summaryrefslogtreecommitdiff
path: root/source3/libsmb
AgeCommit message (Collapse)AuthorFilesLines
2001-12-21- handle kerberos session setup reply with broken null terminationAndrew Tridgell1-4/+5
- don't display Domain=[] for auth protocols that don't give us a domain (This used to be commit 20368455ea59e6e9b85632848bbe92069e7b0f38)
2001-12-21try to handle end of packet for not null terminated domain stringsAndrew Tridgell1-1/+3
(This used to be commit 1da988456dbd885820093ae43c74e0ac66f72802)
2001-12-19added trusted realm support to ADS authenticationAndrew Tridgell1-2/+2
the method used for checking if a domain is a trusted domain is very crude, we should really call a backend fn of some sort. For now I'm using winbindd to do the dirty work. (This used to be commit adf44a9bd0d997ba4dcfadc564a29149531525af)
2001-12-17there is no unknown field in LSA_SEC_QOSJean-François Micouleau1-2/+2
some cleanup of the lsa_open_policy and lsa_open_policy2 parser. the length fields are not correct but that's what NT send. We don't anymore underflow or overflow the decoding. added the domain admins group to the default SD. we are now checking the desired access flag in the lsa_open_policy_X() calls and in most functions also. J.F. (This used to be commit a217c4e4ff4d13122703d22258792fe5e8e9f02f)
2001-12-13Added comment.Tim Potter1-0/+2
(This used to be commit 594634ff1a1d5f780ddb9909f5365ee3e420a76c)
2001-12-13update the ldap support code. it compiles.Jean-François Micouleau1-2/+4
Ignacio you can update your howto ;-) samsync: a small patch to try chaning challenges. J.F. (This used to be commit c99bc305599698f2291efbfe20024355cb2bcde0)
2001-12-12Always use ASCII strings when changing passwords with RAP.Jeremy Allison1-3/+3
Jeremy. (This used to be commit d3ac2265b1b83e2e030688ee8e0d43918ce4d203)
2001-12-11handle a NULL hostname in cli_connect()Andrew Tridgell1-0/+3
(This used to be commit a181f49b4269baa1752ce6ed4f9093e38d2d3ce5)
2001-12-11detect attempts to connect to names of the type NAME#xx and do aAndrew Tridgell1-1/+11
netbios lookup for name NAME with node type xx. This affects all our client progs. Very useful :) (This used to be commit b4304c5231159fc6295c445f2eb4470c179b8d5e)
2001-12-11Doing some research into ACLs on the LSA and SAM policy objects.Tim Potter1-0/+52
- added lsaquerysecobj to rpcclient - renamed querysecobj to samquerysecobj - removed duplicated display_sec_acl() code from cmd_spoolss.c and cmd_samr.c and moved it into display_sec.c (This used to be commit 59b2e3f408a5ff22f2d81a927d010a7df5f19f7f)
2001-12-10NT_STATUS(0x80000005) maps to ERRDOS,234Jean-François Micouleau1-1/+1
J.F. (This used to be commit 80e36549b61cc2bb5148f6abb175d31a0c7782a1)
2001-12-10added enum alias groups to rpcclientJean-François Micouleau1-0/+78
(This used to be commit d4bc8f02f7dc856ffb29e95a81ffcc3a9d4b1695)
2001-12-10Treat RAP codes differently.Jeremy Allison1-19/+20
Jeremy. (This used to be commit 919b11a787145139e6255674179b2ff7e587475d)
2001-12-10RAP error strings take precedence as they are not encoded in the SMB headerJeremy Allison1-9/+9
(ie. the call can succeed, but still be an encoded error). Jeremy. (This used to be commit 3c68b94199ff08b205d1eb14da56804936b900a8)
2001-12-10Added client and server code for the GetPrintProcessorDirectory SPOOLSSTim Potter1-0/+59
rpc. This was supposed to fix a printer driver download bug but it didn't but it seemed a shame to trash all this code so I'm commiting it #ifdef'ed out in case someone needs it one day. (This used to be commit bef43656471741c6c10b12e7516c15de9ae76394)
2001-12-08added internal sasl/gssapi code. This means we are no longer dependent on ↵Andrew Tridgell1-1/+1
cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm (This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b)
2001-12-08Leak less memory.Andrew Bartlett1-8/+18
