Age | Commit message (Collapse) | Author | Files | Lines |
|
PAM_AUTHTOK_RECOVER_ERR).
Jeremy.
(This used to be commit 6b2dd14205a4170c11067c4f851db11ab9154fce)
|
|
Jeremy.
(This used to be commit c4d3df4f145dc28d1b285fad64c787cebb613e70)
|
|
remove global static PAM variables, and to tidy up the PAM internals code.
Now looks like the rest of Samba.
Still needs testing.
Jeremy.
(This used to be commit 1648ac64a75de74d1a1575eb49cccc4f75488bfa)
|
|
- fixed slprintf and vsprintf macros
(This used to be commit c986a3c51e8cdbc1230edbe0f4a91138c4ada29d)
|
|
(This used to be commit 0feaac00a1847af41464d4ce35821ff851cded9c)
|
|
for memory allocation. This fixes a long standing seg fault
(i knew i would get around to it one day :) )
Tested with NT4 and Win2k. Needs a little more testing with the
"create the machine account on the fly" code for NT4.
Simo, this is probably going to break the tdb passdb code.
Can you look at that when you get a chance and see what you think?
(This used to be commit 1c13110873e456748dc09fd51749f664643fe888)
|
|
Only set this to "on" if you know you have your PAM set up correctly.....
NB. Doesn't apply to plaintext password authentication, which must use
pam when compiled in.
Jeremy.
(This used to be commit 59aa99f3901d098b7afbe675021bda53b62ee496)
|
|
Jeremy.
(This used to be commit 4db22afeed659a871a4a1f719d5fa1f2df07e24d)
|
|
Jeremy.
(This used to be commit c4048fcdb6ff3a890b69be8ef4832e9bd958cfec)
|
|
Fixed off by one bug using StrnCpy instead of strdup().
Jeremy.
(This used to be commit d4b1c0be2e700c86a4338bb497777f97e3c960a7)
|
|
horrid utmp hostname parameter - now uses the client name instead.
Also tidies up some of the unencrypted password checking when PAM
is compiled in.
FIXME ! An pam_accountcheck() is being called even when smb encrypted
passwords are negotiated. Is this the correct thing to do when winbindd
is running ! This needs *SEVERE* testing....
Jeremy.
(This used to be commit 071c799f479dd25efdb9c41745fc8f2beea7b568)
|
|
(This used to be commit 44f96771c384b319290ab5e14cad6ba8f3fb5383)
|
|
(This used to be commit 72812e4cf199d804418dc52cc0b0ba683b8a2e5c)
|
|
(This used to be commit f52a5014ee325f9d91f266f88eac51b6136a75b9)
|
|
don't use pam_setcred() if we haven't called pam_authenticate()
Merge from 2.2
Jeremy.
(This used to be commit 89589895e3adce75ecd6205547392326cf291543)
|
|
(This used to be commit 02e84267f74b26bdf7f76c0fc9dbaecbc8574d58)
|
|
Jeremy.
(This used to be commit add847778bf458238bf2a1b14ab71b8cdfd7aec0)
|
|
(This used to be commit 88b6043b4e26c2771e0c444376b7017f5048baf8)
|
|
all in caps.
rpc_server/srv_srvsvc_nt.c: Added "CONFIGFILE" arg to scripts so path to smb.conf is given.
Jeremy.
(This used to be commit 3c4c649951464be51541d5890afb997e3ecfcd23)
|
|
Jeremy.
(This used to be commit ecd00e258c6fe4e8d90f48da74874e090dce4a40)
|
|
Jeremy.
(This used to be commit 61723c18f96a7b38cab0fcf545da7fb3640c5f7b)
|
|
Jeremy.
(This used to be commit 94747b4639ed9b19f7d0fb896e43aa392a84989a)
|
|
with real ACLs...
Jeremy.
(This used to be commit 852b9e15ac245a593460cfff3f629d0333372e41)
|
|
lookup_name was expecting to be able to write to the string. Changed
lookup_name to use const.
Jeremy.
(This used to be commit 80c18d88491f1148ade623e81c33f84ba4f952f3)
|
|
Jeremy.
(This used to be commit 49f0e7e7143f82bce9dfd8b06e9e515bc0869ab7)
|
|
(This used to be commit af62692e623429ca861905a0ac050b00a3bffdb0)
|
|
(This used to be commit af3f2a30c657fc42171bbf7da2354bc4cc7b088d)
|
|
system header files...
Jeremy.
(This used to be commit 31e0ce310ec38b3a3a05b344d6450d442c6be471)
|
|
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
(This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
|
|
Jeremy.
(This used to be commit c3a1904564175a7a5cf71e88540b96f7daa59730)
|
|
with a PDC that has international netbios name and domain name. There's
still quite a bit of i18n stuff to fix though...
(This used to be commit 79045bd72ace9144e7dd73785b1d10a71b0d15aa)
|
|
jerry
(This used to be commit 57165d1578eefa270d5c0bd8697a774eb8cb06cf)
|
|
Jeremy.
(This used to be commit 180e4a9cd05bcadb2f7c4c23d653724e867196f0)
|
|
testsuite/printing/psec.c
- Use lock directory from smb.conf parameter when peeking at the
ntdrivers.tdb file.
source/rpc_parse/parse_sec.c
- fix typo in debug message
source/script/installbin.sh
- create private directory as part of 'make install'.
source/nsswitch/winbindd_cache.c
source/nsswitch/winbindd_idmap.c
source/passdb/secrets.c
source/smbd/connection.c
- always convert tdb key to unix code-page when generating.
source/printing/nt_printing.c
- always convert tdb key to unix code-page when generating.
