| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This moves the rest of the functionality into the 'net rpc join' code.
Futhermore, this moves that entire area over to the libsmb codebase, rather
than the crufty old rpc_client stuff.
I have also fixed up the smbpasswd -a -m bug in the process.
We also have a new 'net rpc changetrustpw' that can be called from a
cron-job to regularly change the trust account password, for sites
that run winbind but not smbd.
With a little more work, we can kill rpc_client from smbd entirly!
(It is mostly the domain auth stuff - which I can rework - and the
spoolss stuff that sombody else will need to look over).
Andrew Bartlett
(This used to be commit 575897e879fc175ba702adf245384033342c903d)
|
|
(This used to be commit e1b940c91b748230664544fd9191123247dd1f24)
|
|
This kills off the offending code in smbpasswd -j -Uab%c
In the process we have changed from unsing compelatly random passwords
to random, 15 char ascii strings. While this does produce a decrese in
entropy, it is still vastly greater than we need, considering the application.
In the meantime this allows us to actually *type* the machine account
password duruign debugging.
This code also adds a 'check' step to the join, confirming that the
stored password does indeed do somthing of value :-)
Andrew Bartlett
(This used to be commit c0b7ee6ee547dc7ff798eaf8cb63fbe344073029)
|
|
(as per tridge's instructions)
(This used to be commit 0692d792f24f1c82c69532e50a6c4373c9a8b476)
|
|
(This used to be commit 9f5d7e8a04c36395570247bc5e1b7b3fc5d1a322)
|
|
session setup
(This used to be commit c7665706cd5633ede710afe41413624124038238)
|
|
(This used to be commit 359ca8f246c46b1700418fe0226458023f808d67)
|
|
'net' untility.
This should make it easier to port rpcclient code across to net.
It also allows SPNEGO (the NTLMSSP subsystem in particular) to work, becouse
it kills off the early destruction of the clear-text password.
Andrew Bartlett
(This used to be commit eee925861a3af3aa16efa3b1700a980c9510c14e)
|
|
and some comments to the samr server code, to explain what we should
return here.
J.F.
(This used to be commit 06cb20a46d9d9f8abf0d92ba4cfa4d23187ad715)
|
|
J.F.
(This used to be commit d8809c58614cd97ef78d398645788e41022a8c39)
|
|
name_status_find() call here should look up a #1c name instead of #1d.
This fixes some bugs currently with BDC authentication in winbindd and in
smbd as you can't query the #1d name with the ip address of a BDC.
Who is Uncle Tom Cobbley anyway?
(This used to be commit 4215048f7b20a8f9e5877bdbb2f54841b2f7fa64)
|
|
(This used to be commit 23ef22f11700bbaa5778a9678a990a2b041fcefe)
|
|
(This used to be commit e790bb21d3895bef97522b68c6f00812e6c286f2)
|
|
(This used to be commit e2ba2383c9f679c076749a8f4fccefc3559e37ec)
|
|
Jeremy.
(This used to be commit 39f076b56cf457cc780dd30a4d3150d8bfc60d13)
|
|
(This used to be commit 6e2c06a6e6173e68a75fd1adfaa73fe9a9210fef)
|
|
(This used to be commit 1976a8f87544140363449a361f7c7347ef2c44f5)
|
|
(This used to be commit 911c57403bd116405876e73913ad73efd15f659b)
|
|
(This used to be commit e3698259afa79fcd318592b1d628803695406337)
|
|
(This used to be commit 6a919bcf3d5848e09ddba1e8946f985661af8f67)
|
|
and replaced with two functions:
void zero_ip(struct in_adder *ip);
BOOL is_zero_ip(struct in_addr ip);
(This used to be commit 778f5f77a66cda76348a7c6f64cd63afe2bfe077)
|
|
Andrew Bartlett
(This used to be commit 6caca4301ba88d026ce1989cefd3e9eeb65df376)
|
|
(This used to be commit 5100ae4ae032545edaf525de1dfbe5dc9dafecfc)
|
|
Jeremy.
(This used to be commit 4aca67761fbe601e27f8f768c28a11241f088bba)
|
|
samba domain.
The PDC must be running a special authenticaion module that spits out NT errors
based on username.
Andrew Bartlett
(This used to be commit adc7a6048c13342b79b6228beafb5142c50f318d)
|
|
this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
|
|
subystem.
The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.
This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality. While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.
This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists. It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.
Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.
While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.
