Age | Commit message (Collapse) | Author | Files | Lines |
|
using our own implementation of krb5_lookup_kdc with heimdal. Also,
heimdals krb5_krbhst_next() obviously does not retrieve the struct
addrinfo in the krb5_krbhst_info-struct, using
krb5_krbhst_get_addrinfo() instead.
Guenther
(This used to be commit cca660e109cc94b49ac6bf1f2802235d1d4d4383)
|
|
migration-work. could someone possibly double-check the byte-count?
Guenther
(This used to be commit 27302905e88960d774c82eab6207ff6a918b0235)
|
|
consists of a 16 byte salt, followed by the 16 byte MD5 hash of
the concatination of the salt plus the NThash of the historical
password. Allows these to be exposed in LDAP without security issues.
Jeremy.
(This used to be commit 82e4036aaa2d283534a5bd8149857320fcf0d0dc)
|
|
(Botched LANMAN2 session setup code)
Andrew Bartlett
(This used to be commit 3baa4ef6c58eb13bec1a8ddb1561a504f4a16107)
|
|
pointless. With a well-known session key, we may as well put the
password change directly on the wire, with it's own 'crypted with old
password' as the protection.
This should fix some 'long password change' issues, against Samba in
particular.
Andrew Bartlett
(This used to be commit 554a9132872187077a9c00abb18b9d809c59b7f1)
|
|
correct :-)
When sending a mailslot datagram, get the packet length correction correct.
Volker
(This used to be commit 530e7f09aea22f5782af0c6b333e15e01660b34a)
|
|
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().
For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation. This removes the 'need_reseed'
parameter from generate_random_buffer().
Andrew Bartlett
(This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
|
|
Andrew Bartlett
(This used to be commit 6d594d5bb119b6bc3f4c7699752666ac24d04745)
|
|
This memset could well have clobbered bits of the stack, because
session_key changed from
char session_key[16];
to
DATA_BLOB session_key
Andrew Bartlett
(This used to be commit 54248a405c9459f93f4200ebb0dc71748ae2fc83)
|
|
(This used to be commit 89a11b5d7c0939c9344115ef509cbb0567d7524a)
|
|
in libadskerberos_keyatb.c
(This used to be commit 837f56ec8bc171497fb84d332002776313c26305)
|
|
Meadows" <jameadows@webopolis.com>.
Jeremy.
(This used to be commit 4cc38b8aea51b55cc449cd2144f18de7d4819637)
|
|
Volker
(This used to be commit 43020cf459da24a915a39b770cec95a524d487c7)
|
|
Jeremy.
(This used to be commit 464d2e90480c676688a851a141aabddf992e0b0e)
|
|
it compiles with Heimdal.
Jeremy.
(This used to be commit dd07278b892770ac51750b87a4ab902d4de3a960)
|
|
Can't fix the krb5 memory leaks inside that library :-(.
Jeremy.
(This used to be commit ad440213aaae58fb5bff6e8a6fcf811c5ba83669)
|
|
Jeremy.
(This used to be commit 82c219ea023dd546fcde29569725865a42e4198e)
|
|
then is the client supports it (current clients supported are Samba and
CIFSVFS - detected by the negprot strings "Samba", "POSIX 2" and a bare
"NT LM 0.12" string) then the setting of the per packet flag smb_flag
FLAG_CASELESS_PATHNAMES is taken into account per packet. This allows
the linux CIFS client to use Samba in a case sensitive manner.
Additional command in smbclient "case_sensitive", toggles the
flag in subsequent packets.
Docs to follow.
Jeremy.
(This used to be commit cf84c0fe1a061acc0313f7db124b8f947cdf623d)
|
|
We would start the trans2 state, which is fine, but never pull the
expected reply off the packet queue.
I'm not sure if this is still a major problem after jra's recent 'no
duplicate mids on the list' change, but I think this is correct
anyway.
(This used to be commit ee23a4237d427ce72d6a8c5f180ef48d6454cddc)
|
|
oplock
message, or we mess up the signing sequence number.... Also improve sign error
reporting. Also when deferring an open that had been deferred due to an oplock
break, don't re-add the mid to the pending sign queue or we increment the sequence
number twice and mess up signing again...
I can now bounce between 2 WinXP/Win2003 boxes opening Excel spreadsheets with
signing turned on and get correct "file in use" messages.
Jeremy.
(This used to be commit 1745ce4e2cf7fcb4c27c077973258d157cd241b1)
|
|
our pathname parsing is consistent.
Jeremy.
(This used to be commit 5e8237e306f0bb0e492f10fb6487938132899384)
|
|
kawasa_r@itg.hitachi.co.jp. A couple of mem leak fixes in
mainline code paths though :-).
Jeremy.
(This used to be commit 4695cc95fe576b6da0d0cb0686f208fc306b2646)
|
|
have gotten this right :-)
(This used to be commit 548070274efa12f8c9a4404145d8a2a8c85387b3)
|
|
(This used to be commit 3cb8f1d53583dac0b77495cbcd017c366af59891)
|
|
that the errno is not trashed by a DEBUG statement, but screwed up.
