| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
(This used to be commit 39102a070b010dd5c83a8075654952c922df00a4)
|
|
fixed getsmbpass replacement test
(This used to be commit 2aa2767ed5dc5290d6f71174bbf1be7d75a97d8b)
|
|
(This used to be commit 03a5e62300f3cfb96d14570b73a758e6fa64c449)
|
|
used to be commit 6cd4d3f39a1258d51c022c99c73a7341b0ff94a5)
|
|
new modules system, we still fall back to the old system.
(This used to be commit cebe8d8b424f10006f2f791a8f086c6c8a7f5d57)
|
|
twice (probably a cut/paste error).
(This used to be commit d9b799d8c35a7453e6ccb92b3fc4ec2ec510449a)
|
|
twice (probably a cut/paste error).
The definition of pstrcpy_base(), and the preceeding comments, were given
twice (probably a cut/paste error).
(This used to be commit 5306f6f7c88234d51c4ff13d5451d3489de6b00e)
|
|
some warnings)
(This used to be commit d453b656e56a9b836b76f1cdce8de65d7bc4eb6c)
|
|
(only on systems that support it, of course)
(This used to be commit bf439d733df6a11a25ff561a853c3382a3b34b96)
|
|
- Quite some small fixes (also fixes the build)
(This used to be commit 3defbd5e0633acfa4631531b49601c7706072d86)
|
|
some double options and broke some parameters.
(This used to be commit d5f9b0275c91512e1926504f22aaeec2d104430d)
|
|
(This used to be commit de4bdf42d8f27b54260f58ff37d438c67623f446)
|
|
(This used to be commit 2ddfed298d7f0b6e690275725a39c3ef107077ae)
|
|
NTLM Authentication:
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit ec071ca3dcbd3881dc08e6a8d7ac2ff0bcd57664)
|
|
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
|
|
(This used to be commit 5a88d78f67fd7853d6f7d5042807afa56091d52c)
|
|
Small clenaup patches:
- safe_string.h - don't assume that __FUNCTION__ is available
- process.c - use new workaround from safe_string.h for the same
- util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc()
- gencache.c - Keep valgrind quiet by always null terminating.
- clistr.c - Add copyright
- srvstr.h - move srvstr_push into a .c file again, as a real function.
- srvstr.c - revive, with 'safe' checked srvstr_push
- loadparm.c - set a default for the display charset.
- connection.c - use safe_strcpy()
Andrew Bartlett
(This used to be commit c91e76bddbe1244ddc8d12b092eba875834029ac)
|
|
- safe_string.h - don't assume that __FUNCTION__ is available
- process.c - use new workaround from safe_string.h for the same
- util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc()
- gencache.c - Keep valgrind quiet by always null terminating.
- clistr.c - Add copyright
- srvstr.h - move srvstr_push into a .c file again, as a real function.
- srvstr.c - revive, with 'safe' checked srvstr_push
- loadparm.c - set a default for the display charset.
Andrew Bartlett
(This used to be commit a7eba37aadeb0b04cb1bd89deddb58be8aba825c)
|
|
Added new sid type = 9 for "computer" from MSDN.
(This used to be commit 45929d126932e5cac5a23fe76d28a4fa05b54b77)
|
|
A much better SMB signing module, that allows for mulitple signing algorithms
and correctly backs down from signing when the server cannot sign the reply.
This also attempts to enable SMB signing on NTLMSSP connections, but I don't
know what NTLMSSP flags to set yet.
This would allow 'client use signing' to be set by default, for server
compatability. (A seperate option value should be provided for mandetory
signing, which would not back down).
Andrew Bartlett
(This used to be commit 1c87be7a3d127201a6ab78d22d17c971af16b86b)
|
|
Andrew Bartlett
(This used to be commit f4ae028c2ad6ff8c7da3a6ef77a92762861144e1)
|
|
This patch catches up on the rest of the work - as much string checking
as is possible is done at compile time, and the rest at runtime.
Lots of code converted to pstrcpy() etc, and other code reworked to correctly
call sizeof().
Andrew Bartlett
(This used to be commit c5b604e2ee67d74241ae2fa07ae904647d35a2be)
|
|
used to be commit f0d009c3e91979b0dc3443e16f3f545bcc64cfda)
|
|
(This used to be commit 5ac062580690eee9b4bd423dbb82631c0cdb8b30)
|
|
(This used to be commit 8da383bb3e63d25ceb0204c775580f2f1b3336ec)
|
|
is as stable as possible in the string department and some pain now
will help later :-).
Jeremy.
(This used to be commit 86e3eddac698d90f4666b8492b4603a4efbbd67b)
|
|
signed/unsigned (mostly i counters)
a little bit of const.
Andrew Bartlett
(This used to be commit 50f0ca752e5058c4051f42a9337361373ba1f727)
|
|
net ads password
Heimdal compile fixes.
Andrew Bartlett
(This used to be commit 3aa4f923e99f453310bb4a8d43ce43757591909d)
|
|
- Make ReadDirName return a const char*.
