Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit cd9334bd57cd7f544aba0b642c8190d608add7b9)
|
|
pam authentication. This allows us to link in less other crap.
Authenticating with a challenge/response doesn't seem to work though - we
always get back NT_STATUS_WRONG_PASSWORD.
(This used to be commit d85aa1ce83327dda6aa3dcd9bbab9cf6979dda1e)
|
|
Got "medieval on our ass" about const warnings (as many as I could :-).
Jeremy.
(This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
|
|
code.
In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.
Major Changes:
- Fully malloc'ed structures.
- Massive rework of the code so that all structures are made and destroyed
using malloc and free, rather than hanging around on the stack.
- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
to be declared 'invalid' without the chance that people might get ROOT by
default.
- kill off some of the "DOMAIN\user" lookups. These can be readded at a more
appropriate place (probably domain_client_validate.c) in the future. They
don't belong in session setups.
- Massive introduction of DATA_BLOB structures, particularly for passwords.
- Use NTLMSSP flags to tell the backend what its getting, rather than magic
lenghths.
- Fix winbind back up again, but tpot is redoing this soon anyway.
- Abstract much of the work in srv_netlog_nt back into auth helper functions.
This is a LARGE change, and any assistance is testing it is appriciated.
Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.
Needs testing with a wide variety of MS clients.
Andrew Bartlett
(This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
|
|
I understand that Vance is reworking the build_options stuff, so maybe we can
have better way of regenerating this in future.
Andrew Bartlett
(This used to be commit a228e9b39f0a5642d5acaba90a92ba0b29adf689)
|
|
We don't want a 'make headers' (aka make proto) to force a rebuild
of the entire tree.
Andrew Bartlett
(This used to be commit 8c0cb50387cbbcca89d12cefae40a6a02d147ea4)
|
|
Not sure what the original intent was with the [ -f $@ ] test but this
prevented the touch from happening. Could whoever originally added this
target check this out?
(This used to be commit 813490855339cffa31c8734ecd362eba7585bda2)
|
|
(This used to be commit df34e11d84a6fe89dc6654eb10de0a49383e1dea)
|
|
(This used to be commit d23772c306c641a74b5c08c68550c684c206b1a5)
|
|
(This used to be commit 53247f5880150ed7ee831d68a5c0fdbcb1422194)
|
|
NTLMSSP and kerberos support in smbd
(This used to be commit 38a43d75e25bbebe0f6cdfcf389129a842ede842)
|
|
removed some no longer needed i18n stuff from configure.in
(This used to be commit dd3ad91724125df355d1ff9050a1262d9d4f2cbf)
|
|
enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM
(This used to be commit 076aa97bee54d182288d9e93ae160ae22a5f7757)
|
|
of gettext for internationalisation support. There is more to do
(This used to be commit ab7f67677a1ade4669e5c2750d0a38422ea616a9)
|
|
activate you need to:
- install krb5 libraries
- run configure
- build smbclient
- run kinit to get a TGT
- run smbclient with the -k option to choose kerberos auth
(This used to be commit d33057585644e1337bac743e25ed7653bfb39eef)
|
|
an authenticaion object that happens to also be used by winbind. We need to
fix this up at some stage.
In the end it will probably be best if winbind does the login over its own
internally managed connections, not a new one per authenticiaon. Then this
would no longer be an issue, as it could call cli_nt_login_network() directly.
Andrew Bartlett
(This used to be commit 154d0ea4df684944c6bc58cb3f5dc64ee972cf97)
|
|
connections within winbindd.
(This used to be commit 4ea67aeede7f17846d2976241fffca1af44b1784)
|
|
for unicode strings. The new method relies on 3 files that are mmap'd
at startup to provide the mapping tables. The upcase.dat and
lowcase.dat tables should be the same on all systems. The valid.dat
table says what characters are valid in 8.3 names, and differs between
systems. I'm committing the japanese valid.dat here, in future we need
some way of automatically installing and choosing a appropriate table.
This commit also adds my mini tdb based gettext replacement in
intl/lang_tdb.c. I have not enabled this yet and have not removed the
old gettext code as the new code is still being looked at by Monyo.
Right now the code assumes that the upcase.dat, lowcase.dat and
valid.dat files are installed in the Samba lib directory. That is not
a good choice, but I'll leave them there until we work out the new
install directory structure for Samba 3.0.
simo - please look at the isvalid_w() function and think about using
it in your new mangling code. That should be the final step to
correctly passing the chargen test code from monyo.
