Age | Commit message (Collapse) | Author | Files | Lines |
|
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".
Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).
Guenther
(This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
|
|
The protocol negotiation string "LANMAN2.1" was not listed in the set of
negotiatiable possibilities, so non-optimal negotiation was taking place.
(This used to be commit a0dfa60fc5146ea6af0b88d91e030a4ec3d7f01e)
|
|
KRB5 in
SPNEGO, as long as we don't make use of it without krb libs. Makes the code a
bit simpler.
Volker
(This used to be commit 23549e6c082e92e45ced4eee215bcc0094b2a88b)
|
|
Volker
(This used to be commit b601fc42cb289366b7c522f41aa4c66920006890)
|
|
patch some
weeks ago.
We have some work before us, when in AD mode Vista sends
"not_defined_in_RFC4178@please_ignore" as the principal.....
Volker
(This used to be commit af85d8ec02b36b765ceadf0a342c7eda2410034b)
|
|
Guenther
(This used to be commit 31f21282cd5fb27c867615790e7fd27df4cd4c0e)
|
|
from 10 seconds to 30 seconds. I don't think you
meant to do this....
Jeremy.
(This used to be commit dd1691cf81492cfecc7f015ba201b78e2588db90)
|
|
and DLIST_DEMOTE() now take the type of the tmp pointer
not the tmp pointer itself anymore.
metze
(This used to be commit 2f58645b7094e81dff3734f11aa183ea2ab53d2d)
|
|
on the wire. This allows us to go to nsec resolution
for systems that support it. It should also now be
easy to add a correct "create time" (birth time)
for systems that support it (*BSD). I'll be watching
the build farm closely after this one for breakage :-).
Jeremy.
(This used to be commit 425280a1d23f97ef0b0be77462386d619f47b21d)
|
|
Volker
(This used to be commit 990da03f0940371d20f89c145b7ebdbe8e9bf4c4)
|
|
Volker
(This used to be commit 94817a8ef53589011bc4ead4e17807a101acf5c9)
|
|
A patch to make ntlm_auth recognize three new commands in
ntlmssp-client-1 and squid-2.5-ntlmssp:
The commands are the following:
Command: SF <hex number>
Reply: OK
Description: Takes feature request flags similar to samba4's
gensec_want_feature() call. So far, only NTLMSSP_FEATURE_SESSION_KEY,
NTLMSSP_FEATURE_SIGN and NTLMSSP_FEATURE_SEAL are implemented, using the same
values as the corresponding GENSEC_FEATURE_* flags in samba4.
Command: GF
Reply: GF <hex number>
Description: Returns the negotiated flags.
Command: GK
Reply: GK <base64 encoded session key>
Description: Returns the negotiated session key.
(These commands assist a wine project to use ntlm_auth for signing and
sealing of bulk data).
Andrew Bartlett
(This used to be commit bd3e06a0e4435f1c48fa3b7862333efe273119ee)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
cli_session_setup
derefences it.
Volker
(This used to be commit b013b6908d22cfd38fcc56a9cb2ca675d75996d1)
|
|
(This used to be commit d77768cb237461b06119ee19f822b120623d77dd)
|
|
Jeremy.
(This used to be commit b108ab7b122cc607f31772614b221379403b211b)
|
|
is broken
right now. r14112 broke it, in 3.0.22 register_vuid for security=share returns
UID_FIELD_INVALID which in current 3_0 is turned into an error condition. This
makes sure that we only call register_vuid if sec!=share and meanwhile also
fixes a little memleak.
Then I also found a crash in smbclient with sec=share and hostmsdfs=yes.
There's another crash with sec=share when coming from w2k3, but I need sleep
now.
Someone (jerry,jra?) please review the sesssetup.c change.
Thanks,
Volker
(This used to be commit 8059d0ae395604503cad3d9f197928305923e3f5)
|
|
where if you ask for exactly 64k bytes it returns 0.
Jeremy.
(This used to be commit dcef65acb5bc08ea4b61ef490a518b7e668ff2ee)
|
|
kerberos_kinit_password_ext provides access to more options.
Guenther
(This used to be commit afc519530f94b420b305fc28f83c16db671d0d7f)
|
|
running. More generic error return cleanup in libsmb/
needs doing (everything returning NTSTATUS not BOOL).
Jeremy
(This used to be commit 654bb9853b450c5d509d182f67ec26ac320fd590)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
(This used to be commit 6c3480f9aecc061660ad5c06347b8f1d3e11a330)
|
|
(This used to be commit 9a6ce67fbf89ea7fc9eed72776dff4712ba67e2b)
|
|
of the Samba4 timezone handling code back into Samba3.
Gets rid of "kludge-gmt" and removes the effectiveness
of the parameter "time offset" (I can add this back
in very easily if needed) - it's no longer being
looked at. I'm hoping this will fix the problems people
have been having with DST transitions. I'll start comprehensive
testing tomorrow, but for now all modifications are done.
Splits time get/set functions into srv_XXX and cli_XXX
as they need to look at different timezone offsets.
Get rid of much of the "efficiency" cruft that was
added to Samba back in the day when the C library
timezone handling functions were slow.
Jeremy.
(This used to be commit 414303bc0272f207046b471a0364fa296b67c1f8)
|
|
spoolss backchannel connection by rewriting
spoolss_connect_to_client(). Ensure that we
save the cli_state* in the rpc_pipe_client struct.
