Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 74303b75e43856bfb127c143d27e5c5fdcf32c91)
|
|
open to w2k
- fix the string handling in the device name to match NT and smbd
- don't pull the domain from negprot if CAP_EXTENDED_SECURITY is set
(This used to be commit 618989b386b5564ba140afdc17ce7a07040c3c4e)
|
|
(This used to be commit a779710fff5fddcbf65a8ddc8e9169b586b85481)
|
|
it and fix smb://<IP-addr>.
(This used to be commit ac2562a0fb7eafd94d53a2c36d33e8f5236d60ff)
|
|
connection caching. Getting ready for back-merge to 2.2.3.
Jeremy.
(This used to be commit 5e8df83ba9924adf9df6827c06ed1a2adbe36edf)
|
|
(This used to be commit 5c892badbcad43b8a2e002d1a42483c402f2d3e9)
|
|
error in cli_receive_smb() and cli_send_smb().
(This used to be commit bedd9c821521dad46df50e8b31e4a58bb0a9a604)
|
|
Jeremy.
(This used to be commit e6afe40f85d7dbe79322c82dac735d901e7e71df)
|
|
(This used to be commit 80667cb0dd1a2cdef17711c8580af9f524971cea)
|
|
(This used to be commit 3fd96a47543c268fd2828793df4006cc47a9e95b)
|
|
domain_client_validate()
(This used to be commit df0db8edb12dc8b8d290e5ac599fa7b517e9d263)
|
|
(This used to be commit 5b1c942a5cab828ebfcf2e8f5decb754c4cdb70e)
|
|
2.2 to HEAD?
(This used to be commit 4f47daf97b9e74ec75287f46e2c4aeddc944779e)
|
|
REMOVED BZERO CALLS YET AGAIN !!! Why do these keep creeping back in....
They are *NOT* POSIX. I'm also thinking of removing strncpy as I'm sure
it's not being used correctly....
Jeremy.
(This used to be commit b1930abb35dee74f858a3f7190276c418af2322b)
|
|
Got "medieval on our ass" about const warnings (as many as I could :-).
Jeremy.
(This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
|
|
(This used to be commit 4e882289b0e291bb57d48fc2b2120919632daa5f)
|
|
code.
In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.
Major Changes:
- Fully malloc'ed structures.
- Massive rework of the code so that all structures are made and destroyed
using malloc and free, rather than hanging around on the stack.
- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
to be declared 'invalid' without the chance that people might get ROOT by
default.
- kill off some of the "DOMAIN\user" lookups. These can be readded at a more
appropriate place (probably domain_client_validate.c) in the future. They
don't belong in session setups.
- Massive introduction of DATA_BLOB structures, particularly for passwords.
- Use NTLMSSP flags to tell the backend what its getting, rather than magic
lenghths.
- Fix winbind back up again, but tpot is redoing this soon anyway.
- Abstract much of the work in srv_netlog_nt back into auth helper functions.
This is a LARGE change, and any assistance is testing it is appriciated.
Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.
Needs testing with a wide variety of MS clients.
Andrew Bartlett
(This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
|
|
(This used to be commit ceba373aa30e09be948bd0980040cba204d12084)
|
|
To obtain the full group membership of a user (i.e nested groups on a
win2k native mode server) it is necessary to merge this list of groups
with the groups returned by winbindd when creating an nt access token.
This breaks winbindd linking while AB and I sync up our changes to the
authentication subsystem.
(This used to be commit 4eeb7bcd783d7cfb3ac232f1faa035773007401d)
|
|
(This used to be commit b30232e2b7ddb5eab419d4e6237176f695a534ad)
|
|
libsmb has not been written to be setuid, with things like LIBSMB_PROG allowing
all sort of fun and games.
Andrew Bartlett
(This used to be commit 0c8e9339d8238de92e9146d04091694b62874c33)
|
|
(This used to be commit c78fec86c97075bb5726fcb7ed197bc75dd88ac0)
|
|
the validation level. This allows us to test interactive or network logons.
Interestingly enough a win2k native mode server generates a rpc fault when
presented with a network logon!
(This used to be commit 0758c0ea845dd0b552e4dab3ce05f0811fa9658e)
|
|
there's a bug in the marshalling of net_sam_logon.
(This used to be commit 7c5ac46b8ad0be681d102e7ef3478d64d7a2b8e6)
|
|
Andrew Bartlett.
