| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
the 4 byte length isn't included in the length :-).
We now have working NTLMSSP transport encryption
with sign+seal. W00t!
Jeremy.
(This used to be commit d34584cb5c53c194693ce7236020ab83f60cd235)
|
|
Jeremy.
(This used to be commit 1639366561bd63d7023c54f811e2f87dcbbd0a31)
|
|
exchange. Still not working but closer.
Jeremy.
(This used to be commit 2fde5c703d2390bc6685f34713dc996e69732f1a)
|
|
Now to investigate why it doesn't work :-).
Jeremy.
(This used to be commit 73f7c6cef8371ad63eb1dc3e79bfc78503dbd7a4)
|
|
for testing.
Jeremy.
(This used to be commit 783a7b3085a155d9652cd725bf2960cd272cb554)
|
|
"raw" NTLM auth (no spnego).
Jeremy.
(This used to be commit 6b5ff7bd591b4f65e2eb767928db50ddf445f09a)
|
|
rafal
(This used to be commit 8f313061a4cbc69d8dd17aa282d79d07a9275242)
|
|
functions that take a gss context handle in includes.h
Jeremy.
(This used to be commit 638b03242d4a6b1df2477dad19240ed61a14a5a3)
|
|
not just an NTLMSSP - grr. This complicates the re-use of
common client and server code but I think I've got it right.
Not turned on of valgrinded yet, but you can see it start
to take shape !
Jeremy.
(This used to be commit 60fc9c0aedf42dcd9df2ef9f1df07eaf3bca9bce)
|
|
depending on encryption context pointer.
Jeremy.
(This used to be commit d3f3ced6c8a03d971143baf878158d671dfcbc3b)
|
|
for the server side enc. (doesn't break anything).
I'll keep updating this until I've got NTLM seal working
on both client and server, then add in the gss level
seal.
Jeremy.
(This used to be commit 530ac29abf23e920baa549e7cec55199edd8bd74)
|
|
these out as I implement. Don't add to SAMBA_3_0_25, this
is experimental code.
NFSv4 you're now officially on notice... :-).
Jeremy.
(This used to be commit 5bfe638f2172e272741997100ee5ae8ff280494d)
|
|
Jeremy.
(This used to be commit f18e87ba6b6a3f4c16777cb5b6bf93a656800247)
|
|
Jeremy.
(This used to be commit 1e32b44bfcf7676b3a9f208054fa853e7066eafc)
|
|
to return a NT_STATUS_TIME_DIFFERENCE_AT_DC error to
a client when there's clock skew. Will help people
debug this. Prepare us for being able to return the
correct sessionsetupX "NT_STATUS_MORE_PROCESSING_REQUIRED"
error with associated krb5 clock skew error to allow
clients to re-sync time with us when we're eventually
able to be a KDC.
Jeremy.
(This used to be commit c426340fc79a6b446033433b8de599130adffe28)
|
|
Volker
(This used to be commit fd0ee6722ddfcb64b5cc9c699375524ae3d8709b)
|
|
Not used
yet, the next step will be a secrets_fetch_machine_account() function that
also pulls the account name to be used in the appropriate places.
Volker
(This used to be commit f94e5af72e282f70ca5454cdf3aed510b747eb93)
|
|
works from smbclient and Windows, and I am promising to
support and fix both client and server code moving forward.
Still need to test the RPC admin support but I haven't
changed that code.
Jeremy.
(This used to be commit 7a7862c01d07796ef206b255c676ad7dc2cc42fc)
|
|
calling convention in the latest MIT changes. Apparantly Heimdal
is also changing to this calling convention.
(This used to be commit c29c69d2df377fabb88a78e6f5237de106d5c2c5)
|
|
mode_t in posix_open/posix_mkdir -> 8 bytes to match
the SET_UNIX_INFO_BASIC call. Steve is updating the
Wikki.
Jeremy.
(This used to be commit 2f1c95ac7718c1d2a75367ba712edd6b57069432)
|
|
process deep dfs links (ie. links that go to non root
parts of a share). Make the directory handling conanonical
in POSIX and Windows pathname processing.
dfs should not be fully working in client tools. Please
bug me if not.
Jeremy.
(This used to be commit 1c9e10569cd97ee41de39f9f012bea4e4c932b5d)
|
|
Jeremy.
(This used to be commit 02d08ca0be8c374e30c3c0e665853fa9e57f043a)
|
|
right now.
Jeremy.
(This used to be commit 6dd5f0ef0fe3a673081e16e656ca579bf50457ff)
|
|
(This used to be commit 73b7a25ba8a2f7471c07a912da8b6968b41b4f1d)
|
|
Add proper debug to all possible setfilepathinfo
functions.
Jeremy.
(This used to be commit 3c47a5ef258d536504759a02f6d84c0ab0af7224)
|
|
We're not yet deleting open files on unlink. Investigating...
Jeremy.
(This used to be commit 334b34f131578c2a889caa90aa2425f41883cafd)
|
|
Jeremy.
(This used to be commit 6a0f6fde0a19bfb4af4c7fa6f29d7015e884d86e)
|
|
Jeremy.
(This used to be commit 6457d66b9a04c421fc43e131c825c7555c16a1ea)
|
|
Patch from Zack Kirsch <zack.kirsch@isilon.com>.
Jeremy.
(This used to be commit df07a662e32367a52c1e8473475423db2ff5bc51)
|
|
Jeremy.
