| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
- NTLM2 support in the server
- KEY_EXCH support in the server
- variable length session keys.
In detail:
- NTLM2 is an extension of NTLMv1, that is compatible with existing
domain controllers (unlike NTLMv2, which requires a DC upgrade).
* This is known as 'NTLMv2 session security' *
(This is not yet implemented on the RPC pipes however, so there may
well still be issues for PDC setups, particuarly around password
changes. We do not fully understand the sign/seal implications of
NTLM2 on RPC pipes.)
This requires modifications to our authentication subsystem, as we
must handle the 'challege' input into the challenge-response algorithm
being changed. This also needs to be turned off for
'security=server', which does not support this.
- KEY_EXCH is another 'security' mechanism, whereby the session key
actually used by the server is sent by the client, rather than being
the shared-secret directly or indirectly.
- As both these methods change the session key, the auth subsystem
needed to be changed, to 'override' session keys provided by the
backend.
- There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation.
- The 'names blob' in NTLMSSP is always in unicode - never in ascii.
Don't make an ascii version ever.
- The other big change is to allow variable length session keys. We
have always assumed that session keys are 16 bytes long - and padded
to this length if shorter. However, Kerberos session keys are 8 bytes
long, when the krb5 login uses DES.
* This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. *
- Add better DEBUG() messages to ntlm_auth, warning administrators of
misconfigurations that prevent access to the privileged pipe. This
should help reduce some of the 'it just doesn't work' issues.
- Fix data_blob_talloc() to behave the same way data_blob() does when
passed a NULL data pointer. (just allocate)
REMEMBER to make clean after this commit - I have changed plenty of data structures...
(This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
|
|
(This used to be commit 5054a1731e3bf3bec0687304af63fed475d5f864)
|
|
compilation, but that allows Samba3 to take advantage of pre-compiled
headers in gcc if available.
(This used to be commit b3e024ce1da7c7e24fcacd8a2964dd2e4562ba39)
|
|
files; will watch the build farm on this to make sure things don't blow up
(This used to be commit e92583cecd79adea25caedd1599ac8f36733a923)
|
|
Bug #706.
(This used to be commit eaf69b1ae7883573830244664cb0a81661541d92)
|
|
backlog of 5 is way too small these days.
(This used to be commit bbb92d2b0ea6bc10c71bed62924bfc95c11172a5)
|
|
(This used to be commit fb69597629bad305f227b5bab62e0f170d3c164c)
|
|
to see if SGI and other platforms will build.
(This used to be commit cf9311044c372695592db1b95b814b0870b8cf29)
|
|
#534
(This used to be commit 4e86243ea1d4bbe96720caaaf02300f5e15bee5a)
|
|
used to be commit e569418861a867437cd5e2cce87ad82e752da3fb)
|
|
to all requests on the winreg pipe, so we need to handle this new pipe.
First part of fix for bug #534
(This used to be commit 532fab74c12d8c55872c2bad2abead2647f919d7)
|
|
of the problems with this.
From: Derrell.Lipman@unwireduniverse.com
(This used to be commit 8e3d2708c5e5a9968aeb9a6fe6c828aa8a5b22a9)
|
|
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at
all and I really want to discourage that.
Jeremy.
(This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
|
|
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at
all and I really want to discourage that.
Jeremy.
(This used to be commit 5c050a735f86927c7ef2a98b6f3a56abe39e4674)
|
|
(This used to be commit ff29be16e74361b02b0b7fbd83e393d68ae5b897)
|
|
undefining the HAVE_MMAP symbol.
(This used to be commit c420195231457d3202157490f4bec335a788d8b4)
|
|
errors.
