| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
(This used to be commit fcc7a197b1ec85f9492e335a824317a904b0c919)
|
|
(This used to be commit 28653989cfe5d705b99a4888c0c3fb79d1f89162)
|
|
users w/o full administrative access on computer accounts to join a
computer into AD domain.
The patch and detailed changelog is available at:
http://www.itcollege.ee/~aandreim/samba
This is a list of changes in general:
1. When creating machine account do not fail if SD cannot be changed.
setting SD is not mandatory and join will work perfectly without it.
2. Implement KPASSWD CHANGEPW protocol for changing trust password so
machine account does not need to have reset password right for itself.
3. Command line utilities no longer interfere with user's existing
kerberos ticket cache.
4. Command line utilities can do kerberos authentication even if
username is specified (-U). Initial TGT will be requested in this case.
I've modified the patch to share the kinit code, rather than copying it,
and updated it to current CVS. The other change included in the original patch
(local realms) has been left out for now.
Andrew Bartlett
(This used to be commit ce52f1c2ed4d3ddafe8ae6258c90b90fa434fe43)
|
|
(This used to be commit 5492fc1144abac74959b7e0938ce1bb387fa7429)
|
|
(This used to be commit d9c485b01017594d113502f9de2248d6c120cfa3)
|
|
Rafal
(This used to be commit 16a66cf17a544a214b7c5b483c81c7568a18a779)
|
|
(This used to be commit 3a912bee74ab8c3e66e9cb0f60e0964411763d8d)
|
|
to lookup what SIDs have a particular privilege (that is how
privileges are stored).
(This used to be commit 3ddb5fb0dd33992b7db54a661752551a3fefc0b4)
|
|
- Don't use pstrcpy into an allocated string - use safe_strcpy() directly
instead.
- Keep a copy of the 'server_info' attached to the vuid. In future use this
for things like the session key, homedir and full name instead of current
copies.
- Try to avoid memory leak/segfault on Realloc failure
- clear up #endif comments
Andrew Bartlett
(This used to be commit 162477bb086827950b6cb71afa9bef62c2753c2e)
|
|
Add NTLMv2 support to our client, used when so configured ('client use NTLMv2 =
yes') and only when 'client use spengo = no'. (A new option to allow the
client and server ends to chose spnego seperatly).
NTLMv2 signing doesn't yet work, and NTLMv2 is not done for NTLMSSP yet.
Also some parinoia checks in our input parsing.
Andrew Bartlett
(This used to be commit 85e9c060eab59c7692198f14a447ad59f05af437)
|
|
(This used to be commit 7d48ad967cc767dba3301f81c1488f53107efa34)
|
|
(This used to be commit 830423abd843dd20535755f910bc1e9563a0774f)
|
|
Move configure and include/config.h.in out of CVS.
Andrew Bartlett
(This used to be commit 482465bbaf4088c06caeaab5b9fe42f11a7e2470)
|
|
configure and config.h.in is now regenerated by the 'autogen.sh' script.
However, samba.org will run autoconf and autoheader to keep the anonyomous
rsync 'unpacked' areas intact (helping the build farm), and released will ship
with the genereated files.
Andrew Bartlett
(This used to be commit 15bba73dea51a6394294fc627933d026d6002091)
|
|
what was requested.
(This used to be commit 64ac6c2bcb729c4658de48e929cc792681903ecc)
|
|
This checking allows us to connect to Microsoft servers the use SMB signing,
within a few restrictions:
- I've not get the NTLMSSP stuff going - it appears to work, but if you break
the sig - say by writing a zero in it - it still passes...
- We don't currently verfiy the server's reply
- It works against one of my test servers, but not the other...
However, it provides an excellent basis to work from. Enable it with 'client
signing' in your smb.conf.
Doc to come (tomorrow) and this is not for 3.0, till we get it complete.
The CIFS Spec is misleading - the session key (for NTLMv1 at least) is the
standard session key, ie MD4(NT#).
Thanks to jra for the early work on this.
Andrew Bartlett
(This used to be commit 1a2738937e3d80b378bd0ed33cd8d395fba2d3c3)
|
|
(This used to be commit f91d4c8fd3820da751b13babc6b8f98a610fcc6e)
|
|
(This used to be commit e9f56a157bd472914eebf64fde586104d8274717)
|
|
(This used to be commit 8f495e8634a1777c4b03d3ec07c76f905ff2fb98)
|
|
Jeremy.
(This used to be commit 371f4aca9204f3c093af622ec6c9ea7c5145bf85)
|
|
Jeremy.
(This used to be commit e79dc0dade1ab1c9f8b3af5c01248bda70cfd582)
|
|
Jeremy
(This used to be commit d63849db6d02b1a9430072e6e15a67e1c526e5e7)
|
|
the dog again.
(This used to be commit 6f89ee2c9dc7f03e3dbe7aa734bf67c6a434d135)
|
|
level 2 and a request for open with no oplock is received then the
smbd should send *synchronous* break messages, not asynchronous,
otherwise it spins very rapidly, releasing the lock, sending the
'break to none' messages and then re-acquiring the lock before
any other process has a chance to get the lock and remove it's own
oplock (at least on linux).
Jeremy.
