Age | Commit message (Collapse) | Author | Files | Lines |
|
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
|
|
(This used to be commit 1960a650c1546323708ed6bea615dc7215a97b4f)
|
|
First of all, do a char-by-char walk through both buffers until we get
to a non-ascii character, or a difference between the strings. This
prefix can be directly compared without needing to call into iconv.
This should be much faster for strings that are either all ascii, or
differ near the start.
(This used to be commit f7f692b2db4dd513068d6d8fed2792186933ddda)
|
|
grows too much larger.
(This used to be commit 4bbddbfc6a97ebb11e299aa7bd07ebebeab42c65)
|
|
requests, without needing --client-perms=yes.
(This used to be commit 412a8780c35ee9449c9682e3ef73afb2c4933285)
|
|
clobbering the region, just in case clobbering causes us to crash
immediately. (That might happen if we just shot ourselves in the
stack and strcpy was not inlined.)
Also, in DEVELOPER mode and when Valgrind is available, mark the
clobbered region as uninitialized. This is an even stronger
protection than clobbering with 0xf1.
(This used to be commit 5653a42ae695f4b8f4c14d3184ca76523d38b51b)
|
|
This patch enables the compile-time checking of strings assable by means of
sizeof(). (Original code had the configure check reversed).
This is extended to all safe_strcpy() users, push_string and pull_string,
as well as the cli and srv derivitives. There is an attempt to cap strings
at the end of the cli buffer, and clobber_region() of the speified length
(when not -1 :-).
Becouse of the way they are declared, the 'overmalloc a string' users of
safe_strcpy() have been changed to use overmalloc_safe_strcpy() (which skips
some of the checks).
This whole ball of mud worked fine, until I pulled out my 'fix' for our
statcache. When jeremy fixes that, we should be able to get back to testing
this stuff.
This patch also includes a 'marker' of the last caller to clobber_region (ie,
the function that called pstrcpy() that called clobber_region) to assist in
debugging problems that may have smashed the stack. This is printed at
smb_panic() time. (Original idea and patch by metze).
It also removes some unsused functions, and #if 0's some others that are
unused but probably should be used in the near future.
For now, this patch gives us some confidence on one class of trivial parsing
error in our code.
Andrew Bartlett
(This used to be commit 31f4827acc2a2f00399a5528fc83a0dae5cebaf4)
|
|
recent Valgrind relases and clashing with -DVALGRIND.
(This used to be commit 98479f1315cf8968152e1566966ac57e171008c3)
|
|
lengths are correct. Attempts to pstrcpy into an fstring or allocated
string should fail in developer builds.
This builds on abartlet's earlier overflow probe for safe_strcpy, but
by clobbering the whole string with a nonzero value is more likely to
find overflows on the stack.
This is only used in -DDEVELOPER mode.
Reviewed by abartlet, tpot.
(This used to be commit 8d915e266cd8ccc8b27e9c7ea8e9d003d05f8182)
|
|
(This used to be commit a4b9c5c2576c80a5f60d47d178b9b8c50d348893)
|
|
(This used to be commit 8c69212eeb4a0ec144b960d76319fd4940b8c239)
|
|
(This used to be commit fa38e7956c21b828ba208282ef0ac85c2b66ff22)
|
|
(This used to be commit 90e1d8bdfa9ec0a4f3795d9a89db1d2324447b68)
|
|
it really is a developer hack...
Andrew Bartlett
(This used to be commit 3588ebb35b14422141d4070413185195b525038e)
|
|
When we look see if a user is in a list, and we try to 'expand' an @group, we
should lookup the user's own list of groups, rather than looking for all the
members of a group.
I'm sure this will fix some nasty performance issues, particularly on large
domains etc. In particular, this avoids contacting winbind at all, if the
group is not a winbind group.
(This caused a deadlock on my winbind-on-PDC setup).
The groups list always includes the user's primary group, as per the
getgrouplist manpage, and my recent changes to our implementation.
Andrew Bartlett
(This used to be commit 9be21976f7662ebe6eb92fff7cecbdb352eca334)
|
|
Thanks to Andrew Bartlett for spotting this.
(This used to be commit b4c210ccb05e71a8ddf1c25d028452dd5cd93c72)
|
|
compiler could have produced complete crap for this code.
(This used to be commit 0e90da0810b60dd1c2b1ec46c1a2993856b919d3)
|
|
of the SWAT code, and adding a base64 encoder.
The main purpose of this patch is to add NTLMSSP support to 'ntlm_auth', for
use with Squid. Unfortunetly the squid side doesn't quite support what we need
yet.
Changes to winbind to get us the info we need, and a couple of consequential
changes/cleanups in the rest of the code.
Andrew Bartlett
(This used to be commit fe50ca8f54ded2e119bde08831785fbe0db2ee99)
|
|
instead.
