Age | Commit message (Collapse) | Author | Files | Lines |
|
The problem was the NTLMv2 uses extra data in order to make reply/lookup
more difficult. That extra data includes the hostname, and the domain.
This matches Win2k (sort of) by sending this information.
Win2k connects with LMCompatibilityLevel=5 without a problem.
We can change the negotiation bits if we want, this should allow us to make
NTLMv2 the default for other clients as well.
Some of the extra #defines were found in the squid source.
Andrew Bartlett
(This used to be commit 17a5f67b3d1935baf6197ae967624eb847b66ac8)
|
|
Importantly:
The removal of the silly 'delete user script' behaviour when secuity=domain.
I have left the name the same - as it still does the (previously documented,
but not in smb.conf(5)) sane behaviour of deleting users on request.
When we decide what to do with the 'add user' functionality, we might
rename it.
Andrew Bartlett
(This used to be commit cdcfe3671eb7570e15649b77f708e6579055e7bc)
|
|
didn't make any sense, and its was always just strlen(password) anyway.
This fixes it to be strlen(password)+1
Andrew Bartlett
(This used to be commit c205b18bd6b9b69200ff3db55f2c641631d4ab40)
|
|
Jeremy.
(This used to be commit f536ec62242c5c644e03afa19f4a3ebedf36f80d)
|
|
my removal of the goto. Oops !
Jeremy.
(This used to be commit 4d3679e03e0c30602b1345cbf2fbf8587dff1f26)
|
|
Jeremy.
(This used to be commit 5c8351228c55f2403214351f6fd16fe231aee917)
|
|
Jeremy.
(This used to be commit 490b95a35d1e2ccd3b80db5cfcf7b9804901d36e)
|
|
Jeremy.
(This used to be commit 7e6db250804e51ce0883b972831da455d389cdcd)
|
|
Make some code static, add some const to the PAM code, and make the plaintext
password code actually function - particulary without the requirement to
modify the 'struct passwd' (which it assumed was made up of fstrings)
This kills some particularly ugly code in lib/util_pw.c
Andrew Bartlett
(This used to be commit 302dad4990ba5194f072e435465d9adaa089ae06)
|
|
Jeremy.
(This used to be commit d4dbb9cb1338332bda3651dc4b86abcf47e9c2d2)
|
|
another smbd and an incoming SIGUSR1 message arrived we'd break out of
the wait early - as we have to use sys_select() to wait for an oplock
response message, not sys_select_intr() (which ignores EINTR errors)
because of the real time signal kernel interface.
Jeremy.
(This used to be commit 3bb26957e3e7fb5059d21115546d189eaca34646)
|
|
Jeremy.
(This used to be commit fda7a11b093315a77ca1199119b5421a029ee883)
|
|
Jeremy.
(This used to be commit 174df5d914b149e52bf260e6502f2436c2720958)
|
|
(This used to be commit 37f1cd013da073ca23fd9b16ee8cfbf9a3e6cbd9)
|
|
cleanup some of the code in net_rpc_join re const warnings and
fstrings.
Passdb:
Make the %u and %U substituions in passdb work.
This is done by declaring these paramters to be 'const' and doing
the substitution manually. I'm told this is us going full circle,
but I can't really see a better way.
Finally these things actually seem to work properly...
Make the lanman code use the pdb's recorded values for homedir etc
rather than the values from lp_*()
Add code to set the plaintext password in the passdb, where it can
decide how to store/set it. For use with a future 'ldap password
change' option, or somthing like that...
Add pdb_unix, so as to remove the 'not in passdb' special cases from the
local_lookup_*() code. Quite small, as it uses the new 'struct passwd ->
SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd)
Other:
Fix up the adding of [homes] at session setup time to actually pass
the right string, that is the unix homedir, not the UNC path.
Fix up [homes] so that for winbind users is picks the correct name.
(bad interactions with the default domain code previously)
Change the rpc_server/srv_lsa_nt.c code to match NT when for the
SATUS_NONE_MAPPED reply: This was only being triggered on
no queries, now it is on the 'no mappings' (ie all mappings failed).
Checked against Win2k.
Policy Question: Should SID -> unix_user.234/unix_group.364 be
considered a mapping or not? Currently it isn't.
Andrew Bartlett
(This used to be commit c28668068b5a3b3cf3c4317e5fb32ec9957f3e34)
|
|
and there is no real reason for it to depend on more than the abilty
to compile the code.
(This used to be commit 64aaec137e39595e6e61b55eb525615683a1393c)
|
|
(This used to be commit 078e81530e9bc4e5f0b8e18aff0488386bce29a5)
|
|
This option was badly maintained, useless and confused our users and
distirbutors. (its SSL, therfore it must be good...)
No windows client uses this protocol without help from an SSL tunnel.
I can't see any reason why setting up a unix-side SSL wrapper would
be any more difficult than the > 10 config options this mess added
to samba in any case.
On the Samba client end, I think the LIBSMB_PROG hack should be
sufficient to start stunnel on the unix side. We might extend this
to take %i and %p (IP and port) if there is demand.
Andrew Bartlett
(This used to be commit b04561d3fd3ee732877790fb4193b20ad72a75f8)
|
|
funcitons.
