summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2001-12-10cleanup a little namespace pollutionAndrew Tridgell1-1/+1
(This used to be commit e5b484451a37a9ac940b342d70791b09362070ee)
2001-12-08Ensure that 'use spnego' restricts, rather than just advises our clients.Andrew Bartlett1-1/+6
This means that if a hole is found in the spnego code, we can tell people to just set 'use spengo' in their config file while we sort it out. Other than that, preventing 'unusual' behaviour is always a good thing. Andrew Bartlett (This used to be commit a8a53c08f7d607268a3959486a850a2df50ca7a2)
2001-12-07added a "use spnego" optionAndrew Tridgell1-0/+1
you need to set "use spnego = no" for w2k to be able to join a samba domain. Otherwise the w2k box will assume we can do kerberos as a KDC (This used to be commit b5cb57a367a6d9a82e082e2838e83e0997eb4930)
2001-12-06again an intrusive patch:Jean-François Micouleau1-1/+3
- removed the ugly as hell sam_logon_in_ssb variable, I changed a bit the definition of standard_sub_basic() to cope with that. - removed the smb.conf: 'domain admin group' and 'domain guest group' parameters ! We're not playing anymore with the user's group RIDs ! - in get_domain_user_groups(), if the user's gid is a group, put it first in the group RID list. I just have to write an HOWTO now ;-) J.F. (This used to be commit fef52c4b96c987115fb1818c00c2352c67790e50)
2001-12-05Ensure we fill in the %U for NTLMSSP connectionsAndrew Bartlett1-1/+3
(This used to be commit d15ea4fa8e23469f104405c197206e2779461323)
2001-12-05added a REALLY gross hack into kerberos_kinit_password so thatAndrew Tridgell2-2/+2
winbindd can do a kinit this will be removed once we have code that gets a tgt and puts it in a place where cyrus-sasl can see it (This used to be commit 7d94f1b7365215a020d3678d03d820a7d086174f)
2001-12-04Merge from 2.2Herb Lewis1-0/+6
If you do not have one more expect than issue when talking to the passwd program you will not send the last issue. (This used to be commit 8aafec95cba0e8a002d20c4c0055a01690879f7a)
2001-12-04added a boolean to the group mapping functions to specify if we need orJean-François Micouleau1-1/+1
not the privileges. Usually we don't need them, so the memory is free early. lib/util_sid.c: added some helper functions to check an SID. passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass an RID all the way. If the group doesn't exist on the domain SID, don't return a faked one as it can collide with a builtin one. Some rpc structures have been badly designed, they return only rids and force the client to do subsequent lsa_lookup_sid() on the domain sid and the builtin sid ! rpc_server/srv_util.c: wrote a new version of get_domain_user_groups(). Only the samr code uses it atm. It uses the group mapping code instead of a bloody hard coded crap. The netlogon code will use it too, but I have to do some test first. J.F. (This used to be commit 6c87e96149101995b7d049657d5c26eefef37d8c)
2001-12-04Stop using getgrgid() - a very expensive call with winbindd, to look upJeremy Allison1-13/+10
a group name. Jeremy. (This used to be commit b926660e73d4c94c30ec5a365027770acdafe25e)
2001-12-04Moved name_is_local to the correct place. Ooops.Jeremy Allison1-10/+0
Jeremy. (This used to be commit 708c0a8d16ca86439e451def5f8d37f600ff15f1)
2001-12-04Tidyup of lib/username. Add name_is_local fn to determine if name isJeremy Allison1-0/+10
winbindd. Getting ready for efficiency fix in group lookups. Jeremy. (This used to be commit 8d41dfd149625e8ac53ab5e90a96e9a2daf9a629)
2001-12-03added a tdb to store the account policy informations.Jean-François Micouleau1-4/+9