(This used to be commit 1c221994f118dd542a158b2db51e07d04d0e9314)
|
|
to support 2.0.x style WIn9x driver download.
(This used to be commit d0628d0d2d5f5366179d2508456ae06ce3879be3)
|
|
Jeremy.
(This used to be commit 611bf806d569b70edabbc04a2f5408142370a550)
|
|
used by SWAT into $swatdir/$ln/{help,images,include}
we have still points which needs to discuss, that is how to archive
and install lots of HTML help files and Using Samba files.
-- monyo
(This used to be commit 9ec2d5e96ebb907e66250772057bf5e2601f8ec9)
|
|
server. This is just a framework right now - I want this to eventually
replace the win32 test code from monyo
The interesting this about this test is that it shows up a really
horrible performance bug in our stat cache code. I'll see if I can fix
it.
(This used to be commit eb668b54af4925194c07b217724657f406ec00d0)
|
|
TO enable configure with --with-i18n-swat
to support this gettext is integrated
and a new directories name "po" and "intl" are created.
now these languages are supported:
en - English (default)
ja - Japanese
po - Polish
tr - Turkish
To add your language,
to create ${your_language}.po by translating source/po/en.po
into your language is needed.
some of html and image files of various language version are not
included yet, though message catalogue files are installed.
you need to copy files manually under
${swatdir}/lang/$ln/{help,images,included,using_samba}
And also added a option to intall manual pages:
of various lang version
To enable configure with --with-manlangs
but manual pages themself are not included yet.
(This used to be commit 486b79a6fc4ba20a751aab544bd0f7ccff2b3d19)
|
|
(and thus smbd) every time
(This used to be commit e78d0a3615d74cdd023d2d623abc27ac59356ae0)
|
|
DEBUG(). Also included are details like build date/time, location and
compiler.
This should get most of the options we set, except those that don't affect
smbd, like WITH_PAM_SMBPASSWD or WITH_WINBINDD.
This work due to Vance Lankhaar <vlankhaar@hotmail.com>
Some work needs to be done to make it only rebuild when needed (ie smbd being
rebuilt) but its in pretty good shape already.
Also fix up some printf() -> d_printf().
Andrew Bartlett
(This used to be commit beff1d2beaf4337dba6bfc372c5e09a43cfd791a)
|
|
(This used to be commit c6df98a1e3886edd64c36ae23a8bfed11e6632b6)
|
|
so don't link them as such.
(This used to be commit 3afad9ae012b8fb1bf5eaceca491b76ab32e68b6)
|
|
system-dependent and can allow (when unix password sync = yes) the
'syncronisation' of root's password by a normal user :-(
Andrew Bartlett
(This used to be commit eecda11eef8bff73286c6a3c9f89ed0d1dcd7f73)
|
|
by default in Samba 3.x
- got rid of some unused parameters in Makefile.in
- declare DEBUGLEVEL in debug.h rather than in each file
(This used to be commit b8651acb9c0d7248a6a2e82c33b1e43633fd83fd)
|
|
an ancient file format, not relevant for Samba 3.0
(This used to be commit 954adb630d7c41a45de3a0d656d03499e20727b6)
|
|
replacemnt of stdio that doesn't suffer from the 8-bit filedescriptor
limit that we hit with nasty consequences on some systems
I would eventually prefer us to have a configure test to see if we need
to replace stdio, but for now this code needs to be tested widely so
I'm enabling it by default.
(This used to be commit 1af8bf34f1caa3e7ec312d8109c07d32a945a448)
|
|
which should now be used instead of DEBUG(0) or printf() for
interactive messages
I have only converted client.c to use d_printf(), and the code hasn't
had much testing yet. Eventually we want all interactive code to use
d_printf(), plus SWAT
(This used to be commit 266d8e67669adb329f25676c4bc4d4c50f223428)
|
|
- changed DENY1 and DENY2 tests to only report errors
(This used to be commit 9341e5534d0786e6ad7980e5fd1a0b35d77a2806)
|
|
lib/smbpasswd.c which will contain routines related to manipulating
smbpasswd entries.
- renamed and moved pdb_{get,set}hexpwd() functions
- renamed and moved pdb_{decode,encode}acct_ctrl() functions
- started hiding references to the cruftalicious
NEW_PW_FORMAT_SPACE_PADDED_LEN constant
- started gradual rename of references to acct_ctrl to acb_info which is
the nomenclature used in MSDN and header files
There's still more work to be done. Currently there are several places
where smbpasswd entries are iterated etc. Ideally this should all happen
through the passdb system.
