summaryrefslogtreecommitdiff
path: root/source3/param
AgeCommit message (Collapse)AuthorFilesLines
2001-11-26A number of things to clean up the auth subsytem a bit...Andrew Bartlett1-1/+27
We now default encrypt passwords = yes We now check plaintext passwords (however aquired) with the 'sam' backend rather than unix, if encrypt passwords = yes. (this kills off the 'local' backed. The sam backend may be renamed in its place) The new 'samstrict' wrapper backend checks that the user's domain is one of our netbios aliases - this ensures that we don't get fallback crazies with security = domain. Similarly, the code in the 'ntdomain' and 'smbserver' backends now checks that the user was not local before contacting the DC. The default ordering has changed, we now check the local stuff first - but becouse of the changes above, we will really only ever contact one auth source. Andrew Bartlett (This used to be commit e89b47f65e7eaf5eb288a3d6ba2d3d115c628e7e)
2001-11-26updated server_role for ADSAndrew Tridgell1-0/+1
(This used to be commit 48df0d2b5dee3c010c88587352554220f8b92b0f)
2001-11-26Another merge from appliance-head: in [ug]id_to_sid don't call theTim Potter1-10/+60
winbind function if the id is obviously going to be local. Cleanup of winbind [ug]id parameter handling. (This used to be commit 4ab9ca31a02b3388aa89a00e0390ea9e4c76283a)
2001-11-25added 'security=ADS'Andrew Tridgell1-0/+1
(This used to be commit 5a735a88e472a48cd4329832998dc31c1e230ecb)
2001-11-24added "net join" commandAndrew Tridgell1-0/+3
this completes the first stage of the smbd ADS support (This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett1-9/+4
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-19Move all other paths into dynconfigMartin Pool1-3/+3
(This used to be commit d51ef6bfa3d194b58c3ee7706a7d475ef042676d)
2001-11-19LIBDIR and LOCKDIR are dynamically configured too.Martin Pool1-1/+1
(This used to be commit 868999ad3c82ad72f11d5b3208b0e42b1ed95096)
2001-11-09This change updates lp_guestaccount() to be a *global* paramater, rather thanAndrew Bartlett1-5/+5
per-share. I beleive that almost all the things that this could have done on a per-share basis can be done with other tools, like 'force user'. Almost all the user's of this paramater used it as a global anyway... While this is one step at a time, I hope it will allow me to considerably simplfy the make_connection() code, particularly for the user-level security case. This already removes an absolute truckload of extra attempted password lookups on the guest account. Andrew Bartlett (This used to be commit 8e708332eded210c1d1fe0cebca3c9c19f054b71)
2001-11-05old merge from 2.2Gerald Carter1-8/+27
(This used to be commit 292a0265a9de7f5fa06140768ecf27056d59f6c1)
2001-10-31Small 'const' updates ahead of some AuthRewrite merging.Andrew Bartlett1-7/+7
(This used to be commit 3b5e72bda3263c6bdf81dfface4fae4f06b71032)
2001-10-17added basic NTLMSSP support in smbd. This is still quite rough, andAndrew Tridgell1-5/+3
loses things like username mapping. I wanted to get this in then discuss it a bit to see how we want to split up the existing session setup code (This used to be commit b74fda69bf23207c26d8b2af23910d8f2eb89875)
2001-10-14fixed typoAndrew Tridgell1-1/+1
(This used to be commit bef729741e5151574710286f7406852981580945)
2001-10-14the next step in the intl changeover. This should get us compiling agian,Andrew Tridgell1-342/+341
and also completes the switch to lang_tdb.c. SWAT should now work with a po file in the lib/ directory also removed useless SYSLOG defines in many files (This used to be commit 5296b20ad85d7519c870768455cb4d8df048c55a)
2001-10-12Made nt acl support a local parameter for w2ksp2 profile fix.Jeremy Allison1-4/+4
Jeremy. (This used to be commit ebba334c15619610475a5c8242a55ed4fcdedf7c)
2001-10-11merge from 2.2Gerald Carter1-8/+8
(This used to be commit 062bba07f2faedfce7612c8b4a16072fa200349e)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-2/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-26OpenSSL merge from 2.2Gerald Carter1-0/+12
(This used to be commit efc6df5a3914da9e7b792ccaccd1403c72c09f78)
2001-09-25Fixup passdb stuff to add new nisplus and ldap backends.Jeremy Allison1-0/+9
Jeremy. (This used to be commit 611bf806d569b70edabbc04a2f5408142370a550)
2001-09-24Added SWAT i18n feature:Motonobu Takahashi1-338/+339
