Age | Commit message (Collapse) | Author | Files | Lines |
|
an oplock break.
Jeremy.
(This used to be commit 9515de83a864250c417cf490b7be714c8e1e127e)
|
|
Jeremy.
(This used to be commit 8d2a848052df03dad7bfeb5e7be96f8e9a509bbf)
|
|
sendfile when signing (I need to add this for readbraw/writebraw too...).
Jeremy.
(This used to be commit f2e84f1ba67b13ff29e24a38099b559d9033a680)
|
|
Ensure a server can't do a downgrade attack if client signing is mandatory.
Add a lp_server_signing() function and a 'server signing' parameter that
will act as the client one does.
Jeremy
(This used to be commit 203e4bf0bfb66fd9239e9a0656438a71280113cb)
|
|
(This used to be commit 8f86cb196f9f2eaa4d6406f1082397dcf01897bf)
|
|
Jeremy.
(This used to be commit 61fc9a7b2eafdf8cbed1f8d9aae016b828c91a08)
|
|
Jeremy.
(This used to be commit dd46f8b22d6e8411081a1279e1cd32929e40370b)
|
|
Jeremy.
(This used to be commit 3c11d9362379f16bb0d14449f64e731efad97ffe)
|
|
(This used to be commit d0d85dd49c41c55e086714a45990d5cd6c36fa10)
|
|
(This used to be commit 5df7b9a3efaf5b7828d0405bc14504d14d9e833a)
|
|
(This used to be commit dd10e7c9bbef0d28f3c5330605ff3b18c278eeef)
|
|
(This used to be commit 42a59d691019ee328920be25a1c505037f74151f)
|
|
(This used to be commit 09e00970d4b3ec80467a4a292c39650d6c945847)
|
|
(This used to be commit 2750418752e491c5e87f0f2adf253291e31ee4c2)
|
|
(This used to be commit a88dc502cb3b6b2d905106675f50680bf22e2cfa)
|
|
(This used to be commit b47b6f5825753b4ad130cdd372dbd023f78d3fd9)
|
|
(This used to be commit ee44d72a1bf24ecf99d485f4d9ff8359d54e19c3)
|
|
(This used to be commit ec92d856734e6d32189c3e90411fd02a20b8fe83)
|
|
removing old readme (not part of WHATSNEW)
(This used to be commit c9c5f68eeab5a36b279673c728411672b4b4449b)
|
|
in both SCHANNEL and NTLMSSP.
(Try not to deal with a general case as individual special cases...)
Andrew Bartlett
(This used to be commit 6ca77bd28f16f9f65ff40bf8996e39356de5b4f8)
|
|
(This used to be commit 074da426708555de082d0c2e5ae3a5cddaadcdf4)
|
|
and migrate an NT4 domain and still logon from domain members
(tested logon scripts, system policies, profiles, & home directories)
(passdb backend = tdbsam)
removed call to idmap_init_wellknown_sids() from winbindd.c
since the local domain should be handled by the guest passdb backend
(and you don't really always want the Administrator account to be root)
...and we didn't pay attention to this anyways now.
(This used to be commit 837d7c54d3ca780160aa0d6a2f0a109bb691948e)
|
|
(This used to be commit 7d63b690004a59316a70059db0d9ad0ea9001288)
|
|
Fixes bug 102.
(This used to be commit b54183a7b23d1046faad0890de3fdda3df0fec88)
|
|
on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing
to add signing on server side.
Jeremy.
(This used to be commit c390b3e4cd68cfc233ddf14d139e25d40f050f27)
|
|
struct cli_state
is so marked.
Jeremy
(This used to be commit 0b8724ed65799f94f2af5d1dbb9ba20f1bac53a7)
|
|
(This used to be commit ff0c71148e405eeb49efbc51461325c7f2207433)
|
|
(This used to be commit 517bb4d0df4cd120ef0ffc3cd879897971f0982e)
|
|
Jerry, this is assigned to you. Do you want to answer it?
However, we have to decide what to do if a mapping is to be done for a
unix group not in LDAP....
Volker
(This used to be commit bf449d467cfe4987df17010490a16ab0472c0803)
|
|
latest Debian official packages for Debian unstable. Also fixes
patches that got out of date in the beta2->beta3 development process.
