| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This tries to extract our server-side code out of sessetup.c, and into a more
general lib. I hope this is only a temporay resting place - I indend to
refactor it again into an auth-subsystem independent lib, using callbacks.
Move some of our our NTLMSSP #defines into a new file, and add two that I found
in the COMsource docs - we seem to have a double-up, but I've verified from
traces that the NTLMSSP_TARGET_TYPE_{DOMAIN,SERVER} is real.
This code also copes with ASCII clients - not that we will ever see any here,
but I hope to use this for HTTP, were we can get them. Win2k authenticates
fine under forced ASCII, btw.
Tested with Win2k, NTLMv2 and Samba's smbclient.
Andrew Bartlett
(This used to be commit b6641badcbb2fb3bfec9d00a6466318203ea33e1)
|
|
compiler-based argument checking.
(This used to be commit 16fe928e68623a878b125910ff83df500a29d0ce)
|
|
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
(This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
|
|
Check return in ldap.
Jeremy.
(This used to be commit e789edbb287319f52f49f2999917a610565144d9)
|
|
(This used to be commit 5320d54b901b92a3a8cdf9a407651713826c6c9f)
|
|
Jeremy.
(This used to be commit ff3a8d37289216a2cb808406044a7abef1e564d0)
|
|
Jeremy
(This used to be commit 185804ac945e717a5e3d3602e8118b35080f6251)
|
|
0x80000000 -> 0xFFFFFFFF would fail as they were being cast
from IVAL (uint32) to SMB_OFF_T (off_t or off64_t, both *signed* types).
The sign extension would cause the offset to be treated as negative.
Thanks to Herb for helping me track this one down (IRIX is good for large
file tests :-).
Jeremy.
PS. That horrid EXEXIST thing has broken configure.....
(This used to be commit fc7d3faed798e7496f2991ec7d795c3b1a3758f5)
|
|
(This used to be commit 732bc4519f1119100607cc84400e8f84e0c0ba9d)
|
|
(This used to be commit 66ef6b942e00dc0d7742226f24861445d3bc0eb3)
|
|
(This used to be commit aa52351384abace54a89c9fbfa5e4c31a8464c91)
|
|
--with-ads=no or ./configure --without-ads Samba will build without
linking to the various kerberos libraries.
(This used to be commit edb6172abf0f07fead8ed3aaaebe0411d757aa64)
|
|
The global winbind file descriptor can cause havoc in some situations -
particulary when it becomes 0, 1 or 2. This patch (based on some very nice
work by Hannes Schmidt <mail@schmidt-net.via.t-online.de>) starts to recitfy
the problem by ensuring that the close-on-exec flag is set, and that we move
above 3 in the file descriptor table.
I've also decided that the PAM module can close it's pipe handle on every
request - this isn't performance-critical code.
The next step is to do the same for nss_winbind. (But things like getent()
might get in our way there).
This also cleans up some function prototypes, puts them in just one place.
Andrew Bartlett
(This used to be commit 442eb39657b98f67cd229ed3110b63aae8bf4e3c)
|
|
#ifdef mess...) in readline.c, we don't need or use them in the rest of Samba.
(This OK was of course conditional on 'if you break it, you better fix it...')
Andrew Bartlett
(This used to be commit 55ee289f587f107fa03c5f889491fdaab101df2d)
|
|
syslog() since Paul Green's POSIX patch.
(This used to be commit d3b29b0b2d2ffd5c050900ff8cae441b91f95526)
|
|
in includes.h
Andrew Bartlett
(This used to be commit ed184ed1905b49956528b6835f48a69ba3c1a045)
|
|
we now do this:
- look for suported SASL mechanisms on the LDAP server
- choose GSS-SPNEGO if possible
- within GSS-SPNEGO choose KRB5 if we can do a kinit
- otherwise use NTLMSSP
This change also means that we no longer rely on having a gssapi
library to do ADS.
todo:
- add TLS/SSL support over LDAP
- change to using LDAP/SSL for password change in ADS
(This used to be commit b04e91f660d3b26d23044075d4a7e707eb41462d)
|
|
(This used to be commit 6395c34f2f981d59b761d8615851a8fd54c1c304)
|
|
might be ugly, etc - please don't blame me for anything but instead try to fix
the code :-). Compiling of the new sam system can be enabled with the
configure option --with-sam
Removing passdb/passgrp.c as it's unused
fix typo in utils/testparm.c
(This used to be commit 4b7de5ee236c043e6169f137992baf09a95c6f2c)
|
|
(This used to be commit addf29e6765393b25c35bd833d29e29e4581c233)
|
|
This gets my test code working, where we previously failed with files
above 20G in size.
