Age | Commit message (Collapse) | Author | Files | Lines |
|
The problem was the NTLMv2 uses extra data in order to make reply/lookup
more difficult. That extra data includes the hostname, and the domain.
This matches Win2k (sort of) by sending this information.
Win2k connects with LMCompatibilityLevel=5 without a problem.
We can change the negotiation bits if we want, this should allow us to make
NTLMv2 the default for other clients as well.
Some of the extra #defines were found in the squid source.
Andrew Bartlett
(This used to be commit 17a5f67b3d1935baf6197ae967624eb847b66ac8)
|
|
unix and DOS strings.
This pushes all the 'have to uppercase, must be 14 chars' stuff behind the
the interface.
Andrew Bartlett
(This used to be commit dec650efa8ab1466114c2e6d469320a319499ea0)
|
|
Importantly:
The removal of the silly 'delete user script' behaviour when secuity=domain.
I have left the name the same - as it still does the (previously documented,
but not in smb.conf(5)) sane behaviour of deleting users on request.
When we decide what to do with the 'add user' functionality, we might
rename it.
Andrew Bartlett
(This used to be commit cdcfe3671eb7570e15649b77f708e6579055e7bc)
|
|
didn't make any sense, and its was always just strlen(password) anyway.
This fixes it to be strlen(password)+1
Andrew Bartlett
(This used to be commit c205b18bd6b9b69200ff3db55f2c641631d4ab40)
|
|
Wasn't this what got us some of the bugs with big-endien smbpasswd -j FOO -U ?
Anyway, it deserves to die.
Andrew Bartlett
(This used to be commit 7201720048b31e48fb2600de8f7396088cc9b533)
|
|
this:
More code cleanup - this lot a bit more dodgy than the last:
The aim is to trim pwd_cache down to size. Its overly complex, and a
pain to deal with. With a header comment like this:
'obfusticaion is planned'
I think it deserved to die (at least partly).
This was being done to allow 'cli_establish_connection' to die - its
functionality has been replaced by cli_full_connection(), which does
not duplicate code everywhere for creating names etc.
This also removes the little 'init' fucntions for the various pipes,
becouse they were only used in one place, and even then it was dodgy.
(I've reworked smbcacls not to use anonymous connections any more, as
this will (should) fail with a 'restrict anonymous' PDC).
This allowed me to remove cli_pipe_util.c, which was calling
cli_establish_connection.
tpot: I'm not sure what direction you were going with the client stuff,
and you may well have been wanting the init functions. If thats the case,
give me a yell and I'll reimplement them against cli_full_connection.
Andrew Bartlett
(This used to be commit fa67e4626bed623333c571e76e06ccd52cba5cc5)
|
|
(only function that used it was unused, and this helps bring TNG and HEAD
closer)
Its also cleaner.
Andrew Bartlett
(This used to be commit 78f47c83332a6408a718a3dee45645935638b364)
|
|
I think we may still need to look at our server enumeration code, but
other than that, its much better in the tree than out.
Andrew Bartlett
(This used to be commit d57a1b4629d12a0374cc6d74dfc6f5d4793fcef8)
|
|
This option was badly maintained, useless and confused our users and
distirbutors. (its SSL, therfore it must be good...)
No windows client uses this protocol without help from an SSL tunnel.
I can't see any reason why setting up a unix-side SSL wrapper would
be any more difficult than the > 10 config options this mess added
to samba in any case.
On the Samba client end, I think the LIBSMB_PROG hack should be
sufficient to start stunnel on the unix side. We might extend this
to take %i and %p (IP and port) if there is demand.
Andrew Bartlett
(This used to be commit b04561d3fd3ee732877790fb4193b20ad72a75f8)
|
|
call so we probably should as well.
(This used to be commit 39c0218e5b4132e60401c2fc25fcbc88be94f87f)
|
|
(This used to be commit c986a19cde0dfa96b512eb24d873203981e68c48)
|
|
(This used to be commit 217ae50acd8cf088e268e7d2a6a7c192aca9e2f1)
|
|
(This used to be commit a1934a7a8eda592e283a01014280ddb373564927)
|
|
The setprinterdata routine was rewritten slightly to take more arguments.
(This used to be commit a9a5702c88ea9c4a6a9197cf4e3444b26be858cc)
|
|
(This used to be commit 38de5025fb1f6396e456e26bfb071223da247f03)
|
|
endpageprinter, setjob and getjob.
(This used to be commit d091a9d300c70b708218067d355c8282a6f14ab6)
|
|
(This used to be commit aaa996355287fcd86873697f51a069ccb5a908b9)
|
|
is detected.
(This used to be commit 0377448b8c3e2bd8d5bc9f49a585292dc5c5b5a1)
|
|
(This used to be commit 0827bd4184256a87d6cf6c58bc314309503da7be)
|
|
is freakier... the name or the fact that a seven-year-old knows what it
means.
Small change to correct the value we place in the DGM_LENGTH field of
NBT Datagram messages. We have been counting the full datagram, but it's
fairly clear in the RFCs that we should only count the source name,
destination name, and payload. We've been overcharging by 14 bytes
(the size of the NBT DGM header).
