Age | Commit message (Collapse) | Author | Files | Lines |
|
<fwc@mt.net>
Jeremy.
(This used to be commit 3a8fe3b2ef30cbe0cf441d6c4ffa9c309dc71e54)
|
|
requests when signing is turned on.
Jeremy.
(This used to be commit 206464a748a59b1d485d4d3d0cb4d257d60fbd00)
|
|
Jeremy.
(This used to be commit 4e73faa7b4af7f73bdce9fcc2ee1825249dc7da7)
|
|
cope.
Jeremy.
(This used to be commit 0d82ac57a59276adb403f8e023578c2d6d5136e4)
|
|
if the file has an ACL.
Jeremy.
(This used to be commit 7bf5ed30ce74ba658ca35059955748c1d8cbd6d2)
|
|
Jeremy.
(This used to be commit 16097f2072085432f4c669d9e008023f36f7afbb)
|
|
(This used to be commit 68283407e0f366d8315f4be6caed67eb6fe84b85)
|
|
- NTLM2 support in the server
- KEY_EXCH support in the server
- variable length session keys.
In detail:
- NTLM2 is an extension of NTLMv1, that is compatible with existing
domain controllers (unlike NTLMv2, which requires a DC upgrade).
* This is known as 'NTLMv2 session security' *
(This is not yet implemented on the RPC pipes however, so there may
well still be issues for PDC setups, particuarly around password
changes. We do not fully understand the sign/seal implications of
NTLM2 on RPC pipes.)
This requires modifications to our authentication subsystem, as we
must handle the 'challege' input into the challenge-response algorithm
being changed. This also needs to be turned off for
'security=server', which does not support this.
- KEY_EXCH is another 'security' mechanism, whereby the session key
actually used by the server is sent by the client, rather than being
the shared-secret directly or indirectly.
- As both these methods change the session key, the auth subsystem
needed to be changed, to 'override' session keys provided by the
backend.
- There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation.
- The 'names blob' in NTLMSSP is always in unicode - never in ascii.
Don't make an ascii version ever.
- The other big change is to allow variable length session keys. We
have always assumed that session keys are 16 bytes long - and padded
to this length if shorter. However, Kerberos session keys are 8 bytes
long, when the krb5 login uses DES.
* This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. *
- Add better DEBUG() messages to ntlm_auth, warning administrators of
misconfigurations that prevent access to the privileged pipe. This
should help reduce some of the 'it just doesn't work' issues.
- Fix data_blob_talloc() to behave the same way data_blob() does when
passed a NULL data pointer. (just allocate)
REMEMBER to make clean after this commit - I have changed plenty of data structures...
(This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
|
|
<link@foo.fh-furtwangen.de>.
Jeremy.
(This used to be commit 598d9d3e5f612133e0528a1a8907745d715b61ed)
|
|
<Helmut.Heinreichsberger@wincor-nixdorf.com>
Jeremy.
(This used to be commit 06c9e9163010a1035f448f76c4084228dc95334f)
|
|
a mangled name. Added const. Fix inspired by Andrew Bartlett ideas.
Jeremy.
(This used to be commit 87eb336d659dfa5e92b495dd76a0f2e534931293)
|
|
Jeremy.
(This used to be commit fc2af591f5a2b08caa7389150c8cc5e298bd0ed4)
|
|
get_peer_name. This is to get closer to the getsockname/getpeername system
functions.
Next step will be the %i macro for the local IP address. I still want to play
%L-games in times of port 445.
Volker
(This used to be commit d7162122eaf5d897e5de51604e431bfbaa20e905)
|
|
Jeremy.
(This used to be commit 154793981a1b2aea2703ef4da4764a322bf90ca0)
|
|
(This used to be commit fc30b6b5473124bad9c2c30b604bc21c9de258c1)
|
|
(This used to be commit 23443e3aa079710221557e18158d0ddb8ff48a36)
|
|
(This used to be commit 8e2c543ebf65e24e73433f69b1c281e1558e9080)
|
|
(This used to be commit f5229d5d62510f981bd08ad8139675b50421e042)
|
|
Jeremy.
(This used to be commit ad06edd1bb58cc5e2c38a364b1af96a933b770af)
|
|
backlog of 5 is way too small these days.
(This used to be commit bbb92d2b0ea6bc10c71bed62924bfc95c11172a5)
|
|
returned.
Jeremy.
(This used to be commit 26bfe37a10f7337acb8c5ac0e04fac7a8dddc769)
|
|
Jeremy.
