| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
|
|
Jeremy
(This used to be commit 6210d4aa196c944e47076e316980f76ac9c6b02d)
|
|
gcc warnings about unused parameters.
(This used to be commit b29775d442c36f667a6db5ba9dbe47d1a133525f)
|
|
(This used to be commit a57e13b8b661dd41e8036f862c708b5d3ced82e6)
|
|
on some platforms using "" instead of <> in include statements
(This used to be commit d0ba307032340a22d77cb1d8fc78b4234e1a963c)
|
|
(This used to be commit c4d928e55fe99a3a1c4e53508a44949f92d74219)
|
|
We now include the libber.h file if required, but currently we just don't use
ldap. (I'll chase this up).
In the meantime, I've moved the ads_status code about, its now in its own file,
and has a couple of #ifdefs to allow smbd to link - becouse the lack of LDAP
caused HAVE_ADS to be undefined. (I hope its not too ugly).
Andrew Bartlett
(This used to be commit 14407c87e2dcccae1784290e3eb7a2d611516aff)
|
|
It's not as strong as Insure, but it's free, reasonably efficient and
works on every platform.
(This used to be commit e76d27fcdb33df5212ca5b0ce53c77ed8ca58906)
|
|
(This used to be commit 5b6c22a209a26cb9adbf6d7733d396038c729633)
|
|
(This used to be commit 838fbac7a086ff82498c3f0ba95b714123a7428c)
|
|
cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm
(This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b)
|
|
this was causing the kerberos stuff to fail compilation on several
platforms
(This used to be commit 17e2f3897374c76dd66b21fdcd93c3a04671f4ce)
|
|
some systems have libkrb5 but not krb5.h
(This used to be commit 4b89fdecfcf384e7434470a9dcc963f9d96498d1)
|
|
Why do people keep adding stuff to includes.h (OK I am guilty of this too)?
It's getting really huge and full of random junk. )-:
I've noticed TNG have started to split stuff up in to individual header
files included as needed.
(This used to be commit 36630f3984cb2bc4e60d910889e0396891cbc088)
|
|
(This used to be commit a1304be045d9cfd7bb793bb55ff49e158440a90e)
|
|
this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
|
|
(This used to be commit c7f611691941ca92f57665e19d6e46b161599427)
|
|
(This used to be commit d761a3860ba7b11b446d3a9865ddfeff8e2f658d)
|
|
default, rather than in preprocessor macros.
(This used to be commit 79ec88f0da40faebe1e587f1b3e87b5f2b184f58)
|
|
Jeremy.
(This used to be commit 9c8439f25b90d80adcd7161bfed3664af6256940)
|
|
to detect this in configure.
Jeremy.
(This used to be commit 44fb1992c98e7cca5663b17ea9a4833fcf0a8478)
|
|
(This used to be commit df34e11d84a6fe89dc6654eb10de0a49383e1dea)
|
|
(This used to be commit 3545de4773438f859e64b3578c2bbf706257eced)
|
|
it should give something for others to hack on and possibly find what
I'm doing wrong.
(This used to be commit 353c290f059347265b9be2aa1010c2956da06485)
|
|
and also completes the switch to lang_tdb.c. SWAT should now work
with a po file in the lib/ directory
also removed useless SYSLOG defines in many files
(This used to be commit 5296b20ad85d7519c870768455cb4d8df048c55a)
|
|
activate you need to:
- install krb5 libraries
- run configure
- build smbclient
- run kinit to get a TGT
- run smbclient with the -k option to choose kerberos auth
(This used to be commit d33057585644e1337bac743e25ed7653bfb39eef)
|
|
Linux.
Jeremy.
(This used to be commit b4b891279b6292237113456f1bb0d4393f1f9af1)
|
|
(This used to be commit f41c3bb80f1e498a9d27f6e236b0ff3a742764c9)
|
|
replacemnt of stdio that doesn't suffer from the 8-bit filedescriptor
limit that we hit with nasty consequences on some systems
I would eventually prefer us to have a configure test to see if we need
to replace stdio, but for now this code needs to be tested widely so
I'm enabling it by default.
