Age | Commit message (Collapse) | Author | Files | Lines |
|
depth first fashion in the file.
Also add some more infrastructure needed to handle storing these trees.
(This used to be commit f993f7187c7ae49f443aa1966584aa88787bd7ca)
|
|
(This used to be commit 03fce4ed0f73586928424e75bd6d7db9ff7105dd)
|
|
partially implement some routines to construct a default ACL and SEC DESC
etc.
(This used to be commit 043374a3c0be6769b4fee2228dcff42abbb74028)
|
|
paths.
(This used to be commit 0741369c59bcb6057f6b32d3fe4f6dec08ce4ae3)
|
|
Lots more to do, like handling regular expressions for keys, and input of
the security descriptors, etc. However, I now have to work on writing the
in-memory tree out to a file in a format that Windows can understand.
(This used to be commit 562b36510c704eba84b036aacdb1f984339afafc)
|
|
This needs a lot more testing and debugging, but it does delete values.
Next to see if it can add values ...
(This used to be commit 02e6782243a7ef9e182db449ad377b0d168a40b2)
|
|
key value, and tidy up processing of key values when reading in the registry
file ...
(This used to be commit 53ea4c0de88a350b99e36c0dc514c5f2821ff7f8)
|
|
Next, we have to add the code for adding values etc.
(This used to be commit 266fc6c9f2283c81de97e526e9f289288948cb27)
|
|
Added code to add keys to the in-momory key tree.
Added code to convert SID strings to SIDs in memory format.
Added code to construct initial security descriptors and to inherit
security descriptors.
A couple of more hours should see the code to add keys and values complete.
Then I have to start on the code to write out a registry :-(
(This used to be commit fc691a9a5e86686ebd0b3bab75a286488ab6ca57)
|
|
descriptors etc ...
(This used to be commit b8e85afefbe52701317632d1c1a446785ed66abf)
|
|
(This used to be commit e3c4f8c91394eecc8c77bbf0f9685cdb18c617b1)
|
|
(This used to be commit 31ded623b1817156b247170130237c1e5fd67a5b)
|
|
things easier ... now on to more functionality.
Hope Jerry fixes the breakage, BTW :-)
(This used to be commit c7d39a7426e5970b15ece89737d2f0ba3d5c0835)
|
|
Merging smbgroupedit into 'net groupmap'. Not entirely done.
Need to check on where the privilege code is sitting
and update the docs.
Examples:
root# bin/net help groupmap
net groupmap add
Create a new group mapping
net groupmap modify
Update a group mapping
net groupmap delete
Remove a group mapping
net groupmap list
List current group map
# bin/net groupmap add
Usage: net groupmap add rid=<int> name=<string> type=<domain|local|builtin> [comment=<string>]
# bin/net groupmap delete
Usage: net groupmap delete name=<string|SID>
# bin/net groupmap modify
Usage: net groupmap modify name=<string|SID> [comment=<string>] [type=<domain|local>]
(This used to be commit 0fd28bc3a803ca1ec3dcd8cc6236d4ecc3134584)
|
|
(This used to be commit 882799ca113566b91e42c3c852a9c1986552daaa)
|
|
(This used to be commit 410451f9478ff1e73cabc8ee2213ded4f08315c6)
|
|
Hopefully more coming ...
(This used to be commit 22d1819011de02351976bad778837a28ab45a449)
|
|
(This used to be commit 84fba11ff0a649932e1f812408017ae4c5611083)
|
|
(This used to be commit 8ba6148c69031e9a82687d4d006e1fa7ada21e91)
|
|
workstation, we have to use the workstation type, if we have a BDC account,
we must use the BDC type - even if we are pretending to be a workstation
at the moment.
Also actually store and retreive the last change time, so we can do
periodic password changes again (for RPC at least).
And finally, a couple of minor fixes to 'net'.
Andrew Bartlett
(This used to be commit 6e6b7b79edae3efd0197651e9a8ce6775c001cf2)
|
|
general CHANGETRUSTPW that calls ADS CHANGETRUSTPW or RPC CHANGETRUSTPW
depending on what we have.
(This used to be commit 17d27db5c9d3511444fc2770d4452647284e8014)
|
|
(This used to be commit 26901af91eaa119df0e1192be95b514ecf26c6a6)
|
|
and removing -j because it was not used at all.
(This used to be commit e3e2c1b27128f7b5a1f4bbc8093c75b0c12549b4)
|
|
(This used to be commit 74fab8f0d24004b1dfd5ce0fd7402895652f941f)
|
|
rpcclient -S pdc -U% -c "samlogon user password"
and it should work with the schannel. Needs testing platforms
different from NT4SP6.
Volker
(This used to be commit ecd0ee4d248e750168597ccf79c389513bb0f740)
|
|
(This used to be commit 49926d706f9d24dbdd7a878e2362a27667175a5c)
|
|
nicer to use and more hackable.
