Age | Commit message (Collapse) | Author | Files | Lines |
|
If no winbind is around, the best we can do to get the user's token correct is
to ask unix via create_token_from_username. More investigation is needed if
this also fixes the +groupname for unmapped groups problems more cleanly.
Volker
(This used to be commit f6e3ee147ffde572532fb44b619dda01388d4a31)
|
|
Volker
(This used to be commit 7a629118ee6f468505172147724f7f532f0f4a4f)
|
|
See the comment in the patch for the reason.
Volker
(This used to be commit 5e07ab750af3744e1ee5bfc813d5c6532aff4ecb)
|
|
Andrew Bartlett
(This used to be commit ed51b6293b7577cb2d9e661a8491606abf349406)
|
|
This mode proxies pre-calculated blobs from a remote (probably VPN)
client into the domain. This allows clients to change their password
over a PPTP connection (where they would not be able to connect to
SAMR directly).
The precalculated blobs do not reveal the plaintext password.
Original patch by Alexey Kobozev <cobedump@gmail.com>
(This used to be commit 967292b7136c5100c0b9a2783c34b1948b16dad4)
|
|
check this is your new code.
Jeremy.
(This used to be commit 144067783d1c56b574911532f074bdaa7cea9c6e)
|
|
We shouldn't allow this on the same smbd, but the cifsfs
client negotiates POSIX locks then sends Windows ones.
Doh ! Can't fix shipped client code....
Jeremy.
(This used to be commit 2f8cabe98d3776cb0bdf6b4ef1490fe0119e260a)
|
|
test.c pdb file
(This used to be commit 34ad8e183cf882913c32b4d03c9ab5fc09181ad2)
|
|
to be more robust in the precense of more broken /etc/hosts files when determining our fwdn
(This used to be commit 6413df8348829659807c0c30e6eaef511815e0ed)
|
|
used.
Jeremy.
(This used to be commit 738b99078c6e0ececa6c0268258510a4e97f84e7)
|
|
look at the return code.
Jeremy.
(This used to be commit f11933b3ac91c6fbacd6b410f4d2c0d400df23ee)
|
|
obey blocking/non-blocking request for POSIX locks.
Jeremy.
(This used to be commit f62c01316ef3ce0351f8b34229307a75d8f9f156)
|
|
Hopefully will fix the build farm. Still a few errors
in RAW-LOCK to look at though...
Jeremy.
(This used to be commit edd72d37de570fdad09f7ee983b5b22a1613e558)
|
|
cifsfs client code.
Jeremy.
(This used to be commit 53094435d89088124041d57078c21a12e761e2bf)
|
|
in POSIX mode (clitar needs fixing too). Add test
posix lock/unlock commands.
Jeremy.
(This used to be commit 596497ccc250896025253be1d67711d6d7f059f0)
|
|
fact that check_path_syntax() will convert '\\' characters to '/'.
When POSIX pathnames have been selected this doesn't happen, so we
must look for the unaltered separator of '\\' instead of the modified '/'.
Stevef please check this with the CIFSFS MS-DFS code !
Jeremy
(This used to be commit 883bb398e58f54ee79160487b49b79a4774ef939)
|
|
to be selected.
Jeremy.
(This used to be commit 2d8d4bd77bac6f5e7865657e12affd8b94aa85c3)
|
|
(This used to be commit 083ef11cc9be8f1299f233bde194173e092e2c3c)
|
|
when fetching the DES salting principal
(This used to be commit baf554c7934cbd591635196453c19d402358e073)
|
|
(This used to be commit bf701f51294dacd0d4077b5304772c40119460eb)
|
|
Reuse can_create() to prevent renameing a group to
an existing user or group.
(This used to be commit ce7091fda1eb3c7ea0900f455cec48c3b95a17f6)
|
|
(This used to be commit 7d619f127ee70fdd486ffaab4546a53d76a2288c)
|
|
Major points of interest:
* Figure the DES salt based on the domain functional level
and UPN (if present and applicable)
* Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
keys
* Remove all the case permutations in the keytab entry
generation (to be partially re-added only if necessary).
