Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit ee63331256e12df239c6981e87f57e3bffb361d7)
|
|
(This used to be commit 32c8796f2a2b598daa17835394d143bd266aa7bf)
|
|
(This used to be commit 367a5cad1edf6a49783806d5a8b59a62d8856706)
|
|
(This used to be commit e599eba851db40816c684da2b7b1be4b978166e0)
|
|
(This used to be commit 8e1e47b960495df7f603d7798d86734d070b21bb)
|
|
split out privileges from rpc_lsa.h
(This used to be commit 37d7cc8162d02a664095dbe0fc8d7250d1ed51c9)
|
|
(This used to be commit fb03fafed14a2816808e98fd95850db3e655d5d9)
|
|
(This used to be commit 58d284bd06f5893a752c1f22828715f8bd130c82)
|
|
(This used to be commit a4fc9c3b2dfbdbb3f75bf38415741ff66dbe1367)
|
|
SAM_ACCOUNT does not have anymore uid and gid fields
all the code that used them has been fixed to use the proper idmap calls
fix to idmap_tdb for first time idmap.tdb initialization.
auth_serversupplied_info structure has now an uid and gid field
few other fixes to make the system behave correctly with idmap
tested only with tdbsam, but smbpasswd and nisplus should be ok
have not tested ldap !
(This used to be commit 6a6f6032467e55aa9b76390e035623976477ba42)
|
|
reverted user making function, did not pass the abartlet test :-)
idmap is now fully integrated, we only miss user creation and removal of uid
and gid from SAM_ACCOUNT
(This used to be commit 67af8c26586c4829166795813a373bf9be27b753)
|
|
function. Patch by metze with some minor modifications.
(This used to be commit f4576757d1d52a8f1b96894c869bb76450003fd1)
|
|
smb.conf parameters along with some other small fixes. Binary
compatible with older modules.
(This used to be commit aa07b12fda732ca19d8dc41cebc7bb09e2549a30)
|
|
multi-PDU encode/decode with SCHANNEL. Also need to test against WNT DC.
Jeremy.
(This used to be commit ec82e8e9f4a6bf807a91ac265af39a516c7ab631)
|
|
workstation, we have to use the workstation type, if we have a BDC account,
we must use the BDC type - even if we are pretending to be a workstation
at the moment.
Also actually store and retreive the last change time, so we can do
periodic password changes again (for RPC at least).
And finally, a couple of minor fixes to 'net'.
Andrew Bartlett
(This used to be commit 6e6b7b79edae3efd0197651e9a8ce6775c001cf2)
|
|
gcc allows it to be empty. Should fix miscellaneous breakage on
the compile farm.
(This used to be commit b92d57f784fb43e420cf65b9392d175ad4483f28)
|
|
Jeremy.
(This used to be commit 7cb060e821691abf5d58d273cb523ee310656185)
|
|
(This used to be commit e9beb6cc95b83958af4fe4fce292f831304ae8a4)
|
|
(This used to be commit 74fab8f0d24004b1dfd5ce0fd7402895652f941f)
|
|
requests and responses and is only compiled in when --enable-developer
is passed to configure. It includes server and client side code for
generating and responding to functions on this pipe. The functions are:
- AddOne: add one to the uint32 argument and return ig
- EchoData: echo back a variable sized char array to the caller
- SourceData: request a variable sized char array
- SinkData: send a variable sized char array and throw it away
There's a win32 implementation of the client and server in the
junkcode CVS repository in the rpcecho-win32 subdirectory.
(This used to be commit 4ccd34ef836eba05f81dc2da73fd7cfaac201798)
|
|
I haven't seen the rid+attr arrays for group membership, nor sids or the same
kind of arrays for resource domains, so I don't know how that will work.
Also, the PAC info type 10 is now decoded, but I don't know what it's for.
It has an NTTIME, a 16-bit name length, and a username. According to M$,
it's not needed, because they didn't doc it...
(This used to be commit 28ab8504cf6c181866106e5cc626a5896283d0a9)
|
|
rpcclient -S pdc -U% -c "samlogon user password"
and it should work with the schannel. Needs testing platforms
different from NT4SP6.
Volker
(This used to be commit ecd0ee4d248e750168597ccf79c389513bb0f740)
|
|
(This used to be commit 8fd9450c8363021e23256903578fabbf77083978)
|
|
Volker
(This used to be commit 9fc3e4bf9fa7845b5d4a7eb4cacfec586045ebd0)
|
|
creeping back in to the source. Use True and False instead.
(This used to be commit 5a5a7ce7479a56ca2d472658511a47c9147c0d5b)
|
|
yet (the ones that are rid-only).
(This used to be commit 0a5b5d00db42de868c72ec3d9d1d747c9ef391e4)
|
|
for doc purposes right now (you can see it in the debug logs).
(This used to be commit 046c2087a11b9ce7a02aece34ffb129ce0d66b08)
|
|
same functionality exists as "pool-usage".
Move initialisation of this and dmalloc messages inside message_init().
