Age | Commit message (Collapse) | Author | Files | Lines |
|
* don't fall back to unmapped UNIX group for
get_local_group_from_sid()
* remove an extra become/unbecome_root() pair
from group enumeration
(This used to be commit c0f34b42a6a4af09ae4b76721bc350784d87f686)
|
|
<fwc@mt.net>
Jeremy.
(This used to be commit b2d63007608944fff05e45b1f6b312373d022062)
|
|
Volker
(This used to be commit 6b46ee6fd5c47d04e9c61e6cec3f0b16b268cd2d)
|
|
they're easy to miss.
Jeremy.
(This used to be commit b5f32a0869017a3ce457bf45e4aa2c1b621162c6)
|
|
Looking at crash bugs #809 and others.
Jeremy.
(This used to be commit e122891bebd33fc7bd654146a5cbec1feb307555)
|
|
(This used to be commit 818bba4b796440453e5911369adf5bd147e9b961)
|
|
again; bug 846
(This used to be commit 18fe1681c15cc25a41e738e615b759d759f9ecf4)
|
|
(This used to be commit 1bb2281e177d1f312c0c3c117c5b0dcabe57125b)
|
|
bug 770
(This used to be commit d6333ae8d707c17a6fa26a39b14a802bc816ab3f)
|
|
Volker
(This used to be commit d623f695c48736f21a79f02cf669d5bcf39cd920)
|
|
Volker
(This used to be commit f8ffa207e05920f28502b45b550a394aba9648a7)
|
|
tells me that this should not be expanded, so I implemented
net status [sessions|shares] [parseable]
Volker
(This used to be commit ed38341c8a6454a8ec0f8240d83239f6869536b8)
|
|
Jeremy.
(This used to be commit fd71acd1ffb3d3c2f2f82395c86512124769d592)
|
|
requests when signing is turned on.
Jeremy.
(This used to be commit b97596df7834a80b648022e22983cab5dfb0f7dd)
|
|
Jeremy.
(This used to be commit 0ed153af55279ba1e621c688b5e78f842e72ea1e)
|
|
does this.
Jeremy.
(This used to be commit e5bb3fdf4c8b2bb5b098bfbc0b4b80d947aeac6c)
|
|
cope.
Jeremy.
(This used to be commit dd1ac8d5eba060dcd7fdde7449d07bee1dc12b27)
|
|
state info each packet.
Jeremy.
(This used to be commit c662e2dbc4d953b3718f69fef4517a3e7539151e)
|
|
packet is the one that matters for checking the signing replies. Need to
check the server code does this correctly too....
Bug #832 reported by Volker.
Jeremy.
(This used to be commit 315f25fc1710e20051414bbf084cb5648129c3bb)
|
|
the respective user databases.
Volker
(This used to be commit 53b592f4a64742767f37f9c7f8ee0fdf42e686c6)
|
|
Jeremy.
(This used to be commit 37c96290592607b5e731d0b8933be825d93b70f0)
|
|
Volker
(This used to be commit 73cdf724e90d76e97895ae5b1326825bb59bf90e)
|
|
the full name in gecos field; bug 587
(This used to be commit 5482ff71729b623c4561e42b82467bf2d5d64082)
|
|
MacOSX (Darwin) specific charset module code. Also had to add AC_CHECK_CPP
to configure.in (this took a *long* time to track down) to make autoconf
work correctly on Fedora Core 1.
Jeremy.
(This used to be commit a5711943428e4b586fb7f064739c78fa0a3ebd52)
|
|
human-readable format.
Volker
(This used to be commit e5770a9433099f86a1f828a35bbecbe5691c000c)
|
|
Volker
(This used to be commit ab1096d58e2447bc91370e0a7f913d9375658c4c)
|
|
- NTLM2 fixes, don't force NTLM2
- Don't use NTLM2 for RPC, it doesn't work yet
- Add comments to winbindd_pam.c
- Merge 64 bit fixes and better debug messages in winbindd.c
Andrew Bartlett
(This used to be commit ba94e4a1ab6dc3335bbb29686ca6795d0ffad5b0)
|
|
if the file has an ACL.
Jeremy.
(This used to be commit a51d9e947ef012fabf5a13250df6232d23722f68)
|
|
The changes the name of the job passed off to cups
from "Test Page" to "smbprn.00000033 Test Page" so that
we can get the smb jobid back from lpq. Working on bug
770.
(This used to be commit 3a84daf24f80cf44605841c844a0ba516354420b)
|
|
it fails later. Only turn it off automatically if it fails at the start.
Jeremy.
(This used to be commit 2a00d538da61253455db1734b74ef1debaea24ea)
|
|
Jeremy.
(This used to be commit 6543bca0cbf6030d2400e30bb7491237d9c818f8)
|
|
ignore it. Only fail if signing is set to "required".
Jeremy.