(This used to be commit c37c1e39253d9d21f8ab38ab8d24f7e787008596)
|
|
that only contains an "everyone" DACL doesn't apply this to user and group
entries also.
Jeremy.
(This used to be commit 2f67f39d219bbe110d52ed2680fd8ac57946756f)
|
|
in '.' as invalid long filenames (special treatment for '.' and '..' which
are valid - yes Andrew I did this without strlen :-) :-).
Jeremy.
(This used to be commit 3180d8ba4ace9417033039d61d04c255da6f6a01)
|
|
check for OS/2 EA set. This caused Macromedia movie files to not export
correctly onto a Samba share. Originally spotted by Michel Stoop stoop@ncg.nl.
Jeremy.
(This used to be commit 6b4affde167104c760bd8dc3c8906511a7642853)
|
|
(This used to be commit d926cc989690684ec4799ebb3a3a01e8d4173de6)
|
|
Jeremy.
(This used to be commit 459f8634c1ced78abda30f1d5b7888f428aade6b)
|
|
Jeremy.
(This used to be commit a7768b9b6fa7522d6afebc43f41a495b8d8ab961)
|
|
name, pos, size easily.
Might help with access problem.
Jeremy.
(This used to be commit e08d72b3271ae1b155a59ae82acf9d619c22c81f)
|
|
the test revealed 15 collision with 1 Million long file names :-)
Simo.
(This used to be commit 77dc498b6f0c435f082eb2d934920d3f3bef0b65)
|
|
(This used to be commit 38fd99e84176106ed700f637e9292d2a4c1385b4)
|
|
(This used to be commit fb6ce175d479e5bddc239595320f5dc245ac2ec6)
|
|
to be printed, it just means file not found.
Jeremy.
(This used to be commit 25dea499b82da5e84412bf10781adbd240aa46f0)
|
|
what we do is map to the authenticated user when the sid is unmappable
and dos filemodes are enabled
(This used to be commit b6c2ef4f54e7b42125f8c89ee5a62b0ba6b52f59)
|
|
Jeremy.
(This used to be commit 65742067e07195048edcee46dae95a58a4a50950)
|
|
anymore a SNAP/DELL NAS to test.
from Kevin Stefanik.
J.F.
(This used to be commit d0ce52230b456108ad91361b51e30d9a9cb25dff)
|
|
for transfer_file.
Jeremy.
(This used to be commit c7ff521bab838c070931f2b0ece4be3371fbcdbf)
|
|
Jeremy.
(This used to be commit 64974fa334fd757ff5cfd1bd32d7300bf8a6208c)
|
|
Jeremy.
(This used to be commit 68c0eb5ca7bc96cfdc8df07bd84f3e49de024b81)
|
|
(This used to be commit 3e58a1ee83ea0b4347ce24e566445cc6cb67bb3a)
|
|
- fixed the no-extension case of reverse mangling
(This used to be commit 64a2ae5cee4ffc5ae3c902705b6e1050f649e3a5)
|
|
Jeremy.
(This used to be commit b6c466e8800c03d154381c02a3893f338430b82d)
|
|
pulling a string
this might explain a serious filename corruption bug that Quantum QA spotted
(This used to be commit a877eae24becad9e0cd5b33ffe0916a20d5ba227)
|
|
(This used to be commit e75e4ad7d3af5beee48b3001fd904eede8df033f)
|
|
(This used to be commit fedc11cab16dbecfdae858fc48d629b9172c0fb8)
|
|
changes its behaviour based on the negotiated protocol for the
SMBdskattr SMB
(This used to be commit b693917530d649e22a677bd3bb1adedbfdd89bba)
|
|
sending the negotiate - try to cope
(This used to be commit 95278aa41f654108d9d20cd0096a34caf175d32b)
|
|
tconx, so win2000 clients don't expect a permissions error in
tconx. We now match this behaviour, by only checking that the
directory exists during tconx and relying on the permissions on other
calls to protect directories
(This used to be commit 4fc476686476da31cc2b45badb05cb0765259f98)
|
|
- the pending mtime overrides the current file time in setfileinfo
- a later wtime can override a mtime on setfileinfo
this fixes the date of file copies in win2000
(This used to be commit 79630bb2c0a99c961a0a1c67223899e39685ee2c)
|
|
All uids and gids must create valid RIDs, becouse other code expects this, and
can't handle the failure case. (ACL code in particular)
Allow admins to adjust the base of the RID algorithm, so avoid clashes with
users brought in from NT (for example).
Put all the algorithm code back in one place, so that this change is global.
Better coping with NULL sid pointers - but it still breaks a lot of stuff.
BONUS: manpage entry for new paramater :-)
counter based rids for normal users in tdbsam is disabled for the timebeing,
idra and I will work out some things here soon I hope.
Andrew Bartlett
(This used to be commit 5275c94cdf0c64f347d4282f47088d084b1a7ea5)
|
|
Jeremy.
(This used to be commit a9895fcb30cdcb572cd254b0d370d79f95c7214d)
|
|
(This used to be commit 699a1d9f46fcc9d6aad56ed1b44d1295ee828b2b)
|
|
randomised filenames
- fixed several mangling bugs that the test suite pointed out
(This used to be commit 858fa7efc34f6e7cdf8500900aed3f7943c91348)
|