Age | Commit message (Collapse) | Author | Files | Lines |
|
- Fill in the 'backup' idea of a domain, if the DC didn't supply one. This
doesn't seem to occour in reality, hence why we missed the typo.
lib/charcnv.c:
lib/smbldap.c:
libads/ldap.c:
libsmb/libsmbclient.c:
printing/nt_printing.c:
- all the callers to pull_utf8_allocate() pass a char ** as the first
parammeter, so don't make them all cast it to a void **
nsswitch/winbind_util.c:
- Allow for a more 'correct' view of when usernames should be qualified
in winbindd. If we are a PDC, or have 'winbind trusted domains only',
then for the authentication returns stip the domain portion.
- Fix valgrind warning about use of free()ed name when looking up our
local domain. lp_workgroup() is maniplated inside a procedure that
uses it's former value. Instead, use the fact that our local domain is
always the first in the list.
Andrew Bartlett
(This used to be commit 494781f628683d6e68e8ba21ae54f738727e8c21)
|
|
is not significant in windows user names we should not lose information by
lower-casing the name before handing it to AFS.
Volker
(This used to be commit 6d2285b6d1599648661be47abaaa888419700d22)
|
|
This patch will change order how attributes are modified
from: add, delete
to: delete, add
This is needed to update single valued attributes in Novell NDS and
should not harm anyone else.
(This used to be commit fabf80169079483a1378aa0177d8d8335bd98bb3)
|
|
While writing documentation for metze's patch, it became clear that this is a
better name.
Andrew Bartlett
(This used to be commit 6f828ff3d3622c56ee732b976e7ab90b7897a8d3)
|
|
When smb.conf tells us to write to a read-only LDAP replica and we are
redirected by the LDAP server, the replication might take some seconds,
especially over slow links. This patch delays the next read after a rebind for
'ldap rebind sleep' milliseconds.
Metze, thanks for your patience.
Volker
(This used to be commit 63ffa770b67d700f138d19b4982da152f57674fc)
|
|
to have ldap_initialize.
Thanks to abartlet for the fix (and the bug in the first place ;-))
Volker
(This used to be commit 17473a65eb119ca2240b40a8c029d9a499cde177)
|
|
strings, only form input in SWAT.
Andrew Bartlett
(This used to be commit 8d54f5fe0c5689660f37788916b37014754ce23e)
|
|
by increasing bitmap size. Limited by "max connections" parameter.
Bug #716.
Jeremy.
(This used to be commit fbbeb55b230ffc477f5563af66ab65eb6598e025)
|
|
(This used to be commit ba95fe56d2db8243191d5dd6b75c6b65e0f5fbe9)
|
|
src & dest strings to alpha_strcpy(); reported by Michael Young
(This used to be commit b7df6849c9368aa2e5960de54a03be269ab89fef)
|
|
(This used to be commit 6cf91bce40f85879de00b9ce89ad9b5e04a50b35)
|
|
octets in hosts allow/deny
(This used to be commit 0348e85177ae90c350659451424ab521a4fc335a)
|
|
(This used to be commit 2f43a1c166dfc8679a9d03bd0f3cf9303aafcf74)
|
|
(This used to be commit 1c3c16abc94d197e69e3350de1e5cc1e99be4322)
|
|
(This used to be commit 2742e813fea2366f91bec62dca407f65ad5c4623)
|
|
Looking at crash bugs #809 and others.
Jeremy.
(This used to be commit cd2075580b0f35c8a414c995f03834c01efaa9be)
|
|
again; bug 846
(This used to be commit c816b44a9c1278d756f63044bb3a3bce3afec9b3)
|
|
obsolete comment by Luke Leighton.
(This used to be commit 316f83add76b56fe102f5dc4c9ce3a0413d9a1f4)
|
|
- NTLM2 support in the server
- KEY_EXCH support in the server
- variable length session keys.
In detail:
- NTLM2 is an extension of NTLMv1, that is compatible with existing
domain controllers (unlike NTLMv2, which requires a DC upgrade).
* This is known as 'NTLMv2 session security' *
(This is not yet implemented on the RPC pipes however, so there may
well still be issues for PDC setups, particuarly around password
changes. We do not fully understand the sign/seal implications of
NTLM2 on RPC pipes.)
This requires modifications to our authentication subsystem, as we
must handle the 'challege' input into the challenge-response algorithm
being changed. This also needs to be turned off for
'security=server', which does not support this.
- KEY_EXCH is another 'security' mechanism, whereby the session key
actually used by the server is sent by the client, rather than being
the shared-secret directly or indirectly.
- As both these methods change the session key, the auth subsystem
needed to be changed, to 'override' session keys provided by the
backend.
- There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation.
- The 'names blob' in NTLMSSP is always in unicode - never in ascii.
Don't make an ascii version ever.
- The other big change is to allow variable length session keys. We
have always assumed that session keys are 16 bytes long - and padded
to this length if shorter. However, Kerberos session keys are 8 bytes
long, when the krb5 login uses DES.
