Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 6fca29ddcdb111af24ee051b555ab4eec8cadd1d)
|
|
error code.
make_server_info_guest() requires an entry in the SAM at the moment, but
this will change before release.
Andrew Bartlett
(This used to be commit 6a956390fa253e87e38b3f1909f13595fbf2767a)
|
|
string as a configure parameter.
(This used to be commit 3285c80cb0e41d6736b4f74b01a65d55753a7920)
|
|
(This used to be commit cec1ef09e5009cdac22e6c9ca101a49c5ef36b1a)
|
|
(This used to be commit 0f4d1172a6add3f490fca22a45975d2588485146)
|
|
(This used to be commit 7717555438e4d74bb63d12abde3573933c15342a)
|
|
get Win2k to send a valid signiture in it's session setup reply - which it will
give to win2k clients.
So, I need to look at becoming 'more like MS', but for now I'll get this code
into the tree. It's actually based on the TNG cli_pipe_ntlmssp.c, as it was
slightly easier to understand than our own (but only the utility functions
remain in any way intact...).
This includes the mysical 'NTLM2' code - I have no idea if it actually works.
(I couldn't get TNG to use it for its pipes either).
Andrew Bartlett
(This used to be commit a034a5e381ba5612be21e2ba640d11f82cd945da)
|
|
lengths are correct. Attempts to pstrcpy into an fstring or allocated
string should fail in developer builds.
This builds on abartlet's earlier overflow probe for safe_strcpy, but
by clobbering the whole string with a nonzero value is more likely to
find overflows on the stack.
This is only used in -DDEVELOPER mode.
Reviewed by abartlet, tpot.
(This used to be commit 8d915e266cd8ccc8b27e9c7ea8e9d003d05f8182)
|
|
(This used to be commit 65ba78c6bd4c5ab7ec9bf4d15e4410482e82588d)
|
|
(This used to be commit 0ece70d631bf095bf9c8819180b6c59990159cd0)
|
|
(This used to be commit 05cffbee56f0556f550b4d14f3111bd7db972621)
|
|
(This used to be commit ef6cb3ec1aa943d4e52ea08e7b43a47d781d3273)
|
|
(This used to be commit 998537ca398100974075d11e28d5199997424f15)
|
|
The intention is to allow for NTLMSSP and kerberos signing of packets, but
for now it's just what I call 'simple' signing. (aka SMB signing per the SNIA
spec)
Andrew Bartlett
(This used to be commit b9cf95c3dc04a45de71fb16e85c1bfbae50e6d8f)
|
|
(for example, query to non-dc)
Andrew Bartlett
(This used to be commit d1dde5f684652f86e63ac6cfa34ff42a680693de)
|
|
(This used to be commit 25d210b90b6c0377046d89a1dce7a32f94fd7859)
|
|
two layers structure with
- local tdb cache
- remote idmap repository
compiles
(This used to be commit 8fb4e210bc7564ed491d121c20d598ba0bfbddff)
|
|
samba user database.
(This used to be commit 957c11e40e0aedc24d2dce2aaae9888673d68e01)
|
|
(This used to be commit 7dc2b10215c2b015a36e78c3b9b8f13cecfdfeba)
|
|
(This used to be commit 30ba31e6355b5dfb902e42d2b5edc71630db2923)
|
|
reason, during a Win2003 installation, when you select 'domain join' it sends
one machine name in the name exchange, and litraly 'machinename' during the
NTLMSSP login.
Also fix up winbindd's logfile handling, so that it matches smbd and nmbd.
(This helps me, by seperating the logs by pid).
Andrew Bartlett
(This used to be commit afe5a3832f79131fb74461577f1db0e5e8bf4b6d)
|
|
(This used to be commit c2a266b7b661d319e13982bfdbc3a86e8502b8a4)
|
|
Jeremy.
(This used to be commit 13ab94fa73dbaf54da0169bbcf4d027d5c07d207)
|
|
(not tested yet)
(This used to be commit 0d6cec90c13731827abcbc61974efc993e794003)
|
|
(This used to be commit 8338e74ac4e5f31150c96f459a67e52090dc6013)
|
|
Jeremy.
(This used to be commit c0930e6d15eb68f06453d9b67142ccd7fb1370a0)
|
|
(This used to be commit b20bcf8d336b4b2079eb42342a96d1fe714709de)
|
|
Jeremy.
