summaryrefslogtreecommitdiff
path: root/source3/libsmb
AgeCommit message (Collapse)AuthorFilesLines
2001-11-24added "net join" commandAndrew Tridgell1-0/+7
this completes the first stage of the smbd ADS support (This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett2-5/+6
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-24added lsaenumprivsaccount and lsalookupprivvalue to rpcclientJean-François Micouleau1-0/+174
and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-23Changed how the privileges are stored in the group mapping code. It's nowJean-François Micouleau1-0/+2
an array of uint32. That's not perfect but that's better. Added more privileges too. Changed the local_lookup_rid/name functions in passdb.c to check if the group is mapped. Makes the LSA rpc calls return correct groups Corrected the return code in the LSA server code enum_sids. Only enumerate well known aliases if they are mapped to real unix groups. Won't confuse user seeing groups not available. Added a short/long view to smbgroupedit. now decoding rpc calls to add/remove privileges to sid. J.F. (This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
2001-11-23Update some of the error mapping, based on on-the-wire observations of an ↵Andrew Bartlett1-7/+7
NT4 server. This lets our Win9X clients give sane error messages when you get passwords wrong and the like. Andrew Bartlett (This used to be commit f199e9518226ed57a011113bdf06c85265e49674)
2001-11-23Finally worked out why a enumerate trusted domains was returning aTim Potter2-11/+15
NT_STATUS_UNABLE_TO_FREE_VM error. This error code was mis-defined as 0x8000001a instead of 0xc000001a. The former is actually a NT_STATUS_NO_MORE_ENTRIES warning which is what we see in the status code. Removed the & 0xffffff from the loop in get_nt_error_msg() as all the error constants now have the correct high bits set. (This used to be commit 80dca2c9e46753d87e673d712c96c76ffde0b276)
2001-11-23Added constants and error message for dos error code 1326 (logon failure).Tim Potter2-1/+13
(This used to be commit 6ce1eec09de64f19d969a67fc236abd4ae277926)
2001-11-22added lsa_enum_sids to rpcclientJean-François Micouleau1-0/+69
fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
2001-11-22Removed unused variable.Tim Potter1-1/+0
(This used to be commit d1dee2d0323fe6fc498e50201535b1718a88abaf)
2001-11-22Oops - opening wrong pipe name in cli_lsa_initialise() helper function.Tim Potter1-1/+1
(This used to be commit d2034bc5f7dc9b5b9d5e4f17ee8e468307dcb2d5)
2001-11-22add another command to rpcclient: getdispname. Show the full descriptionJean-François Micouleau1-0/+53
of a privilege. J.F. (This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
2001-11-22add a command to rpcclient: enumprivsJean-François Micouleau1-0/+82
J.F. (This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
2001-11-22Got positive and negative name caching working correctly with ↵Jeremy Allison1-22/+24
lookupname/lookupsid. There was a bug in cli_lsa_lookup_name/lookup_sid where NT_STATUS_NONE_MAPPED was being mapped to NT_STATUS_OK, and also the *wrong* number of entries mapped was being returned. The correct field is mapped_count, *NOT* num_entries. Jeremy. (This used to be commit 9f8c644abc455510c06dbd5dbac49c6270746560)
2001-11-21W2K doesn't seem to respond to *#0 names in node status. Ensure nameJeremy Allison3-11/+58
lookup uses password server parameter when looking for PDCs. Jeremy. (This used to be commit 54c968913d6553c6d834b068234ab176917075eb)
2001-11-21One more patch from Tom Jansen. Hope I didn't break the tree :-)Richard Sharpe1-0/+7
(This used to be commit 6d7c0f0bb4cbfdcd9a83416345432e07556f6cfc)
2001-11-21Fix up the build again...Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit a34c07377b1de61e145f699047474a82962ccd5b)
2001-11-21Fix up libsmbclient in head.Richard Sharpe1-1366/+1413
Apply the patches from Tom Jansen, get rid of fprintfs and change them to DEBUGs, etc ... (This used to be commit 7ac404c85303c9c3fbd48054fc4876bd4bc1567b)
2001-11-20add asn1 integer handling ready for the ldap netjoin codeAndrew Tridgell1-0/+26
(This used to be commit 74303b75e43856bfb127c143d27e5c5fdcf32c91)
2001-11-20- make sure we use a non-zero session id so we can have multiple connsAndrew Tridgell1-8/+4