Andrew Bartlett
(This used to be commit c781e34d274f4185ec932cc59029d3f9a65e47c4)
|
|
Andrew Bartlett
(This used to be commit 6e821285a4aacfc0031957b88ddbec73d7e1dc11)
|
|
compiler-based argument checking.
(This used to be commit 16fe928e68623a878b125910ff83df500a29d0ce)
|
|
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
(This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
|
|
Jeremy.
(This used to be commit ff3a8d37289216a2cb808406044a7abef1e564d0)
|
|
(This used to be commit 08ac3610f9ef7e1c37541729441acfa13b48d34c)
|
|
cache code.
This uses gencache, mimir's new caching code that stores at text-based cache
of various data.
Mimir has done a *lot* of work on this patch, and it is finally time to
get it in CVS.
Andrew Bartlett
(This used to be commit 47f3bfe9564e7f3aff60cefaefd599e0abb30a31)
|
|
authentication code.
In particular, ntlm_auth is designed to replace the winbind authentication
'helpers' currently supplied by Squid. I have added support for the current
plaintext password protocol used by Squid, and will add the real guts (NTLMSSP
support) shortly.
I'll merge this into 3.0 when I've got the interface more stable (error message
format etc) and got the important NTLMSSP support added.
Also move SWAT's URL decoding code into util_str.c, for use in both utilities.
Andrew Bartlett
(This used to be commit 82dbf838879e8a2d2d3f9dd5be6eda50b780b787)
|
|
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
|
|
Jeremy.
(This used to be commit ae4bf35f942de6025d3f364d599cca9720734a19)
|
|
off his laptop :-)
Andrew Bartlett
(This used to be commit df8f0338fae01e5edc176708c2b798c67c2e8c36)
|
|
(This used to be commit 8a63fe45058b15c15d79e15387e908564cfe5c2d)
|
|
Tridge suggested a generic caching mechanism for Samba to avoid the
proliferation of little cache files hanging around limpet like in the
locks directory. Someone should probably implement this at some
stage.
(This used to be commit dad31483b3bd1790356ef1e40ac62624a403bce8)
|
|
null before close
this one fixes swat not working with browsers that set more then one language.
along the way implemented language priority in web/neg_lang.c with bubble sort
also changet str_list_make to be able to use a different separator string
Simo.
(This used to be commit 69765e4faa8aaae74c97afc917891fc72d80703d)
|
|
Andrew Bartlett
(This used to be commit 2a3d821c77c7648de43b11dd951f6f16d7be5b3c)
|
|
of a string....
Jeremy.
(This used to be commit 35f0fbd254c222d015bdc582277b90efbaade81e)
|
|
number of *bytes*. >= check was correct, the len=0 case needed changing
to len = ls + 1.
Jeremy.
(This used to be commit 06a4a6d30ade5ea4d123ae640393677c9a510763)
|
|
Jeremy.
(This used to be commit 8b0e47fc1f00c76dfccb6c2b58188d9a5ae67c65)
|
|
Jeremy.
(This used to be commit 4aa922a1afdd538f51d5eff4cb7af2694a88c591)
|
|
It complained about an overflow of 0 bytes.
Jeremy please check since you modified this last.
(This used to be commit a5aad760061e21635319a9b5628990cf59b827ed)
|
|
they will get a const string and return a (t)alloced epanded one.
also modified passdb/* stuff to use this one.
(This used to be commit d378ac1e2efb0efc9a0f983d69cf678ca6255fd5)
|
|
(This used to be commit 4be1c882be56ae0fe18bb134a1513e0e6f6965b0)
|
|
Went through and checked all string_subs I could to ensure they're being
used correctly.
Jeremy.
(This used to be commit 17cae0d683be404be69554cd0e84117bdcc56c87)
|
|
and renamed to str_list_* as it is a better name.
Elrond should be satisfied now :)
(This used to be commit 4ae260adb9505384fcccfb4c9929cb60a45f2e84)
|
|
(This used to be commit 546764f3cbbefaad312386280dd2ebbbe5b4446d)
|
|
for both null terminated and buffer length terminated strings
(This used to be commit e8fbf853e0eed61bb7405be731f18fb2426f8dc4)
|
|
(This used to be commit dbc6b137a83cf9fe0558625dd32f92f15296fba6)
|
|
(This used to be commit 7e92fb7453e4dbf1fe0c32c3dcc1e994cb95b5ea)
|
|
the hash for this scheme is *much* larger (approximately 31 bits) and
the code is written to be very fast, correctly handling multibyte
while not doing any actual multi-byte conversions in the vast majority
of cases
you can select this scheme using "mangling method = hash2", although I
may make it the default if it works out well.
(This used to be commit bb173c1a7e2408ced967ebac40b5e3f852ccd3a1)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
(This used to be commit 04f492980b73800b60dde764fdeb43f2eab79624)
|
|
and constness changes.
(This used to be commit cee0ec72746122c962e6c5278a736266a7f2c424)
|