(This used to be commit e81427c2d69be166afad94bc083e750e8f48fba7)
|
|
-------------------------------------------------------------------------
I think there are basically two problem:
1. Windows clients do not always send ACEs for SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ,
and SMB_ACL_OTHER.
The function ensure_canon_entry_valid() is prepared for that, but tries
to "guess" values from group or other permissions, respectively, otherwise
falling back to minimum r-- for the owner. Even if the owner had full
permissions before setting ACL. This is the problem with W2k clients.
2. Function set_nt_acl() always chowns *before* attempting to set POSIX ACLs.
This is ok in a take-ownership situation, but must fail if the file is
to be given away. This is the problem with XP clients, trying to transfer
ownership of the original file to the temp file.
The problem with NT4 clients (no ACEs are transferred to the temp file, thus
are lost after moving the temp file to the original name) is a client problem.
It simply doesn't attempt to.
I have played around with that using posic_acls.c from 3.0 merged into 2.2.
As a result I can now present two patches, one for each branch. They
basically modify:
1. Interpret missing SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, or SMB_ACL_OTHER
as "preserve current value" instead of attempting to build one ourself.
The original code is still in, but only as fallback in case current values
can't be retrieved.
2. Rearrange set_nt_acl() such that chown is only done before setting
ACLs if there is either no change of owning user, or change of owning
user is towards the current user. Otherwise chown is done after setting
ACLs.
It now seems to produce reasonable results. (Well, as far as it can. If
NT4 doesn't even try to transfer ACEs, only deliberate use of named default
ACEs and/or "force group" or the crystal ball can help :)
-------------------------------------------------------------------------
Jeremy.
(This used to be commit 8ec20cbae7ca7e685b1a4186d8482c7405915dc3)
|
|
genparser works fine, and it is a marvelous tool to store objects in tdb :)
(This used to be commit 4c6d461a8572f03cd33cba95500cc837638b732c)
|
|
for name->sid.
(This used to be commit 0ebccc0dbeecc10d423529909a2563fbc3bf9857)
|
|
IP address resolving code.
(This used to be commit 1f605fe77c56ee2a7838c9f87eedf4bb91ebf688)
|
|
Jeremy.
(This used to be commit 1cbd53dc3cd2d56f5e62d42fed5d589efcecb8f8)
|
|
differently to W2K, cope with this.
Jeremy.
(This used to be commit 172f415c9eaa4d310a52794e3dc1a6bc92206ce4)
|
|
(This used to be commit d41dbe568ec77e4860678e5ee4fe2ab2f2da507b)
|
|
(This used to be commit 401a522d88abdb6d6f01707f51b658d4e0497d3d)
|
|
(This used to be commit 21ec2b6ba3ddba6964f6ddb53f8494e4a8b48a83)
|
|
Samba. This fixes things like not doing *SMBSERVER etc.
Andrew Bartlett
(This used to be commit 8863ff863c1da42aa6b8718f315c608d9d9067c6)
|
|
(This used to be commit d8d2d5e75503ae2b6532a25e4c9bbcdf20cc60af)
|
|
Andrew Bartlett
(This used to be commit 42b5514404bc7e33306c11344c6c934a1f83d295)
|
|
(This used to be commit a387c4209735f8e4c826cad7cb10c5349b2041ec)
|
|
(This used to be commit 460339db2246b0213252ee34f507eb8e55ecbecb)
|
|
a test ...
(This used to be commit 1128a2fb4c16681e669efe605ff7d7161a2f7acd)
|
|
function usage.
Andrew Bartlett
(This used to be commit cdc6139a9646b267a9921fc11fa532640a2e4c7f)
|
|
all perfectly legit - the region is an fstring in length, but might not
always be, and it is the last peice of code to fail my automated test.
Andrew Bartlett
(This used to be commit 762d61b37d053568b6346e249ba7ef594320153a)
|
|
failures for some compile-time properties this way.
Andrew Bartlett
(This used to be commit ce618624b7df797e228f8ef0f19820b318c62ae9)
|
|
(This used to be commit 243c9c37a53501b96df6286517e03eb09efcc620)
|
|
behaviour we should seperate -g from --enable-developer, and allow developers
to also select --enable-debug if they want.
Andrew Bartlett
(This used to be commit 96d1449c42597ea22c538a004960b26925c641fc)
|
|
(This used to be commit b32ae2d83fd0b4dd2c313cd0727bd276564cec0c)
|
|
command. From Ronan Waide <waider@waider.ie>.
(This used to be commit 992b5eb4e05fbf99d91d7235b9a002957533f95b)
|