| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
used to be commit 381649916ecbaddefbb6ee0e6137b7cc73eb54b1)
|
|
(This used to be commit 74fab8f0d24004b1dfd5ce0fd7402895652f941f)
|
|
rpcclient -S pdc -U% -c "samlogon user password"
and it should work with the schannel. Needs testing against platforms
different from NT4SP6.
Volker
(This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8)
|
|
rpcclient -S pdc -U% -c "samlogon user password"
and it should work with the schannel. Needs testing platforms
different from NT4SP6.
Volker
(This used to be commit ecd0ee4d248e750168597ccf79c389513bb0f740)
|
|
Andrew Bartlett
(This used to be commit 9656b8709128f24dd63094d504a6646f99933c57)
|
|
(This used to be commit a718630961e713ca2bacc98ad0b7c2e996e20bf5)
|
|
The right thing to do is to try for the user's local one in ~/.smbc/smb.conf,
and if that fails, try the one in dyn_CONFIGFILE, and if that fails, keep
going with the defaults but log a message.
(This used to be commit 15fa48d19d178cf8bf214ea02f6c7a4c38890f71)
|
|
for broken-due-to-bad-sig.
Andrew Bartlett
(This used to be commit b010b6c2dc400a97eb2ad038cd1fdb34bbde2ef0)
|
|
just need to get the verifiction code working - we get back a signiture from
the server, and just can't verify it yet.
This also brings the short-packet checks into common code, and breaks the
connection if the server sends a signed reply, on an established connection,
that fails the test.
This breaks our read/write code at the moment, as we need to keep a list
of outstanding packets.
(signing is not enabled by default, unless the server demands it)
Not for 3.0 till I fix the outstanding packet list.
Andrew Barlett
(This used to be commit 808d1fcf20153970d587cb631a08607beb09703a)
|
|
Also, PLEASE, PLEASE, PLEASE, do not include bashism and Cisms in shell
scripts.
(This used to be commit 7f6367aac8c5440e1d4e97b26571b205140488ae)
|
|
(This used to be commit 41b320ffc560117c0184999e30cc69723f40acbe)
|
|
(This used to be commit 57c860b41b21bafc660f84070bfe9c8d90bc28a3)
|
|
(This used to be commit b03ac852a86cf9f436ad2b994e09fb08dd929674)
|
|
Jeremy.
(This used to be commit 32dc4ddb04f4d3eecfdd542cb3495830067a2eed)
|
|
(This used to be commit 21a99fdec321c44e31b69589248ff8d1cb927577)
|
|
(This used to be commit e1a159c55fdeaa1620a3147105be4efd205560ba)
|
|
(This used to be commit 8b5ad24231e5001e612c5fd4bbde2762caef5856)
|
|
(This used to be commit ca982a9f1d6485e2d388d4b2e9c13806736ad91e)
|
|
Andrew Bartlett
(This used to be commit 3d4c4b6cb3f4850f0801f140ea3dad2c8423ee52)
|
|
Andrew Bartlett
(This used to be commit 7064edf8534a6098fc4990bc516fcb45f4ff44bb)
|
|
(This used to be commit c95ae394c5dfe5e0fcc658119213b17bcb95fab5)
|
|
elsewhere so other code can use it.
(This used to be commit b988e16b7da824864cac6b69910ade27885e7f50)
|
|
(This used to be commit de49c3f48f85519b31e797730eca82cb979098dc)
|
|
Andrew Bartlett
(This used to be commit 5562f1865c90e3f52a3178d9d9ded60909bbe5f0)
|
|
(This used to be commit 1481cd9ecf1658312424c193d8cd3632766eb058)
|
|
NTLM Authentication:
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit ec071ca3dcbd3881dc08e6a8d7ac2ff0bcd57664)
|
|
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
|
|
(This used to be commit 8315b9c3119dde62aeb72ad5e20f63aee89abd0b)
|
|
Andrew Bartlett
(This used to be commit fb680f610ceb9a0f350c99456cf7ab1a507543fe)
|
|
(This used to be commit 2e1e5719f188a933e6b691fbd48037a0d29497e4)
|
|
(This used to be commit 6df38e250af1a8e7213ad66342c71c52ce118a12)
|
|
(This used to be commit b757a4374832d76500a889e4785622320881018d)
|
|
Small clenaup patches:
- safe_string.h - don't assume that __FUNCTION__ is available
- process.c - use new workaround from safe_string.h for the same
- util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc()
- gencache.c - Keep valgrind quiet by always null terminating.
