summaryrefslogtreecommitdiff
path: root/source
Commit message (Collapse)AuthorAgeFilesLines
* adding Steve's recent changeGerald Carter2003-12-041-0/+7
| | | | updating WHATSNEW
* syncing tree for 3.0.1rc1Gerald Carter2003-12-0498-1113/+2580
|
* This commit was manufactured by cvs2svn to create branchcvs2svn Import User2003-12-012-0/+859
|\ | | | | 'SAMBA_3_0_RELEASE'.
| * I needed a decently parseable format of smbstatus. Looking at smbstatus codeVolker Lendecke2003-12-014-1/+270
| | | | | | | | | | | | | | | | tells me that this should not be expanded, so I implemented net status [sessions|shares] [parseable] Volker
| * Fix spurious error msg. when seq=0.Jeremy Allison2003-12-011-0/+2
| | | | | | | | Jeremy.
| * Ensure the server can cope with multiple secondary transJeremy Allison2003-12-013-0/+24
| | | | | | | | | | requests when signing is turned on. Jeremy.
| * Subtract NT_STATUS from common flag, don't add it...Jeremy Allison2003-12-012-7/+7
| | | | | | | | Jeremy.
| * Ensure we use the same mid for the secondary trans requests, W2K3Jeremy Allison2003-12-011-0/+6
| | | | | | | | | | does this. Jeremy.
| * Don't automatically set nt status code flag unless client tells us it canJeremy Allison2003-12-012-14/+29
| | | | | | | | | | cope. Jeremy.
| * Better fix for client signing bug. Ensure we don't malloc/free trans signingJeremy Allison2003-12-012-36/+40
| | | | | | | | | | state info each packet. Jeremy.
| * Fix signing bug with secondary client trans requests. Turns out the lastJeremy Allison2003-11-301-0/+20
| | | | | | | | | | | | | | packet is the one that matters for checking the signing replies. Need to check the server code does this correctly too.... Bug #832 reported by Volker. Jeremy.
| * Implement 'net rpc group list [global|local|builtin]*' for a select listing ofVolker Lendecke2003-11-282-0/+36
| | | | | | | | | | | | the respective user databases. Volker
| * Fix for pdbedit error code returns (sorry, forgot who sent in the patch).Jeremy Allison2003-11-271-2/+11
| | | | | | | | Jeremy.
| * Only ask for 512 names at a time.Volker Lendecke2003-11-271-8/+19
| | | | | | | | Volker
| * use samr_dispinfo(level == 1) for enumerating domain users so we can include ↵Gerald Carter2003-11-271-17/+34
| | | | | | | | the full name in gecos field; bug 587
| * Patch from Benjamin Riefenstahl <Benjamin.Riefenstahl@epost.de> to addJeremy Allison2003-11-263-13/+651
| | | | | | | | | | | | | | MacOSX (Darwin) specific charset module code. Also had to add AC_CHECK_CPP to configure.in (this took a *long* time to track down) to make autoconf work correctly on Fedora Core 1. Jeremy.
| * Implement "net rpc group members": Get members of a domain group inVolker Lendecke2003-11-262-0/+89
| | | | | | | | | | | | human-readable format. Volker
| * Get rid of a const warningVolker Lendecke2003-11-262-3/+3
| | | | | | | | Volker
| * Merge from 3.0:Andrew Bartlett2003-11-264-13/+15
| | | | | | | | | | | | | | | | | | - NTLM2 fixes, don't force NTLM2 - Don't use NTLM2 for RPC, it doesn't work yet - Add comments to winbindd_pam.c - Merge 64 bit fixes and better debug messages in winbindd.c Andrew Bartlett
| * Patch from Jim McDonough for bug #802. Retrieve the correct ACL group bitsJeremy Allison2003-11-252-0/+45
| | | | | | | | | | if the file has an ACL. Jeremy.
| * allow users to delete jobs with cups printing backendGerald Carter2003-11-252-1/+7
| | | | | | | | | | | | | | The changes the name of the job passed off to cups from "Test Page" to "smbprn.00000033 Test Page" so that we can get the smb jobid back from lpq. Working on bug 770.
| * If signing starts successfully, don't just turn it off automatically ifJeremy Allison2003-11-251-5/+5
| | | | | | | | | | it fails later. Only turn it off automatically if it fails at the start. Jeremy.
| * Patch for #263 from jpjanosi@us.ibm.com.Jeremy Allison2003-11-251-1/+2
| | | | | | | | Jeremy.
| * When server signing is set to "auto", if the client doesn't sign justJeremy Allison2003-11-251-2/+23
| | | | | | | | | | ignore it. Only fail if signing is set to "required". Jeremy.
| * strequal() returns a BOOL, not an int like strcmp(); this fixes a bug in ↵Gerald Carter2003-11-241-2/+2
| | | | | | | | check_bind_response()
| * Added "passwd chat timeout" parameter. Docs to follow.Jeremy Allison2003-11-242-3/+10
| | | | | | | | Jeremy.
