summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2003-11-27Only ask for 512 names at a time.Volker Lendecke1-8/+19
Volker (This used to be commit d5775b7106dc5d6326db89f7369d2ffd61646426)
2003-11-27Correct freebsd 5.1 support for winbind contributed by Aaron Collins.Tim Potter2-1/+85
Let the build farm chew on it for a bit. (This used to be commit 41e4b036dff0af7be69bf95ea3d64dfccd3a4b8e)
2003-11-27use samr_dispinfo(level == 1) for enumerating domain users so we can include ↵Gerald Carter1-17/+34
the full name in gecos field; bug 587 (This used to be commit 329065d7cddb52c52667c93e0a0218c0e89938be)
2003-11-26Patch from Benjamin Riefenstahl <Benjamin.Riefenstahl@epost.de> to addJeremy Allison2-13/+49
MacOSX (Darwin) specific charset module code. Also had to add AC_CHECK_CPP to configure.in (this took a *long* time to track down) to make autoconf work correctly on Fedora Core 1. Jeremy. (This used to be commit c51d974b18e31a38608a3837d3fee04a209f91c8)
2003-11-26This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User1-0/+602
used to be commit 9ccf8c530def31ccf6aca4f56b53676512131e66)
2003-11-26Patch from Benjamin Riefenstahl <Benjamin.Riefenstahl@epost.de> to addJeremy Allison3-13/+651
MacOSX (Darwin) specific charset module code. Also had to add AC_CHECK_CPP to configure.in (this took a *long* time to track down) to make autoconf work correctly on Fedora Core 1. Jeremy. (This used to be commit a5711943428e4b586fb7f064739c78fa0a3ebd52)
2003-11-26Clean up a comment noticed by Jonathan Shao@Panasas.com and remove anRichard Sharpe1-3/+2
obsolete comment by Luke Leighton. (This used to be commit 316f83add76b56fe102f5dc4c9ce3a0413d9a1f4)
2003-11-26Fixing barfed idmap entries and adding not on use of FLAG_HIDE.John Terpstra1-2/+8
(This used to be commit 25aa5df5c79070d0f1273a71617e64fba7831742)
2003-11-26Implement "net rpc group members": Get members of a domain group inVolker Lendecke2-0/+89
human-readable format. Volker (This used to be commit e5770a9433099f86a1f828a35bbecbe5691c000c)
2003-11-26Implement "net rpc group members": Get members of a domain group inVolker Lendecke2-0/+89
human-readable format. Volker (This used to be commit 4e3a2eb8e04c3a669d94e38d81e994606fa6ef9d)
2003-11-26Get rid of a const warningVolker Lendecke2-3/+3
Volker (This used to be commit ab1096d58e2447bc91370e0a7f913d9375658c4c)
2003-11-26Get rid of a const warningVolker Lendecke2-3/+3
Volker (This used to be commit 94860687c535ace0c962ca3fe7da59df05325c62)
2003-11-26Merge from 3.0:Andrew Bartlett4-13/+15
- NTLM2 fixes, don't force NTLM2 - Don't use NTLM2 for RPC, it doesn't work yet - Add comments to winbindd_pam.c - Merge 64 bit fixes and better debug messages in winbindd.c Andrew Bartlett (This used to be commit ba94e4a1ab6dc3335bbb29686ca6795d0ffad5b0)
2003-11-25Patch from Jim McDonough for bug #802. Retrieve the correct ACL group bitsJeremy Allison2-0/+45
if the file has an ACL. Jeremy. (This used to be commit 7bf5ed30ce74ba658ca35059955748c1d8cbd6d2)
2003-11-25Patch from Jim McDonough for bug #802. Retrieve the correct ACL group bitsJeremy Allison2-0/+45
if the file has an ACL. Jeremy. (This used to be commit a51d9e947ef012fabf5a13250df6232d23722f68)
2003-11-25Add a comment, and a useful debug message.Andrew Bartlett2-0/+3
(This used to be commit df14b0af31863680218b06ae9de2f010a38fba6e)
2003-11-25Fix build of winbindd with static pdb modulesJelmer Vernooij1-1/+1
(This used to be commit 92a138f027cf2f1c2b13c6f3d59493fb21885d5e)
2003-11-25allow users to delete jobs with cups printing backendGerald Carter2-1/+7
The changes the name of the job passed off to cups from "Test Page" to "smbprn.00000033 Test Page" so that we can get the smb jobid back from lpq. Working on bug 770. (This used to be commit 3a84daf24f80cf44605841c844a0ba516354420b)
