Age | Commit message (Collapse) | Author | Files | Lines |
|
fail if file exists and target is a directory. gentest.
Jeremy.
(This used to be commit f4a7ea6dc2b9f379a9c735670a49ac63818754c7)
|
|
(This used to be commit 005d92d57ea912b68dd107152d478fae2162511a)
|
|
Volker
(This used to be commit 0b29d83d33153dc0e49406efa6735b6664d88ce7)
|
|
(This used to be commit 4319df7fdc2d878c509381923cc1db4d731620ba)
|
|
Jeremy.
(This used to be commit 0ea0ada6c609e1bb0fb4aace24e1beb7197495b5)
|
|
on an initial open the desired_access field *must* contain DELETE_ACCESS,
simply having it map from a GENERIC_ALL won't do. Fixes delete on close test.
Jeremy.
(This used to be commit 5c6f8b1053fd1f170fbb76640649653f8aa80f18)
|
|
Jeremy.
(This used to be commit adf8ee3df75b8336d14ad093ad2ebc3a480d0017)
|
|
Jeremy.
(This used to be commit 86b030197db63ac0a04b8ea877d80a3d74a7a187)
|
|
Jeremy.
(This used to be commit e275835b516ec2e319ad5a6943be007d34a55d75)
|
|
Andrew Bartlett
(This used to be commit 318e11748a86d92bfc6ebf0e58f3c8360cbf4b69)
|
|
Andrew Bartlett
(This used to be commit 66569546e8cbb06b6de7e1ac5b2ebf662ea026de)
|
|
Andrew Bartlett
(This used to be commit 4c4aa80177e05ed7900e9f24673a62064128c736)
|
|
Andrew Bartlett
(This used to be commit e10e176c83da9eda0746e0bd108c72a01a0505e8)
|
|
Remove source_env handler (no longer used in any codepath).
Jeremy.
(This used to be commit 3a3e33603084048e647af86a9badaaf49433c789)
|
|
As well as avoiding DOS charset issues, this scheme returns useful error
codes, that we can map back via the pam interface.
This patch also cleans up the interfaces used for password buffers, to
avoid duplication of code.
Andrew Bartlett
(This used to be commit 2a2b1f0c872d154fbcce71a250e23dfad085ba1e)
|
|
even if they don't work yet.
Andrew Bartlett
(This used to be commit 636b98dab9bc27f55bdc65d7dedb58cdf8d8563b)
|
|
Found by Fran Fabrizio <fran@cis.uab.edu>.
Add to the *start* of the list not the end of the list.
This ensures that the *last* send sequence with this mid
is returned by preference.
This can happen if the mid wraps and one of the early
mid numbers didn't get a reply and is still lurking on
the list.
Jeremy.
(This used to be commit 25d739978fe9081ba0946c36901492127248e3e0)
|
|
- setup_logging() in smbclient to be interactive (remove the timestamps)
- Fix bad return value in pull_ucs2( needs more testing to make sure this
didn't break something else) that caused clistr_pull() to always read
the same string from the buffer (pull_usc2() could return -1 if the original
source length was given as -1)
- increment some debugging messages to avoid printing them out so often
(This used to be commit 79fe75dcdf6cc38e18ca1231e4357893db4d4a08)
|
|
names
* fix some a mispelled variable name
(This used to be commit bca702c97620ad8f66015d6e4b41abd4adf22076)
|
|
(This used to be commit ebabf72a78f0165521268b73e0fcabe1ea7834fd)
|
|
Andrew Bartlett
(This used to be commit 7e75a6d681fc63cacc7e5caa7a04568c6019367f)
|
|
hostname lookups, and ensures that we don't lookup 'short' (ie NetBIOS)
domain names in DNS.
Andrew Bartlett
(This used to be commit 35f6347a73ce7423adb78c7e95492bb6d98f4c40)
|
|
domains, this patch ensures that we always use the ADS backend when
security=ADS, and the remote server is capable.
The routines used for this behaviour have been upgraded to modern Samba
codeing standards.
This is a change in behaviour for mixed mode domains, and if the trusted
domain cannot be reached with our current krb5.conf file, we will show
that domain as disconnected.
This is in line with existing behaviour for native mode domains, and for
our primary domain.
As a consequence of testing this patch, I found that our kerberos error
handling was well below par - we would often throw away useful error
values. These changes move more routines to ADS_STATUS to return
kerberos errors.
Also found when valgrinding the setup, fix a few memory leaks.
While sniffing the resultant connections, I noticed we would query our
list of trusted domains twice - so I have reworked some of the code to
avoid that.
Andrew Bartlett
(This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
|
|
authentication.
Andrew Bartlett
(This used to be commit 7e6cc8f0037f9948230a1e1bd380f30cec5d511e)
|
|
about our server-side lack of session key.
Andrew Bartlett
(This used to be commit ba33f1e0d5fe2aed3e378c9c23511c0b4d6f7d14)
|
|
this but we should log the fact it was negotiated.
Jeremy.
(This used to be commit 84d34e32be03ec99ce19520f24bb4daaeeddbbc3)
|
|
test for a valid length to fail...
This should fix 'security=server' and hosts-equiv failures picked up by
the build farm.
Andrew Bartlett
(This used to be commit 39311495de3bd0a902f730967f30176db97be05a)
|
|
would attempt to supply a password to the 'inside' NTLMSSP, which the
remote side naturally rejected.
