| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This patch moves the ldap routines out of passdb into a generic
library and implements an LDAP backend for IDMAP. THe backend
can be enabled with "idmap backend = ldap" in smb.conf. THere
are also schema changes to make sure to update teh ldap schema files.
(This used to be commit 87c7c582c60521da3a93d997386fe79935012aea)
|
|
(This used to be commit 7dccd144b74d8c752a4b8c80fa5b3e6b2d11eaa2)
|
|
includes a --with-idmap=no switch to disable idmap usage if you find
problems.
cosmetic fixes and param aliases to separate winbind from idamp roles.
A temporarily remote idmap winbind compatibility backend.
As I have time I will further change code to not call directly winbind
(partly done but not tested) and a specilized module will be built in place
for the current glue hack.
The patch has been tested locally in my limited time, the patch is simple and
clear and should not reserve problems, if any just disable it.
As usual, comments and fisex are welcome :-)
Simo.
(This used to be commit 02781320476ed1b7ee5d943fa36f9a66ab67f208)
|
|
Andrew Bartlett
(This used to be commit 7ab39cba6a97ddd0879dd968167fc7809f87de6e)
|
|
decoded.length after it's been zero'ed out by data_blob_free() doesn't
give you the original length...
Andrew Bartlett
(This used to be commit 647a720cfb06bdf0dfc8fcdcab50aadcceb0494d)
|
|
- Fix typo in Makefile.in
- Fix compatibility with older vfs modules (from patch by metze)
- Build some modules shared by default and some static (and fall
back to static when dlopen() is not available)
(This used to be commit aa36f462d95f8a3a3a81a89c210b98a6f9fd295f)
|
|
(This used to be commit 9cc17bcfe633496ba6270fd82963ff768ae017b0)
|
|
- Make passdb work with absolute paths (passdb backend = /path/to/smbpasswd.so works now). vfs, rpc and charset will follow
(This used to be commit 794d3ed03619a4e41558d9ff65783a1aa1b2be90)
|
|
(This used to be commit 0dc611569427c8b63b752d0f62f2127dc1479754)
|
|
(This used to be commit 84707fd95eec260a1cb22a165a0161a075f93ada)
|
|
(This used to be commit b49436d020f8d88d42428c83ea9a278d3433d134)
|
|
(only on systems that support it, of course)
(This used to be commit bf439d733df6a11a25ff561a853c3382a3b34b96)
|
|
(This used to be commit 37ee8aecf4ae570c3d08e9fa94724bc9c917108f)
|
|
some double options and broke some parameters.
(This used to be commit d5f9b0275c91512e1926504f22aaeec2d104430d)
|
|
(This used to be commit cf3d31b9801d7ccb30334a92d4dc8a0ced2ecd31)
|
|
(This used to be commit 2ddfed298d7f0b6e690275725a39c3ef107077ae)
|
|
NTLM Authentication:
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit ec071ca3dcbd3881dc08e6a8d7ac2ff0bcd57664)
|
|
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
|
|
(This used to be commit eeeeb37fc6de60928f7efdeb05bb2c6516f24441)
|
|
(This used to be commit b18d02891be1ea3728239eee15a4aed3c3be2fea)
|
|
(This used to be commit 5a88d78f67fd7853d6f7d5042807afa56091d52c)
|
|
(This used to be commit 8315b9c3119dde62aeb72ad5e20f63aee89abd0b)
|
|
- Add some const
(This used to be commit e149e70717f38e082ce35d55f9b4d84ba8419af7)
|
|
Andrew Bartlett
(This used to be commit fb680f610ceb9a0f350c99456cf7ab1a507543fe)
|
|
Small clenaup patches:
- safe_string.h - don't assume that __FUNCTION__ is available
- process.c - use new workaround from safe_string.h for the same
- util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc()
- gencache.c - Keep valgrind quiet by always null terminating.
- clistr.c - Add copyright
- srvstr.h - move srvstr_push into a .c file again, as a real function.
- srvstr.c - revive, with 'safe' checked srvstr_push
- loadparm.c - set a default for the display charset.
- connection.c - use safe_strcpy()
Andrew Bartlett
(This used to be commit c91e76bddbe1244ddc8d12b092eba875834029ac)
|
|
- safe_string.h - don't assume that __FUNCTION__ is available
- process.c - use new workaround from safe_string.h for the same
- util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc()
- gencache.c - Keep valgrind quiet by always null terminating.
- clistr.c - Add copyright
- srvstr.h - move srvstr_push into a .c file again, as a real function.
- srvstr.c - revive, with 'safe' checked srvstr_push
- loadparm.c - set a default for the display charset.
Andrew Bartlett
(This used to be commit a7eba37aadeb0b04cb1bd89deddb58be8aba825c)
|
|
when sending(and vice versa when receiving).
(This used to be commit 5310447ec6e0df1c000e3ee14572f5b7fee31f28)
|
|
on 2000.
sending messages to 9x needs to be fixed, but that didn't work anyway
(This used to be commit ca066502a2a3dbdd8943d515c9c6d21e62d757b6)
|
|
Apply the job returned limit across all requests for job queues.
Jeremy.
(This used to be commit bf795b684e608f82db822e0759e7b69afd451b65)
|
|
Apply the job returned limit across all requests for job queues.
