IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
key length in the case of extended security. It does make sense because with
SPNEGO our beloved ASN1 structure gives us the length.
Next test I did to verify this: I modified the server to put in random
garbage, and W2kwks, XP, Vista and W2k3srv still talked to us.
Volker
(This used to be commit f19bd479cee57f064f63659c533ae108885d54a2)
logic in smbd/process.c. All interested (Volker,
Jerry, James etc). PLEASE REVIEW THIS CHANGE.
The logic should be identical but *much* easier
to follow and change (and shouldn't confuse Klockwork :-).
Jeremy.
(This used to be commit d357f8b33594472ffa78d0a112accccc2a8b1fe7)
part of the PocketPC bugfix. I'm trying to get someone who
has a pocketpc to test this.
Jeremy.
(This used to be commit ce25e6b002f39ba084c3430ca832ad4990cf1994)
of the Samba4 timezone handling code back into Samba3.
Gets rid of "kludge-gmt" and removes the effectiveness
of the parameter "time offset" (I can add this back
in very easily if needed) - it's no longer being
looked at. I'm hoping this will fix the problems people
have been having with DST transitions. I'll start comprehensive
testing tomorrow, but for now all modifications are done.
Splits time get/set functions into srv_XXX and cli_XXX
as they need to look at different timezone offsets.
Get rid of much of the "efficiency" cruft that was
added to Samba back in the day when the C library
timezone handling functions were slow.
Jeremy.
(This used to be commit 414303bc0272f207046b471a0364fa296b67c1f8)
Our sessionsetup code now handles raw NTLMSSP connects, so we can go
back to doing what W2K3 does here which is to send no OID's in
the negprot reply when not in a security=ads mode.
Jeremy.
(This used to be commit 38a70185b7ca20677026103d40f61608e7ad0c90)
protocol, ensure the EA size is always correctly set on a query for a file with no EA's.
Jeremy.
(This used to be commit d6ad1f8df05e16152d9c95df56e612fde288d3b4)
reply code to the negprot reply code to cope with
client connections on port 445. Fixes the spurious
"register_message_flags: tdb fetch failed" errors.
* don't run the backgroup LPQ daemon when we are running
in interactive mode.
(This used to be commit 88747a7da351261185222e78e9c8d470ff53a246)
if we negotiated extended security. Do not merge for 3.0.6. Works
with W2K but needs further testing.
Jeremy.
(This used to be commit 284689aa18d2711a9041598cdf490359466f7f77)
then is the client supports it (current clients supported are Samba and
CIFSVFS - detected by the negprot strings "Samba", "POSIX 2" and a bare
"NT LM 0.12" string) then the setting of the per packet flag smb_flag
FLAG_CASELESS_PATHNAMES is taken into account per packet. This allows
the linux CIFS client to use Samba in a case sensitive manner.
Additional command in smbclient "case_sensitive", toggles the
flag in subsequent packets.
Docs to follow.
Jeremy.
(This used to be commit cf84c0fe1a061acc0313f7db124b8f947cdf623d)
patch removes the 'unicode' smb.conf option.
Clients are as always free not to negotiate unicode, but Samba will always
accept unicode in smbd.
Setting 'unicode = no' caused me more client BSODs than any other option
I have seen, and I really want to protect some of our more silly users, who
will, no matter what, select and change every option...
Andrew Bartlett
(This used to be commit 3f9177bd5df68809294335a36919994893ff8ead)
Don't use nstrings to hold workgroup and netbios names. The problem with them is that MB netbios
and workgroup names in unix charset (particularly utf8) may be up to 3x bigger than the name
when represented in dos charset (ie. cp932). So go back to using fstrings for these but
translate into nstrings (ie. 16 byte length values) for transport on the wire.
Jeremy.
(This used to be commit b4ea493599ab414f7828b83f40a5a8b43479ff64)
I think (my changes haven't affected this I believe). Initial support on the
server side for smbclient. Still doesn't work for w2k clients I think...
Work in progress..... (don't change).
Jeremy.
(This used to be commit e5714edc233424c2f74edb6d658f32f8e0ec9275)
copying clobbered buffer areas and doing hashes on them and sending
them onto the wire.
Jeremy.
(This used to be commit 7dfcf714ae2e81fece489640e2341f132c9f567d)
This patch catches up on the rest of the work - as much string checking
as is possible is done at compile time, and the rest at runtime.
Lots of code converted to pstrcpy() etc, and other code reworked to correctly
call sizeof().
Andrew Bartlett
(This used to be commit c5b604e2ee67d74241ae2fa07ae904647d35a2be)
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
Also more insertion of parenthesis to handle struct members called
'free'.
You can now get useful dmalloc output, as long as it is compatible
with your C library. On RH7.1 it looks like you have to rebuild
dmalloc to allow free(0) by default, because something in libcrypt
does that. (sigh)
(This used to be commit 391cbb690196537c8b6292b42c2e27408cc7e249)
The auth_authsupplied_info typedef is now just a plain struct - auth_context,
but it has been modified to contain the function pointers to the rest
of the auth subsystem's components.
(Who needs non-static functions anyway?)
In working all this mess out, I fixed a number of memory leaks and moved the
entire auth subsystem over to talloc().
Note that the TALLOC_CTX attached to the auth_context can be rather long-lived,
it is provided for things that are intended to live as long. (The
global_negprot_auth_context lasts the whole life of the smbd).
I've also adjusted a few things in auth_domain.c, mainly passing the domain as
a paramater to a few functions instead of looking up lp_workgroup(). I'm
hopign to make this entire thing a bit more trusted domains (as PDC) freindly
in the near future.
Other than that, I moved a bit of the code around, hence the rather messy diff.
Andrew Bartlett
(This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
you need to set "use spnego = no" for w2k to be able to join a samba
domain. Otherwise the w2k box will assume we can do kerberos as a KDC
(This used to be commit b5cb57a367a6d9a82e082e2838e83e0997eb4930)
winbindd can do a kinit
this will be removed once we have code that gets a tgt
and puts it in a place where cyrus-sasl can see it
(This used to be commit 7d94f1b7365215a020d3678d03d820a7d086174f)
This allows us to use automagically obtained values in future, and the value
from krb5.conf now.
Also fix mem leaks etc.
Andrew Bartlett
(This used to be commit 8f9ce717819235d98a1463f20ac659cb4b4ebbd2)
subystem.
The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.
This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality. While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.
This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists. It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.
Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.
While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.
The following parameters have changed:
- use rhosts =
This has been replaced by the 'rhosts' authentication method,
and can be specified like 'auth methods = guest rhosts'
- hosts equiv =
This needs both this parameter and an 'auth methods' entry
to be effective. (auth methods = guest hostsequiv ....)
- plaintext to smbpasswd =
This is replaced by specifying 'sam' rather than 'local'
in the auth methods.
The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.
The available auth methods are:
guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)
Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.
Andrew Bartlett
(This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