Andrew Bartlett
(This used to be commit da408e0d5aa29ca1505c2fd96b32deae9ed940c4)
|
|
DNS names (realms) from NetBIOS domain names.
Until now, we would experience delays as we broadcast lookups for DNS names
onto the local network segments.
Now if DNS comes back negative, we fall straight back to looking up the
short name.
Andrew Bartlett
(This used to be commit 32397c8b01f1dec7b05140d210bb32f836a80ca6)
|
|
(This used to be commit a2f6dec05b3b30292ec3e42808dc89f1bf5c7ab4)
|
|
(This used to be commit cb063c1b6949a2a9637689537c6ab8dc881bc568)
|
|
it out onto the wire. Avoids valgrind warnings because the fstrcpy() causes
part of the wire buffer to be 'marked'.
Andrew Bartlett
(This used to be commit 53d802c72aa712e099dc8de666ab66a21e18fae1)
|
|
it sent 'INVALID_PARAMETER', when it was us as the server that could not
come up with a session key. Instead, allow normal authentication to take
place, but do not setup a session key.
Andrew Bartlett
(This used to be commit e5abd93d799e5f86839560feca448743c13a9055)
|
|
- Fill in the 'backup' idea of a domain, if the DC didn't supply one. This
doesn't seem to occour in reality, hence why we missed the typo.
lib/charcnv.c:
lib/smbldap.c:
libads/ldap.c:
libsmb/libsmbclient.c:
printing/nt_printing.c:
- all the callers to pull_utf8_allocate() pass a char ** as the first
parammeter, so don't make them all cast it to a void **
nsswitch/winbind_util.c:
- Allow for a more 'correct' view of when usernames should be qualified
in winbindd. If we are a PDC, or have 'winbind trusted domains only',
then for the authentication returns stip the domain portion.
- Fix valgrind warning about use of free()ed name when looking up our
local domain. lp_workgroup() is maniplated inside a procedure that
uses it's former value. Instead, use the fact that our local domain is
always the first in the list.
Andrew Bartlett
(This used to be commit 494781f628683d6e68e8ba21ae54f738727e8c21)
|
|
subsystem into a seperate file - ntlm_check.c.
This allows us to call these routines from ntlm_auth. The purpose of this
exercise is to allow ntlm_auth (when operating as an NTLMSSP server) to
avoid talking to winbind. This should allow for easier debugging.
ntlm_auth itself has been reorgainised, so as to share more code between
the SPNEGO-wrapped and 'raw' NTLMSSP modes. A new 'client' NTLMSSP mode
has been added, for use with a Cyrus-SASL module I am writing (based on vl's
work)
Andrew Bartlett
(This used to be commit 48315e8fd227978e0161be293ad4411b45e3ea5b)
|
|
to do it twice...
Amdrew Bartlett
(This used to be commit 8f9a069c59cbd357cbef8814764c10f6d8b6e6e8)
|
|
would incorrectly return INVALID_PARAMETER, instead of allowing a
login.
Andrew Bartlett
(This used to be commit 76c59469a340209959c420bd5c2e947d3347bdb1)
|
|
solves the problem for me here, I can still successfully set up signing using
NTLMSSP against w2k3 and it does not show a signing error anymoe when the
password was wrong.
Jeremy, you might want to take a further look at it as this is not
particularly elegant.
Volker
(This used to be commit f5afaafd61dc7bd191225ffa8eee184125dd97c3)
|
|
all there is.
Jeremy.
(This used to be commit b611f8d170743f1f4d71b1def83bb757d9f467af)
|
|
Jeremy
(This used to be commit 5aab4b976c0aced68d71c1e71e85287072a6f3c7)
|
|
This fixes a problem joining a Samba domain from a
vanilla win2k client that doesn't set the
NTLMSSP_NEGOTIATE_NTLM2 flag.
Reported on samba ml as "decode_pw: incorrect password length"
when handling a samr_set_userinfo(23 or 24) RPC.
(This used to be commit ef4ab8d7c497e4229d0c1deeb20d05c95bd8feb9)
|
|
Jeremy.
(This used to be commit d3d0353baeba580d8a7a4688f847463b1b2e750c)
|
|
fail to OS2 for example)
(This used to be commit 54e2fcb8f4a9d603b3210baa014b3f5f15070a22)
|
|
broken by my NTLM2 commit. This should correctly cause the NTLM2 case
not to be negotiated when 'security=server' is in effect.
Andrew Bartlett
(This used to be commit 19bb4b582f98eb1da41e22c9a2a2c11602cb95e4)
|
|
they're easy to miss.
Jeremy.
(This used to be commit 7fa89b093709053650d197d2d0f091b9a1cd8218)
|
|
Jeremy
(This used to be commit 4912ad8f18041c9c3abe2cfa67dd26a324c9c31e)
|
|
does this.
Jeremy.
(This used to be commit 8adf0cd27a23b1bc6e0da08789a8b1e9eefb54a7)
|
|
state info each packet.
Jeremy.
(This used to be commit 818cf32d6330f7e7855ce662326003e75d4a1d46)
|
|
packet is the one that matters for checking the signing replies. Need to
check the server code does this correctly too....
Bug #832 reported by Volker.
Jeremy.
(This used to be commit 6750dc33b46c422582176b704592d9b2f1fb04d7)
|
|
it fails later. Only turn it off automatically if it fails at the start.
Jeremy.
(This used to be commit 4a145531c2b6353291cd25f14f5572aa31e86594)
|