Age | Commit message (Collapse) | Author | Files | Lines |
|
to correctly allow password changes on expired passwords. (No security
implications, as its just a 'will I let you talk to the server' check).
pam_winbind checks the password prior to changing it, so that users don't
have to make up and type their new password when they havn't even got the
old one right. This also helps with stacking etc.
Andrew Bartlett
(This used to be commit 2b78d493002a3ba13533429c6a14f5c0a92f43d1)
|
|
(This used to be commit 44df5a13bc83dc331caa6788cf0805333ed79f8d)
|
|
Importantly:
The removal of the silly 'delete user script' behaviour when secuity=domain.
I have left the name the same - as it still does the (previously documented,
but not in smb.conf(5)) sane behaviour of deleting users on request.
When we decide what to do with the 'add user' functionality, we might
rename it.
Andrew Bartlett
(This used to be commit cdcfe3671eb7570e15649b77f708e6579055e7bc)
|
|
Make it static (till sombody needs its...)
(This used to be commit 89dc15732062b46276d1d7a155954ee565070491)
|
|
Jeremy.
(This used to be commit 5c8351228c55f2403214351f6fd16fe231aee917)
|
|
These might be reimplmented as simple pass-through functions, but all users
really should be doing 'getpwnam_alloc' or 'getpwuid_alloc' to ensure that
there are not shared static buffers.
I don't beleive we actually need a getpw*() cache inside samba - if we do
then I think we should look at our code design first.
(some of these changes are for platforms I don't have access to, but
they look sane)
Andrew Bartlett
(This used to be commit 9d8431b04f41dceffe4c45cc969472ee59f7282f)
|
|
Make some code static, add some const to the PAM code, and make the plaintext
password code actually function - particulary without the requirement to
modify the 'struct passwd' (which it assumed was made up of fstrings)
This kills some particularly ugly code in lib/util_pw.c
Andrew Bartlett
(This used to be commit 302dad4990ba5194f072e435465d9adaa089ae06)
|
|
the DATA_BLOB code into its own file.
It would be nice to go over some of the other util.c functions, and check
that we still use them all, and that we use them in more than one place.
Andrew Bartlett
(This used to be commit d0ea70fce55df9a5b5878f50fce7bc115ffb37c2)
|
|
(This used to be commit 2424578c298ea11f67415bcfe2928353cd95819b)
|
|
(This used to be commit 793d9306e29ddd23e3f52736b5cd558b5d058611)
|
|
(This used to be commit 84ea2a434b510ed49838a04a4b30bd2fc9ec5673)
|
|
this is a first step only passdb stuff has beein "classized".
- so what can you do?
set debug level to: 1 poasdb:10
that will make all the code run at debug level 1 except the code in
passdb/* files that will run at level 10
TODO: fix the man page
- also smbcontrol has this nice feature so smbcontrol smbd debug 3 passdb:5
will set every smbd to have a default log level of 3 while passdb stuff
will be at level 5
and so no..
minor cosmetic fix to pdbedit is there too
(This used to be commit be5c3b3f5781ddc002ffcc98df04ab024dcef4ca)
|
|
(only function that used it was unused, and this helps bring TNG and HEAD
closer)
Its also cleaner.
Andrew Bartlett
(This used to be commit 78f47c83332a6408a718a3dee45645935638b364)
|
|
cleanup some of the code in net_rpc_join re const warnings and
fstrings.
Passdb:
Make the %u and %U substituions in passdb work.
This is done by declaring these paramters to be 'const' and doing
the substitution manually. I'm told this is us going full circle,
but I can't really see a better way.
Finally these things actually seem to work properly...
Make the lanman code use the pdb's recorded values for homedir etc
rather than the values from lp_*()
Add code to set the plaintext password in the passdb, where it can
decide how to store/set it. For use with a future 'ldap password
change' option, or somthing like that...
Add pdb_unix, so as to remove the 'not in passdb' special cases from the
local_lookup_*() code. Quite small, as it uses the new 'struct passwd ->
SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd)
Other:
Fix up the adding of [homes] at session setup time to actually pass
the right string, that is the unix homedir, not the UNC path.
Fix up [homes] so that for winbind users is picks the correct name.
(bad interactions with the default domain code previously)
Change the rpc_server/srv_lsa_nt.c code to match NT when for the
SATUS_NONE_MAPPED reply: This was only being triggered on
no queries, now it is on the 'no mappings' (ie all mappings failed).
Checked against Win2k.
Policy Question: Should SID -> unix_user.234/unix_group.364 be
considered a mapping or not? Currently it isn't.
Andrew Bartlett
(This used to be commit c28668068b5a3b3cf3c4317e5fb32ec9957f3e34)
|
|
(This used to be commit 1c9387330f776b9b96714f9c9c62087bbd32f7b6)
|
|
when it exists.
(This used to be commit 85ab07bdc1b2ce7b2c1b8197fad45124b1460dca)
|
|
than allow silent reuse of stale static buffer.
Next step is to make this fn return that allocated buffer.
(This used to be commit e1daf816f3d809d288313fe2db98b5a731c93a79)
|
|
This option was badly maintained, useless and confused our users and
distirbutors. (its SSL, therfore it must be good...)
No windows client uses this protocol without help from an SSL tunnel.
I can't see any reason why setting up a unix-side SSL wrapper would
be any more difficult than the > 10 config options this mess added
to samba in any case.
On the Samba client end, I think the LIBSMB_PROG hack should be
sufficient to start stunnel on the unix side. We might extend this
to take %i and %p (IP and port) if there is demand.
Andrew Bartlett
(This used to be commit b04561d3fd3ee732877790fb4193b20ad72a75f8)
|
|
of problems on Linux/390 systems...
