Age | Commit message (Collapse) | Author | Files | Lines |
|
sid_peek_check_rid() when trying to find a matching domain
(This used to be commit c63bc300376e5be10585366013449a359b0778c1)
|
|
this already has to be right. This makes the
signed+sealed area the same as it will be with
gss calls. Now to go implement them.
Jeremy.
(This used to be commit 80810af7d1137b3ddd3073581d5ec99fadaa81a5)
|
|
idmap expire time -> idmap cache time
idmap negative time -> idmap negative cache time
(This used to be commit aac2d0af5e870190e99317e8e88b22a9562485b4)
|
|
(This used to be commit 57efba97b634728ae75901cb76b904a5d82986a4)
|
|
the 4 byte length isn't included in the length :-).
We now have working NTLMSSP transport encryption
with sign+seal. W00t!
Jeremy.
(This used to be commit d34584cb5c53c194693ce7236020ab83f60cd235)
|
|
Jeremy.
(This used to be commit 1639366561bd63d7023c54f811e2f87dcbbd0a31)
|
|
Jeremy.
(This used to be commit c7153411f1840e41470311db00d728e1461c56f6)
|
|
client encrypt fail ?
Jeremy.
(This used to be commit 6bd7c05290909ef9f5f377dd141a64ed0d654134)
|
|
exchange. Still not working but closer.
Jeremy.
(This used to be commit 2fde5c703d2390bc6685f34713dc996e69732f1a)
|
|
Now to investigate why it doesn't work :-).
Jeremy.
(This used to be commit 73f7c6cef8371ad63eb1dc3e79bfc78503dbd7a4)
|
|
for testing.
Jeremy.
(This used to be commit 783a7b3085a155d9652cd725bf2960cd272cb554)
|
|
"raw" NTLM auth (no spnego).
Jeremy.
(This used to be commit 6b5ff7bd591b4f65e2eb767928db50ddf445f09a)
|
|
rafal
(This used to be commit 8f313061a4cbc69d8dd17aa282d79d07a9275242)
|
|
(This used to be commit 6cae3cf28155091a3951ecabd1c1b7e5c62d4c16)
|
|
Now for the client part, and testing.
Jeremy.
(This used to be commit 487706701f5f4a92c8fd1da1f29fb44491bac064)
|
|
on the samba-technical ml.
I'll add a 'net ads set attribute=value' utility later
rather than the original 'net ads setmachineupn' patch that
was also posted to the tech ml.
(This used to be commit 5035778ae4b3a5e445faa535c5caf00bc8d220d8)
|
|
PAM_DELETE_CREDS flag set) any user could delete krb5 credential caches.
Make sure that only root can do this.
Jerry, Jeremy, please check.
Guenther
(This used to be commit 947a59a849e9132631ec56b7ade09137e508d5d6)
|
|
(This used to be commit b10410634f6dac532a867be5506cf79886833828)
|
|
idmap domains as these should only be handled by the
winbindd_passdb.c backend
* Allow the alloc init to fail for backwards compatible
configurations like
idmap backend = ad
idmap uid = 1000-100000
....
* Remove the deprecated flags from idmap backend, et. al.
These are mutually exclusive with the new configuration
options (idmap domains). Logging annoying messages
about deprecated parameters is confusing. So we'll try
this apprpach for now.
(This used to be commit 5e30807b4e9c0211c9e2c02deee94543e8f0d855)
|
|
functions that take a gss context handle in includes.h
Jeremy.
(This used to be commit 638b03242d4a6b1df2477dad19240ed61a14a5a3)
|
|
not just an NTLMSSP - grr. This complicates the re-use of
common client and server code but I think I've got it right.
Not turned on of valgrinded yet, but you can see it start
to take shape !
Jeremy.
(This used to be commit 60fc9c0aedf42dcd9df2ef9f1df07eaf3bca9bce)
|
|
handle a
particular SID. Make sure that the passdb backend will accept the same set
range of local SIDs that the idmap system sends it.
Simo, Jerry - this is a 3_0_25 candidate. Can you please review?
(This used to be commit 86a70adb6a2d277f235857451bbee7d530d15310)
|
|
depending on encryption context pointer.
Jeremy.
(This used to be commit d3f3ced6c8a03d971143baf878158d671dfcbc3b)
|
|
The idea is that we have blocking.c:brl_timeout as a timed
event that is present whenever we do have a blocking lock
pending. It fires brl_timeout_fn() which calls
process_blocking_lock_queue().
Whenever we make changes to blocking_lock_queue, we trigger
a recalc_brl_timeout() which sets a new brl_timout event if
necessary. This makes the call to
blocking_locks_timeout_ms() in setup_select_timeout()
unnecessary, this is implicitly done in
event_add_to_select_args() from the timed events.
