summaryrefslogtreecommitdiff
path: root/source3/include
AgeCommit message (Collapse)AuthorFilesLines
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett6-42/+73
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-11-20Typo fix.Rafal Szczesniak1-2/+2
(This used to be commit 5054a1731e3bf3bec0687304af63fed475d5f864)
2003-11-12a small include file rearrangement that doesn't affect normalAndrew Tridgell1-2/+0
compilation, but that allows Samba3 to take advantage of pre-compiled headers in gcc if available. (This used to be commit b3e024ce1da7c7e24fcacd8a2964dd2e4562ba39)
2003-11-03removing #include <compat.h> in hopes to avoid problems with apache header ↵Gerald Carter1-4/+0
files; will watch the build farm on this to make sure things don't blow up (This used to be commit e92583cecd79adea25caedd1599ac8f36733a923)
2003-11-02Add prototype for smbc_remove_unused_server() to fix compiler warning.Tim Potter1-0/+11
Bug #706. (This used to be commit eaf69b1ae7883573830244664cb0a81661541d92)
2003-10-29parameterise the listen backlog in smbd and make it larger by default. A ↵Andrew Tridgell1-0/+3
backlog of 5 is way too small these days. (This used to be commit bbb92d2b0ea6bc10c71bed62924bfc95c11172a5)
2003-10-24Fix one other place VA_COPY is defined ... should fix NetBSD build.Richard Sharpe1-0/+4
(This used to be commit fb69597629bad305f227b5bab62e0f170d3c164c)
2003-10-24Commit Derrell's changes to libsmbclient plus a small change to configure.inRichard Sharpe1-0/+864
to see if SGI and other platforms will build. (This used to be commit cf9311044c372695592db1b95b814b0870b8cf29)
2003-10-24Add initshutdown pipe commands to rpcclient. Second part of fix to bugJim McDonough2-1/+4
#534 (This used to be commit 4e86243ea1d4bbe96720caaaf02300f5e15bee5a)
2003-10-24This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User1-0/+70
used to be commit e569418861a867437cd5e2cce87ad82e752da3fb)
2003-10-24New files for support of initshutdown pipe. Win2k doesn't respond properlyJim McDonough1-0/+70
to all requests on the winreg pipe, so we need to handle this new pipe. First part of fix for bug #534 (This used to be commit 532fab74c12d8c55872c2bad2abead2647f919d7)
2003-10-23Apply the changes to libsmbclient that derrell has contributed. Fix someRichard Sharpe1-0/+864
of the problems with this. From: Derrell.Lipman@unwireduniverse.com (This used to be commit 8e3d2708c5e5a9968aeb9a6fe6c828aa8a5b22a9)
2003-10-22Put strcasecmp/strncasecmp on the banned list (except for needed callsJeremy Allison1-0/+14
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
2003-10-22Put strcasecmp/strncasecmp on the banned list (except for needed callsJeremy Allison1-0/+14
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit 5c050a735f86927c7ef2a98b6f3a56abe39e4674)
2003-10-21Merge of mmap blacklist fix from HEAD.Tim Potter1-0/+7
(This used to be commit ff29be16e74361b02b0b7fbd83e393d68ae5b897)
2003-10-21If we have blacklisted mmap() try to avoid using it accidentally byTim Potter1-0/+7
undefining the HAVE_MMAP symbol. (This used to be commit c420195231457d3202157490f4bec335a788d8b4)
2003-10-20Update structures after ethereal showed some marshalling/unmarshallingJim McDonough1-2/+3
errors. (This used to be commit 9d0f322a851f487cea320e57076213435e5c6481)
2003-10-20Several updates:Jim McDonough1-1/+3
- add support for named pipe and netbios queries in parse code - fix map request structure...unknown byte was alignment - add sample of named pipe over netbios query in rpcclient (comment only) (This used to be commit 71dcdf54e60204d6b499d25d8759ed20fc7a021a)
2003-10-20more 2.2.x compatibility fixes - allow user looksup in the kerb5Gerald Carter1-1/+1
sesssetup to fall back to 'user' instaed of failing is REA.LM\user doesn't exist. also fix include line in smb_acls.h as requested by metze (This used to be commit 5ccf6baad7ffb1f992aaf24b41ef5c83362cf613)
2003-10-20more 2.2.x compatibility fixes - allow user looksup in the kerb5Gerald Carter1-1/+1
sesssetup to fall back to 'user' instaed of failing is REA.LM\user doesn't exist. also fix include line in smb_acls.h as requested by metze (This used to be commit 62ed2598b3441b3c198872df8eb55e594332807b)
2003-10-17Add epmapper pipeJim McDonough2-1/+4
(This used to be commit 041c17bd665ea5fa771b111d7008036fb3e7b72f)
2003-10-17Add endpoint mapper rpc definitionsJim McDonough1-0/+115
(This used to be commit e604a9c0788a006663e7f939059c4120c1df3648)
2003-10-15created a new target: genparseSimo Sorce1-1/+0