open to w2k - fix the string handling in the device name to match NT and smbd - don't pull the domain from negprot if CAP_EXTENDED_SECURITY is set (This used to be commit 618989b386b5564ba140afdc17ce7a07040c3c4e)
2001-11-19LMHOSTSFILE is now dynamically configured too.Martin Pool1-1/+1
(This used to be commit a779710fff5fddcbf65a8ddc8e9169b586b85481)
2001-11-17Fix problems with lp_workgroup() being passed to routines that will modifyRichard Sharpe1-24/+44
it and fix smb://<IP-addr>. (This used to be commit ac2562a0fb7eafd94d53a2c36d33e8f5236d60ff)
2001-11-15Tidyup formatting a bit (spaces->tabs) whilst reading new code to understandJeremy Allison1-46/+34
connection caching. Getting ready for back-merge to 2.2.3. Jeremy. (This used to be commit 5e8df83ba9924adf9df6827c06ed1a2adbe36edf)
2001-11-15Doxygen demo for Tim.Martin Pool1-9/+24
(This used to be commit 5c892badbcad43b8a2e002d1a42483c402f2d3e9)
2001-11-14Close the socket and set the file descriptor to -1 if there was a socketTim Potter1-0/+9
error in cli_receive_smb() and cli_send_smb(). (This used to be commit bedd9c821521dad46df50e8b31e4a58bb0a9a604)
2001-11-14Removed the "reestablish" code. Tridge - scream if this was needed....Jeremy Allison2-60/+2
Jeremy. (This used to be commit e6afe40f85d7dbe79322c82dac735d901e7e71df)
2001-11-11Minor updates. A small dose of const.Andrew Bartlett1-1/+1
(This used to be commit 80667cb0dd1a2cdef17711c8580af9f524971cea)
2001-11-07Add function to add those hosts who have added msbrowse (domain master browsers)Steve French1-0/+8
(This used to be commit 3fd96a47543c268fd2828793df4006cc47a9e95b)
2001-11-05Fixed looking up domain (winbind) users ahead of local users inTim Potter1-6/+18
domain_client_validate() (This used to be commit df0db8edb12dc8b8d290e5ac599fa7b517e9d263)
2001-11-05free the negTokenInit structureAndrew Tridgell1-0/+2
(This used to be commit 5b1c942a5cab828ebfcf2e8f5decb754c4cdb70e)
2001-11-05merge from 2.2. Why is STR_CONVERT missing when comparingGerald Carter1-1/+1
2.2 to HEAD? (This used to be commit 4f47daf97b9e74ec75287f46e2c4aeddc944779e)
2001-11-04Got serious about const again.Jeremy Allison4-98/+100
REMOVED BZERO CALLS YET AGAIN !!! Why do these keep creeping back in.... They are *NOT* POSIX. I'm also thinking of removing strncpy as I'm sure it's not being used correctly.... Jeremy. (This used to be commit b1930abb35dee74f858a3f7190276c418af2322b)
2001-11-03Added NT_USER_TOKEN into server_info to fix extra groups problem.Jeremy Allison4-43/+58
Got "medieval on our ass" about const warnings (as many as I could :-). Jeremy. (This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
2001-11-03Added support for UserListGroups, ServiceEnumSteve French1-0/+125
(This used to be commit 4e882289b0e291bb57d48fc2b2120919632daa5f)
2001-10-31This is a farily large patch (3300 lines) and reworks most of the AuthRewriteAndrew Bartlett2-31/+46
code. In particular this assists tpot in some of his work, becouse it provides the connection between the authenticaion and the vuid generation. Major Changes: - Fully malloc'ed structures. - Massive rework of the code so that all structures are made and destroyed using malloc and free, rather than hanging around on the stack. - SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them to be declared 'invalid' without the chance that people might get ROOT by default. - kill off some of the "DOMAIN\user" lookups. These can be readded at a more appropriate place (probably domain_client_validate.c) in the future. They don't belong in session setups. - Massive introduction of DATA_BLOB structures, particularly for passwords. - Use NTLMSSP flags to tell the backend what its getting, rather than magic lenghths. - Fix winbind back up again, but tpot is redoing this soon anyway. - Abstract much of the work in srv_netlog_nt back into auth helper functions. This is a LARGE change, and any assistance is testing it is appriciated. Domain logons are still broken (as far as I can tell) but other functionality seems intact. Needs testing with a wide variety of MS clients. Andrew Bartlett (This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
2001-10-31More const.Andrew Bartlett1-2/+2
(This used to be commit ceba373aa30e09be948bd0980040cba204d12084)
2001-10-31Added some extra fields to the auth_serversupplied_info structure.Tim Potter1-2/+23