(This used to be commit 4a04555e23b5fa53fbeb5b65a7c83cff1b0f9640)
|
|
(This used to be commit 5ef0286b56b368abd4da2cbe3d826a3438f3acc3)
|
|
removed).
Jeremy.
(This used to be commit 645b0438dde0dad26e950b3184cc412d3d87560a)
|
|
to allow client to fragment large SPNEGO blobs (large krb5
tickets). Tested against W2K3R2. Should fix bug #4400.
Jeremy.
(This used to be commit b81c5c6adce51cec06df0e993534064b20666a8e)
|
|
fragmented into "max xmit" size security blob
chunks. Bug #4400. Needs limits adding, and also
a client-side version.
Jeremy.
(This used to be commit aa69f2481aafee5dccc3783b8a6e23ca4eb0dbfa)
|
|
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".
Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).
Guenther
(This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
|
|
string
server_len is usually 256 (fstring).
Correctly terminate saving the lenght
(This used to be commit e7e44554bf7c61020e2c5c652e3f8f37a296d3aa)
|
|
Move more error code returns to NTSTATUS.
Client test code to follow... See if this
passes the build-farm before I add it into
3.0.25.
Jeremy.
(This used to be commit 83dbbdff345fa9e427c9579183f4380004bf3dd7)
|
|
\\server\share\path
DFS referrals. This doesn't appear to break anything in the non-DFS case,
but I don't have an environment to test DFS referrals. Need confirmation
from OP that this solves the problem.
(This used to be commit e479a9c094fa42354aad7aa76a712bf67d3d4d45)
|
|
- Should fix bug 4115 (but needs confirmation from OP). If the kerberos use
flag is set in the context, then also pass it to smbc_attr_server for use by
cli_full_connection()
- Should fix bug 4309 (but needs confirmation from OP). We no longer send a
keepalive packet unconditionally. Instead, we assume (yes, possibly
incorrectly, but it's the best guess we can make) that if the connection is
on port 139, it's netbios and otherwise, it isn't. If netbios is in use, we
send a keepalive packet. Otherwise, we check that the connection is alive
using getpeername().
(This used to be commit 2f9be59c10ef991a51cc858ab594187b5ca61382)
|
|
crashed. So
it needs the specific error message.
Make messages.c return NTSTATUS and specificially NT_STATUS_INVALID_HANDLE if
sending to a non-existent process.
Volker
(This used to be commit 3f620d181da0c356c8ffbdb5b380ccab3645a972)
|
|
Guenther
(This used to be commit ea38e1f8362d75e7ac058a7c4aa06f1ca92ec108)
|
|
as this is causing the WRONG_PASSWORD error in the SetUserInfo()
call during net ads join).
We are now back to always list RC4-HMAC first if supported by
the krb5 libraries.
(This used to be commit 4fb57bce87588ac4898588ea4988eadff3a7f435)
|
|
works - even with the strange "initial delete on close"
semantics. The "initial delete on close" flag isn't
committed to the share mode db until the handle is
closed, and is discarded if any real "delete on close"
was set. This allows me to remove the "initial_delete_on_close"
flag from the share db, and move it into a BOOL in files_struct.
Warning ! You must do a make clean after this. Cope with
the wrinkle in directory delete on close which is done
differently from files. We now pass all Samba4 smbtortute
BASE-DELETE tests except for the one checking that files
can't be created in a directory which has the delete on
close set (possibly expensive to fix).
Jeremy.
(This used to be commit f2df77a1497958c1ea791f1d2f4446b5fc3389b3)
|
|
the stored client sitename with the sitename from each sucessfull CLDAP
connection.
Guenther
(This used to be commit 6a13e878b5d299cb3b3d7cb33ee0d51089d9228d)
|
|
for a PDC.
Guenther
(This used to be commit 0944c7861004bee2a9d0ac787f022f5bf1d181ac)
|
|
site support in a network where many DC's are down.
I heard via Volker there is still a bug w.r.t the
wrong site being chosen with trusted domains but
we'll have to layer that fix on top of this.
Gd - complain if this doesn't work for you.
Jeremy.
(This used to be commit 97e248f89ac6548274f03f2ae7583a255da5ddb3)
|
|
Instead,
add [ref] pointers where necessary (top-level [ref] pointers,
by spec, don't appear on the wire).
This brings us closer to the DCE/RPC standard again.
(This used to be commit 580f2a7197b1bc9db14a643fdd112b40ef37aaef)
|
|
Jeremy.
(This used to be commit 89b7a0630de0bd95a56263b36d433b4e73517a70)
|
|
The problem occurs like this:
1) running smbd as a domain member without winbindd
2) client1 connects, during auth smbd-1 calls update_trustdom_cache()
3) smbd-1 takes the trustdom cache timestamp lock, then starts
enumerate_domain_trusts
4) enumerate_domain_trusts hangs for some unknown reason
5) other clients connect, all block waiting for read lock on trustdom
cache
6) samba is now hung
The problem is the lock, and really its just trying to avoid a race
where the cure is worse than the problem. A race in updating the
trutdom cache is not a big issue. So I've just removed the lock.
It is still an open question why enumerate_domain_trusts() can
hang. Unfortunately I've not in a position to get a sniff at the site
that is affected. I suspect a full fix will involve ensuring that all
the rpc code paths have appropriate timeouts.
(This used to be commit ab8d41053347a5b342ed5b59a0b0dd4983ca91e6)
|
|
(This used to be commit 44f9d25a9026df29fcaae8723ef52b1d3101628b)
|
