Age | Commit message (Collapse) | Author | Files | Lines |
|
A patch to make ntlm_auth recognize three new commands in
ntlmssp-client-1 and squid-2.5-ntlmssp:
The commands are the following:
Command: SF <hex number>
Reply: OK
Description: Takes feature request flags similar to samba4's
gensec_want_feature() call. So far, only NTLMSSP_FEATURE_SESSION_KEY,
NTLMSSP_FEATURE_SIGN and NTLMSSP_FEATURE_SEAL are implemented, using the same
values as the corresponding GENSEC_FEATURE_* flags in samba4.
Command: GF
Reply: GF <hex number>
Description: Returns the negotiated flags.
Command: GK
Reply: GK <base64 encoded session key>
Description: Returns the negotiated session key.
(These commands assist a wine project to use ntlm_auth for signing and
sealing of bulk data).
Andrew Bartlett
(This used to be commit bd3e06a0e4435f1c48fa3b7862333efe273119ee)
|
|
(This used to be commit 4c4ae01c671bd35687af686a34824a96828e6b25)
|
|
(This used to be commit c005049043b01e85d42a9c230ed3c41f1a1e185e)
|
|
geteuid()==0. Adapt
it to other "Am I root?" checks.
Jerry, Jeremy, please check this!
Thanks,
Volker
(This used to be commit f777b2d294f7258e676976d7807adbb644c85a2f)
|
|
Maybe bzr is not such a bad idea, then you would probably see less spam on
samba-cvs, sorry for that... :-)
Volker
(This used to be commit 41456b498a181c70707ca1ea80288bd7bdcadcdf)
|
|
(This used to be commit 32fbf66a4be3d1cc0251f00e54020bf2dbd0dfb0)
|
|
(This used to be commit 844c98eab475ea047aeaae3ef1250897413cc823)
|
|
rpc-lsa test even considers NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED not to be an
error.
Before someone re-activates this, show me a working sniff please :-)
Volker
(This used to be commit b185fb9fa61d89b612870c2fdd9e112c9e7ae57c)
|
|
_XOPEN_SOURCE_EXTENDED
#defined getsockopt uses an int* as socklen parameter.
Volker
(This used to be commit 0b78da62f7481c6b3d46eb2f1b586d20b0b10ca5)
|
|
it cannot be mapped and not the hex of the RID. Who wrote that?
(This used to be commit 4e51cf34cf4cbe77957d754952369df3a180f974)
|
|
of the lock array in order to delete them individually
it's also important to make a copy of the *size* of
this array. Otherwise the unlock decrements the termination
index of your for loop :-). Doh ! Big thanks to Volker
for showing me how to set up the build farm to track
this one down. This is not a 3.0.23a issue.
Jeremy.
(This used to be commit 2c82a159ae6a4cc83989f2b453508358db516d67)
|
|
modularizes our interface into the special posix API used on
the system. Without this patch the specific API flavor is
determined at compile time, something which severely limits
usability on systems with more than one file system. Our
first targets are AIX with its JFS and JFS2 APIs, at a later
stage also GPFS. But it's certainly not limited to IBM
stuff, this abstraction is also necessary for anything that
copes with NFSv4 ACLs. For this we will check in handling
very soon.
Major contributions can be found in the copyright notices as
well as the checkin log of the vl-posixacls branch. The
final merge to 3_0 post-3.0.23 was done by Peter Somogyi
<psomogyi@gamax.hu>
(This used to be commit ca0c73f281a2a65a988094a46bb3e46a94011a53)
|
|
share_mode_forall().
Volker
(This used to be commit f97f6cedffdc4d10afcac90a163b93a801acf514)
|
|
(This used to be commit 1a5874588686fb4ece9be70059ff75b975ed2bd5)
|
|
This break local users and 'winbind nested groups' on domain members.
Cannot be helped.
My plans is to move the default domain crud to the client code (pam and
nss libraries) in 3.0.24.
(This used to be commit 8ee22eeab5d06008b363f8bb250dc767ddfbb86a)
|
|
* createupn=[host_upn@realm]
* createcomputer=<ou path top to bottom> (this was previously
the only arg)
(This used to be commit 75054e984e5ca7249b1327630db9d09da974a54e)
|
|
reschedule.
Jeremy.
(This used to be commit 11bab9d57958659c71f053fe8dc0f9156c9f3c1f)
|
|
(This used to be commit 3fea233802dd2f6a5528fdb183a2ff30d572020d)
|
|
* Make sure to lower case all usernames before
calling the create, delete, or rename hooks.
* Preserve case for usernames in passdb
* Flush the getpwnam cache after renaming a user
* Add become/unbecome root block in _samr_delete_dom_user()
when trying to verify the account's existence.
(This used to be commit bbe11b7a950e7d85001f042bbd1ea3bf33ecda7b)
|
|
Disable the one we created and whine.
(This used to be commit 1a7e81a4a8955e643d1c8a54365221a9e2ed8a12)
|
|
grey it out as not remotely manageable
(This used to be commit 859c51cf25a2bb80787a5060156f09c2f0142dfb)
|
|
(This used to be commit 72bac13f21bf2c71538e3b3bafa0fc447e1e8af8)
|
|
* add code to lookup NS records (in prep for later coe that
does DNS updates as part of the net ads join)
(This used to be commit 36d4970646638a2719ebb05a091c951183535987)
|
|
from the client requested access mask.
Jeremy.
(This used to be commit 12490fafc7f98952bf709c4c504f8f2b5646f197)
|
|
that create dispositions that cause O_TRUNC break
oplocks. This simplifies the code - although we have
to keep separate the client requested access mask and
the access mask we actually use to open the file.
Jeremy.
