Age | Commit message (Collapse) | Author | Files | Lines |
|
Volker
(This used to be commit 94817a8ef53589011bc4ead4e17807a101acf5c9)
|
|
Volker
(This used to be commit ea83001d3ed0b5da67cf367c17fdef662bc01681)
|
|
NTcancel doesn't send a reply, so in this case the signing
sequence number is only incremented by 1, not 2.
Jeremy.
(This used to be commit 85841a01987e653a085af00c7c437145686a332b)
|
|
(This used to be commit fd82f185a2e0f94bfb75f4eee072556ad94bf27d)
|
|
(This used to be commit be9aaffdaccae06c8c035eaf31862e34b7cfbe38)
|
|
calls introduced by signing code simplification.
Please test if you've seen signing problems with
3.0.23a.
Jeremy.
(This used to be commit f462daf02c12cfba634f92e681eb23a09e7d0acf)
|
|
Jeremy.
(This used to be commit deaac5bd463e5b8fd0b9915b553fdac3a4271293)
|
|
turns out that EDQUOTA must map to NT_STATUS_DISK_FULL
for Windows apps to work correctly. My mistake.
Jeremy.
(This used to be commit de1e3f7a7ae9e8a41b45130e2cdfc22f43cf53b5)
|
|
Based on an idea from Shlomi Yaakobovich <Shlomi@exanet.com>.
Jeremy.
(This used to be commit 9c440925f879d1e4ef99d04e2dfbe41077869204)
|
|
A patch to make ntlm_auth recognize three new commands in
ntlmssp-client-1 and squid-2.5-ntlmssp:
The commands are the following:
Command: SF <hex number>
Reply: OK
Description: Takes feature request flags similar to samba4's
gensec_want_feature() call. So far, only NTLMSSP_FEATURE_SESSION_KEY,
NTLMSSP_FEATURE_SIGN and NTLMSSP_FEATURE_SEAL are implemented, using the same
values as the corresponding GENSEC_FEATURE_* flags in samba4.
Command: GF
Reply: GF <hex number>
Description: Returns the negotiated flags.
Command: GK
Reply: GK <base64 encoded session key>
Description: Returns the negotiated session key.
(These commands assist a wine project to use ntlm_auth for signing and
sealing of bulk data).
Andrew Bartlett
(This used to be commit bd3e06a0e4435f1c48fa3b7862333efe273119ee)
|
|
(This used to be commit 1a5874588686fb4ece9be70059ff75b975ed2bd5)
|
|
DCs isn't resolvable in DNS. The fix is to leave that DC out of the
returned list of DCs. I think the original code intended that anyway,
just didn't quite get it right ('i' wasn't incremented in that code
path, so the loop didn't terminate)
(This used to be commit d7ec9f3cc0439e9e0f4c98988b14ae2155d931b9)
|
|
(This used to be commit 2e7afa9e19b117d7a8ce1238c1b9b80ececec729)
|
|
to be selected.
Jeremy.
(This used to be commit 2d8d4bd77bac6f5e7865657e12affd8b94aa85c3)
|
|
(This used to be commit 083ef11cc9be8f1299f233bde194173e092e2c3c)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
signing bug.
Jeremy.
(This used to be commit 3b7fbe856cea7cbb5bf91844f94f221be0a2c627)
|
|
by converting the lookup_XX functions to correctly
return SID_NAME_TYPE enums.
Jeremy.
(This used to be commit ee2b2d96b60c668e37592c79e86c2fd851e15f69)
|
|
Jeremy.
(This used to be commit ec0a47b94c12b64d351ca8e6bdd467578528f3da)
|
|
Jeremy.
(This used to be commit d1a1c4e092877a6ea0f98eed2a37a96d42c36323)
|
|
where we don't correctly check the return from memdup.
Jeremy.
(This used to be commit ce14daf51c7ee2f9c68c77f7f4674e6f0e35c9ca)
|
|
Added a next_token_no_ltrim() function which does not strip leading separator
characters. The new function is used only where really necessary, even though
it could reasonably be used in many more places, to avoid superfluous code
changes.
Derrell
(This used to be commit d90061aa933f7d8c81973918657dd72cbc88bab5)
|
|
Although I've never met a computer or compiler that produced pointers to
functions which are a different size than pointers to data, I suppose they
probably exist. Assigning a pointer to a function is technically illegal in C
anyway.
Change casts of the option_value based on the option_name to use of variable
argument lists.
For binary compatibility, I've maintained but deprecated the old behavior of
debug_stderr (which expected to be passed a NULL or non-NULL pointer) and
added a new option debug_to_stderr which properly expects a boolean (int)
parameter.
Derrell
(This used to be commit c1b4c510530ca3118d1eccb9615a8cad732c7373)
|
|
Jeremy.
(This used to be commit 09e11dcb2304eec9656e76c24921c82f4a870914)
|
|
Guenther
(This used to be commit 840ac23ec007df445892d851144d6458c4e06a6b)
|
|
share_mode struct. Allows us to know the unix
uid of the opener of the file/directory. Needed
for info level queries on open files.
