Age | Commit message (Collapse) | Author | Files | Lines |
|
You can change them with either usermanager->policies->account
or from a command prompt on NT/W2K: net accounts /domain
we can add a rpc accounts to the net command. As the net_rpc.c is still
empty, I did not start. How should I add command to it ? Should I take the
rpcclient/cmd_xxx functions and call them from there ?
alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more
for jeremy ;-)
J.F.
(This used to be commit bc28a8eebd9245ce3004ae4b1a359db51f77bf21)
|
|
subystem.
The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.
This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality. While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.
This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists. It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.
Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.
While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.
The following parameters have changed:
- use rhosts =
This has been replaced by the 'rhosts' authentication method,
and can be specified like 'auth methods = guest rhosts'
- hosts equiv =
This needs both this parameter and an 'auth methods' entry
to be effective. (auth methods = guest hostsequiv ....)
- plaintext to smbpasswd =
This is replaced by specifying 'sam' rather than 'local'
in the auth methods.
The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.
The available auth methods are:
guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)
Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.
Andrew Bartlett
(This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
|
|
in smbd/process.c where the timezone is reinitialised. Was replaced with
check for a static is_initialised boolean.
(This used to be commit 8fc772c9e5770cd3a8857670214dcff033ebae32)
|
|
default, rather than in preprocessor macros.
(This used to be commit 79ec88f0da40faebe1e587f1b3e87b5f2b184f58)
|
|
all the calls go through a compatibility interface will
change that soon
a new mangle.tdb file will be set in the lock directory
it contains a static mapping longname<->manglename
(This used to be commit 1ffacd2068a896d36a9e56b6e28c63e2f7e98762)
|
|
Ensure make_conection() can only be called as root.
Jeremy.
(This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba)
|
|
THIS WAS A DISASTER!
it created hundreds of processes on the build farm machines, which we
can't kill.
(This used to be commit 04479db879d04fb329022c3282d92bab94a48576)
|
|
To speed up operations with the lpq command, it's now run in a separate
asynchronous process.
Opening the Printers folder on NT is now fast ;-) I think even faster than
with a ** server
Jeremy, you should look at that patch to include it in 2.2.3
J.F.
(This used to be commit 8ef9dff3074e7979579ce66a204e8ec7bf62a587)
|
|
for unicode strings. The new method relies on 3 files that are mmap'd
at startup to provide the mapping tables. The upcase.dat and
lowcase.dat tables should be the same on all systems. The valid.dat
table says what characters are valid in 8.3 names, and differs between
systems. I'm committing the japanese valid.dat here, in future we need
some way of automatically installing and choosing a appropriate table.
This commit also adds my mini tdb based gettext replacement in
intl/lang_tdb.c. I have not enabled this yet and have not removed the
old gettext code as the new code is still being looked at by Monyo.
Right now the code assumes that the upcase.dat, lowcase.dat and
valid.dat files are installed in the Samba lib directory. That is not
a good choice, but I'll leave them there until we work out the new
install directory structure for Samba 3.0.
simo - please look at the isvalid_w() function and think about using
it in your new mangling code. That should be the final step to
correctly passing the chargen test code from monyo.
(This used to be commit 1c221994f118dd542a158b2db51e07d04d0e9314)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
DEBUG(). Also included are details like build date/time, location and
compiler.
This should get most of the options we set, except those that don't affect
smbd, like WITH_PAM_SMBPASSWD or WITH_WINBINDD.
This work due to Vance Lankhaar <vlankhaar@hotmail.com>
Some work needs to be done to make it only rebuild when needed (ie smbd being
rebuilt) but its in pretty good shape already.
Also fix up some printf() -> d_printf().
Andrew Bartlett
(This used to be commit beff1d2beaf4337dba6bfc372c5e09a43cfd791a)
|
|
(This used to be commit e8bd42edc05226d49ab0b6768f898d883fcf8d1a)
|
|
this prevents the fd seek pointer problem
(This used to be commit f49518e497deeb46292456c3650769d50ec2a955)
|
|
replacemnt of stdio that doesn't suffer from the 8-bit filedescriptor
limit that we hit with nasty consequences on some systems
I would eventually prefer us to have a configure test to see if we need
to replace stdio, but for now this code needs to be tested widely so
I'm enabling it by default.
