Age | Commit message (Collapse) | Author | Files | Lines |
|
to pstr_sprintf() and fstr_sprintf() to try to standardize.
lots of snprintf() calls were using len-1; some were using
len. At least this helps to be consistent.
(This used to be commit 9f835b85dd38cbe655eb19021ff763f31886ac00)
|
|
the schannel code, but I've included that anyway. :-)
This patch revives the client-side NTLMSSP support for RPC named pipes
in Samba, and cleans up the client and server schannel code. The use of the
new code is enabled by the 'sign', 'seal' and 'schannel' commands in
rpcclient.
The aim was to prove that our separate NTLMSSP client library actually
implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation,
in the hope that knowing this will assist us in correctly implementing
NTLMSSP signing for SMB packets. (Still not yet functional)
This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with
calls to libsmb/ntlmssp.c. In the process, we have gained the ability to
use the more secure NT password, and the ability to sign-only, instead of
having to seal the pipe connection. (Previously we were limited to sealing,
and could only use the LM-password derived key).
Our new client-side NTLMSSP code also needed alteration to cope with our
comparatively simple server-side implementation. A future step is to replace
it with calls to the same NTLMSSP library.
Also included in this patch is the schannel 'sign only' patch I submitted to
the team earlier. While not enabled (and not functional, at this stage) the
work in this patch makes the code paths *much* easier to follow. I have also
included similar hooks in rpccleint to allow the use of schannel on *any* pipe.
rpcclient now defaults to not using schannel (or any other extra per-pipe
authenticiation) for any connection. The 'schannel' command enables schannel
for all pipes until disabled.
This code is also much more secure than the previous code, as changes to our
cli_pipe routines ensure that the authentication footer cannot be removed
by an attacker, and more error states are correctly handled.
(The same needs to be done to our server)
Andrew Bartlett
(This used to be commit 5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19)
|
|
(This used to be commit 2f7658d9ba1f43fb2d14adc4af7b681634ab5cb2)
|
|
strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
|
|
*) consolidates the dc location routines again (dns
and netbios) get_dc_list() or get_sorted_dc_list()
is the authoritative means of locating DC's again.
(also inludes a flag to get_dc_list() to define
if this should be a DNS only lookup or not)
(however, if you set "name resolve order = hosts wins"
you could still get DNS queries for domain name IFF
ldap_domain2hostlist() fails. The answer? Fix your DNS
setup)
*) enabled DOMAIN<0x1c> lookups to be funneled through
resolve_hosts resulting in a call to ldap_domain2hostlist()
if lp_security() == SEC_ADS
*) enables name cache for winbind ADS backend
*) enable the negative connection cache for winbind
ADS backend
*) removes some old dead code
*) consolidates some duplicate code
*) moves the internal_name_resolve() to use an IP/port pair
to deal with SRV RR dns replies. The namecache code
also supports the IP:port syntax now as well.
*) removes 'ads server' and moves the functionality back
into 'password server' (which can support "hostname:port"
syntax now but works fine with defaults depending on
the value of lp_security())
(This used to be commit d7f7fcda425bef380441509734eca33da943c091)
|
|
Volker
(This used to be commit c0e35f3be8a33f19823826c5a84c885764c62508)
|
|
(This used to be commit cdbe47a5d517eea95186aecdc3327160236a5d09)
|
|
1. Allows to change quota settings for shared mount points from Win2K and WinXP from Explorer properties tab
2. Disabled by default and when requested, will be probed and enabled only on Linux where it works
3. Was tested for approx. two weeks now on Linux by two independent QA teams, have not found any bugs so far
Documentation to follow
(This used to be commit 4bf022ce9e45be85609426762ba2644ac2031326)
|
|
include a domain portion, do a gethostbyname() lookup on that name.
Use this name in our PolicyPrimaryDomainInformation reply (_lsa_query_info2)
that Win2k uses when trying to trust us as a trusted domain.
(We need to do a better mapping between our Netbios and Win2k domain names,
but this will do for now - particularly annoying is the way this possibly needs
to map with our kerberos realm).
Andrew Bartlett
(This used to be commit 3be03271030208a69da29c6e2a7b92cdbaa8c6aa)
|
|
(This used to be commit 88fdc36f9373c63706907e48be317007aeba06d6)
|
|
(This used to be commit 429b373453a04fa6871324dd0a3ff8a203c519f8)
|
|
(This used to be commit 66fcf6b4938a87e5ded7c7e5830a6a54e4439544)
|
|
new rpc echo pipe.
(This used to be commit b7af3cda28cea859edf6266b6bd8da17a44c85eb)
|
|
Small clenaup patches:
- safe_string.h - don't assume that __FUNCTION__ is available
- process.c - use new workaround from safe_string.h for the same
- util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc()
- gencache.c - Keep valgrind quiet by always null terminating.
