| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
(This used to be commit 6cbdbdf9e1e76837c8ef03e795db11caa74ccf18)
|
|
(This used to be commit 9365c619d6feb15289d963e9e70e1f947b7f8c3f)
|
|
(I renamed the element of the structure).
Andrew Bartlett
(This used to be commit 641652cad97b761ba11d4e89b7c9ad098c7dd1c2)
|
|
clientspreviously joined to the Samba domain
(This used to be commit 9d2e585e5e6f9066c6901aa8d8308734f8667296)
|
|
clientspreviously joined to the Samba domain
(This used to be commit 3802f5895ee18507c6f467bd11db0b1147a6fdfd)
|
|
>Fix for #480. Change the interface for init_unistr2 to not take a length
>but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string.
>This is not the case. Count it after conversion.
>Jeremy.
(This used to be commit e2ab9e54cd0ec0002175cf18ff364f4aebaf85a0)
|
|
but a flags field. We were assuming that 2*strlen(mb_string) == length of ucs2-le string.
This is not the case. Count it after conversion.
Jeremy.
(This used to be commit f82c273a42f930c7152cfab84394781744815e0e)
|
|
me to expose a type arguement to make_sec_desc(). We weren't copying
the SE_DESC_DACL_AUTO_INHERITED flag which could cause errors on
auto inherited checks.
Jeremy.
(This used to be commit 546b2271c08735ac1049a453abac996d794aa364)
|
|
me to expose a type arguement to make_sec_desc(). We weren't copying
the SE_DESC_DACL_AUTO_INHERITED flag which could cause errors on
auto inherited checks.
Jeremy.
(This used to be commit 28b315a7501f42928d73efaa75f74146ba95cf2d)
|
|
fields, bad_password_count and logon_count. Ensure this is stored/fetched
in the various SAMs. As it replaces the unknown_5 field this fits
exactly into the tdb SAM without any binary problems. It also is added
to the LDAP SAM as two extra attributes. It breaks compatibility with
the experimental SAMs xml and mysql. The maintainers of these SAMs must
fix them so upgrades like this can be done transparently. I will insist
on the "experimental" status until this is solved.
Jeremy.
(This used to be commit 71ecd10181cd35313b79f618c2928c2f45424812)
|
|
fields, bad_password_count and logon_count. Ensure this is stored/fetched
in the various SAMs. As it replaces the unknown_5 field this fits
exactly into the tdb SAM without any binary problems. It also is added
to the LDAP SAM as two extra attributes. It breaks compatibility with
the experimental SAMs xml and mysql. The maintainers of these SAMs must
fix them so upgrades like this can be done transparently. I will insist
on the "experimental" status until this is solved.
Jeremy.
(This used to be commit cd7bd8c2daff3293d48f3376a7c5a708a140fd94)
|
|
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
|
|
info delta correctly and thus crash when doing a net rpc samdump.
The easiest thing at the moment it to comment out these functions as
they seriously don't correspond with reality (netmon/ethereal) and the
data in the containers aren't used anyway.
(This used to be commit 695aa39c5d798b112f0a06281b499fcac8a5bf31)
|
|
call.
(This used to be commit dd2cf4897ec3db25c24a2724ffdef4f905625f6a)
|
|
(This used to be commit 398bd14fc6e2f8ab2f34211270e179b8928a6669)
|
|
(This used to be commit a6a39c61e8228c8b3b7552ab3c61ec3a6a639143)
|
|
(This used to be commit 024d32f79390210bee6da8e75c228a4aaa7fe6b0)
|
|
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
|
|
(This used to be commit a2bd8f0bfa12f2a1e33c96bc9dabcc0e2171700d)
|
|
(This used to be commit 15d2bc47854df75f8b2644ccbc887d0357d9cd27)
|
|
* use DsEnumerateDomainTrusts() instead of LDAP search.
wbinfo -m now lists all trusted downlevel domains and
all domains in the forest.
Thnigs to do:
o Look at Krb5 connection trusted domains
o make sure to initial the trusted domain cache as soon
as possible
(This used to be commit 0ab00ccaedf204b39c86a9e1c2fcac5f15d0e033)
|
|
trusted domains in a forest.
(This used to be commit c691c7f7d9afb8af542dc83cf934df1dfd38ef17)
|
|
time. )-:
(This used to be commit 59dae1da66a5eb7e128263bd578f167d8746e9f0)
|
|
(This used to be commit ba4d334b822248d8ab929c9568533431603d967e)
|
|
(This used to be commit e66541d0e1befec5d589890994454dd639ea0665)
|
|
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE
(This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
|
|
the schannel code, but I've included that anyway. :-)
This patch revives the client-side NTLMSSP support for RPC named pipes
in Samba, and cleans up the client and server schannel code. The use of the
new code is enabled by the 'sign', 'seal' and 'schannel' commands in
rpcclient.
The aim was to prove that our separate NTLMSSP client library actually
implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation,
in the hope that knowing this will assist us in correctly implementing
NTLMSSP signing for SMB packets. (Still not yet functional)
This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with
calls to libsmb/ntlmssp.c. In the process, we have gained the ability to
use the more secure NT password, and the ability to sign-only, instead of
having to seal the pipe connection. (Previously we were limited to sealing,
and could only use the LM-password derived key).
