Age | Commit message (Collapse) | Author | Files | Lines |
|
code.
In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.
Major Changes:
- Fully malloc'ed structures.
- Massive rework of the code so that all structures are made and destroyed
using malloc and free, rather than hanging around on the stack.
- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
to be declared 'invalid' without the chance that people might get ROOT by
default.
- kill off some of the "DOMAIN\user" lookups. These can be readded at a more
appropriate place (probably domain_client_validate.c) in the future. They
don't belong in session setups.
- Massive introduction of DATA_BLOB structures, particularly for passwords.
- Use NTLMSSP flags to tell the backend what its getting, rather than magic
lenghths.
- Fix winbind back up again, but tpot is redoing this soon anyway.
- Abstract much of the work in srv_netlog_nt back into auth helper functions.
This is a LARGE change, and any assistance is testing it is appriciated.
Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.
Needs testing with a wide variety of MS clients.
Andrew Bartlett
(This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
|
|
To obtain the full group membership of a user (i.e nested groups on a
win2k native mode server) it is necessary to merge this list of groups
with the groups returned by winbindd when creating an nt access token.
This breaks winbindd linking while AB and I sync up our changes to the
authentication subsystem.
(This used to be commit 4eeb7bcd783d7cfb3ac232f1faa035773007401d)
|
|
In particular this commit focuses on:
Actually adding the 'const' to the passdb interface, and the flow-on changes.
Also kill off the 'disp_info' stuff, as its no longer used.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes introduces a large dose of 'const' to the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
---
This finishes this line of commits off, your tree should now compile again :-)
Andrew Bartlett
(This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
|
|
In particular this commit focuses on:
Changing the Get_Pwnam code so that it can work in a const-enforced
environment.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes allow for 'const' in the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
(This used to be commit e7634f81c5116ff4addfb7e495f54b6bb78e8f77)
|
|
In particular this commit focusses on:
Adding the new 'pass changed now' helper function.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
(This used to be commit a8971a5448cf6d203b379c3ed01e331d5263c9ee)
|
|
environments.
Jeremy.
(This used to be commit e5f8147d02b57198f684c6686dfa497c6732ff44)
|
|
Ensure make_conection() can only be called as root.
Jeremy.
(This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba)
|
|
I'm wondering if I have to audit *all* the rpc code for that kind of
trouble ;-) Oh well I've done it twice already, I can do it a third time
;-)
J.F.
(This used to be commit 6be8ea28f98d71e04de18b317f4d7a99b55209e8)
|
|
again :-) :-).
Jeremy.
(This used to be commit 3b56239c51da3bb24d9ac1ee1442717f597c682a)
|
|
Jeremy.
(This used to be commit 4d57c7520fa106ef6c29c0678584e1726ded961f)
|
|
functions correctly deal with the SID_NAME_TYPE. One fix for connection user
lookup in LSA.
Jeremy.
(This used to be commit 29730027d8118ec7d207c89d0fd7fb24ac173fde)
|
|
(This used to be commit d30939a091b48f4d77f7618c75668ae151a5592e)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
The big one is a global change to allow us to NULLify the free'ed pointer to a
former passdb object. This was done to allow idra's SAFE_FREE() macro to do
its magic, and to satisfy the input test in pdb_init_sam() for a NULL pointer
to start with.
This NULL pointer test was what was breaking the adding of accounts up until
now, and this code has been reworked to avoid duplicating work - I hope this
will avoid a similar mess-up in future.
Finally, I fixed a few nasty bugs where the pdb_ fuctions's return codes were
being ignored. Some of these functions malloc() and are permitted to fail.
Also, this caught a nasty bug where pdb_set_lanman_password(sam, NULL) acheived
precisely didilly-squat, just returning False. Now that we check the returns
this bug was spotted. This could allow different LM and NT passwords.
- the pdbedit code needs to start checking these too, but I havn't had a
chance to fix it.
I have also fixed up where some of the password changing code was using the
pdb_set functions to store *internal* data. I assume this is from a previous
lot of mass conversion work...
Most likally (and going on past experience) I have missed somthing, probably in
the LanMan password change code which I havn't yet been able to test, but this
lot is in much better shape than it was before.
If all this is too much to swallow (particularly for 2.2.2) then just adding a
sam_pass = NULL to the particular line of passdb.c should do the trick for the
ovbious bug.
Andrew Bartlett
(This used to be commit 762c8758a7869809d89b4da9c2a5249678942930)
|
|
- call pdb_reset_sam() after each getent call.
Fix bug in get_group_alias_entries(), were if num_entries was zero this caused
talloc() to return NULL, failing a test below with NT_STATUS_NO_MEMORY.
Fix pdb_reset_sam() to correctly initalise the sam structure.
Move default value code into a single place, likewise for sam freeing code.
- should make things easier if we decide to malloc other strings, or get more
non-zero default values.
Finally, add a function in init a sam struct from a getpwnam() return.
Andrew Bartlett
(This used to be commit a41fb44f5e90cf8734d57217e836e14f4a80bd47)
|
|
decode_pw_buffer() and the samr password changing routines.
And yes, I know that we can lost some information in the Unicode->UTF->Unicode
bit of this, but its worth the code cleanup.