Now, is there any reason that the prs_init() doesn't use the talloc context that it is supplied as an argument for the actual data buffer? It would seem logical to replace the malloc with a talloc, but I'm sure there is some method to the madness (extrnal use/Reallocing of it I presume) Andrew Bartlett (This used to be commit ad18f33bfa79ce93024f3cb3a334cff622fe82a4)
2001-12-05Added fetch_domain_sid. Not used in current code, but a nice exampleJeremy Allison1-0/+96
of how to use this interface. Jeremy. (This used to be commit 291985123515f99bb3fd86605d5b8a08301070a2)
2001-12-05OK. Smbpasswd -j is DEAD.Andrew Bartlett2-1/+198
This moves the rest of the functionality into the 'net rpc join' code. Futhermore, this moves that entire area over to the libsmb codebase, rather than the crufty old rpc_client stuff. I have also fixed up the smbpasswd -a -m bug in the process. We also have a new 'net rpc changetrustpw' that can be called from a cron-job to regularly change the trust account password, for sites that run winbind but not smbd. With a little more work, we can kill rpc_client from smbd entirly! (It is mostly the domain auth stuff - which I can rework - and the spoolss stuff that sombody else will need to look over). Andrew Bartlett (This used to be commit 575897e879fc175ba702adf245384033342c903d)
2001-12-05Ditto on the const religion.Andrew Bartlett1-2/+2
(This used to be commit e1b940c91b748230664544fd9191123247dd1f24)
2001-12-04Add 'net rpc join' to match the ADS equiv.Andrew Bartlett2-12/+7
This kills off the offending code in smbpasswd -j -Uab%c In the process we have changed from unsing compelatly random passwords to random, 15 char ascii strings. While this does produce a decrese in entropy, it is still vastly greater than we need, considering the application. In the meantime this allows us to actually *type* the machine account password duruign debugging. This code also adds a 'check' step to the join, confirming that the stored password does indeed do somthing of value :-) Andrew Bartlett (This used to be commit c0b7ee6ee547dc7ff798eaf8cb63fbe344073029)
2001-12-04Fix up funtion name, as this finds local, not domain master browsers.Andrew Bartlett1-2/+2
(as per tridge's instructions) (This used to be commit 0692d792f24f1c82c69532e50a6c4373c9a8b476)
2001-12-04Added error message for ERRdiskfull.Tim Potter1-0/+1
(This used to be commit 9f5d7e8a04c36395570247bc5e1b7b3fc5d1a322)
2001-12-04when using non-encrypted password ignore the ntpass variable toAndrew Tridgell1-2/+2
session setup (This used to be commit c7665706cd5633ede710afe41413624124038238)
2001-12-03const religionAndrew Tridgell1-1/+1
(This used to be commit 359ca8f246c46b1700418fe0226458023f808d67)
2001-12-03This change reworkes the connection code for both rpcclient and net newAndrew Bartlett1-1/+113
'net' untility. This should make it easier to port rpcclient code across to net. It also allows SPNEGO (the NTLMSSP subsystem in particular) to work, becouse it kills off the early destruction of the clear-text password. Andrew Bartlett (This used to be commit eee925861a3af3aa16efa3b1700a980c9510c14e)
2001-12-02added queryuseraliases to rpcclientJean-François Micouleau1-0/+49
and some comments to the samr server code, to explain what we should return here. J.F. (This used to be commit 06cb20a46d9d9f8abf0d92ba4cfa4d23187ad715)
2001-12-01added samr_query_sec_obj for rpcclientJean-François Micouleau1-0/+46
J.F. (This used to be commit d8809c58614cd97ef78d398645788e41022a8c39)
2001-11-29I think the lookup_pdc_name() should be called lookup_dc_name() and theTim Potter1-21/+22
name_status_find() call here should look up a #1c name instead of #1d. This fixes some bugs currently with BDC authentication in winbindd and in smbd as you can't query the #1d name with the ip address of a BDC. Who is Uncle Tom Cobbley anyway? (This used to be commit 4215048f7b20a8f9e5877bdbb2f54841b2f7fa64)
2001-11-28fixed some krb5 ifdefsAndrew Tridgell2-3/+3
(This used to be commit 23ef22f11700bbaa5778a9678a990a2b041fcefe)
2001-11-28fixed a core dump in server level securityAndrew Tridgell1-2/+4
(This used to be commit e790bb21d3895bef97522b68c6f00812e6c286f2)