(This used to be commit 2605e483b309e62b4c5d39a2ac6d8b2257bb5a87)
|
|
tx Elrond for prosecuting cleanness :)
(This used to be commit 2f30c2edfd6373864f5bd0c4f8d70625495da7eb)
|
|
Jeremy.
(This used to be commit 2b49d727b061f87d5022e7ee75b66dc851265fd5)
|
|
(ie. ENOTDIR) to the NT status code NT_STATUS_NOT_A_DIRECTORY. NT seems
to use NT_STATUS_OBJECT_PATH_NOT_FOUND. I'm hoping this will fix the
access binaries served from a Samba share bug...
Jeremy.
(This used to be commit 6f2b76c2394e305e5a282f459b84f94f8ed2082a)
|
|
(This used to be commit c26ce496e88a9a1f93a51fa626f222c98892746f)
|
|
things; compiles and shouldnt break, but needs testing
(This used to be commit 19b9b50d9039afe614284aaf379f9f1078e2e307)
|
|
Jeremy.
(This used to be commit 6d957924579d64407bdd94d7e78088fb1ea5c9ce)
|
|
(This used to be commit 38fd99e84176106ed700f637e9292d2a4c1385b4)
|
|
returns to the client.
Jeremy.
(This used to be commit 1d66e53a64ec2878293e6d74a852b736ddab8f21)
|
|
Jeremy.
(This used to be commit 65742067e07195048edcee46dae95a58a4a50950)
|
|
Jeremy.
(This used to be commit 7adcc930ca56bf879b5e73b74bca19ac2353f1c0)
|
|
for transfer_file.
Jeremy.
(This used to be commit c7ff521bab838c070931f2b0ece4be3371fbcdbf)
|
|
Jeremy.
(This used to be commit 64974fa334fd757ff5cfd1bd32d7300bf8a6208c)
|
|
Jeremy.
(This used to be commit 8cbc24c3bd0e2d2349625c3b5d2e12ac092ec5a8)
|
|
Jeremy.
(This used to be commit 48475a7a697242b9fd7b1aec24389afb112569c4)
|
|
(This used to be commit 546764f3cbbefaad312386280dd2ebbbe5b4446d)
|
|
for both null terminated and buffer length terminated strings
(This used to be commit e8fbf853e0eed61bb7405be731f18fb2426f8dc4)
|
|
(This used to be commit 18d5ffd835165d2570443c979d9157e2388b37d8)
|
|
this was a very nasty bug with filename corruption and NT4 clients. The
exact termination conditions are quite critical ...
(This used to be commit a538efe7d00e7a61df194ca1c22e0583dcbb7a4a)
|
|
Thanks to Ollie Oldham <ollie.oldham@metro-optix.com> for spotting it.
few mods to make it easier to compile the tests.
addedd the "Ollie" test to the floating point ones.
(This used to be commit 415f9d92bc0a37d38b81a653a4b4c5f0fefa2fe8)
|
|
(This used to be commit dbc6b137a83cf9fe0558625dd32f92f15296fba6)
|
|
(This used to be commit bac0093a9713416b1679d1bc167b70f02b06ef78)
|
|
(This used to be commit 3b6df44ddc80d728c01511529ccb05c1ba3d414b)
|
|
<mimir@diament.ists.pwr.wroc.pl>) this patch allows samba to correctly
enumerate its trusted domains - by exaimining the keys in the secrets.tdb file.
This patch has been tested with both NT4 and rpcclient/wbinfo, and adds
some extra functionality to talloc and rpc_parse to allow it to deal with
already unicode strings.
Finally, this cleans up some const warnings that were in net_rpc.c by pushing
another dash of const into the rpc client code.
Andrew Bartlett
(This used to be commit 0bdd94cb992b40942aaf2e5e0efd2868b4686296)
|
|
All uids and gids must create valid RIDs, becouse other code expects this, and
can't handle the failure case. (ACL code in particular)
Allow admins to adjust the base of the RID algorithm, so avoid clashes with
users brought in from NT (for example).
Put all the algorithm code back in one place, so that this change is global.
Better coping with NULL sid pointers - but it still breaks a lot of stuff.
BONUS: manpage entry for new paramater :-)
counter based rids for normal users in tdbsam is disabled for the timebeing,
idra and I will work out some things here soon I hope.
Andrew Bartlett
(This used to be commit 5275c94cdf0c64f347d4282f47088d084b1a7ea5)
|
|
(This used to be commit 7e92fb7453e4dbf1fe0c32c3dcc1e994cb95b5ea)
|
|
the hash for this scheme is *much* larger (approximately 31 bits) and
the code is written to be very fast, correctly handling multibyte
while not doing any actual multi-byte conversions in the vast majority
of cases
you can select this scheme using "mangling method = hash2", although I
may make it the default if it works out well.
(This used to be commit bb173c1a7e2408ced967ebac40b5e3f852ccd3a1)
|
|
(This used to be commit 2bf6595a2a5527ff64f9083f2434aa344c9637d9)
|
|
(This used to be commit e5c3648fe721d659c8b90a6987998ada4790592b)
|
|
need to know about. Different from the DEBUG system.
Jeremy.
(This used to be commit 74eac41c681f92a6da0ae2167f031e021862e0d8)
|
|
dlopen & friends into configure.in. This should help building on *BSD
where dl*** calls are in libc.
Jeremy
(This used to be commit ac1baba35d7a399bf800ced49a4384e39955e3eb)
|
|
Jeremy.
(This used to be commit ea60c50109462b35825be1dd3cc6b28f739a1b59)
|