- clistr.c - Add copyright
- srvstr.h - move srvstr_push into a .c file again, as a real function.
- srvstr.c - revive, with 'safe' checked srvstr_push
- loadparm.c - set a default for the display charset.
- connection.c - use safe_strcpy()
Andrew Bartlett
(This used to be commit c91e76bddbe1244ddc8d12b092eba875834029ac)
|
|
is as stable as possible in the string department and some pain now
will help later :-).
Jeremy.
(This used to be commit 86e3eddac698d90f4666b8492b4603a4efbbd67b)
|
|
- Make ReadDirName return a const char*.
- Consequential changes from that
- mark our fstring/pstring assumptions in function prototypes
Andrew Bartlett
(This used to be commit 10b53d7c6fd77f23433dd2ef12bb14b227147a48)
|
|
dereferencing
(This used to be commit 7bc5fc729f67ae16e09ea67efa9e2b8e2ba41c8f)
|
|
from .NET RC2)
(This used to be commit e074cab810f9299d0b27881cddf8a74f10fe233e)
|
|
* distinguish WinXP from Win2k
* add a 1/3 of a second delay in OpenPrinter
in order to trigger a LAN/WAN optimization in
2k clients.
(This used to be commit c7712fa054d21b4884a78b7ea6c0fb8b3d637c6b)
|
|
Andrew Bartlett
(This used to be commit 9ef0d40c3f8aef52ab321dc065264c42065bc876)
|
|
(This used to be commit d9c485b01017594d113502f9de2248d6c120cfa3)
|
|
Jeremy.
(This used to be commit efd52f6ca7784a3edfc0371b5ff2054ad9704ab7)
|
|
(This used to be commit a8db1b611d83bfd8dcf60f1e6d8fcbf57c798528)
|
|
warnings. (Adds a lot of const).
Andrew Bartlett
(This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
|
|
(This used to be commit 9e5297131cc53d7161aa74566f147b98e1c27aaa)
|
|
Jeremy.
(This used to be commit ec4ed45563f9d8e25fcfd88840944a90b3139c3e)
|
|
Jeremy.
(This used to be commit 0ff254264e6e43399404595bc87b5bd889e17952)
|
|
(This used to be commit eda83b6d13f5f73136363d165e9396725b923873)
|
|
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
|
|
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
|
|
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
(This used to be commit 2bf6595a2a5527ff64f9083f2434aa344c9637d9)
|
|
Jeremy.
(This used to be commit 9fb6a475264f465e30a23c34b5c9266921d135d1)
|
|
pid. This follows a bug in rsync where it would accidentally
kill(-1), removing all the user's processes. I can't see any way this
would directly happen in Samba, but having the assertions seems
beneficial.
http://cvs.samba.org/cgi-bin/cvsweb/rsync/util.c.diff?r1=1.108&r2=1.109&f=h
(This used to be commit 098905bea29c7d5b886809d431294ddf2fc1e152)
|
|
processing work correctly in winbindd. This is a really good patch
that gives full select semantics to the Samba modified select.
Jeremy.
(This used to be commit 3af16ade173cac24c1ac5eff4a36b439f16ac036)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
(This used to be commit a034bfb9ef7a4c8a127ac91f4163cc6af98f29b3)
|
|
correctly) be no longer needed. This is in aid of the 'winbind default domain'
code - which works much better when smbd always goes via the standard unix
interfaces.
Andrew Bartlett
(This used to be commit a41fe2f6c845789c719de1d9a26a1374fb0e7fdb)
|
|
(This used to be commit 04f492980b73800b60dde764fdeb43f2eab79624)
|
|
idra has promised not to revert these this time :-)
(This used to be commit f556ad67e82518f5a024ffe9184ff9430ab5c541)
|
|
(This used to be commit 6380f9ff7a57975b9827fb7252439ee28a25970d)
|
|
(This used to be commit 8d106dc1f4a51112516d72ae68747ca6b5b904b7)
|
|
Jeremy.
(This used to be commit 01ff6ce4963e1daff019f2b936cef218e1c93f67)
|
|
variable called 'free'.
(This used to be commit a823e3f8b2961c3e24205911354a55ffa588233b)
|
|
(This used to be commit 08bb2dfec2ca0282e9268d09da2b966d3bdf493a)
|
|
Also change the structure so it has its own (optional) 'free' pointer - so we
don't free() a talloc'ed version.
also split out the data_blob_clear() functionaility.
Andrew Bartlett
(This used to be commit 207ee8aac42cf4b35f07e496b15fdeabe50950bc)
|
|
Jeremy.
(This used to be commit 8aee8211cddb6705c9aa545fc57ece2c721ef448)
|
|
Jeremy.
(This used to be commit 73cf9d04f6a35aa3b6bdb4e921de34e0021b5a2c)
|
|
Jeremy.
(This used to be commit b52c3219d6f46df6e98742447d65ecda2ecbac65)
|