Age | Commit message (Collapse) | Author | Files | Lines |
|
We now default encrypt passwords = yes
We now check plaintext passwords (however aquired) with the 'sam' backend
rather than unix, if encrypt passwords = yes.
(this kills off the 'local' backed. The sam backend may be renamed in its
place)
The new 'samstrict' wrapper backend checks that the user's domain is one of
our netbios aliases - this ensures that we don't get fallback crazies with
security = domain.
Similarly, the code in the 'ntdomain' and 'smbserver' backends now checks
that the user was not local before contacting the DC.
The default ordering has changed, we now check the local stuff first - but
becouse of the changes above, we will really only ever contact one
auth source.
Andrew Bartlett
(This used to be commit e89b47f65e7eaf5eb288a3d6ba2d3d115c628e7e)
|
|
(This used to be commit 48df0d2b5dee3c010c88587352554220f8b92b0f)
|
|
winbind function if the id is obviously going to be local. Cleanup
of winbind [ug]id parameter handling.
(This used to be commit 4ab9ca31a02b3388aa89a00e0390ea9e4c76283a)
|
|
(This used to be commit 5a735a88e472a48cd4329832998dc31c1e230ecb)
|
|
this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
|
|
subystem.
The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.
This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality. While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.
This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists. It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.
Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.
While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.
The following parameters have changed:
- use rhosts =
This has been replaced by the 'rhosts' authentication method,
and can be specified like 'auth methods = guest rhosts'
- hosts equiv =
This needs both this parameter and an 'auth methods' entry
to be effective. (auth methods = guest hostsequiv ....)
- plaintext to smbpasswd =
This is replaced by specifying 'sam' rather than 'local'
in the auth methods.
The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.
The available auth methods are:
guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)
Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.
Andrew Bartlett
(This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
|
|
(This used to be commit d51ef6bfa3d194b58c3ee7706a7d475ef042676d)
|
|
(This used to be commit 868999ad3c82ad72f11d5b3208b0e42b1ed95096)
|
|
per-share. I beleive that almost all the things that this could have done on
a per-share basis can be done with other tools, like 'force user'.
Almost all the user's of this paramater used it as a global anyway...
While this is one step at a time, I hope it will allow me to considerably
simplfy the make_connection() code, particularly for the user-level security
case.
This already removes an absolute truckload of extra attempted password lookups
on the guest account.
Andrew Bartlett
(This used to be commit 8e708332eded210c1d1fe0cebca3c9c19f054b71)
|
|
(This used to be commit 292a0265a9de7f5fa06140768ecf27056d59f6c1)
|
|
(This used to be commit 3b5e72bda3263c6bdf81dfface4fae4f06b71032)
|
|
loses things like username mapping. I wanted to get this in then
discuss it a bit to see how we want to split up the existing
session setup code
(This used to be commit b74fda69bf23207c26d8b2af23910d8f2eb89875)
|
|
(This used to be commit bef729741e5151574710286f7406852981580945)
|
|
and also completes the switch to lang_tdb.c. SWAT should now work
with a po file in the lib/ directory
also removed useless SYSLOG defines in many files
(This used to be commit 5296b20ad85d7519c870768455cb4d8df048c55a)
|
|
Jeremy.
(This used to be commit ebba334c15619610475a5c8242a55ed4fcdedf7c)
|
|
(This used to be commit 062bba07f2faedfce7612c8b4a16072fa200349e)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
(This used to be commit efc6df5a3914da9e7b792ccaccd1403c72c09f78)
|
|
Jeremy.
(This used to be commit 611bf806d569b70edabbc04a2f5408142370a550)
|
|
TO enable configure with --with-i18n-swat
to support this gettext is integrated
and a new directories name "po" and "intl" are created.
now these languages are supported:
en - English (default)
ja - Japanese
po - Polish
tr - Turkish
To add your language,
to create ${your_language}.po by translating source/po/en.po
into your language is needed.
some of html and image files of various language version are not
included yet, though message catalogue files are installed.
you need to copy files manually under
${swatdir}/lang/$ln/{help,images,included,using_samba}
And also added a option to intall manual pages:
of various lang version
To enable configure with --with-manlangs
but manual pages themself are not included yet.
(This used to be commit 486b79a6fc4ba20a751aab544bd0f7ccff2b3d19)
|
|
than NT_STATUS_LOGON_FAILURE. This also brings us (almost) back in line with
their implementation.
Kill off SMBENCRYPT() macro
Kill off 'nt smb support' paramater - tridge okayed this one.
Andrew Bartlett
(This used to be commit 67947bf6e31ee9758f8a2186f83031ba21b716f2)
|
|
(This used to be commit c4d8ad2c2e48ff31dae7477ff02e5bfc013832a9)
|
|
(This used to be commit fb0984e60fd69100d9866304b83b4f3c85e9aea2)
|
|
system-dependent and can allow (when unix password sync = yes) the
'syncronisation' of root's password by a normal user :-(
Andrew Bartlett
(This used to be commit eecda11eef8bff73286c6a3c9f89ed0d1dcd7f73)
|
|
This should finally kill off the remaining places where we
attempt reverse lookups of the IP of the client. It may be that some
pam modules called via the session code will need "hostname lookups = yes"
but I've left it off by default as most sites don't need it and so
many sites have broken reverse maps
(This used to be commit 2b83ad03965d00bba88fe56452d2990099b75ef1)
|
|
which should now be used instead of DEBUG(0) or printf() for
interactive messages
I have only converted client.c to use d_printf(), and the code hasn't
had much testing yet. Eventually we want all interactive code to use
d_printf(), plus SWAT
(This used to be commit 266d8e67669adb329f25676c4bc4d4c50f223428)
|
|
Richard Bollinger <rabollinger@home.com>.
