summaryrefslogtreecommitdiff
path: root/source3/libsmb
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r1661: Changed the password history format so that each history entryJeremy Allison1-0/+20
consists of a 16 byte salt, followed by the 16 byte MD5 hash of the concatination of the salt plus the NThash of the historical password. Allows these to be exposed in LDAP without security issues. Jeremy. (This used to be commit 82e4036aaa2d283534a5bd8149857320fcf0d0dc)
2007-10-10r1612: Fix bug #1571 found by Guenter Kukkukk <guenter.kukkukk@kukkukk.com>Andrew Bartlett1-2/+5
(Botched LANMAN2 session setup code) Andrew Bartlett (This used to be commit 3baa4ef6c58eb13bec1a8ddb1561a504f4a16107)
2007-10-10r1581: 'NULL' NTLMSSP is both a pain to get right, and compleatly and utterlyAndrew Bartlett1-0/+2
pointless. With a well-known session key, we may as well put the password change directly on the wire, with it's own 'crypted with old password' as the protection. This should fix some 'long password change' issues, against Samba in particular. Andrew Bartlett (This used to be commit 554a9132872187077a9c00abb18b9d809c59b7f1)
2007-10-10r1560: Not that anybody uses this stuff (yet...), but at least get it ↵Volker Lendecke1-1/+1
correct :-) When sending a mailslot datagram, get the packet length correction correct. Volker (This used to be commit 530e7f09aea22f5782af0c6b333e15e01660b34a)
2007-10-10r1492: Rework our random number generation system.Andrew Bartlett2-6/+6
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). Andrew Bartlett (This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
2007-10-10r1487: Remove unused parameter for the client-side signing functions.Andrew Bartlett3-4/+4
Andrew Bartlett (This used to be commit 6d594d5bb119b6bc3f4c7699752666ac24d04745)
2007-10-10r1428: Remove *completly bogus* memset. (No doubt my bug, too...).Andrew Bartlett1-2/+0
This memset could well have clobbered bits of the stack, because session_key changed from char session_key[16]; to DATA_BLOB session_key Andrew Bartlett (This used to be commit 54248a405c9459f93f4200ebb0dc71748ae2fc83)
2007-10-10r1407: revert change that broke the build on systems w/o krb5 filesGerald Carter1-1/+1
(This used to be commit 89a11b5d7c0939c9344115ef509cbb0567d7524a)
2007-10-10r1399: applying heimdal krb5 fixes from Guenther and fixing compile warnings ↵Gerald Carter1-1/+3
in libadskerberos_keyatb.c (This used to be commit 837f56ec8bc171497fb84d332002776313c26305)
2007-10-10r1326: Modification to get_dc_list to check negative cache. From "Joe ↵Jeremy Allison2-190/+203
Meadows" <jameadows@webopolis.com>. Jeremy. (This used to be commit 4cc38b8aea51b55cc449cd2144f18de7d4819637)
2007-10-10r1287: Attempt to fix the build for systems without kerberos headers.Volker Lendecke1-3/+3
Volker (This used to be commit 43020cf459da24a915a39b770cec95a524d487c7)
2007-10-10r1240: Ensure we don't shadow Heimdal globals.Jeremy Allison2-12/+12
Jeremy. (This used to be commit 464d2e90480c676688a851a141aabddf992e0b0e)
2007-10-10r1236: Heimdal fixes from Guenther Deschner <gd@sernet.de>, more to come beforeJeremy Allison1-0/+11
it compiles with Heimdal. Jeremy. (This used to be commit dd07278b892770ac51750b87a4ab902d4de3a960)
2007-10-10r1222: Valgrind memory leak fixes. Still tracking down a strange one...Jeremy Allison1-3/+4
Can't fix the krb5 memory leaks inside that library :-(. Jeremy. (This used to be commit ad440213aaae58fb5bff6e8a6fcf811c5ba83669)
2007-10-10r1194: Definition of krb5_free_unparsed_name() if we do't have it.Jeremy Allison1-0/+7
Jeremy. (This used to be commit 82c219ea023dd546fcde29569725865a42e4198e)
2007-10-10r1154: Change default setting for case sensitivity to "auto". If set to autoJeremy Allison1-1/+18
then is the client supports it (current clients supported are Samba and CIFSVFS - detected by the negprot strings "Samba", "POSIX 2" and a bare "NT LM 0.12" string) then the setting of the per packet flag smb_flag FLAG_CASELESS_PATHNAMES is taken into account per packet. This allows the linux CIFS client to use Samba in a case sensitive manner. Additional command in smbclient "case_sensitive", toggles the flag in subsequent packets. Docs to follow. Jeremy. (This used to be commit cf84c0fe1a061acc0313f7db124b8f947cdf623d)
2007-10-10r1121: Fix memory leak in the trans2 signing code.Andrew Bartlett1-2/+10