this target will build parse file with genstruct it is the duty of the developer to commit updated files this is made to make build platforms independent of a working perl installation as always been with samba so currently you need to run: make genparse and commit: cvs ci include/tdbsam2_parse_info.h if you change anything in genparse/genstruct code or tdbsam2 code. Simo. (This used to be commit 7e2d5da2dcfad32b733c28535490e98e578bcc3a)
2003-10-14sorry folks, forgot to cvs add/remove before commit.Simo Sorce1-0/+164
(This used to be commit 0ed85e6a2dff0953dbbd5ff4723ef6941ec32850)
2003-10-14Ignore autogenerated tdbsam2_parse_info.hTim Potter1-3/+4
(This used to be commit bb2b8906a05109d5ba8ffff6c250d90d8658d444)
2003-10-13So here it is a non-intrusive patch with my latest work on gums (theSimo Sorce5-109/+256
laternative to the current passdb). Currently it is run through a comatibility module in the passdb layer, with a subset of the functionality it may provide. It is still work in progress, but as someone asked me about it, and as it should make no difference to the normal code, I tought it was a good idea to put it into. It adds a dependency on perl. I know it is not very nice, but I'm sure we will work out a solution for that. As always blame me if I break something, but try to fix yourself, as I am busy-busy-busy :-) Simo. (This used to be commit 7b3c94b5cfc1a9ceb430613353a937345f2eda74)
2003-10-09Merge from 3.0:Tim Potter1-0/+1
>Moving towards better i18n support in SWAT. This commit contains a >bunch of updates to bug 413 from Monyo: > >1) pick up proper strings to call msg strings for example to add > strings in wizard menu in web/swat.c, web/statuspage.c and > param/loadparm.c. > >2) define N_() macro in include/intl.h to pick up some strings > in param/loadparm.c > >3) quote all name and value tag with '"' > For example in swat.c:720 the "Edit Parameter Values" string is > displayd only as "Edit" because value tag is not quoted like: > value=Edit Parameter Values > These tags should be quoted though it sometimes works well > without quotation. > >4) modify the msg strings not to contain HTML tags or other > non-message strings. For example > dprintf(_("test\n")); is modified to dprintf("%s\n", _("test")); (This used to be commit 17efb306aa32d1e5b2546cfb2f3404ad3cf0fb68)
2003-10-06split some security related functions in their own files.Simo Sorce3-3/+26
(no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
2003-10-06split some security related functions in their own files.Simo Sorce3-3/+26
(no need to include all of smbd files to use some basic sec functions) also minor compile fixes (This used to be commit 66074d3b097d8cf2a231bf08c7f4db62da68189d)
2003-10-03Moving towards better i18n support in SWAT. This commit contains aTim Potter1-0/+1
bunch of updates to bug 413 from Monyo: 1) pick up proper strings to call msg strings for example to add strings in wizard menu in web/swat.c, web/statuspage.c and param/loadparm.c. 2) define N_() macro in include/intl.h to pick up some strings in param/loadparm.c 3) quote all name and value tag with '"' For example in swat.c:720 the "Edit Parameter Values" string is displayd only as "Edit" because value tag is not quoted like: value=Edit Parameter Values These tags should be quoted though it sometimes works well without quotation. 4) modify the msg strings not to contain HTML tags or other non-message strings. For example dprintf(_("test\n")); is modified to dprintf("%s\n", _("test")); (This used to be commit 351d16956d8125bc689ca84adcb71e0a57d6b7cc)
2003-10-01commit sign only patch from Andrew; bug 167; tested using 2k & XP ↵Gerald Carter1-2/+9
clientspreviously joined to the Samba domain (This used to be commit 9d2e585e5e6f9066c6901aa8d8308734f8667296)
2003-10-01commit sign only patch from Andrew; bug 167; tested using 2k & XP ↵Gerald Carter1-2/+9
clientspreviously joined to the Samba domain (This used to be commit 3802f5895ee18507c6f467bd11db0b1147a6fdfd)
2003-09-29Merge from 3.0:Tim Potter2-6/+4
>Fix for #480. Change the interface for init_unistr2 to not take a length >but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string. >This is not the case. Count it after conversion. >Jeremy. (This used to be commit e2ab9e54cd0ec0002175cf18ff364f4aebaf85a0)
2003-09-25Fix for #480. Change the interface for init_unistr2 to not take a lengthJeremy Allison2-6/+4
but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string. This is not the case. Count it after conversion. Jeremy. (This used to be commit f82c273a42f930c7152cfab84394781744815e0e)
2003-09-24Another round of merges from 3.0:Tim Potter1-81/+59
