summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2003-05-11Rolling in VL's changes.John Terpstra1-8/+12
(This used to be commit 02244dac83623dabe927f79780cf4b7313022495)
2003-05-11Set the password for a newly created trustdom account. Tested againstVolker Lendecke1-3/+34
PDCs running NT4SP1, NT4SP6 and Samba 3.0. Volker (This used to be commit 2143446043b2c29027cf69554caddf41274df709)
2003-05-11When we have a NT4SP0 PDC trust us, we first have to check theVolker Lendecke1-2/+2
password. On NT4, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT means the password was correct. So the PDC believed that he had his trust account correctly added. Later the auth2 naturally failed. BTW, setting up an interdom trust account is not what I would call well documented and easy to handle... Working on that now :-) Volker (This used to be commit e4e44cf3b18231ec5d7326fb42edec741caa147b)
2003-05-11Ok, this is a hack. On a netsec bind reply I did not see anythingVolker Lendecke1-0/+20
useful in the auth verifier yet. So this patch ignores it. Really checking this would be a lot more intrusive: in rpc_api_pipe we would have to distinguish between binds and normal requests, or have more state in the netsec info of cli_state, which is also somewhat hackish. Volker (This used to be commit 8de04fcf680a9bc5054965577eb500e0541ffe66)
2003-05-11Updating Global definitions.John Terpstra1-1/+1
(This used to be commit 18b62570c4b0b84ebe665395f08ca7c23e4c126a)
2003-05-11Extending Access Control DocsJohn Terpstra4-449/+553
(This used to be commit c0a1069463ea7239ca603deb5c568151439fea3f)
2003-05-11As discussed on samba-technical - move to 'primaryGroupSid' insted ofAndrew Bartlett2-18/+56
primaryGroupID (rid). This is consistant with the move from 'rid' to ntSid for the primary user identifier. Also cope with legacy installations where primaryGroupID might have been stored as 0. Andrew Bartlett (This used to be commit 0e432817cb927b41af7b49fb0b5081ffdb46f85e)
2003-05-11Using /dev/urandom for determining an ldap server backoff is a waste of systemAndrew Bartlett1-2/+6
entropy - use sys_random() instead. Andrew Bartlett (This used to be commit 640462a365235aa7ce6f817778f022530a25d909)
2003-05-10Completion of Stand-Alone server docs.John Terpstra1-6/+107
(This used to be commit 44dbed231743b5caea319c448b2700bb02cc8303)
2003-05-10Fix typos in StandAloneServerJohn Terpstra2-18/+10
Remove admonition in ServerType - Until someone gives me a replacement for it I consider it a non-issue. (This used to be commit 147676b44a4b393276497419f0bc80bff8fe425a)
2003-05-10Reverse latest module_dummy patch from metze and me.Jelmer Vernooij1-53/+0
(This used to be commit 9dc8f7b4d46b3d1adf4b22cec2b62600dcb3c899)
2003-05-10Reverse previous patch from Stefan and me after comments by Andrew BartlettJelmer Vernooij34-84/+2
(This used to be commit d817eaf0ecca2d878ab1ffcf7a747a02d71c811e)
2003-05-10Patch from metze and me that adds dummy smb_register_*() functions soJelmer Vernooij35-2/+137
that is now possible to, for example, load a module which contains an auth method into a binary without the auth/ subsystem built in. (This used to be commit 74d9ecfe2dd7364643d32acb62ade957bd71cd0d)
2003-05-10Typos and fixes resulting from VL feedback.John Terpstra3-42/+120
(This used to be commit ab1ff35187924c31a8fa503c0d02c6b54605da4f)
2003-05-10Fix from Tom.Lackemann@falconstor.com to correctly set the flags basedJeremy Allison1-1/+9
on the security entries sent. Jeremy. (This used to be commit 45953d59f707b58e66b980512afc7f929d360ad5)
2003-05-10Optimisation. We don't need to do 2 strlen's when we're setting the statJeremy Allison1-9/+0
struct in the correct place. Jeremy. (This used to be commit 4cd8b276715f7e019fcee8fc3ebb2855610c4751)
2003-05-10Fix for possible segfault in readline handler. Found by vitalyb@mail333.com.Jeremy Allison1-1/+2
Jeremy. (This used to be commit 151b7d0d88e14dd17c28e522a3e1e8f64a4a2a87)
2003-05-10Fix typo.John Terpstra1-1/+1
