summaryrefslogtreecommitdiff
path: root/source3/lib
AgeCommit message (Collapse)AuthorFilesLines
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-4/+10
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-11-22Ensure that items in a list of strings containing whitespaceGerald Carter1-1/+1
are written out surrounded by single quotes. This means that both double and single quotes are now used to surround strings in smb.conf. This is a slight change from the previous behavior but needed or else things like printer admin = +ntadmin, 'VALE\Domain, Admin' get written to smb.conf by SWAT. (This used to be commit 5bf91c79d620e34ac71d72c80f74e47754d49dcb)
2003-11-19Look at error before using it in debug statement.Jeremy Allison1-3/+2
Jeremy. (This used to be commit 69550332f33496b0a513914e2290fdb256bc2958)
2003-11-19Added useful information to debug lines.Rafal Szczesniak1-4/+4
Patch by metze. rafal (This used to be commit 2eef3c7bc182bb2c0c483190570ee1a297047ad2)
2003-11-18Useful debug message. Patch by metze.Rafal Szczesniak1-2/+4
rafal (This used to be commit 8b06364b53ea01ec7a21f3fbe86afad02fe21dd8)
2003-11-18Remove unneeded second open for filename ending in '.' now we know it'sJeremy Allison1-1/+1
a mangled name. Added const. Fix inspired by Andrew Bartlett ideas. Jeremy. (This used to be commit 87eb336d659dfa5e92b495dd76a0f2e534931293)
2003-11-13Squelch some warnings with more casty-foo.Richard Sharpe1-2/+2
(This used to be commit d165a49d860443741e57458b8a819c6d54824fc5)
2003-11-13Fix a couple of warnings with casts.Richard Sharpe1-2/+2
(This used to be commit 58d7a51c5762a444aae6a795a3703269134423d7)
2003-11-07Implement %i-Macro for the locally used IP address. With this you can againVolker Lendecke2-0/+31
have virtual hosts with different configurations on a single smbd even on port 445. Volker (This used to be commit 3a7c8c4f0e7fcfc2e20e1ad5e4b8e3c215ef1f0d)
2003-11-07Simple rename of get_socket_addr to get_peer_addr and get_socket_name toVolker Lendecke2-13/+13
get_peer_name. This is to get closer to the getsockname/getpeername system functions. Next step will be the %i macro for the local IP address. I still want to play %L-games in times of port 445. Volker (This used to be commit d7162122eaf5d897e5de51604e431bfbaa20e905)
2003-11-06Undo accidentally committed stuff.Tim Potter1-111/+0
(This used to be commit 0a79519bc4b92b2f6e88b921d5ede761cc8ee2af)
2003-11-06Ignore tallocdump binary.Tim Potter2-2/+113
(This used to be commit addeb1c6c90faf5842db4a75f8db8d2325905b03)
2003-11-05make sure that we expand %H (from vl); bug 612Gerald Carter1-0/+3
(This used to be commit a77f5924304d03d8033d1ef5f6526373f5b67aa3)
2003-11-04Use the actual size of the buffer in strftime instead of a made up valueTim Potter1-1/+1
which just happens to be less than sizeof(fstring). Closes #713. (This used to be commit 761e13da4ef8294f0b131ad7f672d023b0d222f6)
2003-11-04Fix for bug #703, try lowercase netgroups lookups.Jeremy Allison1-1/+18
Jeremy. (This used to be commit 8b06385e008a9433fa6efb941b997f7d6b182a65)
2003-11-03Fix more 64-bit printf warnings.Tim Potter3-8/+11
(This used to be commit 23443e3aa079710221557e18158d0ddb8ff48a36)
2003-11-02Cast to fix warning on Solaris sendfile - check buildfarm outputTim Potter1-1/+1
to see if this works! Bug #706. (This used to be commit 67ab91825db9b81b8b4f35e86a7eede0c7df5621)
2003-10-29Fixes to check for wraps which could cause coredumps.Jeremy Allison1-0/+1
Jeremy. (This used to be commit ad06edd1bb58cc5e2c38a364b1af96a933b770af)
2003-10-24Some spelling mistakes in aclocal.m4 and the va_copy fixups in configure.inRichard Sharpe1-0/+4
and lib/snprintf. Check for va_copy first, and then look for __va_copy. (This used to be commit 8b592740b6294555c461d7eee003e2bd5f4352a4)
2003-10-23After a phonecall with jra finally commit this.Volker Lendecke2-12/+5
This changes our behaviour when the setresuid call is available. We now not only change the effective uid but also the real uid when becoming unprivileged. This is mainly for improved AFS compatibility, as AFS selects the token to send to the server based on the real uid of the process. I tested this with a W2k server with two non-root 'runas' sessions. They come in via a single smbd as two different users using two session setups. Samba on Linux can still switch between the two uids, proved by two different files created via those sessions. Volker (This used to be commit 556c62f93535c606122b22e7e843d9da9a1cd438)
2003-10-23Volker's fix for bug #668. Change the \n after the password prompt to goJim McDonough1-2/+3
to tty instead of stdout. (This used to be commit 3cec478b82359c527065c3a8d44daae96b7ac57e)
2003-10-22Put strcasecmp/strncasecmp on the banned list (except for needed callsJeremy Allison6-17/+23
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at all and I really want to discourage that. Jeremy. (This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
2003-10-21Patch from Stefan Metzmacher <metze@metzemix.de> to fix signing problemsJeremy Allison1-2/+17
when reverse connecting back to a client for printer notify. Jeremy. (This used to be commit 06aa434c3fdb139e3f3143d19413556945cbcd4f)
2003-10-14Delete unused label to fix compiler warning.Tim Potter1-1/+0