I'm still not completely happy with this. There are just too many
fields in trans2.c that we don't fill in.
(This used to be commit 7dfdb456d4c9bcf6ecb1f7e5c5e79989f95e5627)
|
|
(This used to be commit a43d9788fa8823d678ee72470421b980165ec2b0)
|
|
Andrew Bartlett
(This used to be commit d1ca2b9f23ce701eb6b6becafb1acd813fc8fc3a)
|
|
(This used to be commit 29874f4b8fecdc7cbd84d656dafce54cca49e0b1)
|
|
functions
(This used to be commit 1cf3228fdc20f0314d1f8e71ad710a5e548b3f72)
|
|
(This used to be commit 38fd99e84176106ed700f637e9292d2a4c1385b4)
|
|
(This used to be commit 2dde9f711979c04cd02107447395a55307f7a30a)
|
|
<mimir@diament.ists.pwr.wroc.pl>) this patch allows samba to correctly
enumerate its trusted domains - by exaimining the keys in the secrets.tdb file.
This patch has been tested with both NT4 and rpcclient/wbinfo, and adds
some extra functionality to talloc and rpc_parse to allow it to deal with
already unicode strings.
Finally, this cleans up some const warnings that were in net_rpc.c by pushing
another dash of const into the rpc client code.
Andrew Bartlett
(This used to be commit 0bdd94cb992b40942aaf2e5e0efd2868b4686296)
|
|
mangling implementation, selectable using "mangling method = " in smb.conf
It also tidies the interface a little, although it is still nasty.
(This used to be commit be23d87a178e7d0691e7d942adf89bb3d2d533c2)
|
|
need to know about. Different from the DEBUG system.
Jeremy.
(This used to be commit 74eac41c681f92a6da0ae2167f031e021862e0d8)
|
|
using it anymore. This also removes an early #include of smb.h, making it
slightly easier to track whats being included where.
Andrew Bartlett
(This used to be commit 9d25e3023272a55a39f80305f0f336c655833d55)
|
|
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
This adds the 'net' tools to manipulate the trusted domains.
Andrew Bartlett
(This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
|
|
Jeremy
(This used to be commit 6210d4aa196c944e47076e316980f76ac9c6b02d)
|
|
gcc warnings about unused parameters.
(This used to be commit b29775d442c36f667a6db5ba9dbe47d1a133525f)
|
|
(This used to be commit a57e13b8b661dd41e8036f862c708b5d3ced82e6)
|
|
on some platforms using "" instead of <> in include statements
(This used to be commit d0ba307032340a22d77cb1d8fc78b4234e1a963c)
|
|
(This used to be commit c4d928e55fe99a3a1c4e53508a44949f92d74219)
|
|
We now include the libber.h file if required, but currently we just don't use
ldap. (I'll chase this up).
In the meantime, I've moved the ads_status code about, its now in its own file,
and has a couple of #ifdefs to allow smbd to link - becouse the lack of LDAP
caused HAVE_ADS to be undefined. (I hope its not too ugly).
Andrew Bartlett
(This used to be commit 14407c87e2dcccae1784290e3eb7a2d611516aff)
|
|
It's not as strong as Insure, but it's free, reasonably efficient and
works on every platform.
(This used to be commit e76d27fcdb33df5212ca5b0ce53c77ed8ca58906)
|
|
(This used to be commit 5b6c22a209a26cb9adbf6d7733d396038c729633)
|
|
(This used to be commit 838fbac7a086ff82498c3f0ba95b714123a7428c)
|
|
cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm
(This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b)
|
|
this was causing the kerberos stuff to fail compilation on several
platforms
(This used to be commit 17e2f3897374c76dd66b21fdcd93c3a04671f4ce)
|
|
some systems have libkrb5 but not krb5.h
(This used to be commit 4b89fdecfcf384e7434470a9dcc963f9d96498d1)
|
|
Why do people keep adding stuff to includes.h (OK I am guilty of this too)?
It's getting really huge and full of random junk. )-:
I've noticed TNG have started to split stuff up in to individual header
files included as needed.
(This used to be commit 36630f3984cb2bc4e60d910889e0396891cbc088)
|
|
(This used to be commit a1304be045d9cfd7bb793bb55ff49e158440a90e)
|
|
this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
|
|
(This used to be commit c7f611691941ca92f57665e19d6e46b161599427)
|