(This used to be commit 1af8bf34f1caa3e7ec312d8109c07d32a945a448)
|
|
(This used to be commit 08e05f1b3c2d5767e8f8f0343fc0ea90c786eac0)
|
|
drop paramaters:
status
utmp hostname
change session code to always record each vuid current on the server. The sessionid struct is no longer packed, as I couldn't get that to work ;-)
change smbstatus to show this info and less of the connections.tdb info (its not actualy that accurate).
I'll get swat doing some of this shortly.
(This used to be commit b068ad300527c44673bbee0aede7849199c89de7)
|
|
can't be set after the listen().
Andrew Bartlett
(This used to be commit 23b6772a2454ff3b480807a4ca8f58e8a0dc0c81)
|
|
consistently.
Jeremy.
(This used to be commit f591ca9f25c54d3cdd0b76df472411e44c95ea47)
|
|
code not to do lookups for a particular domain. This allows winbind to
operate on a Samba PDC
(This used to be commit d472ee3a690fb6db03fd4536e4093a18fc37ddbb)
|
|
can't redefine them. damn.
(This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf)
|
|
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
(This used to be commit debb471267960e56005a741817ebd227ecfc512a)
|
|
instead of a define
(This used to be commit e2ecff419fdc0a0dc7551b33b377dc11061ef2a3)
|
|
allow us to have test targets without special configure options
- fixed make proto so that it actually does something
(This used to be commit 55109a752578e9389d853cb27ec17c2114ecff77)
|
|
that libsmb/ creates a local tcp socket then launches smbd as a subprocess
attached to that socket. smbd thinks it is being launched from inetd.
to use it do the following:
- compile with -DSMB_REGRESSION_TEST
- run like this (also works with smbtorture etc)
export SMBD_TEST=1
export LIBSMB_PROG=bin/smbd
smbclient //server/share -Uuser%pass
obviously you need to setup a smb.conf etc. Using --prefix to configure
is useful.
The aim of all this stuff is to add a decent set of regression tests
to the build farm, so we know if smbd actually runs correctly on all the
platforms, not just builds. We can run smbtorture, masktest, locktest etc,
plus a bunch of smbclient scripts and any new tests we write.
This doesn't help much with nmbd (at least not yet) but its a good start.
(This used to be commit 7e8e6ae9a88c4d2587eb4e7f0501cd71bd36ebb2)
|
|
Jeremy.
(This used to be commit cf5015f15935605cf69078bc15251db61ddc48c7)
|
|
%I getpeername() failure.
Jeremy.
(This used to be commit 15584d30cd51650752fcbdd4f0dfc193fed18e5a)
|
|
(This used to be commit f52a5014ee325f9d91f266f88eac51b6136a75b9)
|
|
Jeremy.
(This used to be commit 036b1a8b09fe6a7cca83d631624145574acad7f2)
|
|
Jeremy.
(This used to be commit 94747b4639ed9b19f7d0fb896e43aa392a84989a)
|
|
J.F.
(This used to be commit 7154deb026d53cb0cd503562174c3332a372be63)
|
|
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
(This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
|
|
of nmb so we write to same log file that
was originally created as log.nmbd
samba/source/smbd/server.c change remote_machine name to smbd instead
of smb so we write to same log file that
was originally created as log.smbd
samba/source/lib/interface.c allow binding to all interface IP addresses
even if on same subnet. This allows you to
specify which IP's you want in interfaces
line and use bind interfaces only
(This used to be commit 01dfd59712f3730498784d7632da8fe0113d55b6)
|
|
updated the POSIX_ACL code to be in sync.
Jeremy.
(This used to be commit c0517d6f4e3079feca1309fd1ea7b21e83f0de02)
|
|
source/smbd/server.c
source/nmbd/nmbd.c
- Fixed a very subtle bug with signals. Seems that POSIX requires
that the signal mask be inhereted. So, if you happen to kick off
smbd/nmbd from code that has the mask set on SIGUSR1, you lose
messages.
(This used to be commit b4c98196fc65e8b3bce928296e854987622eae78)
|
|
Jeremy.