(This used to be commit af6ecafcbbf65dbedc49b3a86da39ce608bdadac)
|
|
(This used to be commit ad1a2ab0d6330a0b0fbce7b30ec5f6f502133921)
|
|
just need to get the verifiction code working - we get back a signiture from
the server, and just can't verify it yet.
This also brings the short-packet checks into common code, and breaks the
connection if the server sends a signed reply, on an established connection,
that fails the test.
This breaks our read/write code at the moment, as we need to keep a list
of outstanding packets.
(signing is not enabled by default, unless the server demands it)
Not for 3.0 till I fix the outstanding packet list.
Andrew Barlett
(This used to be commit 808d1fcf20153970d587cb631a08607beb09703a)
|
|
first run if idmap.tdb is not found, and then eventually convert it to the
new format.
This is done to unify winbind and idmap databases and to make a backup of
winbindd_idmap.tdb in case you want to downgrade (of course it will not be
updated).
This is needed because idmap.tdb contains also local mappings, not only
foreign domains mappings.
Added some other fixes/improvements
Simo.
(This used to be commit cf17261519fd8775500f9b9d6caa2bc462e04633)
|
|
TNG. Actually, it exists in the main Samba cvs tree in APPLIANCE_TNG
as I found out later :-)
It adds a new parameter: server schannel = yes/auto/no defaulting to
auto.
What does this mean to the user: No requireSignOrSeal registry patch
for XP anymore.
Many thanks for this code to Luke Leighton, Elrond and anybody else I
forgot to mention.
My next thing will be to see if this applies cleanly to 3_0.
Please test and comment!
Volker
(This used to be commit e1f953241eb020f19fe657f29afdae28dcf5a03b)
|
|
This patch moves the ldap routines out of passdb into a generic
library and implements an LDAP backend for IDMAP. THe backend
can be enabled with "idmap backend = ldap" in smb.conf. THere
are also schema changes to make sure to update teh ldap schema files.
(This used to be commit 87c7c582c60521da3a93d997386fe79935012aea)
|
|
(This used to be commit e1a159c55fdeaa1620a3147105be4efd205560ba)
|
|
(This used to be commit 8b5ad24231e5001e612c5fd4bbde2762caef5856)
|
|
includes a --with-idmap=no switch to disable idmap usage if you find
problems.
cosmetic fixes and param aliases to separate winbind from idamp roles.
A temporarily remote idmap winbind compatibility backend.
As I have time I will further change code to not call directly winbind
(partly done but not tested) and a specilized module will be built in place
for the current glue hack.
The patch has been tested locally in my limited time, the patch is simple and
clear and should not reserve problems, if any just disable it.
As usual, comments and fisex are welcome :-)
Simo.
(This used to be commit 02781320476ed1b7ee5d943fa36f9a66ab67f208)
|
|
Mostly this consists of untangling the existing code and moving it in
to operating system specific files. The winbind client code for all
supported operating systems is now in nsswitch/winbind_nss_OSNAME.[ch]
to make things a bit clearer.
(This used to be commit 93ea047a16a292b23a1d8736ce9bc4098ba142ba)
|
|
fixed getsmbpass replacement test
(This used to be commit ff43a292b9f8e0a39d19cb099913efd899de84fa)
|
|
which then changes SIGRTMIN. It is also possible for bash to leave
some real time signals blocked at startup. This fixes both problems.
(This used to be commit 8d45bf644aecb6993c2a82b86a4527b33029ed8f)
|
|
new modules system, we still fall back to the old system.
(This used to be commit cebe8d8b424f10006f2f791a8f086c6c8a7f5d57)
|
|
twice (probably a cut/paste error).
The definition of pstrcpy_base(), and the preceeding comments, were given
twice (probably a cut/paste error).
(This used to be commit 5306f6f7c88234d51c4ff13d5451d3489de6b00e)
|
|
some warnings)
(This used to be commit d453b656e56a9b836b76f1cdce8de65d7bc4eb6c)
|
|
(only on systems that support it, of course)
(This used to be commit bf439d733df6a11a25ff561a853c3382a3b34b96)
|
|
- Quite some small fixes (also fixes the build)
(This used to be commit 3defbd5e0633acfa4631531b49601c7706072d86)
|
|
some double options and broke some parameters.
(This used to be commit d5f9b0275c91512e1926504f22aaeec2d104430d)
|
|
(This used to be commit de4bdf42d8f27b54260f58ff37d438c67623f446)
|
|
(This used to be commit 2ddfed298d7f0b6e690275725a39c3ef107077ae)
|
|
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
|
|
(This used to be commit 5a88d78f67fd7853d6f7d5042807afa56091d52c)
|
|
- safe_string.h - don't assume that __FUNCTION__ is available
- process.c - use new workaround from safe_string.h for the same
- util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc()
- gencache.c - Keep valgrind quiet by always null terminating.
- clistr.c - Add copyright
- srvstr.h - move srvstr_push into a .c file again, as a real function.
- srvstr.c - revive, with 'safe' checked srvstr_push
- loadparm.c - set a default for the display charset.
Andrew Bartlett
(This used to be commit a7eba37aadeb0b04cb1bd89deddb58be8aba825c)
|