| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
tridge, martin, if you think it's wrong , you can revert it.
J.F.
(This used to be commit f057d62aae620b042903dae61a19628cb57aba39)
|
|
This kills off the offending code in smbpasswd -j -Uab%c
In the process we have changed from unsing compelatly random passwords
to random, 15 char ascii strings. While this does produce a decrese in
entropy, it is still vastly greater than we need, considering the application.
In the meantime this allows us to actually *type* the machine account
password duruign debugging.
This code also adds a 'check' step to the join, confirming that the
stored password does indeed do somthing of value :-)
Andrew Bartlett
(This used to be commit c0b7ee6ee547dc7ff798eaf8cb63fbe344073029)
|
|
You can change them with either usermanager->policies->account
or from a command prompt on NT/W2K: net accounts /domain
we can add a rpc accounts to the net command. As the net_rpc.c is still
empty, I did not start. How should I add command to it ? Should I take the
rpcclient/cmd_xxx functions and call them from there ?
alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more
for jeremy ;-)
J.F.
(This used to be commit bc28a8eebd9245ce3004ae4b1a359db51f77bf21)
|
|
(This used to be commit c8339ce5c88a371728a329d0e80266fe41c00fee)
|
|
least basic operations work
(This used to be commit 88241cab983b2c7db7d477c6c4654694a7a56cd3)
|
|
This time, all the existing functionality has been moved into
'net rap', ready for new commands in the 'net ads' and 'net rpc' categories.
In particular, we hope to have the abilty to autoselect the appropriate
backend to use based on smb.conf or other paramaters.
This will allow 'net user' to work no matter what the remote server.
The new 'net rpc' command will soon gain a 'net rpc join' and a
'net rpc user' based on the existing samba code.
Also in this commit, the connection establishment code has been almost entirly
reworked, and now has some minor sense of sainity to it.
In particular, we can now connect to hosts *other* than localhost!
We also have the ability to state on a per-command basis whether the 'localhost'
is a sane default value. (A net join, for example, would not be sane against
localhost).
Unfortunetly we have had to make the basic paramaters global variables, but
the 'cli' is not opened and closed on a per-command basis.
Andrew Bartlett
(This used to be commit 8739d426caabe3794a018dd28ab139b08f88b603)
|
|
fixed winbindd_rpc.o typo
(This used to be commit 2ce7f38fe96c6f5faf45d3c71a3c8d3386ea5107)
|
|
also created winbindd_rpc.c which contains the functions that
have been converted to the new structure. There will soon be
a winbindd_ads.c for the ldap backend
(This used to be commit e4ccc602ba65838646f2632120069f3274619dd9)
|
|
J.F.
(This used to be commit 540a6122dc58a216a94a11a36baa209521dd1981)
|
|
happy
(This used to be commit 7dfde592aa47f735c08718844db083500b020a60)
|
|
This allows us to use automagically obtained values in future, and the value
from krb5.conf now.
Also fix mem leaks etc.
Andrew Bartlett
(This used to be commit 8f9ce717819235d98a1463f20ac659cb4b4ebbd2)
|
|
subdirectory.
(The insertion of these files was done with some CVS backend magic, hence the
lack of a commit message).
This also moves libsmb/domain_client_validate.c back into auth_domain.c,
becouse we no longer share it with winbind.
Andrew Bartlett
(This used to be commit 782835470cb68da2188a57007d6f55c17b094d08)
|
|
(This used to be commit 0c1f90402bf6aa403719cef59afd127ae42b0865)
|
|
(This used to be commit db0bee1c68d8d9af3febb841c86cd3d4ade87c7b)
|
|
(This used to be commit 2f8fa175b189c2d11676245b01d3201c0a4f0826)
|
|
this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
|
|
subystem.
The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.
This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality. While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.
This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists. It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.
Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.
While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.
The following parameters have changed:
- use rhosts =
This has been replaced by the 'rhosts' authentication method,
and can be specified like 'auth methods = guest rhosts'
- hosts equiv =
This needs both this parameter and an 'auth methods' entry
to be effective. (auth methods = guest hostsequiv ....)
- plaintext to smbpasswd =
This is replaced by specifying 'sam' rather than 'local'
in the auth methods.
The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.
The available auth methods are:
guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)
Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.
Andrew Bartlett
(This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
|
|
(This used to be commit c7f611691941ca92f57665e19d6e46b161599427)
|
|
More deleted code - hurrah !
Jeremy.
(This used to be commit 48a848f748fb0961c67f17401e294ebf18fdcf1b)
|
|
break them.
installcheck has to find smbd in SBINDIR, not BINDIR.
(This used to be commit 1be6139e148d752ec3619468ee1cca7f61ee16e1)
|
|
(This used to be commit d51ef6bfa3d194b58c3ee7706a7d475ef042676d)
|
|
(This used to be commit 868999ad3c82ad72f11d5b3208b0e42b1ed95096)
|
|
(This used to be commit a779710fff5fddcbf65a8ddc8e9169b586b85481)
|
|
installation.
(This used to be commit 10022753d1d7114eadbe5a83183a6176eff1d7ff)
|
|
default, rather than in preprocessor macros.
(This used to be commit 79ec88f0da40faebe1e587f1b3e87b5f2b184f58)
|
|
Jeremy.
(This used to be commit d70674312d8b98367ccdbbc12fe880f9f539d258)
|
|
Jeremy.
