| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Jeremy.
(This used to be commit ab607cdf153d9187fe50af3377ece5a9fafde1b1)
|
|
per-share. I beleive that almost all the things that this could have done on
a per-share basis can be done with other tools, like 'force user'.
Almost all the user's of this paramater used it as a global anyway...
While this is one step at a time, I hope it will allow me to considerably
simplfy the make_connection() code, particularly for the user-level security
case.
This already removes an absolute truckload of extra attempted password lookups
on the guest account.
Andrew Bartlett
(This used to be commit 8e708332eded210c1d1fe0cebca3c9c19f054b71)
|
|
grumble, mumble, ...
(This used to be commit 72c1af6f8d9893dd5b8b4d105b301d8c621749c6)
|
|
This changes the way we process guest logons - we now treat them as normal
logons, but set the 'guest' flag. In particular this is needed becouse Win2k
will do an NTLMSSP login with username "", therefore missing our previous guest
connection code - this is getting a pain to do as a special case all over the
shop.
Tridge: We don't seem to be setting a guest bit for NTLMSSP, in either the
anonymous or authenticated case, can you take a look at this?
Also some cleanups in the check_password() code that should make some of the
debugs clearer.
Various other minor cleanups:
- change the session code to just take a vuser, rather than having to do a
vuid lookup on vuser.vuid
- Change some of the global_client_caps linking
- Better debug in authorise_login(): show the vuid.
Andrew Bartlett
(This used to be commit 62f4e4bd0aef9ade653b3f8d575d2864c166ab4d)
|
|
(This used to be commit a99d9cec7e090736ab49c91720cfd2b43e2a6f00)
|
|
Jeremy.
(This used to be commit c339a99a891c9e4bbad59ee1243908c91f048834)
|
|
Jeremy.
(This used to be commit 36ea09d3a041fab0854dfdc20f6ea8db7ccbec2e)
|
|
Jeremy.
(This used to be commit eba8204bfadb176fafb686a35295a09f0f35b894)
|
|
Jeremy.
(This used to be commit 970ec14b4ba1ccf66820384ced8442e1878c09cd)
|
|
Jeremy
(This used to be commit 86c2f9636635283beb8e496315a7bfac881355dd)
|
|
names of the other functions in this file.
(This used to be commit 4880f37e4ee08b6363314a3fb67051a6708988d0)
|
|
(This used to be commit 54e40b270208774ed71eff32f3c3b1d3b86b5aca)
|
|
(This used to be commit dfb8566220c3e90ca2b757ea124f53aed103269e)
|
|
- old mangle code has gone, the new one based on tdb seem resonably ok
probably the valid.dat table need to be updated to treat wild chars as
invalid ones (work ok without it)
- a LOT of new string manipulation function for unicode, they are somewhat
tested but a review would not be bad
- some new function I will need for the new unix_convert function I'm writing,
this will be renamed filename_convert and use only unicode strings.
- charconv, I attached a comment, if someone wnat to look if I'm right or
just was hacking to late in the night to make a sane one :)
of course any bug is my responsibility an will be pleased to see patches if
you find any. :-)
Simo.
(This used to be commit ee19f7efb6ea9216fc91cf112ac1afa691983e9d)
|
|
(This used to be commit 1f409a1f3fb0906f1ff985b96bb7a65f56253046)
|
|
Got "medieval on our ass" about const warnings (as many as I could :-).
Jeremy.
(This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
|
|
browse non-guest shares).
(This used to be commit 7131fe3be4eb2c652f3afe2f3cd99d3f82e09654)
|
|
(This used to be commit 253790f6d71653b572c0174113b8559820de6bdd)
|
|
perfectly vailid behaviour for guest logins.
(This used to be commit 4db8d70ad74cdbd74c0578e66377fd0233195aaa)
|
|
Zero out some of the plaintext passwords for paranoia
Fix up some of the other passdb backends with the change to *uid_t rather than
uid_t.
Make some of the code in srv_netlog_nt.c clearer, is passing an array around,
so pass its lenght in is definition, not as a seperate paramater.
Use sizeof() rather than magic numbers, it makes things easier to read.
Cope with a PAM authenticated user who is not in /etc/passwd - currently by
saying NO_SUCH_USER, but this can change in future.
Andrew Bartlett
(This used to be commit 514c91b16baca639bb04638042bf9894d881172a)
|
|
This needs to use the auth interface at some stage, but for now this will do.
(This used to be commit 8dc4f2e44b150cdcdecd2f6028bf06907ff90cad)
|
|
(This used to be commit 531e24973227ca4f1ae65ffb2454aedd5871de96)
|
|
(This used to be commit c8b2718adfe114b74a155116c5e74f014d6df887)
|
|
code.
In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.
Major Changes:
- Fully malloc'ed structures.
