samba - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author	Files	Lines
2007-10-10	r10656: BIG merge from trunk. Features not copied over	Gerald Carter	1	-2/+3
	* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10	r7139: trying to reduce the number of diffs between trunk and 3.0; changing ↵	Gerald Carter	1	-2/+1
	version to 3.0.20pre1 (This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
2007-10-10	r6149: Fixes bugs #2498 and 2484.	Derrell Lipman	1	-1/+2
	1. using smbc_getxattr() et al, one may now request all access control entities in the ACL without getting all other NT attributes. 2. added the ability to exclude specified attributes from the result set provided by smbc_getxattr() et al, when requesting all attributes, all NT attributes, or all DOS attributes. 3. eliminated all compiler warnings, including when --enable-developer compiler flags are in use. removed -Wcast-qual flag from list, as that is specifically to force warnings in the case of casting away qualifiers. Note: In the process of eliminating compiler warnings, a few nasties were discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED kerberos interfaces are being used. Someone who knows kerberos should look at these and determine if there is an alternate method of accomplishing the task. (This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)
2007-10-10	r1240: Ensure we don't shadow Heimdal globals.	Jeremy Allison	1	-6/+6
	Jeremy. (This used to be commit 464d2e90480c676688a851a141aabddf992e0b0e)
2004-01-08	This merges in my 'always use ADS' patch. Tested on a mix of NT and ADS	Andrew Bartlett	1	-7/+10
	domains, this patch ensures that we always use the ADS backend when security=ADS, and the remote server is capable. The routines used for this behaviour have been upgraded to modern Samba codeing standards. This is a change in behaviour for mixed mode domains, and if the trusted domain cannot be reached with our current krb5.conf file, we will show that domain as disconnected. This is in line with existing behaviour for native mode domains, and for our primary domain. As a consequence of testing this patch, I found that our kerberos error handling was well below par - we would often throw away useful error values. These changes move more routines to ADS_STATUS to return kerberos errors. Also found when valgrinding the setup, fix a few memory leaks. While sniffing the resultant connections, I noticed we would query our list of trusted domains twice - so I have reworked some of the code to avoid that. Andrew Bartlett (This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
2003-11-22	Changes all over the shop, but all towards:	Andrew Bartlett	1	-1/+1
	- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-08-13	Don't wrap up anything that is not there. Otherwise upper layers	Volker Lendecke	1	-0/+3
	can not figure that we got no ticket. Volker (This used to be commit 2a724a7a873c08f14644427766bfd48908ddb501)
2003-08-01	Update my copyrights according to my agreement with IBM	Jim McDonough	1	-1/+1
	(This used to be commit c9b209be2b17c2e4677cc30b46b1074f48878f43)
2003-07-25	W00t! Client smb signing is now working correctly with krb5 and w2k server.	Jeremy Allison	1	-3/+3
	Server code should also work (I'll check shortly). May be the odd memory leak. Problem was we (a) weren't setting signing on in the client krb5 sessionsetup code (b) we need to ask for a subkey... (c). The client and server need to ask for local and remote subkeys respectively. Thanks to Paul Nelson @ Thursby for some sage advice on this :-). Jeremy. (This used to be commit 3f9e3b60709df5ab755045a093e642510d4cde00)
2003-05-30	More on bug 137: rename more of krb5_xxx functions to not start with krb5_	Jim McDonough	1	-1/+1
	(This used to be commit 10f1da3f4a9680a039a2aa26301b97e31c06c38d)
2003-03-17	Merge from HEAD - sync up SessionSetup code to HEAD, including Luke Howard's	Andrew Bartlett	1	-13/+16
	session key and auth verifier patches. Andrew Bartlett (This used to be commit 3f9616a68a855acbae3f405c27ee2358fbe7ba2c)
2003-02-24	Merge from HEAD client-side authentication changes:	Andrew Bartlett	1	-284/+37
