Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit f435bf0095694a283db47e33c9eb1b5b6df13d03)
|
|
we now do this:
- look for suported SASL mechanisms on the LDAP server
- choose GSS-SPNEGO if possible
- within GSS-SPNEGO choose KRB5 if we can do a kinit
- otherwise use NTLMSSP
This change also means that we no longer rely on having a gssapi
library to do ADS.
todo:
- add TLS/SSL support over LDAP
- change to using LDAP/SSL for password change in ADS
(This used to be commit b04e91f660d3b26d23044075d4a7e707eb41462d)
|
|
- Rename user -> account
- Add sam_* functions (api.c)
- Several small fixes
(This used to be commit eafcc387045f4f265631a952297caf3f6db779d8)
|
|
Jeremy.
(This used to be commit df3e467eb7cce059782870bfec222293577c4f69)
|
|
(This used to be commit 6395c34f2f981d59b761d8615851a8fd54c1c304)
|
|
might be ugly, etc - please don't blame me for anything but instead try to fix
the code :-). Compiling of the new sam system can be enabled with the
configure option --with-sam
Removing passdb/passgrp.c as it's unused
fix typo in utils/testparm.c
(This used to be commit 4b7de5ee236c043e6169f137992baf09a95c6f2c)
|
|
(This used to be commit a760bca56a55b119cf399c5ac6f8b0db418be2e0)
|
|
Jeremy.
(This used to be commit 095e2bf9469a4c26814fb049f2870983c090ed81)
|
|
- SAM_DELTA_RENAME{USER,GROUP,ALIAS}
- SAM_DELTA_DELETE{USER,GROUP}
Renamed some of the unknown delta types and their unmarshalling functions:
- SAM_DELTA_TRUST_DOMS
- SAM_DELTA_SECRET_INFO
(This used to be commit 1f29276c2ff450c4ca3705c27fb0be71ddcda4ad)
|
|
(This used to be commit 78cfbebc69fb15326d8f6dbbce1090c301a1f270)
|
|
(This used to be commit 9b49d97b94a7e3842cdcbfa4ebfa961586857aea)
|
|
J.F.
(This used to be commit 2f68d6f5ec925f07a387f784db6de0cfbaa53278)
|
|
(This used to be commit addf29e6765393b25c35bd833d29e29e4581c233)
|
|
(Wrapping to zero does not create problems in this cache)
Andrew Bartlett
(This used to be commit c58e3d5c7d78dd02584b1490a27f7007e11b8712)
|
|
Jeremy.
(This used to be commit e53a81261ed189881c0f07e1b46f97aa6770cab7)
|
|
(This used to be commit c9ffc416aeee2610fdc896a9d41dac182039a5f9)
|
|
our authenticaion code - removing some of the duplication from the current
code.
This also gets us *much* closer to supporting a real SAM backend, becouse the
SAM can give us the right info then.
This also changes our service.c code, so that we do a VUID (rather than uid)
cache on the connection struct, and do full NT ACL/NT_TOKEN checks (or cached
equivilant) on every packet, for the same r or rw mode the whole share was open
for.
Andrew Bartlett
(This used to be commit d8122cee059fc7098bfa7e42e638a9958b3ac902)
|
|
(This used to be commit 341bb9fb78a2e750f05a902e020ba352e26ca030)
|
|
we still need to parse the core of the structure
(This used to be commit 6780ae25bf7ca291f612682dec7ee7ff44c24bef)
|
|
than SPOOL_PRINTERDATA_KEY
* created an internal set/get_printer_dataex() call for reuse in
Set/GetPrinterData()
(This used to be commit 4eb8ffba032971cf83a0fcec7ca3730b4ded0bf0)
|
|
(This used to be commit 227472286f479bddfac7ea958b779fc4459a9e1e)
|
|
(This used to be commit be5a649ed4c06aa1ffb709f1d3ff8ed26919bf1c)
|
|
add SPOOL_PNPDATA_KEY define
(This used to be commit cdaa3f55e1fcc38b1d7a63d502a9fea3b92bf193)
|
|
* removed support for PHANTOM_DEVMODE printer data
* s/NT_PRINTER_PARAM/REGISTRY_VALUE/g - This was a good bit
of work. Everything seems stable, but is not complete.