Our new client-side NTLMSSP code also needed alteration to cope with our
comparatively simple server-side implementation. A future step is to replace
it with calls to the same NTLMSSP library.
Also included in this patch is the schannel 'sign only' patch I submitted to
the team earlier. While not enabled (and not functional, at this stage) the
work in this patch makes the code paths *much* easier to follow. I have also
included similar hooks in rpccleint to allow the use of schannel on *any* pipe.
rpcclient now defaults to not using schannel (or any other extra per-pipe
authenticiation) for any connection. The 'schannel' command enables schannel
for all pipes until disabled.
This code is also much more secure than the previous code, as changes to our
cli_pipe routines ensure that the authentication footer cannot be removed
by an attacker, and more error states are correctly handled.
(The same needs to be done to our server)
Andrew Bartlett
(This used to be commit 5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19)
|
|
Fixes remote printer publishing of shared printers from a Samba server.
(This used to be commit 7f363fa32d3b660567fc87d5d0b1e1d4dd58461a)
|
|
purpose. Replace with an array of SAM_ACCOUNT/DOMAIN_GRP entries.
ZERO struct's in smbd/uid.c stops core dumps when sid_to_XX
functions fail. Getting ready to add caching.
Jeremy.
(This used to be commit 9d0692a54fe2cb087f25796ec2ab5e1d8433e388)
|
|
strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
|
|
- The 'not implmented' checks are now done by all auth modules
- the ntdomain/trustdomain/winbind modules are more presise as to
what domain names they can and cannot handle
- The become_root() calls are now around the winbind pipe opening only,
not the entire auth call
- The unix username is kept seperate from the NT username, removing the
need for 'clean off the domain\' in parse_net.c
- All sid->uid translations are now validated with getpwuid() to put a very
basic stop to logins with 'half deleted' accounts.
Andrew Bartlett
(This used to be commit 85f88191b9927cc434645ef4c1eaf5ec0e8af2ec)
|
|
When winbindd is running on a PDC the SAM_ACCOUNT for a trusted user
has a username of DOMAIN\user. Make sure to trim the domain part
from the username when filling in the net_sam_logon reply.
This fixes the browsing issues i was seen across domain trusts.
(This used to be commit 62e36e6ede067ace23f5473d04917c7eeedf07e2)
|
|
Jeremy.
(This used to be commit 7ed1118ae61a13de2c781a94fc2394090efd1f9b)
|
|
not sorting returned ACE's correctly w.r.t. W2K - implemented the correct
algorithm.
Jeremy.
(This used to be commit fa23a4158ec23c0b8dbdc6c53f29958243107dee)
|
|
(This used to be commit 944480b89a829f159cabff100d83a72400aa6b6c)
|
|
Jeremy.
(This used to be commit 72ecdb387db60a4afab4d4fabf76f4c1d7ecbeeb)
|
|
leak memory.
Jeremy.
(This used to be commit 07a76eb2e01833d5e2e447391cffeda712118c20)
|
|
(This used to be commit 7f8634c35aed0d8c3fe8f7700ca1175c10b6e031)
|
|
* quit obsessing over the sequence number so much
* share the updated sequence number between parent
and child winbindd processes in dual mode
(This used to be commit 6fb5bdb30e2b1341ba600ce0dfd397394f7a831c)
|
|
Jeremy.
(This used to be commit d6f23166420d89ea7d3d5433e3234529681cb330)
|
|
This gets us closer to W2k+ in what we return for file ACLs. Fix horribly
broken make_sec_desc() that screwed up the size when given a SD with no
owner or group (how did it get this bad... ?).
Jeremy.
(This used to be commit 183c9ed4052ab14e269ed1234ca557053f77e77a)
|
|
it was becuase I ran out of disk quota.
(This used to be commit 10cbec05a7bfe2fab54940329c5b348d5e524f29)
|
|
here's a small patch which renames the symbol 'log' to some better names
to avoid compiler warnings about shodow global var 'log'
in proto.h
we now have a GLOBAL_SECTION_SNUM -1
so we should use it in swat too:-)
(This used to be commit a4733a0748b4d24457558304ad47852c69905cb2)
|
|
back a different sized blob of encrypted password data then we were
expecting. There's an extra 32 bytes of unknown stuff.
(This used to be commit 285952fd626b02362fb6732f90c5a3ce0d2d5ae0)
|
|
Volker
(This used to be commit 9d2d570caa4dad194534249cd5e4dc4984b4002e)
|
|
Volker
(This used to be commit 47c36290db5e1f84ddf78913b3971aea04d243ab)
|
|
(This used to be commit 7fd7af121ee8ba4f9540394f64fe3c78e2e96cd2)
|
|
(This used to be commit fd0cd6200b4b9b4b002dc5b640620c3fb533873b)
|
|
a pstrcpy/fstrcpy or at most a safe_strcpy().
These have the advantage of being compiler-verifiable.
Get these out of the way, along with a rewrite of 'get_short_archi' in the
spoolss client and server. (This pushes around const string pointers, rather
than copied strings).
Andrew Bartlett
(This used to be commit 32fb801ddc035e8971e9911ed4b6e51892e9d1cc)
|
|
It can itself determine the length of the string it has to
transfer. Andrew B., could you take a look at the length calculation?
Is that safe?
Thanks,
Volker
(This used to be commit d5f1082753f84f0e3a22739055b6b9cbde29faa9)
|