Volker
(This used to be commit 7e31b8ce21de803ac1f8967967393341a3f44ac3)
|
|
decides smbd
to be idle it might happen that smbd needs to do a winbind operation (for
example sid2name) as non-root. This then fails to get the privileged
pipe. When later on on the same connection another authentication request
comes in, we try to do the CRAP auth via the non-privileged pipe.
This adds a winbindd_priv_request_response() request that kills the existing
winbind pipe connection if it's not privileged.
Volker
(This used to be commit e5741e27c4c22702c9f8b07877641fecc7eef39c)
|
|
Jeremy.
(This used to be commit 184571e4b0283fb1a62c441f10429006656052c8)
|
|
for the server side enc. (doesn't break anything).
I'll keep updating this until I've got NTLM seal working
on both client and server, then add in the gss level
seal.
Jeremy.
(This used to be commit 530ac29abf23e920baa549e7cec55199edd8bd74)
|
|
Relax check for i386 header checks in the PE header of printer
driver files. Thus allowing uploading of x64 print drivers
from 64bit Windows clients.
(This used to be commit 328807ec7b1ce6489d5443a93d1599f93af93933)
|
|
for pointing this out !
Jeremy.
(This used to be commit b69e18c7f167418ca364a85f1dac252f7b549e57)
|
|
(This used to be commit e1fbfbe1c49d3ff1ca71a33e66fae1f2d48fb7a7)
|
|
(This used to be commit fcec3d1c46affbf802fb411913c8cc59c02102fa)
|
|
conn_idle_all() a bit.
Volker
(This used to be commit 3fc00977a99932b226bdcbc43bbc0ede1bcec26f)
|
|
idle event.
Volker
(This used to be commit 6226b30f38cd82531422815ba66a687aab50028d)
|
|
On the way, make lp_keepalive() a proper parameter.
Volker
(This used to be commit 9499fd9c803d030ce9827f8379c2e56d91bb786e)
|
|
can be done
with a become_root/unbecome_root in debug.c.
(This used to be commit 4632a0caaf251d9cc7b9d84cbd20362d37f0e4e0)
|
|
referenced in conn_idle_all().
(This used to be commit c0aaee6d36cf1fb873cfb9ab6ee52ff097a202a0)
|
|
(This used to be commit 52f2c89c0a462a69fe945401ac1a7341e2a6e4ca)
|
|
these out as I implement. Don't add to SAMBA_3_0_25, this
is experimental code.
NFSv4 you're now officially on notice... :-).
Jeremy.
(This used to be commit 5bfe638f2172e272741997100ee5ae8ff280494d)
|
|
Jeremy.
(This used to be commit f18e87ba6b6a3f4c16777cb5b6bf93a656800247)
|
|
Jeremy.
(This used to be commit d432d81c8321a4444b970169a5c7c3c5709de8e5)
|
|
get_a_printer_2_default() as well
(This used to be commit 5b47c4e5c25550ad72f9e558bb50f237ba28f81e)
|
|
when fetching a printer from ntprinters.tdb.
Slightly modified from original version submitted on
samba-technical ml by Andy Polyakov <appro@fy.chalmers.se>
(This used to be commit e859e1fdcd13c55746a53b5de4a02a3278f41815)
|
|
* Fix getgroups() call called using a normalized name
* Fix some more name mappings that could cause for example
a user to be unable to unlock the screen as the username
would not match in the PAM authenticate call.
(This used to be commit 505fc669a1b2c36e1639924b9639c97988056d8d)
|
|
Guenther
(This used to be commit 663514e511982437c09d45334b8d435448347ed6)
|
|
Guenther
(This used to be commit f55e1a312e75dc72ea040a35a9c20ccf539c4ae4)
|
|
doesn't
make sense as long as it doesn't work as an lp_unload().
Guenther
(This used to be commit 128ea9bebbb215e41d2f0576e1a73c6a362b7467)
|
|
Guenther
(This used to be commit eb34ebd9e76061417200a286c2831394be04529b)
|
|
(This used to be commit d0d16cc55ab830dcfd4f8c6c7bf64d2b9b6dd55b)
|
|
(This used to be commit ff886436b739bbb5c00a67de970841205a3f447c)
|
|
the MIT gss libraries *SUCK*, move the frees to the end
of the function so MIT doesn't segfault.....
Add a comment so that another engineer knows why I did
this.
Jeremy.
(This used to be commit 1a2be06d4a1131952a97f94b05ae69b1dce4c300)
|