* support for printer data keys other than PrinterDriverData
in the store and fetch routines. Still needs to be plugged
into the XxxPrinterDataEx() calls.
Tested against NT4.0 & 2k. Like I said, it's not done, but doesn't
crash so it shouldn't upset anyone (unless you're trying to build
a Samba printer server off of HEAD). More work to come. Should
settle by Monday.
jerry
(This used to be commit 7ba7c04c0e961618c82c2112b9627af114c6cc42)
|
|
Remove 9th place leading zero from some constants.
(This used to be commit 876e7b2bf45aad40282fd0ccddadf01df23d8d41)
|
|
(This used to be commit 11ddfd9cfa550dcd3186c8aaf0cc038ce7f1791f)
|
|
(This used to be commit 0118e459b603a991f23d48cfd7f5e68c4374f950)
|
|
if you have an ADS DC.
(This used to be commit 059a352ebb7c7286d205bc86a92f5fd26ab1ff8e)
|
|
existing connect (which I've been told is really connect2), with one
extra dword. We've only seen 0x00000002 there...
(This used to be commit 266344634944dff30f56453f9d86c490e7ac7a55)
|
|
setups.
- split up the ads structure into logical pieces. This makes it much
easier to keep things like the authentication realm and the server
realm separate (they can be different).
- allow ads callers to specify that no sasl bind should be performed
(used by "net ads info" for example)
- fix an error with handing ADS_ERROR_SYSTEM() when errno is 0
- completely rewrote the code for finding the LDAP server. Now try DNS
methods first, and try all DNS servers returned from the SRV DNS
query, sorted by closeness to our interfaces (using the same sort code
as we use in replies from WINS servers). This allows us to cope with
ADS DCs that are down, and ensures we don't pick one that is on the
other side of the country unless absolutely necessary.
- recognise dnsRecords as binary when displaying them
- cope with the realm not being configured in smb.conf (work it out
from the LDAP server)
- look at the trustDirection when looking up trusted domains and don't
include trusts that trust our domains but we don't trust
theirs.
- use LDAP to query the alternate (netbios) name for a realm, and make
sure that both and long and short forms of the name are accepted by
winbindd. Use the short form by default for listing users/groups.
- rescan the list of trusted domains every 5 minutes in case new trust
relationships are added while winbindd is running
- include transient trust relationships (ie. C trusts B, B trusts A,
so C trusts A) in winbindd.
- don't do a gratuituous node status lookup when finding an ADS DC (we
don't need it and it could fail)
- remove unused sid_to_distinguished_name function
- make sure we find the allternate name of our primary domain when
operating with a netbiosless ADS DC (using LDAP to do the lookup)
- fixed the rpc trusted domain enumeration to support up to approx
2000 trusted domains (the old limit was 3)
- use the IP for the remote_machine (%m) macro when the client doesn't
supply us with a name via a netbios session request (eg. port 445)
- if the client uses SPNEGO then use the machine name from the SPNEGO
auth packet for remote_machine (%m) macro
- add new 'net ads workgroup' command to find the netbios workgroup
name for a realm
(This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
|
|
on both by default, and you can specify a list of ports to listen on
either with "smb ports = " in smb.conf or using the -p option to smbd.
this is needed for proper netbiosless operation.
(This used to be commit 5dee0a7b5e0fcb298a9d36661c80e60d8b9bcc3a)
|
|
is netbios and dns domain info. Also add code to set/fetch the domain GUID
from secrets.tdb (although set is not yet called by anyone).
(This used to be commit 31d7168530ccce2c5e9e7f96464b47f4d9771a25)
|
|
very useful in scripts
(This used to be commit fc0d5479b575c1f495b9251413eed18ec1e37e02)
|
|
Finally the cascaded VFS patch is in.
Testing is very welcome, specially with layered multiple vfs modules.
A big thank to Alexander Bokovoy for his work and patience :)
Simo.