(This used to be commit ab5db8873e2882900baa1c74706bb907baaff7fd)
|
|
check_bind_response()
(This used to be commit 84f0e97e5882375b765b818e89a6d96736cd5932)
|
|
Jeremy.
(This used to be commit 4d49fb806db6868f97069a603a28a85dc31cfe21)
|
|
originating client name when using CUPS
(This used to be commit eae48cda0f7f1346cd66d5a581c1273880f214d4)
|
|
(This used to be commit c4ce92e80688fe7fd4b2fde2c31e94baf3e4dca0)
|
|
Patch by emil@disksites.com <Emil Rasamat> to ensure we always always
free() each auth method. (We had relied on the use of talloc() only,
despite providing the free() callback)
Andrew Bartlett
(This used to be commit 58c4963a8389dff4d925548217fabed1c9932abd)
|
|
Add support for variable-length session keys in our client code.
This means that we now support 'net rpc join' with KRB5 (des based)
logins. Now, you need to hack 'net' to do that, but the principal is
important...
When we add kerberos to 'net rpc', it should be possible to still do
user management and the like over RPC.
-
Add server-side support for variable-length session keys (as used by
DES based krb5 logins).
Andrew Bartlett
(This used to be commit 1287cf5f921327c9ea758de46220c4e2dedc485c)
|
|
Changes all over the shop, but all towards:
- NTLM2 support in the server
- KEY_EXCH support in the server
- variable length session keys.
In detail:
- NTLM2 is an extension of NTLMv1, that is compatible with existing
domain controllers (unlike NTLMv2, which requires a DC upgrade).
* This is known as 'NTLMv2 session security' *
(This is not yet implemented on the RPC pipes however, so there may
well still be issues for PDC setups, particuarly around password
changes. We do not fully understand the sign/seal implications of
NTLM2 on RPC pipes.)
This requires modifications to our authentication subsystem, as we
must handle the 'challege' input into the challenge-response algorithm
being changed. This also needs to be turned off for
'security=server', which does not support this.
- KEY_EXCH is another 'security' mechanism, whereby the session key
actually used by the server is sent by the client, rather than being
the shared-secret directly or indirectly.
- As both these methods change the session key, the auth subsystem
needed to be changed, to 'override' session keys provided by the
backend.
- There has also been a major overhaul of the NTLMSSP subsystem, to
merge the 'client' and 'server' functions, so they both operate on a
single structure. This should help the SPNEGO implementation.
- The 'names blob' in NTLMSSP is always in unicode - never in ascii.
Don't make an ascii version ever.
- The other big change is to allow variable length session keys. We
have always assumed that session keys are 16 bytes long - and padded
to this length if shorter. However, Kerberos session keys are 8 bytes
long, when the krb5 login uses DES.
* This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. *
- Add better DEBUG() messages to ntlm_auth, warning administrators of
misconfigurations that prevent access to the privileged pipe. This
should help reduce some of the 'it just doesn't work' issues.
- Fix data_blob_talloc() to behave the same way data_blob() does when
passed a NULL data pointer. (just allocate)
REMEMBER to make clean after this commit - I have changed plenty of
data structures...
Andrew Bartlett
(This used to be commit 57a895aaabacc0c9147344d097d333793b77c947)
|
|
(This used to be commit 52c1973f39f4c4161097843fcf395e0102531575)
|
|
running; bug 398
(This used to be commit cb12d519cc40b964d022886538044e8613931199)
|
|
are written out surrounded by single quotes. This means that
both double and single quotes are now used to surround
strings in smb.conf. This is a slight change from the previous
behavior but needed or else things like
printer admin = +ntadmin, 'VALE\Domain, Admin'
get written to smb.conf by SWAT.
(This used to be commit 59e9d6e301c752e99fb6a50204d7941f7f84566a)
|
|
<link@foo.fh-furtwangen.de>.
Jeremy.
(This used to be commit f68c2ff0f3307612ddbe62b8cc2ea12251d54ec6)
|
|
Jeremy.
(This used to be commit 2b39e3f12a12f0863bf76d996c0d0db422d593bc)
|
|
suffix values in SWAT; based on tpot's original patch; bug 328
(This used to be commit b1d5173b16c40d55cfb6265f1d1947ec78952b6f)
|
|
(This used to be commit d1394f02cb0e369701217ce6610f4efe54438c3a)
|
|
Patch by metze.
rafal
(This used to be commit 91e1be66b1a3aa002f68d8f1c2fc148c1374d365)
|
|
Jeremy.
(This used to be commit 42114b75f2c082522f7806a1af11409609785b06)
|
|
<Helmut.Heinreichsberger@wincor-nixdorf.com>
Jeremy.
(This used to be commit 0984b35fbfd0c9579d2a8a6fa748ade604ad6a82)
|
|
Jeremy.
(This used to be commit b93e44e01edb432e11b9ad6aeb4d4eea0f7fa433)
|