| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
The translate_name() used by cli_session_setup_spnego() cann rely
Winbindd since it is needed by the join process (and hence before
Winbind can be run).
|
| |
|
|
| |
3.2.0pre1
|
| |
|
|
|
|
| |
NTSTATUS.
Guenther
|
| |
|
|
|
|
|
|
|
|
| |
left as nonzero as returned by the failed cli_session_setup_spnego. When we then try
to authenticate as the user in cli_session_setup this returns an
error "Bad userid" (as seen in wireshark).
"We should only leave cli->vuid != 0 on success. Looks like it's
getting set in the cli_session_setup_blob_receive() call and not
cleared again on error."
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- make spnego_parse_auth_response() more generic and
not specific for NTLMSSP
- it's possible that the server sends a mechOID and authdata
if negResult != SPNEGO_NEG_RESULT_INCOMPLETE, but we still
force the mechOID to be present if negResult == SPNEGO_NEG_RESULT_INCOMPLETE
- send also the correct OID_KERBEROS5 not only the broken
OID_KERBEROS_OLD one.
metze
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
Long overdue fix....
Jeremy.
|
| |
|
|
| |
replace all data_blob(NULL, 0) calls.
|
| |
|
|
| |
Guenther
|
| |
|
|
|
|
| |
the extended 7 word response for tconX rather than the
3 word one we supported previously.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
removed).
Jeremy.
|
| |
|
|
|
|
| |
to allow client to fragment large SPNEGO blobs (large krb5
tickets). Tested against W2K3R2. Should fix bug #4400.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix longstanding Bug #4009.
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".
Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).
Guenther
|
| | |
|
| | |
|
| |
|
|
| |
policy_handle' over from SAMBA_3_0.
|
| | |
|
| |
|
|
|
| |
on the release side of things.
Jeremy.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
kerberos_kinit_password_ext provides access to more options.
Guenther
|
| |
|
|
|
|
| |
running. More generic error return cleanup in libsmb/
needs doing (everything returning NTSTATUS not BOOL).
Jeremy
|
| |
|
|
| |
Sync with trunk as off r13315
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
of the Samba4 timezone handling code back into Samba3.
Gets rid of "kludge-gmt" and removes the effectiveness
of the parameter "time offset" (I can add this back
in very easily if needed) - it's no longer being
looked at. I'm hoping this will fix the problems people
have been having with DST transitions. I'll start comprehensive
testing tomorrow, but for now all modifications are done.
Splits time get/set functions into srv_XXX and cli_XXX
as they need to look at different timezone offsets.
Get rid of much of the "efficiency" cruft that was
added to Samba back in the day when the C library
timezone handling functions were slow.
Jeremy.
|
| |
|
|
|
|
|
|
| |
spoolss backchannel connection by rewriting
spoolss_connect_to_client(). Ensure that we
save the cli_state* in the rpc_pipe_client struct.
* fix typo in debug message in cli_start_connection"
|
| |
|
|
|
|
|
| |
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
|
| | |
|
| | |
|
| |
|
|
| |
in the tcon&X reply before setting the cli_state->dfsroot flag
|
| |
|
|
| |
using krb5
|
| |
|
|
| |
<derrell.lipman@unwireduniverse.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
cd up and down the tree and get directory listings.
Still have to figure out how to get a directory listing on a
2k dfs root. Also have to work out some issues with relative paths
that cross dfs mount points.
We're protected from the new code paths when connecting to
a non-dfs root share ( the flag from the tcon&X is stored
in the struct cli_state* )
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and SMBsplclose commands (BUG 2010)
* clarify some debug messages in smbspool (also from Mike)
my changes:
* start adding msdfs client routines
* enable smbclient to maintain multiple connections
* set the CAP_DFS flag for our internal clienht routines.
I actualy have a dfs referral working in do_cd() but that code
is too ugly to live so I'm not checking it in just yet.
Further work is to merge with vl's changes in trunk to support multiple
TIDs per cli_state *.
|
| |
|
|
|
| |
gnome vfs to prevent auto-anonymous logon.
Jeremy.
|
| |
|
|
|
| |
Added text explaining units in pdbedit time fields.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
<nalin@redhat.com>
for bug #1717.The rest of the code needed to call this patch has not yet been
checked in (that's my next task). This has not yet been tested - I'll do this
once the rest of the patch is integrated.
Jeremy.
|
| |
|
|
|
|
| |
Thanks!
Volker
|
| |
|
|
|
|
|
| |
<guenter.kukkukk@kukkukk.com>.
Bugid #1590.
Jeremy.
|
| |
|
|
|
|
| |
(Botched LANMAN2 session setup code)
Andrew Bartlett
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
|
| |
paths.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
with more correct NTLMSSP support in client and server, but it will do
for now.
Also implement LANMAN password only in the classical session setup code, but
#ifdef'ed out. In Samba4, I'll make this run-time so we can torture it.
Lanman passwords over 14 dos characters long could be considered
'invalid' (they are truncated) - so SMBencrypt now returns 'False' if
it generates such a password.
Andrew Bartlett
|
| |
|
|
|
|
|
|
| |
to checkout try this:
svn co svn+ssh://svn.samba.org/home/svn/samba/branches/SAMBA_3_0 samba-3_0-work
metze
|
|
|
metze
|
