| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
(This used to be commit a6a39c61e8228c8b3b7552ab3c61ec3a6a639143)
|
|
strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
|
|
- The 'not implmented' checks are now done by all auth modules
- the ntdomain/trustdomain/winbind modules are more presise as to
what domain names they can and cannot handle
- The become_root() calls are now around the winbind pipe opening only,
not the entire auth call
- The unix username is kept seperate from the NT username, removing the
need for 'clean off the domain\' in parse_net.c
- All sid->uid translations are now validated with getpwuid() to put a very
basic stop to logins with 'half deleted' accounts.
Andrew Bartlett
(This used to be commit 85f88191b9927cc434645ef4c1eaf5ec0e8af2ec)
|
|
When winbindd is running on a PDC the SAM_ACCOUNT for a trusted user
has a username of DOMAIN\user. Make sure to trim the domain part
from the username when filling in the net_sam_logon reply.
This fixes the browsing issues i was seen across domain trusts.
(This used to be commit 62e36e6ede067ace23f5473d04917c7eeedf07e2)
|
|
back a different sized blob of encrypted password data then we were
expecting. There's an extra 32 bytes of unknown stuff.
(This used to be commit 285952fd626b02362fb6732f90c5a3ce0d2d5ae0)
|
|
Volker
(This used to be commit 5af417a6ba24e6bb09979488511f482efa4894b8)
|
|
signed/unsigned (mostly i counters)
a little bit of const.
Andrew Bartlett
(This used to be commit 50f0ca752e5058c4051f42a9337361373ba1f727)
|
|
(This used to be commit 5d09aea6f78aa247dbd77617c93c2a1dd2e2702f)
|
|
Needed to move to disk based i/o later.
Jeremy.
(This used to be commit a823fee5b41a5b6cd4ef05aa1f85f7725bd272a5)
|
|
signing.
Andrew Bartlett
(This used to be commit 9bcdb869e53ee8048dd69053b804bdaf55db7b91)
|
|
warnings. (Adds a lot of const).
Andrew Bartlett
(This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
|
|
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
|
|
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
|
|
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
(This used to be commit 044391b5973f6070abf6ac185c74ffd713e933c5)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
calls from rpc_parse/parse_net.c - instead these values are passed as a
paramater.
Unfortunetly some there is still some samr work to be done before this is
actually useful.
Andrew Bartlett
(This used to be commit 4fc9e16ad7a77cf2e37b27640c0dec2052e9cda0)
|
|
(This used to be commit 65e857b36e170e3ecd78bf6695ae73342e9c04cd)
|
|
J.F.
(This used to be commit 49764852c516a22fba84d6289c93bed0e5da1c7e)
|
|
Ignacio you can update your howto ;-)
samsync: a small patch to try chaning challenges.
J.F.
(This used to be commit c99bc305599698f2291efbfe20024355cb2bcde0)
|
|
One is an entry for the trusted domains
The other is an entry for the trusting domains
They are pretty basic, I'll improve them.
J.F.
(This used to be commit 8d359e62138aa327cb00875dc446234ce4be6f02)
|
|
a correct decoder for SAM_PRIVS_INFO (0x10)
this code is totally useless right now, it's just fun to decode those and
will save tpot some time.
J.F.
(This used to be commit 314b675ed9ebacba9db25938c43cfa304462ebe2)
|
|
- removed the ugly as hell sam_logon_in_ssb variable, I changed a bit the
definition of standard_sub_basic() to cope with that.
- removed the smb.conf: 'domain admin group' and 'domain guest group'
parameters ! We're not playing anymore with the user's group RIDs !
- in get_domain_user_groups(), if the user's gid is a group, put it first
in the group RID list.
I just have to write an HOWTO now ;-)
J.F.
(This used to be commit fef52c4b96c987115fb1818c00c2352c67790e50)
|
|
This moves the rest of the functionality into the 'net rpc join' code.
Futhermore, this moves that entire area over to the libsmb codebase, rather
than the crufty old rpc_client stuff.
I have also fixed up the smbpasswd -a -m bug in the process.
We also have a new 'net rpc changetrustpw' that can be called from a
cron-job to regularly change the trust account password, for sites
that run winbind but not smbd.
With a little more work, we can kill rpc_client from smbd entirly!
(It is mostly the domain auth stuff - which I can rework - and the
spoolss stuff that sombody else will need to look over).
Andrew Bartlett
(This used to be commit 575897e879fc175ba702adf245384033342c903d)
|
|
discovered that our reply is short by 4 bytes since day 1 of this code.
Added a decode function to rpcclient too.
splitted the STRING2 fields filling while trying to understand the win9x
userlist bug. (didn't fix the bug, but the reply looks closer to NT).
J.F.
(This used to be commit bfbe7f377e5fcb09e87bfc866196dfc51a8fe64d)
|
|
Andrew, this fixes domain logons in head. Please look at the change,
as I think you may have misunderstood the max_str_len field (which is
badly named)
(This used to be commit fd3a657b440a61c0c146947bb62d2b83c1689b87)
|
|
Zero out some of the plaintext passwords for paranoia
Fix up some of the other passdb backends with the change to *uid_t rather than
uid_t.
Make some of the code in srv_netlog_nt.c clearer, is passing an array around,
so pass its lenght in is definition, not as a seperate paramater.
Use sizeof() rather than magic numbers, it makes things easier to read.
Cope with a PAM authenticated user who is not in /etc/passwd - currently by
saying NO_SUCH_USER, but this can change in future.
Andrew Bartlett
(This used to be commit 514c91b16baca639bb04638042bf9894d881172a)
|
|
code.
In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.