You can change them with either usermanager->policies->account or from a command prompt on NT/W2K: net accounts /domain we can add a rpc accounts to the net command. As the net_rpc.c is still empty, I did not start. How should I add command to it ? Should I take the rpcclient/cmd_xxx functions and call them from there ? alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more for jeremy ;-) J.F. (This used to be commit bc28a8eebd9245ce3004ae4b1a359db51f77bf21)
2001-11-30XFS quota patch for Linux.Jeremy Allison1-2/+33
Jeremy. (This used to be commit ce099faf6ce07e14bd9610960bd09f56c5bee864)
2001-11-30Renamed sid field in SEC_ACE to trustee to be more in line with MS'sTim Potter1-23/+23
definitions. (This used to be commit 9712d3f15a47155f558d0034ef71fd06afb11301)
2001-11-29Make better use of the ads_init() function to get the kerberos relam etc.Andrew Bartlett2-16/+25
This allows us to use automagically obtained values in future, and the value from krb5.conf now. Also fix mem leaks etc. Andrew Bartlett (This used to be commit 8f9ce717819235d98a1463f20ac659cb4b4ebbd2)
2001-11-28fixed some krb5 ifdefsAndrew Tridgell1-2/+2
(This used to be commit 23ef22f11700bbaa5778a9678a990a2b041fcefe)
2001-11-28space -> tab.Jeremy Allison1-24/+20
Jeremy. (This used to be commit c7dd0364f2b084d9a372ac885fd788bbb5113125)
2001-11-28Spelling pedents strike again :-).Jeremy Allison1-1/+1
Jeremy. (This used to be commit 0187d4ba16c794faa372bf1a50261b8f47482064)
2001-11-28Ensure the CAN_WRITE is checked and prevents O_CREAT and O_TRUNC fromJeremy Allison2-2/+11
being set. Also prevent an open on a file on a readonly share from setting delete on close. Jeremy. (This used to be commit 1f3dcd99bdd36cd3ff492394e80c3e2037a9aa48)
2001-11-28Re-added "Share modes" meaning don't allow deny mode conflict. Due toJeremy Allison1-2/+10
user demand (don't talk to me about removing parameters.... :-). Jeremy. (This used to be commit b69127391b322d81cc648f73a601ed61e79c8a44)
2001-11-27always send an OID list until we handle raw (unwrapped) NTLMSSPAndrew Tridgell1-6/+15
packets in session setup (This used to be commit 3b3f8a935064811906cba221d386697e699af18c)
2001-11-27Fix for the logic bug wrt. existant oplocks. See long messageJeremy Allison1-5/+2
in samba-technical for explaination. Jeremy. (This used to be commit 8150f0f3f72957e77a1e6ca06760c87c516792eb)
2001-11-27nsswitch/winbindd_group.c nsswitch/winbindd_user.c: formatting fixups.Jeremy Allison1-1/+1
smbd/open.c: Fix "delete on close" for directories. Jeremy. (This used to be commit 014b0973a3b3b9eb22cce3053171fa55f5c16a63)
2001-11-27fixed another memory leakAndrew Tridgell1-1/+1
(This used to be commit 37aa2873e5f476a587316893b0ea3a6fbdfe746f)
2001-11-27more memory leak fixesAndrew Tridgell1-1/+6
(This used to be commit 5abf8442033587b79651301d39260abd44b1c3fa)
2001-11-27don't try to auto-change the trust password unless we are in domainAndrew Tridgell1-1/+4
security (This used to be commit 00e4f0c803c6376387c31efd01cf3437c589da9d)
2001-11-26we can safely give NO_SUCH_USER if the ticket decodes but the localAndrew Tridgell1-1/+1
account doesn't exist (This used to be commit 477b6d27fd7281418739bc8ba0b984a53430ecda)
2001-11-26Another merge from appliance-head: in [ug]id_to_sid don't call theTim Potter1-14/+30
winbind function if the id is obviously going to be local. Cleanup of winbind [ug]id parameter handling. (This used to be commit 4ab9ca31a02b3388aa89a00e0390ea9e4c76283a)
2001-11-26challange -> challengeTim Potter3-9/+9
(This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)
2001-11-26Got medieval on another pointless extern. Removed extern struct ipzeroTim Potter1-2/+0
and replaced with two functions: void zero_ip(struct in_adder *ip); BOOL is_zero_ip(struct in_addr ip); (This used to be commit 778f5f77a66cda76348a7c6f64cd63afe2bfe077)
2001-11-26This compleats the of the authenticaion subystem into the new 'auth'Andrew Bartlett10-2715/+0