(This used to be commit e34d21af3882a034810737039dbaae4d45e2645c)
2003-10-12make nt-time <-> unix-time functions nearly reversibleSimo Sorce1-2/+5
(This used to be commit bda64a11f7c11ca303122299c3e41c49e6afd933)
2003-10-09Move sysquotas autoconf tests to a seperate file.Jelmer Vernooij1-99/+1
Patch by Stefan Metzmacher <metze@metzemix.de> (This used to be commit 9f6cd8177db9a88f681f28a8dca044595ddaae88)
2003-10-06split some security related functions in their own files.Simo Sorce3-151/+1
(no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
2003-10-06This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User4-0/+1270
used to be commit 096b997588880991af8e07034cc4f041daa87b97)
2003-10-06split some security related functions in their own files.Simo Sorce7-151/+1271
(no need to include all of smbd files to use some basic sec functions) also minor compile fixes (This used to be commit 66074d3b097d8cf2a231bf08c7f4db62da68189d)
2003-10-01Fixed silly typo checking for signal_handler not signal.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 202d4e46527993d359df7cd04fb611c22cc920c3)
2003-10-01Fixed silly typo checking for signal_handler not signal.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 6c38a79be796935ab24764302805deea878b360d)
2003-10-01Allow ^C to interrupt smbpasswd if using our getpass.Jeremy Allison1-62/+86
Jeremy. (This used to be commit 7d79a55d9af517ed63f8a4641bbc34564a4ef889)
2003-10-01Allow ^C to interrupt smbpasswd if using our getpass.Jeremy Allison1-62/+86
Jeremy. (This used to be commit 8a284463458cfaaff9986bbc459dfc113f921c6c)
2003-10-01merge of parameter changes from 3.0 and fix for bug 550Gerald Carter2-4/+6
(This used to be commit b6433f5db77a1d62309946c6f23c18c6c299d0c5)
2003-10-01wrap internals of sys_setgroups() so the sys_XX() call can be done ↵Gerald Carter2-4/+6
unconditionally; bug 550 (This used to be commit 9df3f53e6ae751d522c7ac21deb785f1fa05f225)
2003-09-29Merge from 3.0:Tim Potter1-1/+1
>iconv isn't const safe. Neither should smb_iconv be. >Jeremy. (This used to be commit 7bd450f8b678e835ba4f9cfdc3d096b04da6f8f7)
2003-09-29Merge from 3.0:Tim Potter1-5/+7
>Fix for #480. Change the interface for init_unistr2 to not take a length >but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string. >This is not the case. Count it after conversion. >Jeremy. (This used to be commit e2ab9e54cd0ec0002175cf18ff364f4aebaf85a0)
2003-09-27iconv isn't const safe. Neither should smb_iconv be.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 238bb74c16417140d85a304890b97e04df389ae9)
2003-09-25Fix for #480. Change the interface for init_unistr2 to not take a lengthJeremy Allison1-5/+7
but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string. This is not the case. Count it after conversion. Jeremy. (This used to be commit f82c273a42f930c7152cfab84394781744815e0e)
2003-09-24* sync more files from 3.0Gerald Carter2-24/+40
* set version string to "CVS 3.1.0alpha1" (This used to be commit c6a61ffcbd0c95afd94bd33fd832b24bc8209de5)
2003-09-23This only touches the fake kaserver support. It adds two parameters:Volker Lendecke1-24/+36
afs share -- this is an AFS share, do AFS magic things afs username map -- We need a way to specify the cell and possibly weird username codings for several windows domains in the afs cell Volker (This used to be commit 4a3f7a9356cd5068d9ed4fd6e2336d9bf7923fbd)
2003-09-23Add a descriptive comment to our usage of setresuid. lib/afs.c needsVolker Lendecke1-0/+4
to be changed if we decide to set our real uid. Jeremy? Volker (This used to be commit 1fed55aa781bcf9efdd42f361c972b69152137a4)
2003-09-22fix some warnings found by the Sun C compilerGerald Carter1-1/+1
(This used to be commit 585764305aa84a7732f71f2e01227e1a6a08664f)
2003-09-22fix some warnings found by the Sun C compilerGerald Carter1-1/+1
(This used to be commit e1fac713e25692a5790c3261ba323732930f5249)
2003-09-19Ensure that dup_sec_desc copies the 'type' field correctly. This causedJeremy Allison1-2/+2
me to expose a type arguement to make_sec_desc(). We weren't copying the SE_DESC_DACL_AUTO_INHERITED flag which could cause errors on auto inherited checks. Jeremy. (This used to be commit 546b2271c08735ac1049a453abac996d794aa364)
2003-09-19Ensure that dup_sec_desc copies the 'type' field correctly. This causedJeremy Allison1-2/+2
me to expose a type arguement to make_sec_desc(). We weren't copying the SE_DESC_DACL_AUTO_INHERITED flag which could cause errors on auto inherited checks. Jeremy. (This used to be commit 28b315a7501f42928d73efaa75f74146ba95cf2d)
2003-09-17Unregister event fix from metze.Jeremy Allison1-3/+6
Jeremy. (This used to be commit b3b2b3d5e7c9d4995890bf7b156fc1176b042cfc)
2003-09-17Unregister event fix from metze.Jeremy Allison1-3/+6
Jeremy. (This used to be commit 0aee73d45733a8eca437954e0c9fd54884bbe770)
2003-09-15Alias charset 646 internallyAlexander Bokovoy1-0/+1
(This used to be commit f4eb7acc7dfc400cc6524dccdd8081acd707f937)
2003-09-15Alias charset 646 internally as it is same as ASCII. Should solve Solaris ↵Alexander Bokovoy1-0/+1
problems where ASCII was not detected and 646.so were requested through dynamic loading (This used to be commit c248cd4784ac0f8f16813de36d293ab6bf1d259b)