(This used to be commit d1e8991a76a57b7d96dd7db3c1d9bbf5b28da88e)
|
|
level 2 and a request for open with no oplock is received then the
smbd should send *synchronous* break messages, not asynchronous,
otherwise it spins very rapidly, releasing the lock, sending the
'break to none' messages and then re-acquiring the lock before
any other process has a chance to get the lock and remove it's own
oplock (at least on linux).
Jeremy
(This used to be commit 33e3e863eb7f35b852384e689f3272784261fc39)
|
|
Jeremy
(This used to be commit 49739be1e2f047fa2cc2fd42eadb190a82114485)
|
|
this now gives us complete remove privileges control in the client
libs, so we are in good shape for starting on the server side.
(This used to be commit bf99440398db86f46233eb2f5adddffb61280a1b)
|
|
Jeremy.
(This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
|
|
lsa_add_acct_rights function.
This allows us to add privileges remotely to accounts using rpcclient.
(This used to be commit 2e5e659e095a94b0716d97f673f993f0af99aabe)
|
|
- NTLMSSP over SPENGO (sesssion-setup-and-x) cleanup and code refactor.
- also consequential changes to the NTLMSSP and SPNEGO parsing functions
- and the client code that uses the same functions
- Add ntlm_auth, a NTLMSSP authentication interface for use by applications
like Squid and Apache.
- also consquential changes to use common code for base64 encode/decode.
- Winbind changes to support ntlm_auth (I don't want this program to need
to read smb.conf, instead getting all it's details over the pipe).
- nmbd changes for fstrcat() instead of fstrcpy().
Andrew Bartlett
(This used to be commit fbb46da79cf322570a7e3318100c304bbf33409e)
|
|
The idea here is to seperate, as much as possible, the SPNEGO layer from the
NTLMSSP layer. This not only helps us with protocol correctness, but also
should allow further mechinisms to be added with relitive ease. I indend to
make the kerberos code use this shortly.
I've never seen the 'zero length blob' form of the anonymous login, so I've
removed that case.
Andrew Bartlett
(This used to be commit a8773c9f825539c5bc17e4200b16d7ebbe0b7620)
|
|
Jeremy.
(This used to be commit 1b71786c161cd8ec4c3c0c6b178370ed50feeef4)
|
|
Jeremy.
(This used to be commit 85dda434763bbcea260c800599e4b6b73afcf174)
|
|
(This used to be commit fdd449fe7b4e858765f485cbbe2cc1b91a4e0c53)
|
|
getdirentries. We would also detect getdents if present. This has some
rudimentary support already.
(This used to be commit 916c8784d21f566a1fb048301c3e78a9ecc52ea8)
|
|
kerberos_verify...
Jeremy.
(This used to be commit e8c4098da619a1429cc4c8251761333a7c0f3458)
|
|
if no kerberos selected. Noticed by Metze.
Jeremy.
(This used to be commit 1684719695acb7168115b032fc1ec672509239ea)
|
|
if no kerberos selected. Noticed by Metze.
Jeremy.
(This used to be commit 0c98f779f05431ac4d298c9f021fca85d16aebae)
|
|
Jeremy.
(This used to be commit a7ee6ed64500a0d949849da6996b7dc837518f00)
|
|
Jeremy.
(This used to be commit 193cc4f4fc876c66e97ea6b82bae431d0247c1fa)
|
|
to add a function without an explicit #ifdef HEIMDAL which I'm trying
to avoid.
Jeremy.
(This used to be commit 92ecd0bf0fe2cc4f6c86ca48e6e458e726470a50)
|
|
to add a function without an explicit #ifdef HEIMDAL which I'm trying
to avoid.
Jeremy.
(This used to be commit 77aeb262ef7c7cd3d206afe2d5445caaca943dfd)
|
|
for instructions.
(This used to be commit d51e12df78ff8fc721d693fedbd1c633f39edd49)
|
|
Jeremy.
(This used to be commit 3d04872499332ef2d8e7479b924afc8fc1ac29d7)
|
|
Jeremy.
(This used to be commit daf179bcd6297b525bfc644efb154734723f4d58)
|
|
of the SWAT code, and adding a base64 encoder.
The main purpose of this patch is to add NTLMSSP support to 'ntlm_auth', for
use with Squid. Unfortunetly the squid side doesn't quite support what we need
yet.
Changes to winbind to get us the info we need, and a couple of consequential
changes/cleanups in the rest of the code.
Andrew Bartlett
(This used to be commit fe50ca8f54ded2e119bde08831785fbe0db2ee99)
|
|
Jeremy.
(This used to be commit c3544c119e4cafb817479b4c5dfae178c3de000b)
|
|
Jeremy.
(This used to be commit 4333be5732de07786254382a4aa41333783d81b5)
|
|
detect for now, I still have vague hopes of hiding the differences
between MIT and Heimdal with a compatibility layer....
Jeremy.
(This used to be commit a776fbef3244ae82a17c57a7f62de115fd023c86)
|
|
detect for now, I still have vague hopes of hiding the differences
between MIT and Heimdal with a compatibility layer....
Jeremy.
(This used to be commit 54d83de8a23937f1d8179a7e2596df3c50785618)
|