This also takes into account the possability of multibyte passwords.
Andrew Bartlett
(This used to be commit 42402c87d6bcff71b700e497b74d2600d7ce8b95)
|
|
This moves the check that ensures that the account being looked up is the same
account as the machine logged in as to the front, before we even start with
passdb.
Merge for 2.2.2?
Andrew Bartlett
(This used to be commit f7ed0ecc14aeba5ad260f24a76ced70cf52f8e48)
|
|
Jeremy.
(This used to be commit bca6419447e926e51aeecf3e484228f640cecb84)
|
|
Tidied up debug messages in lib/messages.c
Jeremy.
(This used to be commit dfb58f227609d6c8a255677b85ec853efa19f602)
|
|
(This used to be commit 374f76fa2d5dcd036943c3f968a94f097a971ac7)
|
|
(This used to be commit d103371e8028efb6eec3c4b917b68734832f5844)
|
|
fill out the user_info struct (otherwise we don't have a vuid for
make_connection()).
Also add a become_user() call, becouse it really looks like it was missing
(we must pass it anyway to finish make_connection()).
Is there any reason not to be the user when reading an ACL?
Finally, fix up some formatting to show that the two functions are almost
identical.
Andrew Bartlett
(This used to be commit 00c667c0ad922a1bf388b8a2b8c6137fc7f0acaa)
|
|
(This used to be commit 5ceecc7bef71b455ba7c4efd9928e2433dccc961)
|
|
(This used to be commit dbb21aedbf10ebc4ef0d549c4f919cf91459eef7)
|
|
they can have general effect.
Fixed up workstaion support in the rest of samba, so that we can do these
checks.
Pass through the workstation for cli_net_logon(), if supplied.
(This used to be commit 7f04a139b2ee34b4c282590509cdf21395815a7a)
|
|
argument.
(This used to be commit 0e1322227b0a91226b4b85c8e0ff838ebfd9e962)
|
|
This should help make much of this code simpiler.
Andrew Bartlett
(This used to be commit fb0c3629c360fd0c57129500474960e6da6f9ef0)
|
|
(This used to be commit f70b1707e42b3f7aaa38cc5637fcc5cbcdd5a26a)
|
|
The same function that adds machines to the system also adds users, and the
new 'add user script'/'add machine script' distinction needs to be made
correctly. Also introduces a sainity check for correct $ termination.
Andrew Bartlett
(This used to be commit ef377ea0cc55cb6647ecd7a634cf5983e11cfe99)
|
|
- the usersupplied_info now contains a smb_username (as it comes across on
the wire) and a unix_username (after being passed through mapping
functions)
- when doing security={server,domain} use the smb_username, otherwise use
the unix_username
(This used to be commit d34fd8ec0716127c7a68eeb8e77d1ae8cc07b547)
|
|
by default in Samba 3.x
- got rid of some unused parameters in Makefile.in
- declare DEBUGLEVEL in debug.h rather than in each file
(This used to be commit b8651acb9c0d7248a6a2e82c33b1e43633fd83fd)
|
|
(This used to be commit 97286570ef6f9151b5fe0be32aa4b294e7db9ab8)
|
|
(This used to be commit b2ed211df0cad2013fd8ff67f48bf73962cc1d39)
|
|
(This used to be commit 55bd514c4576a273dac1ac5c37207a96b41f6572)
|
|
(This used to be commit c26e0d3f27a05ecc8bd2390f9aab7f9451524e47)
|
|
Fixed compile warning.
(This used to be commit 3eee66516596835c70c8d652ca633d2e1158fbb7)
|
|
(This used to be commit 78f437b5073207606b23be42960e2b10f785a148)
|
|
the client code still needs some work
(This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
|
|
(This used to be commit ad648c5cd8ebe4be8304379117f403d7673dcbc8)
|
|
- added WERROR for win32 error codes
- added a configure test for immediate structures
still lots to do, so its not enabled by default, but the main
structure is there
(This used to be commit 24f9ab683dec52587ee56717e821b49c0fa3d70f)
|
|
(This used to be commit 73e1b708d0ab7a6e612f8910c5815a6ab6de66cd)
|
|
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
|
|
to make it type incompatible with BOOL so we catch errors sooner. This has already found a number of bugs
(This used to be commit 1b778bc7d22efff3f90dc450eb12baa1241cf68f)
|
|
of add user script.
(This used to be commit 9e0c9a99f6ca01cd6a0ee3084f85e1c36b11d7c3)
|
|
Jeremy.
(This used to be commit 5b665122f5a785f858f75c0a3c181ae193e2c503)
|
|
(This used to be commit 0768991d04ea03e774ca8662c9cae5e1951b88e0)
|
|
(This used to be commit f3bc6b5d68bdb01b07b9d780f5ba81c05e22f48c)
|
|
(This used to be commit 3b40ec4f149a8813c1d68f184858e2ddd605d8fd)
|
|
Jeremy
(This used to be commit 0f5b187387fb536a6866d9109eff82411798f79e)
|
|
(This used to be commit 6391fd7bdab07c83e9eed02e761db09918e60302)
|