Age | Commit message (Collapse) | Author | Files | Lines |
|
Jeremy.
(This used to be commit 81c5380f91839b6416c8a42739dadf00e7388528)
|
|
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.
All Samba should use these rather than trying to call winbindd code
directly.
Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.
se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.
More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.
More thoughts needed - but we're almost there...
Jeremy.
(This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
|
|
NT_STATUS_XXX).
Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more
obscure way.
Jeremy.
(This used to be commit c55bcec817f47d6162466b193d533c877194124a)
|
|
(This used to be commit 898a483cdab1ed7d8ff902c0dc0e0620440ae4cd)
|
|
place to do this, not in smbd/passwd.c
Please don't change this without asking first, I have run this past
Andrew so talk to him (I'm on vacation next week).
I also removed the g_newXXX macros. There are essentially a private C extension,
not used anywhere else in the code, and add no functionality over malloc(XX)
and make the code harder to understand (everyone knows what malloc does).
Jeremy.
(This used to be commit e1b1b6fb6794ba02e1fea510a981fa0ce0d12b58)
|
|
not just undercut work in progress, thank you.
(This used to be commit 86d440a88c948727bfcfedc694c52c58f9687d8b)
|
|
there (yet)
as there is no infrastructure for it. Replaced it with a dynamic array
of group SIDs plus a user.
passdb/passdb.c: Added setup_user_sids() function. This is where the lookup should be done,
eventually calling winbind.
smbd/password.c: Changed to call setup_user_sids(). Removed spurious DEBUG(0) statements.
smbd/reply.c: Removed extra parameter to register_vuid().
Jeremy.
(This used to be commit 425f4ad9a5e0e7d49620276100ade7a0cae47011)
|
|
(This used to be commit e49550b975dd407a1a8538c9885e036e400b7714)
|
|
passdb/smbpass.c: Insure uninitialized memory reference fix.
printing/nt_printing.c:
rpc_server/srv_spoolss_nt.c: Insure memory leak fixes.
smbd/unix_acls.c: Shadow ref fix.
Jeremy.
(This used to be commit d175d3ebefc053e9badd91ca5f2d8bd03eb6705d)
|
|
Added patches for random -> sys_random.
Added set_effective_xxx patches for AFS code.
Memory allocation changes in spoolss code.
Jeremy.
(This used to be commit c2099cfb033c2cdb6035f4f7f50ce21b98e1584d)
|
|
Domain SID is saved in secrets.tdb upon joining domain.
Added "Authenticated Users" and "SYSTEM" well-known SIDs (under
NT Authority).
(This used to be commit 7710b4f48d3e8532df5e37f99a779758f750efdb)
|
|
rpc_server/srv_pipe.c: Use accessor functions rather than diddling with structure
internals directly.
smbd/process.c:
smbd/reply.c: Remove READ_PREDICTION #ifdefs.
Jeremy.
(This used to be commit eba825ff030a175bd271caa6f543379dfdbbd646)
|
|
file into the secrets tdb. Also restored check for password timeout
(this seemed to have gotten lost).
Jeremy.
(This used to be commit 9493e10de3d1c73b246a9841d4b5bb01838c265f)
|
|
(This used to be commit eefb36f130f79f2f2c6cfb58c1646aa6ce4303be)
|
|
Jeremy.
(This used to be commit ac40971f30e00a93fc5e138bfd1afa05cd8dea4b)
|
|
it
(This used to be commit 88ad00b82acc4636ab57dfe710af08ea85b82ff1)
|
|
of doing a system call every time we want to just get our pid.
Jeremy.
(This used to be commit 148628b616b5c29ba6340d65fc3ddbcabba6e67a)
|
|
(This used to be commit d7cd7c88fdabb01d9e40ae8a657737907a21ac37)
|
|
code will be removed soon and a SID auto-generated from (probably) primary
hostname and never stored in a file will replace it.
Jeremy.
(This used to be commit fbfe94a799cda7f728bc920d4f0655d4f537e3b6)
|
|
We need to talk about the MACHINE.SID/<WORKGROUP_NAME>.SID mess.....
Jeremy.
(This used to be commit 5bdaa043f015771cccdc9413c37232ab4a3e2e8e)
|
|
code from these modules i had to leave out (nothing to do withj setuid)
(This used to be commit 96717211edcc389daa4494907251ffb79ffa56d9)
|
|
Jeremy.
(This used to be commit 8e3239440dee6c6f50d26b70f7db46bef2a87a2d)
|
|
Jeremy.
(This used to be commit 7b222ed713d47241822323970214326b6a8e67ac)
|
|
Jeremy.
(This used to be commit a8ccf1d9532cdf623342c968f51f1d89f89d728a)
|
|
<btenison@dibbs.net>.
Jeremy.