(This used to be commit 48a3afcd4716a456c3072bf41450b361e4379be8)
|
|
written to transition from an old DOMAIN.MACHINE.MAC file to secrets.tdb.
printing/nt_printing.c: Fix case insensitive name lookups for driver files.
John - this should fix the Win9x/WinME problem correctly.
Jeremy.
(This used to be commit 8f3332a9acf413ac5d12053ca5c52733a4e946cc)
|
|
Jeremy.
(This used to be commit 349d58fb5758cebc5a8575f80103150b8cd0a080)
|
|
Company
Jeremy.
(This used to be commit e041b144b2c7c6c9fdd6cd20256a197876aaf353)
|
|
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)
The following functions implement the storage manipulation interface
/*The following definitions come from passdb/pdb_smbpasswd.c */
BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);
There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members. Note that the struct
passdb_ops {} has gone away. Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file. All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.
I'll write some documentation for this later. The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.
What works and may not:
o domain logons from Win9x works
o domain logons from WinNT 4 works
o user and group enumeration
as implemented by Tim works
o file and print access works
o changing password from
Win9x & NT ummm...i'll fix this tonight :)
If I broke anything else, just yell and I'll fix it. I think it
should be fairly quite.
-- jerry
(This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
|
|
Jeremy.
(This used to be commit 580e2e044cfd1d011d9f28f0f49ef60ca6ba8d32)
|
|
sent to it's PID
Jeremy or Andrew please check this out for other possible side effects.
(This used to be commit f365950e7dafa269ace647ae1cab6201f8ecf67d)
|
|
as part of print queue length processing.
Jeremy.
(This used to be commit e85a0fadd8dcf608822819f00f15569713518806)
|
|
on exit. Needed to fix printing.tdb from groving to 300Mb+ if being
driven by smbclient clients that never ask for status... (effective
DOS attack :-).
Jeremy.
(This used to be commit 6581066b93a674fadf6f9b92441428d2cc8b4a02)
|
|
The motivation for this system is to replace the UDP message for
oplocks, but this commit only does the "set debug level" message.
(This used to be commit 2a34ee95f3929cff131db6c5a2b4820194c05b2d)
|
|
main daemon was not catching sighup and reloading the service file.
(This used to be commit f026a897e9296a71fb5c4d5f6e1b4d3287689bde)
|
|
Delete OriginalDir stuff.
(This used to be commit db5e6ad3a69a6fd744d8a22066587908470e3815)
|
|
handling in Samba. This was needed due to several limitations and
races in the previous code - as a side effect the new code is much
cleaner :)
in summary:
- changed sys_select() to avoid a signal/select race condition. It is a
rare race but once we have signals doing notification and oplocks it
is important.
- changed our main processing loop to take advantage of the new
sys_select semantics
- split the notify code into implementaion dependent and general
parts. Added the following structure that defines an implementation:
struct cnotify_fns {
void * (*register_notify)(connection_struct *conn, char *path, uint32 flags);
BOOL (*check_notify)(connection_struct *conn, uint16 vuid, char *path, uint32 flags, void *data, time_t t);
void (*remove_notify)(void *data);
};
then I wrote two implementations, one using hash/poll (like our old
code) and the other using the new Linux kernel change notify. It
should be easy to add other change notify implementations by creating
a sructure of the above type.
- fixed a bug in change notify where we were returning the wrong error
code.
- rewrote the core change notify code to be much simpler
- moved to real-time signals for leases and change notify
Amazingly, it all seems to work. I was very surprised!
(This used to be commit 44766c39e0027c762bee8b33b12c621c109a3267)
|
|
I had to modify sys_select() to not loop on EINTR. I added a wrapper
called sys_select_intr() which gives the old behaviour.
(This used to be commit b28cc4163bc2faaa80c5782fc02c8f03c410cdeb)
|
|
modular form. In this pass I added oplock_irix.c and added a "struct
kernel_oplocks" that describes a kernel oplock implementation.
(This used to be commit b5ceab810292602ea9a81696c20a781c16b706c2)
|
|
(This used to be commit 70dcc791b45ac64fc536ef449e4e6b53b2b68fd4)
|