Major Changes:
- Fully malloc'ed structures.
- Massive rework of the code so that all structures are made and destroyed
using malloc and free, rather than hanging around on the stack.
- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
to be declared 'invalid' without the chance that people might get ROOT by
default.
- kill off some of the "DOMAIN\user" lookups. These can be readded at a more
appropriate place (probably domain_client_validate.c) in the future. They
don't belong in session setups.
- Massive introduction of DATA_BLOB structures, particularly for passwords.
- Use NTLMSSP flags to tell the backend what its getting, rather than magic
lenghths.
- Fix winbind back up again, but tpot is redoing this soon anyway.
- Abstract much of the work in srv_netlog_nt back into auth helper functions.
This is a LARGE change, and any assistance is testing it is appriciated.
Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.
Needs testing with a wide variety of MS clients.
Andrew Bartlett
(This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
|
|
of the lm challenge/response header in the NET_ID_INFO_2 structure included
in a network logon request. It seems Windows 2000 is the only OS that
cares about this.
(This used to be commit 0f6207f45567a8af0a125a838a5ed68ea6c22283)
|
|
(This used to be commit b496936634a4b676aa2df973e64c91aa0da5d7d5)
|
|
In particular this commit focuses on:
Actually adding the 'const' to the passdb interface, and the flow-on changes.
Also kill off the 'disp_info' stuff, as its no longer used.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes introduces a large dose of 'const' to the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
---
This finishes this line of commits off, your tree should now compile again :-)
Andrew Bartlett
(This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
|
|
other access. Problem was max time was being set to 0xffffffff, instead of
0x7fffffff.
Jeremy.
(This used to be commit 94403d841710391ec26539e4b4157439d5778ff7)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
Andrew Bartlett
(This used to be commit d1bc778301b31d77fdc3837ec3cff24ce37adcd7)
|
|
is actually the user session key).
(This used to be commit 0f041597f8afa378fc3177264f1e52e014e6cf00)
|
|
the build farm
(This used to be commit 5bb7e4f0f65edf1db20245f403cbe81833134240)
|
|
- put in checks for return values in rpc parsing routines
- replace a bunch of stupid &(foo->bar) with &foo->bar
- fixed bug in net_io_sam_alias_mem_info where there are zero members in
the alias
(This used to be commit eecdba2b015ed48d7dd88daea2af466f28cd2ff7)
|
|
the client code still needs some work
(This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
|
|
of const.
(This used to be commit af53e774d754d72b01d9840e8b45d27bc394e33d)
|
|
Reverse-engineered the sam replication protocol from staring at hex dumps
for a while. It's pretty similar to the sam sync protocol with a couple of
different delta header types.
I wasn't able to figure out the format of the privilege stuff - needs more
time and a whiteboard. (-:
The impressive bit is that the sam sync stuff from tng basically just
worked thanks mainly to Luke Leighton's efforts in this area.
(This used to be commit 3a60cb44f22d5f3f8c78a56ed8f5ea4794cd7ab3)
|
|
(This used to be commit fe4ffa8dda165b0d1197f022f59db0a284cbef79)
|
|
samba-technical a few weeks ago.
The idea here is to standardize the checking of user names and passwords,
thereby ensuring that all authtentications pass the same standards. The
interface currently implemented in as
nt_status = check_password(user_info, server_info)
where user_info contains (mostly) the authentication data, and server_info
contains things like the user-id they got, and their resolved user name.
The current ugliness with the way the structures are created will be killed
the next revision, when they will be created and malloced by creator functions.
This patch also includes the first implementation of NTLMv2 in HEAD, but which
needs some more testing. We also add a hack to allow plaintext passwords to be
compared with smbpasswd, not the system password database.
Finally, this patch probably reintroduces the PAM accounts bug we had in
2.2.0, I'll fix that once this hits the tree. (I've just finished testing
it on a wide variety of platforms, so I want to get this patch in).
(This used to be commit b30b6202f31d339b48d51c0d38174cafd1cfcd42)
|
|
coding :-). I'll be more carfull in this area in future.
This does not back out the cli_login change, so domain logons still work, but
only for english.
Andrew Bartlett
(This used to be commit bd3c2a0cddc71daa4165e1a0916208d0c650d55a)
|
|
changeover. For my own sainity I have created a new function to fill out both
the header and buffer for a string in an RPC struct. This DOES NOT take a
length argument, only the actual string to be placed.
The RPC code is currently littered with code that does init_uni_hdr() followed
immidiatly by init_unistr2(), and often the length argument is wrong. (It was
for the code I changed, even before the charset stuff). Another bug where we
made strings AT LEAST MAX_UNICODE_LEN long hid this bug.
This works for loopback connections to Samba, and can't be any more broke than
it was before :-). (We had double and revese conversions, fun...).
In particular this makes us multibyte complient.
In any case, if there are no objections I will slowly convert other bits of
code to the same system.
(This used to be commit cf1d1cd9d6362f6e32ed9c2f6d2f6f25c47705ad)
|
|
(This used to be commit 3ab50e648d682080308d2db6bdb71eef0e303988)
|
|
Jermey.
(This used to be commit 05a2911403a0710d994a618e72743205a3b0b87a)
|
|
from rpcclient.
Added init and i/o functions for net_{q,r}_logon_ctrl functions so we
can call from rpcclient and respond to this call from smbd.
(This used to be commit 8ba30031a4fd900b9b87cf5d04c2f2bf6c436718)
|
|
Jeremy.
(This used to be commit f4f4aae675f55d3319aca8489621afc92aaf8de1)
|
|
Jeremy.
(This used to be commit 6248fb22926d72fddaecad5af117af1bdd08fda3)
|
