Age | Commit message (Collapse) | Author | Files | Lines |
|
rebind proc (some give an extra paramter to pass a void* paramater) and
some small changes for the SMB signing code to reset things when the
signing starts, and to 'turn off' signing if the session setup failed.
Andrew Bartlett
(This used to be commit a8805a34e5d96eeb5ffe15681b241d5a449a6144)
|
|
The problem was that *all* packets were being signed, even packets before
signing was set up. (This broke the session request).
This fixes it to be an 'opt in' measure - that is, we only attempt to sign
things after we have got a valid, non-guest session setup as per the CIFS spec.
I've not tested this against an MS server, becouse my VMware is down, but
at least it doesn't break the build farm any more.
Andrew Bartlett
(This used to be commit 1dc5a8765876c1ca822e454651f8fd4a551965e9)
|
|
Jeremy.
(This used to be commit 9d461933766f26ce772f6d5ea849ef9218c4d534)
|
|
(const, takes unix string as arg)
Also update cli_full_connection to take NULL pointers as 'undefined' correctly,
and therefore do its own lookup etc. This what was intended, but previously
you needed to supply a 0.0.0.0 IP address.
Andrew Bartlett
(This used to be commit 8fb1a9c6ba07dbf04a6aa1e30fa7bbd4c676ed28)
|
|
Jeremy.
(This used to be commit 3c05f7c06fc8c45307ea75128b160a5945fc5197)
|
|
unix and DOS strings.
This pushes all the 'have to uppercase, must be 14 chars' stuff behind the
the interface.
Andrew Bartlett
(This used to be commit dec650efa8ab1466114c2e6d469320a319499ea0)
|
|
Importantly:
The removal of the silly 'delete user script' behaviour when secuity=domain.
I have left the name the same - as it still does the (previously documented,
but not in smb.conf(5)) sane behaviour of deleting users on request.
When we decide what to do with the 'add user' functionality, we might
rename it.
Andrew Bartlett
(This used to be commit cdcfe3671eb7570e15649b77f708e6579055e7bc)
|
|
didn't make any sense, and its was always just strlen(password) anyway.
This fixes it to be strlen(password)+1
Andrew Bartlett
(This used to be commit c205b18bd6b9b69200ff3db55f2c641631d4ab40)
|
|
this:
More code cleanup - this lot a bit more dodgy than the last:
The aim is to trim pwd_cache down to size. Its overly complex, and a
pain to deal with. With a header comment like this:
'obfusticaion is planned'
I think it deserved to die (at least partly).
This was being done to allow 'cli_establish_connection' to die - its
functionality has been replaced by cli_full_connection(), which does
not duplicate code everywhere for creating names etc.
This also removes the little 'init' fucntions for the various pipes,
becouse they were only used in one place, and even then it was dodgy.
(I've reworked smbcacls not to use anonymous connections any more, as
this will (should) fail with a 'restrict anonymous' PDC).
This allowed me to remove cli_pipe_util.c, which was calling
cli_establish_connection.
tpot: I'm not sure what direction you were going with the client stuff,
and you may well have been wanting the init functions. If thats the case,
give me a yell and I'll reimplement them against cli_full_connection.
Andrew Bartlett
(This used to be commit fa67e4626bed623333c571e76e06ccd52cba5cc5)
|
|
This option was badly maintained, useless and confused our users and
distirbutors. (its SSL, therfore it must be good...)
No windows client uses this protocol without help from an SSL tunnel.
I can't see any reason why setting up a unix-side SSL wrapper would
be any more difficult than the > 10 config options this mess added
to samba in any case.
On the Samba client end, I think the LIBSMB_PROG hack should be
sufficient to start stunnel on the unix side. We might extend this
to take %i and %p (IP and port) if there is demand.
Andrew Bartlett
(This used to be commit b04561d3fd3ee732877790fb4193b20ad72a75f8)
|
|
(This used to be commit 7f923d738b94eef042b21e4d0143861755620d91)
|
|
Jeremy.
(This used to be commit 146fb9d12bd3621087193f439e99c13d609ff658)
|
|
Small tidyups.
(This used to be commit 252da94ebb279c47263dfae36fd016d0a29a6dbf)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
case.
Thanks to Nigel Williams <nigel@wednesday.demon.co.uk> for spotting these!
Andrew Bartlett
(This used to be commit 20e0b562283f75606ac9a36f3f104c6aaa294c40)
|
|
Jeremy.
(This used to be commit 01ff6ce4963e1daff019f2b936cef218e1c93f67)
|
|
(This used to be commit 0b0b937b58f4bf4e005fb622f0db19175fc46a47)
|
|
This fixes up a problem where a machine would join (or downgrade by trust
password change) to NT4 membership and not be able to regain full ADS
membership until a 'net ads leave'.
Andrew Bartlett
(This used to be commit ab8ff85f03b25a0dfe4ab63886a10da81207393c)
|
|
Patch from Alexander Bokovoy <a.bokovoy@sam-solutions.net>
(This used to be commit 6c42bf208976ed3020e57efff6281f984d9fe893)
|
|
(This used to be commit 2d1612dd3560bb5ef35fa1eeee00e3d7976bcd62)
|
|
- don't display Domain=[] for auth protocols that don't give us a domain
(This used to be commit 20368455ea59e6e9b85632848bbe92069e7b0f38)
|
|
(This used to be commit 1da988456dbd885820093ae43c74e0ac66f72802)
|
|
(This used to be commit a181f49b4269baa1752ce6ed4f9093e38d2d3ce5)
|
|
netbios lookup for name NAME with node type xx.
