| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Jeremy.
(This used to be commit 1de27da47051af08790317f5b48b02719d6b9934)
|
|
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
|
|
aruna.prabakar@hp.com).
This re-enables the Samba 2.2 behavior where a user that was
successfully authenticated by a remote DC would be mapped
to the guest account if there was not existing UNIX account
for that user and we could not create one.
(This used to be commit b7455fbf81f4e47c087c861f70d492a328730a9b)
|
|
(This used to be commit c70c5c4ee9b14fbdb174f542607aceebe0e88470)
|
|
about unitialized variable
(This used to be commit 3a91b20e4bcc78c91932e6c4394b3f6f153b2ff5)
|
|
directories
and files. Needed for Volker's coming changes.
Jeremy.
(This used to be commit b257744fdfd0a8d940ae834b3c21f0f298c7d1f9)
|
|
from Ingo Kilian <ikilian@web.de>.
You must do a make clean after updating this.
Jeremy.
(This used to be commit 3b2cd19fcb8ce38578b122fd6ae722b73081dcda)
|
|
You will need to do a make clean after SVN updating this. Next will
come a smbcontrol message to dump this info. This should be interesting
to profile client activity.
Jeremy.
(This used to be commit 743174da86ac724fc9ee3d4b7bd9a2a97a234bd8)
|
|
initializable
statically.
Volker
(This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
|
|
nastyness.
Jeremy.
(This used to be commit d3379fe61bb934082b51a37adac232a96bafcf46)
|
|
Jeremy.
(This used to be commit 326124a7b366feaca6162f7defae89618b005adc)
|
|
Jeremy.
(This used to be commit 106f91ff65acd23a7dda4d0ec89ae41ecb28153e)
|
|
pulling back all recent rpc changes from trunk into
3.0. I've tested a compile and so don't think I've missed
any files. But if so, just mail me and I'll clean backup
in a couple of hours.
Changes include \winreg, \eventlog, \svcctl, and
general parse_misc.c updates.
I am planning on bracketing the event code with an
#ifdef ENABLE_EVENTLOG until I finish merging Marcin's
changes (very soon).
(This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
|
|
cleanup the name space
(This used to be commit 7dfafa712deb115e425c7367296400c54827a217)
|
|
This may fix bug #2382.
Jeremy.
(This used to be commit a27c351e6beafc6609790a9bb9a3d0a1331e8f35)
|
|
(This used to be commit 0f188da8578165077b6d6df58c6e82be11943d40)
|
|
add domain trusts
(This used to be commit 5ec1faa2ad33772fb48c3863e67d2ce4be726bb2)
|
|
that just allow the wrong pointer to be assigned :-) and make the
interface more consistent. Fix the FreeBSD directory problem. Last
thing to do is to add the "singleton" directory concept from James
Peach's code.
Jeremy.
(This used to be commit cfa8150fd9932470cb8f3b5e14c0156dda67125d)
|
|
* make sure to apply the rights_mask and not just the saved
bits from the mask in access_check_samr_object()
* allow root to grant/revoke privileges (in addition to Domain
Admins) as suggested by Volker.
Tested machine joins from XP, 2K, and NT4 with and without
pre-existing machine trust accounts. Also tested basic file
operations using cmd.exe and explorer.exe after changing the
STANDARD_RIGHTS_WRITE_ACCESS bitmask.
(This used to be commit c0e7f7ff60a4110809b8f500fdc68a1bf963da36)
|
|
* rewrote the tdb layout of privilege records in account_pol.tdb
(allow for 128 bits instead of 32 bit flags)
* migrated to using SE_PRIV structure instead of the PRIVILEGE_SET
structure. The latter is now used for parsing routines mainly.
Still need to incorporate some client support into 'net' so
for setting privileges. And make use of the SeAddUserPrivilege
right.
(This used to be commit 41dc7f7573c6d637e19a01e7ed0e716ac0f1fb15)
|
|
(based on Simo's code in trunk). Rewritten with the
following changes:
* privilege set is based on a 32-bit mask instead of strings
(plans are to extend this to a 64 or 128-bit mask before
the next 3.0.11preX release).