2003-11-25allow users to delete jobs with cups printing backendGerald Carter2-1/+7
The changes the name of the job passed off to cups from "Test Page" to "smbprn.00000033 Test Page" so that we can get the smb jobid back from lpq. Working on bug 770. (This used to be commit 5979f4d645e84fb22223e6cbf0043f2fa21acb2f)
2003-11-25If signing starts successfully, don't just turn it off automatically ifJeremy Allison1-5/+5
it fails later. Only turn it off automatically if it fails at the start. Jeremy. (This used to be commit 4a145531c2b6353291cd25f14f5572aa31e86594)
2003-11-25If signing starts successfully, don't just turn it off automatically ifJeremy Allison1-5/+5
it fails later. Only turn it off automatically if it fails at the start. Jeremy. (This used to be commit 2a00d538da61253455db1734b74ef1debaea24ea)
2003-11-25Do not add NTLM2 to the NTLMSSP flags unconditionally - allow theAndrew Bartlett2-10/+10
defaults specified by the caller to prevail. Don't use NTLM2 for RPC pipes, until we know how it works in signing or sealing. Call ntlmssp_sign_init() unconditionally in the client - we setup the session key, why not setup the rest of the data. Andrew Bartlett (This used to be commit 48123f7e42c3fde85887de23c80ceee04c2f6281)
2003-11-25Patch for #263 from jpjanosi@us.ibm.com.Jeremy Allison1-1/+2
Jeremy. (This used to be commit 6543bca0cbf6030d2400e30bb7491237d9c818f8)
2003-11-25Patch for #263 from jpjanosi@us.ibm.com.Jeremy Allison1-1/+2
Jeremy. (This used to be commit 0f2a50316d8245ea9c441f0ea08e1a0fd9a92583)
2003-11-25When server signing is set to "auto", if the client doesn't sign justJeremy Allison1-2/+23
ignore it. Only fail if signing is set to "required". Jeremy. (This used to be commit 8916ddfc39c3e70265188926f24034152f0e7b6b)
2003-11-25When server signing is set to "auto", if the client doesn't sign justJeremy Allison1-2/+23
ignore it. Only fail if signing is set to "required". Jeremy. (This used to be commit ab5db8873e2882900baa1c74706bb907baaff7fd)
2003-11-24strequal() returns a BOOL, not an int like strcmp(); this fixes a bug in ↵Gerald Carter1-2/+2
check_bind_response() (This used to be commit 84f0e97e5882375b765b818e89a6d96736cd5932)
2003-11-24strequal() returns a BOOL, not an int like strcmp(); this fixes a bug in ↵Gerald Carter1-2/+2
check_bind_response() (This used to be commit 5e062f72baad6f7a70f1a3c8cf190535ccacc89e)
2003-11-24Added "passwd chat timeout" parameter. Docs to follow.Jeremy Allison2-3/+10
Jeremy. (This used to be commit 16097f2072085432f4c669d9e008023f36f7afbb)
2003-11-24Added "passwd chat timeout" parameter. Docs to follow.Jeremy Allison2-3/+10
Jeremy. (This used to be commit 4d49fb806db6868f97069a603a28a85dc31cfe21)
2003-11-24patch from Matthias Hilbig for bug 467; use the dns name (or IP) as the ↵Gerald Carter1-2/+7
originating client name when using CUPS (This used to be commit eae48cda0f7f1346cd66d5a581c1273880f214d4)
2003-11-24patch from Matthias Hilbig for bug 467; use the dns name (or IP) as the ↵Gerald Carter1-2/+7
originating client name when using CUPS (This used to be commit 71333299a6e6bc6d74d2172f71e3fe21ef75aa3c)
2003-11-24more access fixes for group enumeration in LDAP; bug 281Gerald Carter6-14/+52
(This used to be commit c4ce92e80688fe7fd4b2fde2c31e94baf3e4dca0)
2003-11-24more access fixes for group enumeration in LDAP; bug 281Gerald Carter6-14/+52
(This used to be commit 68283407e0f366d8315f4be6caed67eb6fe84b85)
2003-11-23(Merge from 3.0)Andrew Bartlett2-2/+15
Patch by emil@disksites.com <Emil Rasamat> to ensure we always always free() each auth method. (We had relied on the use of talloc() only, despite providing the free() callback) Andrew Bartlett (This used to be commit 58c4963a8389dff4d925548217fabed1c9932abd)
2003-11-23Merge from 3.0:Andrew Bartlett6-31/+68