To obtain the full group membership of a user (i.e nested groups on a win2k native mode server) it is necessary to merge this list of groups with the groups returned by winbindd when creating an nt access token. This breaks winbindd linking while AB and I sync up our changes to the authentication subsystem. (This used to be commit 4eeb7bcd783d7cfb3ac232f1faa035773007401d)
2001-10-31Some tweaking to make the samlogon function look more like NT on the wire.Tim Potter1-7/+7
(This used to be commit b30232e2b7ddb5eab419d4e6237176f695a534ad)
2001-10-31Parionia to ensure people don't install libsmb based programs setuid root.Andrew Bartlett1-0/+6
libsmb has not been written to be setuid, with things like LIBSMB_PROG allowing all sort of fun and games. Andrew Bartlett (This used to be commit 0c8e9339d8238de92e9146d04091694b62874c33)
2001-10-30Fix debug in domain_client_validate() when password server = *.Tim Potter1-1/+1
(This used to be commit c78fec86c97075bb5726fcb7ed197bc75dd88ac0)
2001-10-30Allow the logon level to be passed to cli_netlogon_sam_logon() rather thanTim Potter1-13/+41
the validation level. This allows us to test interactive or network logons. Interestingly enough a win2k native mode server generates a rpc fault when presented with a network logon! (This used to be commit 0758c0ea845dd0b552e4dab3ce05f0811fa9658e)
2001-10-30Added samlogon command to test against win2k native mode server. I thinkTim Potter1-0/+72
there's a bug in the marshalling of net_sam_logon. (This used to be commit 7c5ac46b8ad0be681d102e7ef3478d64d7a2b8e6)
2001-10-29This patch applied, except without the structure changes to nmblib.cAndrew Bartlett5-8/+8
Andrew Bartlett. From kai@cmail.ru Mon Oct 29 18:50:42 2001 Date: Fri, 19 Oct 2001 17:26:06 +0300 From: Andrew V. Samoilov <kai@cmail.ru> To: samba-technical@lists.samba.org Subject: [patch]: makes some arrays const to be shared between processes Hi! This patch makes some arrays const. So these arrays go to text/rodata segment and are shared between all of the processes which use shared library with these arrays. Regards, Andrew V. Samoilov. P.S. Please cc your answer to kai@cmail.ru, I don't subscribed to this list. ChangeLog: * cliconnect.c (prots): Make const. * clierror.c (rap_errmap): Likewise. * nmblib.c (nmb_header_opcode_names): Likewise. (lookup_opcode_name): Make opcode_namep const. Eliminate i. * nterr.c (nt_err_code_struct): Typedef const. * smberr.c (err_code_struct): Make const. (err_classes): Likewise. (This used to be commit cb84485a2b0e1fdcb6fa90e0bfb97e125ae1b3dd)
2001-10-29This commit is number 4 of 4.Andrew Bartlett2-11/+11
In particular this commit focuses on: Actually adding the 'const' to the passdb interface, and the flow-on changes. Also kill off the 'disp_info' stuff, as its no longer used. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes introduces a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username --- This finishes this line of commits off, your tree should now compile again :-) Andrew Bartlett (This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
2001-10-23more compiler warningsHerb Lewis1-2/+2
(This used to be commit 12c10e876ea528fdf33e8ecfe42ab0ebb346b143)
2001-10-22a quick fix to get rpcclient working again. This just disablesAndrew Tridgell2-1/+8
NTLMSSP in cli_establish_connection() What we really need to do is kill off the pwd_cache code. It is horrible, and assumes the challenge comes in the negprot reply. (This used to be commit 3f919b4360b3bfcc133f7d88bc5177e9d93f2db2)
2001-10-22Fix for @ in pathname from Kian Win.Jeremy Allison1-1/+5
Jeremy. (This used to be commit 070fd5180fef921efb363ff24f04a298254f108b)
2001-10-21Ok, I know it's a language thing and it shouldn't matter.... but a kerberosJeremy Allison3-21/+21
name is a "principal", not a principle. English majors will complain :-). Jeremy. (This used to be commit b668d7d656cdd066820fb8044f24bcd4fda29524)
2001-10-21Fix for compilation on non-krb5 systemsAndrew Bartlett1-1/+1
(This used to be commit 44bdb8b12b3d6a7bf3148c2ac651a79f10776db6)
2001-10-21made smbclient cope better with arbitrary principle formsAndrew Tridgell3-21/+10
(This used to be commit d1341d74b7aa5f6b3f72e5409b245f87f1ad670b)
2001-10-21support both old and new kerberos OIDsAndrew Tridgell1-1/+2
(This used to be commit eac164c7e650a8f855e7b662b126a5dfc5516927)