| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
REMOVED BZERO CALLS YET AGAIN !!! Why do these keep creeping back in....
They are *NOT* POSIX. I'm also thinking of removing strncpy as I'm sure
it's not being used correctly....
Jeremy.
(This used to be commit b1930abb35dee74f858a3f7190276c418af2322b)
|
|
Got "medieval on our ass" about const warnings (as many as I could :-).
Jeremy.
(This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
|
|
(This used to be commit 4e882289b0e291bb57d48fc2b2120919632daa5f)
|
|
code.
In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.
Major Changes:
- Fully malloc'ed structures.
- Massive rework of the code so that all structures are made and destroyed
using malloc and free, rather than hanging around on the stack.
- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
to be declared 'invalid' without the chance that people might get ROOT by
default.
- kill off some of the "DOMAIN\user" lookups. These can be readded at a more
appropriate place (probably domain_client_validate.c) in the future. They
don't belong in session setups.
- Massive introduction of DATA_BLOB structures, particularly for passwords.
- Use NTLMSSP flags to tell the backend what its getting, rather than magic
lenghths.
- Fix winbind back up again, but tpot is redoing this soon anyway.
- Abstract much of the work in srv_netlog_nt back into auth helper functions.
This is a LARGE change, and any assistance is testing it is appriciated.
Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.
Needs testing with a wide variety of MS clients.
Andrew Bartlett
(This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
|
|
(This used to be commit ceba373aa30e09be948bd0980040cba204d12084)
|
|
To obtain the full group membership of a user (i.e nested groups on a
win2k native mode server) it is necessary to merge this list of groups
with the groups returned by winbindd when creating an nt access token.
This breaks winbindd linking while AB and I sync up our changes to the
authentication subsystem.
(This used to be commit 4eeb7bcd783d7cfb3ac232f1faa035773007401d)
|
|
(This used to be commit b30232e2b7ddb5eab419d4e6237176f695a534ad)
|
|
libsmb has not been written to be setuid, with things like LIBSMB_PROG allowing
all sort of fun and games.
Andrew Bartlett
(This used to be commit 0c8e9339d8238de92e9146d04091694b62874c33)
|
|
(This used to be commit c78fec86c97075bb5726fcb7ed197bc75dd88ac0)
|
|
the validation level. This allows us to test interactive or network logons.
Interestingly enough a win2k native mode server generates a rpc fault when
presented with a network logon!
(This used to be commit 0758c0ea845dd0b552e4dab3ce05f0811fa9658e)
|
|
there's a bug in the marshalling of net_sam_logon.
(This used to be commit 7c5ac46b8ad0be681d102e7ef3478d64d7a2b8e6)
|
|
Andrew Bartlett.
From kai@cmail.ru Mon Oct 29 18:50:42 2001
Date: Fri, 19 Oct 2001 17:26:06 +0300
From: Andrew V. Samoilov <kai@cmail.ru>
To: samba-technical@lists.samba.org
Subject: [patch]: makes some arrays const to be shared between processes
Hi!
This patch makes some arrays const. So these arrays go to text/rodata
segment and are shared between all of the processes which use shared
library with these arrays.
Regards,
Andrew V. Samoilov.
P.S. Please cc your answer to kai@cmail.ru,
I don't subscribed to this list.
ChangeLog:
* cliconnect.c (prots): Make const.
* clierror.c (rap_errmap): Likewise.
* nmblib.c (nmb_header_opcode_names): Likewise.
(lookup_opcode_name): Make opcode_namep const. Eliminate i.
* nterr.c (nt_err_code_struct): Typedef const.
* smberr.c (err_code_struct): Make const.
(err_classes): Likewise.
(This used to be commit cb84485a2b0e1fdcb6fa90e0bfb97e125ae1b3dd)
|
|
In particular this commit focuses on:
Actually adding the 'const' to the passdb interface, and the flow-on changes.
Also kill off the 'disp_info' stuff, as its no longer used.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes introduces a large dose of 'const' to the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
---
This finishes this line of commits off, your tree should now compile again :-)
Andrew Bartlett
(This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
|
|
(This used to be commit 12c10e876ea528fdf33e8ecfe42ab0ebb346b143)
|
|
NTLMSSP in cli_establish_connection()
What we really need to do is kill off the pwd_cache code. It is horrible,
and assumes the challenge comes in the negprot reply.
(This used to be commit 3f919b4360b3bfcc133f7d88bc5177e9d93f2db2)
|
|
Jeremy.
(This used to be commit 070fd5180fef921efb363ff24f04a298254f108b)
|
|
name is a "principal", not a principle. English majors will complain :-).
Jeremy.