>Reformat - preparing to fix bug #480 (which will be ugly). >Jeremy. (This used to be commit cd91dd9cd8392d1b9cfcbd8ef42237b813dc89b5)
2003-09-22Reformat - preparing to fix bug #480 (which will be ugly).Jeremy Allison1-81/+59
Jeremy. (This used to be commit 605e257cab8041900ec9c6839c37e04d005a420e)
2003-09-18The "unknown_5" 32 bit field in the user structs is actually 2 16-bitJeremy Allison3-4/+14
fields, bad_password_count and logon_count. Ensure this is stored/fetched in the various SAMs. As it replaces the unknown_5 field this fits exactly into the tdb SAM without any binary problems. It also is added to the LDAP SAM as two extra attributes. It breaks compatibility with the experimental SAMs xml and mysql. The maintainers of these SAMs must fix them so upgrades like this can be done transparently. I will insist on the "experimental" status until this is solved. Jeremy. (This used to be commit 71ecd10181cd35313b79f618c2928c2f45424812)
2003-09-18The "unknown_5" 32 bit field in the user structs is actually 2 16-bitJeremy Allison3-4/+14
fields, bad_password_count and logon_count. Ensure this is stored/fetched in the various SAMs. As it replaces the unknown_5 field this fits exactly into the tdb SAM without any binary problems. It also is added to the LDAP SAM as two extra attributes. It breaks compatibility with the experimental SAMs xml and mysql. The maintainers of these SAMs must fix them so upgrades like this can be done transparently. I will insist on the "experimental" status until this is solved. Jeremy. (This used to be commit cd7bd8c2daff3293d48f3376a7c5a708a140fd94)
2003-09-10Remove obsolete files.Jelmer Vernooij1-238/+0
(This used to be commit 3d71340e5c1bf3397e69897bbc8434bbaa503a75)
2003-09-09version.h is autogenerated nowGerald Carter1-8/+0
(This used to be commit 04f8cbbca66024ffdcd2ebc0f4db7849d02ca99b)
2003-09-09removing unused filesGerald Carter1-59/+0
(This used to be commit 1a9145015d4b2ee7e7399099760cda13d619e740)
2003-09-09sync 3.0 into HEAD for the last timeGerald Carter23-216/+464
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
2003-09-07Nobody complained on the team-list, so commit it ...Volker Lendecke1-0/+17
This implements some kind of improved AFS support for Samba on Linux with OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile into secrets.tdb with 'net afskey'. If this is done, on each tree connect smbd creates a Kerberos V4 ticket suitable for use by the AFS client and gives it to the kernel via the AFS syscall. This is meant to be very light-weight, so I did not link in a whole lot of libraries to be more platform-independent using the ka_SetToken function call. Volker (This used to be commit 5775690ee8e17d3e98355b5147e4aed47e8dc213)
2003-08-28Refactor charset plugins a bit and add CP437 module.Alexander Bokovoy1-0/+87
Now all 8-bit charsets with gaps (not all symbols defined) could be produced through one macro -- SMB_GENERATE_CHARSET_MODULE_8_BIT_GAP(CHARSETNAME) within source file with three charset tables. Full source code for such modules can be generated by source/script/gen-8bit-gap.sh script which was taken from GNU libc and changed slightly to follow our data types and structure. (This used to be commit 37042c7bc0f349370e93e4bed37d8fa371013247)
2003-08-27Fix to properly set AP_OPTS_SUBKEY in heimdal. In MIT it is a #define, butJim McDonough1-1/+1
in heimdal it is an enum. Thanks to Guenther Deschner (gd@suse.de). With this join will work, but without a keytab, cifs connections will still fail with heimdal. Fix to come later. (This used to be commit d30bef4c37e8203c273eb3852215a89348bece7a)
2003-08-27Ensure we use correct length nstrings for workgroup and browser names.Jeremy Allison1-4/+4
Jeremy. (This used to be commit be534c8adf6c3cb8921ce49dbb79991c632d501e)
2003-08-23Half-way though the big conversion of all nmbd access to wire elements beingJeremy Allison3-191/+183
converted to pull/push_ascii. This will not work right at the moment for non English codepages, but compiles - I will finish the work over the weekend. Then nmbd should be completely codepage correct. Jeremy. (This used to be commit 236d6adadf32397b28028ea82ae2ec027366f7c8)
2003-08-22struct nmb_name should have 16 byte namestrings, not 17.Jeremy Allison1-3/+3
Jeremy. (This used to be commit daf7b5fbd93c640c7660bdf173079fa1039794af)
2003-08-20metze's autogenerate patch for version.hGerald Carter2-1/+1
(This used to be commit ae452e51b02672a56adf18aa7a7e365eeaba9272)
2003-08-20Fix bug #252. Implement missing SAMR_REMOVE_USER_FOREIGN_DOMAINGerald Carter1-7/+7
call. (This used to be commit dd2cf4897ec3db25c24a2724ffdef4f905625f6a)