summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2010-12-10s3-winbind Improve memory handling in NTLMv2-backend plaintext authenticationAndrew Bartlett1-17/+6
Andrew Bartlett
2010-12-10s3-winbind Don't send the LM password to the server, everAndrew Bartlett1-11/+1
This is for the case where we have the plaintext password locally, and can construct the challenge-response values here. We should never ever use the LM password in domain authentication. The last domain controller to only have LM passwords stored was NT 3.5. Andrew Bartlett
2010-12-10s3-libsmb Don't ever ask for machine$ principals as a target.Andrew Bartlett1-30/+6
It is never correct to ask for a machine$ principal as the target of a kerberos connection. You should always connect via the servicePrincipalName. This current code appears to have built up from a series of minimal changes, as the codebase adapted the to lack of a SPNEGO principal from Windows 2008. Andrew Bartlett
2010-12-10s3-client Use NTLMv2 by default in the Samba clientAndrew Bartlett1-2/+2
This matches the improved security measures of Windows Vista. Andrew Bartlett
2010-12-10s3-smbd Don't send SPNEGO principal (rfc4178 hint) by defaultAndrew Bartlett3-0/+15
This patch, based on the suggestion by Goldberg, Neil R. <ngoldber@mitre.org> turns off the sending of the principal in the negprot by default, matching Windows 2008 behaviour. This slowly works us back from this hack, which from an RFC perspective was never the right thing to do in the first place, but we traditionally follow windows behaviour. It also discourages client implmentations from relying on it, as if they do they are more open to man-in-the-middle attacks. Andrew Bartlett
2010-12-10s3-libads Default to NOT using the server-supplied principal from SPNEGOAndrew Bartlett4-6/+19
This principal is not supplied by later versions of windows, and using it opens up some oportunities for man in the middle attacks. (Becuase it isn't the name being contacted that is verified with the KDC). This adds the option 'client use spnego principal' to the smb.conf (as used in Samba4) to control this behaivour. As in Samba4, this defaults to false. Against 2008 servers, this will not change behaviour. Against earlier servers, it may cause a downgrade to NTLMSSP more often, in environments where server names are not registered with the KDC as servicePrincipalName values. Andrew Bartlett
2010-12-08libcli/auth bring ADS_IGNORE_PRINCIPAL in commonAndrew Bartlett1-2/+0
2010-12-08s3-waf: fixed version number handlingAndrew Tridgell2-13/+5
2010-12-07s3:ntlm_auth: support clients which offer a spnego mechs we don't supportStefan Metzmacher1-110/+169
Before we rejected the authentication if we don't support the first spnego mech the client offered. We now negotiate the first mech we support. This fix works arround problems, when a client sends the NEGOEX (1.3.6.1.4.1.311.2.2.30) oid, which we don't support. metze
2010-12-07s3:ntlm_auth: free session key, as we don't use it (at least for now)Stefan Metzmacher1-1/+2
metze
2010-12-07s3:ntlm_auth: fix memory leak in the raw ntlmssp code pathStefan Metzmacher1-0/+2
metze
2010-12-07Make sure that user exists after running add user script before adding sam ↵Bjoern Baumbach1-0/+5
account. Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Tue Dec 7 17:37:52 CET 2010 on sn-devel-104
2010-12-07s3-waf: add configure/declaration checks for fdatasync, readahead and splice.Günther Deschner1-0/+12
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Tue Dec 7 16:50:23 CET 2010 on sn-devel-104
2010-12-07s3-waf: add valgrind configure checks.Günther Deschner1-0/+4
Guenther
2010-12-07s3:registry: improve debug messages about regdb refcount changesMichael Adam1-5/+10
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Tue Dec 7 15:18:03 CET 2010 on sn-devel-104
2010-12-07s3-waf: build vfs_fileid module if possible.Günther Deschner1-0/+9
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Tue Dec 7 14:01:46 CET 2010 on sn-devel-104
2010-12-07s3-waf: add support for --with-dnsupdate.Günther Deschner2-2/+11
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Tue Dec 7 13:07:51 CET 2010 on sn-devel-104
2010-12-07s3-waf: fix the build of nsstest in the non-devel build.Günther Deschner1-1/+1
Guenther
2010-12-07s3-waf: fix library names (we installed liblibsmbclient, etc.)Günther Deschner2-38/+38
Guenther
2010-12-07s3-waf: fix pam dependencies of the RPC_SAMR server.Günther Deschner2-0/+2
Guenther
2010-12-06s3: Fix bug 7844: Race in winbindVolker Lendecke1-4/+8