(This used to be commit 56283601afe1836dafe0580532f014e29593c463)
|
|
is. I'm calling it REG_SAVE_KEY, because 2k preps a regedt32.exe
Registry->Save Key with this call.
Done in the process of tracking down a PrinterDriverData issue.
(This used to be commit 66104a361424f10cc986c597b91afa6f12b3cd8a)
|
|
This gets my test code working, where we previously failed with files
above 20G in size.
I'm still not completely happy with this. There are just too many
fields in trans2.c that we don't fill in.
(This used to be commit 7dfdb456d4c9bcf6ecb1f7e5c5e79989f95e5627)
|
|
(This used to be commit 4c664a0de89676cfb2b14a93d4e30aed04e29fe9)
|
|
Remove the n^2 search for valid 'tty' names from the sesion code when we
don't actually need it. Its main value is in getting 'well behaved'
numbers for use with utmp, so when we are not doing utmp we don't need
this to get in the way.
Andrew Bartlett
(This used to be commit 50507e131dac19485a2561f3448da7334e357f50)
|
|
to the Samba tree.
Originally written by Nigel Williams" <nigel@veritas.com>, I've been
trying to keep it in some form of shape for the last 6 months. In particular
I think some of the code got committed a few months ago, and others have made
changes to the CVS version over time.
anyway, its finally in - and doesn't appear to have broken anything.
Now to try the client-side patches :-)
Andrew Bartlett
(This used to be commit f9bac7c5c2c4ddf0bf39d596a7b922fbb17c6b16)
|
|
almost working, seem it does not yet properly detect if windbind is running or not in all situations testing is welcome.
(This used to be commit e0988e918667e3bc7b7cfb19ae81bf8c05fe582a)
|
|
(This used to be commit e3c2ef0a04afe0a21432940fceae2db07da730d8)
|
|
and display correctly in regedit.exe.
Not sure about REG_SZ values in PrinterDriverData. If we store these
in UNICODE, I'll have to fix up a few things.
REG_BINARY & REG_DWORD are fine.
(This used to be commit 2a30c243ec28734bbc721dfc01b743faa6f73788)
|
|
* added REG_OPEN_HKCR for supporting regedit.exe
* All data n a REGISTRY_VALUE is stored to a pointer now
* fixed REG_INFO to correctly display data when double clicking on
and entry in the registry editor
* Will now enumerate installed driver_info_3 data
* fixed numerous bugs related to pointer offsets, memory issues, etc..
in the registry routines
* added a simple caching mechanism to fetch_reg_[keys|values]_specific()
All that is left now is to enumerate PrinterData and I will have finished
what I started out to do....
(This used to be commit 419d7208e8384e4ad2c4dd328ad5e630971bc76c)
|
|
is not and [in/out] buffer
* registry value enumeration is working now for the Print\Forms
key. The format of the binary data is not quite right yet
but all installed forms are listed
(This used to be commit 998eb9c7312c3c9a9ed1e9ec294593503c0304bf)
|
|
(This used to be commit 54c7ad47e13d92efd4c4dae2654e2e62927487e5)
|
|
registry values are now passed around in containers
(REGSUBKEY_CTR & REGVAL_CTR) which each possess a TALLOC_CTX.
* removed subkey_specific_fn() from REGISTRY_OPS. Is implemented
in the form of a wrapper
* temporarily broke the printing registry ops.
* implemented inheritence for the data_p of nodes in a SORTED_TREE
* All REGISTRY_KEY instances now store a valid REGISTRY_HOOK since
the default REGOSTRY_OPS structure is stored in the root of the
cache_tree.
* Probably some other change I forgot.... T
(This used to be commit e7b55e8f017e638342d9c8c1a9259000745a0298)
|
|
Jeremy
(This used to be commit ae924493754220b8ad9e9767eb25f0f53a23327d)
|
|
(This used to be commit a43d9788fa8823d678ee72470421b980165ec2b0)
|
|
Jeremy.
(This used to be commit 51c8338c7ac8665fcaaac6de5f2d81b460e803f5)
|
|
registry view front end. Now to plug in the various hooks.
(This used to be commit 9772acd9ad44af2800dfb9d8610c2d5c23eaceb4)
|