- converted to popt
- text message destinations (except for broadcast smbd) are resolved
using files in piddir so the string 'winbindd' is now a destination
- added --timeout option to specify timeout value
- deleted complicated handling of debug args as separate command line
arguments: use shell quoting instead
- deleted interactive mode as punishment for using strtok() (-:
- much improved command line argument checking
Some of this stuff was broken before I started (print notify,
profiling) but the basics still work (ping, pool-usage, debug,
debuglevel).
(This used to be commit 269f838dee257ee9badcae190f2c70b898676bc5)
|
|
same functionality exists as "pool-usage".
Move initialisation of this and dmalloc messages inside message_init().
(This used to be commit af6ecafcbbf65dbedc49b3a86da39ce608bdadac)
|
|
(This used to be commit 41b320ffc560117c0184999e30cc69723f40acbe)
|
|
domain name. We were passing in an already initialised string which was
causing the warning.
(This used to be commit 18685d137e2db6e4e93c655f1c4a97116a36c02c)
|
|
(This used to be commit 55d9ef08a7585f69466cd4c0b30ce33841d52b33)
|
|
information into it re the privilaged pipe.
Also clean up some bugs in winbindd_pam.c
Andrew Bartlett
(This used to be commit e73b01204a8625946ff0fb5f9fc99dd959eb801c)
|
|
patch by Stephan Kulow <coolo@kde.org>)
(This used to be commit 5c0e4b4dc630bd304f53c37f2340f954190b7aef)
|
|
(This used to be commit ce197eae8d254114a295142b522cc028c375ae88)
|
|
the returned session key is the one that we expect to get for that each
of login.
Andrew Bartlett
(This used to be commit fa47e44b9caba98e0b85782f3057e6cb8a5763ff)
|
|
(This used to be commit 861b2a464fed3a16f050972feed1900298fb0bcb)
|
|
downloading stuff.
Volker
(This used to be commit b86ea50fa6dae04adeef750cdbe606a292c1430a)
|
|
we end up with an empty domain field, which a workstation
does not really like in sam_logon..
Volker
(This used to be commit e0cb325b99e09a5a5cba07f0403ed445814bbf53)
|
|
- Make passdb work with absolute paths (passdb backend = /path/to/smbpasswd.so works now). vfs, rpc and charset will follow
(This used to be commit 794d3ed03619a4e41558d9ff65783a1aa1b2be90)
|
|
(This used to be commit 0c12a206bb6610d79deb89868cac9293604b7c08)
|
|
please remember to *test* your changes before committing them. This is
especially the case when you receive patches from outside the team -
before you commit you must make sure that the patch actually works.
(This used to be commit 1d3c7e7fb628a528978f345f83289cc7f2521c35)
|
|
(This used to be commit 6ab41e50fd0a36ebd9969064aa46235dc687dfba)
|
|
(This used to be commit 094eed2c6222fe167ee9f596f4b849a4dea234bf)
|
|
some double options and broke some parameters.
(This used to be commit d5f9b0275c91512e1926504f22aaeec2d104430d)
|
|
(This used to be commit 2ddfed298d7f0b6e690275725a39c3ef107077ae)
|
|
are 'SET' when adding the account.
I really don't like passing flags down to inner routines and
complicated if/else conditions, but this time he might be right. ;-)
Volker
(This used to be commit 80d2578108da14f60133df3a308b867beb27e920)
|
|
(This used to be commit 691c63ad6b522ae7984017ebadffb5c7c13f6992)
|
|
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory
under lockdir, that the admin can change the group access for.
- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
replacement:
- Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
challenge.
- Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
servers.
- Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates
are needed.
- Now uses fgets(), not x_fgets() to cope with Squid environment (I think
somthing to do with non-blocking stdin).
- Add much more robust connection code to wb_common.c - it will not connect to
a server of a different protocol version, and it will automatically try and
reconnect to the 'privileged' pipe if possible.
- This could help with 'privileged' idmap operations etc in future.
- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()
- Correctly pull our 'session key' out of the info3 from th the DC. This is
used in both the auth code, and in for export over the winbind pipe to
ntlm_auth.
- Given the user's challenge/response and access to the privileged pipe,
allow external access to the 'session key'. To be used for MSCHAPv2
integration.
Andrew Bartlett
(This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
|
|
(This used to be commit a1576694a6f23e1c70d7d81ac4feedd4f29c5400)
|
|
* pdbedit -i -e sets all SAM_ACCOUNT elements
to CHANGED to satisfy the new pdb_ldap.c handling
* pdbedit -g transfers group mappings. I made this
separate from the user database, as current installations
have to live with a split backend.
So, if you are running 3_0 alphas with LDAP as a backend
and upgrade to the next 3_0 alpha, you should call
pdbedit -i tdbsam -e ldapsam -g
to transfer your group mapping database to LDAP.
You certainly have to have all your groups as posixGroup
objects in LDAP and adapt the LDAP schema before this
call.
Volker
(This used to be commit 6d3faeaef6c77e389d39b6d4660ffea13e7f25f2)
|