2001-11-28fix a bunch of places where we can double-free a cli structureAndrew Tridgell1-4/+4
(This used to be commit e2ba2383c9f679c076749a8f4fccefc3559e37ec)
2001-11-28Cross merge to make 2.2 and HEAD closer.Jeremy Allison1-9/+6
Jeremy. (This used to be commit 39f076b56cf457cc780dd30a4d3150d8bfc60d13)
2001-11-27Fix another memory leak spotted by Tom Jansen.Richard Sharpe1-0/+1
(This used to be commit 6e2c06a6e6173e68a75fd1adfaa73fe9a9210fef)
2001-11-27prevent a bogus insure wild ptr messageAndrew Tridgell1-1/+2
(This used to be commit 1976a8f87544140363449a361f7c7347ef2c44f5)
2001-11-27prevent a memory leak of cli structuresAndrew Tridgell1-1/+7
(This used to be commit 911c57403bd116405876e73913ad73efd15f659b)
2001-11-26increment the value not the pointerAndrew Tridgell1-1/+1
(This used to be commit e3698259afa79fcd318592b1d628803695406337)
2001-11-26Fix --enable-developer shadow warningAndrew Bartlett1-3/+3
(This used to be commit 6a919bcf3d5848e09ddba1e8946f985661af8f67)
2001-11-26Got medieval on another pointless extern. Removed extern struct ipzeroTim Potter2-5/+3
and replaced with two functions: void zero_ip(struct in_adder *ip); BOOL is_zero_ip(struct in_addr ip); (This used to be commit 778f5f77a66cda76348a7c6f64cd63afe2bfe077)
2001-11-26And delete domain_client_validate.c...Andrew Bartlett1-432/+0
Andrew Bartlett (This used to be commit 6caca4301ba88d026ce1989cefd3e9eeb65df376)
2001-11-26use DEBUG() not d_printf() in librariesAndrew Tridgell1-2/+2
(This used to be commit 5100ae4ae032545edaf525de1dfbe5dc9dafecfc)
2001-11-25Use "password server" for searching for BDC's also as Tim suggested.Jeremy Allison1-6/+8
Jeremy. (This used to be commit 4aca67761fbe601e27f8f768c28a11241f088bba)
2001-11-25Add a new torture test to extract a NT->DOS error map from an NT member of aAndrew Bartlett4-5/+74
samba domain. The PDC must be running a special authenticaion module that spits out NT errors based on username. Andrew Bartlett (This used to be commit adc7a6048c13342b79b6228beafb5142c50f318d)
2001-11-24added "net join" commandAndrew Tridgell1-0/+7
this completes the first stage of the smbd ADS support (This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett2-5/+6
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-24added lsaenumprivsaccount and lsalookupprivvalue to rpcclientJean-François Micouleau1-0/+174
and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
2001-11-23Changed how the privileges are stored in the group mapping code. It's nowJean-François Micouleau1-0/+2
an array of uint32. That's not perfect but that's better. Added more privileges too. Changed the local_lookup_rid/name functions in passdb.c to check if the group is mapped. Makes the LSA rpc calls return correct groups Corrected the return code in the LSA server code enum_sids. Only enumerate well known aliases if they are mapped to real unix groups. Won't confuse user seeing groups not available. Added a short/long view to smbgroupedit. now decoding rpc calls to add/remove privileges to sid. J.F. (This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
2001-11-23Update some of the error mapping, based on on-the-wire observations of an ↵Andrew Bartlett1-7/+7
NT4 server. This lets our Win9X clients give sane error messages when you get passwords wrong and the like. Andrew Bartlett (This used to be commit f199e9518226ed57a011113bdf06c85265e49674)
2001-11-23Finally worked out why a enumerate trusted domains was returning aTim Potter2-11/+15
NT_STATUS_UNABLE_TO_FREE_VM error. This error code was mis-defined as 0x8000001a instead of 0xc000001a. The former is actually a NT_STATUS_NO_MORE_ENTRIES warning which is what we see in the status code. Removed the & 0xffffff from the loop in get_nt_error_msg() as all the error constants now have the correct high bits set. (This used to be commit 80dca2c9e46753d87e673d712c96c76ffde0b276)
2001-11-23Added constants and error message for dos error code 1326 (logon failure).Tim Potter2-1/+13
(This used to be commit 6ce1eec09de64f19d969a67fc236abd4ae277926)