- clistr.c - Add copyright
- srvstr.h - move srvstr_push into a .c file again, as a real function.
- srvstr.c - revive, with 'safe' checked srvstr_push
- loadparm.c - set a default for the display charset.
- connection.c - use safe_strcpy()
Andrew Bartlett
(This used to be commit c91e76bddbe1244ddc8d12b092eba875834029ac)
|
|
- safe_string.h - don't assume that __FUNCTION__ is available
- process.c - use new workaround from safe_string.h for the same
- util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc()
- gencache.c - Keep valgrind quiet by always null terminating.
- clistr.c - Add copyright
- srvstr.h - move srvstr_push into a .c file again, as a real function.
- srvstr.c - revive, with 'safe' checked srvstr_push
- loadparm.c - set a default for the display charset.
Andrew Bartlett
(This used to be commit a7eba37aadeb0b04cb1bd89deddb58be8aba825c)
|
|
to the integer for SIVAL().
(This used to be commit e8b4b136669e7e415557956d698c66c254b28ec1)
|
|
to the integer for SIVAL().
(This used to be commit 5e20868fadc4e01ea09639bc57c51d1eb687f78c)
|
|
Andrew Bartlett
(This used to be commit 6bf04c41ed88528345f6bb19d48f5909753a8322)
|
|
Andrew Bartlett
(This used to be commit 05a63bd17e4c35979b3864b0969b2bfd945335d9)
|
|
issues.
Also pick up these link failures at compile time (rather than runtime).
Andrew Bartlett
(This used to be commit 23c7342bc40daffbcd70ef04727cae2c2b2c366b)
|
|
complete now.
(This used to be commit 72bb5615f3eef1c5b27716dfcabe4c8288729458)
|
|
when sending(and vice versa when receiving).
(This used to be commit 5310447ec6e0df1c000e3ee14572f5b7fee31f28)
|
|
on 2000.
sending messages to 9x needs to be fixed, but that didn't work anyway
(This used to be commit ca066502a2a3dbdd8943d515c9c6d21e62d757b6)
|
|
Jeremy.
(This used to be commit f93c64b5ca1bc21f5fa89200034cd82dcbc0910b)
|
|
Jeremy.
(This used to be commit fb925a72a6323d96d8fae658c4271ca05e8256de)
|
|
buffer size.
(This used to be commit 27ec538eca0905e1f749de4c49cc2555c5932d5c)
|
|
A much better SMB signing module, that allows for mulitple signing algorithms
and correctly backs down from signing when the server cannot sign the reply.
This also attempts to enable SMB signing on NTLMSSP connections, but I don't
know what NTLMSSP flags to set yet.
This would allow 'client use signing' to be set by default, for server
compatability. (A seperate option value should be provided for mandetory
signing, which would not back down).
Andrew Bartlett
(This used to be commit 1c87be7a3d127201a6ab78d22d17c971af16b86b)
|
|
Andrew Bartlett
(This used to be commit f4ae028c2ad6ff8c7da3a6ef77a92762861144e1)
|
|
This patch catches up on the rest of the work - as much string checking
as is possible is done at compile time, and the rest at runtime.
Lots of code converted to pstrcpy() etc, and other code reworked to correctly
call sizeof().
Andrew Bartlett
(This used to be commit c5b604e2ee67d74241ae2fa07ae904647d35a2be)
|
|
used to be commit f0d009c3e91979b0dc3443e16f3f545bcc64cfda)
|
|
is as stable as possible in the string department and some pain now
will help later :-).
Jeremy.
(This used to be commit 86e3eddac698d90f4666b8492b4603a4efbbd67b)
|