Add support for variable-length session keys in our client code. This means that we now support 'net rpc join' with KRB5 (des based) logins. Now, you need to hack 'net' to do that, but the principal is important... When we add kerberos to 'net rpc', it should be possible to still do user management and the like over RPC. - Add server-side support for variable-length session keys (as used by DES based krb5 logins). Andrew Bartlett (This used to be commit 1287cf5f921327c9ea758de46220c4e2dedc485c)
2003-11-23Patch by emil@disksites.com <Emil Rasamat> to ensure we always alwaysAndrew Bartlett2-2/+15
free() each auth method. (We had relied on the use of talloc() only, despite providing the free() callback) Andrew Bartlett (This used to be commit 5872c0e26e3407c7c1dcf2074a36896a3ca1325a)
2003-11-23Add server-side support for variable-length session keys (as used byAndrew Bartlett1-9/+6
DES based krb5 logins). Andrew Bartlett (This used to be commit 240b0d178e1b4a3556207bdf2e342c70155f64ee)
2003-11-22Add support for variable-length session keys in our client code.Andrew Bartlett5-22/+62
This means that we now support 'net rpc join' with KRB5 (des based) logins. Now, you need to hack 'net' to do that, but the principal is important... When we add kerberos to 'net rpc', it should be possible to still do user management and the like over RPC. (server-side support to follow shortly) Andrew Bartlett (This used to be commit 9ecf9408d98639186b283f1acf0fac46417547d0)
2003-11-22(merge from 3.0)Andrew Bartlett35-597/+1157
Changes all over the shop, but all towards: - NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... Andrew Bartlett (This used to be commit 57a895aaabacc0c9147344d097d333793b77c947)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett35-597/+1157
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-11-22debug and swat fixes from 3.0Gerald Carter2-1/+3
(This used to be commit 52c1973f39f4c4161097843fcf395e0102531575)
2003-11-22include WWW-Authenticate field in 401 response for bad auth attempt; bug 629Gerald Carter1-1/+2
(This used to be commit 879d0f15ea260d61c56c5b841065ecb2f5ec26ca)
2003-11-22adding a useful debugGerald Carter1-0/+1
(This used to be commit e374ce779efaec001c1476e0710ceaa9c3b84e8d)
2003-11-22fix winbind ping call so that SWAT correctly determines if winbindd is ↵Gerald Carter1-5/+1
running; bug 398 (This used to be commit cb12d519cc40b964d022886538044e8613931199)
2003-11-22fix winbind ping call so that SWAT correctly determines if winbindd is ↵Gerald Carter1-5/+1
running; bug 398 (This used to be commit 04e37283f230b28f3019bfab3a71dde5e4ae4e23)
2003-11-22Ensure that items in a list of strings containing whitespaceGerald Carter3-6/+18
are written out surrounded by single quotes. This means that both double and single quotes are now used to surround strings in smb.conf. This is a slight change from the previous behavior but needed or else things like printer admin = +ntadmin, 'VALE\Domain, Admin' get written to smb.conf by SWAT. (This used to be commit 59e9d6e301c752e99fb6a50204d7941f7f84566a)
2003-11-22Ensure that items in a list of strings containing whitespaceGerald Carter3-6/+18
are written out surrounded by single quotes. This means that both double and single quotes are now used to surround strings in smb.conf. This is a slight change from the previous behavior but needed or else things like printer admin = +ntadmin, 'VALE\Domain, Admin' get written to smb.conf by SWAT. (This used to be commit 5bf91c79d620e34ac71d72c80f74e47754d49dcb)
2003-11-21Fix for rename across filesystems. Noticed by Rainer Link ↵Jeremy Allison1-5/+95
<link@foo.fh-furtwangen.de>. Jeremy. (This used to be commit 598d9d3e5f612133e0528a1a8907745d715b61ed)
2003-11-21Fix for rename across filesystems. Noticed by Rainer Link ↵Jeremy Allison1-5/+95
<link@foo.fh-furtwangen.de>. Jeremy. (This used to be commit f68c2ff0f3307612ddbe62b8cc2ea12251d54ec6)