subdirectory. (The insertion of these files was done with some CVS backend magic, hence the lack of a commit message). This also moves libsmb/domain_client_validate.c back into auth_domain.c, becouse we no longer share it with winbind. Andrew Bartlett (This used to be commit 782835470cb68da2188a57007d6f55c17b094d08)
2001-11-26fixed spnego, non-kerberos negprotAndrew Tridgell1-2/+2
(This used to be commit 2e916222a915c27f919a9841bde5ba0967af2190)
2001-11-25added 'security=ADS'Andrew Tridgell1-0/+7
(This used to be commit 5a735a88e472a48cd4329832998dc31c1e230ecb)
2001-11-25#ifdefed DMF fix so not compiled by default. We need to look at this...Jeremy Allison1-22/+39
Jeremy. (This used to be commit 97dca242a91c68048e510f42be53421b533183be)
2001-11-25Add the PDC end of the smbtorture test for creating an NT_STATUS -> DOS errorAndrew Bartlett2-0/+36
map. This little authentication module is #ifdef DEVELOPER, becouse it really is of no use execept as a development tool invoke by setting: auth methods = guest sam name_to_ntstatus in the smb.conf file (the SAM and guest elements are required for the member server to authenticate itself). Andrew Bartlett (This used to be commit 9807e66f34c1088399657060977e384c5a7f0664)
2001-11-25I think this is a fix for the "out of space" errors with oplocks=no.Jeremy Allison1-49/+58
Jeremy. (This used to be commit 84b62d3c8ebd78cd578ac36168631b3bbcafdd8c)
2001-11-24added "net join" commandAndrew Tridgell1-38/+5
this completes the first stage of the smbd ADS support (This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
2001-11-24removed unused functionAndrew Tridgell1-18/+0
(This used to be commit ad7afbfdea600a62fa1550bd354996ad38807533)
2001-11-24And add the winbind module I missed in the last run.Andrew Bartlett1-0/+111
(large change to modularise the auth subsystem) Andrew Bartlett (This used to be commit 324c4676280641fee0647221dba1e826e03ba9ab)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett13-408/+942
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-23Fixed delete on close bug. Added core dump code to winbindd.Jeremy Allison3-80/+125
Jeremy. (This used to be commit a58d0f91f9ee7354c01a9c20cfe178d5dc02142d)
2001-11-23Removed TimeInit() call from every client program (except for one placeTim Potter1-2/+0
in smbd/process.c where the timezone is reinitialised. Was replaced with check for a static is_initialised boolean. (This used to be commit 8fc772c9e5770cd3a8857670214dcff033ebae32)
2001-11-22WITH_MSDFS is not define anywhere. It's built by default.Gerald Carter1-3/+0
(This used to be commit b51e5b07d9f7719180b28215236efc3fa09d8bea)
2001-11-21More spelling fixes, comment reformatting.Tim Potter1-8/+11
(This used to be commit edb556b47446f75dc4987eee15276661eb6cec8d)
2001-11-21Spelling fix, reformatted comment.Tim Potter1-4/+6
(This used to be commit 096868bd35b374f97e570676fc23c006b6c7a1d3)
2001-11-20Fixed sizeof vs array length bug in make_user_info_winbind_crap()Tim Potter1-2/+2
Spelling fix. (This used to be commit 3d87c1a2444c3b9267e0dda7a2da77657fba143e)
2001-11-20add a hook to save the krb5 PACAndrew Tridgell1-0/+8
(This used to be commit 1cbc18ae732671d9a60528f8300ca7609e124d11)
2001-11-19Move all other paths into dynconfigMartin Pool1-9/+1
(This used to be commit d51ef6bfa3d194b58c3ee7706a7d475ef042676d)
2001-11-19Cosmetic fix for debug statement.Tim Potter1-2/+1
(This used to be commit 507ef80f48a8fca762e41be5cdb80ce86544da3f)
2001-11-19Don't resolve the hostname in smbd as we can pause for a long time whileTim Potter1-3/+6
waiting for DNS timeouts to occur. The correct place to do this is in the code that displays the session information. (This used to be commit 2e89165f22d9e9c1fa749ae54957d0ec84a1497d)