(This used to be commit 4a01e240305fb6fead973beef4937a016b15d744)
|
|
(This used to be commit 99b773217c001b8b89e72561f3ece46bb4ea553e)
|
|
Added bin/samsync target.
(This used to be commit 9c8276dfec2872ed4250a84f48dbb60907aefc4b)
|
|
(This used to be commit e6c0fb75755240e0d14452e421d965617d761507)
|
|
major changes include:
- added NSTATUS type
- added automatic mapping between dos and nt error codes
- changed all ERROR() calls to ERROR_DOS() and many to ERROR_NT()
these calls auto-translate to the client error code system
- got rid of the cached error code and the writebmpx code
We eventually will need to also:
- get rid of BOOL, so we don't lose error info
- replace all ERROR_DOS() calls with ERROR_NT() calls
but that is too much for one night
(This used to be commit 83d9896c1ea8be796192b51a4678c2a3b87f7518)
|
|
(This used to be commit 84998f1fceeef221101a4e332cf53d0e355c4ddf)
|
|
In particuar, it moves the domain_client_validate stuff out of
auth_domain.c to somwhere where they (I hope) they can be shared
with winbind better. (This may need some work)
The main purpose of this patch was however to improve some of the
internal documentation and to correctly place become_root()/unbecome_root()
calls within the code.
Finally this patch moves some more of auth.c into other files, auth_unix.c
in this case.
Andrew Bartlett
(This used to be commit ea1c547ac880def29f150de2172c95213509350e)
|
|
- ported two rpc back from TNG (WINREG: shutdown and abort shutdown)
- some optimizations and changed some DEBUG statement in loadparm.c
- changed rpcclient a bit moved from non reentrant next_token_nr to next_token
- in cmd_reg.c not sure if getopt will work ok on all platforms only setting optind=0
(This used to be commit fd54412ce9c3504a547e232602d6129e08dd9d4d)
|
|
(This used to be commit 2c73ae4ac7ad56730ef22a1b5f6ca3351cf7036e)
|
|
samba-technical a few weeks ago.
The idea here is to standardize the checking of user names and passwords,
thereby ensuring that all authtentications pass the same standards. The
interface currently implemented in as
nt_status = check_password(user_info, server_info)
where user_info contains (mostly) the authentication data, and server_info
contains things like the user-id they got, and their resolved user name.
The current ugliness with the way the structures are created will be killed
the next revision, when they will be created and malloced by creator functions.
This patch also includes the first implementation of NTLMv2 in HEAD, but which
needs some more testing. We also add a hack to allow plaintext passwords to be
compared with smbpasswd, not the system password database.
Finally, this patch probably reintroduces the PAM accounts bug we had in
2.2.0, I'll fix that once this hits the tree. (I've just finished testing
it on a wide variety of platforms, so I want to get this patch in).
(This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)
|
|
built as non-root user, assuming you have permissions set up properly
in your /usr/src/redhat directory.
Added nsswitch sub-target to all target.
(This used to be commit 109840bb3abd75370e8ec14bf08bae35d04bcdaf)
|
|
--with-pam passed to configure.
Fixed nsswitch target to compile the sbin and lib winbind targets.
Winbind still doesn't install its lib targets (libnss_winbind.so and
pam_winbind.so) properly - the install script is a big mess. )-:
(This used to be commit fc83346a43ba59efcdf415437e6b99e68d2561c5)
|
|
(This used to be commit e2ab5e09d0721114f441d7227d4a5be21e8a59c6)
|
|
a sbin program.
Currently the pam and nss modules are installed into @prefix@/sbin - I'm
not sure whether this is a good idea or not. Perhaps they should be left
in the build tree and copied across as needed by hand or a packaging tool.
(This used to be commit 09af934c4aa295bec494740d94de76e5e4497887)
|
|
breakage if there are problems. I will take this out tomorrow if it
causes too many problems.
(This used to be commit f4d9abcac7f8b8fc1b3d380b76fc8c95688b5d5d)
|
|
(This used to be commit 2484f0fc39f931d9c50dff2b89c4d30536ac8c60)
|
|
(This used to be commit f214f6b5d5157782884f3325cb4e39713c454264)
|