- don't prepend path to a filename that is NULL in
add_a_printer_driver_3().
source/rpc_server/srv_spoolss_nt.c
- always convert tdb key to unix code-page when generating.
- don't prepend server name to a path/filename that is NULL in the
fill_printer_driver_info functions.
source/printing/printing.c
- always convert tdb key to unix code-page when generating.
- move access check for print_queue_purge() outside of job delete
loop.
source/smbd/unix_acls.c
- fix for setting ACLs (this got missed earlier)
source/lib/messages.c
- trivial sync with appliance_head
(This used to be commit 376601d17d53ef7bfaafa576bd770e554516e808)
|
|
source/include/proto.h
source/param/loadparm.c
source/passdb/passdb.c
source/rpc_server/srv_samr.c
- add support for "hide local users" option to HEAD.
(This used to be commit 44dc339fe757b2b5578b30e74aad8c1b12c23f5f)
|
|
in the tdbsam to never expire (we don't support this yet).
jerry
(This used to be commit 3b7d0fe7eb3a9275d2713d7b3325de0ab510ea62)
|
|
--jerry
(This used to be commit bb48b02d5f2118470a415d5f1f92305688e6b432)
|
|
Currently does exactly the same thing (returns ACLs the same way). This
code is written to try and get a POSIX ACL via the abstract sys_XX interface,
then fall back to providing a UNIX based ACL if the calls fail. Seems to
work. Next step is to add a --with-posix-acls to configure.in and then
check on a POSIX ACL system that a complex ACL is returned correctly
as an NT ACL. Note that the ACL set (a more complex problem) is not
addressed yet.
Jeremy.
(This used to be commit 4339e20202a876dbadc07980b731f711463b7299)
|
|
--jerry
(This used to be commit 29b3ac8634769d01c20bf394eecc536a02e0f36c)
|
|
written to transition from an old DOMAIN.MACHINE.MAC file to secrets.tdb.
printing/nt_printing.c: Fix case insensitive name lookups for driver files.
John - this should fix the Win9x/WinME problem correctly.
Jeremy.
(This used to be commit 8f3332a9acf413ac5d12053ca5c52733a4e946cc)
|
|
a few strings). I was the one who broke it obviously.
o changed a few more defaults in the smbpasswd backend with
respect to times. Now the logon time becomes '0' and the
pass_can_change_time is set ot the same as pass_last_set_time
o change Get_Pwnam() call in local_lookup_name to sys_getpwnam()
as it did not seem necessary to try case permutations in the
username.
Tim, I think this was your code, so you might want to double
check me.
-- jerry
(This used to be commit 37a665002c5cd7908c13d306f61af272a899dbc8)
|
|
o added BOOL own_memory flag in SAM_ACCOUNT so we could
use static memory for string pointer assignment or
allocate a new string
o added a reference TDB passdb backend. This is only a reference
and should not be used in production because
- RID's are generated using the same algorithm as with smbpasswd
- a TDB can only have one key (w/o getting into problems) and we
need three. Therefore the pdb_sam-getpwuid() and
pdb_getsampwrid() functions are interative searches :-(
we need transaction support, multiple indexes, and a nice open
source DBM. The Berkeley DB (from sleepycat.com seems to fit
this criteria now)
o added a new parameter "private dir" as many places in the code were
using lp_smb_passwd_file() and chopping off the filename part.
This makes more sense to me and I will docuement it in the man pages
o Ran through Insure-lite and corrected memory leaks. Need for
a public flogging this time Jeremy (-:
-- jerry
(This used to be commit 4792029a2991bd84251d152a62b1033dec62cee2)
|
|
(This used to be commit 92ff07132b3834b469ad7bb73d6e714b175a12af)
|
|
Jeremy.
(This used to be commit 55c6acce26a26af68149865dafb42e5a03b497e0)
|
|
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)
The following functions implement the storage manipulation interface
/*The following definitions come from passdb/pdb_smbpasswd.c */
BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);
There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members. Note that the struct
passdb_ops {} has gone away. Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file. All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.
I'll write some documentation for this later. The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.
What works and may not:
o domain logons from Win9x works
o domain logons from WinNT 4 works
o user and group enumeration
as implemented by Tim works
o file and print access works
o changing password from
Win9x & NT ummm...i'll fix this tonight :)
If I broke anything else, just yell and I'll fix it. I think it
should be fairly quite.
-- jerry
(This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
|
|
Marked as an experimental compile time option (defaults to off) for now.
jerry
(This used to be commit 0435af4417b876c2ea1dd4591ae7647784c28e30)
|
|
the trust domain list reply on netlogon pipe was wrong, interim hack until
we have full trust relationships.
changed some unistr2 to parse the ending NULL char.
added a prs_align_needed() function. much like a prs_align but with a
condition. needed for the unistr2 parsing.
J.F.
(This used to be commit d8bf81553c17d9ee3419d8150b96119ebb0b8fa9)
|
|
cleanup of create_user
cleanup of rid/sid mix in samr. now we only have sid.
some prs_align() missing in parse_samr.c
a small debug change in srv_pipe.c
You still can't change a user's password in this commit.
Will be availble in the next one.
J.F.
(This used to be commit b655bc281fa183b1827a946ada1fcf500fb93aea)
|
|
Jeremy.
(This used to be commit dcbdff7a4d6442ca8f9e1aa6fcf65c196c2f22bf)
|
|
was not correct.
Jeremy.
(This used to be commit 1a3f7ecde2ca031b2f93a079f75822354fe241a0)
|