This fix brings us in line with what Windows does, and what the RFCs
say should be done. I'm a little surprised that this didn't cause any
bugs or error messages. I guess no one actually checks this field.
(This used to be commit 3156c020e5b6f12a448d58669977ad4449789460)
|
|
(This used to be commit b2329039d255928faf53474ee7ab06b6353b9fbe)
|
|
param/loadparm.c: Added missing debugs that would have helped me find a misconfiguration
I lost a day on....
Jeremy.
(This used to be commit 6e9572379784c77f3c4e6a95e18a9641880a8ffc)
|
|
(This used to be commit 7f923d738b94eef042b21e4d0143861755620d91)
|
|
information when one or more of the names/sids being queried were not
resolvable. We now return a list the same length as the parameters passed
instead of an array of just the resolvable names/sids.
(This used to be commit 245468dbabb7c849ce423cc3cb586fa913d0adfe)
|
|
(This used to be commit f736e115c00e02e3f131ccceb7769559dd4d908a)
|
|
<mimir@diament.ists.pwr.wroc.pl>) this patch allows samba to correctly
enumerate its trusted domains - by exaimining the keys in the secrets.tdb file.
This patch has been tested with both NT4 and rpcclient/wbinfo, and adds
some extra functionality to talloc and rpc_parse to allow it to deal with
already unicode strings.
Finally, this cleans up some const warnings that were in net_rpc.c by pushing
another dash of const into the rpc client code.
Andrew Bartlett
(This used to be commit 0bdd94cb992b40942aaf2e5e0efd2868b4686296)
|
|
(This used to be commit 952eb866f44ac0d8ba2032cf251d3a4298a750d3)
|
|
(This used to be commit 908b70f3e23846d0b438a68e45e076e65016e95e)
|
|
Jeremy.
(This used to be commit 146fb9d12bd3621087193f439e99c13d609ff658)
|
|
spotted by alexander bokovoy.
it shouldn't break anything. if it's wrong, feel free to revert but
explain why.
J.F.
(This used to be commit 638c692525c050ecdf414d461ef6b4aed3ce51db)
|
|
POLICY_HND structure when passing new handles back from the appropriate
cli_* functions. When closing the policy handle free the memory.
Insure (and indeed other memory checkers) should detect handles that have
not been closed properly as memory leaks. Unfortunately this can only be
done when the program terminates (set insure++.summarize leaks in your
.psrc file) rather than when the policy handle falls out of scope.
Looks like Jeremy has squished all the policy handle leaks at the moment
but more are bound to crop up later.
(This used to be commit 6dc80d625752f0a3ce6fd7b2278095529c6ec29f)
|
|
(This used to be commit 6b20a809020821276b0330810317a4d10c9fdb5a)
|
|
of strdup().
(This used to be commit fb32f7199b8a487757b509555e5a69ec5cae8fbd)
|
|
This is an intermediate check-in. More to come....
(This used to be commit 5b9b152971aa635d484cde45413a7880424ee22d)
|
|
memory between users of shared libs.
Andrew Bartlett
(This used to be commit 41dd5a4d292bb08fa313f6220014cd9b4490237b)
|
|
Jeremy.
(This used to be commit 5b04b5f1df3ee509e7314064966be09e2202b0ef)
|
|
At least with 14 word writes.
Jeremy.
(This used to be commit 24ef6258a16e6b4673f1088d64b79bddcd268df5)
|
|
(This used to be commit 5387e4046f67a1c6ef9e98268268b06a729d5ca4)
|
|
(This used to be commit ddb5753e36b8c5efb48ce5c82c16d970fb8e76b6)
|
|
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
|
|
databases
(This used to be commit 1394e6ed318af5fc740aa5622919f9fd26d5a8d2)
|
|
(This used to be commit a3cea5e9ae3b53ecbc45e61a39cbce0ca1b916aa)
|
|
(This used to be commit 136b9752fc9da86f0ad0e1f46dc389b752975aea)
|
|
(This used to be commit 56662a75f58d35cec1a5b2d6c9a4315d95a22420)
|
|
(This used to be commit 33d49ed68c4d6a66217558b13d960764c235089a)
|
|
Small tidyups.
(This used to be commit 252da94ebb279c47263dfae36fd016d0a29a6dbf)
|
|
Jeremy.
(This used to be commit 3bec83cbe9b863176ca087fd45efa6d1457b502c)
|
|
This commit builds on the auth subsystem to give Samba support for trusting NT4
domains. It is off by default, but is enabled by adding 'trustdomain' to the
'auth methods' smb.conf paramater.
Tested against NT4 only - there are still some issues with the join code for
Win2k servers (spnego stuff).
The main work TODO involves enumerating the trusted domains (including the RPC
calls to match), and getting winbind to run on the PDC correctly.
Similarly, work remains on getting NT4 to trust Samba domains.
Andrew Bartlett
(This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)
|
|
(This used to be commit 413a46292b4e963343abce2428955305052e9cb4)
|
|
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
This adds the 'net' tools to manipulate the trusted domains.
Andrew Bartlett
(This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
|