(This used to be commit b668d7d656cdd066820fb8044f24bcd4fda29524)
|
|
(This used to be commit 44bdb8b12b3d6a7bf3148c2ac651a79f10776db6)
|
|
(This used to be commit d1341d74b7aa5f6b3f72e5409b245f87f1ad670b)
|
|
(This used to be commit eac164c7e650a8f855e7b662b126a5dfc5516927)
|
|
in a tdb.
Jeremy.
(This used to be commit 058ae6b58f61ef46013dd076af3a84de5fbaaab1)
|
|
(This used to be commit fd3a3daef3b8f7140e7006d30d23d739ac3aad2f)
|
|
(This used to be commit b94427ddd55c177145da2665afe3d3a3682db031)
|
|
it should give something for others to hack on and possibly find what
I'm doing wrong.
(This used to be commit 353c290f059347265b9be2aa1010c2956da06485)
|
|
loses things like username mapping. I wanted to get this in then
discuss it a bit to see how we want to split up the existing
session setup code
(This used to be commit b74fda69bf23207c26d8b2af23910d8f2eb89875)
|
|
(This used to be commit 888183a17cfb12c0cbf7d1ed515064d6f1716114)
|
|
(This used to be commit 1bcdf9106afacbe18437e87178bc1f219695c1e9)
|
|
in the asn1 spnego structures)
(This used to be commit 131010e9fb842b4d5a8660c538a3313c95fadae7)
|
|
- handle servers that don't send a kerberos principle (non-member servers)
- enable spnego without KRB5
(This used to be commit b218d465a1968a11d2d6a42afa7e552fea8b7f5e)
|
|
(This used to be commit 7092beef9d7a68018ede569883b22c822300c7ff)
|
|
enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM
(This used to be commit 076aa97bee54d182288d9e93ae160ae22a5f7757)
|
|
(This used to be commit 8b692d8326a1548a7dbbd2cecee9ece6aa60473a)
|
|
packet which means I can extract the service and realm, so we should
now work with realms other than the local realm.
it also means we now check the list of OIDs given by the server just
in case it says that it doesn't support kerberos. In that case we
should fall back to NTLMSSP but that isn't written yet.
(This used to be commit 395cfeea94febb5280ea57027e8a8a3c7c3f9291)
|
|
(This used to be commit 919734c1a6fd8b3bd0e12e96d878f47b6d6ff5e0)
|
|
activate you need to:
- install krb5 libraries
- run configure
- build smbclient
- run kinit to get a TGT
- run smbclient with the -k option to choose kerberos auth
(This used to be commit d33057585644e1337bac743e25ed7653bfb39eef)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
(This used to be commit 758d923fa183b50acab9928e402f17bd25ba8f41)
|
|
decode_pw_buffer() and the samr password changing routines.
And yes, I know that we can lost some information in the Unicode->UTF->Unicode
bit of this, but its worth the code cleanup.
This also takes into account the possability of multibyte passwords.
Andrew Bartlett
(This used to be commit 42402c87d6bcff71b700e497b74d2600d7ce8b95)
|
|
(This used to be commit b2eb7feb7f5bafe953fdeb92daaf9e4f08e44983)
|
|
Jeremy.
(This used to be commit b5f4a97bb028394f56c904dbb8e12827cb99e785)
|
|
(This used to be commit e0bdcbc5994345fdc76f7590dba7bce5f0127d58)
|
|
completely broken, and it's pointless to emulate their brokenness completely in this case, but at least this makes us use approximately the same packet format. The spec is complelet wrong in this case
(This used to be commit 2d507ec669def6d49304559e53d6c14af9b290a9)
|
|
(This used to be commit 23dc3fc7009ce40064db57d5ec8b720c7d9350a8)
|
|
(This used to be commit 48fc6a6cd52e01b287030fbbf0aa08a6814c5e11)
|
|
(This used to be commit b6cb6b837ac06d8b9cb898668e69236b64a8b698)
|
|
when calling cli_netlogon_sam_sync(). (-:
(This used to be commit e4a3231a074b01cb1d6c4bf42e0a8e687e584413)
|
|
Use werror_to_ntstatus() to convert error returns from dfs client functions
into nt errors.
(This used to be commit a83061ef3e4933c52e7206270b455a3888fa63a8)
|
|
- the usersupplied_info now contains a smb_username (as it comes across on
the wire) and a unix_username (after being passed through mapping
functions)
- when doing security={server,domain} use the smb_username, otherwise use
the unix_username
(This used to be commit d34fd8ec0716127c7a68eeb8e77d1ae8cc07b547)
|
|
(This used to be commit 97286570ef6f9151b5fe0be32aa4b294e7db9ab8)
|
|
(This used to be commit ff149308349fbf80399d9d541659f3c1d668306a)
|