* Remove the privilege code from the passdb API
(replication to come later)
* Only support the minimum amount of privileges that make
sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
instead of the 'is a member of "Domain Admins"?' check that started
all this.
Still todo:
* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
Samba DC to another.
* Come up with some management tool for manipultaing privileges
instead of user manager since it is buggy when run on a 2k client
(haven't tried xp). Works ok on NT4.
(This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
|
|
return the appropriate reg value. Enforcement to be added soon.
Also, fix account policy tdb upgrade so it doesn't just wipe out everything
that was in there from a a previous version.
(This used to be commit ccae934cf9de4b234bac324b8d878c8ec7862f67)
|
|
otherwise
modification of an ACL that contains an ACE with execute only will cause
that to be upgraded to read/execute. Side effect is that dirs/files with
execute only show up as special permissions, which is still correct.
(This used to be commit 8d9dc7d543fd347e47d04157064a2f92fb5c99db)
|
|
allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
|
|
(except for
the cancel lock which I have to add).
Jeremy.
(This used to be commit cf7f89999e0c6becd4617c812400d1e71b9c0a30)
|
|
in sync :-).
try to cope with a wider range of UTF-16 characters when we are using
an external libiconv library.
Jeremy.
(This used to be commit 5d04cd6804f6fc3b556e7c3b53fa0d7af39797c1)
|
|
consists of a 16 byte salt, followed by the 16 byte MD5 hash of
the concatination of the salt plus the NThash of the historical
password. Allows these to be exposed in LDAP without security issues.
Jeremy.
(This used to be commit 82e4036aaa2d283534a5bd8149857320fcf0d0dc)
|
|
then is the client supports it (current clients supported are Samba and
CIFSVFS - detected by the negprot strings "Samba", "POSIX 2" and a bare
"NT LM 0.12" string) then the setting of the per packet flag smb_flag
FLAG_CASELESS_PATHNAMES is taken into account per packet. This allows
the linux CIFS client to use Samba in a case sensitive manner.
Additional command in smbclient "case_sensitive", toggles the
flag in subsequent packets.
Docs to follow.
Jeremy.
(This used to be commit cf84c0fe1a061acc0313f7db124b8f947cdf623d)
|
|
fix. I'm
still doing more testing, but it fixes a behaviour that we've been wrong
on ever since the start of Samba.
Jeremy.
(This used to be commit 894cc6d16296b934c112786eec896846156aee5d)
|
|
to connection struct entries (as they should have been from
the start). Jerry, once you've cut over to 3.0.4 release
branch I'll add this to 3.0 also.
- Jerry cut over :-).
Jeremy.
(This used to be commit 578a508509d21226ad3332fc54c3ab54cd8ae452)
|
|
(This used to be commit bf9f02be5fc1d09c8c08c78c3f2df23b2099ba4f)
|
|
/etc/cups/cupsd.conf -- documentation to follow
(This used to be commit 2f323b0991c37022fb59ef8c69454eff03296662)
|
|
per share basis
(This used to be commit 14d3794eecd848d3d75e2b8e71cf8b4d0792b0c9)
|
|
We use cli_state.smb_rw_error to pass this specific case into cli_close_connection()
from smbmount as smb_rw_error can have only selected number of states and
it is ignored in cli_close_connection().
Compiled and tested by Lars Mueller from SuSE on x86, x86_64, ppc, ppc64, s390 and
s390x.
(This used to be commit 738666ce0a310fae14476020fd6dac027b0e3ec5)
|
|
dos attributes in an EA. Based on an original patch from tridge, but
modified somewhat to cover all cases.
Jeremy.
(This used to be commit ed653cd468213e0be901bc654aa3748ce5837947)
|
|
New protocol option "ea support" to turn them on (off by default). Conrad
at Apple may like this as it allows MacOS resource forks to be stored on
a file. Passes valgrind. Documentation to follow.
Jeremy.
