Age | Commit message (Collapse) | Author | Files | Lines |
|
This patch catches up on the rest of the work - as much string checking
as is possible is done at compile time, and the rest at runtime.
Lots of code converted to pstrcpy() etc, and other code reworked to correctly
call sizeof().
Andrew Bartlett
(This used to be commit c5b604e2ee67d74241ae2fa07ae904647d35a2be)
|
|
session key and auth verifier patches.
Andrew Bartlett
(This used to be commit 3f9616a68a855acbae3f405c27ee2358fbe7ba2c)
|
|
(This used to be commit 935c66f6a02c7ba764fbcc643a91833deb588bc0)
|
|
(This used to be commit 77e1178a888f0d380a5ef94911a8f07bf04a7ba3)
|
|
- setenv() replacement
- mimir's ASN1/SPNEGO typo fixes
- (size_t)-1 fixes for push_* returns
- function argument signed/unsigned correction
- ASN1 error handling (ensure we don't use initiailsed data)
- extra net ads join error checking
- allow 'set security discriptor' to fail
- escape ldap strings in libads.
- getgrouplist() correctness fixes (include primary gid)
Andrew Bartlett
(This used to be commit e9d6e2ea9a3dc01d3849b925c50702cda6ddf225)
|
|
Jeremy.
(This used to be commit e79dc0dade1ab1c9f8b3af5c01248bda70cfd582)
|
|
the dog again.
(This used to be commit 6f89ee2c9dc7f03e3dbe7aa734bf67c6a434d135)
|
|
Jeremy.
(This used to be commit 1b71786c161cd8ec4c3c0c6b178370ed50feeef4)
|
|
Jeremy.
(This used to be commit 85dda434763bbcea260c800599e4b6b73afcf174)
|
|
kerberos_verify...
Jeremy.
(This used to be commit e8c4098da619a1429cc4c8251761333a7c0f3458)
|
|
if no kerberos selected. Noticed by Metze.
Jeremy.
(This used to be commit 0c98f779f05431ac4d298c9f021fca85d16aebae)
|
|
to add a function without an explicit #ifdef HEIMDAL which I'm trying
to avoid.
Jeremy.
(This used to be commit 92ecd0bf0fe2cc4f6c86ca48e6e458e726470a50)
|
|
Jeremy.
(This used to be commit 4333be5732de07786254382a4aa41333783d81b5)
|
|
detect for now, I still have vague hopes of hiding the differences
between MIT and Heimdal with a compatibility layer....
Jeremy.
(This used to be commit 54d83de8a23937f1d8179a7e2596df3c50785618)
|
|
*sync up configure.in
*don't build torture tools in make all
*make sure to remove torture tools as part of make clean
(This used to be commit 0fb724b3216eeeb97e61ff12755ca3a31bcad6ef)
|
|
warnings. (Adds a lot of const).
Andrew Bartlett
(This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
|
|
(This used to be commit 9e5297131cc53d7161aa74566f147b98e1c27aaa)
|
|
Check return in ldap.
Jeremy.
(This used to be commit 66eff26fc930e37035bba8672f5fd3aeae71078d)
|
|
Jeremy.
(This used to be commit ec4ed45563f9d8e25fcfd88840944a90b3139c3e)
|
|
Jeremy.
(This used to be commit 8dcbfa4e770d74d4ce6faaf1a0597d07d0a5cc81)
|
|
0x80000000 -> 0xFFFFFFFF would fail as they were being cast
from IVAL (uint32) to SMB_OFF_T (off_t or off64_t, both *signed* types).
The sign extension would cause the offset to be treated as negative.
Thanks to Herb for helping me track this one down (IRIX is good for large
file tests :-).
Jeremy.
PS. That horrid EXEXIST thing has broken configure.....
(This used to be commit 2d14c442bc601a277458b69f05a763aa2a1ab3b7)
|
|
(This used to be commit 1a25dc776ddc36de9a214e023becff1ceb10290c)
|
|
(This used to be commit 808dbcf345d0e00dc5bc0af2ef54f31a554824f0)
|
|
(This used to be commit a64affffb2acf68956dc25be45c0559e6139a571)
|
|
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
|
|
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
mangling implementation, selectable using "mangling method = " in smb.conf
It also tidies the interface a little, although it is still nasty.
(This used to be commit be23d87a178e7d0691e7d942adf89bb3d2d533c2)
|
|
need to know about. Different from the DEBUG system.
Jeremy.
(This used to be commit 74eac41c681f92a6da0ae2167f031e021862e0d8)
|
|
using it anymore. This also removes an early #include of smb.h, making it
slightly easier to track whats being included where.
Andrew Bartlett
(This used to be commit 9d25e3023272a55a39f80305f0f336c655833d55)
|
|
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
This adds the 'net' tools to manipulate the trusted domains.
Andrew Bartlett
(This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
|
|
Jeremy
(This used to be commit 6210d4aa196c944e47076e316980f76ac9c6b02d)
|
|
gcc warnings about unused parameters.
(This used to be commit b29775d442c36f667a6db5ba9dbe47d1a133525f)
|
|
(This used to be commit a57e13b8b661dd41e8036f862c708b5d3ced82e6)
|
|
on some platforms using "" instead of <> in include statements
(This used to be commit d0ba307032340a22d77cb1d8fc78b4234e1a963c)
|
|
(This used to be commit c4d928e55fe99a3a1c4e53508a44949f92d74219)
|
|
We now include the libber.h file if required, but currently we just don't use
ldap. (I'll chase this up).
In the meantime, I've moved the ads_status code about, its now in its own file,
and has a couple of #ifdefs to allow smbd to link - becouse the lack of LDAP
caused HAVE_ADS to be undefined. (I hope its not too ugly).
Andrew Bartlett
(This used to be commit 14407c87e2dcccae1784290e3eb7a2d611516aff)
|
|
It's not as strong as Insure, but it's free, reasonably efficient and
works on every platform.
(This used to be commit e76d27fcdb33df5212ca5b0ce53c77ed8ca58906)
|
|
(This used to be commit 5b6c22a209a26cb9adbf6d7733d396038c729633)
|
|
(This used to be commit 838fbac7a086ff82498c3f0ba95b714123a7428c)
|
|
cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm
(This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b)
|
|
this was causing the kerberos stuff to fail compilation on several
platforms
(This used to be commit 17e2f3897374c76dd66b21fdcd93c3a04671f4ce)
|
|
some systems have libkrb5 but not krb5.h
(This used to be commit 4b89fdecfcf384e7434470a9dcc963f9d96498d1)
|
|
Why do people keep adding stuff to includes.h (OK I am guilty of this too)?
It's getting really huge and full of random junk. )-:
I've noticed TNG have started to split stuff up in to individual header
files included as needed.
(This used to be commit 36630f3984cb2bc4e60d910889e0396891cbc088)
|
|
(This used to be commit a1304be045d9cfd7bb793bb55ff49e158440a90e)
|
|
this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
|
|
(This used to be commit c7f611691941ca92f57665e19d6e46b161599427)
|
|
(This used to be commit d761a3860ba7b11b446d3a9865ddfeff8e2f658d)
|