Jeremy.
(This used to be commit dee1326a1d8a0bf8977df22a0fe014dd5d8dc769)
|
|
Added new sid type = 9 for "computer" from MSDN.
(This used to be commit 45929d126932e5cac5a23fe76d28a4fa05b54b77)
|
|
(This used to be commit 5078436d83f0fdc568d6687809c7c70dea5fd382)
|
|
(This used to be commit 1960a650c1546323708ed6bea615dc7215a97b4f)
|
|
put a doc about it in dev-doc later today.
(This used to be commit af7bfee0c6902c07fdb8d3abccf4c8d6bab00b5a)
|
|
Jeremy.
(This used to be commit da1271a95fce7fd217555fb161d4669d0b9b80e2)
|
|
(This used to be commit 38a6ad95d789b3ece7a8e697195c8851663b3cd9)
|
|
'set_local_machine_name' so that the client can't change it from under us.
(.NET RC2 and WinXP install calls the machine 'machinename' during NTLMSSP
on the domain join).
Andrew Bartlett
(This used to be commit 4c7163e7c2cc09bd95faa05156ee480957a7a4d8)
|
|
First of all, do a char-by-char walk through both buffers until we get
to a non-ascii character, or a difference between the strings. This
prefix can be directly compared without needing to call into iconv.
This should be much faster for strings that are either all ascii, or
differ near the start.
(This used to be commit f7f692b2db4dd513068d6d8fed2792186933ddda)
|
|
used to be commit f0d009c3e91979b0dc3443e16f3f545bcc64cfda)
|
|
grows too much larger.
(This used to be commit 4bbddbfc6a97ebb11e299aa7bd07ebebeab42c65)
|
|
requests, without needing --client-perms=yes.
(This used to be commit 412a8780c35ee9449c9682e3ef73afb2c4933285)
|
|
clobbering the region, just in case clobbering causes us to crash
immediately. (That might happen if we just shot ourselves in the
stack and strcpy was not inlined.)
Also, in DEVELOPER mode and when Valgrind is available, mark the
clobbered region as uninitialized. This is an even stronger
protection than clobbering with 0xf1.
(This used to be commit 5653a42ae695f4b8f4c14d3184ca76523d38b51b)
|
|
is as stable as possible in the string department and some pain now
will help later :-).
Jeremy.
(This used to be commit 86e3eddac698d90f4666b8492b4603a4efbbd67b)
|
|
Original message:
This patch attemptes to clean up winbindd's mutex locking.
The current locking scheme in winbind is a complete mess - indeed, the
next step should be to push the locking into cli_full_connection(), but
I'll leave it for now.
This patch works on the noted behaviour that 2 parts of the connection
process need protection - and independent protection. Tim Potter did
some work on this a little while back, verifying the second case.
The two cases are:
- between connect() and first session setup
- during the auth2 phase of the netlogon pipe setup.
I've removed the counter on the lock, as I fail to see what it gains us.
This patch also adds 'anonymous fallback' to our winbindd -> DC connection.
If the authenticated connection fails (wbinfo -A specifed) - say that
account isn't trusted by a trusted DC - then we try an anonymous.
Both tpot and mbp like the patch.
Andrew Bartlett
(This used to be commit b5283c00a900393b83f0edb2785c5caf402404eb)
|
|
- Make ReadDirName return a const char*.
- Consequential changes from that
- mark our fstring/pstring assumptions in function prototypes
Andrew Bartlett
(This used to be commit 10b53d7c6fd77f23433dd2ef12bb14b227147a48)
|
|
(This used to be commit 04a5cbc8964386774acdca759b4cfaded068c8f2)
|
|
I'm not merging the current HEAD string stuff quite yet.
(This used to be commit 9b8d12e081462566043bb51e9c95605609572a54)
|
|
- Consequential changes from that
- mark our fstring/pstring assumptions in function prototypes
Andrew Bartlett
(This used to be commit fe2bc64bc439b27387b8f326b0f4f3bfcc3d04a1)
|
|
Andrew Bartlett
(This used to be commit 67a0319d268dfc0e2154d3ab0f8bf866e3cbb6db)
|
|
This patch enables the compile-time checking of strings assable by means of
sizeof(). (Original code had the configure check reversed).
This is extended to all safe_strcpy() users, push_string and pull_string,
as well as the cli and srv derivitives. There is an attempt to cap strings
at the end of the cli buffer, and clobber_region() of the speified length
(when not -1 :-).
Becouse of the way they are declared, the 'overmalloc a string' users of
safe_strcpy() have been changed to use overmalloc_safe_strcpy() (which skips
some of the checks).
This whole ball of mud worked fine, until I pulled out my 'fix' for our
statcache. When jeremy fixes that, we should be able to get back to testing
this stuff.
This patch also includes a 'marker' of the last caller to clobber_region (ie,
the function that called pstrcpy() that called clobber_region) to assist in
debugging problems that may have smashed the stack. This is printed at
smb_panic() time. (Original idea and patch by metze).
It also removes some unsused functions, and #if 0's some others that are
unused but probably should be used in the near future.
For now, this patch gives us some confidence on one class of trivial parsing
error in our code.
Andrew Bartlett
(This used to be commit 31f4827acc2a2f00399a5528fc83a0dae5cebaf4)
|