(This used to be commit 3bcd52a4752ec6c2a8f678afa3b7b3646103ad60)
|
|
Volker
(This used to be commit 906720649b4a6c9de9fb6e248e573d3e8fd00ead)
|
|
the client
tried to figure out which role we are.
Needs to go into 23a.
Thanks to Karolin for insisting and setting up the test case :-)
Volker
(This used to be commit 3482bb1ef57e60397df8dcf1b29999161359c42a)
|
|
(This used to be commit 40e267981174840f4f36d1863985ee010ef5074a)
|
|
file unless we really have to (ie. O_CREAT and file
doesn't exist).
Jeremy.
(This used to be commit 788aa15ea24e6dfb61820465b5b881829a64297a)
|
|
Jeremy.
(This used to be commit b3b5aec0eef3bdcae75ce79ffd3ecf21fb1279e7)
|
|
oplocks that were granted when we had released the lock. Fix
strange case where stat open grants a batch oplock on file
create, but grants no oplock on file open.
Jeremy.
(This used to be commit b7374835e6ec0c98fc4020623f0a37c0c173b8aa)
|
|
no way to get all the cases where kernel oplocks are
on and we can't open the file and get the correct
semantics (think about the open with truncate with
an attribute only open - we'd need a vfs change to
add the truncate(fname, len) call). So always drop
the share mode lock before doing any real fd opens and
then re-acquire it afterwards. We're already dealing
with the race in the create case, and we deal with
any other races in the same way. Volker, please
examine *carefully* :-). This should fix the problems
people reported with kernel oplocks being on.
Jeremy.
(This used to be commit 8171c4c404e9f382880c65daa0232f89e560f399)
|
|
DCs isn't resolvable in DNS. The fix is to leave that DC out of the
returned list of DCs. I think the original code intended that anyway,
just didn't quite get it right ('i' wasn't incremented in that code
path, so the loop didn't terminate)
(This used to be commit d7ec9f3cc0439e9e0f4c98988b14ae2155d931b9)
|
|
NO NOT change the winbindd response or request structures
*unless* you test a 32bit wbinfo against a 64bit winbindd.
The structure sizes MUST be the same on 32bit and 64 bit
platforms.
The way to test is to build a 64bit version of Winbind as normal.
Then build a 32bit version using gcc -m32. Now install the 64bit and
32bit versions of libnss_winbindd.so and launch the 64bit winbindd.
Make sure that the responses from both 32bit and 64bit versions
of wbinfo match.
If you don't understand the previous paragraph you don't need to
be changing nsswitch/winbindd_nss.h
(This used to be commit bc03141429273703c540d6120b0c5ca4d0949266)
|
|
(This used to be commit c8b7952843adb75d0b9bb42cfbcfb80e070e8f45)
|
|
Please check.
Volker
(This used to be commit 8c7d6cab19a3b0e68ebb5fe9abb22bcb42703d37)
|
|
(This used to be commit 6c0a690f0a8ec4539b06ad75da0fd91abeb15fa4)
|
|
(This used to be commit 2c7448e43ea82138cdb7f3f6d61372e2027ddc83)
|
|
be lp_lock_spin(). lock spin count is no longer
used. I'll update the man pages.
Jeremy.
(This used to be commit 0451a170c9be88399202abd225af35ddc45023f0)
|
|
Might need to be a parameter ?
Jeremy.
(This used to be commit 98d8d9399bb287319578daaf2a2fb42f3c48f858)
|
|
Jeremy.
(This used to be commit b5aaff665937313370e0e87225e146f9af7b7e67)
|
|
region between detecting a pending lock was needed
and when we added the blocking lock record. Make
sure that we hold the lock over all this period.
Removed the old code for doing blocking locks on
SMB requests that never block (the old SMBlock
and friends).
Discovered something interesting about the strange
NT_STATUS_FILE_LOCK_CONFLICT return. If we asked
for a lock with zero timeout, and we got an error
of NT_STATUS_FILE_LOCK_CONFLICT, treat it as though
it was a blocking lock with a timeout of 150 - 300ms.
This only happens when timeout is sent as zero and
can be seen quite clearly in ethereal. This is the
real replacement for old do_lock_spin() code.
Re-worked the blocking lock select timeout to correctly
use milliseconds instead of the old second level
resolution (far too coarse for this work).
Jeremy.
(This used to be commit b81d6d1ae95a3d3e449dde629884b565eac289d9)
|
|
Guenther
(This used to be commit d73d0ec3d074f1acc4fe1c78d218aabd0fe4118a)
|
|
Jeremy.
(This used to be commit b21ca265a25b3d1e4f154ce0ee4b8757b41cf910)
|
|
test. Phew - that was painful :-). But what it means
is that we now implement lock cancels and I can add
lock cancels into POSIX lock handling which will fix
the fast/slow system call issue with cifsfs !
Jeremy.
(This used to be commit f1a9cf075b87c76c032d19da0168424c90f6cb3c)
|
|
lib/sharesec.c
(This used to be commit 220dd4333032aea238066e3fbec9fca51ed16ddf)
|
|
the snum,
and the decision which token to use (conn or vuser) does not really belong
here, it is better done in the two places where this is called.
Volker
(This used to be commit 0a138888adf7a0f04a38cd911e797e1a379e908b)
|
|
(This used to be commit bcb196d21ea7eb13af02bb0c2fa85f0d363b55a1)
|
|
Jerry, please check.
Thanks,
Volker
(This used to be commit b87c4952216b6302b0e1f22689b5a36b6aa65349)
|
|
toolset.
In 3.0.23 all those commands have been limited to the DC of our primary
domain. Also distinguish calls that may go to remote DCs (search, info,
lookup, etc.) from those that should only go to our primary domain
(join, leave, etc.).
Guenther
(This used to be commit d573e64781667993478a289580fa65c34e847f64)
|