Age | Commit message (Collapse) | Author | Files | Lines |
|
The problem was that *all* packets were being signed, even packets before
signing was set up. (This broke the session request).
This fixes it to be an 'opt in' measure - that is, we only attempt to sign
things after we have got a valid, non-guest session setup as per the CIFS spec.
I've not tested this against an MS server, becouse my VMware is down, but
at least it doesn't break the build farm any more.
Andrew Bartlett
(This used to be commit 1dc5a8765876c1ca822e454651f8fd4a551965e9)
|
|
platforms :-)
(This used to be commit bda8f12ff551f24a6f2a8e8f7a120b2e0e45a269)
|
|
paths handle the rest later.
Andrew Bartlett
(This used to be commit 09754ec797c4232d2016c7eff2e74044f28ebb7c)
|
|
(This used to be commit 957c865cee7f799145f9f1d30dfd0d0a25d826cf)
|
|
The aim of this execise is to give the 'security>=user' code a straight paper
path. Security=share will sill call authorise_login(), but otherwise we avoid
that mess.
This allow *much* more accurate error code reporting, beocuse we don't start
pretending that we can use the (nonexistant) password etc.
Also in this patch is code to create the 'homes' share at session setup time
(as we have done in the past - been broken recently) and to record this on
the user's vuser struct for later reference. The changes here should also
allow for much better use of %H (some more changes to come here).
The service.c changes move a lot of code around, but are not as drastric
as they look...
(Also included is a fix to srv_srvsvc_nt.c where 'total_entries' not
'*total_entries' was compared).
This code is needs testing, but passes my basic tests.
I expect we have lost some functionality, but the stuff I had expected
to loose was already broken before I started. In particular, we don't 'fall
back' to guest if the user cannot access a share (for security=user). If you
want this kind of stuff then you really want security=share anyway.
Andrew Bartlett
(This used to be commit 4c0cbcaed95231f8cf11edb43f6adbec9a0d0b5c)
|
|
like the domain name and SID come from the remote domain, not the local
one. These are filled out by the code from the previous commit (auth_util.c,
the make_server_info_info3() fn) and read back here.
Andrew Bartlett
(This used to be commit 6872de2e5b27fd2de61ed14c85475a0eacd637ca)
|
|
(This used to be commit a07f2c08ff145f414618165739fe7f2d203931e8)
|
|
It extends the 'server mutex' to conver security=server, becouse the connection
race condition exists here too, and while people *should* use security=domain,
some sites don't....
(This probably should be done in 2.2 as well).
Also, start to actually extract and use the information that the remote
server returns in the info3 struct.
The server mutex code is now in a new file.
Andrew Bartlett
(This used to be commit 9b0dabdf4ec3bb45879caae76e03b57ccdad8b4b)
|
|
deveopers hack to always send a fixed challange, for the benifit
of tutorials and packet sniffing etc.
Enabling this module removes all security, so its a --enable-developer
option.
Andrew Bartlett
(This used to be commit 622e6b64dfb0a2c53d2c9dbd7b8ff438492eaf02)
|
|
and that local accounts are perfectly fine.
(This used to be commit 9fe8da6dd1b7fecfee0a2778fec0b7dd0fd40bfb)
|
|
(This used to be commit fb89be135575561f759a299048ed1eb5363183c3)
|
|
use the silly cache any more. Also add group functions and fix a few callers.
Andrew Bartlett
(This used to be commit 41d4b94077c118ecde2bf8792b9bb7ab71c6403e)
|
|
Jeremy.
(This used to be commit 0e7e8d44627ad9645a90e96001f8550b68b67a62)
|
|
Jeremy.
(This used to be commit 9d461933766f26ce772f6d5ea849ef9218c4d534)
|
|
Jeremy.
(This used to be commit c1b20db4bb4bb1ba485466f50b9795470027327c)
|
|
Jeremy.
(This used to be commit 1f46dc9cbf7f2da2865ae2e10146d5976ed801ea)
|
|
and renamed to str_list_* as it is a better name.
Elrond should be satisfied now :)
(This used to be commit 4ae260adb9505384fcccfb4c9929cb60a45f2e84)
|
|
(This used to be commit a2c791c0bbce1d505e5ef2150384ad5d54ae7117)
|
|
already.
Andrew Bartlett
(This used to be commit a5d5b4cf2555b9bbded31b556d4fc74c00c6c490)
|
|
of implementing it twice inline.
This code is complex - but occasionally I get the feeling that people made
it more complext than it really needed to be...
Andrew Bartlett
(This used to be commit 273d518e52a83eca466c134531dd12825fe3cbdb)
|
|
(invalid passdb backends smb.conf entry) we picked up a few things :-).