(This used to be commit 8cc10a6c0550c017a62e8a3790afd2172d173e00)
|
|
ago.
This patch re-adds support for 'optional' SMB signing. It also ensures that
we are much more careful about when we enable signing, particularly with
on-the-fly smb.conf reloads.
The client code will now attempt to use smb signing by default, and disable
it if the server doesn't correctly support it.
Andrew Bartlett
(This used to be commit e27b5cbe75d89ec839dafd52dd33101885a4c263)
|
|
Now for parsing out the retrieved EA's.
Jeremy.
(This used to be commit 5eeeee302cec2cc1f6c130ed44be9df028f73cde)
|
|
names in nmbd. Allows conversion from dos codepage mb strings (ie. SJIS) to
expand to utf8 size on read.
Jeremy.
(This used to be commit 834d816caf9cd6318da00febde50d9233469dac2)
|
|
fix up netbios names with mb strings. Includes reformat of libsmb/nmblib.c
so it's readable.
Jeremy.
(This used to be commit 966e49a48c352563cdd7f75fe2768f2d6612ec7e)
|
|
much closer emulation of Win2k3 error return codes.
Jeremy.
(This used to be commit c9f31fafeda6ad79e590276f36e03ecd2e93f818)
|
|
Jeremy.
(This used to be commit b4b684f1155b1abccb69cca7bca9819625dbfead)
|
|
Jeremy.
(This used to be commit dfd7d1c2b7b577a084a94926abfce82c91f20b7e)
|
|
Jeremy.
(This used to be commit f0f7a48327ba1808088bc8c4e5d48b5cbeaeb4e3)
|
|
Andrew Bartlett
(This used to be commit 318e11748a86d92bfc6ebf0e58f3c8360cbf4b69)
|
|
unix jobs back to the client. Allows windows client to remove print jobs submitted from lpr
(This used to be commit 514561118860f982c458930c34763dac9ce0554e)
|
|
- NTLM2 support in the server
- KEY_EXCH support in the server
- variable length session keys.
In detail:
- NTLM2 is an extension of NTLMv1, that is compatible with existing
domain controllers (unlike NTLMv2, which requires a DC upgrade).
* This is known as 'NTLMv2 session security' *
(This is not yet implemented on the RPC pipes however, so there may
well still be issues for PDC setups, particuarly around password
changes. We do not fully understand the sign/seal implications of
NTLM2 on RPC pipes.)
This requires modifications to our authentication subsystem, as we
must handle the 'challege' input into the challenge-response algorithm
being changed. This also needs to be turned off for
'security=server', which does not support this.
- KEY_EXCH is another 'security' mechanism, whereby the session key
actually used by the server is sent by the client, rather than being
the shared-secret directly or indirectly.
- As both these methods change the session key, the auth subsystem
needed to be changed, to 'override' session keys provided by the
backend.
- There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation.
- The 'names blob' in NTLMSSP is always in unicode - never in ascii.
Don't make an ascii version ever.
- The other big change is to allow variable length session keys. We
have always assumed that session keys are 16 bytes long - and padded
to this length if shorter. However, Kerberos session keys are 8 bytes
long, when the krb5 login uses DES.
* This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. *
- Add better DEBUG() messages to ntlm_auth, warning administrators of
misconfigurations that prevent access to the privileged pipe. This
should help reduce some of the 'it just doesn't work' issues.
- Fix data_blob_talloc() to behave the same way data_blob() does when
passed a NULL data pointer. (just allocate)
REMEMBER to make clean after this commit - I have changed plenty of data structures...
(This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
|
|
#534
(This used to be commit 4e86243ea1d4bbe96720caaaf02300f5e15bee5a)
|
|
converted to pull/push_ascii. This will not work right at the moment for non
English codepages, but compiles - I will finish the work over the weekend.
Then nmbd should be completely codepage correct.
Jeremy.
(This used to be commit 236d6adadf32397b28028ea82ae2ec027366f7c8)
|
|
Jeremy.
(This used to be commit daf7b5fbd93c640c7660bdf173079fa1039794af)
|