(This used to be commit e642f3e7b7a5fdbb5d12136c909e9c57e7cf1985)
|
|
Make sure we return an error code when things go wrong.
(This used to be commit 21cdb45b54662c7835aea1d16fdd5902cf7a7496)
|
|
I think that the ECONNREFUSED should probably be ENOENT.
(This used to be commit faa8cc18df51c4406815b68caba5ed5b8d43ba18)
|
|
(This used to be commit d80e90d7c19fbcd2f7e998918b4fc6d9310081a3)
|
|
dereferencing it
(This used to be commit c385fb467fc2a669d54b9a2faddbf66f9e4699c6)
|
|
mapping
table
(This used to be commit 31c21d520d030e27e4adc6075a50026724b87173)
|
|
heimdal; also initialize some pointers
(This used to be commit be74e88d9a4b74fcaf25b0816e3fa8a487c91ab5)
|
|
Jeremy.
(This used to be commit 8fe47b0bf27a8ae690ab0fcff377c8fc12919f43)
|
|
Jeremy.
(This used to be commit b2ba4d5c1be6089e3818a20c68e3894432b53d87)
|
|
paths.
Jeremy.
(This used to be commit 88a97beac4f445f2a472167b3e5c0e8e1d019d17)
|
|
Jeremy.
(This used to be commit 6d0bdccaa67a2965fde5f9dff6cdc4059b8fbc90)
|
|
strlen which caused Konqueror to crash
(This used to be commit 5150b62420f6634391196501d0279ef039a7bcc8)
|
|
Volker
(This used to be commit ef80490baf9ce38b505b4b322051ae6e3332d662)
|
|
(This used to be commit 164ff9a192e82be6eaef7b6e7c03e5dc7203f3de)
|
|
ntlmssp code
(This used to be commit a2e93dda24d079693a220b4551d264cba4c2bc82)
|
|
(This used to be commit bf9f02be5fc1d09c8c08c78c3f2df23b2099ba4f)
|
|
because not only does it not work on Heimdal, but also since ccaches
created within samba are memory-based, so we shouldn't touch a
FILE-based one (it was probably created via kinit or similar).
(This used to be commit 5971b0980ca8abae2208f22485c5af4c0dde0459)
|
|
bug 1208. Based on a fix from Guether Deschener.
Outstanding pieces:
- Heimdal FILE-based ccaches don't actually remove creds properly, so we
need to code a check for this
- what if ticket expires between our check and when we use it?
Guenther has coded up fixes for these parts, but I still need
to review them, as I'm not totally comfortable with the solutions.
(This used to be commit ef008b9710e682f87f0bbf526d30eb5114264233)
|
|
with more correct NTLMSSP support in client and server, but it will do
for now.
Also implement LANMAN password only in the classical session setup code, but
#ifdef'ed out. In Samba4, I'll make this run-time so we can torture it.
Lanman passwords over 14 dos characters long could be considered
'invalid' (they are truncated) - so SMBencrypt now returns 'False' if
it generates such a password.
Andrew Bartlett
(This used to be commit 565305f7bb30c08120c3def5367adfd6f5dd84df)
|
|
session key.
(This used to be commit b09d333aed00a7ea599f45105e913d3a3ea25b31)
|
|
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
|
|
normally takes as it's param entry the filename to
be acted upon.... Unless it's UNIX extensions create
hardlink, or UNIX extensions create symlink. Then it's
param -> newfile name
data -> oldfile name.
This caused me to stuff them up in 3.0.2 (and the
client commands link and symlink). Fixed them, everything
is now called oldname and newname - thus specifying which
name should already exist (hint - the old one...) and which
will be created (newname).
Jeremy.
(This used to be commit 21cc6ab7e8a41160a3e2970623ade7445b5214d6)
|
|
all authentication to members of this particular group.
Also implement an option to allow ntlm_auth to get 'squashed' error codes,
which are safer to communicate to remote network clients.
Andrew Bartlett
(This used to be commit eb1c1b5eb086f49a230142ad2de45dc0e9691df3)
|
|
We use cli_state.smb_rw_error to pass this specific case into cli_close_connection()
from smbmount as smb_rw_error can have only selected number of states and
it is ignored in cli_close_connection().
Compiled and tested by Lars Mueller from SuSE on x86, x86_64, ppc, ppc64, s390 and
s390x.
(This used to be commit 738666ce0a310fae14476020fd6dac027b0e3ec5)
|
|
key could
be anything, and may not be based on anything 'NT'. This is also what microsoft
calls it.
(This used to be commit 724e8d3f33719543146280062435c69a835c491e)
|
|
* updateing WHATSNEW with vl's change
(This used to be commit a7e2730ec4389e0c249886a8bfe1ee14c5abac41)
|