Andrew Bartlett
(This used to be commit dfa98ae0ac195956490ca2f4140a8eff1566095e)
|
|
the passdb backends fail to load (is this the right way? - I think so).
Also, I've added some more comments, cleaned up some style etc.
(This used to be commit c8c490bcb84df43be38bdcb48067fec12331e358)
|
|
(This used to be commit 27e34d4e63adc6d6ad63857d2a17595b7cff52db)
|
|
(This used to be commit e2f9dd8b65063a276569d9c33aaf06606003b85c)
|
|
(for use in passdb modules like pdb_xml or a new pdb_ldap that stores sids etc.)
Andrew Bartlett
(This used to be commit c70b2c4fb72f251a14e0fc88b6520d69a0889bc2)
|
|
Andrew Bartlett
(This used to be commit 0a64ff4c9984c751ed6bd9e9bc8d16c70abec02d)
|
|
rather than a string when configuring mulitple backends.
Also adjust some of the users of get_global_sam_sid() to cope with the fact
that it just might not exist (uninitialised, can't access secrets.tdb).
More places need conversion.
Add some const and remove silly casts.
Andrew Bartlett
(This used to be commit c264bf2ec93037d2a9927c00295fa60c88b7219d)
|
|
modifications required to suppress the const warnings.
Andrew Bartlett
(This used to be commit ec4f1e9e2f6c162a475b424d63b9802387ad905e)
|
|
Andrew Bartlett
(This used to be commit 29490f214750acd44cee6c4ab1354722d82d853a)
|
|
Jeremy.
(This used to be commit aa0a6f5532a2689409426eef9a4b66a28fb97635)
|
|
Jeremy.
(This used to be commit 1712a7b34a73ad89965961c0db4dd198d6b257c6)
|
|
Jeremy.
(This used to be commit 5e2571f424a40df4d67fe279517a9b21184b78e1)
|
|
to using SIDs instead of RIDs.
The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument.
The idea here is to prevent mistakes where the SID is implict, but isn't
the same one that we have in the struct.
Andrew Bartlett
(This used to be commit 04f9a8ff4c7982f6597c0f6748f85d66d4784901)
|
|
be static
very very slow ... I leave it as an exercise for the reader to make
this O(n) instead of O(n^2)
(This used to be commit 7c035d473c7175163ad5db0373ed2fe6c739b968)
|
|
(This used to be commit bfd8a33c68a3747cbad21667d7515aebd61ec537)
|
|
(This used to be commit 8e51081333ae0b81a2aa2c609aa7a3ff8bf7f4ec)
|
|
(This used to be commit de18c785ab9a253cc8bf8d7e4066de0133225c6c)
|
|
(This used to be commit aff65bf6c9f339ae1d3122d12114005c017b9b5d)
|
|
O'Connor(billy@oconnoronline.net)
(This used to be commit 88718883e031a3249152861300432dfc895ac587)
|
|
(This used to be commit 30a0e72572b25ddd99438b92b8ddf7f06e9ad819)
|
|
Jeremy.
(This used to be commit 64af68924b8fc36caac3f978dc0f9deccc41e059)
|
|
the (now static) global_sam_sid.
The only place it was being used was to return global_sid_NULL to some
uid->sid functions - and I'm not convinced this is correct in any case.
Andrew Bartlett
(This used to be commit e2a76a7fc94dd59c09bba3cda91446fad9f8c0e0)
|
|
I think it should be removed from CVS. This matches the other proto files.
Andrew Bartlett
(This used to be commit 5a8d573f1784b037fd848d85a96dabfebfad63fd)
|
|
charsets, becouse it really don't apply well with Samba 3.0 and unicode.
Andrew Bartlett
(This used to be commit 43fdd20386a45587e7b739f5c48c9cddc5c98da3)
|
|
(This used to be commit 3dd7fa7c57bb1c1d47b2c70a0dd4b5f14c1ddeb2)
|
|
involving the use of lp_winbind_gid() without checking if they have been
set.
Also revert the 'clashing user' check back to a Get_Pwnam() - I probably should
never have changed it.
Andrew Bartlett
(This used to be commit 1d6ba405589cee4e1582bc91cf659b89564899d4)
|
|
we leave the gid alone.
Jeremy.
(This used to be commit 3f72910cf954b127c0cc06d6616ca2b8cd0d41ad)
|
|
Jeremy.
(This used to be commit 2c1e78702423ba17993975eb7f158058cc7f229f)
|
|
(This used to be commit 1996bcbe6acae49e191363ee122b30e4e5d5e8a9)
|
|
initialising function. This patch thanks to the work of
"Stefan (metze) Metzmacher" <metze@metzemix.de>
This is partly to enable the transition to SIDs in the the passdb.
Andrew Bartlett
(This used to be commit 96afea638e15d4cbadc57023a511094a770c6adc)
|