(This used to be commit 1af8bf34f1caa3e7ec312d8109c07d32a945a448)
|
|
(This used to be commit 865e0507e6e6ad6a71d833c4f2a0f57362637719)
|
|
(This used to be commit 60d297303488ed583537ca2853828fccd6da2ade)
|
|
which should now be used instead of DEBUG(0) or printf() for
interactive messages
I have only converted client.c to use d_printf(), and the code hasn't
had much testing yet. Eventually we want all interactive code to use
d_printf(), plus SWAT
(This used to be commit 266d8e67669adb329f25676c4bc4d4c50f223428)
|
|
NSS_STATUS and WINBINDD error codes mixed up
(This used to be commit 66698d6b841df809a8654012a8385bffacb9dc4a)
|
|
header files as well as libcups.
(This used to be commit 2dbb41a7b88e7fad63579111aaab4a1cd28c54d5)
|
|
drop paramaters:
status
utmp hostname
change session code to always record each vuid current on the server. The sessionid struct is no longer packed, as I couldn't get that to work ;-)
change smbstatus to show this info and less of the connections.tdb info (its not actualy that accurate).
I'll get swat doing some of this shortly.
(This used to be commit b068ad300527c44673bbee0aede7849199c89de7)
|
|
samba-technical a few weeks ago.
The idea here is to standardize the checking of user names and passwords,
thereby ensuring that all authtentications pass the same standards. The
interface currently implemented in as
nt_status = check_password(user_info, server_info)
where user_info contains (mostly) the authentication data, and server_info
contains things like the user-id they got, and their resolved user name.
The current ugliness with the way the structures are created will be killed
the next revision, when they will be created and malloced by creator functions.
This patch also includes the first implementation of NTLMv2 in HEAD, but which
needs some more testing. We also add a hack to allow plaintext passwords to be
compared with smbpasswd, not the system password database.
Finally, this patch probably reintroduces the PAM accounts bug we had in
2.2.0, I'll fix that once this hits the tree. (I've just finished testing
it on a wide variety of platforms, so I want to get this patch in).
(This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)
|
|
(This used to be commit 7b3d030e1f869a842822d9a356a027cca6f3a725)
|
|
error code we use, as long as its not another one that iconv() can
give.
(This used to be commit 2097abb76c1845a69a7136af388cef09243ca066)
|
|
fixes some problems wih some character sets and allows for using
internal charsets in conjunction with ionv charsets
this makes us slower but more correct. speed will come later.
(This used to be commit 594f84b4e39182dcf344c02dc0185376a2726395)
|
|
The leg-work for this was done by the folks at samba-tng.org, I'm just bringing
it accross to HEAD.
The MD5 implementation is seperatly derived, and does not have the copyright
problems that the one in TNG has.
Also add const to a few places where it makes sence.
Andrew Bartlett
(This used to be commit 8df8e841445dfe09fc7a06bb55d12adc3fecb345)
|
|
(This used to be commit 57e7df8ae58020ab653307c1fdfbadd44983e900)
|
|
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
(This used to be commit debb471267960e56005a741817ebd227ecfc512a)
|
|
the rpc code to fail on the cray....
Jeremy.
(This used to be commit 33a299a0c42bb7090e2030fb1e5cafdf07346bc6)
|
|
don't rush commits :)
(This used to be commit 442bf5cc9e6de7888f9a8cc06050f73ef880c4d9)
|
|
(This used to be commit 4d0c3167099f461b46fafaa3a35b14babbadcb93)
|
|
instead of a define
(This used to be commit e2ecff419fdc0a0dc7551b33b377dc11061ef2a3)
|
|
generic Linux ACL code.
rpc_server/srv_samr_nt.c: Don't delete a policy handle before it's created.
Jeremy.
(This used to be commit db5b82e53a7061c4764d39ceb3df82e706aad42f)
|
|
(This used to be commit 7a1929b6caeb9b349510f7f4ae394246b9c5adc3)
|
|
(This used to be commit fbf03c89e6b1980f4f75a657f9760edb7445d8cb)
|
|
tests for a fn or variable being defined in headers
- used this to add prototypes for asprintf and vasprintf on systems
that don't have them
(This used to be commit ab2465239414853a14529f88a25f13c392aa2d3f)
|