TO enable configure with --with-i18n-swat to support this gettext is integrated and a new directories name "po" and "intl" are created. now these languages are supported: en - English (default) ja - Japanese po - Polish tr - Turkish To add your language, to create ${your_language}.po by translating source/po/en.po into your language is needed. some of html and image files of various language version are not included yet, though message catalogue files are installed. you need to copy files manually under ${swatdir}/lang/$ln/{help,images,included,using_samba} And also added a option to intall manual pages: of various lang version To enable configure with --with-manlangs but manual pages themself are not included yet. (This used to be commit 486b79a6fc4ba20a751aab544bd0f7ccff2b3d19)
2001-09-23Fix up NT_STATUS return for session setups, Win2k objects to anything otherAndrew Bartlett1-3/+0
than NT_STATUS_LOGON_FAILURE. This also brings us (almost) back in line with their implementation. Kill off SMBENCRYPT() macro Kill off 'nt smb support' paramater - tridge okayed this one. Andrew Bartlett (This used to be commit 67947bf6e31ee9758f8a2186f83031ba21b716f2)
2001-09-19*llist being NULL is not an errorAndrew Tridgell1-1/+1
(This used to be commit c4d8ad2c2e48ff31dae7477ff02e5bfc013832a9)
2001-09-17move to SAFE_FREE()Simo Sorce2-26/+20
(This used to be commit fb0984e60fd69100d9866304b83b4f3c85e9aea2)
2001-09-16Kill off the dangerous passwd program default, as its both veryAndrew Bartlett1-1/+1
system-dependent and can allow (when unix password sync = yes) the 'syncronisation' of root's password by a normal user :-( Andrew Bartlett (This used to be commit eecda11eef8bff73286c6a3c9f89ed0d1dcd7f73)
2001-09-13added a new global option "hostname lookups = yes/no"Andrew Tridgell1-0/+7
This should finally kill off the remaining places where we attempt reverse lookups of the IP of the client. It may be that some pam modules called via the session code will need "hostname lookups = yes" but I've left it off by default as most sites don't need it and so many sites have broken reverse maps (This used to be commit 2b83ad03965d00bba88fe56452d2990099b75ef1)
2001-09-07added "display charset" option in smb.conf, along with d_printf()Andrew Tridgell1-1/+6
which should now be used instead of DEBUG(0) or printf() for interactive messages I have only converted client.c to use d_printf(), and the code hasn't had much testing yet. Eventually we want all interactive code to use d_printf(), plus SWAT (This used to be commit 266d8e67669adb329f25676c4bc4d4c50f223428)
2001-09-06Fixed O(N^2) talloc loop when allocating printer name memory - fix fromJeremy Allison1-2/+2
Richard Bollinger <rabollinger@home.com>. Jeremy. (This used to be commit 408c0595bbeafca87795e5278656471fbe0540e8)
2001-09-06enable strict locking by default. This will be slow, so now we justAndrew Tridgell1-1/+1
need to fiind a way to make it fast (This used to be commit 42b147d1f26093c45110077a309c5e0d3010a28d)
2001-08-29lp_wins_server() is now lp_wins_server_list().Christopher R. Hertel1-1/+1
This should make it clear that the meaning of the parameter value has changed. It no longer represents *the* WINS server, but a list of WINS servers. I have made other changes in the code such that the lp_wins_server() function is no longer necessary. Whenever smb.conf is reloaded the list managed by lib/wins_srv.c is refreshed. The wins_srv_count() function returns the number of entries in the list so, if the list is empty, it will return 0 (which can be interpreted as "false" in an if() statement). Chris -)----- (This used to be commit 968c947e8bb35cf2441f3ebbb234429f5c1733c6)
2001-08-26Change default 'name resolve order' to WINS before DNS.Volker Lendecke1-1/+1
Volker (This used to be commit 5fc8c51983f36b0b2bbb2704a522026dc64d0b65)
2001-08-24let admins also abort a shutdownSimo Sorce1-0/+3
(This used to be commit 3b40ec4f149a8813c1d68f184858e2ddd605d8fd)
2001-08-23so let admins shutdown their samba servers remotely if they want :-)Simo Sorce1-0/+4
(This used to be commit 6391fd7bdab07c83e9eed02e761db09918e60302)
2001-08-23Fixed detection of CUPS. We need to check for the presence of the cupsTim Potter1-2/+2
header files as well as libcups. (This used to be commit 2dbb41a7b88e7fad63579111aaab4a1cd28c54d5)
2001-08-22A few changes:Andrew Bartlett1-10/+0
drop paramaters: status utmp hostname change session code to always record each vuid current on the server. The sessionid struct is no longer packed, as I couldn't get that to work ;-) change smbstatus to show this info and less of the connections.tdb info (its not actualy that accurate). I'll get swat doing some of this shortly. (This used to be commit b068ad300527c44673bbee0aede7849199c89de7)
2001-08-22Remove unneeded lp_talloc_free().Jeremy Allison1-3/+0
Jeremy. (This used to be commit 072a5bca2b8fbd6e0ac3f1259c426ebd1f3fb551)
2001-08-22merge from 2.2Gerald Carter1-0/+3