We would start the trans2 state, which is fine, but never pull the expected reply off the packet queue. I'm not sure if this is still a major problem after jra's recent 'no duplicate mids on the list' change, but I think this is correct anyway. (This used to be commit ee23a4237d427ce72d6a8c5f180ef48d6454cddc)
2007-10-10r1117: Doh ! Remember to turn off signing when sending a "break to level II" ↵Jeremy Allison1-10/+24
oplock message, or we mess up the signing sequence number.... Also improve sign error reporting. Also when deferring an open that had been deferred due to an oplock break, don't re-add the mid to the pending sign queue or we increment the sequence number twice and mess up signing again... I can now bounce between 2 WinXP/Win2003 boxes opening Excel spreadsheets with signing turned on and get correct "file in use" messages. Jeremy. (This used to be commit 1745ce4e2cf7fcb4c27c077973258d157cd241b1)
2007-10-10r1115: Fix for #1427. Catch bad path errors at the right point. Ensure allJeremy Allison1-2/+2
our pathname parsing is consistent. Jeremy. (This used to be commit 5e8237e306f0bb0e492f10fb6487938132899384)
2007-10-10r786: Memory leak fixes in (mostly) error code paths fromJeremy Allison1-10/+27
kawasa_r@itg.hitachi.co.jp. A couple of mem leak fixes in mainline code paths though :-). Jeremy. (This used to be commit 4695cc95fe576b6da0d0cb0686f208fc306b2646)
2007-10-10r776: I should have just cut and pasted from my build area and I wouldHerb Lewis1-1/+1
have gotten this right :-) (This used to be commit 548070274efa12f8c9a4404145d8a2a8c85387b3)
2007-10-10r775: merge trunk 774 to samba 3_0 - fix bad compare in for loopHerb Lewis1-5/+1
(This used to be commit 3cb8f1d53583dac0b77495cbcd017c366af59891)
2007-10-10r618: Bug #1333. Fix a problem pointed out by coolo where I was trying to ensureRichard Sharpe1-1/+1
that the errno is not trashed by a DEBUG statement, but screwed up. (This used to be commit e642f3e7b7a5fdbb5d12136c909e9c57e7cf1985)
2007-10-10r616: Bug #1333.Richard Sharpe1-2/+8
Make sure we return an error code when things go wrong. (This used to be commit 21cdb45b54662c7835aea1d16fdd5902cf7a7496)
2007-10-10r588: Some fixes from coolo ...Richard Sharpe2-5/+15
I think that the ECONNREFUSED should probably be ENOENT. (This used to be commit faa8cc18df51c4406815b68caba5ed5b8d43ba18)
2007-10-10r559: Some fixes from coolo ...Richard Sharpe1-2/+2
(This used to be commit d80e90d7c19fbcd2f7e998918b4fc6d9310081a3)
2007-10-10r557: another patch from Stephan Kulow <coolo@suse.de> -- check cli * before ↵Gerald Carter1-0/+6
dereferencing it (This used to be commit c385fb467fc2a669d54b9a2faddbf66f9e4699c6)
2007-10-10r547: Add entry for NT_STATUS_DUPLICATE_NAME in the ntstatus to unix error ↵Jelmer Vernooij1-0/+3
mapping table (This used to be commit 31c21d520d030e27e4adc6075a50026724b87173)
2007-10-10r541: fixing segfault in winbindd caused -r527 -- looks like a bug in ↵Gerald Carter1-1/+4
heimdal; also initialize some pointers (This used to be commit be74e88d9a4b74fcaf25b0816e3fa8a487c91ab5)
2007-10-10r539: Mem leak fixes from kawasa_r@itg.hitachi.co.jpJeremy Allison1-1/+3
Jeremy. (This used to be commit 8fe47b0bf27a8ae690ab0fcff377c8fc12919f43)
2007-10-10r527: More memory leak fixes in error paths from kawasa_r@itg.hitachi.co.jp.Jeremy Allison1-2/+8
Jeremy. (This used to be commit b2ba4d5c1be6089e3818a20c68e3894432b53d87)
2007-10-10r525: More memory leak fixes from kawasa_r@itg.hitachi.co.jp in error codeJeremy Allison1-5/+9
paths. Jeremy. (This used to be commit 88a97beac4f445f2a472167b3e5c0e8e1d019d17)
2007-10-10r523: Fix from kawasa_r@itg.hitachi.co.jp to initialise blob structs.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 6d0bdccaa67a2965fde5f9dff6cdc4059b8fbc90)
2007-10-10r494: patch from Stephan Kulow <coolo@kde.org> to fix a cut-n-paste error in ↵Gerald Carter1-1/+1
strlen which caused Konqueror to crash (This used to be commit 5150b62420f6634391196501d0279ef039a7bcc8)
2007-10-10r446: Close the open NT pipes before the tdis.Volker Lendecke1-3/+3
Volker (This used to be commit ef80490baf9ce38b505b4b322051ae6e3332d662)
2007-10-10r415: Return NT_STATUS_ACCESS_DENIED not some LOCK message ...Richard Sharpe1-1/+1
(This used to be commit 164ff9a192e82be6eaef7b6e7c03e5dc7203f3de)
2007-10-10r296: patch from j.lu -- don't force an upper case domain name in the ↵Gerald Carter1-3/+1
ntlmssp code (This used to be commit a2e93dda24d079693a220b4551d264cba4c2bc82)
2007-10-10r248: Add support for printing out the MAC address on nmblookup.Richard Sharpe1-4/+11