- Consequential changes from that
- mark our fstring/pstring assumptions in function prototypes
Andrew Bartlett
(This used to be commit 10b53d7c6fd77f23433dd2ef12bb14b227147a48)
|
|
session key and auth verifier patches.
Andrew Bartlett
(This used to be commit 3f9616a68a855acbae3f405c27ee2358fbe7ba2c)
|
|
Make a new macro to help in this situation, and add memcpy() parinoia
Andrew Bartlett
(This used to be commit 4d00626b6e003952df6715fa80615ec028facdf4)
|
|
and we were missing the 'char' type.
Andrew Bartlett
(This used to be commit 193e80fafbda9e3af58fec1e629ec607f29b4099)
|
|
that we don't need this flag - heimdal's internal password change routines
don't set it.
Andrew Bartlett
(This used to be commit 069825bd78f2bf125e8a4e72933da924d393f5a5)
|
|
Andrew Bartlett
(This used to be commit 94424c5d72246b2e58f3a21aa0de6949d7eb2da1)
|
|
Andrew Bartlett
(This used to be commit 618bda3a28f65417e3c31a70229f6da70cf223fc)
|
|
- signed/unsigned
- quieten warning about assignment as truth value
- whitespace
Andrew Bartlett
(This used to be commit a13ce0df4b4a776fa635a1fb804dd00d195f58d0)
|
|
(This used to be commit f6bcfa59447700e0ccfc069d0228019a9bdca9d2)
|
|
This patch enables the compile-time checking of strings assable by means of
sizeof(). (Original code had the configure check reversed).
This is extended to all safe_strcpy() users, push_string and pull_string,
as well as the cli and srv derivitives. There is an attempt to cap strings
at the end of the cli buffer, and clobber_region() of the speified length
(when not -1 :-).
Becouse of the way they are declared, the 'overmalloc a string' users of
safe_strcpy() have been changed to use overmalloc_safe_strcpy() (which skips
some of the checks).
This whole ball of mud worked fine, until I pulled out my 'fix' for our
statcache. When jeremy fixes that, we should be able to get back to testing
this stuff.
This patch also includes a 'marker' of the last caller to clobber_region (ie,
the function that called pstrcpy() that called clobber_region) to assist in
debugging problems that may have smashed the stack. This is printed at
smb_panic() time. (Original idea and patch by metze).
It also removes some unsused functions, and #if 0's some others that are
unused but probably should be used in the near future.
For now, this patch gives us some confidence on one class of trivial parsing
error in our code.
Andrew Bartlett
(This used to be commit 31f4827acc2a2f00399a5528fc83a0dae5cebaf4)
|
|
- packing/unpacking utility functions for trusted domain
password struct; can be used to prepare buffer to store
in secrets.tdb or (soon) passdb backend
- similiar functions for DOM_SID
- respectively modified secrets_(fetch|store) routines
- new auth mapping code utilising introduced is_trusted_domain
function
- added tdb (un)packing of single bytes
Rafal
(This used to be commit 5281ee7e84421b9be746aed2f1718ceaf2a2fe3d)
|
|
etc. So check for that as well as the old names when including macros
and conditionally defining -DVALGRIND.
(This used to be commit c9151c7b1113e2f01bd33d4dd301a2e7e2040b35)
|
|
Jeremy.
(This used to be commit 33b11d5eb53bdeb9d279d221fd5c01579253e1c7)
|
|
Jeremy.
(This used to be commit 2e9880ef7c259b67eb75edc8098b734c3b7b22c1)
|
|
from .NET RC2)
(This used to be commit e074cab810f9299d0b27881cddf8a74f10fe233e)
|
|
from .NET RC2)
(This used to be commit 4c823e61d14a33344deb887043b60b2e3c83416f)
|
|
recent Valgrind relases and clashing with -DVALGRIND.
(This used to be commit 98479f1315cf8968152e1566966ac57e171008c3)
|
|
(This used to be commit 71c8e90117f00f168416f2f35a1c25755e2d0ed4)
|
|
Volker
(This used to be commit 54c99ee1fbaf4541fb3fa10a9b764da1367af6d3)
|
|
get Win2k to send a valid signiture in it's session setup reply - which it will
give to win2k clients.
So, I need to look at becoming 'more like MS', but for now I'll get this code
into the tree. It's actually based on the TNG cli_pipe_ntlmssp.c, as it was
slightly easier to understand than our own (but only the utility functions
remain in any way intact...).
This includes the mysical 'NTLM2' code - I have no idea if it actually works.
(I couldn't get TNG to use it for its pipes either).
Andrew Bartlett
(This used to be commit a034a5e381ba5612be21e2ba640d11f82cd945da)
|
|
(This used to be commit 65ba78c6bd4c5ab7ec9bf4d15e4410482e82588d)
|
|
The intention is to allow for NTLMSSP and kerberos signing of packets, but
for now it's just what I call 'simple' signing. (aka SMB signing per the SNIA
spec)
Andrew Bartlett
(This used to be commit b9cf95c3dc04a45de71fb16e85c1bfbae50e6d8f)
|