(This used to be commit c17bfe7c365de19193dcf9ace8728866e344d7aa)
|
|
All this stuff was being pulled in due to *one* unneeded call to
fetch a domain SID which smbpasswd already puts in the database...
Jeremy.
(This used to be commit 6bf2505cce7db770fd4db5b19999a78588e96b58)
|
|
Jeremy.
(This used to be commit a7b45bfb713adaaad0dca3dc13139ee5a909a383)
|
|
(This used to be commit f07915072fef1d79549da7b92775c5aaf3c552da)
|
|
locations, so we can't do "make check" yet, only "make installcheck".
(This used to be commit 7d8610c4fed555bf478dad793c84fbaf5b3c86ff)
|
|
Satyr framework from the buildfarm. This will eventually be copied
into the Samba source tree, but it is not yet. See
cvs://samba.org:/data/cvs/satyr
Add "make showlayout" target to show where installation will put
things.
(This used to be commit 7b5b5693f4e374522a333e609b319b9c75bb4501)
|
|
(This used to be commit cd9334bd57cd7f544aba0b642c8190d608add7b9)
|
|
pam authentication. This allows us to link in less other crap.
Authenticating with a challenge/response doesn't seem to work though - we
always get back NT_STATUS_WRONG_PASSWORD.
(This used to be commit d85aa1ce83327dda6aa3dcd9bbab9cf6979dda1e)
|
|
Got "medieval on our ass" about const warnings (as many as I could :-).
Jeremy.
(This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
|
|
code.
In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.
Major Changes:
- Fully malloc'ed structures.
- Massive rework of the code so that all structures are made and destroyed
using malloc and free, rather than hanging around on the stack.
- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
to be declared 'invalid' without the chance that people might get ROOT by
default.
- kill off some of the "DOMAIN\user" lookups. These can be readded at a more
appropriate place (probably domain_client_validate.c) in the future. They
don't belong in session setups.
- Massive introduction of DATA_BLOB structures, particularly for passwords.
- Use NTLMSSP flags to tell the backend what its getting, rather than magic
lenghths.
- Fix winbind back up again, but tpot is redoing this soon anyway.
- Abstract much of the work in srv_netlog_nt back into auth helper functions.
This is a LARGE change, and any assistance is testing it is appriciated.
Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.
Needs testing with a wide variety of MS clients.
Andrew Bartlett
(This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
|
|
I understand that Vance is reworking the build_options stuff, so maybe we can
have better way of regenerating this in future.
Andrew Bartlett
(This used to be commit a228e9b39f0a5642d5acaba90a92ba0b29adf689)
|
|
We don't want a 'make headers' (aka make proto) to force a rebuild
of the entire tree.
Andrew Bartlett
(This used to be commit 8c0cb50387cbbcca89d12cefae40a6a02d147ea4)
|
|
Not sure what the original intent was with the [ -f $@ ] test but this
prevented the touch from happening. Could whoever originally added this
target check this out?
(This used to be commit 813490855339cffa31c8734ecd362eba7585bda2)
|
|
(This used to be commit df34e11d84a6fe89dc6654eb10de0a49383e1dea)
|
|
(This used to be commit d23772c306c641a74b5c08c68550c684c206b1a5)
|
|
(This used to be commit 53247f5880150ed7ee831d68a5c0fdbcb1422194)
|
|
NTLMSSP and kerberos support in smbd
(This used to be commit 38a43d75e25bbebe0f6cdfcf389129a842ede842)
|
|
removed some no longer needed i18n stuff from configure.in
(This used to be commit dd3ad91724125df355d1ff9050a1262d9d4f2cbf)
|
|
enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM
(This used to be commit 076aa97bee54d182288d9e93ae160ae22a5f7757)
|
|
of gettext for internationalisation support. There is more to do
(This used to be commit ab7f67677a1ade4669e5c2750d0a38422ea616a9)
|
|
activate you need to:
- install krb5 libraries
- run configure
- build smbclient
- run kinit to get a TGT
- run smbclient with the -k option to choose kerberos auth
(This used to be commit d33057585644e1337bac743e25ed7653bfb39eef)
|
|
an authenticaion object that happens to also be used by winbind. We need to
fix this up at some stage.
In the end it will probably be best if winbind does the login over its own
internally managed connections, not a new one per authenticiaon. Then this
would no longer be an issue, as it could call cli_nt_login_network() directly.
Andrew Bartlett
(This used to be commit 154d0ea4df684944c6bc58cb3f5dc64ee972cf97)
|
|
connections within winbindd.
(This used to be commit 4ea67aeede7f17846d2976241fffca1af44b1784)
|
|
for unicode strings. The new method relies on 3 files that are mmap'd
at startup to provide the mapping tables. The upcase.dat and
lowcase.dat tables should be the same on all systems. The valid.dat
table says what characters are valid in 8.3 names, and differs between
systems. I'm committing the japanese valid.dat here, in future we need
some way of automatically installing and choosing a appropriate table.
This commit also adds my mini tdb based gettext replacement in
intl/lang_tdb.c. I have not enabled this yet and have not removed the
old gettext code as the new code is still being looked at by Monyo.
Right now the code assumes that the upcase.dat, lowcase.dat and
valid.dat files are installed in the Samba lib directory. That is not
a good choice, but I'll leave them there until we work out the new
install directory structure for Samba 3.0.
simo - please look at the isvalid_w() function and think about using
it in your new mangling code. That should be the final step to
correctly passing the chargen test code from monyo.
(This used to be commit 1c221994f118dd542a158b2db51e07d04d0e9314)
|