| * patch from Matthias Hilbig for bug 467; use the dns name (or IP) as the ↵Gerald Carter2003-11-241-2/+7
| | | | | | | | originating client name when using CUPS
| * more access fixes for group enumeration in LDAP; bug 281Gerald Carter2003-11-246-14/+52
| |
| * (Merge from 3.0)Andrew Bartlett2003-11-232-2/+15
| | | | | | | | | | | | | | | | Patch by emil@disksites.com <Emil Rasamat> to ensure we always always free() each auth method. (We had relied on the use of talloc() only, despite providing the free() callback) Andrew Bartlett
| * Merge from 3.0:Andrew Bartlett2003-11-236-31/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for variable-length session keys in our client code. This means that we now support 'net rpc join' with KRB5 (des based) logins. Now, you need to hack 'net' to do that, but the principal is important... When we add kerberos to 'net rpc', it should be possible to still do user management and the like over RPC. - Add server-side support for variable-length session keys (as used by DES based krb5 logins). Andrew Bartlett
| * (merge from 3.0)Andrew Bartlett2003-11-2235-597/+1157
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes all over the shop, but all towards: - NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... Andrew Bartlett
| * debug and swat fixes from 3.0Gerald Carter2003-11-222-1/+3
| |
| * fix winbind ping call so that SWAT correctly determines if winbindd is ↵Gerald Carter2003-11-221-5/+1
| | | | | | | | running; bug 398
| * Ensure that items in a list of strings containing whitespaceGerald Carter2003-11-223-6/+18
| | | | | | | | | | | | | | | | | | | | | | are written out surrounded by single quotes. This means that both double and single quotes are now used to surround strings in smb.conf. This is a slight change from the previous behavior but needed or else things like printer admin = +ntadmin, 'VALE\Domain, Admin' get written to smb.conf by SWAT.
| * Fix for rename across filesystems. Noticed by Rainer Link ↵Jeremy Allison2003-11-211-5/+95
| | | | | | | | | | | | <link@foo.fh-furtwangen.de>. Jeremy.
| * Fix Jerry's no-proto bug :-).Jeremy Allison2003-11-211-4/+4
| | | | | | | | Jeremy.
| * make sure we don't append the ldap suffix when writing out the ldap XXX ↵Gerald Carter2003-11-211-53/+46
| | | | | | | | suffix values in SWAT; based on tpot's original patch; bug 328
| * Typo fix.Rafal Szczesniak2003-11-201-2/+2
| |
| * Added useful information to debug lines.Rafal Szczesniak2003-11-191-4/+4
| | | | | | | | | | | | | | Patch by metze. rafal
| * Look at error before using it in debug statement.Jeremy Allison2003-11-191-3/+2
| | | | | | | | Jeremy.
| * Group quotas patch from "Heinreichsberger, Helmut" ↵Jeremy Allison2003-11-191-19/+32
| | | | | | | | | | | | <Helmut.Heinreichsberger@wincor-nixdorf.com> Jeremy.
| * Correct fix for '$' termination test.Jeremy Allison2003-11-191-2/+1
| | | | | | | | Jeremy.
| * Fix to correct checking of '$' name termination.Rafal Szczesniak2003-11-181-1/+1
| | | | | | | | | | | | | | Patch by metze. rafal
| * Useful debug message. Patch by metze.Rafal Szczesniak2003-11-181-3/+5
| | | | | | | | rafal
| * Remove unneeded second open for filename ending in '.' now we know it'sJeremy Allison2003-11-182-14/+4
| | | | | | | | | | a mangled name. Added const. Fix inspired by Andrew Bartlett ideas. Jeremy.
| * Ensure we mangle names ending in '.' in hash2 mangling method.Jeremy Allison2003-11-181-1/+1
| | | | | | | | Jeremy.
| * Fix from Andrew Bartlett to fix up the munged-dial problem.Jeremy Allison2003-11-172-6/+16
| | | | | | | | Jeremy.
| * From 3_0:Volker Lendecke2003-11-171-1/+2
| | | | | | | | | | | | | | | | | | This fixes a bug when establishing trust against a german W2k3 AD server. In the bind response to WKSSVC it does not send \PIPE\ntsvcs as NT4 (did not check w2k) but \PIPE\wkssvc. I'm not sure whether we should make this check at all, so making it a bit more liberal should hopefully not really hurt. Volker
| * * make sure we only enumerate group mapping entriesGerald Carter2003-11-173-152/+44
| | | | | | | | | | | | | | (not /etc/group) even when doing local aliases * remove "hide local users" parameter; we have this behavior built into 3.0
| * do not build config_ldap by defaultSimo Sorce2003-11-161-1/+1
| | | | | | | | (forget to remove the module from the default list after testing :-)
View Lorry Controller Status