Jeremy.
(This used to be commit d929323d6f513902381369d77bcd7b714346d713)
|
|
Volker
(This used to be commit ce1d8423ef7cd86fc64200002fde707bca621d44)
|
|
in net_rpc.c: 715 716 732 734 735 736 737 738 739 749
in net_rpc_audit.c: 754 755 756
in net_rpc_join.c: 757
in net_rpc_registry: 766 767
in net_rpc_samsync.c: 771 773
in net_sam.c: 797 798
Volker
(This used to be commit 3df0bf7d6050fd7c9ace72487d4f74d92e30a584)
|
|
Only set the DFS capability flag if the share is a DFS root. Fixes bug 3814.
(This used to be commit 6193f1170819096ea8a646e5a456f627df83872d)
|
|
class of memory leak bugs on error found by Klocwork (#123).
Many of these functions didn't free allocated memory on
error exit.
Jeremy.
(This used to be commit 8ef11a7c6de74024b7d535d959db2d462662a86f)
|
|
to void *.
Jeremy.
(This used to be commit e24361ecddef8a48a42a356775b93ce5c4027fae)
|
|
Guenther
(This used to be commit 546710d58c07acdaa175caa48cec4d3f2bc657ad)
|
|
This patch is mainly based on the work of Todd Stecher
<tstecher@isilon.com> and has been reviewed by Jeremy.
I sucessfully tested and valgrinded it with MIT 1.4.3, 1.3.5, Heimdal
0.7.2 and 0.6.1rc3.
Guenther
(This used to be commit 535d03cbe8b021e9aa6d74b62d81b867c494c957)
|
|
(This used to be commit 09586824f6568fb3305e3e59ba6bc8f5f632fb56)
|
|
we know we don't have an error. Klocwork #6.
Jeremy.
(This used to be commit 2c1a2d7b40e7ef353461f97f5c69c2079b5670ab)
|
|
Jeremy.
(This used to be commit 319f80bbf0455cfaf80eab51313a56db4ed04ac5)
|
|
Volker
(This used to be commit 7674a4f8361d3f3b649245118b82d8a074a2760e)
|
|
offset correctly when doing info level 1 directory
scans. Thanks to Guenter Kukkukk <Guenter.Kukkukk@kukkukk.com>
for reporting this problem and testing the fix.
Jeremy.
(This used to be commit 65d4dfbd6045a4e3f9eaf520c70ef29ff7ddee82)
|
|
cli_session_setup
derefences it.
Volker
(This used to be commit b013b6908d22cfd38fcc56a9cb2ca675d75996d1)
|
|
(This used to be commit d77768cb237461b06119ee19f822b120623d77dd)
|
|
(This used to be commit 71fd0d3de4a02b9a7b67914f6412f18ec0bb5e7a)
|
|
Jeremy.
(This used to be commit b108ab7b122cc607f31772614b221379403b211b)
|
|
is broken
right now. r14112 broke it, in 3.0.22 register_vuid for security=share returns
UID_FIELD_INVALID which in current 3_0 is turned into an error condition. This
makes sure that we only call register_vuid if sec!=share and meanwhile also
fixes a little memleak.
Then I also found a crash in smbclient with sec=share and hostmsdfs=yes.
There's another crash with sec=share when coming from w2k3, but I need sleep
now.
Someone (jerry,jra?) please review the sesssetup.c change.
Thanks,
Volker
(This used to be commit 8059d0ae395604503cad3d9f197928305923e3f5)
|
|
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.
The points of interest are
* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
using the machine account after the join
Thanks to Guenther and Simo for the review.
Still to do:
* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
'kinit -k' (although we might be able to just use the sAMAccountName
instead)
* Re-add support for pre-creating the machine account in
a specific OU
(This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
|
|
locating AD DC's with out own DNS SRV queries.
Testing on Linux and Solaris.
(This used to be commit cf71f88a3cdcabf99c0798ef4cf8c978397a57eb)
|
|
* Fix the build without kerberos headers
* Fix memleak in the krb5_address handling
Guenther
(This used to be commit 10e42117559d4bc6a34e41a94914bf6c65c3477f)
|
|
kerberized pam_winbind and workstation restrictions are in effect.
The krb5 AS-REQ needs to add the host netbios-name in the address-list.
We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from
the edata of the KRB_ERROR but the login at least fails when the local
machine is not in the workstation list on the DC.
Guenther
(This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
|
|
Jeremy, can you check this? This was part of your -O6 on 64bit sweep.
Volker
(This used to be commit 4fa5dbcc8dd1f150664e1241b22e3f048d816001)
|
|
Jeremy.
(This used to be commit bea87e2df45c67cc75d91bd3ed1acc4c64a1c8ea)
|
|
smb_krb5_parse_name_norealm_conv that pull/push from unix charset
to utf8 (which krb5 uses on the wire). This should fix issues when
the unix charset is not compatible with or set to utf8.
Jeremy.
(This used to be commit 37ab42afbc9a79cf5b04ce6a1bf4060e9c961199)
|