samba - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author	Files	Lines
2001-11-26	Fix debug	Andrew Bartlett	1	-1/+1
	(This used to be commit 44224ae156394dac1055c68764c84f758cea6540)
2001-11-26	A number of things to clean up the auth subsytem a bit...	Andrew Bartlett	1	-0/+11
	We now default encrypt passwords = yes We now check plaintext passwords (however aquired) with the 'sam' backend rather than unix, if encrypt passwords = yes. (this kills off the 'local' backed. The sam backend may be renamed in its place) The new 'samstrict' wrapper backend checks that the user's domain is one of our netbios aliases - this ensures that we don't get fallback crazies with security = domain. Similarly, the code in the 'ntdomain' and 'smbserver' backends now checks that the user was not local before contacting the DC. The default ordering has changed, we now check the local stuff first - but becouse of the changes above, we will really only ever contact one auth source. Andrew Bartlett (This used to be commit e89b47f65e7eaf5eb288a3d6ba2d3d115c628e7e)
2001-11-26	challange -> challenge	Tim Potter	1	-8/+8
	(This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)
2001-11-24	This is another rather major change to the samba authenticaion	Andrew Bartlett	1	-30/+142
	subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-10-31	This is a farily large patch (3300 lines) and reworks most of the AuthRewrite	Andrew Bartlett	1	-8/+19
	code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
2001-10-30	Spnego on the 'server' end of security=server just does not work, so set the	Andrew Bartlett	1	-0/+3
	flags so we just do a 'normal' session setup. Also add some parinoia code to detect when sombody attempts to do a 'normal' session setup when spnego had been negoitiated. Andrew Bartlett (This used to be commit 190898586fa218c952fbd5bea56155d04e6f248b)
2001-10-02	Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.	Tim Potter	1	-4/+0
	(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-17	move to SAFE_FREE()	Simo Sorce	1	-1/+1
	(This used to be commit a95943fde0ad89ae3f2deca2f7ba9cb5ab612b74)
2001-09-14	Now that we always get back an NTSTATUS code actually pass it on to the	Andrew Bartlett	1	-16/+4
	auth subsytem. Also kill off the (unneeded) wrapper fuction. Andrew Bartlett (This used to be commit 96f06b490ac5e9fd86debccf8d41675fa41f7726)
2001-09-04	the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but ↵	Andrew Tridgell	1	-4/+3
	the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-08-27	converted another bunch of stuff to NTSTATUS	Andrew Tridgell	1	-1/+1
	(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
2001-08-24	get rid of compiler warnings	Herb Lewis	1	-2/+2
	(This used to be commit 0768991d04ea03e774ca8662c9cae5e1951b88e0)
2001-08-21	Add a new option to disable our paranoid server check.	Andrew Bartlett	1	-1/+1
	Defaults to ON, ie checking (This used to be commit bd3010263be24425206587abfdb41164089e2157)
2001-08-17	smbd/auth_server: Doco, we want to use cli_nt_error here soon	Andrew Bartlett	1	-0/+1
	smbd/password.c: We don't use globals here anymore smbd/reply.c: Tidyness, global_myworkgroup must die! smbd/service.c: Move some of the make_connection code into a helper function. (This used to be commit 15c87e404fcaff9e360a40b8b673938c6e611daf)
2001-08-03	This is my 'Authentication Rewrite' version 1.01, mostly as submitted to	Andrew Bartlett	1	-0/+244
	samba-technical a few weeks ago. The idea here is to standardize the checking of user names and passwords, thereby ensuring that all authtentications pass the same standards. The interface currently implemented in as nt_status = check_password(user_info, server_info) where user_info contains (mostly) the authentication data, and server_info contains things like the user-id they got, and their resolved user name. The current ugliness with the way the structures are created will be killed the next revision, when they will be created and malloced by creator functions. This patch also includes the first implementation of NTLMv2 in HEAD, but which needs some more testing. We also add a hack to allow plaintext passwords to be compared with smbpasswd, not the system password database. Finally, this patch probably reintroduces the PAM accounts bug we had in 2.2.0, I'll fix that once this hits the tree. (I've just finished testing it on a wide variety of platforms, so I want to get this patch in). (This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)