The following parameters have changed:
- use rhosts =
This has been replaced by the 'rhosts' authentication method,
and can be specified like 'auth methods = guest rhosts'
- hosts equiv =
This needs both this parameter and an 'auth methods' entry
to be effective. (auth methods = guest hostsequiv ....)
- plaintext to smbpasswd =
This is replaced by specifying 'sam' rather than 'local'
in the auth methods.
The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.
The available auth methods are:
guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)
Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.
Andrew Bartlett
(This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
|
|
and more to come ...
J.F.
(This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)
|
|
an array of uint32. That's not perfect but that's better.
Added more privileges too.
Changed the local_lookup_rid/name functions in passdb.c to check if the
group is mapped. Makes the LSA rpc calls return correct groups
Corrected the return code in the LSA server code enum_sids.
Only enumerate well known aliases if they are mapped to real unix groups.
Won't confuse user seeing groups not available.
Added a short/long view to smbgroupedit.
now decoding rpc calls to add/remove privileges to sid.
J.F.
(This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
|
|
NT4 server.
This lets our Win9X clients give sane error messages when you get passwords wrong
and the like.
Andrew Bartlett
(This used to be commit f199e9518226ed57a011113bdf06c85265e49674)
|
|
NT_STATUS_UNABLE_TO_FREE_VM error. This error code was mis-defined
as 0x8000001a instead of 0xc000001a. The former is actually a
NT_STATUS_NO_MORE_ENTRIES warning which is what we see in the status
code.
Removed the & 0xffffff from the loop in get_nt_error_msg() as all the
error constants now have the correct high bits set.
(This used to be commit 80dca2c9e46753d87e673d712c96c76ffde0b276)
|
|
(This used to be commit 6ce1eec09de64f19d969a67fc236abd4ae277926)
|
|
fixed lsa_enum_rpivs server code. This time it works as W2K.
fixed smbgroupedit to compile and work.
J.F.
(This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)
|
|
(This used to be commit d1dee2d0323fe6fc498e50201535b1718a88abaf)
|
|
(This used to be commit d2034bc5f7dc9b5b9d5e4f17ee8e468307dcb2d5)
|
|
of a privilege.
J.F.
(This used to be commit 84035ae72f422edadd9fa7e493c3d8176bb6a53d)
|
|
J.F.
(This used to be commit fa63cb78e326040f68d858d593ba98e06c26c92e)
|
|
lookupname/lookupsid.
There was a bug in cli_lsa_lookup_name/lookup_sid where NT_STATUS_NONE_MAPPED was
being mapped to NT_STATUS_OK, and also the *wrong* number of entries mapped
was being returned. The correct field is mapped_count, *NOT* num_entries.
Jeremy.
(This used to be commit 9f8c644abc455510c06dbd5dbac49c6270746560)
|
|
lookup uses password server parameter when looking for PDCs.
Jeremy.
(This used to be commit 54c968913d6553c6d834b068234ab176917075eb)
|
|
(This used to be commit 6d7c0f0bb4cbfdcd9a83416345432e07556f6cfc)
|
|
Andrew Bartlett
(This used to be commit a34c07377b1de61e145f699047474a82962ccd5b)
|
|
Apply the patches from Tom Jansen, get rid of fprintfs and change them to
DEBUGs, etc ...
(This used to be commit 7ac404c85303c9c3fbd48054fc4876bd4bc1567b)
|
|
(This used to be commit 74303b75e43856bfb127c143d27e5c5fdcf32c91)
|
|
open to w2k
- fix the string handling in the device name to match NT and smbd
- don't pull the domain from negprot if CAP_EXTENDED_SECURITY is set
(This used to be commit 618989b386b5564ba140afdc17ce7a07040c3c4e)
|
|
(This used to be commit a779710fff5fddcbf65a8ddc8e9169b586b85481)
|
|
it and fix smb://<IP-addr>.
(This used to be commit ac2562a0fb7eafd94d53a2c36d33e8f5236d60ff)
|
|
connection caching. Getting ready for back-merge to 2.2.3.
Jeremy.
(This used to be commit 5e8df83ba9924adf9df6827c06ed1a2adbe36edf)
|
|
(This used to be commit 5c892badbcad43b8a2e002d1a42483c402f2d3e9)
|
|
error in cli_receive_smb() and cli_send_smb().
(This used to be commit bedd9c821521dad46df50e8b31e4a58bb0a9a604)
|
|
Jeremy.
(This used to be commit e6afe40f85d7dbe79322c82dac735d901e7e71df)
|