(This used to be commit 7bec28f23c5bef8516e798a0808585ed1a30517e)
2003-05-09syncing README to go along with scriptsGerald Carter1-24/+7
(This used to be commit 94780f0947f7ad7d5bc83e61681148637b59d7ab)
2003-05-09syncing import/export smbpasswd file scripts from 2.2Gerald Carter4-231/+114
(This used to be commit ee1374cabf38c3d99e66a45316e232d1c2cfbe6a)
2003-05-09removing total print jobs since it is not used anymoreGerald Carter1-2/+0
(This used to be commit b87be0dddfcace95527b9a05f8f81cd6d2e86d39)
2003-05-09Makefile changes to allow new NTLMv2 patch to work.Andrew Bartlett1-10/+7
(This used to be commit 0c1946e51c7cd18907eb65c93042758196fe74c9)
2003-05-09Cleanups. My NTLMv2 changes also changed the preference from using an implicitAndrew Bartlett1-42/+42
structure-memcpy for DATA_BLOB parameters to using a pointer to that DATA_BLOB. auth_sam calls some of these functions, so I've cleaned it all up to use this format now. Also clean up some debug statements to make them easier to read. Andrew Bartlett (This used to be commit 0c355c274a6ac084e4bf15a15613dfc007d6c5fc)
2003-05-09Finally get NTLMv2 working on the client!Andrew Bartlett4-119/+131
With big thanks to tpot for the ethereal disector, and for the base code behind this, we now fully support NTLMv2 as a client. In particular, we support it with direct domain logons (tested with ntlm_auth --diagnostics), with 'old style' session setups, and with NTLMSSP. In fact, for NTLMSSP we recycle one of the parts of the server's reply directly... (we might need to parse for unicode issues later). In particular, a Win2k domain controller now supplies us with a session key for this password, which means that doman joins, and non-spnego SMB signing are now supported with NTLMv2! Andrew Bartlett (This used to be commit 9f6a26769d345d319ec167cd0e82a45e1207ed81)
2003-05-09Fix bug #4 for net rap. Allow more than 50 chars for long form listings of ↵Jim McDonough1-2/+2
users and groups. (This used to be commit dcc6d9e76c737400aaffdd4f261fd0f191aaeea8)
2003-05-09Fix comment - we now have 5 types of error...Andrew Bartlett1-1/+1
(This used to be commit 372a574a73b86855cf6efc18349e5ba24067d690)
2003-05-09Make sure we always have some client data, not just the hash. An NTLMv2 orAndrew Bartlett1-2/+3
LMv2 response less than 24 bytes is just silly. Andrew Bartlett (This used to be commit b4ecdb2e582376d2713f81e8e32a668014905d70)
2003-05-09Elsewhere, we use a #define for this environment variable name, so do theAndrew Bartlett1-2/+2
same here. Andrew Bartlett (This used to be commit a4556786d28724309321a02afbf5005158440258)
2003-05-09When checking if a SID is in a domain, make sure that indeed the user RID isAndrew Bartlett1-0/+3
one element longer than the domain sid. Andrew Bartlett (This used to be commit c61e5e38776d2de53d120b592a6685158e79ebb8)
2003-05-09Sync up to head ...Richard Sharpe1-34/+100
(This used to be commit 045210e129e6e0aef8f847e7ed8714d0d9974e7f)
2003-05-09More edits, hackety hack.John Terpstra2-32/+298
(This used to be commit 044489f218fa90df3a4838980b060738d6dcbffc)
2003-05-09Sync to the changes in head ...Richard Sharpe1-1/+1
(This used to be commit 7f76eac5a0f93107d990b0fde651838c38970092)
2003-05-09Added some more diagnostic tests to check out a theory that having either hashTim Potter1-12/+174
- auth with ntlmv2 and lmv2 but deliberately break the ntlmv2 hash - auth with ntlmv2 and lmv2 but deliberately break the lmv2 hash - auth with ntlm and lm but deliberately break the ntlm hash - auth with ntlm and lm but deliberately break the lm hash My theory is that the NTLM or NTLMv2 field must be correct and if it is, it doesn't matter what the value of the LM or LMv2 field is. Fixed cosmetic test name display bug. (This used to be commit 5dcde9451bd0d6a7462b77cf5ed137bfd691adaa)
2003-05-09Fix up a bunch of problems in editreg.cRichard Sharpe1-16/+16
Now the build farm will no doubt find more. (This used to be commit e91e648c9b0841fbffbc8f39e71abade0996a1e7)