This affects all our client progs. Very useful :)
(This used to be commit b4304c5231159fc6295c445f2eb4470c179b8d5e)
|
|
session setup
(This used to be commit c7665706cd5633ede710afe41413624124038238)
|
|
'net' untility.
This should make it easier to port rpcclient code across to net.
It also allows SPNEGO (the NTLMSSP subsystem in particular) to work, becouse
it kills off the early destruction of the clear-text password.
Andrew Bartlett
(This used to be commit eee925861a3af3aa16efa3b1700a980c9510c14e)
|
|
(This used to be commit 23ef22f11700bbaa5778a9678a990a2b041fcefe)
|
|
(This used to be commit e790bb21d3895bef97522b68c6f00812e6c286f2)
|
|
(This used to be commit e2ba2383c9f679c076749a8f4fccefc3559e37ec)
|
|
and replaced with two functions:
void zero_ip(struct in_adder *ip);
BOOL is_zero_ip(struct in_addr ip);
(This used to be commit 778f5f77a66cda76348a7c6f64cd63afe2bfe077)
|
|
(This used to be commit 5100ae4ae032545edaf525de1dfbe5dc9dafecfc)
|
|
samba domain.
The PDC must be running a special authenticaion module that spits out NT errors
based on username.
Andrew Bartlett
(This used to be commit adc7a6048c13342b79b6228beafb5142c50f318d)
|
|
subystem.
The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.
This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality. While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.
This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists. It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.
Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.
While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.
The following parameters have changed:
- use rhosts =
This has been replaced by the 'rhosts' authentication method,
and can be specified like 'auth methods = guest rhosts'
- hosts equiv =
This needs both this parameter and an 'auth methods' entry
to be effective. (auth methods = guest hostsequiv ....)
- plaintext to smbpasswd =
This is replaced by specifying 'sam' rather than 'local'
in the auth methods.
The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.
The available auth methods are:
guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)
Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.
Andrew Bartlett
(This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
|
|
open to w2k
- fix the string handling in the device name to match NT and smbd
- don't pull the domain from negprot if CAP_EXTENDED_SECURITY is set
(This used to be commit 618989b386b5564ba140afdc17ce7a07040c3c4e)
|
|
Jeremy.
(This used to be commit e6afe40f85d7dbe79322c82dac735d901e7e71df)
|
|
(This used to be commit 5b1c942a5cab828ebfcf2e8f5decb754c4cdb70e)
|
|
2.2 to HEAD?
(This used to be commit 4f47daf97b9e74ec75287f46e2c4aeddc944779e)
|
|
Andrew Bartlett.
From kai@cmail.ru Mon Oct 29 18:50:42 2001
Date: Fri, 19 Oct 2001 17:26:06 +0300
From: Andrew V. Samoilov <kai@cmail.ru>
To: samba-technical@lists.samba.org
Subject: [patch]: makes some arrays const to be shared between processes
Hi!
This patch makes some arrays const. So these arrays go to text/rodata
segment and are shared between all of the processes which use shared
library with these arrays.
Regards,
Andrew V. Samoilov.
P.S. Please cc your answer to kai@cmail.ru,
I don't subscribed to this list.
ChangeLog:
* cliconnect.c (prots): Make const.
* clierror.c (rap_errmap): Likewise.
* nmblib.c (nmb_header_opcode_names): Likewise.
(lookup_opcode_name): Make opcode_namep const. Eliminate i.
* nterr.c (nt_err_code_struct): Typedef const.
* smberr.c (err_code_struct): Make const.
(err_classes): Likewise.
(This used to be commit cb84485a2b0e1fdcb6fa90e0bfb97e125ae1b3dd)
|
|
(This used to be commit 12c10e876ea528fdf33e8ecfe42ab0ebb346b143)
|
|
NTLMSSP in cli_establish_connection()
What we really need to do is kill off the pwd_cache code. It is horrible,
and assumes the challenge comes in the negprot reply.
(This used to be commit 3f919b4360b3bfcc133f7d88bc5177e9d93f2db2)
|
|
name is a "principal", not a principle. English majors will complain :-).
Jeremy.
(This used to be commit b668d7d656cdd066820fb8044f24bcd4fda29524)
|
|
(This used to be commit d1341d74b7aa5f6b3f72e5409b245f87f1ad670b)
|
|
(This used to be commit eac164c7e650a8f855e7b662b126a5dfc5516927)
|
|
it should give something for others to hack on and possibly find what
I'm doing wrong.
(This used to be commit 353c290f059347265b9be2aa1010c2956da06485)
|
|
loses things like username mapping. I wanted to get this in then
discuss it a bit to see how we want to split up the existing
session setup code
(This used to be commit b74fda69bf23207c26d8b2af23910d8f2eb89875)
|
|
in the asn1 spnego structures)
(This used to be commit 131010e9fb842b4d5a8660c538a3313c95fadae7)
|
|
- handle servers that don't send a kerberos principle (non-member servers)
- enable spnego without KRB5
(This used to be commit b218d465a1968a11d2d6a42afa7e552fea8b7f5e)
|
|
(This used to be commit 7092beef9d7a68018ede569883b22c822300c7ff)
|
|
enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM
(This used to be commit 076aa97bee54d182288d9e93ae160ae22a5f7757)
|
|
packet which means I can extract the service and realm, so we should
now work with realms other than the local realm.
it also means we now check the list of OIDs given by the server just
in case it says that it doesn't support kerberos. In that case we
should fall back to NTLMSSP but that isn't written yet.
(This used to be commit 395cfeea94febb5280ea57027e8a8a3c7c3f9291)
|