(This used to be commit 03871fd574bf9c0f6d88c96423f77e9ada7b16f7)
|
|
nmbd, winbindd). Reviewed by jerry and tridge.
(This used to be commit 02c5e2fc6f0721ebd82a9e6a2b34190607de55fe)
|
|
(This used to be commit 26134ac302f3296df6a65182f2585201a3ad833a)
|
|
(This used to be commit 6770d69942a8841fb25448a8a238af7987ec860c)
|
|
for me without this patch. I'm not sure if I interpreted your patch to
this code right.
Thanks,
Volker
(This used to be commit 46ec022f873416d2258fc8d84430b17319dce70f)
|
|
(This used to be commit 3fec31d0fd91de6196d56fc7eae145f10c12483c)
|
|
automatic option generation for spec files
(This used to be commit 4042d965f26d8cc056792df50d0a2a6f3f640e50)
|
|
(This used to be commit 38f85593c41b5d9ea1c67beb626724b9e14a5dab)
|
|
(This used to be commit bb31276c3dfd10bfbc41b7e77e1e1aca1f051453)
|
|
(This used to be commit 6fdf9f8cd53833294d34aa6dc8d660957c530ae5)
|
|
(This used to be commit 7c91c4360ffd5683f063ac2ce8ebadb4b4db9342)
|
|
(This used to be commit 140e2fd5d710f5c800399e20a64c8ac4349a7003)
|
|
(This used to be commit 369a914ebefd5625af19b76d71b502e5e13a7147)
|
|
force user = foo)
(This used to be commit 399799c68cbc91cb3908b0d83ee4f51fa3bf3023)
|
|
Andrew Bartlett
(This used to be commit 2b493813fc09ed9bf21f90bce708e6145cf1b4de)
|
|
Needs to be rewritten to use a reference counter, but this
will work for now.
also the memory allocation in the printing code needs to be cleaned
up to use talloc exclusively.
(This used to be commit 3d293027563b36411b7f84ed9d8f47f926271c6f)
|
|
(This used to be commit 3f63bcb47182f69a7524bf9fcd0198aa116a9c45)
|
|
of an inline replacement...
Andrew Bartlett
(This used to be commit d941255a97fc6d0d62eae1602075b1aa0481cde5)
|
|
It's so simple now I know how it works - and it has nothing to do with
NTLMSSP (it's just a slightly different use of the old algorithm). :-).
Note: This is actually less secure then the non-NTLMSSP code, as there is
no per-session random data included for NTLM logins. (NTLMv2 is better,
fortunetly).
Andrew Bartlett
(This used to be commit 95ec8317d4c6817d192bcd52eec44a22286e10ee)
|
|
the schannel code, but I've included that anyway. :-)
This patch revives the client-side NTLMSSP support for RPC named pipes
in Samba, and cleans up the client and server schannel code. The use of the
new code is enabled by the 'sign', 'seal' and 'schannel' commands in
rpcclient.
The aim was to prove that our separate NTLMSSP client library actually
implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation,
in the hope that knowing this will assist us in correctly implementing
NTLMSSP signing for SMB packets. (Still not yet functional)
This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with
calls to libsmb/ntlmssp.c. In the process, we have gained the ability to
use the more secure NT password, and the ability to sign-only, instead of
having to seal the pipe connection. (Previously we were limited to sealing,
and could only use the LM-password derived key).
Our new client-side NTLMSSP code also needed alteration to cope with our
comparatively simple server-side implementation. A future step is to replace
it with calls to the same NTLMSSP library.
Also included in this patch is the schannel 'sign only' patch I submitted to
the team earlier. While not enabled (and not functional, at this stage) the
work in this patch makes the code paths *much* easier to follow. I have also
included similar hooks in rpccleint to allow the use of schannel on *any* pipe.
rpcclient now defaults to not using schannel (or any other extra per-pipe
authenticiation) for any connection. The 'schannel' command enables schannel
for all pipes until disabled.
This code is also much more secure than the previous code, as changes to our
cli_pipe routines ensure that the authentication footer cannot be removed
by an attacker, and more error states are correctly handled.
(The same needs to be done to our server)
Andrew Bartlett
(This used to be commit 5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19)
|
|
(This used to be commit 4cdadbbbe9d6311b32dfe8e9823ed55dab1c6f1c)
|