2003-05-09Fix nasty bug pointed out by samba-technical poster. If name is mangledJeremy Allison1-1/+12
then we weren't always correctly detecting that it had a valid stat struct and so might now return a 'file existed'. Finally realized this when installing the W2K resource kit as a test case. Jeremy. (This used to be commit d48069ccd8351e4bff097a7f7500c738870a413d)
2003-05-08fix bug #47; revert registration of workgroup<1b> to 2.2 behaviorGerald Carter1-1/+1
(This used to be commit 016f6b4e19c2b8e4f5e1d010cc428ca194650140)
2003-05-08fixed bug #75; add check for non-zero destlenGerald Carter1-1/+1
(This used to be commit 83bb84f13121267992e78f2d005257932c711f23)
2003-05-08Hopefully re-enable building heimdal. It needs -lresolv included in LIBSJim McDonough1-0/+1
to link during configure checks. (This used to be commit 7af282e7ff9c2cccfab97130dc66515a4852c25f)
2003-05-08Revert a patch that somehow slipped in...Volker Lendecke1-2/+2
Volker (This used to be commit 6cde3d4d655bbe1d81e68ec2ec7a23669ac82120)
2003-05-08This puts real netlogon connection caching to winbind. This becomesVolker Lendecke10-123/+186
important once we start doing schannel, as there would be a lot more roundtrips for the second PIPE open and bind. With this patch logging in to a member server is a matter of two (three if you count the ack...) packets between us and the DC. Volker (This used to be commit 5b3cb7725a974629d0bd8b707bc2940c36b8745e)
2003-05-08Another set of updates to the docs.John Terpstra6-303/+697
(This used to be commit 9abe3b23836ae75bd31fd2af4c7d82f34c27f52a)
2003-05-08This puts back wins.dat into nmbd for easy editing. It leaves most ofVolker Lendecke1-194/+222
the other infrastructure with name owners etc in place. If anybody is really going to tackle winsrepld, it will probably not be hard to put the additional info back. Volker (This used to be commit eb82daa84a5339f28ebf431ee1044b7e1e4a4300)
2003-05-08Another attempt at undoing my bogus patch 1.55.2.19Tim Potter1-0/+2
(This used to be commit 05a684b3be1525aad3589ded9e59c3f012b5ef20)
2003-05-07Always initialise this - it helps callers who use this in a loop...Andrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit 97bc047434284527f25e130a72981da704ed1212)
2003-05-07Fix the spinning bug for 'net rpc user' as well - there are more errors inAndrew Bartlett1-4/+4
this world than 'status more entires'... Also move all the cases to 'NT_STATUS_EQUAL()' to test it. Andrew Bartlett (This used to be commit b4645bf0661dadcd077b21bb6f6452ed8b2eb726)
2003-05-07SMB_QUERY_FILE_ALT_NAME_INFO and SMB_FILE_ALTERNATE_NAME_INFORMATIONJeremy Allison1-9/+1
are identical - noticed by "Dr. Tilo Levante" <tilo@levante.de>. Jeremy. (This used to be commit f6d7c279bc8354202f2a9b39fec4a4c8ace368a3)
2003-05-07Fix irritating typo - non arg functions should be fn(void).Jeremy Allison1-1/+1
Jeremy. (This used to be commit 395dfd196cf4bcd432a4895d3dd09fefd46cd6d8)
2003-05-07%f -> %p (reported by Kurt Pfeifle <kpfeifle@danka.de>Jelmer Vernooij1-1/+1
(This used to be commit 28a6e8a6947b54169ff484a7255e601dcc7899d7)
2003-05-07Make fchown, fchmod conditional for systems that don't have them.Jeremy Allison2-5/+20
Jeremy. (This used to be commit cf78b1e7fe72aec72d03c86c46a8ca49df539c11)
2003-05-07SMB Signing with NTLMv2 works!Andrew Bartlett1-11/+2
(well, under certain conditions :-) There is no length limit on the size of the authentication response added into the MD5 hash. (We had previously limited this to lengths like 40, 44 or 64 in attempts to make sense of what the SNIA spec tells us). Instead, the entire authentication response is added in. Currently, this only works on a Win2k domain members with a Samba PDC, becouse our NTLMv2 code currently fails against an Win2k PDC. However, this splits the problem in half - particularly as the NTLMv2 format is known, and even has an ethereal disector! (thanks tpot). Andrew Bartlett (This used to be commit 7645d3d28afbb8eea502c0e063df3afb3aa812f4)