(This used to be commit a50c3df15b3a82b4363fde0442c98edea067b4ae)
2001-08-21Add a new option to disable our paranoid server check.Andrew Bartlett1-0/+4
Defaults to ON, ie checking (This used to be commit bd3010263be24425206587abfdb41164089e2157)
2001-08-13merge from 2.2Gerald Carter1-0/+4
(This used to be commit 7049217eb40dbe3de6c05fe43742d2f684501723)
2001-08-12this is a big global fix for the ptr = Realloc(ptr, size) bug.Simo Sorce2-16/+34
many possible mem leaks, and segfaults fixed. someone should port this fix to 2.2 also. (This used to be commit fa8e55b8b465114ce209344965c1ca0333b84db9)
2001-08-10- avoid possible mem leaks in rpcclient/cmd_*.c (talloc_destroy not performed)Simo Sorce1-11/+9
- ported two rpc back from TNG (WINREG: shutdown and abort shutdown) - some optimizations and changed some DEBUG statement in loadparm.c - changed rpcclient a bit moved from non reentrant next_token_nr to next_token - in cmd_reg.c not sure if getopt will work ok on all platforms only setting optind=0 (This used to be commit fd54412ce9c3504a547e232602d6129e08dd9d4d)
2001-08-10merge from 2.2Gerald Carter1-4/+4
(This used to be commit 6ab0e949d18b97ea7177175a4e6abb5ba076db98)
2001-08-08Change all realloc() statements to Realloc() (ecxept for tdb.c)Simo Sorce1-25/+13
changed some code to exploit the fact that Realloc(NULL, size) == malloc(size) fixed some possible mem leaks, or seg faults. thanks to andreas moroder (mallocs not checked in client/client.c, client/smbumount.c) (This used to be commit 7f33c01688b825ab2fa9bbb2730bff4f2fa352be)
2001-08-06Added Gerald's lanman printing only change to HEAD.Jeremy Allison1-0/+4
Jeremy. (This used to be commit b7bd512d9a9b543b9caf93c264776db6852c03ea)
2001-08-03This is my 'Authentication Rewrite' version 1.01, mostly as submitted toAndrew Bartlett1-0/+8
samba-technical a few weeks ago. The idea here is to standardize the checking of user names and passwords, thereby ensuring that all authtentications pass the same standards. The interface currently implemented in as nt_status = check_password(user_info, server_info) where user_info contains (mostly) the authentication data, and server_info contains things like the user-id they got, and their resolved user name. The current ugliness with the way the structures are created will be killed the next revision, when they will be created and malloced by creator functions. This patch also includes the first implementation of NTLMv2 in HEAD, but which needs some more testing. We also add a hack to allow plaintext passwords to be compared with smbpasswd, not the system password database. Finally, this patch probably reintroduces the PAM accounts bug we had in 2.2.0, I'll fix that once this hits the tree. (I've just finished testing it on a wide variety of platforms, so I want to get this patch in). (This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)
2001-08-02Put HPUX on mmap blacklist.Jeremy Allison1-0/+4
Jeremy. (This used to be commit 4d5fe9ed4fc2c3bb7830ab14eead8d12eed37de9)
2001-08-01Added "strict allocate" per share parameter. This causes actual on-disk ↵Jeremy Allison1-0/+4
allocation to be done. Without it just does the ftruncate. Jeremy. (This used to be commit 0b052f103e82369088bc30724b86d8892c395cdb)
2001-07-30Added "use mmap" for HPUX.Jeremy Allison1-0/+4
Jeremy. (This used to be commit 840802f10677cb0009cb4df4c37c7d01aa5edacd)
2001-07-24Convert other parameters (read list, write list, valid users...) to the ↵Simo Sorce1-39/+112
P_LIST format. changed functions to use list instead of strings addedd lp_list_substitute function (This used to be commit 7257d07563ba21bd88733d5d2b4ec4829fab2507)
2001-07-08Fix the loading of configuration files using the include syntax.Andrew Bartlett1-15/+19
We had a problem where if a % macro in the smb.conf could be ignored if the various files it pointed to had the same time-stamp. This changes the code to insted check that the both the time-stamp and the substituted filename are the same over each change. This was picked up only becouse the build-farm automaticly generates its config files, and hence gets identical timestamps. (Why this doesn't happen all the time I'm not entirly sure, somthing to do with the 'test' paramater to reload_services(), but this fixes this problem). Andrew Bartlett (This used to be commit ebd2f9b07c89cce505e821f1caaa6817bbb26db9)
2001-07-07Add a new paramater: add machine scriptAndrew Bartlett1-0/+4
This allows the administrator to define different scripts for adding unix users and automaticly adding machines. If it is not defined, it falls back to the value of 'add user script'. Andrew Bartlett (This used to be commit 7a478e050f3ab33bd0141a58c698d748f0d2b204)