(This used to be commit 9d0f322a851f487cea320e57076213435e5c6481)
|
|
- add support for named pipe and netbios queries in parse code
- fix map request structure...unknown byte was alignment
- add sample of named pipe over netbios query in rpcclient (comment only)
(This used to be commit 71dcdf54e60204d6b499d25d8759ed20fc7a021a)
|
|
sesssetup to fall back to 'user' instaed of failing is REA.LM\user
doesn't exist.
also fix include line in smb_acls.h as requested by metze
(This used to be commit 5ccf6baad7ffb1f992aaf24b41ef5c83362cf613)
|
|
sesssetup to fall back to 'user' instaed of failing is REA.LM\user
doesn't exist.
also fix include line in smb_acls.h as requested by metze
(This used to be commit 62ed2598b3441b3c198872df8eb55e594332807b)
|
|
(This used to be commit 041c17bd665ea5fa771b111d7008036fb3e7b72f)
|
|
(This used to be commit e604a9c0788a006663e7f939059c4120c1df3648)
|
|
this target will build parse file with genstruct
it is the duty of the developer to commit updated files
this is made to make build platforms independent of a working perl
installation as always been with samba
so currently you need to run:
make genparse
and commit:
cvs ci include/tdbsam2_parse_info.h
if you change anything in genparse/genstruct code or tdbsam2 code.
Simo.
(This used to be commit 7e2d5da2dcfad32b733c28535490e98e578bcc3a)
|
|
(This used to be commit 0ed85e6a2dff0953dbbd5ff4723ef6941ec32850)
|
|
(This used to be commit bb2b8906a05109d5ba8ffff6c250d90d8658d444)
|
|
laternative to the current passdb).
Currently it is run through a comatibility module in the passdb layer, with
a subset of the functionality it may provide.
It is still work in progress, but as someone asked me about it, and as it
should make no difference to the normal code, I tought it was a good idea to
put it into.
It adds a dependency on perl. I know it is not very nice, but I'm sure we
will work out a solution for that.
As always blame me if I break something, but try to fix yourself, as I am
busy-busy-busy :-)
Simo.
(This used to be commit 7b3c94b5cfc1a9ceb430613353a937345f2eda74)
|
|
>Moving towards better i18n support in SWAT. This commit contains a
>bunch of updates to bug 413 from Monyo:
>
>1) pick up proper strings to call msg strings for example to add
> strings in wizard menu in web/swat.c, web/statuspage.c and
> param/loadparm.c.
>
>2) define N_() macro in include/intl.h to pick up some strings
> in param/loadparm.c
>
>3) quote all name and value tag with '"'
> For example in swat.c:720 the "Edit Parameter Values" string is
> displayd only as "Edit" because value tag is not quoted like:
> value=Edit Parameter Values
> These tags should be quoted though it sometimes works well
> without quotation.
>
>4) modify the msg strings not to contain HTML tags or other
> non-message strings. For example
> dprintf(_("test\n")); is modified to dprintf("%s\n", _("test"));
(This used to be commit 17efb306aa32d1e5b2546cfb2f3404ad3cf0fb68)
|
|
(no need to include all of smbd files to use some basic sec functions)
also minor compile fixes
couldn't compile to test these due to some kerberos problems wirh 3.0,
but on HEAD they're working well, so I suppose it's ok to commit
(This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
|
|
(no need to include all of smbd files to use some basic sec functions)
also minor compile fixes
(This used to be commit 66074d3b097d8cf2a231bf08c7f4db62da68189d)
|
|
bunch of updates to bug 413 from Monyo:
1) pick up proper strings to call msg strings for example to add
strings in wizard menu in web/swat.c, web/statuspage.c and
param/loadparm.c.
2) define N_() macro in include/intl.h to pick up some strings
in param/loadparm.c
3) quote all name and value tag with '"'
For example in swat.c:720 the "Edit Parameter Values" string is
displayd only as "Edit" because value tag is not quoted like:
value=Edit Parameter Values
These tags should be quoted though it sometimes works well
without quotation.
4) modify the msg strings not to contain HTML tags or other
non-message strings. For example
dprintf(_("test\n")); is modified to dprintf("%s\n", _("test"));
(This used to be commit 351d16956d8125bc689ca84adcb71e0a57d6b7cc)
|
|
clientspreviously joined to the Samba domain
(This used to be commit 9d2e585e5e6f9066c6901aa8d8308734f8667296)
|
|
clientspreviously joined to the Samba domain
(This used to be commit 3802f5895ee18507c6f467bd11db0b1147a6fdfd)
|
|
>Fix for #480. Change the interface for init_unistr2 to not take a length
>but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string.
