allow for NTLMSSP and kerberos signing of packets, but
for now it's just what I call 'simple' signing. (aka SMB signing per the SNIA
spec)
Andrew Bartlett
|
