summaryrefslogtreecommitdiff
path: root/source3/include/includes.h
AgeCommit message (Collapse)AuthorFilesLines
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-1/+1
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-11-03removing #include <compat.h> in hopes to avoid problems with apache header ↵Gerald Carter1-4/+0
files; will watch the build farm on this to make sure things don't blow up (This used to be commit e92583cecd79adea25caedd1599ac8f36733a923)
2003-10-24Fix one other place VA_COPY is defined ... should fix NetBSD build.Richard Sharpe1-0/+4
(This used to be commit fb69597629bad305f227b5bab62e0f170d3c164c)
2003-10-21If we have blacklisted mmap() try to avoid using it accidentally byTim Potter1-0/+7
undefining the HAVE_MMAP symbol. (This used to be commit c420195231457d3202157490f4bec335a788d8b4)
2003-08-15Latest heimdal snapshot has a krb5_set_real_time with a slightlyVolker Lendecke1-1/+1
different (but by implicit conversion hopefully compatible... ;-) prototype. Fix the build for that. (This used to be commit 497b190edc42cec40fc80e9d9eb6aa4e1a466ac5)
2003-08-15add IRIX EA supportHerb Lewis1-0/+4
(This used to be commit 589e94f4ffa325acfd6562a84906639e19fd5d33)
2003-08-06Get rid of MAXPATHLEN, move to standard PATH_MAX.Jeremy Allison1-4/+0
Jeremy. (This used to be commit 455ed2d51d86f39ce0fa6e6abca31a5425d2ea17)
2003-07-29This adds gss-spnego to ntlm_auth. It contains some new spnego supportVolker Lendecke1-0/+2
from Jim McDonough. It is to enable cyrus sasl to provide the gss-spnego support. For a preliminary patch to cyrus sasl see http://samba.sernet.de/cyrus-gss-spnego.diff Volker (This used to be commit 45cef8f66e46abe4a25fd2b803a7d1051c1c6602)
2003-07-25W00t! Client smb signing is now working correctly with krb5 and w2k server.Jeremy Allison1-1/+1
Server code *should* also work (I'll check shortly). May be the odd memory leak. Problem was we (a) weren't setting signing on in the client krb5 sessionsetup code (b) we need to ask for a subkey... (c). The client and server need to ask for local and remote subkeys respectively. Thanks to Paul Nelson @ Thursby for some sage advice on this :-). Jeremy. (This used to be commit 3f9e3b60709df5ab755045a093e642510d4cde00)
2003-07-23A fix for bug 174. I'm pushing this to the tree to test it on one ofTim Potter1-0/+8
the build farm machines that I don't have direct access to (hpntc9I). (This used to be commit b01965823341bbabb74dcbc09d379b43db2ec680)
2003-06-30- added LOCALE patch from vorlon@debian.org (Steve Langasek) (bug #122)Andrew Tridgell1-0/+8
- changed --enable-developer debug to use -gstabs as it makes the samba binaries about 10x smaller and is still quite functional for samba debugging (This used to be commit 53bfcd478a193d4def8da872e92d7ed8f46aa4b9)
2003-06-16reverted locale patch put in by jht (originally from vorlon).Andrew Tridgell1-8/+0
There are lots of things wrong with this patch, including: 1) it overrides a user chosen configuration option 2) it adds lots of complexity inside a loop when a tiny piece of code outside the loop would do the same thing 3) it does no error checking, and is sure to crash on some systems If you want this functionality then try something like this at the end of charset_name(): #ifdef HAVE_NL_LANGINFO if (strcasecmp(ret, "LOCALE") == 0) { const char *ln = nl_langinfo(CODESET); if (ln) { DEBUG(5,("Substituting charset '%s' for LOCALE\n", ln)); return ln; } } #endif then users can set 'display charset = LOCALE' to get the locale based charset. You could even make that the default for systems that have nl_langinfo(). (This used to be commit 382b9b806b1ecd227b1ea247e3825d6848090462)
2003-06-15Patch from vorlon@debian.org, see bugzilal #122John Terpstra1-0/+8
Samba should preferentially use the locale information from the native system, and only fall back on 'display charset' if this is unavailable or unsupported. (This used to be commit 1e445fb4220cdf4700dd9d1850a42746a1065c5a)