(This used to be commit bf9f02be5fc1d09c8c08c78c3f2df23b2099ba4f)
2007-10-10r221: Remainder of bug 1208. We do not remove creds from _any_ FILE ccache,Jim McDonough1-17/+40
because not only does it not work on Heimdal, but also since ccaches created within samba are memory-based, so we shouldn't touch a FILE-based one (it was probably created via kinit or similar). (This used to be commit 5971b0980ca8abae2208f22485c5af4c0dde0459)
2007-10-10r219: Obtain new tickets if current ones are expired. Next part of fix forJim McDonough1-12/+36
bug 1208. Based on a fix from Guether Deschener. Outstanding pieces: - Heimdal FILE-based ccaches don't actually remove creds properly, so we need to code a check for this - what if ticket expires between our check and when we use it? Guenther has coded up fixes for these parts, but I still need to review them, as I'm not totally comfortable with the solutions. (This used to be commit ef008b9710e682f87f0bbf526d30eb5114264233)
2007-10-10r176: Improve our fallback code for password changes - this would be betterAndrew Bartlett3-43/+115
with more correct NTLMSSP support in client and server, but it will do for now. Also implement LANMAN password only in the classical session setup code, but #ifdef'ed out. In Samba4, I'll make this run-time so we can torture it. Lanman passwords over 14 dos characters long could be considered 'invalid' (they are truncated) - so SMBencrypt now returns 'False' if it generates such a password. Andrew Bartlett (This used to be commit 565305f7bb30c08120c3def5367adfd6f5dd84df)
2007-10-10r148: Ensure we do not dereference a null pointer when we return the userAndrew Bartlett1-5/+17
session key. (This used to be commit b09d333aed00a7ea599f45105e913d3a3ea25b31)
2007-10-10r116: volker's patch for local group and group nestingGerald Carter1-3/+1
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
2007-10-10r96: Stupid f&%'n UNIX extensions.... SETPATHINFOJeremy Allison1-9/+10
normally takes as it's param entry the filename to be acted upon.... Unless it's UNIX extensions create hardlink, or UNIX extensions create symlink. Then it's param -> newfile name data -> oldfile name. This caused me to stuff them up in 3.0.2 (and the client commands link and symlink). Fixed them, everything is now called oldname and newname - thus specifying which name should already exist (hint - the old one...) and which will be created (newname). Jeremy. (This used to be commit 21cc6ab7e8a41160a3e2970623ade7445b5214d6)
2007-10-10r84: Implement --required-membership-of=, an ntlm_auth option that restrictsAndrew Bartlett1-0/+28
all authentication to members of this particular group. Also implement an option to allow ntlm_auth to get 'squashed' error codes, which are safer to communicate to remote network clients. Andrew Bartlett (This used to be commit eb1c1b5eb086f49a230142ad2de45dc0e9691df3)
2007-10-10r76: Fix smbfs problem with Tree Disconnect issued before smbfs starts its work.Alexander Bokovoy1-1/+5
We use cli_state.smb_rw_error to pass this specific case into cli_close_connection() from smbmount as smb_rw_error can have only selected number of states and it is ignored in cli_close_connection(). Compiled and tested by Lars Mueller from SuSE on x86, x86_64, ppc, ppc64, s390 and s390x. (This used to be commit 738666ce0a310fae14476020fd6dac027b0e3ec5)
2007-10-10r69: Global rename of 'nt_session_key' -> 'user_session_key'. The session ↵Andrew Bartlett2-14/+14
key could be anything, and may not be based on anything 'NT'. This is also what microsoft calls it. (This used to be commit 724e8d3f33719543146280062435c69a835c491e)
2007-10-10r39: * importing .cvsignore filesGerald Carter1-3/+0
* updateing WHATSNEW with vl's change (This used to be commit a7e2730ec4389e0c249886a8bfe1ee14c5abac41)
2004-04-03Fix most of bug #169.Andrew Bartlett1-0/+43
For a (very) long time, we have had a bug in Samba were an NTLMv2-only PDC would fail, because it converted the password into NTLM format for checking. This patch performs the direct comparison required for interactive logons to function in this situation. It also removes the 'auth flags', which simply where not ever used. Natrually, this plays with the size of structures, so rebuild, rebuild rebuild... Andrew Bartlett (This used to be commit 9598593bcf2d877b1d08cd6a7323ee0bc160d4ba)
2004-03-31fix typoHerb Lewis1-2/+2
(This used to be commit 4b737b51a5cf0a862f4c1bd67d9d3dd49cc81b65)