(This used to be commit 74148111e16a863d5a33511e5b15632a736d7e99)
|
|
<a.bokovoy@sam-solutions.net>.
Jeremy.
(This used to be commit 8b9b635bd2759642c25fe0cea5eefbbe5af44193)
|
|
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at
all and I really want to discourage that.
Jeremy.
(This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
|
|
map in errormap for ERROR_MORE_DATA -> ERRDOS, ERRmoredata.
Jeremy.
(This used to be commit 7eaae388b35cb3d20cdd968b00d65c88fcee5878)
|
|
when reverse connecting back to a client for printer notify.
Jeremy.
(This used to be commit 06aa434c3fdb139e3f3143d19413556945cbcd4f)
|
|
Jeremy.
(This used to be commit 63f331564396e7a4f16dce95bb98d3b6c4b75351)
|
|
sesssetup to fall back to 'user' instaed of failing is REA.LM\user
doesn't exist.
also fix include line in smb_acls.h as requested by metze
(This used to be commit 62ed2598b3441b3c198872df8eb55e594332807b)
|
|
Jeremy.
(This used to be commit 4e00cad645635af66b62c6a5568264a09cf340f3)
|
|
Jeremy.
(This used to be commit 41d1870a51c259f0cf17caf59928a3b38b21ea11)
|
|
Jeremy.
(This used to be commit 5332af1124077f49e84836f5cedfbde98336b142)
|
|
Jeremy.
(This used to be commit d817716519e1b2a619a46563ca44812a020a769a)
|
|
#ifdef HAVE_STAT_ST_BLKSIZE and #ifdef HAVE_STAT_ST_BLOCKS,
respectively.
Fixes bug 550 reported by Joachim Schmitz <schmitz@hp.com>.
(This used to be commit 18adfdbe0c6ed79ba8ac07956b1e7abc226556c3)
|
|
Testing with Samba4 RAW-MUX code.
Jeremy.
(This used to be commit 533847c95d475921b0421ae113f52c44979939d2)
|
|
Jeremy.
(This used to be commit 7622a9dbbded8d07f976ec965adca5e92de3d2b0)
|
|
Jeremy.
(This used to be commit c682fae16a2fa18f951c69ba29b1a576f4e27d6b)
|
|
Jeremy.
(This used to be commit 84c993d9cd0bc57a8b8b9aa716af1336620e2c87)
|
|
Jeremy.
(This used to be commit e7565dbba696adbb0fd8cca6b86a1a7e5a655f2e)
|
|
validated the same way.
Jeremy.
(This used to be commit 6ad2f0ba27566ab3928ccbbbb3c3a64b09ca139c)
|
|
Canonicalise SMB_INFO_ALLOCATION in the same was as SMB_FS_FULL_SIZE_INFORMATION.
Jeremy.
(This used to be commit 166efa30d2d680d8c19529c46ace3db115b43532)
|
|
Jeremy.
(This used to be commit 7fb8a1bd3880b093a884749fc496cd702480752c)
|
|
postexec script
(This used to be commit 497e14ba19f4f637e1203d73981ea1c401a19542)
|
|
mode.
Jeremy.
(This used to be commit f00af98f379463829b1ef62d78dda0365c1d7997)
|
|
up but works for now.
Jeremy.
(This used to be commit 9ad9e0dfafed4558e5ab215991d9912cd44f1127)
|
|
DOS program test by Amir Hardon <hardon@actcom.co.il>.
Jeremy.
(This used to be commit c11a7e5846002b16d0cb2991b5a7df0636b070d5)
|
|
Jeremy.
(This used to be commit 7d7096fc3a899349b46691dcc30b86b04964fe52)
|
|
Jeremy.
(This used to be commit c7f4e56ad5c25d477f20944e5b404ebafda9e1a8)
|
|
afs share -- this is an AFS share, do AFS magic things
afs username map -- We need a way to specify the cell and possibly
weird username codings for several windows domains
in the afs cell
Volker
(This used to be commit 4a3f7a9356cd5068d9ed4fd6e2336d9bf7923fbd)
|
|
Jeremy.
(This used to be commit 9c1bab944526270d2ad79c75894c33f58f8e3845)
|
|
This was my bug when removing a redundant strlen.
Jerry - last showstopper I knew about.
Jeremy.
(This used to be commit 6e6769c20643f784d1b5023df3071a35d2e5bf89)
|