(This used to be commit c7695c66774225248978ac9ca2615762a0d449aa)
|
|
libsmb/clientgen.c: Fixes for Win2k smbclient browsing.
Other fixes implement smbpasswd -x user to delete users. Also allows swat
to do the same.
Jeremy.
(This used to be commit 9f6ad046761adecafba59040baa3abc9f0959e65)
|
|
to using internal msrpc code in smbd.
(This used to be commit 8976e26d46cb991710bc77463f7f928ac00dd4d8)
|
|
that were in the head branch but weren't in SAMBA_2_0
(This used to be commit d7b208786590b5a28618590172b8d523627dda09)
|
|
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
|
|
done a minimal amout of clean-up in the Makefile, removing unnecessary
modules from the link stage. this is not complete, yet, and will
involve some changes, for example to smbd, to remove dependencies on
the password database API that shouldn't be there. for example,
smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa
API.
this first implementation has minor problems with not reinstantiating
the same services as the caller. the "homes" service is a good example.
(This used to be commit caa50525220b0d0250fa139367593c2de2c12135)
|
|
(This used to be commit cef258f1c931ecb7c2dda9d5c9977153e4c1dc73)
|
|
1) had to fix samr "create user" and "set user info" (level 23).
2) had to fix netlogon enum trust domains
3) registry key needed \\ in it not \.
(This used to be commit 70b2c1ecbb4fbbb86fea676c80754485aae5ab13)
|
|
J.F.
(This used to be commit 706acb17cffd8d6a84209dadb97916f0346cd174)
|
|
don't overwrite backend values with defaults values.
J.F.
(This used to be commit a204a9adb84c41658def08cb75670995aec02baa)
|
|
LDAP database were being initialised using unix_to_nt_time on -1, rather
than -1 as an NTTIME (which is very different).
Problems solved (hopefully):
* "Access Denied" when accessing an NT share in a Samba controlled domain.
* "Your password has expired" sometimes when logging in.
(This used to be commit 740d8388cb6dfebb26681a45fd1b293383d08a6d)
|
|
- cleanup
- #defined report to sprintf as it's #defined to another function in
other uses of cmd_lsarpc.c
(This used to be commit 8fb2ff247a2fe0ec5ce0c232d8a3da9774f7e6ae)
|
|
(This used to be commit 2331aa32ab36c3ee5fd8cfbe972e57299939e33d)
|
|
parameter is "builtin rid file".
Copyright 1999 Bertl <bp@vpnet.at>
(This used to be commit 80d36778432d42eb265ed9428f27a27250ba5e08)
|
|
as they are generic "file line-by-line" reading routines. lines with
"#" at the front are ignored (as comments). this code started out as
the password file reading code.
(This used to be commit ef6df590fdf65a6d94b343998bac3a4d48ae07e0)
|
|
anyway!)
(This used to be commit 91d5bda9ad22c922a918f0942dcbff04202b9991)
|
|
found by Bertl <bs@vpnet.at>
(This used to be commit 389c17a225884b39d097dc0851a794d3669fdc31)
|
|
(This used to be commit baab30815238a803badeafa1ed8f029d7782242f)
|
|
(This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7)
|
|
weird unixware stuff) into _Get_Pwnam() to fix a memory allocation bug.
Note that the Get_Pwnam() function now returns a const struct passwd *
as a hint to other developers not to change entries in the struct
passwd.
(This used to be commit 36d7cb4ccc42268e8e6a7b783c945d1853624958)
|
|
(This used to be commit 899fc053c50448db65092d9f25fea99433cfb29f)
|
|
next problem: user group adding not supported so an "access denied"
message is reported instead of "ok" when a new user is created.
(This used to be commit f5f61bd477b4910cb90675c926381342c30a5b16)
|
|
used to add workstation to domain. unix account db not modified: only
SAM password db is used.
(This used to be commit 129a9a4d4b74897ed753a697a3aed9b194c25568)
|
|
----------------------------
- removed DOM_RID4
- removed SAMR_UNKNOWN_32
- added SAMR_SET_USERINFO (opcode 0x32)
- added level 0x1 to SAMR_QUERY_DOM_INFO (needed for create user)
- fixed pwdb_gethexpwd() it was failing on XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- added mod_sam21pwd_entry()
- preparing to call mod_sam21pwd_entry()
- added "user session key" to user_struct.dc. this is md4(nt#) and is
needed to decode user's clear-text passwords in SAMR_SET_USERINFO.
- split code out in chgpasswd.c to decode 516 byte password buffers.
(This used to be commit 2e58ed742435befe419aa366c4052019fede8c23)
|
|
should instead have &&.
(This used to be commit 1143fd4297b946d4ffd3c6ca104188cdcb48fac8)
|
|
(This used to be commit 65b0abe8b7594ff6c662da86dc2e35bd83a2d13d)
|