2003-06-10Ok, I've tried being Mr. Nice Guy and people (you know who you are) stillJeremy Allison1-4/+0
keep putting bzero BSD'ism's into our source code. Make this an error like bcopy and others to prevent it in future. Jeremy. (This used to be commit 80d043231626192db85f08ccea062b91fcf999cc)
2003-06-05Get ready for EA code... Add Linux interface.Jeremy Allison1-0/+4
Jeremy. (This used to be commit 48853140749b74053f1a7857a983397b6e9a0234)
2003-06-05working draft of the idmap_ldap code.Gerald Carter1-0/+4
Includes sambaUnixIdPool objectclass Still needs cleaning up wrt to name space. More changes to come, but at least we now have a a working distributed winbindd solution. (This used to be commit 824175854421f7c27d31ad673a8790dd018ae350)
2003-05-30More on bug 137: rename more of krb5_xxx functions to not start with krb5_Jim McDonough1-1/+1
(This used to be commit 10f1da3f4a9680a039a2aa26301b97e31c06c38d)
2003-05-20remove WITH_TDB_SAM & USE_SMBPASS_DBGerald Carter1-4/+0
(This used to be commit 1f98ced3163e26818c12829801729bc28f858de7)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-6/+24
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-05-11Fix VFS layer:Alexander Bokovoy1-0/+1
1. Finally work with cascaded modules with private data storage per module 2. Convert VFS API to macro calls to simplify cascading 3. Add quota support to VFS layer (prepare to NT quota support) Patch by Stefan (metze) Metzemacher, with review of Jelmer and me Tested in past few weeks. Documentation to new VFS API for third-party developers to follow (This used to be commit 91984ef5caa2d13c5d52e1f535bd3bbbae1ec978)
2003-05-06Patch from metze to add exit and interval events. Useful for modulesJelmer Vernooij1-0/+2
(This used to be commit 3033a63cefb5f28d4460885f7f4e4ecaed95443c)
2003-04-29remove --with-tdbsam since it is always built nowGerald Carter1-1/+1
(This used to be commit f277cd54ea6be5cad6ea765d992bc4133765ef92)
2003-04-16Merge valgrind header usage from HEAD.Andrew Bartlett1-4/+17
(This used to be commit 5c978e39f2879d900a1bcad535b489f4cd440906)
2003-04-14Backport my backtrace patch from HEADJelmer Vernooij1-0/+4
(This used to be commit 66fcf6b4938a87e5ded7c7e5830a6a54e4439544)
2003-04-14Merge of TRUE/FALSE preprocessor traps from HEAD.Tim Potter1-1/+14
(This used to be commit 2a962393017e65cb67944740e4faaad9902764e8)
2003-04-02Merge of winbind nss library cleanup from HEAD.Tim Potter1-1/+1
(This used to be commit a4b5f2c01bae049edc4f385cb0441bbde4fb443b)
2003-03-28don't include proto.h during autoconf tests since it doesn't exist yet; ↵Gerald Carter1-0/+2
fixed getsmbpass replacement test (This used to be commit 2aa2767ed5dc5290d6f71174bbf1be7d75a97d8b)
2003-03-28merged real time signal fixes from headAndrew Tridgell1-0/+4
(This used to be commit 03a5e62300f3cfb96d14570b73a758e6fa64c449)
2003-03-18Jeremy merged across my string parinoia fixes, but forgot to enable them! :-)Andrew Bartlett1-0/+1
This patch catches up on the rest of the work - as much string checking as is possible is done at compile time, and the rest at runtime. Lots of code converted to pstrcpy() etc, and other code reworked to correctly call sizeof(). Andrew Bartlett (This used to be commit c5b604e2ee67d74241ae2fa07ae904647d35a2be)
2003-03-17Merge from HEAD - sync up SessionSetup code to HEAD, including Luke Howard'sAndrew Bartlett1-0/+1
session key and auth verifier patches. Andrew Bartlett (This used to be commit 3f9616a68a855acbae3f405c27ee2358fbe7ba2c)
2003-02-24Iconv as seperate library fixes from HEADAndrew Bartlett1-0/+5
(This used to be commit 935c66f6a02c7ba764fbcc643a91833deb588bc0)
2003-02-19Sync with HEAD for verifying kerberos tickets.Jim McDonough1-2/+3
(This used to be commit 77e1178a888f0d380a5ef94911a8f07bf04a7ba3)
2003-02-19Merge minor library fixes from HEAD to 3.0.Andrew Bartlett1-0/+4
