| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
get Win2k to send a valid signiture in it's session setup reply - which it will
give to win2k clients.
So, I need to look at becoming 'more like MS', but for now I'll get this code
into the tree. It's actually based on the TNG cli_pipe_ntlmssp.c, as it was
slightly easier to understand than our own (but only the utility functions
remain in any way intact...).
This includes the mysical 'NTLM2' code - I have no idea if it actually works.
(I couldn't get TNG to use it for its pipes either).
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
lengths are correct. Attempts to pstrcpy into an fstring or allocated
string should fail in developer builds.
This builds on abartlet's earlier overflow probe for safe_strcpy, but
by clobbering the whole string with a nonzero value is more likely to
find overflows on the stack.
This is only used in -DDEVELOPER mode.
Reviewed by abartlet, tpot.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
The intention is to allow for NTLMSSP and kerberos signing of packets, but
for now it's just what I call 'simple' signing. (aka SMB signing per the SNIA
spec)
Andrew Bartlett
|
| |
|
|
|
|
| |
(for example, query to non-dc)
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
|
|
| |
two layers structure with
- local tdb cache
- remote idmap repository
compiles
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
reason, during a Win2003 installation, when you select 'domain join' it sends
one machine name in the name exchange, and litraly 'machinename' during the
NTLMSSP login.
Also fix up winbindd's logfile handling, so that it matches smbd and nmbd.
(This helps me, by seperating the logs by pid).
Andrew Bartlett
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
(not tested yet)
|
| | |
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-------------------------------------------------------------------------
I think there are basically two problem:
1. Windows clients do not always send ACEs for SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ,
and SMB_ACL_OTHER.
The function ensure_canon_entry_valid() is prepared for that, but tries
to "guess" values from group or other permissions, respectively, otherwise
falling back to minimum r-- for the owner. Even if the owner had full
permissions before setting ACL. This is the problem with W2k clients.
2. Function set_nt_acl() always chowns *before* attempting to set POSIX ACLs.
This is ok in a take-ownership situation, but must fail if the file is
to be given away. This is the problem with XP clients, trying to transfer
ownership of the original file to the temp file.
The problem with NT4 clients (no ACEs are transferred to the temp file, thus
are lost after moving the temp file to the original name) is a client problem.
It simply doesn't attempt to.
I have played around with that using posic_acls.c from 3.0 merged into 2.2.
As a result I can now present two patches, one for each branch. They
basically modify:
1. Interpret missing SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, or SMB_ACL_OTHER
as "preserve current value" instead of attempting to build one ourself.
The original code is still in, but only as fallback in case current values
can't be retrieved.
2. Rearrange set_nt_acl() such that chown is only done before setting
ACLs if there is either no change of owning user, or change of owning
user is towards the current user. Otherwise chown is done after setting
ACLs.
It now seems to produce reasonable results. (Well, as far as it can. If
NT4 doesn't even try to transfer ACEs, only deliberate use of named default
ACEs and/or "force group" or the crystal ball can help :)
-------------------------------------------------------------------------
Jeremy.
|
| |
|
|
| |
genparser works fine, and it is a marvelous tool to store objects in tdb :)
|
| |
|
|
| |
for name->sid.
|
| |
|
|
| |
IP address resolving code.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
differently to W2K, cope with this.
Jeremy.
|
| | |
|
| |
|
|
|
|
| |
Samba. This fixes things like not doing *SMBSERVER etc.
Andrew Bartlett
|
| | |
|
| |
|
|
| |
Andrew Bartlett
|
| | |
|
| | |
|
| |
|
|
| |
a test ...
|
| |
|
|
|
|
| |
function usage.
Andrew Bartlett
|
| |
|
|
|
|
|
| |
all perfectly legit - the region is an fstring in length, but might not
always be, and it is the last peice of code to fail my automated test.
Andrew Bartlett
|
| |
|
|
|
|
| |
failures for some compile-time properties this way.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
|
| |
behaviour we should seperate -g from --enable-developer, and allow developers
to also select --enable-debug if they want.
Andrew Bartlett
|
| | |
|
| |
|
|
| |
command. From Ronan Waide <waider@waider.ie>.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
\\server\share syntax, not just a "share" tconX syntax. This broke interop
with a vendor.
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
was to limit the string to 31 or 32 characters (excluding the null term), so
I've assumed for now that 32 is fine, as this matches current behaviour (well, current behaviour would crash, but anyway...)
Jerry: Can you look at this for me?
Andrew Bartlett
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Fix lingering large offset problems in smbtar etc.
|
| |
|
|
|
| |
without ADS support)
* add "MinorVersion" print server data key and comment on "OSVersion"
|
| |
|
|
|
|
|
|
|
| |
that changed that the client is monitoring.
* couple of comments abnout how we need to validate driver names
on SetPrinter() and AddPrinter()
* up the debug level on some overly verbose dev mode parsing messages
|
| | |
|