* Generate keytab entries based on the existing SPN values
in AD
The resulting keytab looks like:
ktutil: list -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
2 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
3 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
4 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
5 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
6 6 host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
7 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
8 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
9 6 suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName)
and the sAMAccountName value. The UPN will be added as well if the machine has
one. This fixes 'kinit -k'.
Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket()
continues to work with RC4-HMAC and DES keys.
(This used to be commit 6261dd3c67d10db6cfa2e77a8d304d3dce4050a4)
|
|
Jeremy.
(This used to be commit 508ba05a8e4a7df8bf7f6ffe3d09a3c461026f78)
|
|
being used.
Jeremy.
(This used to be commit 441c289fd21d00398fb7c4c7c0338b03129a7545)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
Jeremy.
(This used to be commit f131bf8f16fd8b7c49e6065ecbf6f8686b2f4269)
|
|
Thanks to Bjoern Jacke for the report and test-case.
Guenther
(This used to be commit f2ebc0e3de396f44f49dabbfe42cb3ad1c1a7ec1)
|
|
Guenther
(This used to be commit df10448e2c6166d1c129c2d9a9a74c5b4a42555f)
|
|
Guenther
(This used to be commit 4121ccfc3e39001d5b7b8288e3bc27d919f79167)
|
|
(This used to be commit 5b4c4928ac63d6872cf13c3cdc4a9a63405bbda4)
|
|
(This used to be commit 84913caebdb461fed2c94fadfa0039b32a83cb6d)
|
|
this is
what svn is for.
The idea is that we fall back to a pure unix user with S-1-22 SIDs in the
token in case anything weird is going on with the 'force user'.
Volker
(This used to be commit 9ec5ccfe851ac8a1f88b88c8c8461a5cf75b4c57)
|
|
sid_check_is_in_our_domain cases.
Volker
(This used to be commit dc403cec88d91fdeb09cbd04321d88bbdc0f490c)
|
|
Guenther
(This used to be commit 6257f9af93f2391940b2c60fe39c0bf106de15dd)
|
|
Guenther
(This used to be commit 863aeb621afa7dcec1bfef8e503ef8ed363e3742)
|
|
(This used to be commit ef6e9ca5276586c081fcf18bb178a2326309b539)
|
|
netbios domain name in server affinity cache.
Guenther
(This used to be commit 08958411eeff430fb523d9b73e0259d060bac17b)
|
|
info for our own domain.
Guenther
(This used to be commit ebd3c547e508e191d5e1b5bb001797666db7b269)
|
|
(This used to be commit c139a2293bfb66554e1be09c6824d04381de58e1)
|
|
dfs_Enum.
Guenther
(This used to be commit 4e5ea585c3482c38f2624e45f1268d3864a99faa)
|
|
Guenther
(This used to be commit 6bf350895a648ef9b824c94b894e8d7a8989eb97)
|
|
Guenther
(This used to be commit 48ab7f46814dfbd777f142cdd8f59e6c1962eb15)
|
|
read ea's from an msdfs link. Stop it from doing that.
Jerry please merge to 3.0.23.
Jeremy.
(This used to be commit 95e5ace6b4f348a3244b6a3ea0fd8badf55271f5)
|
|
password changes
Jeremy, please review.
(This used to be commit 154e4a281503f0cbc2e654640f1dfa4b4d35a3cd)
|
|
there are
vasprintf implementations that don't like a NULL format.
Volker
(This used to be commit 03c665c307e518c9ff66096904873266b145637c)
|
|
Solaris found this one that needs to go into 3.0.23, actually munlock the
password memory.
Volker
(This used to be commit 6fa928f96a70b7b063dd1bdbb08c6a3f5d942229)
|
|
(This used to be commit eac00a45efe96411ab8574b3a3d436a285b7e88a)
|
|
not the $(srcdir) to allow multiple concurrent compiles when the
source tree is shared via nfs.
(This used to be commit b79e1c011d577581eebb90b95dbdee11f8a96c3b)
|
|
checking for the builtin Administrators group membership.
security = server has no domain info in secrets.tdb
(This used to be commit fa477969fbbcd9f707461a2d9015bebf719ddfbb)
|