If a child dies, the parent process right away closes the socket. This is wrong, with tevent we still have events pending. This works fine for epoll but does not for at least the FreeBSD select variant. Tevent sticks a closed socket into the select masks. This then returns an error EBADF. When this happens, the parent winbind dies instead of forking a new child. This moves the socket close from the SIGCHLD cleanup function to the socket receiver. I could not reproduce the parent death anymore and it did not create an obvious fd leak. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Dec 6 23:21:02 CET 2010 on sn-devel-104
2010-12-06s3: Fix bug 7842: WINBIND_LOOKUPRIDS does not return the proper domain nameVolker Lendecke3-1/+5
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Dec 6 21:18:07 CET 2010 on sn-devel-104
2010-12-06s3: Fix bug 7841: WINBINDD_LOOKUPRIDS asks the wrong domainVolker Lendecke1-1/+1
2010-12-06s3: Fix bug 7843: Expand the local SAMs aliasesJeremy Allison1-2/+2
2010-12-06s3-waf: add pam configure checks.Günther Deschner1-2/+69
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Dec 6 17:34:45 CET 2010 on sn-devel-104
2010-12-04Updated french translations from Jean Delvare <jdelvare@suse.de>Holger Hetterich1-111/+96
Autobuild-User: Jim McDonough <jmcd@samba.org> Autobuild-Date: Sat Dec 4 18:23:54 CET 2010 on sn-devel-104
2010-12-03s3-waf: add krb5 configure check for WRFILE_KEYTAB.Günther Deschner1-0/+10
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Dec 3 13:54:25 CET 2010 on sn-devel-104
2010-12-03s3-waf: add krb5 configure checks for enctype 23.Günther Deschner1-0/+25
Guenther
2010-12-03s3-waf: more krb5 configure checks.Günther Deschner1-2/+11
Guenther
2010-12-03Replace lseek()/write()/lseek() triple with pwrite call. We already emulate thisJeremy Allison1-12/+2
inside pwrite under the covers. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Dec 3 03:39:42 CET 2010 on sn-devel-104
2010-12-03posix_fallocate() returns an errno, not -1 on error.Jeremy Allison1-1/+1
2010-12-03Merge the two conflicting allocation codes into one function, ↵Jeremy Allison3-56/+50
vfs_slow_fallocate() and use that from both the truncate and fill_sparse functions. Jeremy.
2010-12-03Oops. Missed adding vfswrap_posix_fallocate to vfs_default_fns table.Jeremy Allison1-0/+1
Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Dec 3 02:26:23 CET 2010 on sn-devel-104
2010-12-02Move posix_fallocate into the VFS where it belongs.Jeremy Allison9-4/+111
Jeremy.
2010-12-02Fix bug #7835 - vfs_fill_sparse() doesn't use posix_fallocate when strict ↵Jeremy Allison1-2/+30
allocate is on Tries posix_fallocate() and then falls back to old code. Jeremy.
2010-12-02s3/selftest: add some FIXMEsBjörn Jacke1-0/+7
this needs some rework. Sourced shell code cannot take arguments, at least no portable shell. This generates errors on the buildfarm sind quite a while.
2010-12-02tests: avoid bash in shebang and fix wrong "==" in testBjörn Jacke1-1/+1
2010-12-01Fix a typo - should be '&&' not '&' when checking for privileges.Jeremy Allison1-1/+1
Jeremy.
2010-12-02s3:smbd: remove some commented out legacy codeMichael Adam1-5/+0
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Thu Dec 2 01:18:19 CET 2010 on sn-devel-104
2010-12-01s3-waf: more krb5 configure checks.Günther Deschner1-0/+24
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Dec 1 19:35:50 CET 2010 on sn-devel-104
2010-12-01s3-waf: add configure check for dirfd and build vfs_syncops vfs_dirsort if ↵Günther Deschner1-0/+5
possible. Guenther
2010-12-01s3-waf: add idmap_ldap to default static module list.Günther Deschner1-1/+1
Guenther
2010-12-01s3-waf: align some krb5/gssapi configure checks with classic build.Günther Deschner1-1/+2
Guenther
2010-12-01s3-waf: avoid module name uppercasing.Günther Deschner7-203/+203
This finally allows mixed case module names like the classic build (./configure --shared_modules=charset_CP850) Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Dec 1 18:39:14 CET 2010 on sn-devel-104
2010-12-01s3: Attempt to please autobuildVolker Lendecke1-1/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Dec 1 08:43:37 CET 2010 on sn-devel-104
2010-12-01s3: Fix a typoVolker Lendecke1-1/+1
2010-12-01s3: Attempt to fix the shadow_copy2 moduleVolker Lendecke1-2/+2
This module is from hell. Please make 100% sure that you did test it properly when touching it! This module has probably given me more grey hair than any other piece of Samba, so PLEASE PLEASE PLEASE be careful here!!!
2010-12-01s3-waf: convert RPC_LSARPC into a subsystem.Günther Deschner2-4/+9
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Dec 1 00:13:58 CET 2010 on sn-devel-104
2010-11-30s3-waf: convert RPC_SAMR into a subsystem.Günther Deschner2-5/+9
Guenther
2010-11-30s3-waf: convert INIT_SAMR into a subsystem.Günther Deschner1-10/+10
Guenther