- Massive rework of the code so that all structures are made and destroyed
using malloc and free, rather than hanging around on the stack.
- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
to be declared 'invalid' without the chance that people might get ROOT by
default.
- kill off some of the "DOMAIN\user" lookups. These can be readded at a more
appropriate place (probably domain_client_validate.c) in the future. They
don't belong in session setups.
- Massive introduction of DATA_BLOB structures, particularly for passwords.
- Use NTLMSSP flags to tell the backend what its getting, rather than magic
lenghths.
- Fix winbind back up again, but tpot is redoing this soon anyway.
- Abstract much of the work in srv_netlog_nt back into auth helper functions.
This is a LARGE change, and any assistance is testing it is appriciated.
Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.
Needs testing with a wide variety of MS clients.
Andrew Bartlett
(This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
|
|
(This used to be commit 26a9479ad450a5135e54b45d659bf3558892d9e6)
|
|
To obtain the full group membership of a user (i.e nested groups on a
win2k native mode server) it is necessary to merge this list of groups
with the groups returned by winbindd when creating an nt access token.
This breaks winbindd linking while AB and I sync up our changes to the
authentication subsystem.
(This used to be commit 4eeb7bcd783d7cfb3ac232f1faa035773007401d)
|
|
flags so we just do a 'normal' session setup.
Also add some parinoia code to detect when sombody attempts to do a 'normal'
session setup when spnego had been negoitiated.
Andrew Bartlett
(This used to be commit 190898586fa218c952fbd5bea56155d04e6f248b)
|
|
structures directly.
Andrew Bartlett
(This used to be commit c2dc24ab6370236437b72b929e2a56e174163d78)
|
|
(This used to be commit 92f953c156a39b54230c52c6102a319a4a5ca798)
|
|
(This used to be commit 06a7c28ea1be81c4a53f9a5b885c37fdde31f75c)
|
|
dos hars...
- addedd ascii compatibility functions
(This used to be commit 8b9302b7078f1dd5459051500ed19a696dc09ae0)
|
|
In particular this commit focuses on:
Actually adding the 'const' to the passdb interface, and the flow-on changes.
Also kill off the 'disp_info' stuff, as its no longer used.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes introduces a large dose of 'const' to the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
---
This finishes this line of commits off, your tree should now compile again :-)
Andrew Bartlett
(This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
|
|
In particular this commit focuses on:
Changing the Get_Pwnam code so that it can work in a const-enforced
environment.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes allow for 'const' in the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
(This used to be commit e7634f81c5116ff4addfb7e495f54b6bb78e8f77)
|
|
In particular this commit focusses on:
Adding the new 'pass changed now' helper function.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
(This used to be commit a8971a5448cf6d203b379c3ed01e331d5263c9ee)
|
|
correct uid.
(This used to be commit ad30a35ebc04f6a56c3ffb28bfb793557cf1fdf7)
|
|
this fixes also the bug with file renaming.
(This used to be commit 5246d7609c3aff658fcd08a1f1c1bb6e11509e35)
|
|
lib/debug.c: Fix for potential null pointer access.
Jeremy.
(This used to be commit 5a4d22dd66ab782f6161aa5a4162c0e7f1d811fb)
|
|
(This used to be commit 320c21b7a9e0a914b8a9523775df8895cb41256f)
|
|
(This used to be commit 398ced6eef7e52441ddc59fef70e4a50a96a73b7)
|
|
(This used to be commit 12c10e876ea528fdf33e8ecfe42ab0ebb346b143)
|
|
(This used to be commit 51cb4411df61d1caec9d84809b1a53a6a632f808)
|
|
(This used to be commit 1b3123df48ca586b3d9c86a152354690836f6beb)
|
|
(This used to be commit e48eb7b572de10481e928fb55243f47e8a3aa446)
|
|
(This used to be commit d42c28fbadf577a23fb8c1da9e1c64a2f34fe133)
|
|
all the calls go through a compatibility interface will
change that soon
a new mangle.tdb file will be set in the lock directory
it contains a static mapping longname<->manglename
(This used to be commit 1ffacd2068a896d36a9e56b6e28c63e2f7e98762)
|
|
- accept a wide range of principal names in session setup
(This used to be commit 672df66296f540b606aa43effab5f021b8978e4b)
|
|
name is a "principal", not a principle. English majors will complain :-).
Jeremy.
(This used to be commit b668d7d656cdd066820fb8044f24bcd4fda29524)
|
|
(This used to be commit 2472ecf7fc510115489baf0a888b511446b9c1fd)
|
|
to use the other form in netjoin
smb_wct is a char, not a word
(This used to be commit 3dbb48b188980cf6c869dc762e3039dd375bf392)
|
|
to use the other form in netjoin
(This used to be commit 58cfa13d6576bd34ceed7ba6ad52bced96e50544)
|