From kai@cmail.ru Mon Oct 29 18:50:42 2001
Date: Fri, 19 Oct 2001 17:26:06 +0300
From: Andrew V. Samoilov <kai@cmail.ru>
To: samba-technical@lists.samba.org
Subject: [patch]: makes some arrays const to be shared between processes
Hi!
This patch makes some arrays const. So these arrays go to text/rodata
segment and are shared between all of the processes which use shared
library with these arrays.
Regards,
Andrew V. Samoilov.
P.S. Please cc your answer to kai@cmail.ru,
I don't subscribed to this list.
ChangeLog:
* cliconnect.c (prots): Make const.
* clierror.c (rap_errmap): Likewise.
* nmblib.c (nmb_header_opcode_names): Likewise.
(lookup_opcode_name): Make opcode_namep const. Eliminate i.
* nterr.c (nt_err_code_struct): Typedef const.
* smberr.c (err_code_struct): Make const.
(err_classes): Likewise.
(This used to be commit cb84485a2b0e1fdcb6fa90e0bfb97e125ae1b3dd)
|
|
In particular this commit focuses on:
Actually adding the 'const' to the passdb interface, and the flow-on changes.
Also kill off the 'disp_info' stuff, as its no longer used.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes introduces a large dose of 'const' to the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
---
This finishes this line of commits off, your tree should now compile again :-)
Andrew Bartlett
(This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
|
|
(This used to be commit 12c10e876ea528fdf33e8ecfe42ab0ebb346b143)
|
|
NTLMSSP in cli_establish_connection()
What we really need to do is kill off the pwd_cache code. It is horrible,
and assumes the challenge comes in the negprot reply.
(This used to be commit 3f919b4360b3bfcc133f7d88bc5177e9d93f2db2)
|
|
Jeremy.
(This used to be commit 070fd5180fef921efb363ff24f04a298254f108b)
|
|
name is a "principal", not a principle. English majors will complain :-).
Jeremy.
(This used to be commit b668d7d656cdd066820fb8044f24bcd4fda29524)
|
|
(This used to be commit 44bdb8b12b3d6a7bf3148c2ac651a79f10776db6)
|
|
(This used to be commit d1341d74b7aa5f6b3f72e5409b245f87f1ad670b)
|
|
(This used to be commit eac164c7e650a8f855e7b662b126a5dfc5516927)
|
|
in a tdb.
Jeremy.
(This used to be commit 058ae6b58f61ef46013dd076af3a84de5fbaaab1)
|
|
(This used to be commit fd3a3daef3b8f7140e7006d30d23d739ac3aad2f)
|
|
(This used to be commit b94427ddd55c177145da2665afe3d3a3682db031)
|
|
it should give something for others to hack on and possibly find what
I'm doing wrong.
(This used to be commit 353c290f059347265b9be2aa1010c2956da06485)
|
|
loses things like username mapping. I wanted to get this in then
discuss it a bit to see how we want to split up the existing
session setup code
(This used to be commit b74fda69bf23207c26d8b2af23910d8f2eb89875)
|
|
(This used to be commit 888183a17cfb12c0cbf7d1ed515064d6f1716114)
|
|
(This used to be commit 1bcdf9106afacbe18437e87178bc1f219695c1e9)
|
|
in the asn1 spnego structures)
(This used to be commit 131010e9fb842b4d5a8660c538a3313c95fadae7)
|
|
- handle servers that don't send a kerberos principle (non-member servers)
- enable spnego without KRB5
(This used to be commit b218d465a1968a11d2d6a42afa7e552fea8b7f5e)
|
|
(This used to be commit 7092beef9d7a68018ede569883b22c822300c7ff)
|
|
enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM
(This used to be commit 076aa97bee54d182288d9e93ae160ae22a5f7757)
|
|
(This used to be commit 8b692d8326a1548a7dbbd2cecee9ece6aa60473a)
|
|
packet which means I can extract the service and realm, so we should
now work with realms other than the local realm.
it also means we now check the list of OIDs given by the server just
in case it says that it doesn't support kerberos. In that case we
should fall back to NTLMSSP but that isn't written yet.
(This used to be commit 395cfeea94febb5280ea57027e8a8a3c7c3f9291)
|
|
(This used to be commit 919734c1a6fd8b3bd0e12e96d878f47b6d6ff5e0)
|
|
activate you need to:
- install krb5 libraries
- run configure
- build smbclient
- run kinit to get a TGT
- run smbclient with the -k option to choose kerberos auth
(This used to be commit d33057585644e1337bac743e25ed7653bfb39eef)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
(This used to be commit 758d923fa183b50acab9928e402f17bd25ba8f41)
|