* fix typo in debug message in cli_start_connection"
(This used to be commit 18400f96628ffdd332c2fb2aa52b5e9aee5cb3ce)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
(This used to be commit 985dbb47d925e79c1195ca219f7ab5d6648b22b8)
|
|
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
|
|
in the tcon&X reply before setting the cli_state->dfsroot flag
(This used to be commit d3822d889dbc0812335e9242566256a0f88bc00d)
|
|
using krb5
(This used to be commit 19a639ac468237b22f16d917c0150fbf10c9623e)
|
|
<derrell.lipman@unwireduniverse.com>
(This used to be commit 88678bc05c3018eb181f97523a0b84b60e3c358d)
|
|
cd up and down the tree and get directory listings.
Still have to figure out how to get a directory listing on a
2k dfs root. Also have to work out some issues with relative paths
that cross dfs mount points.
We're protected from the new code paths when connecting to
a non-dfs root share ( the flag from the tcon&X is stored
in the struct cli_state* )
(This used to be commit e57fd2c5f00de2b11a2b44374830e89a90bc0022)
|
|
and SMBsplclose commands (BUG 2010)
* clarify some debug messages in smbspool (also from Mike)
my changes:
* start adding msdfs client routines
* enable smbclient to maintain multiple connections
* set the CAP_DFS flag for our internal clienht routines.
I actualy have a dfs referral working in do_cd() but that code
is too ugly to live so I'm not checking it in just yet.
Further work is to merge with vl's changes in trunk to support multiple
TIDs per cli_state *.
(This used to be commit 0449756309812d854037ba0af631abad678e670e)
|
|
gnome vfs to prevent auto-anonymous logon.
Jeremy.
(This used to be commit 843e85bcd978d025964c4d45d9a3886c7cf7f63c)
|
|
Added text explaining units in pdbedit time fields.
Jeremy.
(This used to be commit 3d09c15d8f06ad06fae362291a6c986f7b6107e6)
|
|
Jeremy.
(This used to be commit 831cb21a874601e4536c2cf76c5351e1d0defcb5)
|
|
<nalin@redhat.com>
for bug #1717.The rest of the code needed to call this patch has not yet been
checked in (that's my next task). This has not yet been tested - I'll do this
once the rest of the patch is integrated.
Jeremy.
(This used to be commit 7565019286cf44f43c8066c005b1cd5c1556435f)
|
|
Thanks!
Volker
(This used to be commit 587d863ae87042e0193b8d27b52ab3f75c58974b)
|
|
<guenter.kukkukk@kukkukk.com>.
Bugid #1590.
Jeremy.
(This used to be commit 330025d1a669de927a3879a9c3a9fc20e1be464f)
|
|
(Botched LANMAN2 session setup code)
Andrew Bartlett
(This used to be commit 3baa4ef6c58eb13bec1a8ddb1561a504f4a16107)
|
|
Andrew Bartlett
(This used to be commit 6d594d5bb119b6bc3f4c7699752666ac24d04745)
|
|
paths.
Jeremy.
(This used to be commit 88a97beac4f445f2a472167b3e5c0e8e1d019d17)
|
|
Jeremy.
(This used to be commit 6d0bdccaa67a2965fde5f9dff6cdc4059b8fbc90)
|
|
with more correct NTLMSSP support in client and server, but it will do
for now.
Also implement LANMAN password only in the classical session setup code, but
#ifdef'ed out. In Samba4, I'll make this run-time so we can torture it.
Lanman passwords over 14 dos characters long could be considered
'invalid' (they are truncated) - so SMBencrypt now returns 'False' if
it generates such a password.
Andrew Bartlett
(This used to be commit 565305f7bb30c08120c3def5367adfd6f5dd84df)
|
|
(This used to be commit 4b737b51a5cf0a862f4c1bd67d9d3dd49cc81b65)
|
|
it does sign the first packet.
Andrew Bartlett
(This used to be commit 4b9c50db853eaf9eb8c68b85760c40c1a8f9bd94)
|
|
another NTLMv2 combination.
We should allow the NTLMv2 response to be calculated with either the domain
as supplied, or the domain in UPPER case (as we always did in the past).
As a client, we always UPPER case it (as per the spec), but we also
make sure to UPPER case the domain, when we send it. This should give
us maximum compatability.
Andrew Bartlett
(This used to be commit 1e91cd0cf87b29899641585f46b0dcecaefd848e)
|
|
ago.
This patch re-adds support for 'optional' SMB signing. It also ensures that
we are much more careful about when we enable signing, particularly with
on-the-fly smb.conf reloads.
The client code will now attempt to use smb signing by default, and disable
it if the server doesn't correctly support it.
Andrew Bartlett
(This used to be commit e27b5cbe75d89ec839dafd52dd33101885a4c263)
|
|
Winbind tickets expired. We now check the expiration time, and acquire
new tickets. We couln't rely on renewing them, because if we didn't get
a request before they expired, we wouldn't have renewed them. Also, there
is a one-week limit in MS on renewal life, so new tickets would have been
needed after a week anyway. Default is 10 hours, so we should only be
acquiring them that often, unless the configuration on the DC is changed (and
the minimum is 1 hour).
(This used to be commit c2436c433afaab4006554a86307f76b6689d6929)
|
|
(This used to be commit 5fbfaa687a3674287eeadd205f56b2b253a9e2a9)
|