>This is not the case. Count it after conversion.
>Jeremy.
(This used to be commit e2ab9e54cd0ec0002175cf18ff364f4aebaf85a0)
|
|
but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string.
This is not the case. Count it after conversion.
Jeremy.
(This used to be commit f82c273a42f930c7152cfab84394781744815e0e)
|
|
>Reformat - preparing to fix bug #480 (which will be ugly).
>Jeremy.
(This used to be commit cd91dd9cd8392d1b9cfcbd8ef42237b813dc89b5)
|
|
Jeremy.
(This used to be commit 605e257cab8041900ec9c6839c37e04d005a420e)
|
|
fields, bad_password_count and logon_count. Ensure this is stored/fetched
in the various SAMs. As it replaces the unknown_5 field this fits
exactly into the tdb SAM without any binary problems. It also is added
to the LDAP SAM as two extra attributes. It breaks compatibility with
the experimental SAMs xml and mysql. The maintainers of these SAMs must
fix them so upgrades like this can be done transparently. I will insist
on the "experimental" status until this is solved.
Jeremy.
(This used to be commit 71ecd10181cd35313b79f618c2928c2f45424812)
|
|
fields, bad_password_count and logon_count. Ensure this is stored/fetched
in the various SAMs. As it replaces the unknown_5 field this fits
exactly into the tdb SAM without any binary problems. It also is added
to the LDAP SAM as two extra attributes. It breaks compatibility with
the experimental SAMs xml and mysql. The maintainers of these SAMs must
fix them so upgrades like this can be done transparently. I will insist
on the "experimental" status until this is solved.
Jeremy.
(This used to be commit cd7bd8c2daff3293d48f3376a7c5a708a140fd94)
|
|
(This used to be commit 3d71340e5c1bf3397e69897bbc8434bbaa503a75)
|
|
(This used to be commit 04f8cbbca66024ffdcd2ebc0f4db7849d02ca99b)
|
|
(This used to be commit 1a9145015d4b2ee7e7399099760cda13d619e740)
|
|
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
|
|
This implements some kind of improved AFS support for Samba on Linux with
OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have
OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile
into secrets.tdb with 'net afskey'. If this is done, on each tree connect
smbd creates a Kerberos V4 ticket suitable for use by the AFS client and
gives it to the kernel via the AFS syscall. This is meant to be very
light-weight, so I did not link in a whole lot of libraries to be more
platform-independent using the ka_SetToken function call.
Volker
(This used to be commit 5775690ee8e17d3e98355b5147e4aed47e8dc213)
|
|
Now all 8-bit charsets with gaps (not all symbols defined) could be produced through
one macro -- SMB_GENERATE_CHARSET_MODULE_8_BIT_GAP(CHARSETNAME) within source file
with three charset tables. Full source code for such modules can be generated by
source/script/gen-8bit-gap.sh script which was taken from GNU libc and changed slightly
to follow our data types and structure.
(This used to be commit 37042c7bc0f349370e93e4bed37d8fa371013247)
|
|
in heimdal it is an enum. Thanks to Guenther Deschner (gd@suse.de).
With this join will work, but without a keytab, cifs connections will still
fail with heimdal. Fix to come later.
(This used to be commit d30bef4c37e8203c273eb3852215a89348bece7a)
|
|
Jeremy.
(This used to be commit be534c8adf6c3cb8921ce49dbb79991c632d501e)
|
|
converted to pull/push_ascii. This will not work right at the moment for non
English codepages, but compiles - I will finish the work over the weekend.
Then nmbd should be completely codepage correct.
Jeremy.
(This used to be commit 236d6adadf32397b28028ea82ae2ec027366f7c8)
|
|
Jeremy.
(This used to be commit daf7b5fbd93c640c7660bdf173079fa1039794af)
|
|
(This used to be commit ae452e51b02672a56adf18aa7a7e365eeaba9272)
|
|
call.
(This used to be commit dd2cf4897ec3db25c24a2724ffdef4f905625f6a)
|