* This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. *
- Add better DEBUG() messages to ntlm_auth, warning administrators of
misconfigurations that prevent access to the privileged pipe. This
should help reduce some of the 'it just doesn't work' issues.
- Fix data_blob_talloc() to behave the same way data_blob() does when
passed a NULL data pointer. (just allocate)
REMEMBER to make clean after this commit - I have changed plenty of data structures...
(This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
|
|
are written out surrounded by single quotes. This means that
both double and single quotes are now used to surround
strings in smb.conf. This is a slight change from the previous
behavior but needed or else things like
printer admin = +ntadmin, 'VALE\Domain, Admin'
get written to smb.conf by SWAT.
(This used to be commit 5bf91c79d620e34ac71d72c80f74e47754d49dcb)
|
|
Jeremy.
(This used to be commit 69550332f33496b0a513914e2290fdb256bc2958)
|
|
Patch by metze.
rafal
(This used to be commit 2eef3c7bc182bb2c0c483190570ee1a297047ad2)
|
|
rafal
(This used to be commit 8b06364b53ea01ec7a21f3fbe86afad02fe21dd8)
|
|
a mangled name. Added const. Fix inspired by Andrew Bartlett ideas.
Jeremy.
(This used to be commit 87eb336d659dfa5e92b495dd76a0f2e534931293)
|
|
(This used to be commit d165a49d860443741e57458b8a819c6d54824fc5)
|
|
(This used to be commit 58d7a51c5762a444aae6a795a3703269134423d7)
|
|
have virtual hosts with different configurations on a single smbd even on port
445.
Volker
(This used to be commit 3a7c8c4f0e7fcfc2e20e1ad5e4b8e3c215ef1f0d)
|
|
get_peer_name. This is to get closer to the getsockname/getpeername system
functions.
Next step will be the %i macro for the local IP address. I still want to play
%L-games in times of port 445.
Volker
(This used to be commit d7162122eaf5d897e5de51604e431bfbaa20e905)
|
|
(This used to be commit 0a79519bc4b92b2f6e88b921d5ede761cc8ee2af)
|
|
(This used to be commit addeb1c6c90faf5842db4a75f8db8d2325905b03)
|
|
(This used to be commit a77f5924304d03d8033d1ef5f6526373f5b67aa3)
|
|
which just happens to be less than sizeof(fstring). Closes #713.
(This used to be commit 761e13da4ef8294f0b131ad7f672d023b0d222f6)
|
|
Jeremy.
(This used to be commit 8b06385e008a9433fa6efb941b997f7d6b182a65)
|
|
(This used to be commit 23443e3aa079710221557e18158d0ddb8ff48a36)
|
|
to see if this works! Bug #706.
(This used to be commit 67ab91825db9b81b8b4f35e86a7eede0c7df5621)
|
|
Jeremy.
(This used to be commit ad06edd1bb58cc5e2c38a364b1af96a933b770af)
|
|
and lib/snprintf. Check for va_copy first, and then look for __va_copy.
(This used to be commit 8b592740b6294555c461d7eee003e2bd5f4352a4)
|
|
This changes our behaviour when the setresuid call is available. We now not
only change the effective uid but also the real uid when becoming
unprivileged. This is mainly for improved AFS compatibility, as AFS selects
the token to send to the server based on the real uid of the process.
I tested this with a W2k server with two non-root 'runas' sessions. They come
in via a single smbd as two different users using two session setups. Samba on
Linux can still switch between the two uids, proved by two different files
created via those sessions.
Volker
(This used to be commit 556c62f93535c606122b22e7e843d9da9a1cd438)
|
|
to tty instead of stdout.
(This used to be commit 3cec478b82359c527065c3a8d44daae96b7ac57e)
|
|
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at
all and I really want to discourage that.
Jeremy.
(This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
|
|
when reverse connecting back to a client for printer notify.
Jeremy.
(This used to be commit 06aa434c3fdb139e3f3143d19413556945cbcd4f)
|
|
(This used to be commit e34d21af3882a034810737039dbaae4d45e2645c)
|
|
(This used to be commit bda64a11f7c11ca303122299c3e41c49e6afd933)
|
|
Patch by Stefan Metzmacher <metze@metzemix.de>
(This used to be commit 9f6cd8177db9a88f681f28a8dca044595ddaae88)
|
|
(no need to include all of smbd files to use some basic sec functions)
also minor compile fixes
couldn't compile to test these due to some kerberos problems wirh 3.0,
but on HEAD they're working well, so I suppose it's ok to commit
(This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
|
|
used to be commit 096b997588880991af8e07034cc4f041daa87b97)
|
|
(no need to include all of smbd files to use some basic sec functions)
also minor compile fixes
(This used to be commit 66074d3b097d8cf2a231bf08c7f4db62da68189d)
|
|
Jeremy.
(This used to be commit 202d4e46527993d359df7cd04fb611c22cc920c3)
|
|
Jeremy.
(This used to be commit 6c38a79be796935ab24764302805deea878b360d)
|
|
Jeremy.
(This used to be commit 7d79a55d9af517ed63f8a4641bbc34564a4ef889)
|