Jeremy.
(This used to be commit 408c0595bbeafca87795e5278656471fbe0540e8)
|
|
need to fiind a way to make it fast
(This used to be commit 42b147d1f26093c45110077a309c5e0d3010a28d)
|
|
This should make it clear that the meaning of the parameter value has
changed. It no longer represents *the* WINS server, but a list of WINS
servers.
I have made other changes in the code such that the lp_wins_server()
function is no longer necessary. Whenever smb.conf is reloaded the list
managed by lib/wins_srv.c is refreshed. The wins_srv_count() function
returns the number of entries in the list so, if the list is empty, it
will return 0 (which can be interpreted as "false" in an if() statement).
Chris -)-----
(This used to be commit 968c947e8bb35cf2441f3ebbb234429f5c1733c6)
|
|
Volker
(This used to be commit 5fc8c51983f36b0b2bbb2704a522026dc64d0b65)
|
|
(This used to be commit 3b40ec4f149a8813c1d68f184858e2ddd605d8fd)
|
|
(This used to be commit 6391fd7bdab07c83e9eed02e761db09918e60302)
|
|
header files as well as libcups.
(This used to be commit 2dbb41a7b88e7fad63579111aaab4a1cd28c54d5)
|
|
drop paramaters:
status
utmp hostname
change session code to always record each vuid current on the server. The sessionid struct is no longer packed, as I couldn't get that to work ;-)
change smbstatus to show this info and less of the connections.tdb info (its not actualy that accurate).
I'll get swat doing some of this shortly.
(This used to be commit b068ad300527c44673bbee0aede7849199c89de7)
|
|
Jeremy.
(This used to be commit 072a5bca2b8fbd6e0ac3f1259c426ebd1f3fb551)
|
|
(This used to be commit a50c3df15b3a82b4363fde0442c98edea067b4ae)
|
|
Defaults to ON, ie checking
(This used to be commit bd3010263be24425206587abfdb41164089e2157)
|
|
(This used to be commit 7049217eb40dbe3de6c05fe43742d2f684501723)
|
|
many possible mem leaks, and segfaults fixed.
someone should port this fix to 2.2 also.
(This used to be commit fa8e55b8b465114ce209344965c1ca0333b84db9)
|
|
- ported two rpc back from TNG (WINREG: shutdown and abort shutdown)
- some optimizations and changed some DEBUG statement in loadparm.c
- changed rpcclient a bit moved from non reentrant next_token_nr to next_token
- in cmd_reg.c not sure if getopt will work ok on all platforms only setting optind=0
(This used to be commit fd54412ce9c3504a547e232602d6129e08dd9d4d)
|
|
(This used to be commit 6ab0e949d18b97ea7177175a4e6abb5ba076db98)
|
|
changed some code to exploit the fact that Realloc(NULL, size) == malloc(size)
fixed some possible mem leaks, or seg faults.
thanks to andreas moroder (mallocs not checked in client/client.c, client/smbumount.c)
(This used to be commit 7f33c01688b825ab2fa9bbb2730bff4f2fa352be)
|
|
Jeremy.
(This used to be commit b7bd512d9a9b543b9caf93c264776db6852c03ea)
|
|
samba-technical a few weeks ago.
The idea here is to standardize the checking of user names and passwords,
thereby ensuring that all authtentications pass the same standards. The
interface currently implemented in as
nt_status = check_password(user_info, server_info)
where user_info contains (mostly) the authentication data, and server_info
contains things like the user-id they got, and their resolved user name.
The current ugliness with the way the structures are created will be killed
the next revision, when they will be created and malloced by creator functions.
This patch also includes the first implementation of NTLMv2 in HEAD, but which
needs some more testing. We also add a hack to allow plaintext passwords to be
compared with smbpasswd, not the system password database.
Finally, this patch probably reintroduces the PAM accounts bug we had in
2.2.0, I'll fix that once this hits the tree. (I've just finished testing
it on a wide variety of platforms, so I want to get this patch in).
(This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)
|
|
Jeremy.
(This used to be commit 4d5fe9ed4fc2c3bb7830ab14eead8d12eed37de9)
|
|
allocation
to be done. Without it just does the ftruncate.
Jeremy.
(This used to be commit 0b052f103e82369088bc30724b86d8892c395cdb)
|
|
Jeremy.
(This used to be commit 840802f10677cb0009cb4df4c37c7d01aa5edacd)
|
|
P_LIST format.
changed functions to use list instead of strings
addedd lp_list_substitute function
(This used to be commit 7257d07563ba21bd88733d5d2b4ec4829fab2507)
|
|
We had a problem where if a % macro in the smb.conf could be ignored if the
various files it pointed to had the same time-stamp.
This changes the code to insted check that the both the time-stamp and the
substituted filename are the same over each change.
This was picked up only becouse the build-farm automaticly generates its config
files, and hence gets identical timestamps.
(Why this doesn't happen all the time I'm not entirly sure, somthing to do with
the 'test' paramater to reload_services(), but this fixes this problem).
Andrew Bartlett
(This used to be commit ebd2f9b07c89cce505e821f1caaa6817bbb26db9)
|
|
This allows the administrator to define different scripts for adding unix users
and automaticly adding machines. If it is not defined, it falls back to the
value of 'add user script'.
Andrew Bartlett
(This used to be commit 7a478e050f3ab33bd0141a58c698d748f0d2b204)
|