	- new kerberos code, allowing the account to change it's own password without special SD settings required - NTLMSSP client code, now seperated from cliconnect.c - NTLMv2 client code - SMB signing fixes Andrew Bartlett (This used to be commit 837680ca517982f2e5944730581a83012d4181ae)
2003-02-19	Merge minor library fixes from HEAD to 3.0.	Andrew Bartlett	1	-7/+8
	- setenv() replacement - mimir's ASN1/SPNEGO typo fixes - (size_t)-1 fixes for push_* returns - function argument signed/unsigned correction - ASN1 error handling (ensure we don't use initiailsed data) - extra net ads join error checking - allow 'set security discriptor' to fail - escape ldap strings in libads. - getgrouplist() correctness fixes (include primary gid) Andrew Bartlett (This used to be commit e9d6e2ea9a3dc01d3849b925c50702cda6ddf225)
2003-01-28	Merge from HEAD:	Andrew Bartlett	1	-60/+64
	- NTLMSSP over SPENGO (sesssion-setup-and-x) cleanup and code refactor. - also consequential changes to the NTLMSSP and SPNEGO parsing functions - and the client code that uses the same functions - Add ntlm_auth, a NTLMSSP authentication interface for use by applications like Squid and Apache. - also consquential changes to use common code for base64 encode/decode. - Winbind changes to support ntlm_auth (I don't want this program to need to read smb.conf, instead getting all it's details over the pipe). - nmbd changes for fstrcat() instead of fstrcpy(). Andrew Bartlett (This used to be commit fbb46da79cf322570a7e3318100c304bbf33409e)
2002-09-25	sync'ing up for 3.0alpha20 release	Gerald Carter	1	-22/+70
	(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17	sync 3.0 branch with head	Jelmer Vernooij	1	-0/+61
	(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15	updated the 3.0 branch from the head branch - ready for alpha18	Andrew Tridgell	1	-1/+42
	(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-02-15	Try not to malloc -1 bytes (apx 4GB) when the data is already in error.	Andrew Bartlett	1	-2/+12
	Andrew Bartlett (This used to be commit ad1faf8fa4019cb57fbb7f311f6d4943359bcd45)
2002-01-30	Removed version number from file header.	Tim Potter	1	-2/+1
	Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-05	simple fix for creating blank data blobs	Andrew Tridgell	1	-3/+1
	(This used to be commit 08bb2dfec2ca0282e9268d09da2b966d3bdf493a)
2001-12-08	added internal sasl/gssapi code. This means we are no longer dependent on ↵	Andrew Tridgell	1	-1/+1
	cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm (This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b)
2001-10-21	Ok, I know it's a language thing and it shouldn't matter.... but a kerberos	Jeremy Allison	1	-8/+8
	name is a "principal", not a principle. English majors will complain :-). Jeremy. (This used to be commit b668d7d656cdd066820fb8044f24bcd4fda29524)
2001-10-21	made smbclient cope better with arbitrary principle forms	Andrew Tridgell	1	-14/+1
	(This used to be commit d1341d74b7aa5f6b3f72e5409b245f87f1ad670b)
2001-10-18	the beginnings of kerberos support in smbd. It doesn't work yet, but	Andrew Tridgell	1	-0/+23
	it should give something for others to hack on and possibly find what I'm doing wrong. (This used to be commit 353c290f059347265b9be2aa1010c2956da06485)
2001-10-17	added basic NTLMSSP support in smbd. This is still quite rough, and	Andrew Tridgell	1	-7/+215
	loses things like username mapping. I wanted to get this in then discuss it a bit to see how we want to split up the existing session setup code (This used to be commit b74fda69bf23207c26d8b2af23910d8f2eb89875)
2001-10-14	fixed NTLMSSP with XP servers (who don't send the duplicate challenge	Andrew Tridgell	1	-3/+9
	in the asn1 spnego structures) (This used to be commit 131010e9fb842b4d5a8660c538a3313c95fadae7)
2001-10-12	moved some OIDs to the ASN.1 header	Andrew Tridgell	1	-6/+2
	(This used to be commit 7092beef9d7a68018ede569883b22c822300c7ff)
2001-10-12	added NTLMSSP authentication to libsmb. It seems to work well so I have ↵	Andrew Tridgell	1	-0/+395
	enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM (This used to be commit 076aa97bee54d182288d9e93ae160ae22a5f7757)