- setenv() replacement - mimir's ASN1/SPNEGO typo fixes - (size_t)-1 fixes for push_* returns - function argument signed/unsigned correction - ASN1 error handling (ensure we don't use initiailsed data) - extra net ads join error checking - allow 'set security discriptor' to fail - escape ldap strings in libads. - getgrouplist() correctness fixes (include primary gid) Andrew Bartlett (This used to be commit e9d6e2ea9a3dc01d3849b925c50702cda6ddf225)
2003-01-30Re-added the Heimdal stuff tpot removed.Jeremy Allison1-0/+8
Jeremy. (This used to be commit e79dc0dade1ab1c9f8b3af5c01248bda70cfd582)
2003-01-30Sync of Heimdal kerberos stuff with HEAD. If this breaks I'm blamingTim Potter1-15/+1
the dog again. (This used to be commit 6f89ee2c9dc7f03e3dbe7aa734bf67c6a434d135)
2003-01-28Finally we compile with Heimdal as well as MIT ! Wonder if it works... :-).Jeremy Allison1-0/+1
Jeremy. (This used to be commit 1b71786c161cd8ec4c3c0c6b178370ed50feeef4)
2003-01-28Get smbd to link with Heimdal. Still missing some client progs...Jeremy Allison1-0/+3
Jeremy. (This used to be commit 85dda434763bbcea260c800599e4b6b73afcf174)
2003-01-21Get closer to Heimdal compile... Damn. HEAD has different code inJeremy Allison1-1/+11
kerberos_verify... Jeremy. (This used to be commit e8c4098da619a1429cc4c8251761333a7c0f3458)
2003-01-21Fixup proto generation to not include krb5 specific symbolsJeremy Allison1-0/+3
if no kerberos selected. Noticed by Metze. Jeremy. (This used to be commit 0c98f779f05431ac4d298c9f021fca85d16aebae)
2003-01-19Merge in more of the SuSE patches for Heimdal. These changes show howJeremy Allison1-0/+12
to add a function without an explicit #ifdef HEIMDAL which I'm trying to avoid. Jeremy. (This used to be commit 92ecd0bf0fe2cc4f6c86ca48e6e458e726470a50)
2003-01-16More Heimdal changes. Still not compiling with Heimdal yet...Jeremy Allison1-0/+4
Jeremy. (This used to be commit 4333be5732de07786254382a4aa41333783d81b5)
2003-01-16Fist part of fixes to make us compile with Heimdal. Don't explicitlyJeremy Allison1-0/+4
detect for now, I still have vague hopes of hiding the differences between MIT and Heimdal with a compatibility layer.... Jeremy. (This used to be commit 54d83de8a23937f1d8179a7e2596df3c50785618)
2003-01-15*lots of small merges form HEADGerald Carter1-0/+2
*sync up configure.in *don't build torture tools in make all *make sure to remove torture tools as part of make clean (This used to be commit 0fb724b3216eeeb97e61ff12755ca3a31bcad6ef)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-1/+1
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2003-01-03Merge from HEAD - add PRINTF_ATTRIBUTE to a few more functions.Andrew Bartlett1-0/+9
(This used to be commit 9e5297131cc53d7161aa74566f147b98e1c27aaa)
2002-12-30Catching up with old patches. Add define for VERITAS quota support.Jeremy Allison1-0/+8
Check return in ldap. Jeremy. (This used to be commit 66eff26fc930e37035bba8672f5fd3aeae71078d)
2002-12-11Fixed auth module code. Added VALGRIND defines to reduce spurious warnings.Jeremy Allison1-0/+4
Jeremy. (This used to be commit ec4ed45563f9d8e25fcfd88840944a90b3139c3e)
2002-12-10Fix client reporting of 64 bit files.Jeremy Allison1-0/+4
Jeremy. (This used to be commit 8dcbfa4e770d74d4ce6faaf1a0597d07d0a5cc81)
2002-12-03Fixed nasty bug where file writes with start offsets in the rangeJeremy Allison1-0/+2
0x80000000 -> 0xFFFFFFFF would fail as they were being cast from IVAL (uint32) to SMB_OFF_T (off_t or off64_t, both *signed* types). The sign extension would cause the offset to be treated as negative. Thanks to Herb for helping me track this one down (IRIX is good for large file tests :-). Jeremy. PS. That horrid EXEXIST thing has broken configure..... (This used to be commit 2d14c442bc601a277458b69f05a763aa2a1ab3b7)
2002-11-09Sync with HEADJelmer Vernooij1-0/+4
(This used to be commit 1a25dc776ddc36de9a214e023becff1ceb10290c)